path: root/lass
diff options
authortv <>2023-09-11 14:55:04 +0200
committertv <>2023-09-11 14:55:04 +0200
commit8fc162ee3d9525a2b45346a1ca8f34ccb5ef971b (patch)
treeaa37724dd0452860d4b9b033332587c8832629e3 /lass
parent90b1515dcd5b67a85cd92901fb211764b1fa5f83 (diff)
parent083229d0211096daec08673f743ccc45b1d8a0ac (diff)
Merge remote-tracking branch 'orange/master'
Diffstat (limited to 'lass')
307 files changed, 1 insertions, 16694 deletions
diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix
deleted file mode 100644
index 618938ce8..000000000
--- a/lass/1systems/aergia/config.nix
+++ /dev/null
@@ -1,148 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/pipewire.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/games.nix>
- <stockholm/lass/2configs/steam.nix>
- <stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/yellow-mounts/samba.nix>
- <stockholm/lass/2configs/pass.nix>
- <stockholm/lass/2configs/mail.nix>
- <stockholm/lass/2configs/bitcoin.nix>
- # <stockholm/lass/2configs/xonsh.nix>
- <stockholm/lass/2configs/review.nix>
- <stockholm/lass/2configs/dunst.nix>
- <stockholm/lass/2configs/print.nix>
- <stockholm/lass/2configs/br.nix>
- <stockholm/lass/2configs/c-base.nix>
- # steam-deck like experience
- {
- imports = [
- "${builtins.fetchTarball ""}/modules"
- ];
- jovian.steam.enable = true;
- }
- { # autorandrs
- services.autorandr = {
- enable = true;
- hooks.postswitch.reset_usb = ''
- echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized
- ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert
- '';
- profiles = {
- default = {
- fingerprint = {
- eDP = "00ffffffffffff00288931000100000016200104805932780a0dc9a05747982712484c0000000101010101010101010101010101010108700088a1401360c820a300d9870000001ead4a0088a1401360c820a30020c23100001e000000fd0016480f5a1e000a202020202020000000fc0047504431303031480a2020202000cf";
- };
- config = {
- eDP = {
- enable = true;
- primary = true;
- position = "0x0";
- mode = "2560x1600";
- rate = "60.01";
- transform = [
- [ 0.750000 0.000000 0.000000 ]
- [ 0.000000 0.750000 0.000000 ]
- [ 0.000000 0.000000 1.000000 ]
- ];
- # scale = {
- # x = 0.599991;
- # y = 0.599991;
- # };
- };
- };
- };
- docked2 = {
- fingerprint = {
- eDP =;
- DisplayPort-8 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c5a8780a070384d4030203500b9882100001af4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000009";
- DisplayPort-7 = "00ffffffffffff0020a32f00010000000c190103807341780acf74a3574cb02309484c21080081c0814081800101010101010101010104740030f2705a80b0588a00501d7400001e023a801871382d40582c4500501d7400001e000000fc00484953454e53450a2020202020000000fd00324b0f451e000a2020202020200172020333714f5f5e5d01020400101113001f2021222909070715075057070083010000e200f96d030c002000183c200060010203662150b051001b304070360056005300001e011d8018711c1620582c2500c48e2100009e011d007251d01e206e285500c48e2100001800000000000000000000000000000000000000000000ea";
- };
- config = {
- DisplayPort-7 = {
- enable = true;
- position = "2560x0";
- mode = "1920x1080";
- rate = "60.00";
- };
- DisplayPort-8 =;
- eDP =;
- };
- };
- docked1 = {
- fingerprint = {
- eDP =;
- DisplayPort-1 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c000000000000000000000000000000000000f4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000040";
- };
- config = {
- DisplayPort-1 = {
- enable = true;
- primary = true;
- position = "0x0";
- mode = "2560x1440";
- rate = "165.08";
- };
- eDP = // {
- primary = false;
- position = "640x1440";
- };
- };
- };
- };
- };
- }
- ];
- system.stateVersion = "22.11";
- = config.krebs.hosts.aergia;
- environment.systemPackages = with pkgs; [
- brain
- bank
- l-gen-secrets
- generate-secrets
- nixpkgs-review
- pipenv
- ];
- programs.adb.enable = true;
- hardware.bluetooth = {
- enable = true;
- powerOnBoot = true;
- };
- hardware.pulseaudio.package = pkgs.pulseaudioFull;
- nix.trustedUsers = [ "root" "lass" ];
- # nix.extraOptions = ''
- # extra-experimental-features = nix-command flakes
- # '';
- services.tor = {
- enable = true;
- client.enable = true;
- };
- documentation.nixos.enable = true;
- boot.binfmt.emulatedSystems = [
- "aarch64-linux"
- ];
- boot.cleanTmpDir = true;
- programs.noisetorch.enable = true;
diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix
deleted file mode 100644
index 848157729..000000000
--- a/lass/1systems/aergia/disk.nix
+++ /dev/null
@@ -1,61 +0,0 @@
-{ lib, ... }:
- disk = {
- main = {
- type = "disk";
- device = "/dev/nvme0n1";
- content = {
- type = "table";
- format = "gpt";
- partitions = [
- {
- name = "boot";
- start = "0";
- end = "1M";
- part-type = "primary";
- flags = ["bios_grub"];
- }
- {
- name = "ESP";
- start = "1MiB";
- end = "1GiB";
- fs-type = "fat32";
- bootable = true;
- content = {
- type = "filesystem";
- format = "vfat";
- mountpoint = "/boot";
- };
- }
- {
- name = "root";
- start = "1GiB";
- end = "100%";
- content = {
- type = "luks";
- name = "aergia1";
- content = {
- type = "btrfs";
- extraArgs = "-f"; # Override existing partition
- subvolumes = {
- # Subvolume name is different from mountpoint
- "/rootfs" = {
- mountpoint = "/";
- };
- # Mountpoints inferred from subvolume name
- "/home" = {
- mountOptions = [];
- };
- "/nix" = {
- mountOptions = [];
- };
- };
- };
- };
- }
- ];
- };
- };
- };
diff --git a/lass/1systems/aergia/ b/lass/1systems/aergia/
deleted file mode 100644
index 0e4f0ab4c..000000000
--- a/lass/1systems/aergia/
+++ /dev/null
@@ -1,3 +0,0 @@
diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix
deleted file mode 100644
index 9f06dccdc..000000000
--- a/lass/1systems/aergia/physical.nix
+++ /dev/null
@@ -1,112 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
- imports = [
- ./config.nix
- (modulesPath + "/installer/scan/not-detected.nix")
- <stockholm/lass/2configs/antimicrox>
- ];
- disko.devices = import ./disk.nix;
- networking.hostId = "deadbeef";
- # boot.loader.efi.canTouchEfiVariables = true;
- boot.loader.grub = {
- enable = true;
- device = "/dev/nvme0n1";
- efiSupport = true;
- efiInstallAsRemovable = true;
- };
- boot.kernelPackages = pkgs.linuxPackages_latest;
- boot.kernelParams = [
- # use less power with pstate
- "amd_pstate=passive"
- # suspend
- "resume_offset=178345675"
- ];
- boot.kernelModules = [
- # Enables the amd cpu scaling
- # On recent AMD CPUs this can be more energy efficient.
- "amd-pstate"
- "kvm-amd"
- ];
- # hardware.cpu.amd.updateMicrocode = true;
- services.xserver.videoDrivers = [
- "amdgpu"
- ];
- boot.initrd.availableKernelModules = [
- "nvme"
- "thunderbolt"
- "xhci_pci"
- "usbhid"
- ];
- boot.initrd.kernelModules = [
- "amdgpu"
- ];
- environment.systemPackages = [
- pkgs.vulkan-tools
- (pkgs.writers.writeDashBin "set_tdp" ''
- set -efux
- watt=$1
- value=$(( $watt * 1000 ))
- ${pkgs.ryzenadj}/bin/ryzenadj --stapm-limit="$value" --fast-limit="$value" --slow-limit="$value"
- '')
- ];
- # corectrl
- programs.corectrl = {
- enable = true;
- gpuOverclock = {
- enable = true;
- ppfeaturemask = "0xffffffff";
- };
- };
- users.users.mainUser.extraGroups = [ "corectrl" ];
- # use newer ryzenadj
- # keyboard quirks
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert
- '';
- services.udev.extraHwdb = /* sh */ ''
- # disable back buttons
- evdev:input:b0003v2F24p0135* # /dev/input/event2
- KEYBOARD_KEY_70026=reserved
- KEYBOARD_KEY_70027=reserved
- '';
- # update cpu microcode
- hardware.cpu.amd.updateMicrocode = true;
- hardware.opengl.enable = true;
- hardware.opengl.extraPackages = [
- pkgs.amdvlk
- pkgs.rocm-opencl-icd
- pkgs.rocm-opencl-runtime
- ];
- # suspend to disk
- swapDevices = [{
- device = "/swapfile";
- }];
- boot.resumeDevice = "/dev/mapper/aergia1";
- services.logind.lidSwitch = "suspend-then-hibernate";
- services.logind.extraConfig = ''
- HandlePowerKey=hibernate
- '';
- # firefox touchscreen support
- environment.sessionVariables.MOZ_USE_XINPUT2 = "1";
- # reinit usb after docking station connect
- services.udev.extraRules = ''
- SUBSYSTEM=="drm", ACTION=="change", RUN+="${pkgs.dash}/bin/dash -c 'echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized'"
- '';
diff --git a/lass/1systems/aergia/source.nix b/lass/1systems/aergia/source.nix
deleted file mode 100644
index abbf26c75..000000000
--- a/lass/1systems/aergia/source.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ lib, pkgs, test, ... }: let
- npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
-in {
- nixpkgs = (if test then lib.mkForce ({ derivation = let
- rev = npkgs.rev;
- sha256 = npkgs.sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- ''; }) else {
- git.ref = lib.mkForce npkgs.rev;
- });
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
deleted file mode 100644
index c4286cca3..000000000
--- a/lass/1systems/blue/config.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/blue.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/sync/decsync.nix>
- ];
- =;
- networking.nameservers = [ "" ];
- time.timeZone = "Europe/Berlin";
- users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix
deleted file mode 100644
index b6aa3a894..000000000
--- a/lass/1systems/blue/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = false;
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
deleted file mode 100644
index 0b2bf5f5b..000000000
--- a/lass/1systems/blue/source.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ lib, pkgs, test, ... }:
-if test then {} else {
- nixpkgs = lib.mkIf (! test) (lib.mkForce {
- file = {
- path = toString (pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
- sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
- });
- useChecksum = true;
- };
- });
- nixpkgs-unstable = lib.mkForce {
- file.path = "/var/empty";
- };
diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix
deleted file mode 100644
index 7fd76974b..000000000
--- a/lass/1systems/coaxmetal/config.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/games.nix>
- <stockholm/lass/2configs/steam.nix>
- <stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/yellow-mounts/samba.nix>
- <stockholm/lass/2configs/pass.nix>
- <stockholm/lass/2configs/mail.nix>
- <stockholm/lass/2configs/bitcoin.nix>
- <stockholm/lass/2configs/review.nix>
- <stockholm/lass/2configs/dunst.nix>
- # <stockholm/krebs/2configs/ircd.nix>
- ];
- = config.krebs.hosts.coaxmetal;
- environment.systemPackages = with pkgs; [
- brain
- bank
- l-gen-secrets
- (pkgs.writeDashBin "deploy" ''
- set -eu
- export SYSTEM="$1"
- $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
- '')
- (pkgs.writeDashBin "usb-tether-on" ''
- adb shell su -c service call connectivity 33 i32 1 s16 text
- '')
- (pkgs.writeDashBin "usb-tether-off" ''
- adb shell su -c service call connectivity 33 i32 0 s16 text
- '')
- ];
- programs.adb.enable = true;
- hardware.bluetooth = {
- enable = true;
- powerOnBoot = true;
- };
- hardware.pulseaudio.package = pkgs.pulseaudioFull;
- nix.trustedUsers = [ "root" "lass" ];
- services.tor = {
- enable = true;
- client.enable = true;
- };
- documentation.nixos.enable = true;
diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix
deleted file mode 100644
index 6be047300..000000000
--- a/lass/1systems/coaxmetal/physical.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
- imports = [
- ./config.nix
- (modulesPath + "/installer/scan/not-detected.nix")
- ];
- networking.hostId = "e0c335ea";
- boot.zfs.requestEncryptionCredentials = true;
- boot.zfs.enableUnstable = true;
- boot.loader.efi.canTouchEfiVariables = true;
- boot.loader.grub = {
- enable = true;
- # device = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-1T00-1001_205349800040";
- device = "nodev";
- efiSupport = true;
- # efiInstallAsRemovable = true;
- };
- services.xserver.videoDrivers = [
- "amdgpu"
- ];
- hardware.opengl.extraPackages = [ pkgs.amdvlk ];
- environment.variables.VK_ICD_FILENAMES =
- "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
- boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-amd" ];
- fileSystems."/" = {
- device = "zpool/root/root";
- fsType = "zfs";
- };
- fileSystems."/home" = {
- device = "zpool/root/home";
- fsType = "zfs";
- };
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/50A7-1889";
- fsType = "vfat";
- };
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
- # Mouse stuff
- services.xserver.libinput.enable = lib.mkForce false;
- services.xserver.synaptics.enable = true;
- services.xserver.displayManager.sessionCommands = ''
- xinput disable 'ETPS/2 Elantech Touchpad'
- xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation' 1
- xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Button' 2
- xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Axes' 6 7 4 5
- '';
diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix
deleted file mode 100644
index abbf26c75..000000000
--- a/lass/1systems/coaxmetal/source.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ lib, pkgs, test, ... }: let
- npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
-in {
- nixpkgs = (if test then lib.mkForce ({ derivation = let
- rev = npkgs.rev;
- sha256 = npkgs.sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- ''; }) else {
- git.ref = lib.mkForce npkgs.rev;
- });
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
deleted file mode 100644
index c34dc0acf..000000000
--- a/lass/1systems/daedalus/config.nix
+++ /dev/null
@@ -1,115 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/pipewire.nix>
- # <stockholm/lass/2configs/nfs-dl.nix>
- {
- # bubsy config
- users.users.bubsy = {
- uid = genid "bubsy";
- home = "/home/bubsy";
- group = "users";
- createHome = true;
- extraGroups = [
- "audio"
- "networkmanager"
- "pipewire"
- # "plugdev"
- ];
- useDefaultShell = true;
- isNormalUser = true;
- };
- networking.networkmanager.enable = true;
- networking.wireless.enable = mkForce false;
- # programs.chromium = {
- # enable = true;
- # extensions = [
- # "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
- # ];
- # };
- environment.systemPackages = with pkgs; [
- ark
- pavucontrol
- #firefox
- chromium
- hexchat
- networkmanagerapplet
- libreoffice
- audacity
- zathura
- skypeforlinux
- wine
- geeqie
- vlc
- zsnes
- telegram-desktop
- ];
- # services.udev.packages = [ pkgs.ledger-udev-rules ];
- nixpkgs.config.firefox.enableAdobeFlash = true;
- services.xserver.enable = true;
- services.xserver.displayManager.lightdm.enable = true;
- services.xserver.desktopManager.plasma5.enable = true;
- services.tlp.enable = lib.mkForce false;
- services.xserver.layout = "de";
- }
- {
- users = {
- groups.plugdev = {};
- users = {
- bitcoin = {
- name = "bitcoin";
- description = "user for bitcoin stuff";
- home = "/home/bitcoin";
- isNormalUser = true;
- useDefaultShell = true;
- createHome = true;
- extraGroups = [
- "audio"
- "networkmanager"
- "plugdev"
- ];
- packages = [
- pkgs.electrum
- pkgs.electron-cash
- pkgs.ledger-live-desktop
- ];
- };
- };
- };
- hardware.ledger.enable = true;
- security.sudo.extraConfig = ''
- bubsy ALL=(bitcoin) NOPASSWD: ALL
- '';
- }
- {
- #remote control
- environment.systemPackages = with pkgs; [
- x11vnc
- # torbrowser
- ];
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
- ];
- }
- ];
- time.timeZone = "Europe/Berlin";
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
- = config.krebs.hosts.daedalus;
diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix
deleted file mode 100644
index d10ced7da..000000000
--- a/lass/1systems/daedalus/physical.nix
+++ /dev/null
@@ -1,24 +0,0 @@
- imports = [
- ./config.nix
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/coreboot.nix>
- ];
- fileSystems = {
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/backups" = {
- device = "/dev/pool/backup";
- fsType = "ext4";
- };
- };
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- '';
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
deleted file mode 100644
index 279cad10b..000000000
--- a/lass/1systems/dishfire/config.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/monitoring/prometheus.nix>
- <stockholm/lass/2configs/monitoring/telegraf.nix>
- <stockholm/lass/2configs/consul.nix>
- ];
- = config.krebs.hosts.dishfire;
diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix
deleted file mode 100644
index ca013132f..000000000
--- a/lass/1systems/dishfire/physical.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
- imports = [
- ./config.nix
- (modulesPath + "/profiles/qemu-guest.nix")
- ];
- boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
- boot.loader.grub.devices = [ "/dev/sda" ];
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd";
- fsType = "ext4";
- };
- swapDevices = [ ];
diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix
deleted file mode 100644
index eacdff782..000000000
--- a/lass/1systems/echelon/config.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/tor-initrd.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/green-host.nix>
- ];
- = config.krebs.hosts.echelon;
- boot.tmpOnTmpfs = true;
diff --git a/lass/1systems/echelon/physical.nix b/lass/1systems/echelon/physical.nix
deleted file mode 100644
index fbacc3927..000000000
--- a/lass/1systems/echelon/physical.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
- imports = [
- ./config.nix
- (modulesPath + "/profiles/qemu-guest.nix")
- ];
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.efiInstallAsRemovable = true;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.initrd.luks.devices.luksroot.device = "/dev/sda3";
- networking.useDHCP = false;
- networking.interfaces.ens18.useDHCP = true;
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/5186edb1-9234-48ae-8679-61facb56b818";
- fsType = "xfs";
- };
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/56D1-34A0";
- fsType = "vfat";
- };
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
deleted file mode 100644
index c232be9bd..000000000
--- a/lass/1systems/green/config.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/mail.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/sync/decsync.nix>
- <stockholm/lass/2configs/weechat.nix>
- <stockholm/lass/2configs/bitlbee.nix>
- <stockholm/lass/2configs/muchsync.nix>
- <stockholm/lass/2configs/pass.nix>
- <stockholm/lass/2configs/git-brain.nix>
- <stockholm/lass/2configs/et-server.nix>
- <stockholm/lass/2configs/consul.nix>
- <stockholm/lass/2configs/atuin-server.nix>
- ];
- =;
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y";
- };
- systemd.tmpfiles.rules = [
- "d /home/lass/.local/share 0700 lass users -"
- "d /home/lass/.local 0700 lass users -"
- "d /home/lass/.config 0700 lass users -"
- "d /var/state/lass_mail 0700 lass users -"
- "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail"
- "d /var/state/lass_ssh 0700 lass users -"
- "L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh"
- "d /var/state/lass_gpg 0700 lass users -"
- "L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg"
- "d /var/state/lass_sync 0700 lass users -"
- "L+ /home/lass/sync - - - - ../../var/state/lass_sync"
- "d /var/state/git 0700 git nogroup -"
- "L+ /var/lib/git - - - - ../../var/state/git"
- ];
- users.users.mainUser.openssh.authorizedKeys.keys = [
- config.krebs.users.lass-android.pubkey
- config.krebs.users.lass-tablet.pubkey
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; }
- ];
- # workaround for ssh access from yubikey via android
- services.openssh.extraConfig = ''
- HostKeyAlgorithms +ssh-rsa
- PubkeyAcceptedAlgorithms +ssh-rsa
- '';
- services.dovecot2 = {
- enable = true;
- mailLocation = "maildir:~/Maildir";
- };
- networking.firewall.allowedTCPPorts = [ 143 ];
diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix
deleted file mode 100644
index 8577daf34..000000000
--- a/lass/1systems/green/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = true;
diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix
deleted file mode 100644
index 4acdb0c26..000000000
--- a/lass/1systems/green/source.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ lib, pkgs, test, ... }: let
- npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
-in if test then {} else {
- nixpkgs.git.ref = lib.mkForce npkgs.rev;
- nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix
deleted file mode 100644
index 953b5d0d4..000000000
--- a/lass/1systems/hilum/config.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/syncthing.nix>
- ];
- = config.krebs.hosts.hilum;
- boot.loader.grub = {
- extraEntries = ''
- submenu isos {
- source /grub/autoiso.cfg
- }
- '';
- extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation {
- name = "autoiso.cfg";
- src = pkgs.grub2.src;
- phases = [ "unpackPhase" "installPhase" ];
- installPhase = ''
- cp docs/autoiso.cfg $out
- '';
- });
- };
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
- boot.tmpOnTmpfs = true;
diff --git a/lass/1systems/hilum/disk.nix b/lass/1systems/hilum/disk.nix
deleted file mode 100644
index b5199d432..000000000
--- a/lass/1systems/hilum/disk.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ lib, disk, keyFile, ... }:
- disk = {
- main = {
- type = "disk";
- device = disk;
- content = {
- type = "table";
- format = "gpt";
- partitions = [
- {
- name = "boot";
- start = "0";
- end = "1M";
- flags = ["bios_grub"];
- }
- {
- name = "ESP";
- start = "1M";
- end = "50%";
- bootable = true;
- content = {
- type = "filesystem";
- format = "vfat";
- mountpoint = "/boot";
- };
- }
- {
- name = "root";
- start = "50%";
- end = "100%";
- content = {
- type = "filesystem";
- format = "ext4";
- mountpoint = "/";
- };
- }
- ];
- };
- };
- };
diff --git a/lass/1systems/hilum/ b/lass/1systems/hilum/
deleted file mode 100755
index 9846ea087..000000000
--- a/lass/1systems/hilum/
+++ /dev/null
@@ -1,43 +0,0 @@
-set -efux
-cd "$(dirname "$0")"
-(umask 077; pass show admin/hilum/luks > /tmp/hilum.luks)
-trap 'rm -f /tmp/hilum.luks' EXIT
-echo "$disk" > /tmp/hilum-disk
-trap 'rm -f /tmp/hilum-disk' EXIT
-stockholm_root=$(git rev-parse --show-toplevel)
-ssh root@localhost -t -- $(nix-build \
- --no-out-link \
- -I nixpkgs=/var/src/nixpkgs \
- -I stockholm="$stockholm_root" \
- -I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \
- -E "with import <nixpkgs> {}; (pkgs.nixos [
- {
- luksPassFile = \"/tmp/hilum.luks\";
- mainDisk = \"$disk\";
- disko.rootMountPoint = \"/mnt/hilum\";
- }
- ./physical.nix
- ]).disko"
-rm -f /tmp/hilum.luks
-$(nix-build \
- --no-out-link \
- -I nixpkgs=/var/src/nixpkgs \
- "$stockholm_root"/lass/krops.nix -A populate \
- --argstr name hilum \
- --argstr target "root@localhost/mnt/hilum/var/src" \
- --arg force true
-ssh root@localhost << SSH
-set -efux
-mkdir -p /mnt/hilum/etc
-NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-bootloader --no-root-password --root /mnt/hilum -I /var/src
-nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader
-umount -Rv /mnt/hilum
diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix
deleted file mode 100644
index 9caf8e531..000000000
--- a/lass/1systems/hilum/physical.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- {
- # nice hack to carry around state passed impurely at the beginning
- options.mainDisk = let
- tryFile = path: default:
- if lib.elem (builtins.baseNameOf path) (lib.attrNames (builtins.readDir (builtins.dirOf path))) then
- builtins.readFile path
- else
- default
- ;
- in lib.mkOption {
- type = lib.types.str;
- default = tryFile "/etc/hilum-disk" (tryFile "/tmp/hilum-disk" "/dev/sdz");
- };
- config.environment.etc.hilum-disk.text = config.mainDisk;
- }
- {
- options.luksPassFile = lib.mkOption {
- type = lib.types.nullOr lib.types.str;
- default = null;
- };
- }
- ];
- disko.devices = import ./disk.nix {
- inherit lib;
- disk = config.mainDisk;
- keyFile = config.luksPassFile;
- };
- boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
- boot.loader.grub.enable = true;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.device = config.mainDisk;
- boot.loader.grub.efiInstallAsRemovable = true;
- swapDevices = [ ];
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
- #weird bug with nixos-enter
- services.logrotate.enable = false;
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
deleted file mode 100644
index 2d2f23f95..000000000
--- a/lass/1systems/icarus/config.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/mouse.nix>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/git.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/pipewire.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/games.nix>
- <stockholm/lass/2configs/bitcoin.nix>
- <stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/nfs-dl.nix>
- #<stockholm/lass/2configs/prism-share.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/home-media.nix>
- <stockholm/lass/2configs/snapclient.nix>
- ];
- = config.krebs.hosts.icarus;
- services.xserver.displayManager.lightdm.autoLogin = {
- enable = true;
- user = "media";
- };
- environment.systemPackages = [ pkgs.chromium ];
diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix
deleted file mode 100644
index 0b1aff4a8..000000000
--- a/lass/1systems/icarus/physical.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- ./config.nix
- #<stockholm/lass/2configs/hw/x220.nix>
- #<stockholm/lass/2configs/boot/universal.nix>
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- <stockholm/krebs/2configs/hw/x220.nix>
- ];
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.efiInstallAsRemovable = true;
- boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6";
- boot.initrd.luks.devices.ssd.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6-part3";
- boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "sd_mod" "sdhci_pci" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/298eb635-8db2-4c15-a73d-2e0d6afa10e8";
- fsType = "xfs";
- };
- fileSystems."/home" = {
- device = "/dev/disk/by-uuid/eec94bef-e745-4d95-ad17-4df728f5fd31";
- fsType = "xfs";
- };
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/D975-2CAB";
- fsType = "vfat";
- };
- swapDevices = [ ];
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- '';
- services.logind.lidSwitch = "ignore";
diff --git a/lass/1systems/lasspi/config.nix b/lass/1systems/lasspi/config.nix
deleted file mode 100644
index d2207627d..000000000
--- a/lass/1systems/lasspi/config.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- ];
- = config.krebs.hosts.lasspi;
- networking = {
- networkmanager = {
- enable = true;
- };
- };
- environment.systemPackages = with pkgs; [
- vim
- rxvt-unicode-unwrapped.terminfo
- ];
- services.openssh.enable = true;
- system.stateVersion = "22.05";
diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix
deleted file mode 100644
index 07efb5ca5..000000000
--- a/lass/1systems/lasspi/physical.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
- imports = [
- (modulesPath + "/installer/scan/not-detected.nix")
- ./config.nix
- ];
- boot = {
- # kernelPackages = pkgs.linuxPackages_rpi4;
- tmpOnTmpfs = true;
- initrd.availableKernelModules = [ "usbhid" "usb_storage" "xhci_pci" ];
- # ttyAMA0 is the serial console broken out to the GPIO
- kernelParams = [
- "8250.nr_uarts=1"
- "console=ttyAMA0,115200"
- "console=tty1"
- # Some gui programs need this
- "cma=128M"
- ];
- };
- # boot.loader.raspberryPi = {
- # enable = true;
- # version = 4;
- # # uboot.enable = true;
- # };
- boot.loader.grub.enable = false;
- boot.loader.generic-extlinux-compatible.enable = true;
- # Required for the Wireless firmware
- hardware.enableRedistributableFirmware = true;
- networking.interfaces.eth0.useDHCP = true;
- # Assuming this is installed on top of the disk image.
- fileSystems = {
- "/" = {
- device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
- fsType = "ext4";
- options = [ "noatime" ];
- };
- };
- powerManagement.cpuFreqGovernor = "ondemand";
diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
deleted file mode 100644
index adf8aeeb1..000000000
--- a/lass/1systems/littleT/config.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/blue-host.nix>
- <stockholm/lass/2configs/green-host.nix>
- <stockholm/lass/2configs/syncthing.nix>
- ];
- networking.networkmanager.enable = true;
- networking.wireless.enable = mkForce false;
- time.timeZone = "Europe/Berlin";
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
- = config.krebs.hosts.littleT;
diff --git a/lass/1systems/littleT/physical.nix b/lass/1systems/littleT/physical.nix
deleted file mode 100644
index 550f058a8..000000000
--- a/lass/1systems/littleT/physical.nix
+++ /dev/null
@@ -1,25 +0,0 @@
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
- fileSystems."/" =
- { device = "rpool/root";
- fsType = "zfs";
- };
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/5B2E-3734";
- fsType = "vfat";
- };
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.efiInstallAsRemovable = true;
- boot.loader.grub.device = "nodev";
- networking.hostId = "584248c6";
- boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
- boot.kernelModules = [ "kvm-intel" ];
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
deleted file mode 100644
index 1b205f25c..000000000
--- a/lass/1systems/mors/config.nix
+++ /dev/null
@@ -1,145 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/mouse.nix>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/pipewire.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/bitcoin.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/games.nix>
- <stockholm/lass/2configs/pass.nix>
- <stockholm/lass/2configs/elster.nix>
- <stockholm/lass/2configs/steam.nix>
- <stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/mail.nix>
- <stockholm/lass/2configs/logf.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/sync/decsync.nix>
- <stockholm/lass/2configs/sync/weechat.nix>
- <stockholm/lass/2configs/sync/the_playlist.nix>
- #<stockholm/lass/2configs/c-base.nix>
- <stockholm/lass/2configs/br.nix>
- <stockholm/lass/2configs/ableton.nix>
- <stockholm/lass/2configs/dunst.nix>
- <stockholm/lass/2configs/rtl-sdr.nix>
- <stockholm/lass/2configs/print.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/nfs-dl.nix>
- <stockholm/lass/2configs/green-host.nix>
- <stockholm/krebs/2configs/news-host.nix>
- <stockholm/lass/2configs/ppp/x220-modem.nix>
- <stockholm/lass/2configs/ppp/umts-stick.nix>
- # <stockholm/lass/2configs/remote-builder/morpheus.nix>
- # <stockholm/lass/2configs/remote-builder/prism.nix>
- <stockholm/lass/2configs/autotether.nix>
- {
- krebs.iptables.tables.filter.INPUT.rules = [
- #risk of rain
- { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
- #quake3
- { predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; }
- ];
- }
- {
- services.nginx = {
- enable = true;
- virtualHosts.default = {
- default = true;
- serverAliases = [
- "localhost"
- "${}"
- "${}.r"
- ];
- locations."~ ^/~(.+?)(/.*)?\$".extraConfig = ''
- alias /home/$1/public_html$2;
- '';
- };
- };
- }
- {
- services.redis.enable = true;
- }
- {
- environment.systemPackages = [
- pkgs.adb-sync
- pkgs.transgui
- ];
- }
- {
- services.tor = {
- enable = true;
- client.enable = true;
- };
- }
- ];
- = config.krebs.hosts.mors;
- environment.systemPackages = with pkgs; [
- acronym
- brain
- cac-api
- sshpass
- get
- hashPassword
- urban
- mk_sql_pair
- remmina
- transmission
- macchanger
- dnsutils
- woeusb
- (pkgs.writeDashBin "play-on" ''
- HOST=$(echo 'styx\nshodan' | fzfmenu)
- ssh -t "$HOST" -- mpv "$@"
- '')
- ];
- #TODO: fix this shit
- ##fprint stuff
- ##sudo fprintd-enroll $USER to save fingerprints
- #services.fprintd.enable = true;
- = true;
- users.extraGroups = {
- loot = {
- members = [
- "firefox"
- "chromium"
- "google"
- "virtual"
- ];
- };
- };
- krebs.repo-sync.timerConfig = {
- OnCalendar = "00:37";
- };
- nixpkgs.config.android_sdk.accept_license = true;
- programs.adb.enable = true;
- users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
- virtualisation.docker.enable = true;
- virtualisation.libvirtd.enable = true;
- services.earlyoom = {
- enable = true;
- freeMemThreshold = 5;
- };
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
deleted file mode 100644
index 2ffbf88c0..000000000
--- a/lass/1systems/mors/physical.nix
+++ /dev/null
@@ -1,48 +0,0 @@
- imports = [
- ./config.nix
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/universal.nix>
- ];
- boot.kernelParams = [ "acpi_backlight=native" ];
- fileSystems = {
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/home/virtual" = {
- device = "/dev/mapper/pool-virtual";
- fsType = "ext4";
- };
- "/backups" = {
- device = "/dev/pool/backup";
- fsType = "ext4";
- };
- };
- services.udev.extraRules = ''
- SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:37:15:d9", NAME="et0"
- '';
- #TODO activationScripts seem broken, fix them!
- #activationScripts
- #split up and move into base
- system.activationScripts.powertopTunables = ''
- #Runtime PMs
- echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
- '';
diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix
deleted file mode 100644
index abbf26c75..000000000
--- a/lass/1systems/mors/source.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ lib, pkgs, test, ... }: let
- npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
-in {
- nixpkgs = (if test then lib.mkForce ({ derivation = let
- rev = npkgs.rev;
- sha256 = npkgs.sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- ''; }) else {
- git.ref = lib.mkForce npkgs.rev;
- });
diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix
deleted file mode 100644
index 79402959e..000000000
--- a/lass/1systems/neoprism/config.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/mail/internet-gateway.nix>
- <stockholm/lass/2configs/binary-cache/server.nix>
- <stockholm/lass/2configs/matrix.nix>
- <stockholm/lass/2configs/gsm-wiki.nix>
- # sync-containers
- <stockholm/lass/2configs/consul.nix>
- <stockholm/lass/2configs/services/flix/container-host.nix>
- <stockholm/lass/2configs/services/radio/container-host.nix>
- <stockholm/lass/2configs/ubik-host.nix>
- <stockholm/lass/2configs/orange-host.nix>
- <stockholm/krebs/2configs/hotdog-host.nix>
- # other containers
- <stockholm/lass/2configs/riot.nix>
- # proxying of services
- <stockholm/lass/2configs/services/radio/proxy.nix>
- <stockholm/lass/2configs/services/flix/proxy.nix>
- <stockholm/lass/2configs/services/coms/proxy.nix>
- ];
- = config.krebs.hosts.neoprism;
- networking.firewall.allowedTCPPorts = [ 80 443 ];
- security.acme.acceptTerms = true;
- = "";
- services.nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedTlsSettings = true;
- enableReload = true;
- virtualHosts.default = {
- default = true;
- locations."= /etc/os-release".extraConfig = ''
- default_type text/plain;
- alias /etc/os-release;
- '';
- locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
- };
- };
diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix
deleted file mode 100644
index c5bd44c94..000000000
--- a/lass/1systems/neoprism/disk.nix
+++ /dev/null
@@ -1,118 +0,0 @@
-{ lib, ... }:
- disk = (lib.genAttrs [ "/dev/nvme0n1" "/dev/nvme1n1" ] (disk: {
- type = "disk";
- device = disk;
- content = {
- type = "gpt";
- partitions = {
- boot = {
- size = "1M";
- type = "EF02";
- };
- ESP = {
- size = "1G";
- content = {
- type = "mdraid";
- name = "boot";
- };
- };
- zfs = {
- size = "100%";
- content = {
- type = "zfs";
- pool = "zroot";
- };
- };
- };
- };
- })) // {
- hdd1 = {
- type = "disk";
- device = "/dev/sda";
- content = {
- type = "zfs";
- pool = "tank";
- };
- };
- };
- mdadm = {
- boot = {
- type = "mdadm";
- level = 1;
- metadata = "1.0";
- content = {
- type = "filesystem";
- format = "vfat";
- mountpoint = "/boot";
- };
- };
- };
- zpool = {
- zroot = {
- type = "zpool";
- mode = "mirror";
- mountpoint = "/";
- rootFsOptions = {
- };
- datasets.reserved = {
- type = "zfs_fs";
- options.refreservation = "1G";
- };
- };
- tank = {
- type = "zpool";
- datasets = {
- reserved = {
- type = "zfs_fs";
- options.refreservation = "1G";
- };
- containers = {
- type = "zfs_fs";
- mountpoint = "/var/lib/containers";
- options = {
- canmount = "noauto";
- };
- };
- home = {
- type = "zfs_fs";
- mountpoint = "/home";
- options = {
- canmount = "noauto";
- };
- };
- srv = {
- type = "zfs_fs";
- mountpoint = "/srv";
- options = {
- canmount = "noauto";
- };
- };
- libvirt = {
- type = "zfs_fs";
- mountpoint = "/var/lib/libvirt";
- options = {
- canmount = "noauto";
- };
- };
- # encrypted = {
- # type = "zfs_fs";
- # options = {
- # canmount = "noauto";
- # mountpoint = "none";
- # encryption = "aes-256-gcm";
- # keyformat = "passphrase";
- # keylocation = "prompt";
- # };
- # };
- # "encrypted/download" = {
- # type = "zfs_fs";
- # mountpoint = "/var/download";
- # options = {
- # canmount = "noauto";
- # };
- # };
- };
- };
- };
diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix
deleted file mode 100644
index f2092d9aa..000000000
--- a/lass/1systems/neoprism/physical.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
- disko.devices = import ./disk.nix;
- networking.hostId = "9c0a74ac";
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
- boot.kernelModules = [ "kvm-amd" ];
- hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
- # networking config
- networking.useNetworkd = true;
- = {
- enable = true;
- config = {
- networkConfig.SpeedMeter = true;
- };
- # netdevs.ext-br.netdevConfig = {
- # Kind = "bridge";
- # Name = "ext-br";
- # MACAddress = "a8:a1:59:0f:2d:69";
- # };
- # networks.ext-br = {
- # name = "ext-br";
- # address = [
- # ""
- # "2a01:4f9:4a:4f1a::1/64"
- # ];
- # gateway = [
- # ""
- # "fe80::1"
- # ];
- # };
- networks.eth0 = {
- #bridge = [ "ext-br" ];
- matchConfig.Name = "eth0";
- address = [
- ""
- "2a01:4f9:4a:4f1a::1/64"
- ];
- gateway = [
- ""
- "fe80::1"
- ];
- };
- };
- networking.useDHCP = false;
- = {
- enable = true;
- ssh = {
- enable = true;
- authorizedKeys = [ config.krebs.users.lass.pubkey ];
- port = 2222;
- hostKeys = [
- (toString <secrets/ssh.id_ed25519>)
- (toString <secrets/ssh.id_rsa>)
- ];
- };
- };
- boot.kernelParams = [
- "net.ifnames=0"
- "ip=dhcp"
- "boot.trace"
- ];
diff --git a/lass/1systems/orange/config.nix b/lass/1systems/orange/config.nix
deleted file mode 100644
index 47867c31f..000000000
--- a/lass/1systems/orange/config.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/mumble-reminder.nix>
- <stockholm/lass/2configs/services/git>
- ];
- =;
- services.nginx.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 443 ];
- security.acme = {
- acceptTerms = true;
- = "";
- };
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWzKuXrwQopBc1mzb2VpljmwAs7Y8bRl9a8hBXLC+l";
- };
diff --git a/lass/1systems/orange/physical.nix b/lass/1systems/orange/physical.nix
deleted file mode 100644
index 8577daf34..000000000
--- a/lass/1systems/orange/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = true;
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
deleted file mode 100644
index 1faa23ec3..000000000
--- a/lass/1systems/prism/config.nix
+++ /dev/null
@@ -1,488 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/libvirt.nix>
- <stockholm/lass/2configs/tv.nix>
- <stockholm/lass/2configs/websites/lassulus.nix>
- <stockholm/lass/2configs/telegraf.nix>
- {
- services.nginx.enable = true;
- imports = [
- <stockholm/lass/2configs/websites/domsen.nix>
- ];
- # needed by domsen.nix ^^
- lass.usershadow = {
- enable = true;
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
- ];
- }
- { # TODO make new hfos.nix out of this vv
- users.users.riot = {
- uid = genid_uint31 "riot";
- isNormalUser = true;
- extraGroups = [ "libvirtd" ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
- ];
- };
- krebs.iptables.tables.filter.FORWARD.rules = mkBefore [
- { v6 = false; predicate = "--destination"; target = "ACCEPT"; }
- { v6 = false; predicate = "--source"; target = "ACCEPT"; }
- ];
- }
- {
- = {
- uid = genid_uint31 "tv";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- ];
- };
- users.users.makefu = {
- uid = genid_uint31 "makefu";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.makefu.pubkey
- ];
- };
- users.extraUsers.dritter = {
- uid = genid_uint31 "dritter";
- isNormalUser = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
- ];
- };
- users.extraUsers.juhulian = {
- uid = 1339;
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
- ];
- };
- users.users.hellrazor = {
- uid = genid_uint31 "hellrazor";
- isNormalUser = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
- };
- }
- {
- #hotdog
-"container@hotdog".reloadIfChanged = mkForce false;
- containers.hotdog = {
- config = { ... }: {
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "";
- localAddress = "";
- };
- }
- {
- services.nginx.virtualHosts."" = {
- enableACME = true;
- addSSL = true;
- locations."/" = {
- # recommendedProxySettings = true;
- proxyWebsockets = true;
- proxyPass = "http://radio.r";
- extraConfig = ''
- proxy_set_header Host radio.r;
- # get source ip for weather reports
- proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr";
- '';
- };
- };
- = {
- port = 8000;
- scriptFile = pkgs.writers.writeDash "redir" ''
- printf 'HTTP/1.1 301 Moved Permanently\r\n'
- printf "Location:''${Request_URI}\r\n"
- printf '\r\n'
- '';
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
- ];
- }
- <stockholm/lass/2configs/exim-smarthost.nix>
- <stockholm/lass/2configs/privoxy-retiolum.nix>
- <stockholm/lass/2configs/binary-cache/server.nix>
- <stockholm/lass/2configs/binary-cache/proxy.nix>
- <stockholm/lass/2configs/iodined.nix>
- <stockholm/lass/2configs/paste.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/green-host.nix>
- <stockholm/lass/2configs/reaktor-coders.nix>
- <stockholm/lass/2configs/ciko.nix>
- <stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/services/coms/jitsi.nix>
- <stockholm/lass/2configs/fysiirc.nix>
- <stockholm/lass/2configs/bgt-bot>
- <stockholm/lass/2configs/matrix.nix>
- <stockholm/krebs/2configs/mastodon-proxy.nix>
- {
- services.tor = {
- enable = true;
- };
- }
- {
- imports = [
- <stockholm/lass/2configs/realwallpaper.nix>
- ];
- services.nginx.virtualHosts."".locations = {
- "= /wallpaper-marker.png".extraConfig = ''
- alias /var/realwallpaper/realwallpaper-marker.png;
- '';
- "= /wallpaper.png".extraConfig = ''
- alias /var/realwallpaper/realwallpaper.png;
- '';
- };
- }
- {
- users.users.jeschli = {
- uid = genid_uint31 "jeschli";
- isNormalUser = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- jeschli.pubkey
- jeschli-bln.pubkey
- jeschli-bolide.pubkey
- jeschli-brauerei.pubkey
- ];
- };
- krebs.git.rules = [
- {
- user = with config.krebs.users; [
- jeschli
- jeschli-bln
- jeschli-bolide
- jeschli-brauerei
- ];
- repo = [ config.krebs.git.repos.xmonad-stockholm ];
- perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ];
- }
- {
- user = with config.krebs.users; [
- jeschli
- jeschli-bln
- jeschli-bolide
- jeschli-brauerei
- ];
- repo = [ ];
- perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ];
- }
- ];
- }
- {
- = {
- OnBootSec = "5min";
- OnUnitInactiveSec = "2min";
- RandomizedDelaySec = "2min";
- };
- }
- <stockholm/lass/2configs/minecraft.nix>
- <stockholm/lass/2configs/codimd.nix>
- <stockholm/lass/2configs/searx.nix>
- {
- services.taskserver = {
- enable = true;
- fqdn = "";
- listenHost = "::";
- listenPort = 53589;
- organisations.lass.users = [ "lass" "android" ];
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
- ];
- }
- <stockholm/lass/2configs/go.nix>
- {
- environment.systemPackages = [ pkgs.cryptsetup ];
-"container@red".reloadIfChanged = mkForce false;
- = {
- config = { ... }: {
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "";
- localAddress = "";
- };
- }
- {
- = [
- ];
- }
- {
- lass.nichtparasoup.enable = true;
- services.nginx = {
- enable = true;
- virtualHosts."" = {
- forceSSL = true;
- enableACME = true;
- locations."/".extraConfig = ''
- proxy_pass http://localhost:5001;
- '';
- };
- };
- }
- {
- imports = [
- <stockholm/lass/2configs/wiregrill.nix>
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = mkOrder 999 [
- { v6 = false; predicate = "-s"; target = "ACCEPT"; }
- { v4 = false; predicate = "-s 42:1::/32"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = mkBefore [
- { predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
- { predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; }
- { v6 = false; predicate = "-s ! -d"; target = "MASQUERADE"; }
- ];
- services.dnsmasq = {
- enable = true;
- resolveLocalQueries = false;
- extraConfig= ''
- listen-address=42:1:ce16::1,
- except-interface=lo
- interface=wiregrill
- '';
- };
- }
- {
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT"; }
- ];
- }
- <stockholm/lass/2configs/services/coms/murmur.nix>
- <stockholm/lass/2configs/docker.nix>
- {
-"container@yellow".reloadIfChanged = mkForce false;
- containers.yellow = {
- config = { ... }: {
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "";
- localAddress = "";
- };
- services.nginx.virtualHosts."jelly.r" = {
- locations."/".extraConfig = ''
- proxy_pass;
- proxy_set_header Accept-Encoding "";
- '';
- };
- services.nginx.virtualHosts."flix.r" = {
- locations."/".extraConfig = ''
- proxy_pass;
- proxy_set_header Accept-Encoding "";
- '';
- };
- services.nginx.virtualHosts."" = {
- locations."^~ /flix/".extraConfig = ''
- if ($scheme != "https") {
- rewrite ^ https://$host$request_uri permanent;
- }
- auth_basic "Restricted Content";
- auth_basic_user_file ${pkgs.writeText "flix-user-pass" ''
- krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
- ''};
- proxy_pass;
- proxy_set_header Accept-Encoding "";
- sub_filter "" "";
- sub_filter_once off;
- '';
- locations."^~ /chatty/".extraConfig = ''
- rewrite ^ https://$host/flix/$request_uri permanent;
- '';
- #locations."^~ /transmission".return = "301 https://$host/transmission/web/";
- locations."^~ /transmission/".extraConfig = ''
- if ($scheme != "https") {
- rewrite ^ https://$host$request_uri permanent;
- }
- auth_basic "Restricted Content";
- auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
- krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
- ''};
- proxy_pass_header X-Transmission-Session-Id;
- proxy_pass;
- '';
- };
- = {};
- users.users = {
- download = {
- createHome = true;
- group = "download";
- name = "download";
- home = "/var/download";
- useDefaultShell = true;
- uid = genid "download";
- isSystemUser = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- lass.pubkey
- lass-android.pubkey
- makefu.pubkey
- palo.pubkey
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
- "AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki11:15 <Profpatsch> AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki"
- mic92.pubkey
- qubasa.pubkey
- ];
- };
- };
- system.activationScripts.downloadFolder = ''
- mkdir -p /var/download
- chmod 775 /var/download
- ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
- chown download: /var/download/finished
- '';
- fileSystems."/export/download" = {
- device = "/var/lib/containers/yellow/var/download/finished";
- options = [ "bind" ];
- };
- services.nfs.server = {
- enable = true;
- exports = ''
- /export 42::/16(insecure,ro,crossmnt)
- '';
- lockdPort = 4001;
- mountdPort = 4002;
- statdPort = 4000;
- };
- services.samba = {
- enable = true;
- enableNmbd = false;
- extraConfig = ''
- workgroup = WORKGROUP
- netbios name = PRISM
- server string = ${config.networking.hostName}
- # only allow retiolum addresses
- hosts allow = 42::/16
- # Use sendfile() for performance gain
- use sendfile = true
- # No NetBIOS is needed
- disable netbios = true
- # Only mangle non-valid NTFS names, don't care about DOS support
- mangled names = illegal
- # Performance optimizations
- # Disable all printing
- load printers = false
- disable spoolss = true
- printcap name = /dev/null
- map to guest = Bad User
- max log size = 50
- dns proxy = no
- security = user
- [global]
- syslog only = yes
- '';
- shares.public = {
- comment = "Warez";
- path = "/export";
- public = "yes";
- "only guest" = "yes";
- "create mask" = "0644";
- "directory mask" = "2777";
- writable = "no";
- printable = "no";
- };
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- # smbd
- { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
- ];
- }
- {
- users.users.shannan = {
- uid = genid_uint31 "shannan";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.shannan.pubkey
- ];
- };
- }
- {
- nix.trustedUsers = [ "mic92" ];
- users.users.mic92 = {
- uid = genid_uint31 "mic92";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.mic92.pubkey
- ];
- };
- }
- ];
- = config.krebs.hosts.prism;
- services.earlyoom = {
- enable = true;
- freeMemThreshold = 5;
- };
- # prism rsa hack
- services.openssh.hostKeys = [{
- path = toString <secrets> + "ssh.id_rsa";
- type = "rsa";
- }];
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
deleted file mode 100644
index ebc80411b..000000000
--- a/lass/1systems/prism/physical.nix
+++ /dev/null
@@ -1,111 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
- boot.kernelModules = [ "kvm-intel" ];
- fileSystems."/" = {
- device = "rpool/root/nixos";
- fsType = "zfs";
- };
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804";
- fsType = "ext4";
- };
- fileSystems."/backups" = {
- device = "tank/backups";
- fsType = "zfs";
- };
- fileSystems."/srv/http" = {
- device = "tank/srv-http";
- fsType = "zfs";
- };
- fileSystems."/var/download" = {
- device = "tank/download";
- fsType = "zfs";
- };
- fileSystems."/var/lib/containers" = {
- device = "tank/containers";
- fsType = "zfs";
- };
- fileSystems."/home" = {
- device = "tank/home";
- fsType = "zfs";
- };
- fileSystems."/var/lib/nextcloud" = {
- device = "tank/nextcloud";
- fsType = "zfs";
- };
- fileSystems."/var/lib/libvirt" = {
- device = "tank/libvirt";
- fsType = "zfs";
- };
- fileSystems."/var/realwallpaper/archive" = {
- device = "tank/wallpaper";
- fsType = "zfs";
- };
- fileSystems."/home/xanf" = {
- device = "/dev/disk/by-id/wwn-0x500a07511becb076";
- fsType = "ext4";
- };
- # silence mdmonitor.service failures
- #
- environment.etc."mdadm.conf".text = ''
- '';
- nix.maxJobs = lib.mkDefault 8;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
- # we don't pay for power there and this might solve a problem we observed at least once
- #
- boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" ];
- networking.dhcpcd.enable = false;
- networking.useNetworkd = lib.mkForce false;
- = lib.mkForce false;
- # bridge config
- networking.bridges."ext-br".interfaces = [ "eth0" ];
- networking = {
- hostId = "2283aaae";
- defaultGateway = "";
- defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; };
- # Use google's public DNS server
- nameservers = [ "" ];
- interfaces.ext-br.ipv4.addresses = [
- {
- address = "";
- prefixLength = 26;
- }
- ];
- interfaces.ext-br.ipv6.addresses = [
- {
- address = "2a01:4f9:2a:1e9::1";
- prefixLength = 64;
- }
- ];
- };
diff --git a/lass/1systems/radio/config.nix b/lass/1systems/radio/config.nix
deleted file mode 100644
index 00e9bd3fe..000000000
--- a/lass/1systems/radio/config.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/services/radio>
- ];
- =;
- security.acme = {
- acceptTerms = true;
- = "";
- };
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvPKdbVwMEFCDMyNAzR8NdVjTbQL2G+03Xomxn6KKFt";
- };
diff --git a/lass/1systems/radio/physical.nix b/lass/1systems/radio/physical.nix
deleted file mode 100644
index 8577daf34..000000000
--- a/lass/1systems/radio/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = true;
diff --git a/lass/1systems/radio/source.nix b/lass/1systems/radio/source.nix
deleted file mode 100644
index 4acdb0c26..000000000
--- a/lass/1systems/radio/source.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ lib, pkgs, test, ... }: let
- npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
-in if test then {} else {
- nixpkgs.git.ref = lib.mkForce npkgs.rev;
- nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
deleted file mode 100644
index 5e48c216a..000000000
--- a/lass/1systems/shodan/config.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/mouse.nix>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/pipewire.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/bitcoin.nix>
- <stockholm/lass/2configs/blue-host.nix>
- <stockholm/lass/2configs/green-host.nix>
- <stockholm/krebs/2configs/news-host.nix>
- <stockholm/lass/2configs/yellow-mounts/samba.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/consul.nix>
- <stockholm/lass/2configs/red-host.nix>
- <stockholm/lass/2configs/snapclient.nix>
- ];
- = config.krebs.hosts.shodan;
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
deleted file mode 100644
index f94edcf9b..000000000
--- a/lass/1systems/shodan/physical.nix
+++ /dev/null
@@ -1,45 +0,0 @@
- #TODO reinstall with correct layout and use lass/hw/x220
- imports = [
- ./config.nix
- <stockholm/krebs/2configs/hw/x220.nix>
- ];
- boot = {
- loader.grub.enable = true;
- loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
- initrd.luks.devices.lusksroot.device = "/dev/sda2";
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/pool/nix";
- fsType = "btrfs";
- };
- "/boot" = {
- device = "/dev/sda1";
- };
- "/home" = {
- device = "/dev/mapper/pool-home";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/bku" = {
- device = "/dev/pool/bku";
- fsType = "btrfs";
- };
- "/backups" = {
- device = "/dev/pool/backup";
- fsType = "ext4";
- };
- };
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
- SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:69:ea:71", NAME="int0"
- '';
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
deleted file mode 100644
index 4da4dffb8..000000000
--- a/lass/1systems/skynet/config.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/blue-host.nix>
- <stockholm/lass/2configs/green-host.nix>
- <stockholm/lass/2configs/power-action.nix>
- <stockholm/lass/2configs/syncthing.nix>
- {
- services.xserver.enable = true;
- services.xserver.desktopManager.xfce.enable = true;
- users.users.discordius = {
- uid = genid "diskordius";
- isNormalUser = true;
- extraGroups = [
- "audio"
- "networkmanager"
- ];
- };
- environment.systemPackages = with pkgs; [
- google-chrome
- ];
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
- }
- ];
- = config.krebs.hosts.skynet;
- networking.wireless.enable = false;
- networking.networkmanager.enable = true;
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix
deleted file mode 100644
index e3451293f..000000000
--- a/lass/1systems/skynet/physical.nix
+++ /dev/null
@@ -1,29 +0,0 @@
- imports = [
- ./config.nix
- <stockholm/krebs/2configs/hw/x220.nix>
- ];
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.efiInstallAsRemovable = true;
- boot.loader.grub.device = "nodev";
- networking.hostId = "06442b9a";
- fileSystems."/" =
- { device = "rpool/root";
- fsType = "zfs";
- };
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/0876-B308";
- fsType = "vfat";
- };
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
- '';
diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix
deleted file mode 100644
index 6c054abfe..000000000
--- a/lass/1systems/styx/config.nix
+++ /dev/null
@@ -1,116 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/mouse.nix>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/pipewire.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/nfs-dl.nix>
- <stockholm/lass/2configs/yellow-mounts/samba.nix>
- <stockholm/lass/2configs/gg23.nix>
- <stockholm/lass/2configs/hass>
- <stockholm/lass/2configs/green-host.nix>
- <stockholm/krebs/2configs/news-host.nix>
- # <stockholm/lass/2configs/br.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/home-media.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- # <stockholm/lass/2configs/idc.nix>
- <stockholm/lass/2configs/ppp/umts-stick.nix>
- <stockholm/lass/2configs/snapserver.nix>
- <stockholm/lass/2configs/snapclient.nix>
- ];
- = config.krebs.hosts.styx;
- networking.firewall.interfaces.int0.allowedTCPPorts = [ ];
- networking.firewall.interfaces.retiolum.allowedTCPPorts = [ ];
- networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ ];
- krebs.power-action.enable = mkForce false;
- environment.systemPackages = with pkgs; [
- wol
- (writeDashBin "wake-alien" ''
- ${wol}/bin/wol -h 10:65:30:68:83:a3
- '')
- (writers.writeDashBin "iptv" ''
- set -efu
- /run/current-system/sw/bin/mpv \
- --audio-display=no --audio-channels=stereo \
- --audio-samplerate=48000 --audio-format=s16 \
- --ao-pcm-file=/run/snapserver/snapfifo --ao=pcm \
- --audio-delay=-1 \
- --playlist= \
- --idle=yes \
- --input-ipc-server=/tmp/mpv.ipc \
- "$@"
- '')
- ];
- users.users.mainUser.openssh.authorizedKeys.keys = [
- config.krebs.users.lass-android.pubkey
- ];
- #
- services.smokeping = {
- enable = true;
- host = null;
- targetConfig = ''
- probe = FPing
- menu = top
- title = top
- + Local
- menu = Local
- title = Local Network
- ++ LocalMachine
- menu = Local Machine
- title = This host
- host = localhost
- + Internet
- menu = internet
- title = internet
- ++ CloudflareDNS
- menu = Cloudflare DNS
- title = Cloudflare DNS server
- host =
- ++ GoogleDNS
- menu = Google DNS
- title = Google DNS server
- host =
- + retiolum
- menu = retiolum
- title = retiolum
- ++ gum
- menu = gum.r
- title = gum.r
- host = gum.r
- ++ ni
- menu = ni.r
- title = ni.r
- host = ni.r
- ++ prism
- menu = prism.r
- title = prism.r
- host = prism.r
- '';
- };
- # for usb internet
- hardware.usbWwan.enable = true;
diff --git a/lass/1systems/styx/physical.nix b/lass/1systems/styx/physical.nix
deleted file mode 100644
index ae0cdf489..000000000
--- a/lass/1systems/styx/physical.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
- boot.loader.grub.enable = true;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.device = "/dev/disk/by-id/ata-SanDisk_SSD_G5_BICS4_20248F446514";
- boot.loader.grub.efiInstallAsRemovable = true;
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/ee5c9099-17fa-401e-852e-67cb4ae068f4";
- fsType = "ext4";
- };
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/EAA5-88A9";
- fsType = "vfat";
- };
- swapDevices = [ ];
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="3c:7c:3f:7e:e2:39", NAME="et0"
- SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:78:91:50", NAME="int0"
- '';
diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix
deleted file mode 100644
index 3afbf6bd1..000000000
--- a/lass/1systems/ubik/config.nix
+++ /dev/null
@@ -1,276 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- ];
- = config.krebs.hosts.ubik;
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM";
- };
- security.acme = {
- acceptTerms = true;
- = "";
- };
- networking.firewall.allowedTCPPorts = [ 80 443 ];
- # nextcloud
- services.nginx.virtualHosts."" = {
- enableACME = true;
- forceSSL = true;
- };
- services.nextcloud = {
- enable = true;
- enableBrokenCiphersForSSE = false;
- hostName = "";
- package = pkgs.nextcloud25;
- config.adminpassFile = "/run/";
- https = true;
- maxUploadSize = "9001M";
- };
- = [
- "+${pkgs.writeDash "copy-pw" ''
- ${pkgs.rsync}/bin/rsync \
- --chown nextcloud:nextcloud \
- --chmod 0700 \
- /var/src/secrets/ /run/
- ''}"
- ];
- # mail
- lass.usershadow.enable = true;
- services.nginx.virtualHosts."" = {
- enableACME = true;
- forceSSL = true;
- };
- services.roundcube = {
- enable = true;
- hostName = "";
- extraConfig = ''
- $config['smtp_debug'] = true;
- $config['smtp_host'] = "localhost:25";
- '';
- };
- services.dovecot2 = {
- enable = true;
- showPAMFailure = true;
- mailLocation = "maildir:~/Mail";
- sslServerCert = "/var/lib/acme/";
- sslServerKey = "/var/lib/acme/";
- };
- krebs.exim-smarthost = {
- ssl_cert = "/var/lib/acme/";
- ssl_key = "/var/lib/acme/";
- authenticators.PLAIN = ''
- driver = plaintext
- public_name = PLAIN
- server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
- '';
- authenticators.LOGIN = ''
- driver = plaintext
- public_name = LOGIN
- server_prompts = "Username:: : Password::"
- server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
- # server_condition = ''${run{/run/current-system/sw/bin/debug_exim ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
- '';
- internet-aliases = [
- { from = ""; to = "domsen"; }
- { from = ""; to = "domsen"; }
- { from = ""; to = "domsen"; }
- { from = ""; to = "bruno"; }
- { from = ""; to = "jla-trading"; }
- { from = ""; to = "jms"; }
- { from = ""; to = "ms"; }
- { from = ""; to = "domsen, jms, ms"; }
- { from = ""; to ="klabusterbeere"; }
- { from = ""; to ="kasia"; }
- { from = ""; to =""; }
- { from = ""; to = "testuser"; }
- ];
- sender_domains = [
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ];
- dkim = [
- { domain = ""; }
- { domain = ""; }
- { domain = ""; }
- ];
- };
- # users
- users.users.UBIK-SFTP = {
- uid = "UBIK-SFTP";
- home = "/home/UBIK-SFTP";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.xanf = {
- uid = "xanf";
- group = "xanf";
- home = "/home/xanf";
- useDefaultShell = true;
- createHome = false; # creathome forces permissions
- isNormalUser = true;
- };
- users.users.domsen = {
- uid = "domsen";
- description = "maintenance acc for domsen";
- home = "/home/domsen";
- useDefaultShell = true;
- extraGroups = [ "syncthing" "download" "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.bruno = {
- uid = "bruno";
- home = "/home/bruno";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.jla-trading = {
- uid = "jla-trading";
- home = "/home/jla-trading";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.jms = {
- uid = "jms";
- home = "/home/jms";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- = {
- uid = "ms";
- home = "/home/ms";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.testuser = {
- uid = "testuser";
- home = "/home/testuser";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.bui = {
- uid = "bui";
- home = "/home/bui";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.klabusterbeere = {
- uid = "klabusterbeere";
- home = "/home/klabusterbeere";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.kasia = {
- uid = "kasia";
- home = "/home/kasia";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.XANF_TEAM = {
- uid = "XANF_TEAM";
- group = "xanf";
- home = "/home/XANF_TEAM";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.dif = {
- uid = "dif";
- home = "/home/dif";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.lavafilms = {
- uid = "lavafilms";
- home = "/home/lavafilms";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.movematchers = {
- uid = "movematchers";
- home = "/home/movematchers";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.blackphoton = {
- uid = "blackphoton";
- home = "/home/blackphoton";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.line = {
- uid = "line";
- home = "/home/line";
- useDefaultShell = true;
- # extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.avada = {
- uid = "avada";
- home = "/home/avada";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.familienrat = {
- uid = "familienrat";
- home = "/home/familienrat";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
diff --git a/lass/1systems/ubik/physical.nix b/lass/1systems/ubik/physical.nix
deleted file mode 100644
index 8577daf34..000000000
--- a/lass/1systems/ubik/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = true;
diff --git a/lass/1systems/wizard/config.nix b/lass/1systems/wizard/config.nix
deleted file mode 100644
index e158fa728..000000000
--- a/lass/1systems/wizard/config.nix
+++ /dev/null
@@ -1,286 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- icon = pkgs.writeText "icon" ''
- //
- //
- _ //
- .' . // '.
- '_ '_\/_' `_
- . . \\ . .
- .==. ` \\' .'
- .\| //bd\\ \,
- \_'`._\\__//_.'`.;
- `.__ __,' \\
- | | \\
- | | `
- | |
- | |
- |____|
- l42 ==' '==
- '';
- messenger = pkgs.writeText "message" ''
- .
- | \/|
- (\ _ ) )|/|
- (/ _----. /.'.'
- .-._________.. .' @ _\ .'
- '.._______. '. / (_| .')
- '._____. / '-/ | _.'
- '.______ ( ) ) \
- '..____ '._ ) )
- .' __.--\ , , // ((
- '.' mrf| \/ (_.'(
- ' \ .'
- \ (
- \ '.
- \ \ '.)
- '-'-'
- '';
- waiting = pkgs.writeText "waiting" ''
- Z
- Z
- z
- z
- * '
- / \
- /___\
- ( - - )
- ) L ( .--------------.
- __()(-)()__ | \ |
- .~~ )()()() ~. | . :
- / )()() ` | `-.__________)
- | )() ~ | : :
- | ) | : |
- | _ | | [ ## :
- \ ~~-. | , oo_______.'
- `_ ( \) _____/~~~~ `--___
- | ~`-) ) `-. `--- ( - a:f -
- | '///` | `-.
- | | | | `-.
- | | | | `-.
- | | |\ |
- | | | \|
- `-. | | |
- `-| '
- '';
- wizard = pkgs.writers.writeDash "wizard" ''
- cat ${icon}
- echo -n '${''
- welcome to the computer wizard
- first we will check for internet connectivity
- ''}'
- read -p '(press enter to continue...)' key
- until ping -c1; do
- ${pkgs.nm-dmenu}/bin/nm-dmenu
- done
- mode=$(echo -n '${''
- 1. Help of the wizard
- 2. Install NixOS
- 3. I know what I need to do
- ''}' | ${pkgs.fzf}/bin/fzf --reverse)
- case "$mode" in
- 1*)
- echo 'mode_1' > /tmp/mode
- clear
- echo 'waiting for the messenger to reach the wizard'
- cat ${messenger}
- # get pubkeys
- mkdir -p /root/.ssh/
- touch /root/.ssh/authorized_keys
- curl -Ss '' >> /root/.ssh/authorized_keys
- curl -Ss '' >> /root/.ssh/authorized_keys
- curl -Ss '' >> /root/.ssh/authorized_keys
- # write via irc
- systemctl start hidden-ssh-announce.service
- tmux new-session -s help ${pkgs.writers.writeDash "waiting" ''
- cat ${waiting}
- read -p 'waiting for the wizard to wake up' key
- ${pkgs.bashInteractive}/bin/bash
- ''}
- ;;
- 2*)
- echo 'mode_2' > /tmp/mode
- ${pkgs.nixos-installer}/bin/nixos-installer
- ;;
- 3*)
- echo 'mode_3' > /tmp/mode
- ;;
- *)
- echo 'no mode selected'
- ;;
- esac
- '';
-in {
- imports = [
- <stockholm/krebs>
- <stockholm/lass/3modules>
- <stockholm/lass/2configs/vim.nix>
- # <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-base.nix>
- {
- nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs;
- krebs.enable = true;
- = config.krebs.users.lass;
- = {};
- }
- # {
- # = {
- # description = "Computer Wizard";
- # wantedBy = [ "" ];
- # serviceConfig = {
- # ExecStart = pkgs.writers.writeDash "wizard" ''
- # set -efu
- # cat <<EOF
- # welcome to the computer wizard
- # you can choose between the following modes
- # echo -n '1\n2\n3' | ${pkgs.fzf}/bin/fzf
- # EOF
- # '';
- # StandardInput = "tty";
- # StandardOutput = "tty";
- # # TTYPath = "/dev/tty1";
- # TTYPath = "/dev/ttyS0";
- # TTYReset = true;
- # TTYVTDisallocate = true;
- # Restart = "always";
- # };
- # };
- # }
- ];
- networking.hostName = "wizard";
- nixpkgs.config.allowUnfree = true;
- # users.extraUsers = {
- # root = {
- # openssh.authorizedKeys.keys = [
- # config.krebs.users.lass.pubkey
- # config.krebs.users.lass-mors.pubkey
- # ];
- # };
- # };
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- gnumake
- jq
- parallel
- proot
- populate
- #style
- most
- rxvt_unicode.terminfo
- #monitoring tools
- htop
- iotop
- #network
- iptables
- iftop
- #stuff for dl
- aria2
- #neat utils
- chntpw
- hashPassword
- krebspaste
- pciutils
- psmisc
- tmux
- usbutils
- #unpack stuff
- p7zip
- unzip
- unrar
- #data recovery
- ddrescue
- ntfs3g
- dosfstools
- nixos-installer
- ];
- environment.extraInit = ''
- EDITOR=vim
- '';
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=65536
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- complete -d cd
- '';
- promptInit = ''
- if test $UID = 0; then
- PS1='\[\033[1;31m\]\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
- elif test $UID = 1337; then
- PS1='\[\033[1;32m\]\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
- else
- PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
- fi
- if test -n "$SSH_CLIENT"; then
- PS1='\[\033[35m\]\h'" $PS1"
- PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
- fi
- if ! test -e /tmp/mode; then
- ${wizard}
- fi
- '';
- };
- services.openssh.enable = true;
- = mkForce [ "" ];
- networking.firewall = {
- enable = true;
- allowedTCPPorts = [ 22 ];
- };
- networking.networkmanager.enable = true;
- networking.wireless.enable = mkForce false;
- krebs.hidden-ssh = {
- enable = true;
- channel = "##lassulus-wizard";
- message = "lassulus: torify sshn root@";
- };
- = mkForce [];
- services.getty.autologinUser = lib.mkForce "root";
- nixpkgs.config.packageOverrides = super: {
- dmenu = pkgs.writeDashBin "dmenu" ''
- ${pkgs.fzf}/bin/fzf \
- --history=/dev/null \
- --print-query \
- --prompt=\"$PROMPT\"
- '';
- };
- boot.tmpOnTmpfs = true;
diff --git a/lass/1systems/wizard/ b/lass/1systems/wizard/
deleted file mode 100755
index 6c8f1532e..000000000
--- a/lass/1systems/wizard/
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p nixos-generators
-set -xefu
-WD=$(dirname "$0")
-nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f install-iso
diff --git a/lass/1systems/wizard/ b/lass/1systems/wizard/
deleted file mode 100755
index 13914ad5f..000000000
--- a/lass/1systems/wizard/
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p nixos-generators
-set -efu
-WD=$(dirname "$0")
-nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run
diff --git a/lass/1systems/wizard/test.nix b/lass/1systems/wizard/test.nix
deleted file mode 100644
index 165b9f14d..000000000
--- a/lass/1systems/wizard/test.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- ./config.nix
- ];
- virtualisation.emptyDiskImages = [
- 8000
- ];
- virtualisation.memorySize = 1024;
diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix
deleted file mode 100644
index 6972567d7..000000000
--- a/lass/1systems/xerxes/config.nix
+++ /dev/null
@@ -1,95 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/network-manager.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
- <stockholm/lass/2configs/games.nix>
- <stockholm/lass/2configs/steam.nix>
- <stockholm/lass/2configs/wine.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/nfs-dl.nix>
- <stockholm/lass/2configs/pass.nix>
- <stockholm/lass/2configs/mail.nix>
- ];
- = config.krebs.hosts.xerxes;
- environment.shellAliases = {
- deploy = pkgs.writeDash "deploy" ''
- set -eu
- export SYSTEM="$1"
- $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
- '';
- usb-tether-on = pkgs.writeDash "usb-tether-on" ''
- adb shell su -c service call connectivity 33 i32 1 s16 text
- '';
- usb-tether-off = pkgs.writeDash "usb-tether-off" ''
- adb shell su -c service call connectivity 33 i32 0 s16 text
- '';
- };
- services.xserver = {
- displayManager.lightdm.autoLogin.enable = true;
- displayManager.lightdm.autoLogin.user = "lass";
- };
- boot.blacklistedKernelModules = [ "xpad" ];
- = {
- wantedBy = [ "" ];
- script = ''
- ${pkgs.xboxdrv.overrideAttrs(o: {
- patches = o.patches ++ [ (pkgs.fetchurl {
- url = "";
- sha256 = "17784y20mxqrlhgvwvszh8lprxrvgmb7ah9dknmbhj5jhkjl8wq5";
- }) ];
- })}/bin/xboxdrv --type xbox360 --dbus disabled -D
- '';
- };
- programs.adb.enable = true;
- services.logind.lidSwitch = "suspend";
- lass.screenlock.enable = lib.mkForce false;
- = {
- after = [ "" ];
- requiredBy = [ "" ];
- # environment = {
- # DISPLAY = ":${toString}";
- # };
- serviceConfig = {
- ExecStart = pkgs.writeDash "suspend-again" ''
- ${pkgs.gnugrep}/bin/grep -q closed /proc/acpi/button/lid/LID0/state
- if [ "$?" -eq 0 ]; then
- echo 'wakeup with closed lid'
- ${pkgs.systemd}/bin/systemctl suspend
- fi
- '';
- Type = "simple";
- };
- };
- hardware.bluetooth = {
- enable = true;
- powerOnBoot = true;
- };
- hardware.pulseaudio.package = pkgs.pulseaudioFull;
- # hardware.pulseaudio.configFile = pkgs.writeText "" ''
- # load-module module-bluetooth-policy
- # load-module module-bluetooth-discover
- # ## module fails to load with
- # ## module-bluez5-device.c: Failed to get device path from module arguments
- # ## module.c: Failed to load module "module-bluez5-device" (argument: ""): initialization failed.
- # # load-module module-bluez5-device
- # # load-module module-bluez5-discover
- # '';
diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix
deleted file mode 100644
index 5a6f07215..000000000
--- a/lass/1systems/xerxes/physical.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-{ pkgs, lib, ... }:
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
- boot.loader.grub = {
- enable = true;
- device = "/dev/sda";
- efiSupport = true;
- efiInstallAsRemovable = true;
- };
- boot.blacklistedKernelModules = [
- "sdhci_pci"
- ];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
- boot.initrd.luks.devices.crypted.device = "/dev/sda3";
- boot.kernelModules = [ "kvm-intel" ];
- boot.kernelParams = [
- "fbcon=rotate:1"
- "boot.shell_on_fail"
- ];
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/8efd0c22-f712-46bf-baad-1fbf19d9ec25";
- fsType = "xfs";
- };
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/7F23-DDB4";
- fsType = "vfat";
- };
- swapDevices = [ ];
- boot.extraModprobeConfig = ''
- options zfs zfs_arc_max=107374182
- '';
- nix.maxJobs = lib.mkDefault 4;
- networking.hostId = "9b0a74ac";
- networking.networkmanager.enable = true;
- hardware.opengl.enable = true;
- services.tlp.enable = true;
- services.tlp.extraConfig = ''
- '';
- services.logind.extraConfig = ''
- HandlePowerKey=suspend
- IdleAction=suspend
- IdleActionSec=300
- '';
- services.xserver = {
- videoDrivers = [ "intel" ];
- displayManager.sessionCommands = ''
- (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right)
- (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1)
- '';
- };
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
deleted file mode 100644
index 2da93b8fd..000000000
--- a/lass/1systems/yellow/config.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, lib, pkgs, ... }: let
- vpnPort = 1637;
- torrentport = 56709; # port forwarded in airvpn webinterface
-in {
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/services/flix>
- ];
- = config.krebs.hosts.yellow;
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN737BAP36KiZO97mPKTIUGJUcr97ps8zjfFag6cUiYL";
- };
- networking.useHostResolvConf = false;
- networking.useNetworkd = true;
- networking.wg-quick.interfaces.airvpn.configFile = "/var/src/secrets/airvpn.conf";
- services.transmission.settings.peer-port = torrentport;
- # only allow traffic through openvpn
- krebs.iptables = {
- enable = true;
- tables.filter.INPUT.rules = [
- { predicate = "-i airvpn -p tcp --dport ${toString torrentport}"; target = "ACCEPT"; }
- { predicate = "-i airvpn -p udp --dport ${toString torrentport}"; target = "ACCEPT"; }
- ];
- tables.filter.OUTPUT = {
- policy = "DROP";
- rules = [
- { predicate = "-o lo"; target = "ACCEPT"; }
- { predicate = "-p udp --dport ${toString vpnPort}"; target = "ACCEPT"; }
- { predicate = "-o airvpn"; target = "ACCEPT"; }
- { predicate = "-o retiolum"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d"; target = "ACCEPT"; }
- { v6 = false; predicate = "-o eth0 -d"; target = "ACCEPT"; }
- ];
- };
- };
diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix
deleted file mode 100644
index b6aa3a894..000000000
--- a/lass/1systems/yellow/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = false;
diff --git a/lass/2configs/AP.nix b/lass/2configs/AP.nix
deleted file mode 100644
index e38475381..000000000
--- a/lass/2configs/AP.nix
+++ /dev/null
@@ -1,83 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- wifi = "wlp0s29u1u2";
-in {
- boot.extraModulePackages = [
- pkgs.linuxPackages.rtl8814au
- ];
- networking.networkmanager.unmanaged = [ wifi "et0" ];
- = {
- description = "hostapd wireless AP";
- path = [ pkgs.hostapd ];
- wantedBy = [ "" ];
- after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
- serviceConfig = {
- ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
- interface=${wifi}
- hw_mode=a
- channel=36
- ieee80211d=1
- country_code=DE
- ieee80211n=1
- ieee80211ac=1
- wmm_enabled=1
- # 5ghz
- ssid=krebsing
- auth_algs=1
- wpa=2
- wpa_key_mgmt=WPA-PSK
- rsn_pairwise=CCMP
- wpa_passphrase=aidsballz
- ''}";
- Restart = "always";
- };
- };
- networking.bridges.br0.interfaces = [
- wifi
- "et0"
- ];
- networking.interfaces.br0.ipv4.addresses = [
- { address = ""; prefixLength = 24; }
- ];
- services.dhcpd4 = {
- enable = true;
- interfaces = [ "br0" ];
- extraConfig = ''
- option subnet-mask;
- option routers;
- option domain-name-servers,;
- subnet netmask {
- range;
- }
- '';
- };
- boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; predicate = "-d -o br0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-s -i br0"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
- { v6 = false; predicate = "-o br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
- { v6 = false; predicate = "-i br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
- { v6 = false; predicate = "-s"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- #TODO find out what this is about?
- { v6 = false; predicate = "-s -d"; target = "RETURN"; }
- { v6 = false; predicate = "-s -d"; target = "RETURN"; }
- { v6 = false; predicate = "-s ! -d"; target = "MASQUERADE"; }
- { v6 = false; predicate = "-s ! -d -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
- { v6 = false; predicate = "-s ! -d -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
- ];
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
deleted file mode 100644
index 8db2a05d6..000000000
--- a/lass/2configs/IM.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-with (import <stockholm/lib>);
-{ config, lib, pkgs, ... }: let
- weechat = pkgs.weechat.override {
- configure = { availablePlugins, ... }: {
- scripts = with pkgs.weechatScripts; [
- weechat-matrix
- ];
- };
- };
- tmux = "/run/current-system/sw/bin/tmux";
-in {
- imports = [
- ./bitlbee.nix
- ];
- environment.systemPackages = [ weechat ];
- = {
- description = "chat environment setup";
- environment.WEECHAT_HOME = "\$HOME/.weechat";
- after = [ "" ];
- wantedBy = [ "" ];
- restartIfChanged = false;
- path = [
- pkgs.rxvt-unicode-unwrapped.terminfo
- ];
- serviceConfig = {
- User = "lass";
- RemainAfterExit = true;
- Type = "oneshot";
- ExecStart = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat";
- ExecStop = "${tmux} kill-session -t IM"; # TODO run save in weechat
- };
- };
diff --git a/lass/2configs/ableton.nix b/lass/2configs/ableton.nix
deleted file mode 100644
index 9d6f481b0..000000000
--- a/lass/2configs/ableton.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }: let
- mainUser = config.users.extraUsers.mainUser;
-in {
- users.users= {
- ableton = {
- isNormalUser = true;
- extraGroups = [
- "audio"
- "video"
- ];
- packages = [
- pkgs.winetricks
- ];
- };
- };
- security.sudo.extraConfig = ''
- ${} ALL=(ableton) NOPASSWD: ALL
- '';
diff --git a/lass/2configs/alacritty.nix b/lass/2configs/alacritty.nix
deleted file mode 100644
index e5e001a4c..000000000
--- a/lass/2configs/alacritty.nix
+++ /dev/null
@@ -1,133 +0,0 @@
-{ config, lib, pkgs, ... }: let
- alacritty-cfg = extrVals: builtins.toJSON ({
- font = let
- family = "Iosevka";
- in {
- normal = {
- family = family;
- style = "Regular";
- };
- bold = {
- family = family;
- style = "Bold";
- };
- italic = {
- family = family;
- style = "Italic";
- };
- bold_italic = {
- family = family;
- style = "Bold Italic";
- };
- size = 8;
- };
- live_config_reload = true;
- window.dimensions = {
- columns = 80;
- lines = 20;
- };
- # window.opacity = 0;
- hints.enabled = [
- {
- regex = ''(mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-\u009F<>"\s{-}\^⟨⟩`]+'';
- command = "/run/current-system/sw/bin/xdg-open";
- post_processing = true;
- mouse.enabled = true;
- binding = {
- key = "U";
- mods = "Alt";
- };
- }
- ];
- } // extrVals);
- alacritty = pkgs.symlinkJoin {
- name = "alacritty";
- paths = [
- (pkgs.writeDashBin "alacritty" ''
- ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml msg create-window "$@" ||
- ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml "$@"
- '')
- pkgs.alacritty
- ];
- };
-in {
- environment.etc = {
- "themes/light/alacritty.yaml".text = alacritty-cfg {
- colors = {
- # Default colors
- primary = {
- # hard contrast: background = '#f9f5d7'
- # background = "#fbf1c7";
- background = "#f9f5d7";
- # soft contrast: background = '#f2e5bc'
- foreground = "#3c3836";
- };
- # Normal colors
- normal = {
- black = "#fbf1c7";
- red = "#cc241d";
- green = "#98971a";
- yellow = "#d79921";
- blue = "#458588";
- magenta = "#b16286";
- cyan = "#689d6a";
- white = "#7c6f64";
- };
- # Bright colors
- bright = {
- black = "#928374";
- red = "#9d0006";
- green = "#79740e";
- yellow = "#b57614";
- blue = "#076678";
- magenta = "#8f3f71";
- cyan = "#427b58";
- white = "#3c3836";
- };
- };
- };
- "themes/dark/alacritty.yaml".text = alacritty-cfg {
- colors = {
- # Default colors
- primary = {
- background = "0x000000";
- foreground = "0xffffff";
- };
- cursor = {
- text = "0xF81CE5";
- cursor = "0xffffff";
- };
- # Normal colors
- normal = {
- black = "0x000000";
- red = "0xfe0100";
- green = "0x33ff00";
- yellow = "0xfeff00";
- blue = "0x0066ff";
- magenta = "0xcc00ff";
- cyan = "0x00ffff";
- white = "0xd0d0d0";
- };
- # Bright colors
- bright = {
- black = "0x808080";
- red = "0xfe0100";
- green = "0x33ff00";
- yellow = "0xfeff00";
- blue = "0x0066ff";
- magenta = "0xcc00ff";
- cyan = "0x00ffff";
- white = "0xFFFFFF";
- };
- };
- };
- };
- environment.systemPackages = [ alacritty ];
diff --git a/lass/2configs/antimicrox/default.nix b/lass/2configs/antimicrox/default.nix
deleted file mode 100644
index 2b683b8bc..000000000
--- a/lass/2configs/antimicrox/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, lib, pkgs, ... }:
- = {
- after = [ "display-manager.service" ];
- wantedBy = [ "" ];
- environment = {
- DISPLAY = ":0";
- };
- serviceConfig = {
- User =;
- ExecStartPre = lib.singleton (pkgs.writeDash "init_state" "echo 0 > /tmp/gamepad.state");
- ExecStart = "${pkgs.antimicrox}/bin/antimicrox --hidden --profile ${./mouse.gamecontroller.amgp}";
- };
- };
- services.udev.extraRules = ''
- KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_node=uinput"
- '';
- environment.systemPackages = [
- pkgs.antimicrox
- (pkgs.writers.writeDashBin "gamepad_mouse_disable" ''
- echo 1 > /tmp/gamepad.state
- ${pkgs.antimicrox}/bin/antimicrox --profile ${./empty.gamecontroller.amgp}
- '')
- (pkgs.writers.writeDashBin "gamepad_mouse_enable" ''
- echo 0 > /tmp/gamepad.state
- ${pkgs.antimicrox}/bin/antimicrox --profile ${./mouse.gamecontroller.amgp}
- '')
- (pkgs.writers.writeDashBin "gamepad_mouse_toggle" ''
- state=$(${pkgs.coreutils}/bin/cat /tmp/gamepad.state)
- if [ "$state" = 1 ]; then
- /run/current-system/sw/bin/gamepad_mouse_enable
- else
- /run/current-system/sw/bin/gamepad_mouse_disable
- fi
- '')
- ];
diff --git a/lass/2configs/antimicrox/empty.gamecontroller.amgp b/lass/2configs/antimicrox/empty.gamecontroller.amgp
deleted file mode 100644
index 0257bfe71..000000000
--- a/lass/2configs/antimicrox/empty.gamecontroller.amgp
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<gamecontroller configversion="19" appversion="3.3.2">
- <!--The SDL name for a joystick is included for informational purposes only.-->
- <sdlname>XInput Controller</sdlname>
- <!--The Unique ID for a joystick is included for informational purposes only.-->
- <uniqueID>030000005e0400008e020000010100001118654</uniqueID>
- <stickAxisAssociation index="2" xAxis="3" yAxis="4"/>
- <stickAxisAssociation index="1" xAxis="1" yAxis="2"/>
- <vdpadButtonAssociations index="1">
- <vdpadButtonAssociation axis="0" button="12" direction="1"/>
- <vdpadButtonAssociation axis="0" button="13" direction="4"/>
- <vdpadButtonAssociation axis="0" button="14" direction="8"/>
- <vdpadButtonAssociation axis="0" button="15" direction="2"/>
- </vdpadButtonAssociations>
- <names>
- <controlstickname index="2">R Stick</controlstickname>
- <controlstickname index="1">L Stick</controlstickname>
- </names>
- <sets/>
diff --git a/lass/2configs/antimicrox/mouse.gamecontroller.amgp b/lass/2configs/antimicrox/mouse.gamecontroller.amgp
deleted file mode 100644
index 743618f54..000000000
--- a/lass/2configs/antimicrox/mouse.gamecontroller.amgp
+++ /dev/null
@@ -1,281 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<gamecontroller configversion="19" appversion="3.3.2">
- <!--The SDL name for a joystick is included for informational purposes only.-->
- <sdlname>XInput Controller</sdlname>
- <!--The Unique ID for a joystick is included for informational purposes only.-->
- <uniqueID>030000005e0400008e020000010100001118654</uniqueID>
- <stickAxisAssociation index="2" xAxis="3" yAxis="4"/>
- <stickAxisAssociation index="1" xAxis="1" yAxis="2"/>
- <vdpadButtonAssociations index="1">
- <vdpadButtonAssociation axis="0" button="12" direction="1"/>
- <vdpadButtonAssociation axis="0" button="13" direction="4"/>
- <vdpadButtonAssociation axis="0" button="14" direction="8"/>
- <vdpadButtonAssociation axis="0" button="15" direction="2"/>
- </vdpadButtonAssociations>
- <names>
- <controlstickname index="2">Stick 2</controlstickname>
- <controlstickname index="1">Stick 1</controlstickname>
- </names>
- <sets>
- <set index="1">
- <stick index="2">
- <deadZone>1</deadZone>
- <maxZone>29501</maxZone>
- <modifierZone>1412</modifierZone>
- <diagonalRange>90</diagonalRange>
- <squareStick>100</squareStick>
- <stickbutton index="1">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- <accelerationmultiplier>4</accelerationmultiplier>
- <startaccelmultiplier>20</startaccelmultiplier>
- <minaccelthreshold>3</minaccelthreshold>
- <extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
- <slots>
- <slot>
- <code>1</code>
- <mode>mousemovement</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="3">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- <accelerationmultiplier>4</accelerationmultiplier>
- <startaccelmultiplier>20</startaccelmultiplier>
- <minaccelthreshold>3</minaccelthreshold>
- <extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
- <slots>
- <slot>
- <code>4</code>
- <mode>mousemovement</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="2">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- </stickbutton>
- <stickbutton index="5">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- <accelerationmultiplier>4</accelerationmultiplier>
- <startaccelmultiplier>20</startaccelmultiplier>
- <minaccelthreshold>3</minaccelthreshold>
- <extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
- <slots>
- <slot>
- <code>2</code>
- <mode>mousemovement</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="4">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- </stickbutton>
- <stickbutton index="7">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- <accelerationmultiplier>4</accelerationmultiplier>
- <startaccelmultiplier>20</startaccelmultiplier>
- <minaccelthreshold>3</minaccelthreshold>
- <extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
- <slots>
- <slot>
- <code>3</code>
- <mode>mousemovement</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="6">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- </stickbutton>
- <stickbutton index="8">
- <mousespeedx>74</mousespeedx>
- <mousespeedy>74</mousespeedy>
- </stickbutton>
- </stick>
- <stick index="1">
- <deadZone>2578</deadZone>
- <maxZone>30799</maxZone>
- <stickbutton index="1">
- <mouseacceleration>linear</mouseacceleration>
- <slots>
- <slot>
- <code>4</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="3">
- <mouseacceleration>linear</mouseacceleration>
- <slots>
- <slot>
- <code>7</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="2">
- <mouseacceleration>linear</mouseacceleration>
- </stickbutton>
- <stickbutton index="5">
- <mouseacceleration>linear</mouseacceleration>
- <slots>
- <slot>
- <code>5</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="4">
- <mouseacceleration>linear</mouseacceleration>
- </stickbutton>
- <stickbutton index="7">
- <mouseacceleration>linear</mouseacceleration>
- <slots>
- <slot>
- <code>6</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </stickbutton>
- <stickbutton index="6">
- <mouseacceleration>linear</mouseacceleration>
- </stickbutton>
- <stickbutton index="8">
- <mouseacceleration>linear</mouseacceleration>
- </stickbutton>
- </stick>
- <dpad index="1">
- <dpadbutton index="12">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- </dpadbutton>
- <dpadbutton index="1">
- <wheelspeedx>10</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- <slots>
- <slot>
- <code>0x1000013</code>
- <mode>keyboard</mode>
- </slot>
- </slots>
- </dpadbutton>
- <dpadbutton index="3">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- </dpadbutton>
- <dpadbutton index="2">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- <slots>
- <slot>
- <code>0x1000014</code>
- <mode>keyboard</mode>
- </slot>
- </slots>
- </dpadbutton>
- <dpadbutton index="4">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- <slots>
- <slot>
- <code>0x1000015</code>
- <mode>keyboard</mode>
- </slot>
- </slots>
- </dpadbutton>
- <dpadbutton index="6">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- </dpadbutton>
- <dpadbutton index="9">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- </dpadbutton>
- <dpadbutton index="8">
- <wheelspeedx>2</wheelspeedx>
- <wheelspeedy>10</wheelspeedy>
- <slots>
- <slot>
- <code>0x1000012</code>
- <mode>keyboard</mode>
- </slot>
- </slots>
- </dpadbutton>
- </dpad>
- <trigger index="6">
- <deadZone>2000</deadZone>
- <throttle>positivehalf</throttle>
- <triggerbutton index="1">
- <mousespeedx>100</mousespeedx>
- <mousespeedy>100</mousespeedy>
- </triggerbutton>
- <triggerbutton index="2">
- <mousespeedx>100</mousespeedx>
- <mousespeedy>100</mousespeedy>
- <slots>
- <slot>
- <code>250</code>
- <mode>mousespeedmod</mode>
- </slot>
- </slots>
- </triggerbutton>
- </trigger>
- <trigger index="5">
- <throttle>positivehalf</throttle>
- </trigger>
- <button index="11">
- <slots>
- <slot>
- <code>1</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </button>
- <button index="2">
- <slots>
- <slot>
- <code>3</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </button>
- <button index="1">
- <slots>
- <slot>
- <code>1</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </button>
- <button index="4">
- <slots>
- <slot>
- <code>0x1000004</code>
- <mode>keyboard</mode>
- </slot>
- </slots>
- </button>
- <button index="3">
- <slots>
- <slot>
- <code>2</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </button>
- <button index="5">
- <slots>
- <slot>
- <code>1</code>
- <mode>mousebutton</mode>
- </slot>
- </slots>
- </button>
- </set>
- </sets>
diff --git a/lass/2configs/atuin-server.nix b/lass/2configs/atuin-server.nix
deleted file mode 100644
index 05d3b4fd4..000000000
--- a/lass/2configs/atuin-server.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ config, lib, pkgs, ... }:
- services.atuin = {
- enable = true;
- host = "";
- maxHistoryLength = 1000000;
- openFirewall = true;
- };
diff --git a/lass/2configs/autotether.nix b/lass/2configs/autotether.nix
deleted file mode 100644
index 98712303e..000000000
--- a/lass/2configs/autotether.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ config, lib, pkgs, ... }:
- = {
- script = ''
- ${}/bin/adb -s QV770FAMEK wait-for-device
- ${}/bin/adb -s QV770FAMEK shell svc usb setFunctions rndis
- '';
- };
- services.udev.extraRules = ''
- ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="fce/320d/510", TAG+="systemd", ENV{SYSTEMD_WANTS}="usb_tether.service"
- '';
- = {
- matchConfig.Name = "enp0s20u1";
- DHCP = "yes";
- };
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
deleted file mode 100644
index e5b1f0b90..000000000
--- a/lass/2configs/baseX.nix
+++ /dev/null
@@ -1,196 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- user =;
-in {
- imports = [
- ./alacritty.nix
- ./mpv.nix
- ./power-action.nix
- ./urxvt.nix
- ./xdg-open.nix
- ./yubikey.nix
- ./pipewire.nix
- ./tmux.nix
- ./xmonad.nix
- ./themes.nix
- ./fonts.nix
- {
- users.users.mainUser.packages = [
- pkgs.sshuttle
- ];
- security.sudo.extraConfig = ''
- lass ALL= (root) NOPASSWD:SETENV: ${pkgs.sshuttle}/bin/.sshuttle-wrapped
- '';
- }
- { #font magic
- options.lass.fonts = {
- regular = mkOption {
- type = types.str;
- default = "xft:Iosevka Term SS15:style=regular";
- };
- bold = mkOption {
- type = types.str;
- default = "xft:Iosevka Term SS15:style=bold";
- };
- italic = mkOption {
- type = types.str;
- default = "xft:Iosevka Term SS15:style=italic";
- };
- };
- config.krebs.xresources.resources.X = ''
- *.font: ${config.lass.fonts.regular}
- *.boldFont: ${config.lass.fonts.bold}
- *.italicFont: ${config.lass.fonts.italic}
- '';
- }
- ];
- users.users.mainUser.extraGroups = [ "audio" "pipewire" "video" ];
- time.timeZone = "Europe/Berlin";
- programs.ssh.agentTimeout = "10m";
- programs.ssh.startAgent = false;
- services.openssh.forwardX11 = true;
- environment.systemPackages = with pkgs; [
- acpi
- acpilight
- ripgrep
- cabal2nix
- dic
- dmenu
- font-size
- fzfmenu
- gimp
- git-crypt
- git-preview
- dconf
- iodine
- libarchive
- lm_sensors
- ncdu
- nix-index
- nixpkgs-review
- nmap
- pavucontrol
- ponymix
- powertop
- rxvt-unicode
- sshvnc
- sxiv
- nsxiv
- taskwarrior
- termite
- transgui
- wirelesstools
- x11vnc
- xclip
- xephyrify
- xorg.xmodmap
- xorg.xhost
- xdotool
- xsel
- zathura
- flameshot
- (pkgs.writeDashBin "screenshot" ''
- set -efu
- ${pkgs.flameshot}/bin/flameshot gui &&
- ${pkgs.klem}/bin/klem
- '')
- (pkgs.writers.writeDashBin "IM" ''
- ${pkgs.mosh}/bin/mosh green.r -- tmux new-session -A -s IM -- weechat
- '')
- (pkgs.writers.writeDashBin "deploy_hm" ''
- target=$1
- shift
- hm_profile=$(${pkgs.home-manager}/bin/home-manager -f ~/sync/stockholm/lass/2configs/home-manager.nix build "$@")
- nix-copy-closure --to "$target" "$hm_profile"
- ssh "$target" -- "$hm_profile"/activate
- '')
- zbar
- ];
- services.udev.extraRules = ''
- SUBSYSTEM=="backlight", ACTION=="add", \
- RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", \
- RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
- '';
- services.xserver = {
- enable = true;
- layout = "us";
- display = mkForce 0;
- xkbVariant = "altgr-intl";
- xkbOptions = "caps:escape";
- libinput.enable = true;
- exportConfiguration = true;
- displayManager = {
- lightdm.enable = true;
- defaultSession = "none+xmonad";
- sessionCommands = ''
- ${pkgs.xorg.xhost}/bin/xhost +LOCAL:
- '';
- };
- };
- nixpkgs.config.packageOverrides = super: {
- dmenu = pkgs.writeDashBin "dmenu" ''
- ${pkgs.fzfmenu}/bin/fzfmenu "$@"
- '';
- };
- krebs.xresources.enable = true;
- lass.klem = {
- kpaste.script = pkgs.writeDash "kpaste-wrapper" ''
- ${pkgs.kpaste}/bin/kpaste \
- | ${pkgs.coreutils}/bin/tail -1 \
- | ${pkgs.coreutils}/bin/tr -d '\r\n'
- '';
- go = {
- target = "STRING";
- script = "${pkgs.goify}/bin/goify";
- };
- "" = {
- target = "STRING";
- script = pkgs.writeDash "" ''
- export GO_HOST=''
- ${pkgs.goify}/bin/goify
- '';
- };
- qrcode = {
- target = "image";
- script = pkgs.writeDash "zbar" ''
- ${pkgs.zbar}/bin/zbarimg -q --raw -
- '';
- };
- ocr = {
- target = "image";
- script = pkgs.writeDash "gocr" ''
- ${pkgs.netpbm}/bin/pngtopnm - \
- | ${pkgs.gocr}/bin/gocr -
- '';
- };
- };
- services.clipmenu.enable = true;
- # synchronize all the clipboards
- = {
- enable = true;
- wantedBy = [ "" ];
- after = [ "" ];
- serviceConfig = {
- Type = "forking";
- ExecStart = pkgs.writers.writeDash "autocutsel" ''
- ${pkgs.autocutsel}/bin/autocutsel -fork -selection PRIMARY
- ${pkgs.autocutsel}/bin/autocutsel -fork -selection CLIPBOARD
- '';
- };
- };
diff --git a/lass/2configs/bgt-bot/ b/lass/2configs/bgt-bot/
deleted file mode 100644
index 30185ba18..000000000
--- a/lass/2configs/bgt-bot/
+++ /dev/null
@@ -1,57 +0,0 @@
-# needs in path:
-# curl gnugrep jq
-# creates and manages $PWD/state
-set -xeuf
- # usage: send_reaktor "text"
- echo "send_reaktor: $1"
- curl -fsS "http://localhost:$REAKTOR_PORT" \
- -H content-type:application/json \
- -d "$(jq -n \
- --arg text "$1" \
- --arg channel "$IRC_CHANNEL" \
- '{
- command:"PRIVMSG",
- params:[$channel,$text]
- }'
- )"
-live=$(shuf -n1 <<EOF
-Binärgewitter Liveshow hat begonnen!
-offline=$(shuf -n1 <<EOF
-Live stream vorbei
-error=$(shuf -n1 <<EOF
-something went wrong
-if curl -Ss | grep -q 'Mount Point /binaergewitter'; then
- state='live'
- state='offline'
-prevstate=$(cat state ||:)
-if test "$state" == "$(cat state)";then
- #echo "current and last state is the same ($state), doing nothing"
- :
- echo "API state and last state differ ( '$state' != '$prevstate')"
- if test "$state" == 'live';then
- send_reaktor "$live"
- elif test "$state" == 'offline';then
- send_reaktor "$offline"
- else
- send_reaktor "$error"
- fi
- echo 'updating state'
- printf "%s" "$state" > state
diff --git a/lass/2configs/bgt-bot/default.nix b/lass/2configs/bgt-bot/default.nix
deleted file mode 100644
index 6f9e33704..000000000
--- a/lass/2configs/bgt-bot/default.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ config, lib, pkgs, ... }:
- bot_port = "7654";
- irc_channel = "#binaergewitter";
- krebs.reaktor2.bgt-announce = {
- hostname = "";
- port = "6697";
- nick = "bgt-announce";
- API.listen = "inet://${bot_port}";
- plugins = [
- {
- plugin = "register";
- config = {
- channels = [
- irc_channel
- ];
- };
- }
- ];
- };
- = {
- startAt = "*:0/5";
- environment = {
- IRC_CHANNEL = irc_channel;
- REAKTOR_PORT = bot_port;
- };
- path = with pkgs; [
- curl
- gnugrep
- jq
- ];
- script = builtins.readFile ./;
- serviceConfig = {
- DynamicUser = true;
- StateDirectory = "bgt-announce";
- WorkingDirectory = "/var/lib/bgt-announce";
- PrivateTmp = true;
- };
- };
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
deleted file mode 100644
index de15aff92..000000000
--- a/lass/2configs/binary-cache/client.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, ... }:
- nix = {
- binaryCaches = [
- "http://cache.prism.r"
- "http://cache.neoprism.r"
- ""
- ];
- binaryCachePublicKeys = [
- "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
- "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI="
- ""
- ];
- };
diff --git a/lass/2configs/binary-cache/proxy.nix b/lass/2configs/binary-cache/proxy.nix
deleted file mode 100644
index a6ecb044d..000000000
--- a/lass/2configs/binary-cache/proxy.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, lib, pkgs, ...}:
- services.nginx = {
- enable = true;
- virtualHosts."" = {
- enableACME = true;
- forceSSL = true;
- locations."/".extraConfig = ''
- proxy_pass http://cache.neoprism.r/;
- '';
- };
- };
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
deleted file mode 100644
index bdd568c15..000000000
--- a/lass/2configs/binary-cache/server.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, lib, pkgs, ...}:
- nixpkgs.config.packageOverrides = p: {
- nix-serve = p.haskellPackages.nix-serve-ng;
- };
- # generate private key with:
- # nix-store --generate-binary-cache-key my-secret-key my-public-key
- services.nix-serve = {
- enable = true;
- secretKeyFile = toString <secrets> + "/nix-serve.key";
- port = 5005;
- };
- services.nginx = {
- enable = true;
- virtualHosts.nix-serve = {
- serverAliases = [ "cache.${config.networking.hostName}.r" ];
- locations."/".extraConfig = ''
- proxy_pass http://localhost:${toString};
- '';
- locations."= /nix-cache-info".extraConfig = ''
- alias ${pkgs.writeText "cache-info" ''
- StoreDir: /nix/store
- WantMassQuery: 1
- Priority: 42
- ''};
- '';
- };
- };
diff --git a/lass/2configs/bird.nix b/lass/2configs/bird.nix
deleted file mode 100644
index 3fc265cd7..000000000
--- a/lass/2configs/bird.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }:
- = {
- enable = true;
- config = ''
- router id;
- protocol device {
- scan time 10;
- }
- '';
- };
diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix
deleted file mode 100644
index e9dd055f9..000000000
--- a/lass/2configs/bitcoin.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ config, pkgs, ... }:
- mainUser = config.users.extraUsers.mainUser;
-in {
- users.extraUsers = {
- bitcoin = {
- name = "bitcoin";
- description = "user for bitcoin stuff";
- home = "/home/bitcoin";
- useDefaultShell = true;
- createHome = true;
- packages = [ pkgs.electrum ];
- isNormalUser = true;
- };
- monero = {
- name = "monero";
- description = "user for monero stuff";
- home = "/home/monero";
- useDefaultShell = true;
- createHome = true;
- packages = [
- pkgs.monero
- pkgs.monero-gui
- ];
- isNormalUser = true;
- };
- };
- security.sudo.extraConfig = ''
- ${} ALL=(bitcoin) ALL
- ${} ALL=(monero) ALL
- '';
diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
deleted file mode 100644
index 84f06e587..000000000
--- a/lass/2configs/bitlbee.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-with (import <stockholm/lib>);
-{ config, lib, pkgs, ... }:
- services.bitlbee = {
- enable = true;
- portNumber = 6666;
- plugins = [
- pkgs.bitlbee-facebook
- pkgs.bitlbee-steam
- pkgs.bitlbee-discord
- ];
- libpurple_plugins = [
- # pkgs.telegram-purple
- # pkgs.tdlib-purple
- # pkgs.purple-gowhatsapp
- ];
- };
- users.users.bitlbee = {
- uid = genid_uint31 "bitlbee";
- isSystemUser = true;
- group = "bitlbee";
- };
- users.groups.bitlbee = {};
- = {
- DynamicUser = lib.mkForce false;
- User = "bitlbee";
- StateDirectory = lib.mkForce null;
- };
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
deleted file mode 100644
index 532e55fe5..000000000
--- a/lass/2configs/blue-host.nix
+++ /dev/null
@@ -1,116 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- all_hosts = [
- "icarus"
- "shodan"
- "daedalus"
- "skynet"
- "prism"
- "littleT"
- ];
- remote_hosts = filter (h: h != config.networking.hostName) all_hosts;
-in {
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- { #hack for already defined
-"container@blue".reloadIfChanged = mkForce false;
-"container@blue".preStart = ''
- ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
- '';
-"container@blue".preStop = ''
- /run/wrappers/bin/fusermount -u /var/lib/containers/blue
- '';
- }
- ];
- system.activationScripts.containerPermissions = ''
- mkdir -p /var/lib/containers
- chmod 711 /var/lib/containers
- '';
- = {
- config = { ... }: {
- environment.systemPackages = [
- pkgs.git
- pkgs.rxvt-unicode-unwrapped.terminfo
- ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "";
- localAddress = "";
- };
- = builtins.listToAttrs (map (host:
- # let
- # in nameValuePair "sync-blue-${host}" {
- # bindsTo = [ "container@blue.service" ];
- # wantedBy = [ "container@blue.service" ];
- # # ssh needed for rsync
- # path = [ pkgs.openssh ];
- # serviceConfig = {
- # Restart = "always";
- # RestartSec = 10;
- # ExecStart = pkgs.writeDash "sync-blue-${host}" ''
- # set -efu
- # #make sure blue is running
- # /run/wrappers/bin/ping -c1 blue.r > /dev/null
- # #make sure the container is unlocked
- # ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
- # #make sure our target is reachable
- # ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
- # #start sync
- # ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
- # settings {
- # nodaemon = true,
- # inotifyMode = "CloseWrite or Modify",
- # }
- # sync {
- # default.rsyncssh,
- # source = "/var/lib/containers/.blue",
- # host = "${host}.r",
- # targetdir = "/var/lib/containers/.blue",
- # rsync = {
- # archive = true,
- # owner = true,
- # group = true,
- # };
- # ssh = {
- # binary = "${pkgs.openssh}/bin/ssh";
- # identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
- # },
- # }
- # ''}
- # '';
- # };
- # unitConfig.ConditionPathExists = "!/var/run/";
- # }
- #) remote_hosts);
- environment.systemPackages = [
- (pkgs.writeDashBin "start-blue" ''
- set -ef
- if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then
- ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue
- fi
- nixos-container start blue
- nixos-container run blue -- nixos-rebuild -I /var/src dry-build
- if ping -c1 blue.r >/dev/null; then
- echo 'blue is already running. bailing out'
- exit 23
- fi
- nixos-container run blue -- nixos-rebuild -I /var/src switch
- '')
- ];
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
deleted file mode 100644
index 2698f67e0..000000000
--- a/lass/2configs/blue.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-with (import <stockholm/lib>);
-{ config, lib, pkgs, ... }:
- imports = [
- ./mail.nix
- ./pass.nix
- ];
- environment.systemPackages = with pkgs; [
- dic
- nmap
- git-preview
- l-gen-secrets
- ];
- services.tor.enable = true;
- services.tor.client.enable = true;
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
- { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";}
- { predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";}
- { predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";}
- { predicate = "-i retiolum -p tcp --dport imap"; target = "ACCEPT";}
- { predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";}
- ];
- services.dovecot2 = {
- enable = true;
- mailLocation = "maildir:~/Maildir";
- };
diff --git a/lass/2configs/boot/coreboot.nix b/lass/2configs/boot/coreboot.nix
deleted file mode 100644
index 1548cbc2d..000000000
--- a/lass/2configs/boot/coreboot.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ ... }:
- boot = {
- loader.grub.enable = true;
- loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
- loader.grub.efiSupport = true;
- };
diff --git a/lass/2configs/boot/stock-x220.nix b/lass/2configs/boot/stock-x220.nix
deleted file mode 100644
index 54a382db7..000000000
--- a/lass/2configs/boot/stock-x220.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ ... }:
- boot = {
- loader.systemd-boot.enable = true;
- loader.efi.canTouchEfiVariables = true;
- };
diff --git a/lass/2configs/boot/universal.nix b/lass/2configs/boot/universal.nix
deleted file mode 100644
index 33f4323cc..000000000
--- a/lass/2configs/boot/universal.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ ... }:
- boot = {
- loader.grub.enable = true;
- loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
- loader.grub.efiSupport = true;
- loader.grub.efiInstallAsRemovable = true;
- };
diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix
deleted file mode 100644
index 273a9c963..000000000
--- a/lass/2configs/br.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }: {
- imports = [
- <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
- ];
- krebs.nixpkgs.allowUnfreePredicate = pkg: any (eq (packageName pkg)) [
- "brother-udev-rule-type1"
- "brscan4"
- "brscan4-etc-files"
- "mfcl2700dnlpr"
- ];
- hardware.sane = {
- enable = true;
- brscan4 = {
- enable = true;
- netDevices = {
- bra = {
- model = "MFCL2700DN";
- ip = "";
- };
- };
- };
- };
- services.saned.enable = true;
- # usage: scanimage -d "$(find-scanner bra)" --batch --format=tiff --resolution 150 -x 211 -y 298
- environment.systemPackages = [
- (pkgs.writeDashBin "find-scanner" ''
- set -efu
- name=$1
- ${pkgs.sane-backends}/bin/scanimage -f '%m %d
- ' \
- | ${pkgs.gawk}/bin/awk -v dev="*$name" '$1 == dev { print $2; exit }' \
- | ${pkgs.gnugrep}/bin/grep .
- '')
- ];
- services.printing = {
- enable = true;
- drivers = [
- pkgs.mfcl2700dncupswrapper
- ];
- };
- users.users.mainUser.extraGroups = [ "scanner" "lp" ];
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
deleted file mode 100644
index ea6fb644b..000000000
--- a/lass/2configs/browsers.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ config, lib, pkgs, ... }:
- programs.firefox.nativeMessagingHosts.tridactyl = true;
- environment.variables.BROWSER = "${pkgs.firefox}/bin/firefox";
- environment.systemPackages = [
- pkgs.firefox
- ];
diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix
deleted file mode 100644
index a8dd3dd1d..000000000
--- a/lass/2configs/c-base.nix
+++ /dev/null
@@ -1,115 +0,0 @@
-{ config, lib, pkgs, ... }:
-in {
- environment.systemPackages = [
- pkgs.cifs-utils
- ];
- = {
- matchConfig.Name = "c-base";
- networkConfig = {
- IgnoreCarrierLoss = "3s";
- KeepConfiguration = "static";
- DNS = "";
- Domains = "";
- };
- routes = [
- { routeConfig = {
- Destination = "";
- Gateway = "";
- };}
- { routeConfig = {
- Destination = ""; #
- Gateway = "";
- };}
- ];
- };
- services.openvpn.servers.c-base = {
- config = ''
- remote 1194
- verify-x509-name name
- client
- proto udp
- dev-type tun
- dev c-base
- resolv-retry infinite
- nobind
- # user openvpn
- # group openvpn
- persist-key
- persist-tun
- comp-lzo
- # register-dns
- # block-outside-dns
- script-security 2
- auth-user-pass ${toString <secrets/cbase.txt>}
- #auth-user-pass
- key-direction 1
- <tls-auth>
- #
- # 2048 bit OpenVPN static key
- #
- -----BEGIN OpenVPN Static key V1-----
- 54a66ed1048bed7508703347e89d68d6
- 5586e6a5d1218cf8675941031d540be6
- 993e07200a16ad3b770b659932ee71e5
- f8080b5c9fa2acb3893abd40fad2552c
- fdaf17565e617ae450efcccf5652dca5
- a16419509024b075941098731eb25ac0
- a64f963ece3dca1d2a64a9c5e17839d7
- 5b5080165a9b2dc90ef111879d7d3173
- 2d1027ae42d869394aca08da4472a9d0
- 6b724b4ed43a957feef7d6dfc86da241
- 74828fa0e1240941586f0d937cac32fc
- 13cc81e7bed58817353d6afaff7e6a26
- 4f9cc086af79c1cdca660d86e18cff96
- 69dd3d392caf09a468894a8504f4cc7c
- 7ae0072e6d9ad90b166ad13a39c57b3c
- 3a869e27a1d89deb161c255227551713
- -----END OpenVPN Static key V1-----
- </tls-auth>
- <ca>
- LmV4dC5jLWJhc2Uub3JnMR8wHQYJKoZIhvcNAQkBFhBhZG1heEBjLWJhc2Uub3Jn
- YmFzZS5vcmcxHzAdBgkqhkiG9w0BCQEWEGFkbWF4QGMtYmFzZS5vcmcwggIiMA0G
- h64c6EWIULMATrhEw+Ej4fpCXwU9otFaO04fAeJmZGkDcnAYdBDiCeI0luOSdj44
- Bg9KecSei/TskqjhDVnEBp65hiz0rZE6c1baPdLYmD5xrXWb3i0zrlBYFawuL6C2
- lwVCEm3cadvkDJ2DleMuu3NblV8ViIDN0HZqzJNP72g1I0MgohkpetACXlf7MzQV
- PFHfzvb04Rj2lJ8BDhceQ0WmjtVV/Ag6nka5oi954OeHMujRuH+rZYiQZDZpJLHK
- Kh1KWTVlWPRy+AvCi9lweDWSmLccq7Ug4xMtDF4I5qW3tjCd0xqpZ21Xmo2JyKtY
- 4h8wEDPqiJvgwvkXsH17GLn5ZxiMcQuRJQYZqJephkzR9uccJeWSS76kwm/vLqG3
- +eORlYnyjiNXtiMIhmAEFjpWUrGH8v4CijpUNP6E63ynGrRVXK684YQXkqL+xPAt
- t6dsMBUwf94a2S1o2kgvuRCim1wlHvf1QsHrO/Hwgpzc8no/daWL+Z9Rq9okTHNK
- nc1G5dv8TkmxIDYnLm07QMzzBoOT36BcGtkEBA+0xhQlX5PyQdM5/jnZVhdSBmoP
- MbZXPoU/gJAIuuBuwdTlgCzYf44/9/YU/AnW8eLrbhm9KtMtoMpatrWorKqk/GPv
- ilwX4jCBywYDVR0jBIHDMIHAgBTf5cYbK+KCF9u9aobFlLbuilwX4qGBnKSBmTCB
- dC5jLWJhc2Uub3JnMRswGQYDVQQDExJ2cG4uZXh0LmMtYmFzZS5vcmcxGzAZBgNV
- ggIBAMs1moiS7UZ4neOivQjqwKrBbm1j3tgmPLhDfNMmXYarGhnBGAlLxLAQWtG+
- Fnbx8KcsJnrsWcGfZcst1z45S4a5oBdVNKOfgkMOG0glZorIDO8Odrb51rpyzU0v
- 0wcNumMNWhkFuo2OTBHPnnJIWEAFwwCCSCL0I0hQxxoaV36kphjuIwzrMJhd+XAT
- 24En58cNp6sPRDd+FzOH08uFINevyzKWYxkMgVj+e3fbuiyOB8RqvndKvtfBBcpB
- cCO86lGnj/ETMDciTczUShxaMn9wV1zr1KH1xvT3ohUeOcQZGbGTcjG4mxlns8ZO
- U5J3Yrcd1eMfJq9Bwd3zPsTLnT8LwIS8vfYRav9b34XdqcBG73dhrjsicMK0Qy0z
- Qz7vKJzcvrEnKuaMyB3mCxz/UvbNc2Bupwm4FmzN5eFjDs+7paYFdfOzqMjoRP+8
- bcXSqDN5P2eUd7cdsZXaFNcsf1FkWlE3GudVBOmNJqz9zBab/T5J+l4Z90Pd6OUX
- GNozEvLhcJkvPKA526TegHTGC8hMquxKc9tpOzNRqZJMFa+UG1mgMrMepRmM/B3s
- QrKI1C11iCVYfb9J0tQUkfENHMx4J7mG2DZAhnKWQDU2awM41qU4A7aBYaJvDPnQ
- RRcbaT0D794lKUQwH/mZuyKzF22oZNk1o1TV2SaFXqgX5tDt
- </ca>
- '';
- };
diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix
deleted file mode 100644
index f32f062ff..000000000
--- a/lass/2configs/ciko.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- users.users.ciko = {
- uid = genid_uint31 "ciko";
- description = "acc for ciko";
- home = "/home/ciko";
- useDefaultShell = true;
- createHome = true;
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
- ];
- isNormalUser = true;
- };
- system.activationScripts.user-shadow = ''
- ${pkgs.coreutils}/bin/chmod +x /home/ciko
- '';
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix
deleted file mode 100644
index ccca49fac..000000000
--- a/lass/2configs/codimd.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{ config, pkgs, lib, ... }:
-with import <stockholm/lib>;
- domain = "";
-in {
- # redirect legacy domain to new one
- services.nginx.virtualHosts."" = {
- enableACME = true;
- addSSL = true;
- locations."/".return = "301 https://${domain}\$request_uri";
- };
- services.nginx.virtualHosts.${domain} = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- proxyPass = "https://localhost:3091";
- proxyWebsockets = true;
- };
- };
- security.acme.certs.${domain}.group = "hedgecert";
- users.groups.hedgecert.members = [ "hedgedoc" "nginx" ];
- security.dhparams = {
- enable = true;
- params.hedgedoc = {};
- };
- = {
- };
- services.hedgedoc = {
- enable = true;
- configuration.allowOrigin = [ domain ];
- settings = {
- db = {
- dialect = "sqlite";
- storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
- };
- useCDN = false;
- port = 3091;
- domain = domain;
- allowFreeURL = true;
- useSSL = true;
- protocolUseSSL = true;
- sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
- sslCertPath = "/var/lib/acme/${domain}/cert.pem";
- sslKeyPath = "/var/lib/acme/${domain}/key.pem";
- dhParamPath =;
- };
- };
diff --git a/lass/2configs/consul.nix b/lass/2configs/consul.nix
deleted file mode 100644
index b8d925de5..000000000
--- a/lass/2configs/consul.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ config, lib, pkgs, ... }:
- services.consul = {
- enable = true;
- # dropPrivileges = false;
- webUi = true;
- # interface.bind = "retiolum";
- extraConfig = {
- bind_addr =;
- bootstrap_expect = 3;
- server = true;
- # retry_join =;
- retry_join = lib.mapAttrsToList (n: h:
- lib.head h.nets.retiolum.aliases
- ) (lib.filterAttrs (n: h: h.consul) config.krebs.hosts);
- rejoin_after_leave = true;
- # try to fix random lock loss on leader reelection
- retry_interval = "3s";
- performance = {
- raft_multiplier = 8;
- };
- };
- };
- environment.etc."consul.d/testservice.json".text = builtins.toJSON {
- service = {
- name = "testing";
- };
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 8300"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8301"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 8301"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8302"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 8302"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8400"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8500"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8600"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 8500"; target = "ACCEPT"; }
- ];
diff --git a/lass/2configs/container-networking.nix b/lass/2configs/container-networking.nix
deleted file mode 100644
index 0cfe193d9..000000000
--- a/lass/2configs/container-networking.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ lib, ... }:
- krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; predicate = "-d -o ve-+ -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-s -i ve-+"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i ve-+ -o ve-+"; target = "ACCEPT"; }
- { v6 = false; predicate = "-o ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
- { v6 = false; predicate = "-i ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = lib.mkBefore [
- { v6 = false; predicate = "-s"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v6 = false; predicate = "-s -d"; target = "RETURN"; }
- { v6 = false; predicate = "-s -d"; target = "RETURN"; }
- { v6 = false; predicate = "-s ! -d"; target = "MASQUERADE"; }
- { v6 = false; predicate = "-s ! -d -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
- { v6 = false; predicate = "-s ! -d -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
- ];
- boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix
deleted file mode 100644
index ed78699b0..000000000
--- a/lass/2configs/copyq.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- copyqConfig = pkgs.writeDash "copyq-config" ''
- ${pkgs.copyq}/bin/copyq config check_clipboard true
- ${pkgs.copyq}/bin/copyq config check_selection true
- ${pkgs.copyq}/bin/copyq config copy_clipboard true
- ${pkgs.copyq}/bin/copyq config copy_selection true
- ${pkgs.copyq}/bin/copyq config activate_closes true
- ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
- ${pkgs.copyq}/bin/copyq config clipboard_tab \&clipboard
- ${pkgs.copyq}/bin/copyq config disable_tray true
- ${pkgs.copyq}/bin/copyq config hide_tabs true
- ${pkgs.copyq}/bin/copyq config hide_toolbar true
- ${pkgs.copyq}/bin/copyq config item_popup_interval true
- ${pkgs.copyq}/bin/copyq config maxitems 1000
- ${pkgs.copyq}/bin/copyq config move true
- ${pkgs.copyq}/bin/copyq config text_wrap true
- '';
-in {
- = {
- wantedBy = [ "" ];
- requires = [ "xmonad.service" ];
- environment = {
- DISPLAY = ":${toString}";
- };
- serviceConfig = {
- SyslogIdentifier = "copyq";
- ExecStart = "${pkgs.copyq}/bin/copyq";
- ExecStartPost = copyqConfig;
- Restart = "always";
- RestartSec = "15s";
- StartLimitBurst = 0;
- };
- };
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
deleted file mode 100644
index 72dbfc480..000000000
--- a/lass/2configs/default.nix
+++ /dev/null
@@ -1,238 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
- imports = [
- ./binary-cache/client.nix
- ./gc.nix
- ./mc.nix
- ./vim.nix
- ./zsh.nix
- ./htop.nix
- <stockholm/krebs/2configs/security-workarounds.nix>
- ./wiregrill.nix
- ./tmux.nix
- ./tor-ssh.nix
- ./networkd.nix
- {
- users.extraUsers =
- mapAttrs (_: h: { hashedPassword = h; })
- (import <secrets/hashedPasswords.nix>);
- }
- {
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- config.krebs.users.lass-blue.pubkey
- config.krebs.users.lass-green.pubkey
- ];
- };
- mainUser = {
- name = "lass";
- uid = 1337;
- home = "/home/lass";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- isNormalUser = true;
- extraGroups = [
- "audio"
- "video"
- "fuse"
- "wheel"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- config.krebs.users.lass-blue.pubkey
- config.krebs.users.lass-green.pubkey
- ];
- };
- };
- }
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in {
- environment.variables = {
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
- })
- {
- #for sshuttle
- environment.systemPackages = [
- pkgs.python3Packages.python
- ];
- }
- ];
- networking.hostName =;
- krebs = {
- enable = true;
- build.user = config.krebs.users.lass;
- };
- nix.useSandbox = true;
- users.mutableUsers = false;
- services.timesyncd.enable = mkForce true;
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- '';
- nixpkgs.config.allowUnfree = true;
- environment.systemPackages = with pkgs; [
- #stockholm
- deploy
- git
- git-preview
- gnumake
- jq
- #style
- rxvt-unicode-unwrapped.terminfo
- #monitoring tools
- htop
- iotop
- #network
- iptables
- iftop
- tcpdump
- mosh
- sshify
- #stuff for dl
- aria2
- #neat utils
- file
- hashPassword
- kpaste
- cyberlocker-tools
- pciutils
- pop
- q
- rs
- untilport
- (pkgs.writeDashBin "urgent" ''
- printf '\a'
- '')
- usbutils
- logify
- goify
- #unpack stuff
- libarchive
- (pkgs.writeDashBin "sshn" ''
- ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
- '')
- ];
- environment.shellAliases = {
- ll = "ls -l";
- la = "ls -la";
- ls = "ls --color";
- ip = "ip -color=auto";
- grep = "grep --color=auto";
- };
- programs.bash = {
- enableCompletion = true;
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=65536
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- complete -d cd
- LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
- '';
- promptInit = ''
- if test $UID = 0; then
- PS1='\[\033[1;31m\]\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
- elif test $UID = 1337; then
- PS1='\[\033[1;32m\]\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
- else
- PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
- PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
- fi
- if test -n "$SSH_CLIENT"; then
- PS1='\[\033[35m\]\h'" $PS1"
- PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
- fi
- '';
- };
- services.openssh.enable = true;
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- Storage=persistent
- '';
- krebs.iptables = {
- enable = true;
- tables = {
- nat.PREROUTING.rules = [
- { predicate = "-i retiolum -p tcp -m tcp --dport 22"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp -m tcp --dport 22"; target = "ACCEPT"; }
- { predicate = "-p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; }
- ];
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = mkMerge [
- (mkBefore [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { predicate = "-p icmp"; target = "ACCEPT"; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; }
- { predicate = "-i lo"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; }
- ])
- (mkOrder 1000 [
- { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 19999"; target = "ACCEPT"; }
- ])
- (mkAfter [
- { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; }
- { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; }
- { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; }
- ])
- ];
- };
- };
- networking.dhcpcd.extraConfig = ''
- noipv4ll
- '';
- # use 24:00 time format, the default got sneakily changed around 20.03
- i18n.defaultLocale = mkDefault "C.UTF-8";
- time.timeZone = mkDefault"Europe/Berlin";
- system.stateVersion = mkDefault "20.03";
- # disable doc usually
- documentation.nixos.enable = mkDefault false;
diff --git a/lass/2configs/docker.nix b/lass/2configs/docker.nix
deleted file mode 100644
index 2bc3a2361..000000000
--- a/lass/2configs/docker.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ pkgs, lib, config, ... }:
- = pkgs.writeDash "kick_docker" ''
- ${pkgs.systemd}/bin/systemctl restart docker.service
- '';
diff --git a/lass/2configs/dunst.nix b/lass/2configs/dunst.nix
deleted file mode 100644
index 18a22e1da..000000000
--- a/lass/2configs/dunst.nix
+++ /dev/null
@@ -1,277 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- dunstConfig = pkgs.writeText "dunst-config" ''
- [global]
- font = Iosevka Term 11
- # Allow a small subset of html markup:
- # <b>bold</b>
- # <i>italic</i>
- # <s>strikethrough</s>
- # <u>underline</u>
- #
- # For a complete reference see
- # <>.
- # If markup is not allowed, those tags will be stripped out of the
- # message.
- markup = yes
- plain_text = no
- # The format of the message. Possible variables are:
- # %a appname
- # %s summary
- # %b body
- # %i iconname (including its path)
- # %I iconname (without its path)
- # %p progress value if set ([ 0%] to [100%]) or nothing
- # Markup is allowed
- format = "%a\n<b>%s</b>\n%b"
- # Sort messages by urgency.
- sort = yes
- # Show how many messages are currently hidden (because of geometry).
- indicate_hidden = yes
- # Alignment of message text.
- # Possible values are "left", "center" and "right".
- alignment = center
- # The frequency with wich text that is longer than the notification
- # window allows bounces back and forth.
- # This option conflicts with "word_wrap".
- # Set to 0 to disable.
- bounce_freq = 0
- # Show age of message if message is older than show_age_threshold
- # seconds.
- # Set to -1 to disable.
- show_age_threshold = 1
- # Split notifications into multiple lines if they don't fit into
- # geometry.
- word_wrap = yes
- # Ignore newlines '\n' in notifications.
- ignore_newline = no
- # Hide duplicate's count and stack them
- stack_duplicates = yes
- hide_duplicates_count = no
- # The geometry of the window:
- # [{width}]x{height}[+/-{x}+/-{y}]
- # The geometry of the message window.
- # The height is measured in number of notifications everything else
- # in pixels. If the width is omitted but the height is given
- # ("-geometry x2"), the message window expands over the whole screen
- # (dmenu-like). If width is 0, the window expands to the longest
- # message displayed. A positive x is measured from the left, a
- # negative from the right side of the screen. Y is measured from
- # the top and down respectevly.
- # The width can be negative. In this case the actual width is the
- # screen width minus the width defined in within the geometry option.
- geometry = "500x10-0+0"
- # Shrink window if it's smaller than the width. Will be ignored if
- # width is 0.
- shrink = no
- # The transparency of the window. Range: [0; 100].
- # This option will only work if a compositing windowmanager is
- # present (e.g. xcompmgr, compiz, etc.).
- # transparency = 5
- # Don't remove messages, if the user is idle (no mouse or keyboard input)
- # for longer than idle_threshold seconds.
- # Set to 0 to disable.
- idle_threshold = 0
- # Which monitor should the notifications be displayed on.
- monitor = keyboard
- # Display notification on focused monitor. Possible modes are:
- # mouse: follow mouse pointer
- # keyboard: follow window with keyboard focus
- # none: don't follow anything
- #
- # "keyboard" needs a windowmanager that exports the
- # _NET_ACTIVE_WINDOW property.
- # This should be the case for almost all modern windowmanagers.
- #
- # If this option is set to mouse or keyboard, the monitor option
- # will be ignored.
- follow = none
- # Should a notification popped up from history be sticky or timeout
- # as if it would normally do.
- sticky_history = yes
- # Maximum amount of notifications kept in history
- history_length = 15
- # Display indicators for URLs (U) and actions (A).
- show_indicators = no
- # The height of a single line. If the height is smaller than the
- # font height, it will get raised to the font height.
- # This adds empty space above and under the text.
- line_height = 3
- # Draw a line of "separatpr_height" pixel height between two
- # notifications.
- # Set to 0 to disable.
- separator_height = 1
- # Padding between text and separator.
- padding = 1
- # Horizontal padding.
- horizontal_padding = 1
- # Define a color for the separator.
- # possible values are:
- # * auto: dunst tries to find a color fitting to the background;
- # * foreground: use the same color as the foreground;
- # * frame: use the same color as the frame;
- # * anything else will be interpreted as a X color.
- separator_color = frame
- # Print a notification on startup.
- # This is mainly for error detection, since dbus (re-)starts dunst
- # automatically after a crash.
- startup_notification = true
- # dmenu path.
- dmenu = ${pkgs.dmenu}/bin/dmenu -p dunst:
- # Browser for opening urls in context menu.
- browser = /usr/bin/firefox -new-tab
- # Align icons left/right/off
- icon_position = off
- max_icon_size = 80
- # Paths to default icons.
- icon_folders = /usr/share/icons/Paper/16x16/mimetypes/:/usr/share/icons/Paper/48x48/status/:/usr/share/icons/Paper/16x16/devices/:/usr/share/icons/Paper/48x48/notifications/:/usr/share/icons/Paper/48x48/emblems/
- frame_width = 2
- frame_color = "#8EC07C"
- [shortcuts]
- # Shortcuts are specified as [modifier+][modifier+]...key
- # Available modifiers are "ctrl", "mod1" (the alt-key), "mod2",
- # "mod3" and "mod4" (windows-key).
- # Xev might be helpful to find names for keys.
- # Close notification.
- close = ctrl+space
- # Close all notifications.
- close_all = ctrl+shift+space
- # Redisplay last message(s).
- # On the US keyboard layout "grave" is normally above TAB and left
- # of "1".
- history = ctrl+grave
- # Context menu.
- context = mod4+u
- [urgency_low]
- # IMPORTANT: colors have to be defined in quotation marks.
- # Otherwise the "#" and following would be interpreted as a comment.
- frame_color = "#3B7C87"
- foreground = "#3B7C87"
- background = "#191311"
- #background = "#2B313C"
- timeout = 1
- [urgency_normal]
- frame_color = "#5B8234"
- foreground = "#5B8234"
- background = "#191311"
- #background = "#2B313C"
- timeout = 1
- [urgency_critical]
- frame_color = "#B7472A"
- foreground = "#B7472A"
- background = "#191311"
- #background = "#2B313C"
- timeout = 1
- # Every section that isn't one of the above is interpreted as a rules to
- # override settings for certain messages.
- # Messages can be matched by "appname", "summary", "body", "icon", "category",
- # "msg_urgency" and you can override the "timeout", "urgency", "foreground",
- # "background", "new_icon" and "format".
- # Shell-like globbing will get expanded.
- #
- # You can specify a script that gets run when the rule matches by
- # setting the "script" option.
- # The script will be called as follows:
- # script appname summary body icon urgency
- # where urgency can be "LOW", "NORMAL" or "CRITICAL".
- #
- # NOTE: if you don't want a notification to be displayed, set the format
- # to "".
- # NOTE: It might be helpful to run dunst -print in a terminal in order
- # to find fitting options for rules.
- #[espeak]
- # summary = "*"
- # script =
- #[script-test]
- # summary = "*script*"
- # script =
- #[ignore]
- # # This notification will not be displayed
- # summary = "foobar"
- # format = ""
- #[signed_on]
- # appname = Pidgin
- # summary = "*signed on*"
- # urgency = low
- #
- #[signed_off]
- # appname = Pidgin
- # summary = *signed off*
- # urgency = low
- #
- #[says]
- # appname = Pidgin
- # summary = *says*
- # urgency = critical
- #
- #[twitter]
- # appname = Pidgin
- # summary = **
- # urgency = normal
- #
- # vim: ft=cfg
- '';
-in {
- = {
- wantedBy = [ "" ];
- requires = [ "xmonad.service" ];
- environment = {
- DISPLAY = ":${toString}";
- };
- serviceConfig = {
- SyslogIdentifier = "dunst";
- ExecStart = "${pkgs.dunst}/bin/dunst -conf ${dunstConfig}";
- Restart = "always";
- RestartSec = "15s";
- StartLimitBurst = 0;
- };
- };
diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix
deleted file mode 100644
index 5d68def35..000000000
--- a/lass/2configs/elster.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, pkgs, ... }:
- mainUser = config.users.extraUsers.mainUser;
-in {
- users.extraUsers = {
- elster = {
- name = "elster";
- description = "user for running elster-online";
- home = "/home/elster";
- useDefaultShell = true;
- extraGroups = [];
- createHome = true;
- isNormalUser = true;
- };
- };
- krebs.per-user.elster.packages = [
- pkgs.chromium
- ];
- security.sudo.extraConfig = ''
- ${} ALL=(elster) NOPASSWD: ALL
- '';
diff --git a/lass/2configs/et-server.nix b/lass/2configs/et-server.nix
deleted file mode 100644
index 19961fb84..000000000
--- a/lass/2configs/et-server.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ config, lib, pkgs, ... }:
- services.eternal-terminal = {
- enable = true;
- };
- networking.firewall.allowedTCPPorts = [ ];
diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix
deleted file mode 100644
index 589e17551..000000000
--- a/lass/2configs/exim-retiolum.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- krebs.exim-retiolum = {
- enable = true;
- system-aliases = [
- { from = "root"; to = "lass"; }
- ];
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
- ];
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
deleted file mode 100644
index cb9abd43a..000000000
--- a/lass/2configs/exim-smarthost.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ config, lib, pkgs, ... }: with import <stockholm/lib>; let
- to = concatStringsSep "," [
- "lass@green.r"
- ];
- mails = import <secrets/mails.nix>;
-in {
- environment.systemPackages = [ ];
- krebs.exim-smarthost = {
- enable = true;
- dkim = [
- { domain = ""; }
- ];
- primary_hostname = "";
- sender_domains = [
- ""
- ];
- relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
- config.krebs.hosts.coaxmetal
- config.krebs.hosts.mors
- config.krebs.hosts.xerxes
- ];
- internet-aliases = map (from: { inherit from to; }) mails;
- system-aliases = [
- { from = "mailer-daemon"; to = "postmaster"; }
- { from = "postmaster"; to = "root"; }
- { from = "nobody"; to = "root"; }
- { from = "hostmaster"; to = "root"; }
- { from = "usenet"; to = "root"; }
- { from = "news"; to = "root"; }
- { from = "webmaster"; to = "root"; }
- { from = "www"; to = "root"; }
- { from = "ftp"; to = "root"; }
- { from = "abuse"; to = "root"; }
- { from = "noc"; to = "root"; }
- { from = "security"; to = "root"; }
- { from = "root"; to = "lass"; }
- ];
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
- ];
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
deleted file mode 100644
index 781dad032..000000000
--- a/lass/2configs/fetchWallpaper.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ config, pkgs, ... }:
-in {
- krebs.fetchWallpaper = {
- enable = true;
- url = "http://wallpaper.r/realwallpaper-krebs-stars-berlin.png";
- };
diff --git a/lass/2configs/firefoxPatched.nix b/lass/2configs/firefoxPatched.nix
deleted file mode 100644
index daf8a28be..000000000
--- a/lass/2configs/firefoxPatched.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{ config, lib, pkgs, ... }:
- lpkgs = import ../5pkgs { inherit pkgs; };
- inherit (lib)
- concatMapStrings
- ;
- plugins = with lpkgs.firefoxPlugins; [
- noscript
- ublock
- vimperator
- ];
- copyXpi = plugin:
- "cp ${plugin}/*.xpi $out/usr/lib/firefox-*/browser/extensions/";
- preferences = pkgs.writeText "autoload.js" ''
- pref('general.config.filename', 'firefox.cfg');
- pref('general.config.obscure_value', 0);
- '';
- config = pkgs.writeText "firefox.cfg" ''
- //
- lockPref("app.update.enabled", false);
- lockPref("extensions.update.enabled", false);
- lockPref("autoadmin.global_config_url", "");
- lockPref("extensions.checkUpdateSecurity", false);
- lockPref("services.sync.enabled", false);
- lockPref("", false);
- lockPref("layout.spellcheckDefault", 0);
- lockPref("", false);
- lockPref("browser.newtabpage.enabled", false);
- lockPref("noscript.firstRunRedirection", false);
- lockPref("noscript.hoverUI", false);
- lockPref("noscript.notify", false);
- defaultPref("extensions.newAddons", false);
- defaultPref("extensions.autoDisableScopes", 0);
- defaultPref("plugin.scan.plid.all", false);
- '';
-in {
- environment.systemPackages = [
- (pkgs.lib.overrideDerivation pkgs.firefox-bin (original : {
- installPhase = ''
- ${original.installPhase}
- find $out/usr/lib
- ${concatMapStrings copyXpi plugins}
- cd $out/usr/lib/firefox-*/
- mkdir -p browser/defaults/preferences
- cp ${preferences} browser/defaults/preferences/autoload.js
- cp ${config} ./firefox.cfg
- '';
- }))
- ];
diff --git a/lass/2configs/fonts.nix b/lass/2configs/fonts.nix
deleted file mode 100644
index 3d047e513..000000000
--- a/lass/2configs/fonts.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, lib, pkgs, ... }:
- fonts = {
- fontDir.enable = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- xorg.fontschumachermisc
- inconsolata
- noto-fonts
- (iosevka-bin.override { variant = "ss15"; })
- ];
- };
diff --git a/lass/2configs/fysiirc.nix b/lass/2configs/fysiirc.nix
deleted file mode 100644
index 809298df4..000000000
--- a/lass/2configs/fysiirc.nix
+++ /dev/null
@@ -1,78 +0,0 @@
-{ config, lib, pkgs, ... }: let
- format-github-message = pkgs.writeDashBin "format-github-message" ''
- set -xefu
- export PATH=${lib.makeBinPath [
- pkgs.jq
- ]}
- INPUT=$(jq -c .)
- if $(echo "$INPUT" | jq 'has("issue") or has("pull_request")'); then
- ${write_to_irc} "$(echo "$INPUT" | jq -r '
- "\(.action): " +
- "[\(.issue.title // .pull_request.title)] " +
- "\(.comment.html_url // .issue.html_url // .pull_request.html_url) "
- ')"
- fi
- '';
- write_to_irc = pkgs.writeDash "write_to_irc" ''
- ${pkgs.curl}/bin/curl -fsSv http://localhost:44001 \
- -H content-type:application/json \
- -d "$(${pkgs.jq}/bin/jq -n \
- --arg text "$1" '{
- command:"PRIVMSG",
- params:["#fysi",$text]
- }'
- )"
- '';
-in {
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 44002"; target = "ACCEPT"; }
- ];
- krebs.reaktor2.fysiweb-github = {
- hostname = "";
- port = "6697";
- useTLS = true;
- nick = "fysiweb-github";
- API.listen = "inet://";
- plugins = [
- {
- plugin = "register";
- config = {
- channels = [
- "#fysi"
- ];
- };
- }
- ];
- };
- krebs.htgen.fysiweb-github = {
- port = 44002;
- user = {
- name = "reaktor2-fysiweb-github";
- };
- script = ''. ${pkgs.writeDash "github-irc" ''
- set -xefu
- case "$Method $Request_URI" in
- "POST /")
- payload=$(head -c "$req_content_length")
- raw=$(printf '%s' "$payload" | ${pkgs.curl}/bin/curl --data-binary @- | tail -1)
- payload2=$payload
- payload2=$(printf '%s' "$payload" | tr '\n' ' ' | tr -d '\r')
- if [ "$payload" != "$payload2" ]; then
- echo "payload has been mangled" >&2
- else
- echo "payload not mangled" >&2
- fi
- echo "$payload2" | ${format-github-message}/bin/format-github-message
- ${write_to_irc} "$raw"
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- exit
- ;;
- esac
- ''}'';
- };
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
deleted file mode 100644
index 01941bde8..000000000
--- a/lass/2configs/games.nix
+++ /dev/null
@@ -1,96 +0,0 @@
-{ config, pkgs, ... }:
- mainUser = config.users.extraUsers.mainUser;
- vdoom = pkgs.writeDash "vdoom" ''
- ${pkgs.zandronum}/bin/zandronum \
- -fov 120 \
- "$@"
- '';
- doom = pkgs.writeDash "doom" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} \
- -file $DOOM_DIR/lib/brutalv21.pk3 \
- "$@"
- '';
- doom1 = pkgs.writeDashBin "doom1" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
- '';
- doom2 = pkgs.writeDashBin "doom2" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
- '';
- vdoom1 = pkgs.writeDashBin "vdoom1" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
- '';
- vdoom2 = pkgs.writeDashBin "vdoom2" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
- '';
- doomservercfg = pkgs.writeText "doomserver.cfg" ''
- skill 7
- #survival true
- #sv_maxlives 4
- #sv_norespawn true
- #sv_weapondrop true
- no_jump true
- #sv_noweaponspawn true
- sv_sharekeys true
- sv_survivalcountdowntime 1
- sv_noteamselect true
- sv_updatemaster false
- #sv_coop_loseinventory true
- #cl_startasspectator false
- #lms_spectatorview false
- '';
- vdoomserver = pkgs.writeDashBin "vdoomserver" ''
- DOOM_DIR=''${DOOM_DIR:-~/doom/}
- ${pkgs.zandronum}/bin/zandronum-server \
- +exec ${doomservercfg} \
- "$@"
- '';
-in {
- users.extraUsers = {
- games = {
- name = "games";
- description = "user playing games";
- home = "/home/games";
- extraGroups = [ "audio" "video" "input" "loot" "pipewire" ];
- createHome = true;
- useDefaultShell = true;
- packages = with pkgs; [
- # minecraft
- # ftb
- # steam-run
- # scummvm
- # dolphinEmu
- doom1
- doom2
- # protontricks
- vdoom1
- # vdoom2
- # vdoomserver
- retroarchBare
- ];
- isNormalUser = true;
- };
- };
- hardware.opengl.driSupport32Bit = true;
- hardware.pulseaudio.support32Bit = true;
- security.sudo.extraConfig = ''
- ${} ALL=(games) NOPASSWD: ALL
- '';
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 10666"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 10666"; target = "ACCEPT"; }
- ];
diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
deleted file mode 100644
index 224a6cbb9..000000000
--- a/lass/2configs/gc.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ config, ... }:
-with import <stockholm/lib>;
- nix.gc = {
- automatic = ! (elem [ "mors" "xerxes" "coaxmetal" ] || config.boot.isContainer);
- options = "--delete-older-than 15d";
- };
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix
deleted file mode 100644
index b35b0cb85..000000000
--- a/lass/2configs/gg23.nix
+++ /dev/null
@@ -1,85 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- # ipv6 from vodafone is really really flaky
- boot.kernel.sysctl."net.ipv6.conf.et0.disable_ipv6" = 1;
-"50-et0" = {
- matchConfig.Name = "et0";
- DHCP = "ipv4";
- # dhcpV4Config.UseDNS = false;
- # dhcpV6Config.UseDNS = false;
- linkConfig = {
- RequiredForOnline = "routable";
- };
- networkConfig = {
- LinkLocalAddressing = "no";
- };
- # dhcpV6Config = {
- # PrefixDelegationHint = "::/60";
- # };
- # networkConfig = {
- # IPv6AcceptRA = true;
- # };
- # ipv6PrefixDelegationConfig = {
- # Managed = true;
- # };
- };
- boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
-"50-int0" = {
- name = "int0";
- address = [
- ""
- ];
- networkConfig = {
- # IPForward = "yes";
- # IPMasquerade = "both";
- ConfigureWithoutCarrier = true;
- DHCPServer = "yes";
- # IPv6SendRA = "yes";
- # DHCPPrefixDelegation = "yes";
- };
- };
- networking.networkmanager.unmanaged = [ "int0" ];
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i int0"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = [
- { predicate = "-i int0"; target = "ACCEPT"; }
- { predicate = "-o int0"; target = "ACCEPT"; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
- { v6 = false; predicate = "-s"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v6 = false; predicate = "-s"; target = "MASQUERADE"; }
- ];
- networking.domain = "gg23";
- networking.useHostResolvConf = false;
- services.resolved.extraConfig = ''
- DNSStubListener=no
- '';
- services.dnsmasq = {
- enable = true;
- resolveLocalQueries = false;
- extraConfig = ''
- local=/gg23/
- domain=gg23
- expand-hosts
- listen-address=
- interface=int0
- '';
- };
- environment.systemPackages = [
- (pkgs.writers.writeDashBin "restart_router" ''
- ${pkgs.mosquitto}/bin/mosquitto_pub -h localhost -t 'cmnd/router/POWER' -u gg23 -P gg23-mqtt -m OFF
- sleep 2
- ${pkgs.mosquitto}/bin/mosquitto_pub -h localhost -t 'cmnd/router/POWER' -u gg23 -P gg23-mqtt -m ON
- '')
- ];
diff --git a/lass/2configs/git-brain.nix b/lass/2configs/git-brain.nix
deleted file mode 100644
index f4d1a27cd..000000000
--- a/lass/2configs/git-brain.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- repos = krebs-repos;
- rules = concatMap krebs-rules (attrValues krebs-repos);
- krebs-repos = mapAttrs make-krebs-repo {
- brain = { };
- krebs-secrets = { };
- };
- make-krebs-repo = with git; name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = false;
- hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- nick = config.networking.hostName;
- verbose = true;
- channel = "#xxx";
- # TODO remove the hardcoded hostname
- server = "irc.r";
- };
- };
- };
- # TODO: get the list of all krebsministers
- krebsminister = with config.krebs.users; [ makefu tv kmein ];
- krebs-rules = repo:
- set-owners repo [ config.krebs.users.lass ] ++ set-ro-access repo krebsminister;
- set-ro-access = with git; repo: user:
- singleton {
- inherit user;
- repo = [ repo ];
- perm = fetch;
- };
- set-owners = with git;repo: user:
- singleton {
- inherit user;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- };
-in {
- krebs.git = {
- enable = true;
- cgit = {
- enable = false;
- };
- inherit repos rules;
- };
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
deleted file mode 100644
index 16260b77b..000000000
--- a/lass/2configs/git.nix
+++ /dev/null
@@ -1,206 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- out = {
- services.nginx.enable = true;
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "public repositories at ${}";
- root-desc = "keep calm and engage";
- };
- };
- repos = repos;
- rules = rules;
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- system.activationScripts.spool-chmod = ''
- ${pkgs.coreutils}/bin/chmod +x /var/spool
- '';
- };
- cgit-clear-cache = pkgs.cgit-clear-cache.override {
- inherit (config.krebs.git.cgit.settings) cache-root;
- };
- repos =
- public-repos //
- optionalAttrs restricted-repos;
- rules = concatMap make-rules (attrValues repos);
- public-repos = mapAttrs make-public-repo {
- Reaktor = {
- cgit.desc = "Reaktor IRC bot";
- cgit.section = "software";
- };
- buildbot-classic = {
- cgit.desc = "fork of buildbot";
- cgit.section = "software";
- };
- cholerab = {
- cgit.desc = "krebs thesauron & enterprise-patterns";
- cgit.section = "documentation";
- };
- disko = {
- cgit.desc = "take a description of your disk layout and produce a format script";
- cgit.section = "software";
- };
- go = {
- cgit.desc = "url shortener";
- cgit.section = "software";
- };
- grib2json-bin = {
- cgit.desc = "build jar of grib2json";
- cgit.section = "deployment";
- };
- krebspage = {
- cgit.desc = "homepage of krebs";
- cgit.section = "configuration";
- };
- krops = {
- cgit.desc = "krebs deployment";
- cgit.section = "software";
- };
- news = {
- cgit.desc = "take a rss feed and a timeout and print it to stdout";
- cgit.section = "software";
- };
- newsbot-js = {
- cgit.desc = "print rss feeds to irc channels";
- cgit.section = "software";
- };
- nix-user-chroot = {
- cgit.desc = "Fork of nix-user-chroot by lethalman";
- cgit.section = "software";
- };
- nix-writers = {
- cgit.desc = "high level writers for nix";
- cgit.section = "software";
- };
- nixos-generators = {
- cgit.desc = "custom image builders";
- cgit.section = "software";
- };
- nixpkgs = {
- cgit.desc = "nixpkgs fork";
- cgit.section = "configuration";
- };
- populate = {
- cgit.section = "software";
- };
- reaktor2 = {
- cgit.desc = "irc bot";
- cgit.section = "software";
- };
- stockholm = {
- cgit.desc = "take all the computers hostage, they'll love you!";
- cgit.section = "configuration";
- };
- stockholm-issues = {
- cgit.desc = "stockholm issues";
- cgit.section = "issues";
- };
- the_playlist = {
- cgit.desc = "Good Music collection + tools";
- cgit.section = "art";
- };
- workadventure-nix = {
- cgit.desc = "Nix packaging for workadventure";
- cgit.section = "deployment";
- };
- xmonad-stockholm = {
- cgit.desc = "krebs xmonad modules";
- cgit.section = "configuration";
- };
- } // mapAttrs make-public-repo-silent {
- };
- restricted-repos = mapAttrs make-restricted-repo (
- {
- brain = {
- collaborators = with config.krebs.users; [ tv makefu ];
- announce = true;
- };
- } //
- import <secrets/repos.nix> { inherit config lib pkgs; }
- );
- make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: {
- inherit cgit collaborators name;
- public = true;
- hooks = {
- post-receive = ''
- ${pkgs.git-hooks.irc-announce {
- # TODO make nick = the default
- nick =;
- channel = "#xxx";
- # TODO define refs in some kind of option per repo
- server = "irc.r";
- verbose = == "orange";
- }}
- ${cgit-clear-cache}/bin/cgit-clear-cache
- '';
- };
- };
- make-public-repo-silent = name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = true;
- };
- make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? true, hooks ? {}, ... }: {
- inherit admins collaborators name;
- public = false;
- hooks = {
- post-receive = ''
- ${optionalString announce (pkgs.git-hooks.irc-announce {
- # TODO make nick = the default
- nick =;
- channel = "#xxx";
- # TODO define refs in some kind of option per repo
- refs = [
- "refs/heads/master"
- "refs/heads/staging*"
- ];
- server = "irc.r";
- verbose = false;
- })}
- ${cgit-clear-cache}/bin/cgit-clear-cache
- '';
- } // hooks;
- };
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = [ lass lass-green ];
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional (length (repo.admins or []) > 0) {
- user = repo.admins;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- } ++
- optional repo.public {
- user = attrValues config.krebs.users;
- repo = [ repo ];
- perm = fetch;
- };
-in out
diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix
deleted file mode 100644
index ecf89b298..000000000
--- a/lass/2configs/go.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, lib, pkgs, ... }:
- krebs.go = {
- enable = true;
- };
- services.nginx = {
- enable = true;
- virtualHosts.go = {
- locations."/".extraConfig = ''
- proxy_set_header Host;
- proxy_pass http://localhost:1337;
- '';
- serverAliases = [
- ""
- ];
- };
- };
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
deleted file mode 100644
index 66088a562..000000000
--- a/lass/2configs/green-host.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ config, pkgs, ... }:
- = {
- sshKey = "${toString <secrets>}/green.sync.key";
- };
diff --git a/lass/2configs/gsm-wiki.nix b/lass/2configs/gsm-wiki.nix
deleted file mode 100644
index 69508a155..000000000
--- a/lass/2configs/gsm-wiki.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }:
- services.nginx.virtualHosts."" = {
- forceSSL = true;
- enableACME = true;
- locations."/".extraConfig = ''
- auth_basic "Restricted Content";
- auth_basic_user_file ${pkgs.writeText "flix-user-pass" ''
- c3gsm:$apr1$q9OrPI4C$7AY4EIp3J2Xc4eLMbPGE21
- ''};
- root /srv/http/;
- '';
- };
- users.users.c3gsm-docs = {
- isNormalUser = true;
- home = "/srv/http/";
- createHome = true;
- homeMode = "750";
- useDefaultShell = true;
- group = "nginx";
- openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlW1fvCrVXhVH/z76fXBWYR/qyecYTE9VOOkFLJ6OwG user@osmocom-dev"
- ];
- };
diff --git a/lass/2configs/hardening.nix b/lass/2configs/hardening.nix
deleted file mode 100644
index aee4bf06f..000000000
--- a/lass/2configs/hardening.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs, lib, ... }:
-with lib;
- security.chromiumSuidSandbox.enable = true;
- security.lockKernelModules = false;
- boot.kernel.sysctl."user.max_user_namespaces" = 63414;
- imports = [
- <nixpkgs/nixos/modules/profiles/hardened.nix>
- ];
diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix
deleted file mode 100644
index 1745bbfe5..000000000
--- a/lass/2configs/hass/default.nix
+++ /dev/null
@@ -1,125 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import ./lib.nix { inherit lib; };
- dwdwfsapi = pkgs.python3Packages.buildPythonPackage rec {
- pname = "dwdwfsapi";
- version = "1.0.3";
- src = pkgs.python3Packages.fetchPypi {
- inherit pname version;
- sha256 = "0fcv79xiq0qr4kivhd68iqpgrsjc7djxqs2h543pyr0sdgb5nz9x";
- };
- buildInputs = with pkgs.python3Packages; [
- requests ciso8601
- ];
- # LC_ALL = "en_US.UTF-8";
- };
-in {
- imports = [
- ./pyscript
- ./zigbee.nix
- ./rooms/bett.nix
- ./rooms/essen.nix
- ./rooms/nass.nix
- ];
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
- { predicate = "-i docker0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
- { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass
- { predicate = "-i int0 -p tcp --dport 1337"; target = "ACCEPT"; } # zigbee2mqtt frontend
- { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass
- { predicate = "-i retiolum -p tcp --dport 1337"; target = "ACCEPT"; } # zigbee2mqtt frontend
- { predicate = "-i wiregrill -p tcp --dport 8123"; target = "ACCEPT"; } # hass
- ];
- services.home-assistant = {
- enable = true;
- configWritable = true;
- lovelaceConfigWritable = true;
- config = let
- tasmota = name: topic: {
- inherit name;
- state_topic = "stat/${topic}/POWER";
- command_topic = "cmnd/${topic}/POWER";
- payload_on = "ON";
- payload_off = "OFF";
- };
- in {
- homeassistant = {
- name = "Home";
- time_zone = "Europe/Berlin";
- latitude = "52.46187";
- longitude = "13.41489";
- elevation = 90;
- unit_system = "metric";
- # customize = friendly_names;
- };
- config = {};
- sun.elevation = 66;
- shopping_list = {};
- discovery = {};
- frontend = {};
- http = {};
- # mqtt = {
- # broker = "localhost";
- # port = 1883;
- # client_id = "home-assistant";
- # username = "gg23";
- # password = "gg23-mqtt";
- # keepalive = 60;
- # protocol = 3.1;
- # discovery = true;
- # birth_message = {
- # topic = "/hass/status";
- # payload = "online";
- # };
- # will_message = {
- # topic = "/hass/status";
- # payload = "offline";
- # };
- # };
- sensor = [
- {
- platform = "dwd_weather_warnings";
- region_name = "Berlin";
- }
- ];
- mqtt.switch = [
- (tasmota "TV" "tv")
- (tasmota "Drucker Strom" "drucker")
- (tasmota "Waschmaschine" "wasch")
- (tasmota "Stereo Anlage" "stereo")
- (tasmota "Wohnzimmer Lampe" "wohn_lampe")
- ];
- mobile_app = {};
- weather = [
- {
- platform = "openweathermap";
- api_key = "xxx"; # TODO put into secrets
- }
- ];
- system_health = {};
- history = {};
- shopping_list = {};
- media_player = {
- platform = "snapcast";
- host = "";
- };
- };
- };
- services.mosquitto = {
- enable = true;
- listeners = [{
- acl = [ ];
- users.gg23 = { acl = [ "readwrite #" ]; password = "gg23-mqtt"; };
- }];
- };
- environment.systemPackages = [ pkgs.mosquitto ];
diff --git a/lass/2configs/hass/lib.nix b/lass/2configs/hass/lib.nix
deleted file mode 100644
index 72ff2966f..000000000
--- a/lass/2configs/hass/lib.nix
+++ /dev/null
@@ -1,256 +0,0 @@
-{ lib, ... }:
-rec {
- lights = {
- bett = "l_bett";
- essen = "l_essen";
- arbeit = "l_arbeit";
- nass = "l_nass";
- };
- switches = {
- dimmer = {
- bett = "i_bett";
- essen = "i_essen";
- nass = "i_nass";
- };
- };
- sensors = {
- movement = {
- essen = "s_essen";
- nass = "s_nass";
- };
- };
- friendly_names =
- lib.mapAttrs' (n: v: lib.nameValuePair "light.${v}" { friendly_name = "l.${n}"; }) lights //
- lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_update_available" { friendly_name = "s.${n}_up"; }) switches.dimmer //
- lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_update_available" { friendly_name = "i.${n}_up"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_update_available" { friendly_name = "l.${n}_up"; }) lights //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_linkquality" { friendly_name = "s.${n}_link"; }) switches.dimmer //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_linkquality" { friendly_name = "i.${n}_link"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_linkquality" { friendly_name = "l.${n}_link"; }) lights //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_battery" { friendly_name = "s.${n}_bat"; }) switches.dimmer //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_battery" { friendly_name = "i.${n}_bat"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_action" { friendly_name = "s.${n}_act"; }) switches.dimmer //
- lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_occupancy" { friendly_name = "i.${n}_move"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_occupancy" { friendly_name = "i.${n}_move"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_temperature" { friendly_name = "i.${n}_heat"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_temperature" { friendly_name = "i.${n}_heat"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_illuminance" { friendly_name = "i.${n}_lux"; }) sensors.movement //
- lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_illuminance" { friendly_name = "i.${n}_lux"; }) sensors.movement //
- {};
- detect_movement = name: sensor: light: delay:
- let
- id = name;
- sensor_ = "binary_sensor.${sensor}_occupancy";
- light_ = "light.${light}";
- in {
- input_boolean."${id}" = {
- };
- timer."${id}" = {
- duration = delay;
- };
- automation = [
- # {
- # alias = "debug detect_movement";
- # trigger = {
- # platform = "state";
- # entity_id = sensor_;
- # };
- # action = [
- # {
- # service = "system_log.write";
- # data_template = {
- # message = "XXXXXXXXXXXXXXXXXXXXXX {{ states('input_boolean.${sensor}_${light}_triggered') == 'on' }}";
- # #message = "XXXXXXXXXXXXXXXXXXXXXX {{ state_attr('trigger.to_state.state', 'illuminance') }}";
- # };
- # }
- # ];
- # }
- {
- alias = "movement reset timer ${id}";
- trigger = {
- platform = "state";
- entity_id = sensor_;
- from = "off";
- to = "on";
- };
- action = [
- {
- service = "timer.cancel";
- data_template.entity_id = "timer.${id}";
- }
- ];
- }
- {
- alias = "movement on ${id}";
- trigger = {
- platform = "state";
- entity_id = "binary_sensor.${sensor}_occupancy";
- from = "off";
- to = "on";
- };
- condition = {
- condition = "and";
- conditions = [
- {
- condition = "template";
- value_template = "{{ trigger.to_state.attributes.illuminance < 7500 }}";
- }
- {
- condition = "template";
- value_template = "{{ states('${light_}') == 'off' }}";
- }
- ];
- };
- action = [
- {
- service = "light.turn_on";
- data_template = {
- entity_id = light_;
- brightness = "100";
- };
- }
- { delay = "0:00:02"; }
- {
- service = "input_boolean.turn_on";
- data_template.entity_id = "input_boolean.${id}";
- }
- ];
- }
- {
- alias = "movement off ${id}";
- trigger = {
- platform = "state";
- entity_id = sensor_;
- from = "on";
- to = "off";
- };
- condition = {
- condition = "template";
- value_template = "{{ states('input_boolean.${id}') == 'on' }}";
- };
- action = [
- {
- service = "timer.start";
- entity_id = "timer.${id}";
- }
- ];
- }
- {
- alias = "movement override ${id}";
- trigger = {
- platform = "state";
- entity_id = light_;
- };
- action = [
- {
- service = "input_boolean.turn_off";
- data_template.entity_id = "input_boolean.${id}";
- }
- {
- service = "system_log.write";
- data_template = {
- message = "XXXXXXXXXXXXXXXXXXXXXX {{ trigger }}";
- };
- }
- ];
- }
- {
- alias = "movement expired ${id}";
- trigger = {
- platform = "event";
- event_type = "timer.finished";
- event_data.entity_id = "timer.${id}";
- };
- action = [
- {
- service = "light.turn_off";
- data_template = {
- entity_id = light_;
- };
- }
- {
- service = "input_boolean.turn_off";
- data_template.entity_id = "input_boolean.${id}";
- }
- ];
- }
- ];
- };
- lightswitch = name: switch: light: {
- automation = [
- {
- alias = "lightswitch ${name} turn on";
- trigger = {
- platform = "mqtt";
- topic = "zigbee/${switch}";
- };
- condition = {
- condition = "or";
- conditions = [
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.action == 'on-press' }}";
- }
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.action == 'up-press' }}";
- }
- {
- condition = "and";
- conditions = [
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.action == 'down-press' }}";
- }
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.brightness > 30 }}";
- }
- ];
- }
- ];
- };
- action = [
- {
- service = "light.turn_on";
- data_template = {
- entity_id = "light.${light}";
- brightness = "{{ trigger.payload_json.brightness }}";
- };
- }
- ];
- }
- {
- alias = "lightswitch ${name} turn off";
- trigger = {
- platform = "mqtt";
- topic = "zigbee/${switch}";
- };
- condition = {
- condition = "or";
- conditions = [
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.action == 'off-press' }}";
- }
- {
- condition = "template";
- value_template = "{{ trigger.payload_json.brightness < 30 }}";
- }
- ];
- };
- action = {
- service = "light.turn_off";
- data_template = {
- entity_id = "light.${light}";
- };
- };
- }
- ];
- };
diff --git a/lass/2configs/hass/pyscript/.gitignore b/lass/2configs/hass/pyscript/.gitignore
deleted file mode 100644
index 282debf56..000000000
--- a/lass/2configs/hass/pyscript/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
diff --git a/lass/2configs/hass/pyscript/default.nix b/lass/2configs/hass/pyscript/default.nix
deleted file mode 100644
index c56967e4b..000000000
--- a/lass/2configs/hass/pyscript/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }:
- systemd.tmpfiles.rules = [
- "L+ /var/lib/hass/custom_components/pyscript - - - - ${pkgs.fetchzip {
- url = "";
- sha256 = "0cqdjj46s5xp4mqxb0ic790jm1xp3z0zr2n9f7bsfl5zpvdshl8z";
- stripRoot = false;
- }}"
- ];
- services.home-assistant = {
- package = (pkgs.home-assistant.overrideAttrs (old: {
- doInstallCheck = false;
- })).override {
- extraPackages = pp: [ pp.croniter ];
- };
- config.pyscript = {
- allow_all_imports = true;
- hass_is_global = true;
- };
- };
- networking.firewall.interfaces.retiolum.allowedTCPPortRanges = [
- { from = 50321; to = 50341; } # for ipython interactive debugging
- ];
diff --git a/lass/2configs/hass/pyscript/shell.nix b/lass/2configs/hass/pyscript/shell.nix
deleted file mode 100644
index 3cfac0275..000000000
--- a/lass/2configs/hass/pyscript/shell.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ pkgs ? import <nixpkgs> {} }: let
- hass_host = "styx.r";
- hass_token = builtins.readFile ./hass_token;
- mach-nix = import (builtins.fetchGit {
- url = "";
- ref = "refs/tags/3.4.0";
- }) {
- pkgs = pkgs;
- };
- pyenv = mach-nix.mkPython {
- requirements = ''
- hass_pyscript_kernel
- '';
- };
- jupyter = import (builtins.fetchGit {
- url =;
- ref = "master";
- }) {};
- pyscriptKernel = {
- spec = pkgs.runCommand "pyscript" {} ''
- mkdir -p $out/kernels/pyscript
- cp ${kernel_json} $out/kernels/pyscript/kernel.json
- cp ${pyscript_conf} $out/kernels/pyscript/pyscript.conf
- '';
- runtimePackages = [ pyenv ];
- };
- kernel_json = pkgs.writeText "kernel.json" (builtins.toJSON {
- argv = [
- "${pyenv}/bin/python3" "-m" "hass_pyscript_kernel"
- "-f" "{connection_file}"
- ];
- display_name = "hass_pyscript";
- language = "python";
- });
- pyscript_conf = pkgs.writeText "pyscript.conf" ''
- [homeassistant]
- hass_host = ${hass_host}
- hass_url = http://''${hass_host}:8123
- hass_token = ${hass_token}
- '';
- jupyterEnvironment = jupyter.jupyterlabWith {
- kernels = [ pyscriptKernel ];
- };
-in jupyterEnvironment.env
diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix
deleted file mode 100644
index 026c5722c..000000000
--- a/lass/2configs/hass/rooms/bett.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ lib, ... }:
-with import ../lib.nix { inherit lib; };
- services.home-assistant.config = lib.mkMerge [
- (lightswitch "bett" switches.dimmer.bett lights.bett)
- ];
- # = {
- # resources = [{
- # url = "";
- # type = "js";
- # }];
- # views = [{
- # title = "bett";
- # cards = [
- # {
- # type = "markdown";
- # title = "hello world";
- # content = "This is just a test";
- # }
- # {
- # type = "light";
- # entity = "light.${lights.bett}";
- # }
- # {
- # type = "custom:light-entity-card";
- # entity = "light.${lights.bett}";
- # }
- # {
- # type = "history-graph";
- # entities = [
- # "light.${lights.bett}"
- # ];
- # }
- # ];
- # }];
- # };
diff --git a/lass/2configs/hass/rooms/essen.nix b/lass/2configs/hass/rooms/essen.nix
deleted file mode 100644
index 293935f65..000000000
--- a/lass/2configs/hass/rooms/essen.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ lib, ... }:
-with import ../lib.nix { inherit lib; };
- services.home-assistant.config = lib.mkMerge [
- (detect_movement "essen" sensors.movement.essen lights.essen 70)
- (lightswitch "essen" switches.dimmer.essen lights.essen)
- ];
diff --git a/lass/2configs/hass/rooms/nass.nix b/lass/2configs/hass/rooms/nass.nix
deleted file mode 100644
index b23ba86cd..000000000
--- a/lass/2configs/hass/rooms/nass.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ lib, ... }:
-with import ../lib.nix { inherit lib; };
- services.home-assistant.config = lib.mkMerge [
- (detect_movement "nass" sensors.movement.nass lights.nass 100)
- (lightswitch "nass" switches.dimmer.nass lights.nass)
- ];
diff --git a/lass/2configs/hass/zigbee.nix b/lass/2configs/hass/zigbee.nix
deleted file mode 100644
index 210c761b5..000000000
--- a/lass/2configs/hass/zigbee.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{config, pkgs, lib, ...}: let
- unstable-pkgs = import <nixpkgs-unstable> {};
-in {
- # symlink the zigbee controller
- services.udev.extraRules = ''
- SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="cc2531", MODE="0660", GROUP="dialout"
- SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="cc2652", MODE="0660", GROUP="dialout"
- '';
- # needed to use unstable package
- = "/var/lib/zigbee2mqtt";
- services.zigbee2mqtt = {
- enable = true;
- package = unstable-pkgs.zigbee2mqtt;
- settings = {
- homeassistant = true;
- frontend.port = 1337;
- experimental.new_api = true;
- permit_join = false;
- mqtt = {
- discovery = true;
- base_topic = "zigbee";
- server = "mqtt://";
- user = "gg23";
- password = "gg23-mqtt";
- };
- serial = {
- port = "/dev/cc2652";
- # disable_led = true;
- };
- advanced = {
- pan_id = 4222;
- };
- devices = let
- set_device = id: name:
- lib.nameValuePair id {
- };
- in {
- # lights
- "0x0017880106ed3bd8".friendly_name = "l_bett";
- "0x0017880108327622".friendly_name = "l_essen";
- "0x0017880106ee2865".friendly_name = "l_arbeit";
- "0x00178801082e9f2f".friendly_name = "l_nass";
- # switches
- "0x00178801086ac38c".friendly_name = "i_bett";
- "0x00178801086ad1fb".friendly_name = "i_essen";
- "0x00178801086ac373".friendly_name = "i_nass";
- # sensors
- "0x0017880106f772f2".friendly_name = "s_essen";
- "0x0017880106f77f30".friendly_name = "s_nass";
- # heat
- "0x842e14fffe27109a".friendly_name = "t_bett";
- "0x842e14fffe269a73".friendly_name = "t_nass";
- "0x842e14fffe269a56".friendly_name = "t_arbeit";
- # rotation
- "0x8cf681fffe065493" = {
- friendly_name = "r_test";
- device_id = "r_test";
- simulated_brightness = {
- delta = 2;
- interval = 100;
- };
- };
- };
- };
- };
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
deleted file mode 100644
index 9dafe086c..000000000
--- a/lass/2configs/hfos.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- users.users.riot = {
- uid = genid "riot";
- isNormalUser = true;
- extraGroups = [ "libvirtd" ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
- ];
- };
- networking.interfaces.et0.ip4 = [
- {
- address = "";
- prefixLength = 24;
- }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
- { v6 = false; predicate = "-d -p tcp --dport 22"; target = "DNAT --to-destination"; }
- { v6 = false; predicate = "-d -p tcp --dport 25"; target = "DNAT --to-destination"; }
- { v6 = false; predicate = "-d -p tcp --dport 80"; target = "DNAT --to-destination"; }
- { v6 = false; predicate = "-d -p tcp --dport 443"; target = "DNAT --to-destination"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = mkBefore [
- { v6 = false; predicate = "-d -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.OUTPUT.rules = mkBefore [
- { v6 = false; predicate = "-d -p tcp --dport 443"; target = "DNAT --to-destination"; }
- ];
- # TODO use bridge interfaces instead of this crap
- = let
- restart-iptables = pkgs.writeDash "restart-iptables" ''
- #soo hacky
- ${pkgs.coreutils}/bin/sleep 5s
- ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
- '';
- in restart-iptables;
diff --git a/lass/2configs/home-media.nix b/lass/2configs/home-media.nix
deleted file mode 100644
index f3908e6be..000000000
--- a/lass/2configs/home-media.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-with import <stockholm/lib>;
-{ pkgs, ... }:
- = {
- isNormalUser = true;
- uid = genid_uint31 "media";
- extraGroups = [ "video" "audio" "pipewire" ];
- };
- services.xserver.displayManager.autoLogin = {
- enable = true;
- user = "media";
- };
- hardware.pulseaudio.configFile = pkgs.writeText "" ''
- .include ${pkgs.pulseaudioFull}/etc/pulse/
- load-module module-native-protocol-tcp auth-ip-acl=; auth-anonymous=1
- '';
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 4713"; target = "ACCEPT"; } # pulseaudio
- ];
- environment.systemPackages = [
- (pkgs.writers.writeDashBin "snapmpv" ''
- /run/current-system/sw/bin/mpv \
- --audio-display=no --audio-channels=stereo \
- --audio-samplerate=48000 --audio-format=s16 \
- --ao-pcm-file=/run/snapserver/snapfifo --ao=pcm \
- --audio-delay=-1 \
- "$@"
- '')
- ];
diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix
deleted file mode 100644
index 629d74235..000000000
--- a/lass/2configs/htop.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ pkgs, ... }:
-with import <stockholm/lib>;
- nixpkgs.config.packageOverrides = super: {
- htop = pkgs.symlinkJoin {
- name = "htop";
- paths = [
- (pkgs.writeDashBin "htop" ''
- export HTOPRC=${pkgs.writeText "htoprc" ''
- fields=0 48 17 18 38 39 40 2 46 47 49 1
- sort_key=46
- sort_direction=1
- hide_threads=0
- hide_kernel_threads=1
- hide_userland_threads=0
- shadow_other_users=1
- show_thread_names=1
- show_program_path=1
- highlight_base_name=1
- highlight_megabytes=1
- highlight_threads=1
- tree_view=1
- header_margin=1
- detailed_cpu_time=0
- cpu_count_from_zero=0
- update_process_names=0
- account_guest_in_cpu_meter=1
- color_scheme=6
- delay=15
- left_meters=LeftCPUs2 RightCPUs2 Memory Swap
- left_meter_modes=1 1 1 1
- right_meters=Uptime Tasks LoadAverage Battery
- right_meter_modes=2 2 2 2
- ''}
- exec ${super.htop}/bin/htop "$@"
- '')
- super.htop
- ];
- };
- };
diff --git a/lass/2configs/hw/brcmfmac4356-pcie.txt b/lass/2configs/hw/brcmfmac4356-pcie.txt
deleted file mode 100644
index 7a7ee45a6..000000000
--- a/lass/2configs/hw/brcmfmac4356-pcie.txt
+++ /dev/null
@@ -1,125 +0,0 @@
-# Sample variables file for BCM94356Z NGFF 22x30mm iPA, iLNA board with PCIe for production package
-NVRAMRev=$Rev: 492104 $
-#4356 chip = 4354 A2 chip
-#0x2000 enable 2G spur WAR
-#boardflags3 0x00000100 /* to read swctrlmap from nvram*/
-#define BFL3_5G_SPUR_WAR 0x00080000 /* enable spur WAR in 5G band */
-#define BFL3_AvVim 0x40000000 /* load AvVim from nvram */
diff --git a/lass/2configs/hw/gpd-pocket.nix b/lass/2configs/hw/gpd-pocket.nix
deleted file mode 100644
index 87b4c518b..000000000
--- a/lass/2configs/hw/gpd-pocket.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ pkgs, ... }:
- dummy_firmware = pkgs.writeTextFile {
- name = "brcmfmac4356-pcie.txt";
- text = builtins.readFile ./brcmfmac4356-pcie.txt;
- destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt";
- };
-in {
- #imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
- hardware.firmware = [ dummy_firmware ];
- hardware.enableRedistributableFirmware = true;
- boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" "sdhci_pci" ];
- boot.kernelPackages = pkgs.linuxPackages_4_14;
- boot.kernelParams = [
- "fbcon=rotate:1"
- ];
- services.xserver.displayManager.sessionCommands = ''
- (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right)
- (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1)
- '';
- services.xserver.dpi = 200;
- fonts.fontconfig.dpi = 200;
- lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola";
- lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola";
- lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol";
diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix
deleted file mode 100644
index cbb5b168d..000000000
--- a/lass/2configs/hw/x220.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ config, pkgs, ... }:
- imports = [
- <stockholm/krebs/2configs/hw/x220.nix>
- ];
- boot = {
- initrd.luks.devices.luksroot.device = "/dev/sda3";
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- extraModulePackages = [
- config.boot.kernelPackages.tp_smapi
- config.boot.kernelPackages.acpi_call
- ];
- kernelModules = [
- "acpi_call"
- "tp_smapi"
- ];
- };
- environment.systemPackages = [
- pkgs.tpacpi-bat
- ];
- fileSystems = {
- "/" = {
- device = "/dev/mapper/pool-root";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/boot" = {
- device = "/dev/sda2";
- };
- "/home" = {
- device = "/dev/mapper/pool-home";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- };
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
- services.tlp.enable = true;
- #services.tlp.extraConfig = ''
- #'';
- services.xserver.dpi = 80;
diff --git a/lass/2configs/iodined.nix b/lass/2configs/iodined.nix
deleted file mode 100644
index f67e2ae86..000000000
--- a/lass/2configs/iodined.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ pkgs, config, ... }:
- # TODO: make this a parameter
- domain = "";
- pw = import <secrets/iodinepw.nix>;
-in {
- services.iodine.server = {
- enable = true;
- domain = domain;
- ip = "";
- extraConfig = "-c -P ${pw} -l ${}";
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 53"; target = "ACCEPT";}
- ];
diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix
deleted file mode 100644
index 6d07c7a77..000000000
--- a/lass/2configs/libvirt.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, lib, pkgs, ... }:
- virtualisation.libvirtd.enable = true;
- security.polkit.enable = true;
- krebs.iptables.tables.filter.INPUT.rules = [
- { v6 = false; predicate = "-i virbr0 -p udp -m udp --dport 53"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i virbr0 -p tcp -m tcp --dport 53"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i virbr0 -p udp -m udp --dport 67"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i virbr0 -p tcp -m tcp --dport 67"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; predicate = "-d -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-s -i virbr0"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i virbr0 -o virbr0"; target = "ACCEPT"; }
- { v6 = false; predicate = "-o virbr0"; target = "REJECT --reject-with icmp-port-unreachable"; }
- { v6 = false; predicate = "-i virbr0"; target = "REJECT --reject-with icmp-port-unreachable"; }
- ];
- krebs.iptables.tables.filter.OUTPUT.rules = [
- { v6 = false; predicate = "-o virbr0 -p udp -m udp --dport 68"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = lib.mkBefore [
- { v6 = false; predicate = "-s"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v6 = false; predicate = "-s -d"; target = "RETURN"; }
- { v6 = false; predicate = "-s -d"; target = "RETURN"; }
- { v6 = false; predicate = "-s ! -d"; target = "MASQUERADE"; }
- { v6 = false; predicate = "-s ! -d -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
- { v6 = false; predicate = "-s ! -d -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
- ];
diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix
deleted file mode 100644
index c877a8c0a..000000000
--- a/lass/2configs/livestream.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- stream = pkgs.writeDashBin "stream" ''
- ${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@"
- '';
-in {
- environment.systemPackages = [ stream ];
diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix
deleted file mode 100644
index f141a94f5..000000000
--- a/lass/2configs/logf.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- host-colors = {
- mors = "131";
- prism = "95";
- uriel = "61";
- shodan = "51";
- icarus = "53";
- echelon = "197";
- cloudkrebs = "119";
- };
- urgent = [
- "\\blass@blue\\b"
- ];
-in {
- environment.systemPackages = [
- (pkgs.writeDashBin "logf" ''
- export LOGF_URGENT=${pkgs.writeJSON "urgent" urgent}
- export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors}
- ${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)}
- '')
- ];
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
deleted file mode 100644
index bf8904b89..000000000
--- a/lass/2configs/mail.nix
+++ /dev/null
@@ -1,272 +0,0 @@
-{ config, lib, pkgs, ... }:
- msmtprc = pkgs.writeText "msmtprc" ''
- defaults
- logfile ~/.msmtp.log
- account prism
- host prism.r
- account c-base
- from
- host
- port 465
- tls on
- tls_starttls off
- auth on
- user lassulus
- passwordeval pass show c-base/pass
- account default: prism
- '';
- notmuch-config = pkgs.writeText "notmuch-config" ''
- [database]
- path=/home/lass/Maildir
- mail_root=/home/lass/Maildir
- [user]
- name=lassulus
- other_email=lass@mors.r;${lib.concatStringsSep ";" (lib.flatten (lib.attrValues mailboxes))}
- [new]
- tags=unread;inbox;
- ignore=
- [search]
- exclude_tags=deleted;spam;
- [maildir]
- synchronize_flags=true
- '';
- msmtp = pkgs.writeBashBin "msmtp" ''
- ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \
- ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@"
- '';
- mailcap = pkgs.writeText "mailcap" ''
- text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput;
- '';
- mailboxes = {
- afra = [ "" ];
- c-base = [ "" ];
- coins = [
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ];
- dezentrale = [ "" ];
- dhl = [ "" ];
- dn42 = [ "" ];
- eloop = [ "" ];
- github = [ "" ];
- gmail = [ "" "" "" ];
- india = [ "" "" "" ];
- kaosstuff = [ "" "" "" ];
- lugs = [ "" ];
- meetup = [ "" ];
- nix = [ "" "" ];
- patreon = [ "" ];
- paypal = [ "" ];
- ptl = [ "" ];
- retiolum = [ "to:lass@mors.r" ];
- security = [
- "" "to:bugtraq" ""
- ""
- ];
- shack = [ "" ];
- steam = [ "" ];
- tinc = [ "" "" ];
- wireguard = [ "to:wireguard@lists.zx2c4" ];
- zzz = [ "" "" ];
- };
- tag-new-mails = pkgs.writeDashBin "nm-tag-init" ''
- ${pkgs.notmuch}/bin/notmuch new
- ${lib.concatMapStringsSep "\n" (i: ''
- mkdir -p "$HOME/Maildir/.${}/cur"
- for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files 'tag:inbox and (${lib.concatMapStringsSep " or " (f: "${f}") i.value})'); do
- if test -e "$mail"; then
- mv "$mail" "$HOME/Maildir/.${}/cur/"
- else
- echo "$mail does not exist"
- fi
- done
- ${pkgs.notmuch}/bin/notmuch tag -inbox +${} -- tag:inbox ${lib.concatMapStringsSep " or " (f: "${f}") i.value}
- '') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
- ${pkgs.notmuch}/bin/notmuch new
- ${pkgs.notmuch}/bin/notmuch dump > "$HOME/Maildir/notmuch.backup"
- '';
- tag-old-mails = pkgs.writeDashBin "nm-tag-old" ''
- set -efux
- ${lib.concatMapStringsSep "\n" (i: ''
- ${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${} -- ${lib.concatMapStringsSep " or " (f: "${f}") i.value}
- mkdir -p "$HOME/Maildir/.${}/cur"
- for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files ${lib.concatMapStringsSep " or " (f: "${f}") i.value}); do
- if test -e "$mail"; then
- mv "$mail" "$HOME/Maildir/.${}/cur/"
- else
- echo "$mail does not exist"
- fi
- done
- '') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
- ${pkgs.notmuch}/bin/notmuch new --no-hooks
- '';
- muttrc = pkgs.writeText "muttrc" ''
- # read html mails
- auto_view text/html
- set mailcap_path = ${mailcap}
- # notmuch
- set folder="$HOME/Maildir"
- set nm_default_uri = "notmuch://$HOME/Maildir"
- set nm_record = yes
- set nm_record_tags = "-inbox me archive"
- set spoolfile = +Inbox
- set virtual_spoolfile = yes
- set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail
- set from=""
- alternates ^.*@lassul\.us$ ^.*@.*\.r$
- unset envelope_from_address
- set use_envelope_from
- set reverse_name
- set sort=threads
- set index_format="%4C %Z %?GI?%GI& ? %[%y-%m-%d] %-20.20a %?M?(%3M)& ? %s %> %r %g"
- virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
- virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
- ${lib.concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${}" "notmuch://?query=tag:${}"'') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
- virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
- virtual-mailboxes "Starred" "notmuch://?query=tag:*"
- virtual-mailboxes "Archive" "notmuch://?query=tag:archive"
- virtual-mailboxes "Sent" "notmuch://?query=tag:sent"
- virtual-mailboxes "Junk" "notmuch://?query=tag:junk"
- virtual-mailboxes "All" "notmuch://?query=*"
- tag-transforms "junk" "k" \
- "unread" "u" \
- "replied" "↻" \
- "TODO" "T" \
- # notmuch bindings
- macro index \\\\ "<vfolder-from-query>" # looks up a hand made query
- macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
- macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
- # muchsync
- bind index \Cr noop
- macro index \Cr \
- "<enter-command>unset wait_key<enter> \
- <shell-escape>${pkgs.writeDash "muchsync" ''
- set -efu
- until ${pkgs.muchsync}/bin/muchsync -F lass@green.r; do
- sleep 1
- done
- ''}<enter>
- #killed
- bind index d noop
- bind pager d noop
- bind index S noop
- bind index s noop
- bind pager S noop
- bind pager s noop
- macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
- macro index s "<modify-labels>-junk\n" # tag as Junk mail
- macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
- macro pager s "<modify-labels>-junk\n" # tag as Junk mail
- bind index A noop
- bind index a noop
- bind pager A noop
- bind pager a noop
- macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
- macro index a "<modify-labels>-archive\n" # tag as Archived
- macro pager A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
- macro pager a "<modify-labels>-archive\n" # tag as Archived
- bind index U noop
- bind index u noop
- bind pager U noop
- bind pager u noop
- macro index U "<modify-labels>+unread\n"
- macro index u "<modify-labels>-unread\n"
- macro pager U "<modify-labels>+unread\n"
- macro pager u "<modify-labels>-unread\n"
- bind index t noop
- bind pager t noop
- macro index t "<modify-labels>" # tag as Archived
- # top index bar in email view
- set pager_index_lines=7
- # top_index_bar toggle
- macro pager ,@1 "<enter-command> set pager_index_lines=0; macro pager ] ,@2 'Toggle indexbar<Enter>"
- macro pager ,@2 "<enter-command> set pager_index_lines=3; macro pager ] ,@3 'Toggle indexbar<Enter>"
- macro pager ,@3 "<enter-command> set pager_index_lines=7; macro pager ] ,@1 'Toggle indexbar<Enter>"
- macro pager ] ,@1 'Toggle indexbar
- # urlview
- macro pager \cb <pipe-entry>'${pkgs.urlview}/bin/urlview'<enter> 'Follow links with urlview'
- # sidebar
- set sidebar_divider_char = '│'
- set sidebar_delim_chars = "/"
- set sidebar_short_path
- set sidebar_folder_indent
- set sidebar_visible = yes
- set sidebar_format = '%D%?F? [%F]?%* %?N?%N/? %?S?%S?'
- set sidebar_width = 20
- color sidebar_new yellow red
- # sidebar bindings
- bind index <left> sidebar-prev # got to previous folder in sidebar
- bind index <right> sidebar-next # got to next folder in sidebar
- bind index <space> sidebar-open # open selected folder from sidebar
- # sidebar toggle
- macro index,pager ,@) "<enter-command> set sidebar_visible=no; macro index,pager [ ,@( 'Toggle sidebar'<Enter>"
- macro index,pager ,@( "<enter-command> set sidebar_visible=yes; macro index,pager [ ,@) 'Toggle sidebar'<Enter>"
- macro index,pager [ ,@( 'Toggle sidebar' # toggle the sidebar
- '';
- mutt = pkgs.symlinkJoin {
- name = "mutt";
- paths = [
- (pkgs.writeDashBin "mutt" ''
- exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} "$@"
- '')
- pkgs.neomutt
- ];
- };
-in {
- environment.variables.NOTMUCH_CONFIG = toString notmuch-config;
- environment.systemPackages = [
- msmtp
- mutt
- pkgs.notmuch
- pkgs.muchsync
- tag-new-mails
- tag-old-mails
- ];
diff --git a/lass/2configs/mail/internet-gateway.nix b/lass/2configs/mail/internet-gateway.nix
deleted file mode 100644
index 134e408a4..000000000
--- a/lass/2configs/mail/internet-gateway.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ config, lib, pkgs, ... }:
- security.acme.certs."" = {
- group = "lasscert";
- webroot = "/var/lib/acme/acme-challenge";
- };
- users.groups.lasscert.members = [
- "exim"
- "nginx"
- ];
- krebs.exim-smarthost = {
- enable = true;
- primary_hostname = "";
- dkim = [
- { domain = ""; }
- ];
- ssl_cert = "/var/lib/acme/";
- ssl_key = "/var/lib/acme/";
- local_domains = [
- "localhost"
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ];
- extraRouters = ''
- forward_lassul_us:
- driver = manualroute
- domains =
- transport = remote_smtp
- route_list = * orange.r
- no_more
- forward_ubik:
- driver = manualroute
- domains =
- transport = remote_smtp
- route_list = * ubik.r
- no_more
- '';
- };
diff --git a/lass/2configs/matrix.nix b/lass/2configs/matrix.nix
deleted file mode 100644
index cdcbe7ab0..000000000
--- a/lass/2configs/matrix.nix
+++ /dev/null
@@ -1,80 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- services.matrix-synapse = {
- # synapse 1.60.0 errors during startup with:
- #
- package = pkgs.matrix-synapse.overrideAttrs (oldAttrs: rec {
- version = "1.85.2";
- name = "matrix-synapse-${version}";
- src = pkgs.fetchFromGitHub {
- owner = "matrix-org";
- repo = "synapse";
- rev = "v${version}";
- hash = "sha256-pFafBsisBPfpDnFYWcimUuBgfFVPZzLna3yHeqIBAAE=";
- };
- cargoDeps = pkgs.rustPlatform.fetchCargoTarball {
- inherit src;
- name = "matrix-synapse-${version}";
- hash = "sha256-dnno+5Ma0YNYpmj3oZ5UG22uAanKwVT67BwQW+mHoFc=";
- };
- doCheck = false;
- });
- enable = true;
- settings = {
- server_name = "";
- # registration_shared_secret = "yolo";
- = "sqlite3";
- turn_uris = [
- ""
- ""
- ];
- listeners = [
- {
- port = 8008;
- bind_addresses = [ "::1" ];
- type = "http";
- tls = false;
- x_forwarded = true;
- resources = [
- {
- names = [ "client" ];
- compress = true;
- }
- {
- names = [ "federation" ];
- compress = false;
- }
- ];
- }
- ];
- };
- };
- services.nginx = {
- virtualHosts = {
- "" = {
- locations."= /.well-known/matrix/server".extraConfig = ''
- add_header Content-Type application/json;
- return 200 '${builtins.toJSON {
- "m.server" = "";
- }}';
- '';
- locations."= /.well-known/matrix/client".extraConfig = ''
- add_header Content-Type application/json;
- add_header Access-Control-Allow-Origin *;
- return 200 '${builtins.toJSON {
- "m.homeserver" = { "base_url" = ""; };
- "m.identity_server" = { "base_url" = ""; };
- }}';
- '';
- };
- "" = {
- forceSSL = true;
- enableACME = true;
- locations."/_matrix" = {
- proxyPass = "http://[::1]:8008";
- };
- };
- };
- };
diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix
deleted file mode 100644
index f5de04616..000000000
--- a/lass/2configs/mc.nix
+++ /dev/null
@@ -1,344 +0,0 @@
-{ config, pkgs, ... }:
- mcExt = pkgs.writeText "mc.ext" ''
- # gitfs changeset
- regex/^\[git\]
- Open=%cd %p/changesetfs://
- View=%cd %p/patchsetfs://
- ### Archives ###
- # .tgz, .tpz, .tar.gz, .tar.z, .tar.Z, .ipk, .gem
- regex/\.t([gp]?z|ar\.g?[zZ])$|\.ipk$|\.gem$
- Open=%cd %p/utar://
- shell/
- # Open=%cd %p/utar://
- regex/\.t(ar\.bz2|bz2?|b2)$
- Open=%cd %p/utar://
- # .tar.lzma, .tlz
- regex/\.t(ar\.lzma|lz)$
- Open=%cd %p/utar://
- # .tar.xz, .txz
- regex/\.t(ar\.xz|xz)$
- Open=%cd %p/utar://
- # .tar.F - used in QNX
- shell/.tar.F
- # Open=%cd %p/utar://
- # .qpr/.qpk - QNX Neutrino package installer files
- regex/\.qp[rk]$
- Open=%cd %p/utar://
- # tar
- shell/i/.tar
- Open=%cd %p/utar://
- # lha
- type/^LHa\ .*archive
- Open=%cd %p/ulha://
- # arj
- regex/i/\.a(rj|[0-9][0-9])$
- Open=%cd %p/uarj://
- # cab
- shell/i/.cab
- Open=%cd %p/ucab://
- # ha
- shell/i/.ha
- Open=%cd %p/uha://
- # rar
- regex/i/\.r(ar|[0-9][0-9])$
- Open=%cd %p/urar://
- # ALZip
- shell/i/.alz
- Open=%cd %p/ualz://
- # cpio
- shell/.cpio.Z
- Open=%cd %p/ucpio://
- shell/.cpio.xz
- Open=%cd %p/ucpio://
- shell/.cpio.gz
- Open=%cd %p/ucpio://
- shell/i/.cpio
- Open=%cd %p/ucpio://
- # 7zip archives (they are not man pages)
- shell/i/.7z
- Open=%cd %p/u7z://
- # patch
- regex/\.(diff|patch)(\.bz2)$
- Open=%cd %p/patchfs://
- regex/\.(diff|patch)(\.(gz|Z))$
- Open=%cd %p/patchfs://
- # ls-lR
- regex/(^|\.)ls-?lR(\.gz|Z|bz2)$
- Open=%cd %p/lslR://
- # trpm
- shell/.trpm
- Open=%cd %p/trpm://
- # RPM packages (SuSE uses *.spm for source packages)
- regex/\.(src\.rpm|spm)$
- Open=%cd %p/rpm://
- shell/.rpm
- Open=%cd %p/rpm://
- # deb
- regex/\.u?deb$
- Open=%cd %p/deb://
- # dpkg
- shell/.debd
- Open=%cd %p/debd://
- # apt
- shell/.deba
- Open=%cd %p/deba://
- # ISO9660
- shell/i/.iso
- Open=%cd %p/iso9660://
- regex/\.(diff|patch)$
- Open=%cd %p/patchfs://
- # ar library
- regex/\.s?a$
- Open=%cd %p/uar://
- # gplib
- shell/i/.lib
- Open=%cd %p/ulib://
- # Mailboxes
- type/^ASCII\ mail\ text
- Open=%cd %p/mailfs://
- ### Sources ###
- # C/C++
- regex/i/\.(c|cc|cpp)$
- Include=editor
- # C/C++ header
- regex/i/\.(h|hh|hpp)$
- Include=editor
- # Fortran
- shell/i/.f
- Include=editor
- # Assembler
- regex/i/\.(s|asm)$
- Include=editor
- include/editor
- Open=%var{EDITOR:vim} %f
- ### Images ###
- shell/i/.gif
- Include=image
- regex/i/\.jpe?g$
- Include=image
- shell/i/.bmp
- Include=image
- shell/i/.png
- Include=image
- shell/i/.jng
- Include=image
- shell/i/.mng
- Include=image
- shell/i/.tiff
- Include=image
- shell/.ico
- Include=image
- include/image
- Open=sxiv %f
- View=sxiv %f
- ### Sound files ###
- regex/i/\.(wav|snd|voc|au|smp|aiff|snd|m4a|ape|aac|wv)$
- Include=audio
- regex/i/\.(mod|s3m|xm|it|mtm|669|stm|ult|far)$
- Include=audio
- shell/i/.waw22
- Include=audio
- shell/i/.mp3
- Include=audio
- regex/i/\.og[gax]$
- Include=audio
- regex/i/\.(spx|flac)$
- Include=audio
- regex/i/\.(midi?|rmid?)$
- Include=audio
- shell/i/.wma
- Include=audio
- include/audio
- Open=mpv %f
- View=mpv %f
- ### Video ###
- shell/i/.avi
- Include=video
- regex/i/\.as[fx]$
- Include=video
- shell/i/.divx
- Include=video
- shell/i/.rmvb
- Include=video
- shell/i/.mkv
- Include=video
- regex/i/\.(mov|qt)$
- Include=video
- regex/i/\.(mp4|m4v|mpe?g)$
- Include=video
- # MPEG-2 TS container + H.264 codec
- shell/i/.mts
- Include=video
- shell/i/.ts
- Include=video
- shell/i/.vob
- Include=video
- shell/i/.wmv
- Include=video
- regex/i/\.fl[icv]$
- Include=video
- shell/i/.ogv
- Include=video
- # WebM
- shell/i/.webm
- Include=video
- type/WebM
- Include=video
- include/video
- Open=mpv %f
- View=mpv %f
- ### Documents ###
- # PDF
- shell/i/.pdf
- Open=zathura %f
- View=zathura %f
- ### Miscellaneous ###
- # Makefile
- regex/[Mm]akefile$
- Open=make -f %f %{Enter parameters}
- ### Plain compressed files ###
- # ace
- shell/i/.ace
- Open=%cd %p/uace://
- Extract=unace x %f
- # arc
- shell/i/.arc
- Open=%cd %p/uarc://
- Extract=arc x %f '*'
- Extract (with flags)=I=%{Enter any Arc flags:}; if test -n "$I"; then arc x $I %f; fi
- # zip
- shell/i/.zip
- Open=%cd %p/uzip://
- # zip
- type/i/^zip\ archive
- Open=%cd %p/uzip://
- # jar(zip)
- type/i/^Java\ Jar\ file\ data\ \(zip\)
- Open=%cd %p/uzip://
- # zoo
- shell/i/.zoo
- Open=%cd %p/uzoo://
- ### Default ###
- # Default target for anything not described above
- default/*
- Open=vim %f
- View=vim %f
- '';
-in {
- environment.systemPackages = [
- (pkgs.symlinkJoin {
- name = "mc";
- paths = [
- (pkgs.writeDashBin "mc" ''
- export MC_DATADIR=${pkgs.write "mc-ext" {
- "/mc.ext".link = mcExt;
- "/sfs.ini".text = "";
- }};
- export TERM=xterm-256color
- exec ${}/bin/mc -S xoria256 "$@"
- '')
- ];
- })
- ];
diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix
deleted file mode 100644
index 34da3047e..000000000
--- a/lass/2configs/minecraft.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ pkgs, ... }: let
- unstable = import <nixpkgs-unstable> { config.allowUnfree = true; };
-in {
- services.minecraft-server = {
- enable = true;
- eula = true;
- package = unstable.minecraft-server;
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
- ];
diff --git a/lass/2configs/monitoring/alert-rules.nix b/lass/2configs/monitoring/alert-rules.nix
deleted file mode 100644
index eae2569fb..000000000
--- a/lass/2configs/monitoring/alert-rules.nix
+++ /dev/null
@@ -1,208 +0,0 @@
-# inspiration from
-{ lib }:
- (name: opts: {
- alert = name;
- expr = opts.condition;
- for = opts.time or "2m";
- labels = { };
- annotations.description = opts.description;
- })
- ({
- prometheus_too_many_restarts = {
- condition = ''changes(process_start_time_seconds{job=~"prometheus|pushgateway|alertmanager|telegraf"}[15m]) > 2'';
- description = "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping.";
- };
- alert_manager_config_not_synced = {
- condition = ''count(count_values("config_hash", alertmanager_config_hash)) > 1'';
- description = "Configurations of AlertManager cluster instances are out of sync.";
- };
- prometheus_not_connected_to_alertmanager = {
- condition = "prometheus_notifications_alertmanagers_discovered < 1";
- description = "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}\n LABELS = {{ $labels }}";
- };
- prometheus_rule_evaluation_failures = {
- condition = "increase(prometheus_rule_evaluation_failures_total[3m]) > 0";
- description = "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}";
- };
- prometheus_template_expansion_failures = {
- condition = "increase(prometheus_template_text_expansion_failures_total[3m]) > 0";
- time = "0m";
- description = "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}";
- };
- promtail_request_errors = {
- condition = ''100 * sum(rate(promtail_request_duration_seconds_count{status_code=~"5..|failed"}[1m])) by (namespace, job, route, instance) / sum(rate(promtail_request_duration_seconds_count[1m])) by (namespace, job, route, instance) > 10'';
- time = "15m";
- description = ''{{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}% errors.'';
- };
- promtail_file_lagging = {
- condition = ''abs(promtail_file_bytes_total - promtail_read_bytes_total) > 1e6'';
- time = "15m";
- description = ''{{ $labels.instance }} {{ $labels.job }} {{ $labels.path }} has been lagging by more than 1MB for more than 15m.'';
- };
- filesystem_full_80percent = {
- condition = ''disk_used_percent{mode!="ro"} >= 95'';
- time = "10m";
- description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 20% space left on its filesystem.";
- };
- filesystem_full_krebs = {
- condition = ''disk_used_percent{mode!="ro", org="krebs"} >= 95'';
- time = "10m";
- description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 5% space left on its filesystem.";
- };
- filesystem_inodes_full = {
- condition = ''disk_inodes_free / disk_inodes_total < 0.10'';
- time = "10m";
- description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 10% inodes left on its filesystem.";
- };
- daily_task_not_run = {
- # give 6 hours grace period
- condition = ''time() - task_last_run{state="ok",frequency="daily"} > (24 + 6) * 60 * 60'';
- description = "{{$}}: {{$}} was not run in the last 24h";
- };
- daily_task_failed = {
- condition = ''task_last_run{state="fail"}'';
- description = "{{$}}: {{$}} failed to run";
- };
- swap_using_30percent = {
- condition = "mem_swap_total - (mem_swap_cached + mem_swap_free) > mem_swap_total * 0.3";
- time = "30m";
- description = "{{$}} is using 30% of its swap space for at least 30 minutes.";
- };
- systemd_service_failed = {
- condition = ''systemd_units_active_code{name!~"nixpkgs-update-.*.service"} == 3'';
- description = "{{$}} failed to (re)start service {{$}}.";
- };
- service_not_running = {
- condition = ''systemd_units_active_code{name=~"teamspeak3-server.service|tt-rss.service", sub!="running"}'';
- description = "{{$}} should have a running {{$}}.";
- };
- nfs_export_not_present = {
- condition = "nfs_export_present == 0";
- time = "1h";
- description = "{{$}} cannot reach nfs export [{{$labels.server}}]:{{$labels.path}}";
- };
- ram_using_90percent = {
- condition = "mem_buffered + mem_free + mem_cached < mem_total * 0.1";
- time = "1h";
- description = "{{$}} is using at least 90% of its RAM for at least 1 hour.";
- };
- load15 = {
- condition = ''system_load15 / system_n_cpus{org!="nix-community"} >= 2.0'';
- time = "10m";
- description = "{{$}} is running with load15 > 1 for at least 5 minutes: {{$value}}";
- };
- reboot = {
- condition = "system_uptime < 300";
- description = "{{$}} just rebooted.";
- };
- uptime = {
- # too scared to upgrade matchbox
- condition = ''system_uptime {host!~"^(matchbox|grandalf)$"} > 2592000'';
- description = "Uptime monster: {{$}} has been up for more than 30 days.";
- };
- telegraf_down = {
- condition = ''min(up{job=~"telegraf",type!='mobile'}) by (source, job, instance, org) == 0'';
- time = "3m";
- description = "{{$labels.instance}}: {{$labels.job}} telegraf exporter from {{$labels.source}} is down.";
- };
- ping = {
- condition = "ping_result_code{type!='mobile'} != 0";
- description = "{{$labels.url}}: ping from {{$labels.instance}} has failed!";
- };
- ping_high_latency = {
- condition = "ping_average_response_ms{type!='mobile'} > 5000";
- description = "{{$labels.instance}}: ping probe from {{$labels.source}} is encountering high latency!";
- };
- http = {
- condition = "http_response_result_code != 0";
- description = "{{$labels.server}} : http request failed from {{$labels.instance}}: {{$labels.result}}!";
- };
- http_match_failed = {
- condition = "http_response_response_string_match == 0";
- description = "{{$labels.server}} : http body not as expected; status code: {{$labels.status_code}}!";
- };
- dns_query = {
- condition = "dns_query_result_code != 0";
- description = "{{$labels.domain}} : could retrieve A record {{$labels.instance}} from server {{$labels.server}}: {{$labels.result}}!";
- };
- secure_dns_query = {
- condition = "secure_dns_state != 0";
- description = "{{$labels.domain}} : could retrieve A record {{$labels.instance}} from server {{$labels.server}}: {{$labels.result}} for protocol {{$labels.protocol}}!";
- };
- connection_failed = {
- condition = "net_response_result_code != 0";
- description = "{{$labels.server}}: connection to {{$labels.port}}({{$labels.protocol}}) failed from {{$labels.instance}}";
- };
- healthchecks = {
- condition = "hc_check_up == 0";
- description = "{{$labels.instance}}: healtcheck {{$labels.job}} fails!";
- };
- cert_expiry = {
- condition = "x509_cert_expiry < 7*24*3600";
- description = "{{$labels.instance}}: The TLS certificate from {{$labels.source}} will expire in less than 7 days: {{$value}}s";
- };
- postfix_queue_length = {
- condition = "avg_over_time(postfix_queue_length[1h]) > 10";
- description = "{{$labels.instance}}: postfix mail queue has undelivered {{$value}} items";
- };
- zfs_errors = {
- condition = "zfs_arcstats_l2_io_error + zfs_dmu_tx_error + zfs_arcstats_l2_writes_error > 0";
- description = "{{$labels.instance}} reports: {{$value}} ZFS IO errors.";
- };
- # ignore devices that disabled S.M.A.R.T (example if attached via USB)
- smart_errors = {
- condition = ''smart_device_health_ok{enabled!="Disabled"} != 1'';
- description = "{{$labels.instance}}: S.M.A.R.T reports: {{$labels.device}} ({{$labels.model}}) has errors.";
- };
- oom_kills = {
- condition = "increase(kernel_vmstat_oom_kill[5m]) > 0";
- description = "{{$labels.instance}}: OOM kill detected";
- };
- unusual_disk_read_latency = {
- condition = "rate(diskio_read_time[1m]) / rate(diskio_reads[1m]) > 0.1 and rate(diskio_reads[1m]) > 0";
- description = "{{$labels.instance}}: Disk latency is growing (read operations > 100ms)\n";
- };
- unusual_disk_write_latency = {
- condition = "rate(diskio_write_time[1m]) / rate(diskio_write[1m]) > 0.1 and rate(diskio_write[1m]) > 0";
- description = "{{$labels.instance}}: Disk latency is growing (write operations > 100ms)\n";
- };
- host_memory_under_memory_pressure = {
- condition = "rate(node_vmstat_pgmajfault[1m]) > 1000";
- description = "{{$labels.instance}}: The node is under heavy memory pressure. High rate of major page faults: {{$value}}";
- };
- ext4_errors = {
- condition = "ext4_errors_value > 0";
- description = "{{$labels.instance}}: ext4 has reported {{$value}} I/O errors: check /sys/fs/ext4/*/errors_count";
- };
- alerts_silences_changed = {
- condition = ''abs(delta(alertmanager_silences{state="active"}[1h])) >= 1'';
- description = "alertmanager: number of active silences has changed: {{$value}}";
- };
- })
diff --git a/lass/2configs/monitoring/prometheus.nix b/lass/2configs/monitoring/prometheus.nix
deleted file mode 100644
index ba32c62a7..000000000
--- a/lass/2configs/monitoring/prometheus.nix
+++ /dev/null
@@ -1,110 +0,0 @@
-{ config, lib, pkgs, ... }:
- #prometheus
- krebs.iptables = {
- enable = true;
- tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } # nginx
- # { predicate = "-i retiolum -p tcp --dport 3012"; target = "ACCEPT"; } # grafana
- # { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } # alertmanager
- # { predicate = "-i retiolum -p tcp --dport 9223"; target = "ACCEPT"; } # alertmanager
- ];
- };
- services.nginx = {
- enable = true;
- virtualHosts = {
- "prometheus.lass.r" = {
- locations."/".proxyPass = "http://localhost:9090";
- };
- "alert.lass.r" = {
- locations."/".proxyPass = "http://localhost:9093";
- };
- "grafana.lass.r" = {
- locations."/".proxyPass = "http://localhost:3012";
- };
- };
- };
- services.grafana = {
- enable = true;
- addr = "";
- port = 3012;
- auth.anonymous = {
- enable = true;
- org_role = "Admin";
- };
- };
- services.prometheus = {
- enable = true;
- ruleFiles = [
- (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON {
- groups = [{
- name = "alerting-rules";
- rules = import ./alert-rules.nix { inherit lib; };
- }];
- }))
- ];
- scrapeConfigs = [
- {
- job_name = "telegraf";
- scrape_interval = "60s";
- metrics_path = "/metrics";
- static_configs = [
- {
- targets = [
- "prism.r:9273"
- "dishfire.r:9273"
- "yellow.r:9273"
- ];
- }
- ];
- }
- ];
- alertmanagers = [
- { scheme = "http";
- path_prefix = "/";
- static_configs = [ { targets = [ "localhost:9093" ]; } ];
- }
- ];
- alertmanager = {
- enable = true;
- webExternalUrl = "https://alert.lass.r";
- listenAddress = "[::1]";
- configuration = {
- global = {
- # The smarthost and SMTP sender used for mail notifications.
- smtp_smarthost = "localhost:587";
- smtp_from = "alertmanager@alert.lass.r";
- # smtp_auth_username = "";
- # smtp_auth_password = "$SMTP_PASSWORD";
- };
- route = {
- receiver = "default";
- routes = [
- {
- group_by = [ "host" ];
- group_wait = "30s";
- group_interval = "2m";
- repeat_interval = "2h";
- receiver = "all";
- }
- ];
- };
- receivers = [
- {
- name = "all";
- webhook_configs = [{
- url = "";
- max_alerts = 5;
- }];
- }
- {
- name = "default";
- }
- ];
- };
- };
- };
diff --git a/lass/2configs/monitoring/telegraf.nix b/lass/2configs/monitoring/telegraf.nix
deleted file mode 100644
index 5258b87ed..000000000
--- a/lass/2configs/monitoring/telegraf.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ config, lib, pkgs, ... }:
- isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules;
-in {
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 9273"; target = "ACCEPT"; }
- ];
- = [ pkgs.nvme-cli ];
- services.telegraf = {
- enable = true;
- extraConfig = {
- agent.interval = "60s";
- inputs = {
- http_response = [
- { urls = [
- "http://localhost:8080/about/health/"
- ]; }
- ];
- prometheus.metric_version = 2;
- kernel_vmstat = { };
- # smart = lib.mkIf (!isVM) {
- # path = pkgs.writeShellScript "smartctl" ''
- # exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@"
- # '';
- # };
- system = { };
- mem = { };
- file = [{
- data_format = "influx";
- file_tag = "name";
- files = [ "/var/log/telegraf/*" ];
- }] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) {
- name_override = "ext4_errors";
- files = [ "/sys/fs/ext4/*/errors_count" ];
- data_format = "value";
- };
- exec = lib.optionalAttrs (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems) {
- ## Commands array
- commands = [
- (pkgs.writeScript "zpool-health" ''
- #!${pkgs.gawk}/bin/awk -f
- while ("${pkgs.zfs}/bin/zpool status" | getline) {
- if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 }
- if ($1 ~ /state:/) { printf " state=\"%s\",", $2 }
- if ($1 ~ /errors:/) {
- if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2
- }
- }
- }
- '')
- ];
- data_format = "influx";
- };
- systemd_units = { };
- swap = { };
- disk.tagdrop = {
- fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ];
- device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ];
- };
- diskio = { };
- };
- outputs.prometheus_client = {
- listen = ":9273";
- metric_version = 2;
- };
- };
- };
diff --git a/lass/2configs/mouse.nix b/lass/2configs/mouse.nix
deleted file mode 100644
index f5f9319ed..000000000
--- a/lass/2configs/mouse.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ lib, ... }:
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
- services.xserver.libinput.enable = lib.mkForce false;
- services.xserver.synaptics = {
- enable = true;
- horizEdgeScroll = false;
- horizontalScroll = false;
- vertEdgeScroll = false;
- maxSpeed = "0.1";
- minSpeed = "0.01";
- tapButtons = false;
- };
diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix
deleted file mode 100644
index d65b4a87a..000000000
--- a/lass/2configs/mpv.nix
+++ /dev/null
@@ -1,103 +0,0 @@
-{ pkgs, lib, ... }:
- dl_subs = pkgs.writers.writeDashBin "dl_subs" ''
- filename=$1
- ${pkgs.subdl}/bin/subdl --output='/tmp/{m}.{M}.sub' "$filename" 1>&2
- echo "/tmp/$(basename "$filename").sub"
- '';
- autosub = pkgs.writeText "autosub.lua" ''
- -- Requires Subliminal version 1.0 or newer
- -- Make sure to specify your system's Subliminal location below:
- local utils = require 'mp.utils'
- -- Log function: log to both terminal and mpv OSD (On-Screen Display)
- function log(string, secs)
- secs = secs or 2 -- secs defaults to 2 when the secs parameter is absent
- mp.msg.warn(string) -- This logs to the terminal
- mp.osd_message(string, secs) -- This logs to mpv screen
- end
- function download()
- log('Searching subtitles ...', 10)
- path = mp.get_property('path')
- result = utils.subprocess({ args = {"${dl_subs}/bin/dl_subs", path} })
- if result.error == nil then
- filename = string.gsub(result.stdout, "\n", "")
- log(filename)
- mp.commandv('sub_add', filename)
- log('Subtitles ready!')
- else
- log('Subtitles failed downloading')
- end
- end
- -- Control function: only download if necessary
- function control_download()
- duration = tonumber(mp.get_property('duration'))
- if duration < 900 then
- mp.msg.warn('Video is less than 15 minutes\n', '=> NOT downloading any subtitles')
- return
- end
- -- There does not seem to be any documentation for the 'sub' property,
- -- but it works on both internally encoded as well as external subtitle files!
- -- -> sub = '1' when subtitles are present
- -- -> sub = 'no' when subtitles are not present
- -- -> sub = 'auto' when called before the 'file-loaded' event is triggered
- sub = mp.get_property('sub')
- if sub == '1' then
- mp.msg.warn('Sub track is already present\n', '=> NOT downloading other subtitles')
- return
- end
- mp.msg.warn('No sub track was detected\n', '=> Proceeding to download subtitles:')
- download()
- end
- mp.add_key_binding('S', "download_subs", download)
- '';
- mpvInput = pkgs.writeText "mpv.input" ''
- : script-binding console/enable
- x add audio-delay -0.050
- X add audio-delay 0.050
- '';
- mpvConfig = pkgs.writeText "mpv.conf" ''
- osd-font-size=20
- '';
- mpv = pkgs.symlinkJoin {
- name = "mpv";
- paths = [
- (pkgs.writeDashBin "mpv" ''
- set -efu
- Y_RES=1081
- # we need to disable sponsorblock local database because of
- #
- exec ${pkgs.mpv.override {
- scripts = with pkgs.mpvScripts; [
- sponsorblock
- quality-menu
- ];
- }}/bin/mpv \
- --no-config \
- --input-conf=${mpvInput} \
- --include=${mpvConfig} \
- --script=${autosub} \
- --ytdl-format="best[height<$Y_RES]" \
- --script-opts=ytdl_hook-ytdl_path=${}/bin/yt-dlp \
- --script-opts-append=sponsorblock-local_database=no \
- --audio-channels=2 \
- "$@"
- '')
- pkgs.mpv
- ];
- };
-in {
- environment.systemPackages = [
- mpv
- dl_subs
- ];
diff --git a/lass/2configs/muchsync.nix b/lass/2configs/muchsync.nix
deleted file mode 100644
index 392970dbd..000000000
--- a/lass/2configs/muchsync.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-with (import <stockholm/lib>);
-{ config, pkgs, ... }:
- = let
- hosts = [
- "coaxmetal.r"
- "mors.r"
- "green.r"
- "blue.r"
- ];
- in {
- description = "sync mails";
- environment = {
- NOTMUCH_CONFIG = config.environment.variables.NOTMUCH_CONFIG;
- };
- after = [ "" ];
- restartIfChanged = false;
- path = [
- pkgs.notmuch
- pkgs.openssh
- ];
- startAt = "*:*"; # run every minute
- serviceConfig = {
- User = "lass";
- Type = "oneshot";
- ExecStart = pkgs.writeDash "sync-mails" ''
- set -euf
- /run/current-system/sw/bin/nm-tag-init 2>/dev/null
- ${concatMapStringsSep "\n" (host: ''
- echo syncing ${host}:
- ${pkgs.muchsync}/bin/muchsync -s 'ssh -CTaxq -o ConnectTimeout=4' --nonew lass@${host} || :
- '') hosts}
- '';
- };
- };
diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix
deleted file mode 100644
index 0067d64eb..000000000
--- a/lass/2configs/mumble-reminder.nix
+++ /dev/null
@@ -1,107 +0,0 @@
-{ config, lib, pkgs, ... }: let
- write_to_irc = chan: pkgs.writeDash "write_to_irc" ''
- ${pkgs.curl}/bin/curl -fsSv --unix-socket '${lib.removePrefix "unix:" config.krebs.reaktor2.mumble-reminder.API.listen}' http://z/ \
- -H content-type:application/json \
- -d "$(${pkgs.jq}/bin/jq -n \
- --arg text "$1" '{
- command:"PRIVMSG",
- params:["${chan}",$text]
- }'
- )"
- '';
- animals = ''
- Erdferkel
- Paviane
- Raupen
- Australischen Wildhunde
- Emus
- Flundern
- Gorillas
- Kolibris
- Schwarzfersenantilopen
- Quallen
- Kois
- Faulaffen
- Schraubenziegen
- Nachtigallen
- Okapis
- Stachelschweine
- Kurzschwanzkängurus
- Waschbären
- '';
- systemPlugin = {
- plugin = "system";
- config = {
- hooks.PRIVMSG = [
- {
- pattern = "^erriner mich$";
- activate = "match";
- command = {
- filename = pkgs.writeDash "add_remind" ''
- echo "$_from" >> /var/lib/reaktor2-mumble-reminder/users
- sort /var/lib/reaktor2-mumble-reminder/users | uniq > /var/lib/reaktor2-mumble-reminder/users.tmp
- mv /var/lib/reaktor2-mumble-reminder/users.tmp /var/lib/reaktor2-mumble-reminder/users
- echo "Ich werde $_from in zukunft an das meetup errinern"
- '';
- };
- }
- {
- pattern = "^nerv nicht$";
- activate = "match";
- command = {
- filename = pkgs.writeDash "del_remind" ''
- ${pkgs.gnused}/bin/sed -i "/$_from/d" /var/lib/reaktor2-mumble-reminder/users
- echo "okok, Ich werde $_from nich mehr errinern"
- '';
- };
- }
- ];
- };
- };
-in {
- krebs.reaktor2.mumble-reminder = {
- hostname = "";
- nick = "lassulus__";
- API.listen = "unix:/var/lib/reaktor2-mumble-reminder/reaktor_hackint.sock";
- plugins = [
- {
- plugin = "register";
- config = {
- channels = [
- "#krebs"
- "#nixos"
- ];
- };
- }
- systemPlugin
- ];
- port = "6697";
- };
- = {
- description = "weekly reminder for nixos mumble";
- startAt = "Wed *-*-* 19:00:00 Europe/Berlin";
- serviceConfig = {
- ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
- animals='
- ${animals}
- '
- ${write_to_irc "#nixos"} "Es ist Mittwoch meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
- ${write_to_irc "#nixos"} "kommt auf mumble://"
- '';
- };
- };
- = {
- description = "weekly reminder for nixos mumble";
- startAt = "Wed *-*-* 19:00:00 Europe/Berlin";
- serviceConfig = {
- ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
- animals='
- ${animals}
- '
- ${write_to_irc "#krebs"} "Es ist Mittwoch meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
- ${write_to_irc "#krebs"} "$(cat /var/lib/reaktor2-mumble-reminder/users | ${pkgs.findutils}/bin/xargs echo) : mumble?"
- '';
- };
- };
diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix
deleted file mode 100644
index ee69c6b1a..000000000
--- a/lass/2configs/network-manager.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ pkgs, lib, ... }:
- networking.wireless.enable = lib.mkForce false;
- networking.networkmanager = {
- ethernet.macAddress = "random";
- wifi.macAddress = "random";
- enable = true;
- unmanaged = [
- "docker*"
- "vboxnet*"
- ];
- };
- = false;
- users.users.mainUser = {
- extraGroups = [ "networkmanager" ];
- packages = with pkgs; [
- gnome.gnome-keyring
- dconf
- ];
- };
- environment.systemPackages = [
- pkgs.nm-dmenu
- ];
diff --git a/lass/2configs/networkd.nix b/lass/2configs/networkd.nix
deleted file mode 100644
index 12ffe0bd7..000000000
--- a/lass/2configs/networkd.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, lib, pkgs, ... }:
- = lib.mkForce false;
- = false;
- # Services that are only restarted might be not able to resolve when resolved is stopped before
- = false;
- networking.useNetworkd = true;
- = {
- enable = true;
- networks.wl0 = {
- matchConfig.Name = "wl0";
- DHCP = "yes";
- networkConfig = {
- IgnoreCarrierLoss = "3s";
- };
- dhcpV4Config.UseDNS = true;
- };
- };
diff --git a/lass/2configs/nfs-dl.nix b/lass/2configs/nfs-dl.nix
deleted file mode 100644
index eeab732ba..000000000
--- a/lass/2configs/nfs-dl.nix
+++ /dev/null
@@ -1,22 +0,0 @@
- fileSystems."/mnt/prism" = {
- device = "prism.w:/export/download";
- fsType = "nfs";
- options = [
- #"timeo=14"
- "noauto"
- "noatime"
- "nodiratime"
- #"noac"
- #"nocto"
- "x-systemd.automount"
- "x-systemd.device-timeout=1"
- "x-systemd.idle-timeout=1min"
- "x-systemd.requires=retiolum.service"
- "user"
- "_netdev"
- "soft"
- ];
- };
diff --git a/lass/2configs/orange-host.nix b/lass/2configs/orange-host.nix
deleted file mode 100644
index e4bfcff89..000000000
--- a/lass/2configs/orange-host.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, pkgs, ... }:
- = {
- sshKey = "${toString <secrets>}/orange.sync.key";
- };
- services.nginx.virtualHosts."" = {
- # enableACME =;
- # forceSSL = true;
- locations."/" = {
- recommendedProxySettings = true;
- proxyWebsockets = true;
- proxyPass = "http://orange.r";
- };
- };
diff --git a/lass/2configs/os-templates/CAC-CentOS-6.5-64bit.nix b/lass/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
deleted file mode 100644
index b5ec722a0..000000000
--- a/lass/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
+++ /dev/null
@@ -1,47 +0,0 @@
- boot.loader.grub = {
- device = "/dev/sda";
- splashImage = null;
- };
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "vmw_pvscsi"
- ];
- fileSystems."/" = {
- device = "/dev/VolGroup/lv_root";
- fsType = "ext4";
- };
- fileSystems."/boot" = {
- device = "/dev/sda1";
- fsType = "ext4";
- };
- swapDevices = [
- { device = "/dev/VolGroup/lv_swap"; }
- ];
- users.extraGroups = {
- # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
- # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
- # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
- # Docs: man:tmpfiles.d(5)
- # man:systemd-tmpfiles(8)
- # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
- # Main PID: 19272 (code=exited, status=1/FAILURE)
- #
- # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
- # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
- # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
- # warning: error(s) occured while switching to the new configuration
- lock.gid = 10001;
- };
diff --git a/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix b/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix
deleted file mode 100644
index 168d1d97b..000000000
--- a/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix
+++ /dev/null
@@ -1,47 +0,0 @@
- boot.loader.grub = {
- device = "/dev/sda";
- splashImage = null;
- };
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "vmw_pvscsi"
- ];
- fileSystems."/" = {
- device = "/dev/centos/root";
- fsType = "xfs";
- };
- fileSystems."/boot" = {
- device = "/dev/sda1";
- fsType = "xfs";
- };
- swapDevices = [
- { device = "/dev/centos/swap"; }
- ];
- users.extraGroups = {
- # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
- # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
- # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
- # Docs: man:tmpfiles.d(5)
- # man:systemd-tmpfiles(8)
- # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
- # Main PID: 19272 (code=exited, status=1/FAILURE)
- #
- # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
- # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
- # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
- # warning: error(s) occured while switching to the new configuration
- lock.gid = 10001;
- };
diff --git a/lass/2configs/otp-ssh.nix b/lass/2configs/otp-ssh.nix
deleted file mode 100644
index f9984e245..000000000
--- a/lass/2configs/otp-ssh.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ pkgs, ... }:
-# Enables second factor for ssh password login
-## Usage:
-# gen-oath-safe <username> totp
-## scan the qrcode with google authenticator (or FreeOTP)
-## copy last line into secrets/<host>/users.oath (chmod 700)
- security.pam.oath = {
- # enabling it will make it a requisite of `all` services
- # enable = true;
- digits = 6;
- # TODO assert existing
- usersFile = (toString <secrets>) + "/users.oath";
- };
- # I want TFA only active for sshd with password-auth
- = true;
diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
deleted file mode 100644
index 8ec3ac092..000000000
--- a/lass/2configs/pass.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, pkgs, ... }:
- users.users.mainUser.packages = with pkgs; [
- (pass.withExtensions (ext: [ ext.pass-otp ]))
- gnupg
- (pkgs.writers.writeDashBin "unlock" ''
- set -efu
- HOST=$1
- pw=$(pass show "admin/$HOST/luks")
- torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"
- '')
- ];
- programs.gnupg.agent.enable = true;
diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix
deleted file mode 100644
index 87768a452..000000000
--- a/lass/2configs/paste.nix
+++ /dev/null
@@ -1,141 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- services.nginx.virtualHosts.cyberlocker = {
- serverAliases = [ "c.r" ];
- locations."/".extraConfig = ''
- client_max_body_size 4G;
- proxy_set_header Host $host;
- proxy_pass${toString config.krebs.htgen.cyberlocker.port};
- '';
- extraConfig = ''
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- '';
- };
- services.nginx.virtualHosts.paste = {
- serverAliases = [ "p.r" ];
- locations."/".extraConfig = ''
- client_max_body_size 4G;
- proxy_set_header Host $host;
- proxy_pass${toString config.krebs.htgen.paste.port};
- '';
- locations."/image".extraConfig = /* nginx */ ''
- client_max_body_size 40M;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass${toString config.krebs.htgen.imgur.port};
- proxy_pass_header Server;
- '';
- extraConfig = ''
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- '';
- };
- services.nginx.virtualHosts."" = {
- enableACME = true;
- addSSL = true;
- serverAliases = [ "" ];
- locations."/".extraConfig = ''
- if ($request_method != GET) {
- return 403;
- }
- proxy_set_header Host $host;
- proxy_pass${toString config.krebs.htgen.cyberlocker.port};
- '';
- extraConfig = ''
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- '';
- };
- services.nginx.virtualHosts."" = {
- enableACME = true;
- addSSL = true;
- serverAliases = [ "" ];
- locations."/".extraConfig = ''
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass${toString config.krebs.htgen.paste.port};
- '';
- locations."/form".extraConfig = ''
- client_max_body_size 4G;
- proxy_set_header Host $host;
- proxy_pass${toString config.krebs.htgen.paste-form.port};
- '';
- locations."/image".extraConfig = ''
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass${toString config.krebs.htgen.imgur.port};
- proxy_pass_header Server;
- '';
- extraConfig = ''
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- '';
- };
- krebs.htgen.paste = {
- port = 9081;
- script = /* sh */ ''
- (. ${pkgs.htgen-paste}/bin/htgen-paste)
- '';
- };
- = {
- startAt = "daily";
- serviceConfig = {
- ExecStart = ''
- ${pkgs.findutils}/bin/find /var/lib/htgen-paste/items -type f -mtime '+30' -exec rm {} \;
- '';
- User = "htgen-paste";
- };
- };
- krebs.htgen.paste-form = {
- port = 7770;
- script = /* sh */ ''
- export PATH=${makeBinPath [
- pkgs.curl
- pkgs.gnused
- ]}:$PATH
- (. ${pkgs.writeScript "paste-form" ''
- case "$Method" in
- 'POST')
- ref=$(head -c $req_content_length | sed '0,/^\r$/d;$d' | curl -fSs --data-binary @- | sed '1d;s/^http:/https:/')
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Content-Type: text/plain; charset=UTF-8\r\n'
- printf 'Server: %s\r\n' "$Server"
- printf 'Connection: close\r\n'
- printf 'Content-Length: %d\r\n' $(expr ''${#ref} + 1)
- printf '\r\n'
- printf '%s\n' "$ref"
- exit
- ;;
- esac
- ''})
- '';
- };
- krebs.htgen.imgur = {
- port = 7771;
- script = /* sh */ ''
- (. ${pkgs.htgen-imgur}/bin/htgen-imgur)
- '';
- };
- krebs.htgen.cyberlocker = {
- port = 7772;
- script = /* sh */ ''
- (. ${pkgs.htgen-cyberlocker}/bin/htgen-cyberlocker)
- '';
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";}
- ];
diff --git a/lass/2configs/pipewire.nix b/lass/2configs/pipewire.nix
deleted file mode 100644
index da9408669..000000000
--- a/lass/2configs/pipewire.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ config, lib, pkgs, ... }:
-# TODO test `alsactl init` after suspend to reinit mic
- security.rtkit.enable = true;
- hardware.bluetooth = {
- enable = true;
- powerOnBoot = true;
- };
- environment.systemPackages = with pkgs; [
- alsa-utils
- pulseaudio
- ponymix
- ];
- services.pipewire = {
- enable = true;
- systemWide = true;
- alsa.enable = true;
- alsa.support32Bit = true;
- pulse.enable = true;
- jack.enable = true;
- };
- environment.etc = {
- "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
- = {
- ["bluez5.enable-sbc-xq"] = true,
- ["bluez5.enable-msbc"] = true,
- ["bluez5.enable-hw-volume"] = true,
- ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
- }
- '';
- };
diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix
deleted file mode 100644
index 648ffc784..000000000
--- a/lass/2configs/power-action.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, pkgs, ... }:
- suspend = pkgs.writeDash "suspend" ''
- ${pkgs.systemd}/bin/systemctl suspend
- '';
- speak = text:
- pkgs.writeDash "speak" ''
- ${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}"
- '';
-in {
- krebs.power-action = {
- enable = true;
- plans.low-battery = {
- upperLimit = 10;
- lowerLimit = 15;
- charging = false;
- action = pkgs.writeDash "warn-low-battery" ''
- ${speak "power level low"}
- '';
- };
- plans.suspend = {
- upperLimit = 10;
- lowerLimit = 0;
- charging = false;
- action = pkgs.writeDash "suspend-wrapper" ''
- /run/wrappers/bin/sudo ${suspend}
- '';
- };
- user = "lass";
- };
- users.users.power-action = {
- isNormalUser = true;
- extraGroups = [
- "audio"
- ];
- };
- security.sudo.extraConfig = ''
- ${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend}
- '';
diff --git a/lass/2configs/ppp/umts-stick.nix b/lass/2configs/ppp/umts-stick.nix
deleted file mode 100644
index 64551a2b3..000000000
--- a/lass/2configs/ppp/umts-stick.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ pkgs, ... }: {
- # usage: pppd call stick
- environment.etc."ppp/peers/stick".text = ''
- /dev/ttyUSB0
- 460800
- crtscts
- defaultroute
- holdoff 10
- lock
- maxfail 0
- noauth
- nodetach
- noipdefault
- passive
- persist
- usepeerdns
- connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "" ''
- "" "ATDT*99#"
- ''}"
- '';
- environment.systemPackages = [
- pkgs.ppp
- ];
diff --git a/lass/2configs/ppp/x220-modem.nix b/lass/2configs/ppp/x220-modem.nix
deleted file mode 100644
index d6facb724..000000000
--- a/lass/2configs/ppp/x220-modem.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ pkgs, ... }: {
- # usage: pppd call x220
- environment.etc."ppp/peers/x220".text = ''
- /dev/ttyACM2
- 921600
- crtscts
- defaultroute
- holdoff 10
- lock
- maxfail 0
- noauth
- nodetach
- noipdefault
- passive
- persist
- usepeerdns
- connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "" ''
- "" "ATDT*99#"
- ''}"
- '';
- environment.systemPackages = [
- pkgs.ppp
- ];
diff --git a/lass/2configs/print.nix b/lass/2configs/print.nix
deleted file mode 100644
index 5769f9b15..000000000
--- a/lass/2configs/print.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ pkgs, ... }:
- services.printing = {
- enable = true;
- drivers = [
- pkgs.foomatic-filters
- pkgs.gutenprint
- ];
- browsing = true;
- browsedConf = ''
- BrowseDNSSDSubTypes _cups,_print
- BrowseLocalProtocols all
- BrowseRemoteProtocols all
- CreateIPPPrinterQueues All
- BrowseProtocols all
- '';
- };
- services.avahi = {
- enable = true;
- openFirewall = true;
- nssmdns = true;
- };
diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix
deleted file mode 100644
index fb803dd77..000000000
--- a/lass/2configs/prism-share.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 139"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 445"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 137"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 138"; target = "ACCEPT"; }
- ];
- users.users.smbguest = {
- name = "smbguest";
- uid = config.ids.uids.smbguest;
- description = "smb guest user";
- home = "/home/share";
- createHome = true;
- group = "share";
- };
- users.groups.share = {};
- services.samba = {
- enable = true;
- enableNmbd = true;
- shares = {
- incoming = {
- path = "/mnt/prism";
- "read only" = "yes";
- browseable = "yes";
- "guest ok" = "yes";
- };
- };
- extraConfig = ''
- guest account = smbguest
- map to guest = bad user
- # disable printing
- load printers = no
- printing = bsd
- printcap name = /dev/null
- disable spoolss = yes
- '';
- };
diff --git a/lass/2configs/privoxy-retiolum.nix b/lass/2configs/privoxy-retiolum.nix
deleted file mode 100644
index 352a6d3d8..000000000
--- a/lass/2configs/privoxy-retiolum.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, ... }:
- r_ip =;
-in {
- imports = [
- ./privoxy.nix
- ];
- services.privoxy.listenAddress = "${r_ip}:8118";
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 8118"; target = "ACCEPT"; }
- { predicate = "-i dns0 -p tcp --dport 8118"; target = "ACCEPT"; }
- ];
- };
- };
diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix
deleted file mode 100644
index e0a086421..000000000
--- a/lass/2configs/privoxy.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ config, ... }:
- services.privoxy = {
- enable = true;
- };
diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix
deleted file mode 100644
index 4361ec747..000000000
--- a/lass/2configs/programs.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ config, pkgs, ... }:
-## TODO sort and split up
- environment.systemPackages = with pkgs; [
- aria2
- generate-secrets
- gnupg1compat
- htop
- i3lock
- l-gen-secrets
- mosh
- pass
- pavucontrol
- pv
- pwgen
- remmina
- ripgrep
- silver-searcher
- transmission
- wget
- xsel
- yt-dlp
- (pkgs.writeDashBin "youtube-dl" ''
- exec ${}/bin/yt-dlp "$@"
- '')
- (pkgs.writeDashBin "tether-on" ''
- adb shell svc usb setFunctions rndis
- '')
- (pkgs.writeDashBin "tether-off" ''
- adb shell svc usb setFunctions
- '')
- (pkgs.writeDashBin "deploy" ''
- set -eu
- export SYSTEM="$1"
- $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
- '')
- (pkgs.writeDashBin "" ''
- TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
- ${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json
- OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${}/bin/ovh-zone import /etc/zones/
- ${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
- '')
- (pkgs.writeDashBin "btc-coinbase" ''
- ${pkgs.curl}/bin/curl -Ss '' | ${pkgs.jq}/bin/jq '.data.amount'
- '')
- (pkgs.writeDashBin "btc-wex" ''
- ${pkgs.curl}/bin/curl -Ss '' | ${pkgs.jq}/bin/jq '.btc_eur.avg'
- '')
- (pkgs.writeDashBin "btc-kraken" ''
- ${pkgs.curl}/bin/curl -Ss '' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]'
- '')
- ];
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
deleted file mode 100644
index 457d5b6c7..000000000
--- a/lass/2configs/reaktor-coders.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- hooks = pkgs.reaktor2-plugins.hooks;
-in {
- krebs.reaktor2.coders = {
- hostname = "";
- port = "9999";
- useTLS = true;
- nick = "reaktor2|lass";
- plugins = [
- {
- plugin = "register";
- config = {
- channels = [
- "#coders"
- "#germany"
- "#panthermoderns"
- ];
- };
- }
- {
- plugin = "system";
- config = {
- workdir = config.krebs.reaktor2.coders.stateDir;
- hooks.PRIVMSG = [
- hooks.sed
- hooks.url-title
- {
- activate = "match";
- pattern = ''^!([^ ]+)(?:\s*(.*))?'';
- command = 1;
- arguments = [2];
- commands = {
- ping.filename = pkgs.writeDash "ping" ''
- exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
- '';
- google.filename = pkgs.writeDash "google" ''
- exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
- ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
- '';
- shrug.filename = pkgs.writeDash "shrug" ''
- exec echo '¯\_(ツ)_/¯'
- '';
- table.filename = pkgs.writeDash "table" ''
- exec echo '(╯°□°)╯ ┻━┻'
- '';
- };
- }
- ];
- };
- }
- ];
- };
diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix
deleted file mode 100644
index d81642da1..000000000
--- a/lass/2configs/realwallpaper.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{ config, lib, pkgs, ... }:
- hostname =;
- inherit (lib)
- nameValuePair
- ;
-in {
- krebs.realwallpaper.enable = true;
- system.activationScripts.wallpaper-chmod = ''
- ${pkgs.coreutils}/bin/chmod +x /var/realwallpaper
- '';
- services.nginx.virtualHosts.wallpaper = {
- extraConfig = ''
- if ( $server_addr = "${}" ) {
- return 403;
- }
- '';
- serverAliases = [
- "wallpaper.r"
- ];
- locations."/realwallpaper/".extraConfig = ''
- index on;
- root /var/realwallpaper";
- '';
- locations."/realwallpaper.png".extraConfig = ''
- root /var/realwallpaper/;
- '';
- locations."/realwallpaper-krebs.png".extraConfig = ''
- root /var/realwallpaper/;
- '';
- locations."/realwallpaper-krebs-stars.png".extraConfig = ''
- root /var/realwallpaper/;
- '';
- locations."/realwallpaper-krebs-stars-berlin.png".extraConfig = ''
- root /var/realwallpaper/;
- '';
- locations."/realwallpaper-video.mp4".extraConfig = ''
- root /var/realwallpaper/archive;
- '';
- };
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
- };
diff --git a/lass/2configs/rebuild-on-boot.nix b/lass/2configs/rebuild-on-boot.nix
deleted file mode 100644
index 60198be7b..000000000
--- a/lass/2configs/rebuild-on-boot.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- = {
- wantedBy = [ "" ];
- environment = {
- NIX_REMOTE = "daemon";
- HOME = "/var/empty";
- };
- serviceConfig = {
- ExecStart = pkgs.writeScript "rebuild" ''
- #!${pkgs.bash}/bin/bash
- (/run/current-system/sw/bin/nixos-rebuild -I /var/src switch) &
- '';
- ExecStop = "${pkgs.coreutils}/bin/sleep 10";
- };
- };
diff --git a/lass/2configs/red-host.nix b/lass/2configs/red-host.nix
deleted file mode 100644
index 171191dac..000000000
--- a/lass/2configs/red-host.nix
+++ /dev/null
@@ -1,167 +0,0 @@
-{ config, lib, pkgs, ... }:
- = "red";
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- ];
- = {
- sshKey = "${toString <secrets>}/containers/red/sync.key";
- ephemeral = true;
- };
- # containers.${} = {
- # config = {
- # environment.systemPackages = [
- # pkgs.dhcpcd
- # pkgs.git
- # pkgs.jq
- # ];
- # networking.useDHCP = lib.mkForce true;
- # = {
- # environment = {
- # NIX_REMOTE = "daemon";
- # };
- # wantedBy = [ "" ];
- # serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ''
- # if test -e /var/src/nixos-config; then
- # /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || :
- # fi
- # '';
- # unitConfig.X-StopOnRemoval = false;
- # };
- # };
- # autoStart = false;
- # enableTun = true;
- # privateNetwork = true;
- # hostBridge = "ctr0";
- # bindMounts = {
- # "/etc/resolv.conf".hostPath = "/etc/resolv.conf";
- # "/var/lib/self-state/disk-image" = {
- # hostPath = "/var/lib/sync-containers3/${}";
- # isReadOnly = true;
- # };
- # };
- # };
- #"${}_scheduler" = {
- # wantedBy = [ "" ];
- # path = with pkgs; [
- # coreutils
- # consul
- # cryptsetup
- # mount
- # util-linux
- # systemd
- # untilport
- # ];
- # serviceConfig = {
- # Restart = "always";
- # RestartSec = "15s";
- # ExecStart = "${pkgs.consul}/bin/consul lock container_${} ${pkgs.writers.writeDash "${}-start" ''
- # set -efux
- # trap ${pkgs.writers.writeDash "stop-${}" ''
- # set -efux
- # /run/current-system/sw/bin/nixos-container stop ${} || :
- # umount /var/lib/nixos-containers/${}/var/state || :
- # cryptsetup luksClose ${} || :
- # consul kv put containers/${}/host ${config.networking.hostName}
- # cryptsetup luksOpen --key-file /var/src/secrets/containers/${}/luks /var/lib/sync-containers3/${}/disk ${}
- # mkdir -p /var/lib/nixos-containers/${}/var/state
- # mount /dev/mapper/${} /var/lib/nixos-containers/${}/var/state
- # ln -frs /var/lib/nixos-containers/${}/var/state/var_src /var/lib/nixos-containers/${}/var/src
- # /run/current-system/sw/bin/nixos-container start ${}
- # set +x
- # until /run/wrappers/bin/ping -q -c 1 ${}.r > /dev/null; do sleep 5; done
- # while /run/wrappers/bin/ping -q -c 1 ${}.r > /dev/null; do sleep 5; done
- # ''}";
- # };
- # };
- # users.groups."container_${}" = {};
- # users.users."container_${}" = {
- # group = "container_${}";
- # isSystemUser = true;
- # home = "/var/lib/sync-containers3/${}";
- # createHome = true;
- # homeMode = "705";
- # openssh.authorizedKeys.keys = [
- # config.krebs.users.lass.pubkey
- # ];
- # };
- # systemd.timers."${}_syncer" = {
- # timerConfig = {
- # RandomizedDelaySec = 300;
- # };
- # };
- #"${}_syncer" = {
- # path = with pkgs; [
- # coreutils
- # rsync
- # openssh
- # systemd
- # ];
- # startAt = "*:0/1";
- # serviceConfig = {
- # User = "container_${}";
- # LoadCredential = [
- # "ssh_key:${toString <secrets>}/containers/${}/sync.key"
- # ];
- # ExecCondition = pkgs.writers.writeDash "${}_checker" ''
- # set -efu
- # ! systemctl is-active --quiet container@${}.service
- # '';
- # ExecStart = pkgs.writers.writeDash "${}_syncer" ''
- # set -efu
- # rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${}.r:disk-image/disk $HOME/disk
- # '';
- # };
- # };
- # # networking
- # networking.networkmanager.unmanaged = [ "ctr0" ];
- # networking.interfaces.dummy0.virtual = true;
- # networking.bridges.ctr0.interfaces = [ "dummy0" ];
- # networking.interfaces.ctr0.ipv4.addresses = [{
- # address = "";
- # prefixLength = 24;
- # }];
- #"dhcpd-ctr0" = {
- # wantedBy = [ "" ];
- # after = [ "" ];
- # serviceConfig = {
- # Type = "forking";
- # Restart = "always";
- # DynamicUser = true;
- # StateDirectory = "dhcpd-ctr0";
- # User = "dhcpd-ctr0";
- # Group = "dhcpd-ctr0";
- # AmbientCapabilities = [
- # "CAP_NET_RAW" # to send ICMP messages
- # "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67)
- # ];
- # ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases";
- # ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" ''
- # default-lease-time 600;
- # max-lease-time 7200;
- # authoritative;
- # ddns-update-style interim;
- # log-facility local1; # see dhcpd.nix
- # option subnet-mask;
- # option routers;
- # # option domain-name-servers; # TODO configure dns server
- # subnet netmask {
- # range;
- # }
- # ''} ctr0";
- # };
- # };
diff --git a/lass/2configs/redis.nix b/lass/2configs/redis.nix
deleted file mode 100644
index 8dd8df5c3..000000000
--- a/lass/2configs/redis.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ config, ... }:
- = {
- enable = true;
- bind = "";
- };
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
deleted file mode 100644
index 746bc069d..000000000
--- a/lass/2configs/retiolum.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ config, lib, pkgs, ... }:
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = let
- tincport = toString;
- in [
- { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; }
- { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; }
- ];
- };
- };
- krebs.tinc.retiolum = {
- enable = true;
- connectTo = [
- "prism"
- "ni"
- "eve"
- ];
- extraConfig = ''
- AutoConnect = no
- StrictSubnets = yes
- ${lib.optionalString ( != null) ''
- LocalDiscovery = no
- ''}
- '';
- tincUp = lib.mkIf "";
- };
- = {
- matchConfig.Name = "retiolum";
- address = [
- "${}/16"
- "${}/16"
- ];
- };
- nixpkgs.config.packageOverrides = pkgs: {
- tinc = pkgs.tinc_pre;
- };
- environment.systemPackages = [
- pkgs.tinc
- ];
diff --git a/lass/2configs/review.nix b/lass/2configs/review.nix
deleted file mode 100644
index 658f32084..000000000
--- a/lass/2configs/review.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, pkgs, ... }:
- mainUser = config.users.extraUsers.mainUser;
-in {
- = {
- isNormalUser = true;
- packages = [ pkgs.nixpkgs-review ];
- };
- security.sudo.extraConfig = ''
- ${} ALL=(review) NOPASSWD: ALL
- '';
diff --git a/lass/2configs/riot.nix b/lass/2configs/riot.nix
deleted file mode 100644
index 6aacec5b6..000000000
--- a/lass/2configs/riot.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-{ config, lib, pkgs, ... }:
- containers.riot = {
- config = {
- environment.systemPackages = [
- pkgs.dhcpcd
- pkgs.git
- pkgs.jq
- ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
- ];
- networking.defaultGateway = "";
- = {
- environment = {
- NIX_REMOTE = "daemon";
- };
- wantedBy = [ "" ];
- serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ''
- set -efu
- if test -e /var/src/nixos-config; then
- /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || :
- fi
- '';
- unitConfig.X-StopOnRemoval = false;
- };
- };
- autoStart = true;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "";
- localAddress = "";
- };
-"50-ve-riot" = {
- matchConfig.Name = "ve-riot";
- networkConfig = {
- # weirdly we have to use POSTROUTING MASQUERADE here
- # and set ip_forward manually
- # IPForward = "yes";
- # IPMasquerade = "both";
- LinkLocalAddressing = "no";
- KeepConfiguration = "static";
- };
- };
- boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v6 = false; predicate = "-s ${config.containers.riot.localAddress}"; target = "MASQUERADE"; }
- ];
- # networking.nat can be used instead of this
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { predicate = "-p tcp --dport 45622"; target = "DNAT --to-destination ${config.containers.riot.localAddress}:22"; v6 = false; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = [
- { predicate = "-i ve-riot"; target = "ACCEPT"; }
- { predicate = "-o ve-riot"; target = "ACCEPT"; }
- ];
diff --git a/lass/2configs/rtl-sdr.nix b/lass/2configs/rtl-sdr.nix
deleted file mode 100644
index 7d640ea6c..000000000
--- a/lass/2configs/rtl-sdr.nix
+++ /dev/null
@@ -1,6 +0,0 @@
- boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ];
- services.udev.extraRules = ''
- SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="adm", MODE="0666", SYMLINK+="rtl_sdr"
- '';
diff --git a/lass/2configs/searx.nix b/lass/2configs/searx.nix
deleted file mode 100644
index ed6586a26..000000000
--- a/lass/2configs/searx.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ pkgs, ... }:
- port = 8889;
-in {
- = {
- serverAliases = [ "search.r" ];
- locations."/".extraConfig = ''
- proxy_set_header Host $host;
- proxy_pass${builtins.toString port};
- '';
- };
- services.searx = {
- enable = true;
- configFile = pkgs.writeText "searx.cfg" (builtins.toJSON {
- use_default_settings = true;
- server = {
- port = port;
- secret_key = builtins.readFile <secrets/searx.key>;
- };
- });
- };
diff --git a/lass/2configs/services/coms/default.nix b/lass/2configs/services/coms/default.nix
deleted file mode 100644
index 4bc5f744b..000000000
--- a/lass/2configs/services/coms/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
- imports = [
- ./jitsi.nix
- ./murmur.nix
- ];
diff --git a/lass/2configs/services/coms/jitsi.nix b/lass/2configs/services/coms/jitsi.nix
deleted file mode 100644
index bbcb36166..000000000
--- a/lass/2configs/services/coms/jitsi.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ config, lib, pkgs, ... }:
- services.jitsi-meet = {
- enable = true;
- hostName = "";
- config = {
- enableWelcomePage = true;
- requireDisplayName = true;
- analytics.disabled = true;
- startAudioOnly = true;
- channelLastN = 4;
- stunServers = [
- # -
- { urls = ""; }
- { urls = ""; }
- # - services.coturn:
- #{ urls = "turn:turn.${domainName}:3479?transport=udp"; }
- #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; }
- ];
- = {
- ideal = 720;
- max = 1080;
- min = 240;
- };
- };
- interfaceConfig = {
- };
- };
- services.jitsi-videobridge.config = {
- org.jitsi.videobridge.TRUST_BWE = false;
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 10000"; target = "ACCEPT"; }
- ];
diff --git a/lass/2configs/services/coms/murmur.nix b/lass/2configs/services/coms/murmur.nix
deleted file mode 100644
index 40c53da36..000000000
--- a/lass/2configs/services/coms/murmur.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ config, lib, pkgs, ... }:
- services.murmur = {
- enable = true;
- # allowHtml = false;
- bandwidth = 10000000;
- registerName = "";
- autobanTime = 30;
- sslCert = "/var/lib/acme/";
- sslKey = "/var/lib/acme/";
- extraConfig = ''
- opusthreshold=0
- # rememberchannelduration=10000
- '';
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
- { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
- ];
- # services.botamusique = {
- # enable = true;
- # settings = {
- # = "";
- # bot.auto_check_updates = false;
- # bot.max_track_duration = 360;
- # webinterface.enabled = true;
- # };
- # };
- services.nginx.virtualHosts."" = {
- enableACME = true;
- };
- security.acme.certs."" = {
- group = "lasscert";
- };
- users.groups.lasscert.members = [
- "nginx"
- "murmur"
- ];
- # services.nginx.virtualHosts."bota.r" = {
- # locations."/" = {
- # proxyPass = "http://localhost:8181";
- # };
- # };
diff --git a/lass/2configs/services/coms/proxy.nix b/lass/2configs/services/coms/proxy.nix
deleted file mode 100644
index e8555f9b7..000000000
--- a/lass/2configs/services/coms/proxy.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ config, lib, pkgs, ... }:
- tcpports = [
- 4443 # jitsi
- 64738 # murmur
- ];
- udpports = [
- 10000 # jitsi
- 64738 # murmur
- ];
- target = "orange.r";
- networking.firewall.allowedTCPPorts = tcpports;
- networking.firewall.allowedUDPPorts = udpports;
- services.nginx.streamConfig = ''
- ${lib.concatMapStringsSep "\n" (port: ''
- server {
- listen [::]:${toString port};
- listen ${toString port};
- proxy_pass ${target}:${toString port};
- }
- '') tcpports}
- ${lib.concatMapStringsSep "\n" (port: ''
- server {
- listen ${toString port} udp;
- proxy_pass ${target}:${toString port};
- }
- '') udpports}
- '';
- services.nginx.virtualHosts."" = {
- enableACME = true;
- acmeFallbackHost = "${target}";
- addSSL = true;
- locations."/" = {
- recommendedProxySettings = true;
- proxyWebsockets = true;
- proxyPass = "http://${target}";
- };
- };
diff --git a/lass/2configs/services/flix/container-host.nix b/lass/2configs/services/flix/container-host.nix
deleted file mode 100644
index 1c5b81128..000000000
--- a/lass/2configs/services/flix/container-host.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, pkgs, ... }:
- krebs.sync-containers3.containers.yellow = {
- sshKey = "${toString <secrets>}/yellow.sync.key";
- };
- containers.yellow.bindMounts."/var/lib" = {
- hostPath = "/var/lib/sync-containers3/yellow/state";
- isReadOnly = false;
- };
- containers.yellow.bindMounts."/var/download" = {
- hostPath = "/var/download";
- isReadOnly = false;
- };
- # krebs.iptables.tables.filter.FORWARD.rules = [
- # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip4.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v6 = false; }
- # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip6.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v4 = false; }
- # ];
- # krebs.iptables.tables.nat.PREROUTING.rules = [
- # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${}:8000"; v6 = false; }
- # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${}:8000"; v4 = false; }
- # ];
- networking.firewall.allowedTCPPorts = [ 8096 8920 ];
- networking.firewall.allowedUDPPorts = [ 1900 7359 ];
- containers.yellow.forwardPorts = [
- { hostPort = 8096; containerPort = 8096; protocol = "tcp"; }
- { hostPort = 8920; containerPort = 8920; protocol = "tcp"; }
- { hostPort = 1900; containerPort = 1900; protocol = "udp"; }
- { hostPort = 7359; containerPort = 7359; protocol = "udp"; }
- ];
- services.nginx.virtualHosts."" = {
- # forceSSL = true;
- # enableACME = true;
- locations."/" = {
- proxyPass = "http://yellow.r:8096";
- proxyWebsockets = true;
- recommendedProxySettings = true;
- };
- };
diff --git a/lass/2configs/services/flix/default.nix b/lass/2configs/services/flix/default.nix
deleted file mode 100644
index e6be394ce..000000000
--- a/lass/2configs/services/flix/default.nix
+++ /dev/null
@@ -1,316 +0,0 @@
-{ config, lib, pkgs, ... }:
- = [ "transmission" ];
- services.transmission = {
- enable = true;
- home = "/var/state/transmission";
- group = "download";
- downloadDirPermissions = "775";
- settings = {
- download-dir = "/var/download/transmission";
- incomplete-dir-enabled = false;
- rpc-bind-address = "::";
- message-level = 1;
- umask = 18;
- rpc-whitelist-enabled = false;
- rpc-host-whitelist-enabled = false;
- };
- };
- = "";
- security.acme.acceptTerms = true;
- security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL;
- security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL;
- security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL;
- security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL;
- security.acme.certs."transmission.r".server = config.krebs.ssl.acmeURL;
- services.nginx = {
- enable = true;
- package = pkgs.nginx.override {
- modules = with pkgs.nginxModules; [
- fancyindex
- ];
- };
- virtualHosts."yellow.r" = {
- default = true;
- enableACME = true;
- addSSL = true;
- locations."/" = {
- root = "/var/download";
- extraConfig = ''
- fancyindex on;
- fancyindex_footer "/fancy.html";
- include ${pkgs.nginx}/conf/mime.types;
- include ${pkgs.writeText "extrMime" ''
- types {
- video/webm mkv;
- }
- ''};
- create_full_put_path on;
- '';
- };
- locations."/chatty" = {
- proxyPass = "http://localhost:3000";
- extraConfig = ''
- rewrite /chatty/(.*) /$1 break;
- proxy_set_header Host $host;
- '';
- };
- locations."= /fancy.html".extraConfig = ''
- alias ${pkgs.writeText "nginx_footer" ''
- <div id="mydiv">
- <!-- Include a header DIV with the same name as the draggable DIV, followed by "header" -->
- <div id="mydivheader">Click here to move</div>
- <iframe src="/chatty/index.html"></iframe>
- </div>
- <style>
- #mydiv {
- position: absolute;
- z-index: 9;
- background-color: #f1f1f1;
- border: 1px solid #d3d3d3;
- text-align: center;
- }
- #mydivheader {
- padding: 10px;
- cursor: move;
- z-index: 10;
- background-color: #2196F3;
- color: #fff;
- }
- </style>
- <script>
- // Make the DIV element draggable:
- dragElement(document.getElementById("mydiv"));
- function dragElement(elmnt) {
- var pos1 = 0, pos2 = 0, pos3 = 0, pos4 = 0;
- if (document.getElementById( + "header")) {
- // if present, the header is where you move the DIV from:
- document.getElementById( + "header").onmousedown = dragMouseDown;
- } else {
- // otherwise, move the DIV from anywhere inside the DIV:
- elmnt.onmousedown = dragMouseDown;
- }
- function dragMouseDown(e) {
- e = e || window.event;
- e.preventDefault();
- // get the mouse cursor position at startup:
- pos3 = e.clientX;
- pos4 = e.clientY;
- document.onmouseup = closeDragElement;
- // call a function whenever the cursor moves:
- document.onmousemove = elementDrag;
- }
- function elementDrag(e) {
- e = e || window.event;
- e.preventDefault();
- // calculate the new cursor position:
- pos1 = pos3 - e.clientX;
- pos2 = pos4 - e.clientY;
- pos3 = e.clientX;
- pos4 = e.clientY;
- // set the element's new position:
- = (elmnt.offsetTop - pos2) + "px";
- = (elmnt.offsetLeft - pos1) + "px";
- }
- function closeDragElement() {
- // stop moving when mouse button is released:
- document.onmouseup = null;
- document.onmousemove = null;
- }
- }
- </script>
- ''};
- '';
- };
- virtualHosts."jelly.r" = {
- enableACME = true;
- addSSL = true;
- locations."/".extraConfig = ''
- proxy_pass http://localhost:8096/;
- proxy_set_header Accept-Encoding "";
- '';
- };
- virtualHosts."transmission.r" = {
- enableACME = true;
- addSSL = true;
- locations."/" = {
- proxyWebsockets = true;
- proxyPass = "http://localhost:9091";
- };
- };
- virtualHosts."radar.r" = {
- enableACME = true;
- addSSL = true;
- locations."/" = {
- proxyWebsockets = true;
- proxyPass = "http://localhost:7878";
- };
- };
- virtualHosts."sonar.r" = {
- enableACME = true;
- addSSL = true;
- locations."/" = {
- proxyWebsockets = true;
- proxyPass = "http://localhost:8989";
- };
- };
- };
- services.samba = {
- enable = true;
- enableNmbd = false;
- extraConfig = ''
- workgroup = WORKGROUP
- server string = ${config.networking.hostName}
- # only allow retiolum addresses
- hosts allow = 42::/16
- # Use sendfile() for performance gain
- use sendfile = true
- # No NetBIOS is needed
- disable netbios = true
- # Only mangle non-valid NTFS names, don't care about DOS support
- mangled names = illegal
- # Performance optimizations
- # Disable all printing
- load printers = false
- disable spoolss = true
- printcap name = /dev/null
- map to guest = Bad User
- max log size = 50
- dns proxy = no
- security = user
- [global]
- syslog only = yes
- '';
- shares.public = {
- comment = "Warez";
- path = "/var/download";
- public = "yes";
- "only guest" = "yes";
- "create mask" = "0644";
- "directory mask" = "2777";
- writable = "no";
- printable = "no";
- };
- };
- =
- let
- bruellwuerfelSrc = pkgs.fetchFromGitHub {
- owner = "krebs";
- repo = "bruellwuerfel";
- rev = "dc73adf69249fb63a4b024f1f3fbc9e541b27015";
- sha256 = "078jp1gbavdp8lnwa09xa5m6bbbd05fi4x5ldkkgin5z04hwlhmd";
- };
- in {
- wantedBy = [ "" ];
- environment = {
- IRC_CHANNEL = "#flix";
- IRC_NICK = "bruelli";
- IRC_SERVER = "irc.r";
- IRC_HISTORY_FILE = "/tmp/bruelli.history";
- };
- serviceConfig = {
- ExecStart = "${pkgs.deno}/bin/deno run -A ${bruellwuerfelSrc}/src/index.ts";
- };
- };
- krebs.iptables = {
- enable = true;
- tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
- { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir
- { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
- { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
- { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
- { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin
- { predicate = "-p tcp --dport 8920"; target = "ACCEPT"; } # jellyfin
- { predicate = "-p udp --dport 1900"; target = "ACCEPT"; } # jellyfin
- { predicate = "-p udp --dport 7359"; target = "ACCEPT"; } # jellyfin
- { predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr
- { predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr
- { predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr
- { predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr
- # smbd
- { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
- ];
- };
- = {
- wantedBy = [ "" ];
- path = [
- pkgs.coreutils
- pkgs.findutils
- pkgs.inotify-tools
- ];
- serviceConfig = {
- Restart = "always";
- ExecStart = pkgs.writers.writeDash "flix-index" ''
- set -efu
- DIR=/var/download
- cd "$DIR"
- while inotifywait -rq -e create -e move -e delete "$DIR"; do
- find . -type f > "$DIR"/index.tmp
- mv "$DIR"/index.tmp "$DIR"/index
- done
- '';
- };
- };
- services.jellyfin = {
- enable = true;
- group = "download";
- };
- # movies
- services.radarr = {
- enable = true;
- group = "download";
- };
- # shows
- services.sonarr = {
- enable = true;
- group = "download";
- };
- # indexers
- services.prowlarr = {
- enable = true;
- };
- # subtitles
- services.bazarr = {
- enable = true;
- group = "download";
- };
diff --git a/lass/2configs/services/flix/proxy.nix b/lass/2configs/services/flix/proxy.nix
deleted file mode 100644
index c16c6def3..000000000
--- a/lass/2configs/services/flix/proxy.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, pkgs, ... }:
- services.nginx.virtualHosts."" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- proxyPass = "http://yellow.r:8096";
- proxyWebsockets = true;
- recommendedProxySettings = true;
- };
- };
diff --git a/lass/2configs/services/git/default.nix b/lass/2configs/services/git/default.nix
deleted file mode 100644
index 2b68905ed..000000000
--- a/lass/2configs/services/git/default.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
- imports = [
- ../../git.nix
- ];
- services.nginx.virtualHosts."" = {
- enableACME = true;
- addSSL = true;
- locations =;
- extraConfig = ''
- client_max_body_size 300M;
- client_body_timeout 2024;
- client_header_timeout 2024;
- fastcgi_buffers 16 512k;
- fastcgi_buffer_size 512k;
- fastcgi_read_timeout 500;
- fastcgi_send_timeout 500;
- '';
- };
diff --git a/lass/2configs/services/git/proxy.nix b/lass/2configs/services/git/proxy.nix
deleted file mode 100644
index 9875898ea..000000000
--- a/lass/2configs/services/git/proxy.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, pkgs, ... }:
- services.nginx.virtualHosts."" = {
- forceSSL = true;
- enableACME = true;
- acmeFallbackHost = "orange.r";
- locations."/" = {
- proxyPass = "http://orange.r";
- proxyWebsockets = true;
- recommendedProxySettings = true;
- };
- extraConfig = ''
- client_max_body_size 300M;
- client_body_timeout 2024;
- client_header_timeout 2024;
- fastcgi_buffers 16 512k;
- fastcgi_buffer_size 512k;
- fastcgi_read_timeout 500;
- fastcgi_send_timeout 500;
- '';
- };
diff --git a/lass/2configs/services/radio/container-host.nix b/lass/2configs/services/radio/container-host.nix
deleted file mode 100644
index de0ea9afe..000000000
--- a/lass/2configs/services/radio/container-host.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, pkgs, ... }:
- = {
- sshKey = "${toString <secrets>}/radio.sync.key";
- };
- = {
- bindMounts."/var/music" = {
- hostPath = "/var/music";
- isReadOnly = false;
- };
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
- ];
- = {
- port = 8000;
- scriptFile = pkgs.writers.writeDash "redir" ''
- printf 'HTTP/1.1 301 Moved Permanently\r\n'
- printf "Location:''${Request_URI}\r\n"
- printf '\r\n'
- '';
- };
diff --git a/lass/2configs/services/radio/controls.html b/lass/2configs/services/radio/controls.html
deleted file mode 100644
index 858dc3656..000000000
--- a/lass/2configs/services/radio/controls.html
+++ /dev/null
@@ -1,83 +0,0 @@
-<!doctype html>
-<html lang="en">
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <title>The_Playlist Voting!</title>
-#good {
- display: block;
- width: 100%;
- border: none;
- background-color: #04AA6D;
- padding: 14px;
- margin: 14px 0 0 0;
- height: 100px;
- font-size: 16px;
- cursor: pointer;
- text-align: center;
-#bad {
- display: block;
- width: 100%;
- border: none;
- background-color: red;
- padding: 14px;
- height: 100px;
- margin: 14px 0 0 0;
- font-size: 16px;
- cursor: pointer;
- text-align: center;
- <div id=votenote></div>
- <button id=good type="button"> GUT </button>
- <button id=bad type="button"> SCHLECHT </button>
- <center>
- Currently Running: <br/><div>
- <b id=current></b>
- </div>
- <div id=vote>
- </div>
- <audio controls autoplay="autoplay">
- <source src="" type="audio/ogg">
- Your browser does not support the audio element.
- </audio>
- </center>
- <script>
- document.getElementById("good").onclick=async ()=>{
- let result = await fetch("", {"method": "POST"})
- document.getElementById("vote").textContent = "Dieses Lied findest du gut"
- };
- document.getElementById("bad").onclick=async ()=>{
- let result = await fetch("", {"method": "POST"})
- document.getElementById("vote").textContent = "Dieses Lied findest du schlecht"
- document.getElementById("bad").disabled = true
- window.setTimeout(function(){
- document.getElementById("bad").disabled = false
- }, 100000)
- };
- async function current() {
- let result = await fetch("", {"method": "GET"})
- let data = await result.json()
- document.getElementById("current").textContent =
- }
- window.onload = function() {
- window.setInterval('current()', 10000)
- current()
- }
- </script>
diff --git a/lass/2configs/services/radio/default.nix b/lass/2configs/services/radio/default.nix
deleted file mode 100644
index 5accfe360..000000000
--- a/lass/2configs/services/radio/default.nix
+++ /dev/null
@@ -1,329 +0,0 @@
-{ config, pkgs, lib, ... }:
- name = "radio";
- music_dir = "/var/music";
- skip_track = pkgs.writers.writeBashBin "skip_track" ''
- set -eu
- # TODO come up with new rating, without moving files
- # current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename)
- # track_infos=$(${print_current}/bin/print_current)
- # skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$current_track" || echo 0)
- # if [[ "$current_track" =~ .*/the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then
- # skip_count=$((skip_count+1))
- # ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$current_track"
- # echo skipping: "$track_infos" skip_count: "$skip_count"
- # else
- # mkdir -p "$music_dir"/the_playlist/.graveyard/
- # mv "$current_track" "$music_dir"/the_playlist/.graveyard/
- # echo killing: "$track_infos"
- # fi
- ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/skip |
- ${pkgs.jq}/bin/jq -r '.filename'
- '';
- good_track = pkgs.writeBashBin "good_track" ''
- set -eu
- current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename)
- track_infos=$(${print_current}/bin/print_current)
- # TODO come up with new rating, without moving files
- # if [[ "$current_track" =~ .*/the_playlist/music/.* ]]; then
- # ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$current_track"
- # else
- # mv "$current_track" "$music_dir"/the_playlist/music/ || :
- # fi
- echo good: "$track_infos"
- '';
- print_current = pkgs.writeDashBin "print_current" ''
- file=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current |
- ${pkgs.jq}/bin/jq -r '.filename' |
- ${pkgs.gnused}/bin/sed 's,^${music_dir},,'
- )
- link=$(${pkgs.curl}/bin/curl http://localhost:8002/current |
- ${pkgs.jq}/bin/jq -r '.filename' |
- ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@\1@'
- )
- echo "$file": "$link"
- '';
- set_irc_topic = pkgs.writeDash "set_irc_topic" ''
- ${pkgs.curl}/bin/curl -fsS --unix-socket /home/radio/reaktor.sock http://z/ \
- -H content-type:application/json \
- -d "$(${pkgs.jq}/bin/jq -n \
- --arg text "$1" '{
- command:"TOPIC",
- params:["#the_playlist",$text]
- }'
- )"
- '';
- write_to_irc = pkgs.writeDash "write_to_irc" ''
- ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \
- -H content-type:application/json \
- -d "$(${pkgs.jq}/bin/jq -n \
- --arg text "$1" '{
- command:"PRIVMSG",
- params:["#the_playlist",$text]
- }'
- )"
- '';
-in {
- imports = [
- ./news.nix
- ./weather.nix
- ];
- users.users = {
- "${name}" = rec {
- inherit name;
- createHome = true;
- group = name;
- uid = name;
- description = "radio manager";
- home = "/home/${name}";
- useDefaultShell = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- lass.pubkey
- ];
- };
- };
- users.groups = {
- "radio" = {};
- };
- krebs.per-user.${name}.packages = with pkgs; [
- good_track
- skip_track
- print_current
- ];
- = ./radio.liq;
- = {
- environment = {
- RADIO_PORT = "8002";
- HOOK_TRACK_CHANGE = pkgs.writers.writeDash "on_change" ''
- set -xefu
- LIMIT=1000 #how many tracks to keep in the history
- HISTORY_FILE=/var/lib/radio/recent
- listeners=$(${pkgs.curl}/bin/curl -fSs http://localhost:8000/status-json.xsl |
- ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0)
- echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE"
- echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
- ${set_irc_topic} "playing: $filename listeners: $listeners"
- '';
- MUSIC = "${music_dir}/the_playlist";
- ICECAST_HOST = "localhost";
- };
- path = [
- ];
- serviceConfig.User = lib.mkForce "radio";
- };
- nixpkgs.config.packageOverrides = opkgs: {
- icecast = opkgs.icecast.overrideAttrs (old: rec {
- version = "2.5-beta3";
- src = pkgs.fetchurl {
- url = "${version}.tar.gz";
- sha256 = "sha256-4FDokoA9zBDYj8RAO/kuTHaZ6jZYBLSJZiX/IYFaCW8=";
- };
- buildInputs = old.buildInputs ++ [ pkgs.pkg-config ];
- });
- };
- services.icecast = {
- enable = true;
- hostname = "";
- admin.password = "hackme";
- extraConf = ''
- <authentication>
- <source-password>hackme</source-password>
- <admin-user>admin</admin-user>
- <admin-password>hackme</admin-password>
- </authentication>
- <logging>
- <accesslog>-</accesslog>
- <errorlog>-</errorlog>
- <loglevel>3</loglevel>
- </logging>
- '';
- };
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
- { predicate = "-i retiolum -p tcp --dport 8001"; target = "ACCEPT"; }
- ];
- };
- };
- # allow reaktor2 to modify files
-"reaktor2-the_playlist".serviceConfig.DynamicUser = lib.mkForce false;
-"reaktor2-the_playlist".serviceConfig.Group = lib.mkForce "radio";
- krebs.reaktor2.the_playlist = {
- hostname = "";
- port = "6697";
- useTLS = true;
- nick = "the_playlist";
- username = "radio";
- API.listen = "unix:/home/radio/reaktor.sock";
- plugins = [
- {
- plugin = "register";
- config = {
- channels = [
- "#the_playlist"
- "#krebs"
- ];
- };
- }
- {
- plugin = "system";
- config = {
- workdir = config.krebs.reaktor2.the_playlist.stateDir;
- hooks.PRIVMSG = [
- {
- activate = "match";
- pattern = "^(?:.*\\s)?\\s*the_playlist:\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
- command = 1;
- arguments = [2];
- commands = {
- skip.filename = "${skip_track}/bin/skip_track";
- next.filename = "${skip_track}/bin/skip_track";
- bad.filename = "${skip_track}/bin/skip_track";
- good.filename = "${good_track}/bin/good_track";
- nice.filename = "${good_track}/bin/good_track";
- like.filename = "${good_track}/bin/good_track";
- current.filename = "${print_current}/bin/print_current";
- wish.filename = pkgs.writeDash "wish" ''
- echo "youtube-dl:$1" | ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish -d @- > /dev/null
- '';
- wishlist.filename = pkgs.writeDash "wishlist" ''
- ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish | ${pkgs.jq}/bin/jq -r '.[]'
- '';
- suggest.filename = pkgs.writeDash "suggest" ''
- echo "$@" >> playlist_suggest
- '';
- };
- }
- ];
- };
- }
- ];
- };
- = {
- port = 8001;
- user = {
- name = "radio";
- };
- scriptFile = pkgs.writeDash "radio" ''
- case "$Method $Request_URI" in
- "POST /skip")
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- msg=$(${skip_track}/bin/skip_track)
- ${write_to_irc} "$msg"
- echo "$msg"
- exit
- ;;
- "POST /good")
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- msg=$(${good_track}/bin/good_track)
- ${write_to_irc} "$msg"
- echo "$msg"
- exit
- ;;
- esac
- '';
- };
- networking.firewall.allowedTCPPorts = [ 80 ];
- services.nginx = {
- enable = true;
- virtualHosts."radio.r" = {
- locations."/".extraConfig = ''
- #
- proxy_pass http://localhost:8000;
- # Disable request size limit, very important for uploading large files
- client_max_body_size 0;
- # Enable support `Transfer-Encoding: chunked`
- chunked_transfer_encoding on;
- # Disable request and response buffering, minimize latency to/from Icecast
- proxy_buffering off;
- proxy_request_buffering off;
- # Icecast needs HTTP/1.1, not 1.0 or 2
- proxy_http_version 1.1;
- # Forward all original request headers
- proxy_pass_request_headers on;
- # Set some standard reverse proxy headers. Icecast server currently ignores these,
- # but may support them in a future version so that access logs are more useful.
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- # get source ip for weather reports
- proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr";
- '';
- locations."= /recent".extraConfig = ''
- default_type "text/plain";
- alias /var/lib/radio/recent;
- '';
- locations."= /current".extraConfig = ''
- proxy_pass http://localhost:8002;
- '';
- locations."= /skip".extraConfig = ''
- proxy_pass http://localhost:8001;
- '';
- locations."= /good".extraConfig = ''
- proxy_pass http://localhost:8001;
- '';
- locations."= /".alias = pkgs.writeScript "" ''
- #!/bin/sh
- trap 'exit 0' EXIT
- while sleep 1; do
- mpv \
- --cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \
- ''
- done
- '';
- locations."= /controls".extraConfig = ''
- default_type "text/html";
- alias ${./controls.html};
- '';
- extraConfig = ''
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- '';
- };
- };
- services.syncthing.declarative.folders."the_playlist" = {
- path = "/var/music/the_playlist";
- devices = [ "mors" "phone" "prism" "omo" "radio" ];
- };
- krebs.acl."/var/music/the_playlist"."u:syncthing:X".parents = true;
- krebs.acl."/var/music/the_playlist"."u:syncthing:rwX" = {};
- krebs.acl."/var/music/the_playlist"."u:radio:rwX" = {};
diff --git a/lass/2configs/services/radio/news.nix b/lass/2configs/services/radio/news.nix
deleted file mode 100644
index 62f7f548c..000000000
--- a/lass/2configs/services/radio/news.nix
+++ /dev/null
@@ -1,131 +0,0 @@
-{ config, lib, pkgs, ... }:
- tts = pkgs.writers.writeBashBin "tts" ''
- set -efu
- offset=0
- OUTPUT=$(mktemp -d)
- trap 'rm -rf "$OUTPUT"' EXIT
- SPEAKER=$[ $RANDOM % 900 ]
- while read line; do
- echo "$line" |
- ${pkgs.larynx}/bin/larynx \
- --model ${pkgs.fetchzip {
- url = "";
- hash = "sha256-jCoK4p0O7BuF0nr6Sfj40tpivCvU5M3GHKQRg1tfIO8=";
- stripRoot = false;
- }}/en-us-libritts-high.onnx \
- -s "$SPEAKER" \
- -f "$OUTPUT"/"$offset".wav
- ((offset+=1))
- done
- ${pkgs.sox}/bin/sox "$OUTPUT"/*.wav "$OUTPUT"/all.wav
- cat "$OUTPUT"/all.wav
- '';
- send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
- ${pkgs.vorbis-tools}/bin/oggenc - |
- ${pkgs.cyberlocker-tools}/bin/cput news.ogg
- ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/newsshow
- '';
- gc_news = pkgs.writers.writeDashBin "gc_news" ''
- set -xefu
- export TZ=UTC #workaround for jq parsing wrong timestamp
- ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -cs 'map(select((.to|fromdateiso8601) > now)) | .[]' > $HOME/bla-news.tmp
- ${pkgs.coreutils}/bin/mv $HOME/bla-news.tmp $HOME/news
- '';
- get_current_news = pkgs.writers.writeDashBin "get_current_news" ''
- set -xefu
- export TZ=UTC #workaround for jq parsing wrong timestamp
- ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -rs '
- sort_by(.priority) |
- map(select(
- ((.to | fromdateiso8601) > now) and
- (.from|fromdateiso8601) < now) |
- .text
- ) | .[]'
- '';
- newsshow = pkgs.writers.writeDashBin "newsshow" /* sh */ ''
- cat << EOF
- hello crabpeople!
- $(${pkgs.ddate}/bin/ddate +'Today is %{%A, the %e of %B%}, %Y. %N%nCelebrate %H')
- It is $(date --utc +%H) o clock UTC.
- todays news:
- $(get_current_news)
- $(gc_news)
- '';
- = {
- path = [
- newsshow
- tts
- send_to_radio
- gc_news
- get_current_news
- pkgs.retry
- ];
- script = ''
- set -efu
- retry -t 5 -d 10 -- newsshow |
- retry -t 5 -d 10 -- tts |
- retry -t 5 -d 10 -- send_to_radio
- '';
- startAt = "*:00:00";
- serviceConfig = {
- User = "radio-news";
- };
- };
- services.nginx.virtualHosts."radio-news.r" = {
- locations."/" = {
- proxyPass = "http://localhost:7999";
- proxyWebsockets = true;
- extraConfig = ''
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- '';
- };
- };
- = {
- port = 7999;
- user = {
- name = "radio-news";
- };
- script = ''. ${pkgs.writers.writeDash "htgen-news" ''
- set -xefu
- case "''${Method:-GET} $Request_URI" in
- "GET /")
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- cat "$HOME"/news | jq -sc .
- exit
- ;;
- "POST /")
- payload=$(head -c "$req_content_length")
- printf '%s' "$payload" | jq 'has("from") and has("to") and has("text")' >&2
- printf '%s' "$payload" | jq -c '{ from: .from, to: .to, text: .text, priority: (.priority // 0)}' >> "$HOME"/news
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- exit
- ;;
- esac
- ''}'';
- };
- ## debug
- # environment.systemPackages = [
- # weather_report
- # send_to_radio
- # newsshow
- # ];
diff --git a/lass/2configs/services/radio/proxy.nix b/lass/2configs/services/radio/proxy.nix
deleted file mode 100644
index 49f8ade79..000000000
--- a/lass/2configs/services/radio/proxy.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, pkgs, ... }:
- services.nginx.virtualHosts."" = {
- enableACME = true;
- addSSL = true;
- locations."/" = {
- # recommendedProxySettings = true;
- proxyWebsockets = true;
- proxyPass = "http://radio.r";
- extraConfig = ''
- proxy_set_header Host radio.r;
- # get source ip for weather reports
- proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr";
- '';
- };
- };
diff --git a/lass/2configs/services/radio/radio.liq b/lass/2configs/services/radio/radio.liq
deleted file mode 100644
index 1366287a7..000000000
--- a/lass/2configs/services/radio/radio.liq
+++ /dev/null
@@ -1,112 +0,0 @@
-# use yt-dlp
-## functions
-def stringify_attrs(attrs) =
- let json.stringify out = (attrs : [(string * string)] as json.object)
- out
-def filter_music(req) =
- filename = request.filename(req)
- if string.match(pattern = '.*/\\.graveyard/.*', filename) then
- false
- else
- true
- end
-def queue_contents(q) =
- (req) -> request.uri(req), q)
-## main
-env = environment()
-port = string.to_int(env["RADIO_PORT"], default = 8000)
-all_music = playlist(env["MUSIC"], check_next = filter_music)
-wishlist = request.queue()
-tracks = fallback(track_sensitive = true, [wishlist, all_music])
-tracks =
-last_metadata = ref([])
-def on_metadata(m) =
- last_metadata := m
- print("changing tracks")
- out =["HOOK_TRACK_CHANGE"], env = m, timeout = 5.0)
- print(out)
-# some nice effects
-music = crossfade(tracks)
-music = mksafe(music)
-music = normalize(music)
-news = request.queue()
-radio = smooth_add(normal = music, special = amplify(1.5, news))
-if string.length(env["ICECAST_HOST"]) > 0 then
- output.icecast(host = env["ICECAST_HOST"], mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), music)
- output.icecast(host = env["ICECAST_HOST"], mount = '/music.mp3', password = 'hackme', %mp3.vbr(), music)
- output.icecast(host = env["ICECAST_HOST"], mount = '/music.opus', password = 'hackme', %opus(bitrate = 128), music)
- output.icecast(host = env["ICECAST_HOST"], mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), radio)
- output.icecast(host = env["ICECAST_HOST"], mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), radio)
- output.icecast(host = env["ICECAST_HOST"], mount = '/radio.opus', password = 'hackme', %opus(bitrate = 128), radio)
- output(fallible = true, buffer(radio))
-interactive.harbor(port = port)
-def current(~protocol, ~headers, ~data, uri) =
- http.response(content_type = "application/json", data = stringify_attrs(
- !last_metadata
- ))
-harbor.http.register("/current", port = port, current)
-def skip(~protocol, ~headers, ~data, uri) =
- tracks.skip()
- http.response(content_type = "application/json", data = stringify_attrs(
- !last_metadata
- ))
-harbor.http.register("/skip", method = "POST", port = port, skip)
-def all_tracks(~protocol, ~headers, ~data, uri) =
- http.response(content_type = "application/json", data = json.stringify(
- all_music.remaining_files()
- ))
-harbor.http.register("/all_tracks", port = port, all_tracks)
-def wish_track(~protocol, ~headers, ~data, uri) =
- # disallow process:
- if string.match(pattern = '^process:', data) then
- http.response(code = 400)
- else
- # TODO report errors back
- wish = request.create(data)
- wishlist.push(wish)
- http.response(content_type = "application/json", data = "ok")
- end
-harbor.http.register("/wish", method = "POST", port = port, wish_track)
-def wish_tracklist(~protocol, ~headers, ~data, uri) =
- http.response(content_type = "application/json", data = json.stringify(
- queue_contents(wishlist.queue())
- ))
-harbor.http.register("/wish", port = port, wish_tracklist)
-def newsshow(~protocol, ~headers, ~data, uri) =
- news.push(request.create("http://c.r/news.ogg"))
- http.response(content_type = "application/json", data = "ok")
-harbor.http.register("/newsshow", method = "POST", port = port, newsshow)
diff --git a/lass/2configs/services/radio/shell.nix b/lass/2configs/services/radio/shell.nix
deleted file mode 100644
index 9d00e3b06..000000000
--- a/lass/2configs/services/radio/shell.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ pkgs ? import <nixpkgs> {} }:
-pkgs.mkShell {
- buildInputs = [
- pkgs.liquidsoap
- ];
diff --git a/lass/2configs/services/radio/weather.nix b/lass/2configs/services/radio/weather.nix
deleted file mode 100644
index dca8a7843..000000000
--- a/lass/2configs/services/radio/weather.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ config, lib, pkgs, ... }:
- weather_for_ips = pkgs.writers.writePython3Bin "weather_for_ips" {
- libraries = [ pkgs.python3Packages.geoip2 ];
- flakeIgnore = [ "E501" ];
- } ./;
- weather_report = pkgs.writers.writeDashBin "weather_report" ''
- set -efux
- export PATH="${lib.makeBinPath [
- pkgs.coreutils
- pkgs.curl
- pkgs.jq
- ]}"
- curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb
- MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB
- (
- curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.ogg'
- curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.mp3'
- curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.opus'
- ) | jq -rs '
- [
- .[][].source|values|to_entries[].value |
- (.listener//[]) [] |
- (.useragent | capture("client-ip=(?<ip>[a-f0-9.:]+)")).ip // .ip
- ] |
- unique[] |
- select(. != "") |
- select(. != "::1")
- ' |
- ${weather_for_ips}/bin/weather_for_ips
- '';
-in {
- = {
- path = [
- weather_report
- pkgs.retry
- pkgs.jq
- pkgs.curl
- ];
- script = ''
- set -xefu
- retry -t 5 -d 10 -- weather_report |
- jq \
- --arg from "$(date -u +'%FT%TZ')" \
- --arg to "$(date -u +'%FT%TZ' -d '+1 hours')" \
- --slurp --raw-input --compact-output --ascii-output \
- '{text: ., from: $from, to: $to, priority: 100}' |
- retry -t 5 -d 10 -- curl -fSs -d@- http://radio-news.r
- '';
- startAt = "*:58:00";
- serviceConfig = {
- User = "radio-news";
- LoadCredential = [
- "openweather_api:${toString <secrets>}/openweather_api_key"
- ];
- };
- };
diff --git a/lass/2configs/services/radio/ b/lass/2configs/services/radio/
deleted file mode 100644
index c44c5e46a..000000000
--- a/lass/2configs/services/radio/
+++ /dev/null
@@ -1,48 +0,0 @@
-import geoip2.database
-import fileinput
-import json
-import requests
-import os
-import random
-geoip = geoip2.database.Reader(os.environ['MAXMIND_GEOIP_DB'])
-seen = {}
-output = []
-for ip in fileinput.input():
- if "" in ip:
- output.append(
- 'Weather report for c-base, space. '
- 'It is empty space outside '
- 'with a temperature of -270 degrees, '
- 'a lightspeed of 299792 kilometers per second '
- 'and a humidity of Not a Number percent. '
- f'The probability of reincarnation is {random.randrange(0, 100)} percent. '
- )
- else:
- try:
- location =
- if not in seen:
- seen[] = True
- weather_api_key = os.environ['OPENWEATHER_API_KEY']
- url = (
- f''
- f'?lat={location.location.latitude}'
- f'&lon={location.location.longitude}'
- f'&appid={weather_api_key}'
- f'&units=metric'
- )
- resp = requests.get(url)
- weather = json.loads(resp.text)
- output.append(
- f'Weather report for {}, {}. '
- f'It is {weather["current"]["weather"][0]["description"]} outside '
- f'with a temperature of {weather["current"]["temp"]:.1f} degrees, '
- f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second '
- f'and a humidity of {weather["current"]["humidity"]} percent. '
- f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. '
- )
- except: # noqa E722
- pass
diff --git a/lass/2configs/skype.nix b/lass/2configs/skype.nix
deleted file mode 100644
index a803df15b..000000000
--- a/lass/2configs/skype.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, ... }:
- mainUser = config.users.extraUsers.mainUser;
- inherit (import <stockholm/lib>) genid;
-in {
- users.extraUsers = {
- skype = {
- name = "skype";
- uid = genid "skype";
- description = "user for running skype";
- home = "/home/skype";
- useDefaultShell = true;
- extraGroups = [ "audio" "video" ];
- createHome = true;
- };
- };
- = [
- ];
- security.sudo.extraConfig = ''
- ${} ALL=(skype) NOPASSWD: ALL
- '';
diff --git a/lass/2configs/smartd.nix b/lass/2configs/smartd.nix
deleted file mode 100644
index 859812bed..000000000
--- a/lass/2configs/smartd.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, pkgs, ... }:
- services.smartd = {
- enable = true;
- devices = [
- {
- device = "DEVICESCAN";
- options = toString [
- "-a"
- "-m ${config.krebs.users.lass.mail}"
- "-s (O/../.././09|S/../.././04|L/../../6/05)"
- ];
- }
- ];
- };
diff --git a/lass/2configs/snapclient.nix b/lass/2configs/snapclient.nix
deleted file mode 100644
index 8015680e9..000000000
--- a/lass/2configs/snapclient.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, lib, pkgs, ... }:
- = {
- wantedBy = [ "" ];
- path = [ pkgs.snapcast ];
- script = "snapclient -h";
- serviceConfig = {
- DynamicUser = true;
- Group = "pipewire";
- };
- };
diff --git a/lass/2configs/snapserver.nix b/lass/2configs/snapserver.nix
deleted file mode 100644
index 3c6dbf750..000000000
--- a/lass/2configs/snapserver.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, lib, pkgs, ... }:
- services.snapserver = {
- enable = true;
- openFirewall = true;
- streams = {
- pipewire = {
- type = "pipe";
- location = "/run/snapserver/snapfifo";
- };
- };
- };
diff --git a/lass/2configs/ssh-cryptsetup.nix b/lass/2configs/ssh-cryptsetup.nix
deleted file mode 100644
index 0126c33b2..000000000
--- a/lass/2configs/ssh-cryptsetup.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, ... }:
- boot.initrd = {
- network = {
- enable = true;
- ssh = {
- enable = true;
- authorizedKeys = with config.krebs.users; [
- config.krebs.users.lass.pubkey
- config.krebs.users.lass-blue.pubkey
- ];
- };
- };
- };
diff --git a/lass/2configs/starcraft.nix b/lass/2configs/starcraft.nix
deleted file mode 100644
index c95a610e7..000000000
--- a/lass/2configs/starcraft.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, pkgs, ... }: let
- mainUser = config.users.extraUsers.mainUser;
-in {
- users.users= {
- starcraft = {
- isNormalUser = true;
- extraGroups = [
- "audio"
- "video"
- ];
- packages = [
- pkgs.wineWowPackages.minimal
- pkgs.winetricks
- pkgs.mpg123
- ];
- };
- };
- security.sudo.extraConfig = ''
- ${} ALL=(starcraft) NOPASSWD: ALL
- '';
diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix
deleted file mode 100644
index d814a2499..000000000
--- a/lass/2configs/steam.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, pkgs, ... }:
- imports = [
- ./games.nix
- ];
- #
- # Steam stuff
- # source:
- #
- ##TODO: make steam module
- = true;
- hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
- users.users.mainUser.packages = [ (pkgs.steam.override {
- extraPkgs = p: with p; [
- gnutls # needed for Halo MCC
- ];
- }) ];
- #ports for inhome streaming
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport 27031"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 27036"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 27031"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 27036"; target = "ACCEPT"; }
- ];
- };
- };
diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix
deleted file mode 100644
index 98479c7f5..000000000
--- a/lass/2configs/sync/decsync.nix
+++ /dev/null
@@ -1,10 +0,0 @@
- services.syncthing.folders.decsync = {
- path = "/home/lass/decsync";
- devices = [ "mors" "blue" "green" "phone" "massulus" ];
- };
- krebs.acl."/home/lass/decsync"."u:syncthing:X".parents = true;
- krebs.acl."/home/lass/decsync"."u:syncthing:rwX" = {};
- krebs.acl."/home/lass/decsync"."u:lass:rwX" = {};
diff --git a/lass/2configs/sync/sync.nix b/lass/2configs/sync/sync.nix
deleted file mode 100644
index 09f94378b..000000000
--- a/lass/2configs/sync/sync.nix
+++ /dev/null
@@ -1,15 +0,0 @@
- services.syncthing.folders."/home/lass/sync" = {
- devices = [
- "mors"
- "xerxes"
- "green"
- "blue"
- "coaxmetal"
- "aergia"
- ];
- };
- krebs.acl."/home/lass/sync"."u:syncthing:X".parents = true;
- krebs.acl."/home/lass/sync"."u:syncthing:rwX" = {};
- krebs.acl."/home/lass/sync"."u:lass:rwX" = {};
diff --git a/lass/2configs/sync/the_playlist.nix b/lass/2configs/sync/the_playlist.nix
deleted file mode 100644
index 233ca8fb7..000000000
--- a/lass/2configs/sync/the_playlist.nix
+++ /dev/null
@@ -1,9 +0,0 @@
- services.syncthing.folders.the_playlist = {
- path = "/home/lass/tmp/the_playlist";
- devices = [ "mors" "phone" "prism" "omo" "radio" ];
- };
- krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:X".parents = true;
- krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:rwX" = {};
- krebs.acl."/home/lass/tmp/the_playlist"."u:lass:rwX" = {};
diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix
deleted file mode 100644
index b32015b84..000000000
--- a/lass/2configs/sync/weechat.nix
+++ /dev/null
@@ -1,6 +0,0 @@
- services.syncthing.folders."/home/lass/.weechat".devices = [ "green" "mors" ];
- krebs.acl."/home/lass/.weechat"."u:syncthing:X".parents = true;
- krebs.acl."/home/lass/.weechat"."u:syncthing:rwX" = {};
- krebs.acl."/home/lass/.weechat"."u:lass:rwX" = {};
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
deleted file mode 100644
index 7b8850681..000000000
--- a/lass/2configs/syncthing.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, pkgs, ... }: with import <stockholm/lib>;
- imports = [ <stockholm/krebs/2configs/syncthing.nix> ];
- services.syncthing = {
- group = "syncthing";
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
- { predicate = "-p udp --dport 21027"; target = "ACCEPT";}
- ];
- system.activationScripts.syncthing-home = mkDefault ''
- ${pkgs.coreutils}/bin/chmod a+x /home/lass
- '';
diff --git a/lass/2configs/telegraf.nix b/lass/2configs/telegraf.nix
deleted file mode 100644
index 4f46cd721..000000000
--- a/lass/2configs/telegraf.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, lib, pkgs, ... }:
- isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules;
-in {
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 9273"; target = "ACCEPT"; }
- ];
- = [ pkgs.nvme-cli ];
- services.telegraf = {
- enable = true;
- extraConfig = {
- agent.interval = "60s";
- inputs = {
- prometheus.metric_version = 2;
- kernel_vmstat = { };
- # smart = lib.mkIf (!isVM) {
- # path = pkgs.writeShellScript "smartctl" ''
- # exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@"
- # '';
- # };
- system = { };
- mem = { };
- file = [{
- data_format = "influx";
- file_tag = "name";
- files = [ "/var/log/telegraf/*" ];
- }] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) {
- name_override = "ext4_errors";
- files = [ "/sys/fs/ext4/*/errors_count" ];
- data_format = "value";
- };
- exec = lib.optionalAttrs (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems) {
- ## Commands array
- commands = [
- (pkgs.writeScript "zpool-health" ''
- #!${pkgs.gawk}/bin/awk -f
- while ("${pkgs.zfs}/bin/zpool status" | getline) {
- if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 }
- if ($1 ~ /state:/) { printf " state=\"%s\",", $2 }
- if ($1 ~ /errors:/) {
- if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2
- }
- }
- }
- '')
- ];
- data_format = "influx";
- };
- systemd_units = { };
- swap = { };
- disk.tagdrop = {
- fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ];
- device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ];
- };
- diskio = { };
- };
- outputs.prometheus_client = {
- listen = ":9273";
- metric_version = 2;
- };
- };
- };
diff --git a/lass/2configs/termite.nix b/lass/2configs/termite.nix
deleted file mode 100644
index 245b89e9c..000000000
--- a/lass/2configs/termite.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- environment.systemPackages = [
- pkgs.termite
- ];
- krebs.per-user.lass.packages = let
- termitecfg = pkgs.writeTextFile {
- name = "termite-config";
- destination = "/etc/xdg/termite/config";
- text = ''
- [colors]
- foreground = #d0d7d0
- background = #000000
- '';
- };
- in [
- termitecfg
- ];
diff --git a/lass/2configs/tests/dummy-secrets/bepasty-secret.nix b/lass/2configs/tests/dummy-secrets/bepasty-secret.nix
deleted file mode 100644
index 6e08144d0..000000000
--- a/lass/2configs/tests/dummy-secrets/bepasty-secret.nix
+++ /dev/null
@@ -1 +0,0 @@
diff --git a/lass/2configs/tests/dummy-secrets/cbase.txt b/lass/2configs/tests/dummy-secrets/cbase.txt
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/cbase.txt
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/grafana_security.nix b/lass/2configs/tests/dummy-secrets/grafana_security.nix
deleted file mode 100644
index ef75d4e0f..000000000
--- a/lass/2configs/tests/dummy-secrets/grafana_security.nix
+++ /dev/null
@@ -1,4 +0,0 @@
- adminUser = "bla";
- adminPassword = "blub";
diff --git a/lass/2configs/tests/dummy-secrets/hashedPasswords.nix b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix
deleted file mode 100644
index 0967ef424..000000000
--- a/lass/2configs/tests/dummy-secrets/hashedPasswords.nix
+++ /dev/null
@@ -1 +0,0 @@
diff --git a/lass/2configs/tests/dummy-secrets/icecast-admin-pw b/lass/2configs/tests/dummy-secrets/icecast-admin-pw
deleted file mode 100644
index 16b542cee..000000000
--- a/lass/2configs/tests/dummy-secrets/icecast-admin-pw
+++ /dev/null
@@ -1 +0,0 @@
diff --git a/lass/2configs/tests/dummy-secrets/icecast-source-pw b/lass/2configs/tests/dummy-secrets/icecast-source-pw
deleted file mode 100644
index 16b542cee..000000000
--- a/lass/2configs/tests/dummy-secrets/icecast-source-pw
+++ /dev/null
@@ -1 +0,0 @@
diff --git a/lass/2configs/tests/dummy-secrets/initrd/ssh.ed25519_key b/lass/2configs/tests/dummy-secrets/initrd/ssh.ed25519_key
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/initrd/ssh.ed25519_key
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/iodinepw.nix b/lass/2configs/tests/dummy-secrets/iodinepw.nix
deleted file mode 100644
index f5e704702..000000000
--- a/lass/2configs/tests/dummy-secrets/iodinepw.nix
+++ /dev/null
@@ -1 +0,0 @@
diff --git a/lass/2configs/tests/dummy-secrets/ b/lass/2configs/tests/dummy-secrets/
deleted file mode 100644
index 215a7fa0c..000000000
--- a/lass/2configs/tests/dummy-secrets/
+++ /dev/null
@@ -1,3 +0,0 @@
-this is a private key
diff --git a/lass/2configs/tests/dummy-secrets/mails.nix b/lass/2configs/tests/dummy-secrets/mails.nix
deleted file mode 100644
index fe51488c7..000000000
--- a/lass/2configs/tests/dummy-secrets/mails.nix
+++ /dev/null
@@ -1 +0,0 @@
diff --git a/lass/2configs/tests/dummy-secrets/mysql_rootPassword b/lass/2configs/tests/dummy-secrets/mysql_rootPassword
deleted file mode 100644
index 922a74472..000000000
--- a/lass/2configs/tests/dummy-secrets/mysql_rootPassword
+++ /dev/null
@@ -1 +0,0 @@
diff --git a/lass/2configs/tests/dummy-secrets/nix-serve.key b/lass/2configs/tests/dummy-secrets/nix-serve.key
deleted file mode 100644
index 91448ad2f..000000000
--- a/lass/2configs/tests/dummy-secrets/nix-serve.key
+++ /dev/null
@@ -1 +0,0 @@
diff --git a/lass/2configs/tests/dummy-secrets/nordvpn.txt b/lass/2configs/tests/dummy-secrets/nordvpn.txt
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/nordvpn.txt
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/repos.nix b/lass/2configs/tests/dummy-secrets/repos.nix
deleted file mode 100644
index eed712458..000000000
--- a/lass/2configs/tests/dummy-secrets/repos.nix
+++ /dev/null
@@ -1 +0,0 @@
-_: {}
diff --git a/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
deleted file mode 100644
index 99a4033f6..000000000
--- a/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
+++ /dev/null
@@ -1,4 +0,0 @@
-this is a private key
diff --git a/lass/2configs/tests/dummy-secrets/searx.key b/lass/2configs/tests/dummy-secrets/searx.key
deleted file mode 100644
index bd88e01cd..000000000
--- a/lass/2configs/tests/dummy-secrets/searx.key
+++ /dev/null
@@ -1 +0,0 @@
diff --git a/lass/2configs/tests/dummy-secrets/ssh-tor.priv b/lass/2configs/tests/dummy-secrets/ssh-tor.priv
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/ssh-tor.priv
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519
deleted file mode 100644
index 5c12da0b3..000000000
--- a/lass/2configs/tests/dummy-secrets/ssh.id_ed25519
+++ /dev/null
@@ -1,3 +0,0 @@
-private key bla
diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_rsa b/lass/2configs/tests/dummy-secrets/ssh.id_rsa
deleted file mode 100644
index 885cf61f0..000000000
--- a/lass/2configs/tests/dummy-secrets/ssh.id_rsa
+++ /dev/null
@@ -1,3 +0,0 @@
-private key bla
diff --git a/lass/2configs/tests/dummy-secrets/syncthing.cert b/lass/2configs/tests/dummy-secrets/syncthing.cert
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/syncthing.cert
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/syncthing.key b/lass/2configs/tests/dummy-secrets/syncthing.key
deleted file mode 100644
index e69de29bb..000000000
--- a/lass/2configs/tests/dummy-secrets/syncthing.key
+++ /dev/null
diff --git a/lass/2configs/tests/dummy-secrets/torrent-auth b/lass/2configs/tests/dummy-secrets/torrent-auth
deleted file mode 100644
index f167e71f9..000000000
--- a/lass/2configs/tests/dummy-secrets/torrent-auth
+++ /dev/null
@@ -1,3 +0,0 @@
- x = "xxx";
diff --git a/lass/2configs/tests/dummy-secrets/transmission-pw b/lass/2configs/tests/dummy-secrets/transmission-pw
deleted file mode 100644
index b71df1a2d..000000000
--- a/lass/2configs/tests/dummy-secrets/transmission-pw
+++ /dev/null
@@ -1 +0,0 @@
diff --git a/lass/2configs/texlive.nix b/lass/2configs/texlive.nix
deleted file mode 100644
index fa20ef81f..000000000
--- a/lass/2configs/texlive.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ pkgs, ... }:
- environment.systemPackages = with pkgs; [
- (texLiveAggregationFun { paths = [
- texLive
- texLiveExtra
- texLiveCMSuper
- texLiveModerncv
- ];})
- ];
diff --git a/lass/2configs/themes.nix b/lass/2configs/themes.nix
deleted file mode 100644
index 60e2f7aec..000000000
--- a/lass/2configs/themes.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-{ config, lib, pkgs, ... }: let
- switch-theme = pkgs.writers.writeDashBin "switch-theme" ''
- set -efux
- if [ "$1" = toggle ]; then
- if [ "$(${pkgs.coreutils}/bin/cat /var/theme/current_theme)" = dark ]; then
- ${placeholder "out"}/bin/switch-theme light
- else
- ${placeholder "out"}/bin/switch-theme dark
- fi
- elif test -e "/etc/themes/$1"; then
- ${pkgs.coreutils}/bin/mkdir -p /var/theme/config
- ${pkgs.rsync}/bin/rsync --chown=lass:users -a --delete "/etc/themes/$1/" /var/theme/config/
- echo "$1" > /var/theme/current_theme
- ${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme
- ${pkgs.xorg.xrdb}/bin/xrdb -merge /var/theme/config/xresources
- ${pkgs.procps}/bin/pkill -HUP xsettingsd
- ${pkgs.glib}/bin/gsettings set org.gnome.desktop.interface gtk-theme "$(cat /var/theme/config/gtk-theme)" || :
- else
- echo "theme $1 not found"
- fi
- '';
-in {
- = {
- wantedBy = [ "" ];
- after = [ "display-manager.service" ];
- environment.DISPLAY = ":0";
- serviceConfig = {
- ExecStart = "${pkgs.xsettingsd}/bin/xsettingsd -c /var/theme/config/xsettings.conf";
- User = "lass";
- Restart = "always";
- RestartSec = "15s";
- };
- };
- systemd.tmpfiles.rules = [
- "d /var/theme/ 755 lass users"
- ];
- environment.systemPackages = [
- switch-theme
- pkgs.dracula-theme
- pkgs.gnome3.adwaita-icon-theme
- ];
- environment.etc = {
- "themes/light/gtk-theme".text = ''
- Adwaita
- '';
- "themes/light/xsettings.conf".text = ''
- Net/ThemeName "Adwaita"
- '';
- "themes/light/xresources".text = ''
- *background: #ffffff
- *foreground: #000000
- '';
- "themes/dark/gtk-theme".text = ''
- Dracula
- '';
- "themes/dark/xsettings.conf".text = ''
- Net/ThemeName "Dracula"
- '';
- "themes/dark/xresources".text = ''
- *background: #000000
- *foreground: #ffffff
- '';
- };
- system.activationScripts.theme.text = ''
- export DISPLAY=:0
- if test -e /var/theme/current_theme; then
- ${switch-theme}/bin/switch-theme "$(cat /var/theme/current_theme)" ||
- ${switch-theme}/bin/switch-theme dark
- else
- ${switch-theme}/bin/switch-theme dark
- fi
- '';
diff --git a/lass/2configs/tmux.nix b/lass/2configs/tmux.nix
deleted file mode 100644
index 10931365d..000000000
--- a/lass/2configs/tmux.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
- environment.etc."tmux.conf".text = ''
- #prefix key to `
- set-option -g prefix2 `
- bind-key r source-file /etc/tmux.conf \; display-message "/etc/tmux.conf reloaded"
- set-option -g default-terminal screen-256color
- #use session instead of windows
- bind-key c new-session
- bind-key p switch-client -p
- bind-key n switch-client -n
- bind-key C-s switch-client -l
- '';
- nixpkgs.config.packageOverrides = super: {
- tmux = pkgs.symlinkJoin {
- name = "tmux";
- paths = [
- (pkgs.writeDashBin "tmux" ''
- exec ${super.tmux}/bin/tmux -f /etc/tmux.conf "$@"
- '')
- super.tmux
- ];
- };
- };
- environment.systemPackages = with pkgs; [
- tmux
- ];
- # programs.bash.interactiveShellInit = ''
- # if [[ "$TERM" != "linux" && -z "$TMUX" ]]; then
- # if [[ -n "$SSH_AUTH_SOCK" ]]; then
- # tmux set-environment -g SSH_AUTH_SOCK "$SSH_AUTH_SOCK" 2>/dev/null
- # fi
- # exec tmux -u
- # fi
- # if [[ "$__host__" != "$HOST" ]]; then
- # tmux set -g status-bg colour$(string_hash $HOST 255)
- # export __host__=$HOST
- # fi
- # '';
diff --git a/lass/2configs/tor-initrd.nix b/lass/2configs/tor-initrd.nix
deleted file mode 100644
index 64e64b5b3..000000000
--- a/lass/2configs/tor-initrd.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{config, pkgs, ... }:
-## unlock command:
-# (pass admin/$host/root;echo) | torify ssh root@$(pass hosts/$host/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
- = true;
- = {
- enable = true;
- port = 22;
- authorizedKeys = [
- config.krebs.users.lass.pubkey
- config.krebs.users.lass-mors.pubkey
- config.krebs.users.lass-green.pubkey
- ];
- hostKeys = [ <secrets/initrd/ssh.ed25519_key> ];
- };
- boot.initrd.availableKernelModules = [ "e1000e" ];
- boot.initrd.secrets = {
- "/etc/tor/onion/bootup" = <secrets/initrd>;
- };
- boot.initrd.extraUtilsCommands = ''
- copy_bin_and_libs ${pkgs.tor}/bin/tor
- '';
- # start tor during boot process
- = let
- torRc = (pkgs.writeText "tor.rc" ''
- DataDirectory /etc/tor
- SOCKSPort IsolateDestAddr
- HiddenServiceDir /etc/tor/onion/bootup
- HiddenServicePort 22
- '');
- in ''
- echo "tor: preparing onion folder"
- # have to do this otherwise tor does not want to start
- chmod -R 700 /etc/tor
- echo "make sure localhost is up"
- ip a a dev lo
- ip link set lo up
- echo "tor: starting tor"
- tor -f ${torRc} --verify-config
- tor -f ${torRc} &
- '';
diff --git a/lass/2configs/tor-ssh.nix b/lass/2configs/tor-ssh.nix
deleted file mode 100644
index 8b36733e2..000000000
--- a/lass/2configs/tor-ssh.nix
+++ /dev/null
@@ -1,14 +0,0 @@
- services.tor = {
- enable = true;
- relay.onionServices.ssh = {
- version = 3;
- map = [{
- port = 22;
- target.port = 22;
- }];
- secretKey = <secrets/ssh-tor.priv>;
- };
- };
diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix
deleted file mode 100644
index d49ed6125..000000000
--- a/lass/2configs/tv.nix
+++ /dev/null
@@ -1,194 +0,0 @@
-{ config, pkgs, ... }: with import <stockholm/lib>; let
-nginxCfg = pkgs.writeText "nginx.conf" ''
- daemon off;
- pid /var/lib/rtmp/;
- events {
- use epoll;
- worker_connections 128;
- }
- error_log stderr info;
- http {
- client_body_temp_path /var/lib/rtmp/nginx_cache_client_body;
- proxy_temp_path /var/lib/rtmp/nginx_cache_proxy;
- fastcgi_temp_path /var/lib/rtmp/nginx_cache_fastcgi;
- uwsgi_temp_path /var/lib/rtmp/nginx_cache_uwsgi;
- scgi_temp_path /var/lib/rtmp/nginx_cache_scgi;
- server {
- listen 8080;
- root /var/lib/rtmp;
- access_log stderr;
- error_log stderr;
- # This URL provides RTMP statistics in XML
- location /stat {
- rtmp_stat all;
- }
- }
- }
- rtmp {
- server {
- access_log stderr;
- listen 1935;
- ping 30s;
- notify_method get;
- application stream {
- live on;
- hls on;
- hls_path /var/lib/rtmp/tmp/hls;
- hls_fragment 1;
- hls_playlist_length 10;
- dash on;
- dash_path /var/lib/rtmp/tmp/dash;
- }
- }
- }
-in {
- services.nginx = {
- enable = true;
- virtualHosts."" = {
- enableACME = true;
- addSSL = true;
- locations."/hls".extraConfig = ''
- # Serve HLS fragments
- types {
- application/ m3u8;
- video/mp2t ts;
- }
- root /var/lib/rtmp/tmp;
- # Allow CORS preflight requests
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain charset=UTF-8';
- add_header 'Content-Length' 0;
- return 204;
- }
- if ($request_method != 'OPTIONS') {
- add_header Cache-Control no-cache;
- # CORS setup
- add_header 'Access-Control-Allow-Origin' '*' always;
- add_header 'Access-Control-Expose-Headers' 'Content-Length';
- }
- '';
- locations."/dash".extraConfig = ''
- # Serve DASH fragments
- types {
- application/dash+xml mpd;
- video/mp4 mp4;
- }
- root /var/lib/rtmp/tmp;
- # Allow CORS preflight requests
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain charset=UTF-8';
- add_header 'Content-Length' 0;
- return 204;
- }
- if ($request_method != 'OPTIONS') {
- add_header Cache-Control no-cache;
- # CORS setup
- add_header 'Access-Control-Allow-Origin' '*' always;
- add_header 'Access-Control-Expose-Headers' 'Content-Length';
- }
- '';
- locations."= /dash.all.min.js".extraConfig = ''
- default_type "text/javascript";
- alias ${pkgs.fetchurl {
- url = "";
- sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c";
- }};
- '';
- locations."= /player".extraConfig = ''
- default_type "text/html";
- alias ${pkgs.writeText "player.html" ''
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="utf-8">
- <title>lassulus livestream</title>
- </head>
- <body>
- <div>
- <video id="player" controls></video>
- </video>
- </div>
- <script src="/dash.all.min.js"></script>
- <script>
- (function(){
- var url = "/dash/nixos.mpd";
- var player = dashjs.MediaPlayer().create();
- player.initialize(document.querySelector("#player"), url, true);
- })();
- </script>
- </body>
- </html>
- ''};
- '';
- locations."/records".extraConfig = ''
- autoindex on;
- root /var/lib/rtmp;
- '';
- };
- };
- fileSystems."/var/lib/rtmp/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = [ "nosuid" "nodev" "noatime" ];
- };
- users.users.rtmp = {
- home = "/var/lib/rtmp";
- uid = genid_uint31 "rtmp";
- isNormalUser = true;
- createHome = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- mic92.pubkey
- palo.pubkey
- ];
- };
- = {
- wantedBy = [ "" ];
- after = [ "" ];
- restartIfChanged = true;
- script = ''
- ${pkgs.nginx.override {
- modules = [
- pkgs.nginxModules.rtmp
- ];
- }}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp
- '';
- serviceConfig = {
- ExecStartPre = pkgs.writers.writeDash "setup-rtmp" ''
- mkdir -p /var/lib/rtmp/tmp/hls
- mkdir -p /var/lib/rtmp/tmp/dash
- chown rtmp:users /var/lib/rtmp/tmp/hls
- chown rtmp:users /var/lib/rtmp/tmp/dash
- chmod 755 /var/lib/rtmp/tmp/hls
- chmod 755 /var/lib/rtmp/tmp/dash
- '';
- User = "rtmp";
- };
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 1935"; target = "ACCEPT"; }
- ];
diff --git a/lass/2configs/ubik-host.nix b/lass/2configs/ubik-host.nix
deleted file mode 100644
index a4ad5e55e..000000000
--- a/lass/2configs/ubik-host.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, pkgs, ... }:
- krebs.sync-containers3.containers.ubik = {
- sshKey = "${toString <secrets>}/ubik.sync.key";
- };
- containers.ubik.bindMounts."/var/lib" = {
- hostPath = "/var/lib/sync-containers3/ubik/state";
- isReadOnly = false;
- };
- containers.ubik.bindMounts."/var/lib/nextcloud/data" = {
- hostPath = "/var/ubik";
- isReadOnly = false;
- };
- services.nginx.virtualHosts."" = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- recommendedProxySettings = true;
- proxyWebsockets = true;
- proxyPass = "http://ubik.r";
- extraConfig = ''
- client_max_body_size 9001M;
- '';
- };
- };
diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix
deleted file mode 100644
index 7dd59e0c3..000000000
--- a/lass/2configs/urxvt.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
- services.urxvtd.enable = true;
- krebs.xresources.resources.urxvt = ''
- URxvt.saveLines: 10000
- URxvt.scrollBar: false
- URxvt.urgentOnBell: true
- URxvt.perl-ext: default,matcher
- URxvt.url-launcher: /run/current-system/sw/bin/browser-select
- URxvt.matcher.pattern.1: \\bwww\\.[\\w-]+\\.[\\w./?&@#-]*[\\w/-]
- URxvt.keysym.M-Escape: perl:keyboard-select:activate
- URxvt.keysym.M-s: perl:keyboard-select:search
- URxvt.keysym.M-u: matcher:select
- URxvt.keysym.M-i: matcher:list
- URxvt.keysym.M-F1: command:\033]710;${config.lass.fonts.regular}\007\033]711;${config.lass.fonts.bold}\007
- URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=12\007\033]711;xft:Monospace:size=15:bold\007
- URxvt.keysym.M-F3: command:\033]710;xft:Monospace:size=18\007\033]711;xft:Monospace:size=20:bold\007
- URxvt.keysym.M-F4: command:\033]710;xft:Monospace:size=25\007\033]711;xft:Monospace:size=25:bold\007
- URxvt.keysym.M-F5: command:\033]710;xft:Monospace:size=30\007\033]711;xft:Monospace:size=30:bold\007
- URxvt.intensityStyles: false
- URxvt*background: #000000
- URxvt*foreground: #ffffff
- !change unreadable blue
- URxvt*color4: #268bd2
- URxvt*color0: #232342
- '';
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
deleted file mode 100644
index 210133f48..000000000
--- a/lass/2configs/vim.nix
+++ /dev/null
@@ -1,354 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- out = {
- environment.systemPackages = [
- (hiPrio vim)
- ];
- environment.etc.vimrc.source = vimrc;
- environment.variables.EDITOR = mkForce "vim";
- environment.variables.VIMINIT = ":so /etc/vimrc";
- };
- vimrc = pkgs.writeText "vimrc" ''
- set nocompatible
- set autoindent
- set backspace=indent,eol,start
- set backup
- set backupdir=${dirs.backupdir}/
- set directory=${dirs.swapdir}//
- set list listchars=tab:⇥\ ,extends:❯,precedes:❮,nbsp:␣,trail:· showbreak=¬
- set hlsearch
- set incsearch
- set ttymouse=sgr
- set mouse=a
- set ruler
- set pastetoggle=<INS>
- set runtimepath=${extra-runtimepath},$VIMRUNTIME
- set shortmess+=I
- set showcmd
- set showmatch
- set ttimeoutlen=0
- set undodir=${dirs.undodir}
- set undofile
- set undolevels=1000000
- set undoreload=1000000
- set viminfo='20,<1000,s100,h,n${files.viminfo}
- set visualbell
- set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
- set wildmenu
- set wildmode=longest,full
- set title
- set titleold=
- set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
- set et ts=2 sts=2 sw=2
- filetype plugin indent on
- set t_Co=256
- colorscheme dim
- syntax on
- au Syntax * syn match Garbage containedin=ALL /\s\+$/
- \ | syn match TabStop containedin=ALL /\t\+/
- \ | syn keyword Todo containedin=ALL TODO
- \ | syn match NBSP '\%xa0'
- \ | syn match NarrowNBSP '\%u202F'
- au BufRead,BufNewFile *.hs so ${hs.vim}
- au BufRead,BufNewFile *.nix so ${nix.vim}
- au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
- nnoremap <F5> :call LanguageClient_contextMenu()<CR>
- set hidden
- let g:LanguageClient_serverCommands = {
- \ 'python': ['pyls'],
- \ 'go': ['~/go/bin/go-langserver']
- \ }
- let g:LanguageClient_diagnosticsDisplay = {
- \ 1: { "signText": "E" },
- \ 2: { "signText": "W" }
- \ }
- nmap <esc>q :buffer
- nmap <M-q> :buffer
- cnoremap <C-A> <Home>
- noremap <C-c> :q<cr>
- vnoremap < <gv
- vnoremap > >gv
- nnoremap <esc>[5^ :tabp<cr>
- nnoremap <esc>[6^ :tabn<cr>
- nnoremap <esc>[5@ :tabm -1<cr>
- nnoremap <esc>[6@ :tabm +1<cr>
- nnoremap <f1> :tabp<cr>
- nnoremap <f2> :tabn<cr>
- inoremap <f1> <esc>:tabp<cr>
- inoremap <f2> <esc>:tabn<cr>
- " <C-{Up,Down,Right,Left>
- noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
- noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
- noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
- noremap <esc>Od <nop> | noremap! <esc>Od <nop>
- " <[C]S-{Up,Down,Right,Left>
- noremap <esc>[a <nop> | noremap! <esc>[a <nop>
- noremap <esc>[b <nop> | noremap! <esc>[b <nop>
- noremap <esc>[c <nop> | noremap! <esc>[c <nop>
- noremap <esc>[d <nop> | noremap! <esc>[d <nop>
- " search with ack
- let g:ackprg = 'ag --vimgrep'
- cnoreabbrev Ack Ack!
- " copy/paste from/to xclipboard
- set clipboard=unnamedplus
- " use fzf to switch files
- nnoremap <C-p> :FZF<CR>
- nnoremap <C-l> :Rg<CR>
- let g:fzf_layout = { 'down': '~15%' }
- '';
- extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
- pkgs.vimPlugins.undotree
- pkgs.vimPlugins.fzf-vim
- pkgs.vimPlugins.fzfWrapper
- (pkgs.vimUtils.buildVimPlugin {
- name = "file-line-1.0";
- src = pkgs.fetchFromGitHub {
- owner = "bogado";
- repo = "file-line";
- rev = "1.0";
- sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
- };
- })
- (pkgs.vimUtils.buildVimPlugin {
- name = "vim-dim-1.1.0";
- src = pkgs.fetchFromGitHub {
- owner = "jeffkreeftmeijer";
- repo = "vim-dim";
- rev = "1.1.0";
- sha256 = "sha256-lyTZUgqUEEJRrzGo1FD8/t8KBioPrtB3MmGvPeEVI/g=";
- };
- })
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "vim";
- in {
- name = "vim-syntax-${name}-1.0.0";
- destination = "/syntax/${name}.vim";
- text = /* vim */ ''
- ${concatMapStringsSep "\n" (s: /* vim */ ''
- syn keyword vimColor${s} ${s}
- \ containedin=ALLBUT,vimComment,vimLineComment
- hi vimColor${s} ctermfg=${s}
- '') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
- '';
- })))
- ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
- name = "showsyntax";
- in {
- name = "vim-plugin-${name}-1.0.0";
- destination = "/plugin/${name}.vim";
- text = /* vim */ ''
- if exists('g:loaded_showsyntax')
- finish
- endif
- let g:loaded_showsyntax = 0
- fu! ShowSyntax()
- let id = synID(line("."), col("."), 1)
- let name = synIDattr(id, "name")
- let transName = synIDattr(synIDtrans(id),"name")
- if name != transName
- let name .= " (" . transName . ")"
- endif
- echo "Syntax: " . name
- endfu
- command! -n=0 -bar ShowSyntax :call ShowSyntax()
- '';
- })))
- ];
- dirs = {
- backupdir = "$HOME/.cache/vim/backup";
- swapdir = "$HOME/.cache/vim/swap";
- undodir = "$HOME/.cache/vim/undo";
- };
- files = {
- viminfo = "$HOME/.cache/vim/info";
- };
- mkdirs = let
- dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
- in assert out != ""; out;
- alldirs = attrValues dirs ++ map dirOf (attrValues files);
- in unique (sort lessThan alldirs);
- vim = pkgs.symlinkJoin {
- name = "vim";
- paths = [
- (pkgs.writeDashBin "vim" ''
- set -efu
- (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
- exec ${pkgs.vim}/bin/vim "$@"
- '')
- pkgs.vim
- ];
- };
- hs.vim = pkgs.writeText "hs.vim" ''
- syn region String start=+\[[[:alnum:]]*|+ end=+|]+
- hi link ConId Identifier
- hi link VarId Identifier
- hi link hsDelimiter Delimiter
- '';
- nix.vim = pkgs.writeText "nix.vim" ''
- setf nix
- " Ref <nix/src/libexpr/lexer.l>
- syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
- syn match NixINT /\<[0-9]\+\>/
- syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
- syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
- syn region NixSTRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- syn region NixIND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
- syn match NixOther /[():/;=.,?\[\]]/
- syn match NixCommentMatch /\(^\|\s\)#.*/
- syn region NixCommentRegion start="/\*" end="\*/"
- hi link NixCode Statement
- hi link NixData Constant
- hi link NixComment Comment
- hi link NixCommentMatch NixComment
- hi link NixCommentRegion NixComment
- hi link NixID NixCode
- hi link NixINT NixData
- hi link NixPATH NixData
- hi link NixHPATH NixData
- hi link NixSPATH NixData
- hi link NixURI NixData
- hi link NixSTRING NixData
- hi link NixIND_STRING NixData
- hi link NixEnter NixCode
- hi link NixOther NixCode
- hi link NixQuote NixData
- syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
- syn cluster nix_ind_strings contains=NixIND_STRING
- syn cluster nix_strings contains=NixSTRING
- ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
- startAlts = filter isString [
- ''/\* ${lang} \*/''
- extraStart
- ];
- sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
- in /* vim */ ''
- syn include @nix_${lang}_syntax syntax/${lang}.vim
- unlet b:current_syntax
- syn match nix_${lang}_sigil
- \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
- \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
- \ transparent
- syn region nix_${lang}_region_STRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
- syn region nix_${lang}_region_IND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
- syn cluster nix_ind_strings
- \ add=nix_${lang}_region_IND_STRING
- syn cluster nix_strings
- \ add=nix_${lang}_region_STRING
- syn cluster nix_has_dollar_curly
- \ add=@nix_${lang}_syntax
- '') {
- c = {};
- cabal = {};
- haskell = {};
- sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
- vim.extraStart =
- ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
- })}
- " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
- syn clear shVarAssign
- syn region nixINSIDE_DOLLAR_CURLY
- \ matchgroup=NixEnter
- \ start="[$]{"
- \ end="}"
- \ contains=TOP
- \ containedin=@nix_has_dollar_curly
- \ transparent
- syn region nix_inside_curly
- \ matchgroup=NixEnter
- \ start="{"
- \ end="}"
- \ contains=TOP
- \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
- \ transparent
- syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
- \ containedin=@nix_ind_strings
- \ contained
- syn match NixQuote /\\./he=s+1
- \ containedin=@nix_strings
- \ contained
- syn sync fromstart
- let b:current_syntax = "nix"
- set isk=@,48-57,_,192-255,-,'
- '';
diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix
deleted file mode 100644
index cd270bdf8..000000000
--- a/lass/2configs/virtualbox.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, pkgs, ... }:
- mainUser = config.users.extraUsers.mainUser;
-in {
- #services.virtualboxHost.enable = true;
- = true;
- = false;
- users.extraUsers = {
- virtual = {
- name = "virtual";
- description = "user for running VirtualBox";
- home = "/home/virtual";
- useDefaultShell = true;
- extraGroups = [ "vboxusers" "audio" "video" ];
- createHome = true;
- };
- };
- security.sudo.extraConfig = ''
- ${} ALL=(virtual) NOPASSWD: ALL
- '';
diff --git a/lass/2configs/websites/default.nix b/lass/2configs/websites/default.nix
deleted file mode 100644
index ebf4d8345..000000000
--- a/lass/2configs/websites/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, lib, ... }:
-with import <stockholm/lib>;
- services.nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedTlsSettings = true;
- enableReload = true;
- virtualHosts.default = {
- locations."= /etc/os-release".extraConfig = ''
- default_type text/plain;
- alias /etc/os-release;
- '';
- };
- };
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
deleted file mode 100644
index 9d28bedc6..000000000
--- a/lass/2configs/websites/domsen.nix
+++ /dev/null
@@ -1,428 +0,0 @@
-{ config, pkgs, lib, ... }:
- inherit (import <stockholm/lib>)
- genid
- genid_uint31
- ;
- inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- servePage
- serveOwncloud
- serveWordpress;
- msmtprc = pkgs.writeText "msmtprc" ''
- account localhost
- host localhost
- account default: localhost
- '';
- sendmail = pkgs.writeDash "msmtp" ''
- exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
- '';
-in {
- imports = [
- ./default.nix
- ./sqlBackup.nix
- (servePage [ "" "" ])
- (servePage [ "" "" ])
- (servePage [ "" "" ])
- (servePage [ "" "" ])
- (servePage [ "" "" ])
- # (servePage [ "" "" ])
- (servePage [ "" "" ])
- (servePage [ "" ])
- (servePage [
- ""
- ""
- ])
- (serveOwncloud [ "" ])
- (serveWordpress [
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ])
- ];
- #
- services.mysql.settings.mysqld.innodb_read_only_compressed = 0;
- services.mysql.ensureDatabases = [ "ubikmedia_de" "o_ubikmedia_de" ];
- services.mysql.ensureUsers = [
- { ensurePermissions = { "ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
- { ensurePermissions = { "o_ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
- ];
- services.nginx.virtualHosts."".locations."/piwika".extraConfig = ''
- try_files $uri $uri/ /index.php?$args;
- '';
- lass.mysqlBackup.config.all.databases = [
- "ubikmedia_de"
- "o_ubikmedia_de"
- ];
- services.phpfpm.phpOptions = ''
- sendmail_path = ${sendmail} -t
- upload_max_filesize = 100M
- post_max_size = 100M
- file_uploads = on
- '';
- = [ "secret-nextcloud_pw.service" ];
- krebs.secret.files.nextcloud_pw = {
- path = "/run/";
- = "nextcloud";
- group-name = "nextcloud";
- source-path = toString <secrets> + "/nextcloud_pw";
- };
- services.nextcloud = {
- enable = true;
- enableBrokenCiphersForSSE = false;
- hostName = "";
- package = pkgs.nextcloud25;
- config = {
- adminpassFile = "/run/";
- overwriteProtocol = "https";
- };
- https = true;
- };
- services.nginx.virtualHosts."" = {
- enableACME = true;
- forceSSL = true;
- };
- # TODO: make into its own module
- services.roundcube = {
- enable = true;
- hostName = "";
- extraConfig = ''
- $config['smtp_debug'] = true;
- $config['smtp_host'] = "localhost:25";
- '';
- };
- services.dovecot2 = {
- enable = true;
- showPAMFailure = true;
- mailLocation = "maildir:~/Mail";
- sslServerCert = "/var/lib/acme/";
- sslServerKey = "/var/lib/acme/";
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport imaps"; target = "ACCEPT"; }
- ];
- environment.systemPackages = [
- (pkgs.writers.writeDashBin "debug_exim" ''
- set -ef
- export PATH="${lib.makeBinPath [ pkgs.coreutils ]}"
- echo "$@" >> /tmp/xxx
- /run/wrappers/bin/shadow_verify_arg "${config.lass.usershadow.pattern}" "$2" "$3" 2>>/tmp/xxx1
- echo "ok" >> /tmp/yyy
- exit 23
- '')
- ];
- krebs.exim-smarthost = {
- authenticators.PLAIN = ''
- driver = plaintext
- public_name = PLAIN
- server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
- '';
- authenticators.LOGIN = ''
- driver = plaintext
- public_name = LOGIN
- server_prompts = "Username:: : Password::"
- server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
- # server_condition = ''${run{/run/current-system/sw/bin/debug_exim ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
- '';
- internet-aliases = [
- { from = ""; to = "domsen"; }
- { from = ""; to = "domsen"; }
- { from = ""; to = "domsen"; }
- { from = ""; to = "domsen"; }
- { from = ""; to = "domsen"; }
- { from = ""; to = "bruno"; }
- { from = ""; to = "jla-trading"; }
- { from = ""; to = "jms"; }
- { from = ""; to = "ms"; }
- { from = ""; to = "domsen, jms, ms"; }
- { from = ""; to ="klabusterbeere"; }
- { from = ""; to ="kasia"; }
- { from = ""; to =""; }
- { from = ""; to = "testuser"; }
- { from = ""; to = "testuser"; }
- ];
- sender_domains = [
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ];
- dkim = [
- { domain = ""; }
- { domain = ""; }
- { domain = ""; }
- ];
- };
- users.users.UBIK-SFTP = {
- uid = genid_uint31 "UBIK-SFTP";
- home = "/home/UBIK-SFTP";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.xanf = {
- uid = genid_uint31 "xanf";
- group = "xanf";
- home = "/home/xanf";
- useDefaultShell = true;
- createHome = false; # creathome forces permissions
- isNormalUser = true;
- };
- users.users.domsen = {
- uid = genid_uint31 "domsen";
- description = "maintenance acc for domsen";
- home = "/home/domsen";
- useDefaultShell = true;
- extraGroups = [ "syncthing" "download" "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.bruno = {
- uid = genid_uint31 "bruno";
- home = "/home/bruno";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.jla-trading = {
- uid = genid_uint31 "jla-trading";
- home = "/home/jla-trading";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.jms = {
- uid = genid_uint31 "jms";
- home = "/home/jms";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- = {
- uid = genid_uint31 "ms";
- home = "/home/ms";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.testuser = {
- uid = genid_uint31 "testuser";
- home = "/home/testuser";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- #users.users.akayguen = {
- # uid = genid_uint31 "akayguen";
- # home = "/home/akayguen";
- # useDefaultShell = true;
- # createHome = true;
- # isNormalUser = true;
- #};
- users.users.bui = {
- uid = genid_uint31 "bui";
- home = "/home/bui";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.klabusterbeere = {
- uid = genid_uint31 "klabusterbeere";
- home = "/home/klabusterbeere";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.kasia = {
- uid = genid_uint31 "kasia";
- home = "/home/kasia";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.XANF_TEAM = {
- uid = genid_uint31 "XANF_TEAM";
- group = "xanf";
- home = "/home/XANF_TEAM";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.dif = {
- uid = genid_uint31 "dif";
- home = "/home/dif";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.lavafilms = {
- uid = genid_uint31 "lavafilms";
- home = "/home/lavafilms";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.movematchers = {
- uid = genid_uint31 "movematchers";
- home = "/home/movematchers";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.blackphoton = {
- uid = genid_uint31 "blackphoton";
- home = "/home/blackphoton";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.line = {
- uid = genid_uint31 "line";
- home = "/home/line";
- useDefaultShell = true;
- # extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
- users.users.avada = {
- uid = genid_uint31 "avada";
- home = "/home/avada";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- users.users.familienrat = {
- uid = genid_uint31 "familienrat";
- home = "/home/familienrat";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
- krebs.acl."/srv/http/"."u:familienrat:rwX" = {};
- krebs.acl."/srv/http"."u:familienrat:X" = {
- default = false;
- recursive = false;
- };
- users.groups.xanf = {};
- krebs.on-failure.plans.restic-backups-domsen = {
- journalctl = {
- lines = 1000;
- };
- };
- services.restic.backups.domsen = {
- initialize = true;
- repository = "/backups/domsen";
- passwordFile = toString <secrets> + "/domsen_backup_pw";
- timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
- paths = [
- "/home/domsen/Mail"
- "/home/ms/Mail"
- "/home/klabusterbeere/Mail"
- "/home/jms/Mail"
- "/home/kasia/Mail"
- "/home/bruno/Mail"
- "/home/akayguen/Mail"
- "/backups/sql_dumps"
- ];
- };
- services.syncthing.declarative.folders = {
- domsen-backups = {
- path = "/backups/domsen";
- devices = [ "domsen-backup" ];
- };
- domsen-backup-srv-http = {
- path = "/srv/http";
- devices = [ "domsen-backup" ];
- };
- };
- system.activationScripts.domsen-backups = ''
- ${pkgs.coreutils}/bin/chmod 750 /backups
- '';
- # takes too long!!
- # krebs.acl."/srv/http"."u:syncthing:rwX" = {};
- # krebs.acl."/srv/http"."u:nginx:rwX" = {};
- # krebs.acl."/srv/http/"."u:avada:rwX" = {};
- krebs.acl."/home/xanf/XANF_TEAM"."g:xanf:rwX" = {};
- krebs.acl."/home/xanf"."g:xanf:X" = {
- default = false;
- recursive = false;
- };
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
deleted file mode 100644
index 9440413aa..000000000
--- a/lass/2configs/websites/lassulus.nix
+++ /dev/null
@@ -1,74 +0,0 @@
-{ config, pkgs, lib, ... }:
-with lib;
- inherit (import <stockholm/lib>)
- genid_uint31
- ;
-in {
- imports = [
- ./default.nix
- ];
- security.acme = {
- email = "";
- acceptTerms = true;
- certs."" = {
- group = "lasscert";
- };
- };
- users.groups.lasscert.members = [
- "dovecot2"
- "exim"
- "nginx"
- ];
- services.nginx.virtualHosts."" = {
- addSSL = true;
- enableACME = true;
- default = true;
- locations."/".extraConfig = ''
- root /srv/http/;
- '';
- locations."= /retiolum-hosts.tar.bz2".extraConfig = ''
- alias ${config.krebs.tinc.retiolum.hostsArchive};
- '';
- locations."= /hosts".extraConfig = ''
- alias ${pkgs.krebs-hosts_combined};
- '';
- locations."= /retiolum.hosts".extraConfig = ''
- alias ${pkgs.krebs-hosts-retiolum};
- '';
- locations."= /wireguard-key".extraConfig = ''
- alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
- '';
- locations."= /krebspage".extraConfig = ''
- default_type "text/html";
- alias ${pkgs.krebspage}/index.html;
- '';
- locations."= /init".extraConfig = let
- initscript = pkgs.init.override {
- pubkey = config.krebs.users.lass.pubkey;
- };
- in ''
- alias ${initscript}/bin/init;
- '';
- locations."= /".extraConfig = ''
- alias ${pkgs.writeText "pub" config.krebs.users.lass-blue.pubkey};
- '';
- locations."= /".extraConfig = ''
- alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pubkey};
- '';
- locations."= /".extraConfig = ''
- alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pgp.pubkeys.default};
- '';
- locations."= /ip".extraConfig = ''
- return 200 '$remote_addr';
- '';
- };
diff --git a/lass/2configs/websites/ b/lass/2configs/websites/
deleted file mode 100644
index 14ce58b8e..000000000
--- a/lass/2configs/websites/
+++ /dev/null
@@ -1,89 +0,0 @@
-{ config, lib, pkgs, ... }:
- services.nginx.virtualHosts."" = {
- enableACME = true;
- locations."/" = {
- proxyPass = "http://localhost:4626";
- extraConfig = ''
- proxy_http_version 1.1;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header Upgrade $http_upgrade;
- proxy_cache_bypass $http_upgrade;
- '';
- };
- locations."/static/" = {
- alias = "/var/lib/";
- };
- forceSSL = true;
- };
-"" = {
- wantedBy = [ "" ];
- environment = {
- PRODUCTION = "yip";
- DATA_DIR = "/var/lib/";
- PORT = "4626";
- STATIC_ROOT = "/var/lib/";
- };
- path = with pkgs; [
- git
- gnutar
- gzip
- nix
- ];
- serviceConfig = {
- ExecStartPre = [
- "${pkgs.coreutils}/bin/mkdir -p /var/lib/"
- "${pkgs.coreutils}/bin/mkdir -p /var/lib/"
- "${pkgs.coreutils}/bin/mkdir -p /var/lib/"
- ];
- ExecStart = pkgs.writers.writeDash "nixify" ''
- cd code
- if test -e shell.nix; then
- ${pkgs.nix}/bin/nix-shell -I /var/src --run serve
- else
- echo 'no shell.nix, bailing out'
- exit 0
- fi
- '';
- LoadCredential = [
- "django-secret.key:${toString <secrets>}/"
- ];
- User = "";
- WorkingDirectory = "/var/lib/";
- StateDirectory = "";
- Restart = "always";
- RestartSec = "100s";
- };
- };
-"" = {
- serviceConfig = {
- Type = "oneshot";
- ExecStart = "${pkgs.systemd}/bin/systemctl restart";
- };
- };
- systemd.paths."" = {
- wantedBy = [ "" ];
- pathConfig.PathChanged = [
- "/var/lib/"
- "/var/src/nixpkgs"
- ];
- };
- users.users."" = {
- isSystemUser = true;
- uid = "";
- openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6fu6LtyRdk++qIBpP0BdZQHSTqzNNlvp7ML2Dv0IxD"
- config.krebs.users.lass.pubkey
- ];
- group = "nginx";
- home = "/var/lib/";
- useDefaultShell = true;
- };
diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix
deleted file mode 100644
index c9783bece..000000000
--- a/lass/2configs/websites/sqlBackup.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, lib, pkgs, ... }:
- krebs.secret.files.mysql_rootPassword = {
- path = "${}/mysql_rootPassword";
- = "mysql";
- source-path = toString <secrets> + "/mysql_rootPassword";
- };
- services.mysql = {
- enable = true;
- dataDir = "/var/mysql";
- package = pkgs.mariadb;
- };
- = {
- after = [
- config.krebs.secret.files.mysql_rootPassword.service
- ];
- partOf = [
- config.krebs.secret.files.mysql_rootPassword.service
- ];
- };
- lass.mysqlBackup = {
- enable = true;
- config.all = {};
- };
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
deleted file mode 100644
index bffa1036b..000000000
--- a/lass/2configs/websites/util.nix
+++ /dev/null
@@ -1,246 +0,0 @@
-{ lib, pkgs, ... }:
-with lib;
-rec {
- ssl = domains :
- let
- domain = head domains;
- in {
- };
- servePage = domains:
- let
- domain = head domains;
- in {
- services.nginx.virtualHosts.${domain} = {
- enableACME = true;
- addSSL = true;
- serverAliases = domains;
- locations."/".extraConfig = ''
- root /srv/http/${domain};
- '';
- };
- };
- servephpBB = domains:
- let
- domain = head domains;
- in {
- services.nginx.virtualHosts."${domain}" = {
- serverAliases = domains;
- extraConfig = ''
- index index.php;
- root /srv/http/${domain}/;
- access_log /tmp/nginx_acc.log;
- error_log /tmp/nginx_err.log;
- error_page 404 /404.html;
- error_page 500 502 503 504 /50x.html;
- client_max_body_size 100m;
- '';
- locations."/".extraConfig = ''
- try_files $uri $uri/ /index.php?$args;
- '';
- locations."~ \.php(?:$|/)".extraConfig = ''
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- include ${pkgs.nginx}/conf/fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param HTTPS on;
- fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
- fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
- fastcgi_intercept_errors on;
- '';
- #Directives to send expires headers and turn off 404 error logging.
- locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
- access_log off;
- log_not_found off;
- expires max;
- '';
- };
- services.phpfpm.pools."${domain}" = {
- user = "nginx";
- group = "nginx";
- extraConfig = ''
- listen = /srv/http/${domain}/phpfpm.pool
- pm = dynamic
- pm.max_children = 25
- pm.start_servers = 5
- pm.min_spare_servers = 3
- pm.max_spare_servers = 20
- listen.owner = nginx
- = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
- };
- };
- serveOwncloud = domains:
- let
- domain = head domains;
- in {
- services.nginx.virtualHosts."${domain}" = {
- enableACME = true;
- addSSL = true;
- serverAliases = domains;
- extraConfig = ''
- # Add headers to serve security related headers
- add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header X-Download-Options noopen;
- add_header X-Permitted-Cross-Domain-Policies none;
- # Path to the root of your installation
- root /srv/http/${domain}/;
- # set max upload size
- client_max_body_size 10G;
- fastcgi_buffers 64 4K;
- fastcgi_read_timeout 120;
- # Disable gzip to avoid the removal of the ETag header
- gzip off;
- # Uncomment if your server is build with the ngx_pagespeed module
- # This module is currently not supported.
- #pagespeed off;
- index index.php;
- error_page 403 /core/templates/403.php;
- error_page 404 /core/templates/404.php;
- rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
- rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
- # The following 2 rules are only needed for the user_webfinger app.
- # Uncomment it if you're planning to use this app.
- rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
- rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
- '';
- locations."/robots.txt".extraConfig = ''
- allow all;
- log_not_found off;
- access_log off;
- '';
- locations."~ ^/(build|tests|config|lib|3rdparty|templates|data)/".extraConfig = ''
- deny all;
- '';
- locations."~ ^/(?:autotest|occ|issue|indie|db_|console)".extraConfig = ''
- deny all;
- '';
- locations."/".extraConfig = ''
- rewrite ^/remote/(.*) /remote.php last;
- rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
- try_files $uri $uri/ =404;
- '';
- locations."~ \.php(?:$|/)".extraConfig = ''
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- include ${pkgs.nginx}/conf/fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param HTTPS on;
- fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
- fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
- fastcgi_intercept_errors on;
- '';
- # Adding the cache control header for js and css files
- # Make sure it is BELOW the location ~ \.php(?:$|/) { block
- locations."~* \.(?:css|js)$".extraConfig = ''
- add_header Cache-Control "public, max-age=7200";
- # Add headers to serve security related headers
- add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- # Optional: Don't log access to assets
- access_log off;
- '';
- # Optional: Don't log access to other assets
- locations."~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$".extraConfig = ''
- access_log off;
- '';
- };
- services.phpfpm.pools."${domain}" = {
- user = "nginx";
- group = "nginx";
- extraConfig = ''
- listen = /srv/http/${domain}/phpfpm.pool
- pm = dynamic
- pm.max_children = 32
- pm.max_requests = 500
- pm.start_servers = 2
- pm.min_spare_servers = 2
- pm.max_spare_servers = 5
- listen.owner = nginx
- = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
- };
- };
- serveWordpress = domains:
- let
- domain = head domains;
- in {
- services.nginx.virtualHosts."${domain}" = {
- enableACME = true;
- forceSSL = true;
- serverAliases = domains;
- extraConfig = ''
- root /srv/http/${domain}/;
- index index.php;
- access_log /tmp/nginx_acc.log;
- error_log /tmp/nginx_err.log;
- error_page 404 /404.html;
- error_page 500 502 503 504 /50x.html;
- client_max_body_size 100m;
- '';
- locations."/".extraConfig = ''
- try_files $uri $uri/ /index.php?$args;
- '';
- locations."~ \.php$".extraConfig = ''
- fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
- fastcgi_read_timeout 120;
- include ${pkgs.nginx}/conf/fastcgi.conf;
- '';
- #Directives to send expires headers and turn off 404 error logging.
- locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
- access_log off;
- log_not_found off;
- expires max;
- '';
- };
- services.phpfpm.pools."${domain}" = {
- user = "nginx";
- group = "nginx";
- extraConfig = ''
- listen = /srv/http/${domain}/phpfpm.pool
- pm = dynamic
- pm.max_children = 25
- pm.start_servers = 5
- pm.min_spare_servers = 3
- pm.max_spare_servers = 20
- listen.owner = nginx
- = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
- };
- };
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
deleted file mode 100644
index 10ca013f8..000000000
--- a/lass/2configs/weechat.nix
+++ /dev/null
@@ -1,221 +0,0 @@
-{ config, lib, pkgs, ... }: let
- weechat-configured = pkgs.weechat-declarative.override {
- config = {
- scripts = [
- pkgs.weechatScripts.weechat-matrix
- pkgs.weechatScripts.wee-slack
- ];
- settings = {
- irc.server_default.nicks = [ "lassulus" "hackulus" ];
- irc.server.bitlbee = {
- addresses = "localhost/6666";
- command = "msg &bitlbee identify \${}";
- };
- irc.server.hackint = {
- addresses = "";
- autojoin = [
- "#c3-gsm"
- "#panthermoderns"
- "#36c3"
- "#cccac"
- "#nixos"
- "#krebs"
- "#c-base"
- "#afra"
- "#tvl"
- "#eloop"
- "#systemdultras"
- "#rc3"
- "#krebs-announce"
- "#the_playlist"
- "#germany"
- "#hackint"
- "#dezentrale"
- "#hackerfleet \${}" # TODO support channel passwords in a cooler way
- ];
- ssl = true;
- sasl_fail = "reconnect";
- sasl_username = "lassulus";
- sasl_password = "\${}";
- };
- irc.server.r = {
- addresses = "irc.r";
- autojoin = [
- "#xxx"
- "#autowifi"
- "#brockman"
- "#flix"
- "#kollkoll"
- "#noise"
- "#mukke"
- ];
- sasl_fail = "reconnect";
- sasl_username = "lassulus";
- sasl_password = "\${}";
- anti_flood_prio_high = 0;
- anti_flood_prio_low = 0;
- };
- irc.server.libera = {
- addresses = "";
- autojoin = [
- "#shackspace"
- "#nixos"
- "#krebs"
- "#dezentrale"
- "#tinc"
- "#nixos-de"
- "#fysi"
- "#hillhacks"
- "#nixos-rc3"
- "#binaergewitter"
- "#hackerfleet"
- "#weechat"
- ];
- ssl = true;
- sasl_username = "lassulus";
- sasl_fail = "reconnect";
- sasl_password = "\${}";
- };
- = {
- addresses = "news.r";
- autojoin = [
- "#all"
- "#aluhut"
- "#querdenkos"
- "#news"
- "#drachengame"
- ];
- anti_flood_prio_high = 0;
- anti_flood_prio_low = 0;
- };
- matrix.server.lassulus = {
- address = "";
- username = "lassulus";
- password = "\${}";
- device_name = config.networking.hostName;
- };
- matrix.server.nixos_dev = {
- address = "";
- username = "";
- device_name = config.networking.hostName;
- sso_helper_listening_port = 55123;
- };
- plugins.var.python.go.short_name = true;
- plugins.var.python.go.short_name_server = true;
- plugins.var.python.go.fuzzy_search = true;
- = "xxx"; # secret?
- relay.port.weechat = 9998;
- relay.weechat.commands = "*,!exec,!quit";
- weechat.look.buffer_time_format = "%m-%d_%H:%M:%S";
- weechat.look.item_time_format = "%m-%d_%H:%M:%S";
- irc.look.color_nicks_in_names = true;
- irc.look.color_nicks_in_nicklist = true;
- logger.file.mask = "$plugin.$name/%Y-%m-%d.weechatlog";
- logger.file.path = "/var/state/weechat_logs";
- logger.look.backlog = 1000;
- weechat.notify.python.matrix.nixos_dev."!" = "none"; #c-base
- weechat.notify.python.matrix.nixos_dev."!" = "none"; #krebs
-"#all" = "highlight";
- # setting logger levels for channels is currently not possible declarativly
- # because of already defined
- logger.level.core.weechat = 0;
- logger.level.irc = 3;
- logger.level.python = 3;
- = 0;
- = 0;
- alias.cmd.reload = "exec -oc cat /etc/weechat.set";
- script.scripts.download_enabled = true;
- weechat.look.prefix_align = "left";
- weechat.look.prefix_align_max = 20;
- irc.look.server_buffer = "independent";
- matrix.look.server_buffer = "independent";
- = 20;
- weechat.color.chat_nick_colors = [
- 1 2 3 4 5 6 9
- 10 11 12 13 14
- 28 29
- 30 31 32 33 34 35 36 37 38 39
- 70
- 94
- 101 102 103 104 105 106 107
- 130 131 133 134 135 136 137
- 140 141 142 143
- 160 161 162 163 165 166 167 168 169
- 170 171 172 173 174 175
- 196 197 198 199
- 200 201 202 203 204 205 206 208 209 209
- 210 211 212
- ];
- };
- extraCommands = ''
- /script upgrade
- /script install
- /script install
- /script install
- /key bind meta-q /go
- /key bind meta-t /bar toggle nicklist
- /key bind meta-y /bar toggle buflist
- /filter addreplace irc_smart * irc_smart_filter *
- /filter addreplace playlist_topic irc.*.#the_playlist irc_topic *
- /filter addreplace xxx_joinpart irc.r.#xxx irc_join,irc_part,irc_quit *
- /set 0
- /set logger.level.python.server.nixos_dev = 0;
- /set logger.level.irc.hackint.#the_playlist = 0;
- /connect bitlbee
- /connect r
- /connect news
- /connect libera
- /connect hackint
- /matrix connect nixos_dev
- /matrix connect lassulus
- '';
- files."sec.conf" = toString (pkgs.writeText "sec.conf" ''
- [crypt]
- cipher = aes256
- hash_algo = sha256
- salt = on
- [data]
- __passphrase__ = on
- hackint_sasl = "5CA242E92E7A09B180711B50C4AE2E65C42934EB4E584EC82BC1281D8C72CD411D590C16CC435687C0DA13759873CC"
- libera_sasl = "9500B5AC3B29F9CAA273F1B89DC99550E038AF95C4B47442B1FB4CB9F0D6B86B26015988AD39E642CA9C4A78DED7F42D1F409B268C93E778"
- r_sasl = "CB6FB1421ED5A9094CD2C05462DB1FA87C4A675628ABD9AEC9928A1A6F3F96C07D9F26472331BAF80B7B73270680EB1BBEFD"
- c3-gsm = "C49DD845900CFDFA93EEBCE4F1ABF4A963EF6082B7DA6410FA701CC77A04BB6C201FCB864988C4F2B97ED7D44D5A28F162"
- matrix.server.nixos_dev.access_token = "C40FE41B9B7B73553D51D8FCBD53871E940FE7FCCAB543E7F4720A924B8E1D58E2B1E1F460F5476C954A223F78CCB956337F6529159C0ECD7CB0384C13CB7170FF1270A577B1C4FF744D20FCF5C708259896F8D9"
- bitlbee = "814ECAC59D9CF6E8340B566563E5D7E92AB92209B49C1EDE4CAAC32DD0DF1EC511D97C75E840C45D69BB9E3D03E79C"
- matrix_lassulus = "0CA5C0F70A9F893881370F4A665B4CC40FBB1A41E53BC94916CD92B029103528611EC0B390116BE60FA79AE10F486E96E17B0824BE2DE1C97D87B88F5407330DAD70C044147533C36B09B7030CAD97"
- '');
- };
- };
-in {
- users.users.mainUser.packages = [
- weechat-configured
- ];
- environment.etc."weechat.set".source = "${weechat-configured}/weechat.set";
- systemd.tmpfiles.rules = [
- "d /var/state/weechat_logs 0700 lass users -"
- "d /var/state/weechat 0700 lass users -"
- "d /var/state/weechat_cfg 0700 lass users -"
- "L+ /home/lass/.local/share/weechat - - - - ../../../../var/state/weechat"
- "L+ /home/lass/.config/weechat - - - - ../../../../var/state/weechat_cfg"
- ];
- = {
- wantedBy = [ "" ];
- restartIfChanged = false;
- serviceConfig = {
- User = "lass";
- RemainAfterExit = true;
- Type = "oneshot";
- LoadCredential = [
- "WEECHAT_PASSPHRASE:${toString <secrets>}/weechat_passphrase"
- ];
- ExecStart = "${pkgs.tmux}/bin/tmux -2 new-session -d -s IM ${weechat-configured}/bin/weechat";
- ExecStop = "${pkgs.tmux}/bin/tmux kill-session -t IM"; # TODO run save in weechat
- };
- };
diff --git a/lass/2configs/weron/client.nix b/lass/2configs/weron/client.nix
deleted file mode 100644
index 55bc8a0da..000000000
--- a/lass/2configs/weron/client.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, lib, pkgs, ... }:
- = {
- wantedBy = [ "" ];
- environment = {
- WERON_RADDR = "ws://";
- };
- serviceConfig = {
- ExecStart = pkgs.writers.writeDash "weron" ''
- ${pkgs.weron}/bin/weron vpn ip \
- --community krebs \
- --password aidsballs \
- --key aidsballs \
- --ips \
- --verbose 7 \
- --dev weron
- '';
- };
- };
diff --git a/lass/2configs/weron/signaler.nix b/lass/2configs/weron/signaler.nix
deleted file mode 100644
index 9e817583b..000000000
--- a/lass/2configs/weron/signaler.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, lib, pkgs, ... }:
- = {
- wantedBy = [ "" ];
- environment = {
- };
- serviceConfig = {
- ExecStart = ''${pkgs.weron}/bin/weron signaler --verbose=7 --laddr ":23420"'';
- };
- };
- networking.firewall.allowedTCPPorts = [ 23420 ];
diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix
deleted file mode 100644
index 5476624c9..000000000
--- a/lass/2configs/wine.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, pkgs, ... }:
- mainUser = config.users.extraUsers.mainUser;
-in {
- users.users= {
- wine = {
- home = "/home/wine";
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "video"
- ];
- createHome = true;
- packages = [
- pkgs.wineWowPackages.stable
- ];
- isNormalUser = true;
- };
- };
- security.sudo.extraConfig = ''
- ${} ALL=(wine) NOPASSWD: ALL
- '';
diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix
deleted file mode 100644
index a27e99ee2..000000000
--- a/lass/2configs/wiregrill.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }: let
- self =;
- isRouter = !isNull self.via;
-in mkIf (hasAttr "wiregrill" {
- #hack for modprobe inside containers
-"wireguard-wiregrill".path = mkIf config.boot.isContainer (mkBefore [
- (pkgs.writeDashBin "modprobe" ":")
- ]);
- boot.kernel.sysctl = mkIf isRouter {
- "net.ipv6.conf.all.forwarding" = 1;
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter (mkBefore [
- { predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
- { predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
- { predicate = "-i wiregrill -o eth0"; target = "ACCEPT"; }
- { predicate = "-o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- ]);
- = {
- matchConfig.Name = "wiregrill";
- address =
- (optional (!isNull self.ip4) "${self.ip4.addr}/16") ++
- (optional (!isNull self.ip6) "${self.ip6.addr}/48")
- ;
- };
- networking.wireguard.interfaces.wiregrill = {
- ips =
- (optional (!isNull self.ip4) self.ip4.addr) ++
- (optional (!isNull self.ip6) self.ip6.addr);
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wiregrill.key";
- allowedIPsAsRoutes = true;
- peers = mapAttrsToList
- (_: host: {
- allowedIPs = if isRouter then
- (optional (!isNull host.nets.wiregrill.ip4) host.nets.wiregrill.ip4.addr) ++
- (optional (!isNull host.nets.wiregrill.ip6) host.nets.wiregrill.ip6.addr)
- else
- host.nets.wiregrill.wireguard.subnets
- ;
- endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}");
- persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61;
- publicKey = (replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey);
- })
- (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts);
- };
diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix
deleted file mode 100644
index 02c551a2b..000000000
--- a/lass/2configs/xdg-open.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, pkgs, lib, ... }: with import <stockholm/lib>; let
- xdg-open-wrapper = pkgs.writeDashBin "xdg-open" ''
- exec ${xdg-open}/bin/xdg-open "$@" >> /tmp/xdg-debug.log 2>&1
- '';
- xdg-open = pkgs.writeBashBin "xdg-open" ''
- set -xe
- FILE="$1"
- PATH=/run/current-system/sw/bin
- mime=
- case "$FILE" in
- http://*|https://*)
- mime=text/html
- ;;
- mailto:*)
- mime=special/mailaddress
- ;;
- magnet:*)
- mime=application/x-bittorrent
- ;;
- irc:*)
- mime=x-scheme-handler/irc
- ;;
- *)
- # it’s a file
- # strip possible protocol
- FILE=''${FILE#file://}
- mime=''$(file -E --brief --mime-type "$FILE") \
- || (echo "$mime" 1>&2; exit 1)
- # ^ echo the error message of file
- ;;
- esac
- case "$mime" in
- special/mailaddress)
- alacritty --execute vim "$FILE" ;;
- text/html)
- firefox "$FILE" ;;
- text/xml)
- firefox "$FILE" ;;
- text/*)
- alacritty --execute vim "$FILE" ;;
- image/*)
- sxiv "$FILE" ;;
- application/x-bittorrent)
- env DISPLAY=:0 transgui "$FILE" ;;
- application/pdf)
- zathura "$FILE" ;;
- inode/directory)
- alacritty --execute mc "$FILE" ;;
- *)
- # open dmenu and ask for program to open with
- runner=$(print -rC1 -- ''${(ko)commands} | dmenu)
- exec $runner "$FILE";;
- esac
- '';
-in {
- environment.systemPackages = [ xdg-open-wrapper ];
- security.sudo.extraConfig = ''
- cr ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
- ff ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
- '';
diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix
deleted file mode 100644
index e2d9cff5d..000000000
--- a/lass/2configs/xmonad.nix
+++ /dev/null
@@ -1,222 +0,0 @@
-{ config, lib, pkgs, ... }:
- services.xserver.windowManager.xmonad = {
- enable = true;
- extraPackages = hs: [
- hs.extra
- hs.xmonad-contrib
- ];
- config = /* haskell */ ''
-{-# LANGUAGE LambdaCase #-}
-module Main where
-import XMonad
-import qualified XMonad.StackSet as W
-import Control.Monad.Extra (whenJustM)
-import Data.List (isInfixOf)
-import Data.Monoid (Endo)
-import System.Environment (getArgs, lookupEnv)
-import System.Exit (exitFailure)
-import System.IO (hPutStrLn, stderr)
-import System.Posix.Process (executeFile)
-import Data.Ratio
-import XMonad.Actions.CopyWindow (copy, copyToAll, kill1)
-import XMonad.Actions.CycleWS (toggleWS)
-import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
-import XMonad.Actions.DynamicWorkspaces (withWorkspace)
-import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
-import XMonad.Actions.Minimize (minimizeWindow, maximizeWindow, withLastMinimized)
-import XMonad.Hooks.EwmhDesktops (ewmh)
-import XMonad.Hooks.FloatNext (floatNext)
-import XMonad.Hooks.FloatNext (floatNextHook)
-import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
-import XMonad.Hooks.ManageHelpers (doCenterFloat, doRectFloat, (-?>))
-import XMonad.Hooks.Place (placeHook, smart)
-import XMonad.Hooks.UrgencyHook (focusUrgent)
-import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
-import XMonad.Layout.BoringWindows (boringWindows, focusDown, focusUp)
-import XMonad.Layout.FixedColumn (FixedColumn(..))
-import XMonad.Layout.Grid (Grid(..))
-import XMonad.Layout.Minimize (minimize)
-import XMonad.Layout.NoBorders (smartBorders)
-import XMonad.Layout.MouseResizableTile (mouseResizableTile)
-import XMonad.Layout.SimplestFloat (simplestFloat)
-import XMonad.Layout.StateFull
-import XMonad.ManageHook (composeAll)
-import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
-import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
-import XMonad.Util.EZConfig (additionalKeysP)
-import XMonad.Util.NamedWindows (getName)
-import XMonad.Util.Run (safeSpawn)
-import XMonad.Util.Ungrab (unGrab)
-import XMonad.Util.Paste (pasteSelection)
-data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
-instance UrgencyHook LibNotifyUrgencyHook where
- urgencyHook LibNotifyUrgencyHook w = do
- name <- getName w
- Just idx <- fmap (W.findTag w) $ gets windowset
- safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx]
-myTerm :: FilePath
-myTerm = "/run/current-system/sw/bin/alacritty"
-myFont :: String
-myFont = "${config.lass.fonts.regular}"
-main :: IO ()
-main = do
- xmonad $ ewmh
- $ withUrgencyHook LibNotifyUrgencyHook
- $ def
- { terminal = myTerm
- , modMask = mod4Mask
- , layoutHook = smartBorders $ myLayoutHook
- , manageHook = floatHooks
- , startupHook =
- whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
- (\path -> forkFile path [] Nothing)
- , normalBorderColor = "#1c1c1c"
- , focusedBorderColor = "#ff0000"
- , workspaces = [ "dashboard", "sys", "wp" ]
- } `additionalKeysP` myKeyMap
-myLayoutHook = defLayout
- where
- defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| StateFull ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid)
-floatHooks = composeAll
- [ className =? "Pinentry" --> doCenterFloat
- , className =? "Pager" --> doCenterFloat
- , title =? "pager" --> doCenterFloat
- , title =? "fzfmenu" --> doCenterFloat
- , title =? "glxgears" --> doCenterFloat
- , resource =? "Dialog" --> doFloat
- , title =? "Upload to Imgur" -->
- doRectFloat (W.RationalRect 0 0 (1 % 8) (1 % 8))
- , placeHook (smart (1,0))
- , floatNextHook
- ]
-myKeyMap :: [([Char], X ())]
-myKeyMap =
- [ ("M4-p", forkFile "${pkgs.pass}/bin/passmenu" [ "--type" ] Nothing)
- , ("M4-S-p", forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing)
- , ("M4-z", forkFile "${pkgs.unimenu}/bin/unimenu" [] Nothing)
- , ("M4-S-q", restart "xmonad" True)
- , ("<XF86AudioMute>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
- , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
- , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
- , ("<XF86MonBrightnessDown>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -dec 1")
- , ("<XF86MonBrightnessUp>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -inc 1")
- , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill")
- , ("M4-<Tab>", focusDown)
- , ("M4-S-<Tab>", focusUp)
- , ("M4-j", focusDown)
- , ("M4-k", focusUp)
- , ("M4-a", focusUrgent)
- , ("M4-S-r", renameWorkspace myXPConfig)
- , ("M4-S-a", addWorkspacePrompt myXPConfig)
- , ("M4-S-<Backspace>", removeEmptyWorkspace)
- , ("M4-S-c", kill1)
- , ("M4-<Esc>", toggleWS)
- , ("M4-S-<Enter>", spawn myTerm)
- , ("M4-x", floatNext True >> spawn myTerm)
- , ("M4-c", spawn "/run/current-system/sw/bin/emacsclient -c")
- -- , ("M4-c", unGrab)
- , ("M4-f", floatNext True)
- , ("M4-b", spawn "/run/current-system/sw/bin/klem")
- , ("M4-v", spawn "${pkgs.pager}/bin/pager view")
- -- , ("M4-S-v", spawn "${pkgs.pager}/bin/pager shift")
- , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift))
- , ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
- , ("M4-m", withFocused minimizeWindow)
- , ("M4-S-m", withLastMinimized maximizeWindow)
- , ("M4-q", windowPromptGoto infixAutoXPConfig)
- , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)
- , ("M4-S-q", return ())
- , ("M4-d", floatNext True >> spawn "${pkgs.writers.writeDash "clipmenu" ''
- PATH=${lib.makeBinPath [
- pkgs.coreutils
- pkgs.gawk
- pkgs.dmenu
- ]}
- ${pkgs.clipmenu}/bin/clipmenu
- ''}")
- , ("M4-<Insert>", spawn "${pkgs.writeDash "paste" ''
- ${pkgs.coreutils}/bin/sleep 0.4
- ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f -
- ''}")
- , ("M4-<F1>", spawn "/run/current-system/sw/bin/gamepad_mouse_toggle")
- , ("M4-<F2>", windows copyToAll)
- , ("M4-<F4>", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu")
- , ("M4-<F5>", spawn "${pkgs.acpilight}/bin/xbacklight -set 1")
- , ("M4-<F6>", spawn "${pkgs.acpilight}/bin/xbacklight -set 10")
- , ("M4-<F7>", spawn "${pkgs.acpilight}/bin/xbacklight -set 33")
- , ("M4-<F8>", spawn "${pkgs.acpilight}/bin/xbacklight -set 100")
- , ("M4-<F9>", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8")
- , ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x")
- , ("M4-<F11>", spawn "${config.lass.screenlock.command}")
- , ("M4-u", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
- , ("M4-y", spawn "/run/current-system/sw/bin/switch-theme toggle")
- ${lib.optionalString (builtins.hasAttr "warpd" pkgs) '', ("M4-s", spawn "${pkgs.warpd}/bin/warpd --hint")''}
- , ("M4-i", spawn "/run/current-system/sw/bin/screenshot")
- , ("S-<F12>", pasteSelection)
- --, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
- --, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
- --, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView))
- ]
-forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
-forkFile path args env =
- xfork (executeFile path True args env) >> return ()
-myXPConfig :: XPConfig
-myXPConfig = def
- { font = myFont
- }
-autoXPConfig :: XPConfig
-autoXPConfig = myXPConfig
- { autoComplete = Just 5000
- }
-infixAutoXPConfig :: XPConfig
-infixAutoXPConfig = autoXPConfig
- { searchPredicate = isInfixOf
- }
-gridConfig :: GSConfig WorkspaceId
-gridConfig = def
- { gs_cellwidth = 100
- , gs_cellheight = 30
- , gs_cellpadding = 2
- , gs_navigate = navNSearch
- , gs_font = myFont
- }
- '';
- };
diff --git a/lass/2configs/xonsh.nix b/lass/2configs/xonsh.nix
deleted file mode 100644
index 23ed28847..000000000
--- a/lass/2configs/xonsh.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ config, lib, pkgs, ... }:
- environment.systemPackages = [
- pkgs.xonsh
- pkgs.xonsh2
- ];
diff --git a/lass/2configs/yellow-mounts/samba.nix b/lass/2configs/yellow-mounts/samba.nix
deleted file mode 100644
index e16f1cc47..000000000
--- a/lass/2configs/yellow-mounts/samba.nix
+++ /dev/null
@@ -1,15 +0,0 @@
- fileSystems."/mnt/yellow" = {
- device = "//yellow.r/public";
- fsType = "cifs";
- options = [
- "guest"
- "nofail"
- "noauto"
- "ro"
- "x-systemd.automount"
- "x-systemd.device-timeout=1"
- "x-systemd.idle-timeout=1min"
- ];
- };
- }
diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix
deleted file mode 100644
index bf6a587af..000000000
--- a/lass/2configs/yubikey.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-{ config, lib, pkgs, ... }:
- environment.systemPackages = with pkgs; [
- yubikey-personalization
- yubikey-manager
- pinentry-curses pinentry-qt
- ];
- services.udev.packages = with pkgs; [ yubikey-personalization ];
- systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "" ];
- services.pcscd.enable = true;
- = pkgs.writers.writeDash "init_gpg" ''
- set -x
- mkdir -p $HOME/.gnupg
- ${pkgs.coreutils}/bin/ln -sf ${pkgs.writeText "scdaemon.conf" ''
- disable-ccid
- pcsc-driver ${pkgs.pcsclite.out}/lib/
- card-timeout 1
- # Always try to use yubikey as the first reader
- # even when other smart card readers are connected
- # Name of the reader can be found using the pcsc_scan command
- # If you have problems with gpg not recognizing the Yubikey
- # then make sure that the string here matches exacly pcsc_scan
- # command output. Also check journalctl -f for errors.
- reader-port Yubico YubiKey
- ''} $HOME/.gnupg/scdaemon.conf
- '';
- = pkgs.writers.writeDash "init_gpg" ''
- ${pkgs.gnupg}/bin/gpg --import ${../../kartei/lass/pgp/yubikey.pgp} >/dev/null
- echo -e '5\ny\n' | gpg --command-fd 0 --expert --edit-key DBCD757846069B392EA9401D6657BE8A8D1EE807 trust >/dev/null || :
- '';
- security.polkit.extraConfig = ''
- polkit.addRule(function(action, subject) {
- if (
- (
- == "org.debian.pcsc-lite.access_pcsc" ||
- == "org.debian.pcsc-lite.access_card"
- ) && subject.user == "lass"
- ) {
- return polkit.Result.YES;
- }
- });
- polkit.addRule(function(action, subject) {
- polkit.log("subject: " + subject + " action: " + action);
- });
- '';
- environment.shellInit = ''
- if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then
- export GPG_TTY="$(tty)"
- mkdir -p $HOME/.gnupg
- gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
- export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
- if [ -z "$SSH_AUTH_SOCK" ]; then
- export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
- fi
- fi
- '';
- # allow nix to acces remote builders via yubikey
- = "/run/user/1337/gnupg/S.gpg-agent.ssh";
- programs = {
- ssh.startAgent = false;
- gnupg.agent = {
- enable = true;
- pinentryFlavor = "qt";
- # enableSSHSupport = true;
- };
- };
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
deleted file mode 100644
index f77aa258b..000000000
--- a/lass/2configs/zsh.nix
+++ /dev/null
@@ -1,144 +0,0 @@
-{ config, lib, pkgs, ... }:
- environment.systemPackages = with pkgs; [
- atuin
- direnv
- fzf
- ];
- environment.variables.ATUIN_CONFIG_DIR = toString (pkgs.writeTextDir "/config.toml" ''
- auto_sync = true
- update_check = false
- sync_address = "http://green.r:8888"
- sync_frequency = 0
- style = "compact"
- '');
- programs.zsh = {
- enable = true;
- shellInit = ''
- #disable config wizard
- zsh-newuser-install() { :; }
- '';
- interactiveShellInit = ''
- unsetopt nomatch # no matches found urls
- setopt autocd extendedglob
- bindkey -e
- # # setopt inc_append_history
- # bindkey '^R' history-incremental-search-backward
- #C-x C-e open line in editor
- autoload -z edit-command-line
- zle -N edit-command-line
- bindkey "^X^E" edit-command-line
- #fzf inclusion
- source ${pkgs.fzf}/share/fzf/completion.zsh
- source ${pkgs.fzf}/share/fzf/key-bindings.zsh
- # atuin distributed shell history
- export ATUIN_NOBIND="true" # disable all keybdinings of atuin
- eval "$(atuin init zsh)"
- bindkey '^r' _atuin_search_widget # bind ctrl+r to atuin
- # use zsh only session history
- fc -p
- #completion magic
- autoload -Uz compinit
- compinit
- zstyle ':completion:*' menu select
- #enable automatic rehashing of $PATH
- zstyle ':completion:*' rehash true
- # fancy mv which interactively gets the second argument if not given
- function mv() {
- if [[ "$#" -ne 1 ]] || [[ ! -e "$1" ]]; then
- command mv -v "$@"
- return
- fi
- newfilename="$1"
- vared newfilename
- command mv -v -- "$1" "$newfilename"
- }
- #beautiful colors
- eval $(dircolors -b ${pkgs.fetchFromGitHub {
- owner = "trapd00r";
- repo = "LS_COLORS";
- rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
- sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
- zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
- #emacs bindings
- bindkey "[7~" beginning-of-line
- bindkey "[8~" end-of-line
- bindkey "Oc" emacs-forward-word
- bindkey "Od" emacs-backward-word
- # direnv integration
- eval "$(${pkgs.direnv}/bin/direnv hook zsh)"
- '';
- promptInit = ''
- autoload -U promptinit
- promptinit
- p_error='%(?..%F{red}%?%f )'
- t_error='%(?..%? )'
- case $UID in
- 0)
- p_username='%F{red}root%f'
- t_username='root'
- ;;
- 1337)
- p_username=""
- t_username=""
- ;;
- *)
- p_username='%F{blue}%n%f'
- t_username='%n'
- ;;
- esac
- if test -n "$SSH_CLIENT"; then
- p_hostname='@%F{magenta}%M%f '
- t_hostname='@%M '
- else
- p_hostname=""
- t_hostname=""
- fi
- #check if in nix shell
- if test -n "$IN_NIX_SHELL"; then
- p_nixshell='%F{green}[s]%f '
- t_nixshell='[s] '
- else
- p_nixshell=""
- t_nixshell=""
- fi
- PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ "
- TITLE="$t_error$t_username$t_hostname$t_nixshell%~"
- case $TERM in
- (*xterm* | *rxvt*)
- function precmd {
- PROMPT_EVALED=$(print -P "$TITLE")
- echo -ne "\033]0;$$ $PROMPT_EVALED\007"
- }
- # This seems broken for some reason
- # # This is seen while the shell waits for a command to complete.
- # function preexec {
- # PROMPT_EVALED=$(print -P "$TITLE")
- # echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
- # }
- ;;
- esac
- '';
- };
- environment.shellAliases.ns = "nix-shell --command zsh";
- users.defaultUserShell = "/run/current-system/sw/bin/zsh";
diff --git a/lass/3modules/autowifi.nix b/lass/3modules/autowifi.nix
deleted file mode 100644
index 9aa1a2d28..000000000
--- a/lass/3modules/autowifi.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- cfg = config.lass.autowifi;
-in {
- options.lass.autowifi = {
- enable = mkEnableOption "automatic wifi connector";
- knownWifisFile = mkOption {
- type = types.str;
- default = "/etc/wifis";
- };
- enablePrisonBreak = mkOption {
- type = types.bool;
- default = false;
- };
- };
- config = lib.mkIf cfg.enable {
- = {
- description = "Automatic wifi connector";
- wantedBy = [ "" ];
- path = [ pkgs.networkmanager ];
- serviceConfig = {
- Type = "simple";
- Restart = "always";
- RestartSec = "10s";
- ExecStart = "${autowifi}/bin/autowifi";
- };
- };
- networking.networkmanager.dispatcherScripts = mkIf cfg.enablePrisonBreak [
- { source = "${pkgs.callPackage <stockholm/makefu/5pkgs/prison-break}/bin/prison-break"; }
- ];
- };
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
deleted file mode 100644
index 4082c8bd2..000000000
--- a/lass/3modules/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
- imports = [
- ../../submodules/disko/module.nix
- ./dnsmasq.nix
- ./drbd.nix
- ./folderPerms.nix
- ./hosts.nix
- ./klem.nix
- ./mysql-backup.nix
- ./news.nix
- ./nichtparasoup.nix
- ./pyload.nix
- ./screenlock.nix
- ./usershadow.nix
- ./autowifi.nix
- ];
diff --git a/lass/3modules/dnsmasq.nix b/lass/3modules/dnsmasq.nix
deleted file mode 100644
index 83a9cb180..000000000
--- a/lass/3modules/dnsmasq.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ config, lib, pkgs, ... }:
-with builtins;
-with lib;
- cfg = config.lass.dnsmasq;
- out = {
- options.lass.dnsmasq = api;
- config = mkIf cfg.enable imp;
- };
- api = {
- enable = mkEnableOption "dnsmasq";
- config = mkOption {
- type = types.str;
- #TODO: find a good default
- default = ''
- '';
- description = "configuration dnsmasq is started with";
- };
- };
- configFile = pkgs.writeText "dnsmasq.conf" cfg.config;
- imp = {
- = {
- description = "dnsmasq";
- after = [ "" ];
- wantedBy = [ "" ];
- path = with pkgs; [
- dnsmasq
- ];
- restartIfChanged = true;
- serviceConfig = {
- Restart = "always";
- ExecStart = "${pkgs.dnsmasq}/bin/dnsmasq -k -C ${configFile}";
- };
- };
- };
-in out
diff --git a/lass/3modules/drbd.nix b/lass/3modules/drbd.nix
deleted file mode 100644
index b933158a5..000000000
--- a/lass/3modules/drbd.nix
+++ /dev/null
@@ -1,159 +0,0 @@
-{ config, lib, pkgs, ... }: let
- cfg = config.lass.drbd;
- slib = import <stockholm/lib>;
-in {
- options = {
- lass.drbd = lib.mkOption {
- default = {};
- type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: {
- options = {
- name = lib.mkOption {
- type = lib.types.str;
- default =;
- };
- blockMinor = lib.mkOption {
- type =;
- default = lib.mod (slib.genid 16000; # TODO get max_id fron drbd
- };
- port = lib.mkOption {
- type =;
- default = 20000 + config.blockMinor;
- };
- peers = lib.mkOption {
- type = lib.types.listOf;
- };
- disk = lib.mkOption {
- type = lib.types.str;
- default = "/dev/loop${toString config.blockMinor}";
- };
- drbdConfig = lib.mkOption {
- type = lib.types.path;
- internal = true;
- default = pkgs.writeText "drbd-${}.conf" ''
- resource ${} {
- net {
- protocol a;
- ping-int 10;
- csums-alg crc32c;
- connect-int 3;
- after-sb-0pri discard-older-primary;
- after-sb-1pri discard-secondary;
- # seems to be drbd-proxy premium feature
- on-congestion pull-ahead;
- congestion-fill 1G;
- congestion-extents 500;
- sndbuf-size 10M;
- max-epoch-size 20000;
- }
- device minor ${toString config.blockMinor};
- disk ${config.disk};
- meta-disk internal;
- ${slib.indent (lib.concatStrings (lib.imap1 (i: peer: /* shell */ ''
- on ${} {
- address ${peer.nets.retiolum.ip4.addr}:${toString config.port};
- node-id ${toString i};
- }
- '') config.peers))}
- connection-mesh {
- hosts ${lib.concatMapStringsSep " " (peer: config.peers};
- }
- }
- '';
- };
- };
- }));
- };
- };
- config = lib.mkIf (cfg != {}) {
- boot.extraModulePackages = [
- (pkgs.linuxPackages.callPackage ../5pkgs/drbd9/default.nix {})
- ];
- boot.extraModprobeConfig = ''
- options drbd usermode_helper=/run/current-system/sw/bin/drbdadm
- '';
- services.udev.packages = [ pkgs.drbd ];
- boot.kernelModules = [ "drbd" ];
- environment.systemPackages = [
- pkgs.drbd
- (pkgs.writers.writeDashBin "drbd-change-nodeid" ''
- #
- set -efux
- if [ "$#" -ne 2 ]; then
- echo '$1 needs to be drbd volume name'
- echo '$2 needs to be new node id'
- exit 1
- fi
- TMPDIR=$(mktemp -d)
- trap 'rm -rf $TMPDIR' EXIT
- V=$1
- NODE_TO=$2
- ${pkgs.drbd}/bin/drbdadm -- --force dump-md $V > "$TMPDIR"/md_orig.txt
- NODE_FROM=$(cat "$TMPDIR"/md_orig.txt | ${pkgs.gnused}/bin/sed -n 's/^node-id \(.*\);$/\1/p')
- ${pkgs.gnused}/bin/sed -e "s/node-id $NODE_FROM/node-id $NODE_TO/" \
- -e "s/^peer.$NODE_FROM. /peer-NEW /" \
- -e "s/^peer.$NODE_TO. /peer[$NODE_FROM] /" \
- -e "s/^peer-NEW /peer[$NODE_TO] /" \
- < "$TMPDIR"/md_orig.txt > "$TMPDIR"/md.txt
- drbdmeta --force $(drbdadm sh-minor $V) v09 $(drbdadm sh-md-dev $V) $META_DATA_LOCATION restore-md "$TMPDIR"/md.txt
- '')
- ];
- networking.firewall.allowedTCPPorts = map (device: device.port) (lib.attrValues cfg);
- = lib.mapAttrs' (_: device:
- lib.nameValuePair "drbd-${}" {
- after = [ "systemd-udev.settle.service" "" "retiolum.service" ];
- wants = [ "systemd-udev.settle.service" ];
- wantedBy = [ "" ];
- serviceConfig = {
- RemainAfterExit = true;
- ExecStart = pkgs.writers.writeDash "start-drbd-${}" ''
- set -efux
- mkdir -p /var/lib/sync-containers2
- ${lib.optionalString (device.disk == "/dev/loop${toString device.blockMinor}") ''
- if ! test -e /var/lib/sync-containers2/${}.disk; then
- truncate -s 10G /var/lib/sync-containers2/${}.disk
- fi
- if ! ${pkgs.util-linux}/bin/losetup /dev/loop${toString device.blockMinor}; then
- ${pkgs.util-linux}/bin/losetup /dev/loop${toString device.blockMinor} /var/lib/sync-containers2/${}.disk
- fi
- ''}
- if ! ${pkgs.drbd}/bin/drbdadm adjust ${}; then
- ${pkgs.drbd}/bin/drbdadm down ${}
- ${pkgs.drbd}/bin/drbdadm create-md ${}/0 --max-peers 31
- ${pkgs.drbd}/bin/drbdadm up ${}
- fi
- '';
- ExecStop = pkgs.writers.writeDash "stop-drbd-${}" ''
- set -efux
- ${pkgs.drbd}/bin/drbdadm -c ${device.drbdConfig} down ${}
- ${lib.optionalString (device.disk == "/dev/loop${toString device.blockMinor}") ''
- ${pkgs.util-linux}/bin/losetup -d /dev/loop${toString device.blockMinor}
- ''}
- '';
- };
- }
- ) cfg;
- environment.etc."drbd.conf".text = ''
- global {
- usage-count yes;
- }
- ${lib.concatMapStrings (device: /* shell */ ''
- include ${device.drbdConfig};
- '') (lib.attrValues cfg)}
- '';
- };
diff --git a/lass/3modules/folderPerms.nix b/lass/3modules/folderPerms.nix
deleted file mode 100644
index bb0320327..000000000
--- a/lass/3modules/folderPerms.nix
+++ /dev/null
@@ -1,104 +0,0 @@
-{ config, lib, pkgs, ... }:
-#TODO: implement recursive mode maybe?
-# enable different mods for files and folders
- inherit (pkgs)
- writeScript
- ;
- inherit (lib)
- concatMapStringsSep
- concatStringsSep
- mkEnableOption
- mkIf
- mkOption
- types
- ;
- cfg = config.lass.folderPerms;
- out = {
- options.lass.folderPerms = api;
- config = mkIf cfg.enable imp;
- };
- api = {
- enable = mkEnableOption "folder permissions";
- permissions = mkOption {
- type = with types; listOf (submodule ({
- options = {
- path = mkOption {
- type = str;
- };
- permission = mkOption {
- type = nullOr str;
- example = "755";
- description = ''
- basically anything that chmod takes as permission
- '';
- default = null;
- };
- owner = mkOption {
- type = nullOr str;
- example = "root:root";
- description = ''
- basically anything that chown takes as owner
- '';
- default = null;
- };
- };
- }));
- };
- };
- imp = {
- = {
- description = "lass-folderPerms";
- wantedBy = [ "" ];
- path = with pkgs; [
- coreutils
- ];
- restartIfChanged = true;
- serviceConfig = {
- type = "simple";
- RemainAfterExit = true;
- Restart = "always";
- ExecStart = "@${startScript}";
- };
- };
- };
- startScript = writeScript "lass-folderPerms" ''
- ${concatMapStringsSep "\n" writeCommand cfg.permissions}
- '';
- writeCommand = fperm:
- concatStringsSep "\n" [
- (buildPermission fperm)
- (buildOwner fperm)
- ];
- buildPermission = perm:
- #TODO: create folder maybe
- #TODO: check if permission is valid
- if (perm.permission == null) then
- ""
- else
- "chmod ${perm.permission} ${perm.path}"
- ;
- buildOwner = perm:
- #TODO: create folder maybe
- #TODO: check if owner/group valid
- if (perm.owner == null) then
- ""
- else
- "chown ${perm.owner} ${perm.path}"
- ;
-in out
diff --git a/lass/3modules/hosts.nix b/lass/3modules/hosts.nix
deleted file mode 100644
index 37cbf3ed3..000000000
--- a/lass/3modules/hosts.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, ... }:
-with import <stockholm/lib>;
- options.lass.hosts = mkOption {
- type = types.attrsOf;
- default =
- filterAttrs (_: host: == "lass" &&
- config.krebs.hosts;
- };
diff --git a/lass/3modules/klem.nix b/lass/3modules/klem.nix
deleted file mode 100644
index 8536d967d..000000000
--- a/lass/3modules/klem.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-{ config, pkgs, ... }: with import <stockholm/lib>; let
- cfg = config.lass.klem;
-in {
- options.lass.klem = mkOption {
- default = {};
- type = types.attrsOf (types.submodule ({ config, ...}: {
- options = {
- target = mkOption {
- default = ".*";
- description = ''
- regex of valid targets
- can be shown with xclip -selection clipboard -t TARGETS
- the first hit is taken as target argument
- '';
- type = types.str;
- };
- script = mkOption {
- description = ''
- file to run if entry is selected
- '';
- type = types.path;
- };
- label = mkOption {
- default =;
- description = ''
- label to show in dmenu for this script
- '';
- type = types.str;
- };
- };
- }));
- };
- config = let
- klem = pkgs.writers.writeDashBin "klem" ''
- set -x
- labels=""
- # match filetype against patterns
- ${concatMapStringsSep "\n" (script: ''
- ${pkgs.xclip}/bin/xclip -selection clipboard -target TARGETS -out \
- | ${pkgs.gnugrep}/bin/grep -q '${}'
- if [ $? -eq 0 ]; then
- labels="$labels:${script.label}"
- fi
- '') (attrValues cfg)}
- #remove empty line, feed into dmenu
- script=$(echo "$labels" \
- | ${pkgs.gnused}/bin/sed 's/^://;s/:/\n/g' \
- | ${pkgs.dmenu}/bin/dmenu)
- #run the chosen script
- case $script in
- ${concatMapStringsSep "\n" (script: indent ''
- ${script.label})
- target=$(${pkgs.xclip}/bin/xclip -selection clipboard -target TARGETS -out \
- | ${pkgs.gnugrep}/bin/grep '${}' \
- | ${pkgs.gnugrep}/bin/grep -v TARGETS \
- | ${pkgs.coreutils}/bin/head -1)
- ${pkgs.xclip}/bin/xclip -selection clipboard -target "$target" -out \
- | ${script.script} \
- | ${pkgs.xclip}/bin/xclip -selection clipboard -in
- ;;
- '') (attrValues cfg)}
- esac
- '';
- in mkIf (cfg != {}) {
- environment.systemPackages = [ klem ];
- nixpkgs.overlays = [
- (self: super: {
- klem = klem;
- })
- ];
- };
diff --git a/lass/3modules/mysql-backup.nix b/lass/3modules/mysql-backup.nix
deleted file mode 100644
index 516f96c34..000000000
--- a/lass/3modules/mysql-backup.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
- cfg = config.lass.mysqlBackup;
- out = {
- options.lass.mysqlBackup = api;
- config = mkIf cfg.enable imp;
- };
- api = {
- enable = mkEnableOption "mysqlBackup";
- config = mkOption {
- type = with types; attrsOf (submodule ({ config, ... }: {
- options = {
- name = mkOption {
- type = types.str;
- default =;
- };
- startAt = mkOption {
- type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
- default = "*-*-* 01:15:00";
- };
- user = mkOption {
- type = str;
- default = "root";
- };
- password = mkOption {
- type = nullOr str;
- default = null;
- description = ''
- path to a file containing the mysqlPassword for the specified user.
- '';
- };
- databases = mkOption {
- type = listOf str;
- default = [];
- };
- location = mkOption {
- type = str;
- default = "/backups/sql_dumps";
- };
- };
- }));
- description = "configuration for mysqlBackup";
- };
- };
- imp = {
- services.mysql.ensureUsers = [
- { ensurePermissions = { "*.*" = "ALL"; }; name = "root"; }
- ];
- =
- mapAttrs' (_: plan: nameValuePair "mysqlBackup-${}" {
- path = with pkgs; [
- mysql
- gzip
- ];
- serviceConfig = rec {
- ExecStart = start plan;
- SyslogIdentifier =;
- Type = "oneshot";
- User = plan.user;
- };
- startAt = plan.startAt;
- }) cfg.config;
- };
- start = plan: let
- backupScript = plan: db: ''
- mkdir -p ${plan.location}
- mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz
- '';
- in pkgs.pkgs.writeDash "mysqlBackup.${}" ''
- ${concatMapStringsSep "\n" (backupScript plan) plan.databases}
- '';
-in out
diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix
deleted file mode 100644
index b6061736c..000000000
--- a/lass/3modules/news.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- cfg =;
- out = {
- = api;
- config = lib.mkIf cfg.enable imp;
- };
- api = {
- enable = mkEnableOption "news";
- feeds = mkOption {
- type = types.listOf (types.submodule { options = {
- nick = mkOption {
- type = types.str;
- };
- feedurl = mkOption {
- type = types.str;
- };
- interval = mkOption {
- type =;
- default = 1000;
- };
- channels = mkOption {
- type = types.listOf types.str;
- };
- };});
- };
- user = mkOption {
- type = types.user;
- default = {
- name = "news";
- home = "/var/lib/news";
- };
- };
- ircServer = mkOption {
- type = types.str;
- default = "localhost";
- description = "to which server the bot should connect";
- };
- };
- imp = {
- users.users.${} = {
- inherit (cfg.user) home name uid;
- createHome = true;
- };
- = listToAttrs (map (feed:
- nameValuePair "news-${feed.nick}" {
- wantedBy = [ "" ];
- after = [ "" ];
- serviceConfig = {
- SyslogIdentifier = "news-${feed.nick}";
- User =;
- PrivateTmp = true;
- Restart = "always";
- ExecStart = pkgs.writeDash "news-${feed.nick}" ''
- ${}/bin/news '${feed.feedurl}' '${toString feed.interval}' \
- | ${pkgs.goify}/bin/goify \
- | while :; do
- ${pkgs.haskellPackages.kirk}/bin/ircout --nick '${feed.nick}' --host '${cfg.ircServer}' \
- \${concatStringsSep " \\" feed.channels}
- done
- '';
- };
- }
- ) cfg.feeds);
- };
-in out
diff --git a/lass/3modules/nichtparasoup.nix b/lass/3modules/nichtparasoup.nix
deleted file mode 100644
index c18c942d1..000000000
--- a/lass/3modules/nichtparasoup.nix
+++ /dev/null
@@ -1,161 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- options.lass.nichtparasoup = {
- enable = mkEnableOption "nichtparasoup funny image page";
- config = mkOption {
- type = types.str;
- default = ''
- [General]
- Port: 5001
- IP:
- Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25
- [Cache]
- Images_min_limit: 15
- [Logging]
- ;; possible destinations: file syslog
- Destination: syslog
- Verbosity: ERROR
- [Sites]
- SoupIO: everyone
- Pr0gramm: new,top
- Reddit: ${lib.concatStringsSep "," [
- "2healthbars"
- "abandonedporn"
- "animalsbeingderps"
- "ANormalDayInRussia"
- "assholedesign"
- "AwesomeOffBrands"
- "bizarrebuildings"
- "bonehurtingjuice"
- "boottoobig"
- "bossfight"
- "bravofotogeschichten"
- "breathinginformation"
- "buddhistmemes"
- "cablefail"
- "cableporn"
- "catastrophicfailure"
- "chairsunderwater"
- "clevercomebacks"
- "confusingperspective"
- "conni"
- "crappydesign"
- "cursedcomments"
- "desirepath"
- "doenerverbrechen"
- "dontdeadopeninside"
- "educationalgifs"
- "EngineeringPorn"
- "eyebleach"
- "forbiddensnacks"
- "funnyanimals"
- "gifs"
- "Gittertiere"
- "goodboomerhumor"
- "grssk"
- "halthoch"
- "hmm"
- "hmmm"
- "holdmybeer"
- "holup"
- "iamatotalpieceofshit"
- "ichbin40undlustig"
- "idiotsincars"
- "illegallysmolcats"
- "infokriegerkutschen"
- "instagramreality"
- "instant_regret"
- "itrunsdoom"
- "itsaunixsystem"
- "kamikazebywords"
- "keming"
- "kidsarefuckingstupid"
- "kitchenconfidential"
- "laughingbuddha"
- "LiminalSpace"
- "loadingicon"
- "MachinePorn"
- "mallninjashit"
- "michaelbaygifs"
- "mildlyinfuriating"
- "miscatculations"
- "natureisfuckinglit"
- "nononoyesno"
- "notinteresting"
- "notliketheothergirls"
- "oddlysatisfying"
- "ofcoursethatsathing"
- "okbuddylinux"
- "OSHA"
- "PeopleFuckingDying"
- "Perfectfit"
- "perfectloops"
- "PerfectTiming"
- "picsofunusualbirds"
- "PixelArt"
- "pizzacrimes"
- "prequelmemes"
- "Prisonwallet"
- "reactiongifs"
- "RealFakeDoors"
- "reallifedoodles"
- "RetroFuturism"
- "robotsbeingjerks"
- "SchizophreniaRides"
- "scriptedasiangifs"
- "shitposting"
- "shittyfoodporn"
- "shittyrobots"
- "softwaregore"
- "specializedtools"
- "spicypillows"
- "StallmanWasRight"
- "startledcats"
- "startrekstabilized"
- "stupidfood"
- "techsupportgore"
- "thathappened"
- "ThingsCutInHalfPorn"
- "totallynotrobots"
- "trippinthroughtime"
- "Unexpected"
- "urbanexploration"
- "wasletztepreis"
- "wellthatsucks"
- "wertekinder"
- "wewantplates"
- "whatcouldgowrong"
- "whatsthisbug"
- "whatsthisplant"
- "whatswrongwithyourdog"
- "whenthe"
- "yesyesyesyesno"
- "youseeingthisshit"
- ]}
- NineGag: geeky,wtf,hot,trending
- Instagram: nature,wtf
- Fourchan: sci
- '';
- };
- };
- config = mkIf config.lass.nichtparasoup.enable {
- = {
- description = "nichtparasoup";
- after = [ "" ];
- wantedBy = [ "" ];
- restartIfChanged = true;
- serviceConfig = {
- Restart = "always";
- ExecStart = "${pkgs.nichtparasoup}/bin/nichtparasoup -c ${pkgs.writeText "config.ini"config.lass.nichtparasoup.config}";
- };
- };
- };
diff --git a/lass/3modules/pyload.nix b/lass/3modules/pyload.nix
deleted file mode 100644
index 6f29ffb17..000000000
--- a/lass/3modules/pyload.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- cfg = config.lass.pyload;
- out = {
- options.lass.pyload = api;
- config = lib.mkIf cfg.enable imp;
- };
- api = {
- enable = mkEnableOption "pyload";
- user = mkOption {
- type = types.str;
- default = "download";
- };
- };
- imp = {
- krebs.per-user.${cfg.user}.packages = [
- pkgs.pyload
- pkgs.spidermonkey
- pkgs.tesseract
- ];
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 9099"; target = "ACCEPT"; }
- ];
- = {
- description = "pyload";
- after = [ "" ];
- wantedBy = [ "" ];
- path = with pkgs; [
- pyload
- spidermonkey
- tesseract
- dnsmasq
- ];
- restartIfChanged = true;
- serviceConfig = {
- Restart = "always";
- ExecStart = "${pkgs.pyload}/bin/pyLoadCore";
- User = cfg.user;
- };
- };
- };
-in out
diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix
deleted file mode 100644
index b5c69b65a..000000000
--- a/lass/3modules/screenlock.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ pkgs, config, ... }:
-with import <stockholm/lib>;
- cfg = config.lass.screenlock;
- out = {
- options.lass.screenlock = api;
- config = mkIf cfg.enable imp;
- };
- api = {
- enable = mkEnableOption "screenlock";
- command = mkOption {
- type = types.path;
- default = pkgs.writeDash "screenlock" ''
- ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1
- sleep 3
- '';
- };
- };
- imp = {
- = {
- before = [ "" ];
- requiredBy = [ "" ];
- environment = {
- DISPLAY = ":${toString}";
- };
- serviceConfig = {
- SyslogIdentifier = "screenlock";
- ExecStart = cfg.command;
- Type = "simple";
- User = "lass";
- };
- };
- };
-in out
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
deleted file mode 100644
index 094d37a36..000000000
--- a/lass/3modules/usershadow.nix
+++ /dev/null
@@ -1,139 +0,0 @@
-{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
- cfg = config.lass.usershadow;
- out = {
- options.lass.usershadow = api;
- config = lib.mkIf cfg.enable imp;
- };
- api = {
- enable = mkEnableOption "usershadow";
- pattern = mkOption {
- type = types.str;
- default = "/home/%/.shadow";
- };
- path = mkOption {
- type = types.str;
- };
- };
- imp = {
- environment.systemPackages = [ usershadow ];
- lass.usershadow.path = "${usershadow}";
- = ''
- auth required expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
- auth required
- account required
- session required
- '';
- = ''
- auth required expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
- auth required
- account required
- session required
- '';
- security.wrappers.shadow_verify_pam = {
- setuid = true;
- source = "${usershadow}/bin/verify_pam";
- owner = "root";
- group = "root";
- };
- security.wrappers.shadow_verify_arg = {
- setuid = true;
- source = "${usershadow}/bin/verify_arg";
- owner = "root";
- group = "root";
- };
- };
- usershadow = let {
- deps = [
- "pwstore-fast"
- "bytestring"
- ];
- body = pkgs.writeHaskellPackage "passwords" {
- ghc-options = [
- "-rtsopts"
- "-Wall"
- ];
- executables.verify_pam = {
- extra-depends = deps;
- text = ''
- import System.IO
- import Data.Char (chr)
- import System.Environment (getEnv, getArgs)
- import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
- import qualified Data.ByteString.Char8 as BS8
- import System.Exit (exitFailure, exitSuccess)
- main :: IO ()
- main = do
- user <- getEnv "PAM_USER"
- shadowFilePattern <- head <$> getArgs
- let shadowFile = lhs <> user <> tail rhs
- (lhs, rhs) = span (/= '%') shadowFilePattern
- hash <- readFile shadowFile
- password <- takeWhile (/= (chr 0)) <$> hGetLine stdin
- let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
- if res then exitSuccess else exitFailure
- '';
- };
- executables.verify_arg = {
- extra-depends = deps;
- text = ''
- import System.Environment (getArgs)
- import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
- import qualified Data.ByteString.Char8 as BS8
- import System.Exit (exitFailure, exitSuccess)
- main :: IO ()
- main = do
- argsList <- getArgs
- let shadowFilePattern = argsList !! 0
- let user = argsList !! 1
- let password = argsList !! 2
- let shadowFile = lhs <> user <> tail rhs
- (lhs, rhs) = span (/= '%') shadowFilePattern
- hash <- readFile shadowFile
- let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
- if res then do (putStr "yes") else exitFailure
- '';
- };
- executables.passwd = {
- extra-depends = deps;
- text = ''
- import System.Environment (getEnv)
- import Crypto.PasswordStore (makePasswordWith, pbkdf2)
- import qualified Data.ByteString.Char8 as BS8
- import System.IO (stdin, stdout, hSetEcho, hFlush, putStr, putStrLn)
- import Control.Exception (bracket_)
- main :: IO ()
- main = do
- home <- getEnv "HOME"
- mb_password <- bracket_ (hSetEcho stdin False) (hSetEcho stdin True) $ do
- putStr "Enter new UNIX password: "
- hFlush stdout
- password <- BS8.hGetLine stdin
- putStrLn ""
- putStr "Retype new UNIX password: "
- hFlush stdout
- password2 <- BS8.hGetLine stdin
- return $ if password == password2
- then Just password
- else Nothing
- case mb_password of
- Just password -> do
- hash <- makePasswordWith pbkdf2 password 10
- BS8.writeFile (home ++ "/.shadow") hash
- putStrLn "passwd: all authentication tokens updated successfully."
- Nothing -> putStrLn "Sorry, passwords do not match"
- '';
- };
- };
- };
-in out
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
deleted file mode 100644
index 56943b7ac..000000000
--- a/lass/4lib/default.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ lib, ... }:
-with lib;
-rec {
- getDefaultGateway = ip:
- concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
diff --git a/lass/5pkgs/acronym/default.nix b/lass/5pkgs/acronym/default.nix
deleted file mode 100644
index 8380b220a..000000000
--- a/lass/5pkgs/acronym/default.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ pkgs, ... }:
-pkgs.writeScriptBin "acronym" ''
- #! ${pkgs.bash}/bin/bash
- acro=$1
- curl -L -s$acro.html \
- | grep 'class="result-list__body__rank"' \
- | sed '
- s/.*title="\([^"]*\)".*/\1/
- s/^.* - //
- s/&#39;/'\'''/g
- '
diff --git a/lass/5pkgs/autowifi b/lass/5pkgs/autowifi
deleted file mode 160000
-Subproject cf3ae8f6fe285eab67db4f36f9a3da3762c3531
diff --git a/lass/5pkgs/bank/default.nix b/lass/5pkgs/bank/default.nix
deleted file mode 100644
index 9f3a44d79..000000000
--- a/lass/5pkgs/bank/default.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ writeDashBin, coreutils, pass, hledger, diffutils }:
-writeDashBin "bank" ''
- tmp=$(mktemp)
- ${pass}/bin/pass show hledger > $tmp
- ${hledger}/bin/hledger --file=$tmp "$@"
- ${pass}/bin/pass show hledger | if ${diffutils}/bin/diff $tmp -; then
- exit 0
- else
- ${coreutils}/bin/cat $tmp | ${pass}/bin/pass insert -m hledger
- fi
- ${coreutils}/bin/rm $tmp
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
deleted file mode 100644
index 6fa93e146..000000000
--- a/lass/5pkgs/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-self: super: let
- lib = super.lib;
- # This callPackage will try to detect obsolete overrides.
- callPackage = path: args: let
- override = super.callPackage path args;
- upstream = lib.optionalAttrs (override ? "name")
- (super.${(builtins.parseDrvName} or {});
- in if upstream ? "name" &&
- override ? "name" &&
- builtins.compareVersions != -1
- then
- builtins.trace
- "Upstream `${}' gets overridden by `${}'."
- override
- else override;
- subdirsOf = path:
- lib.mapAttrs (name: _: path + "/${name}")
- (lib.filterAttrs (_: x: x == "directory") (builtins.readDir path));
-in lib.mapAttrs (_: lib.flip callPackage {})
- (lib.filterAttrs (_: dir: lib.pathExists (dir + "/default.nix"))
- (subdirsOf ./.))
diff --git a/lass/5pkgs/deploy/default.nix b/lass/5pkgs/deploy/default.nix
deleted file mode 100644
index c07cf20d1..000000000
--- a/lass/5pkgs/deploy/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ writers }:
-writers.writeDashBin "deploy" ''
- set -eu
- export SYSTEM="$1"
- $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
diff --git a/lass/5pkgs/drbd9/default.nix b/lass/5pkgs/drbd9/default.nix
deleted file mode 100644
index 34ef0f564..000000000
--- a/lass/5pkgs/drbd9/default.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ lib, stdenv, git, fetchzip, fetchFromGitHub, kernel }: let
- version = "9.1.7";
-in stdenv.mkDerivation {
- pname = "drbd";
- version = "${kernel.version}-${version}";
- src = fetchzip {
- url = "";
- sha256 = "sha256-JsbtOrqhZkG7tFEc6tDmj3RlxZggl0HOKfCI8lYtQok=";
- };
- # src = fetchFromGitHub {
- # owner = "LINBIT";
- # repo = "drbd";
- # rev = "drbd-${version}";
- # sha256 = "sha256-8HAt+k0yi6XsZZ9mkVCQkv2pn65o3Zsa0KwTSBJh0yY=";
- # leaveDotGit = true;
- # };
- nativeBuildInputs = [ git ] ++ kernel.moduleBuildDependencies;
- # hardeningDisable = [ "pic" ];
- makeFlags = kernel.makeFlags ++ [
- "KDIR=${}/lib/modules/${kernel.modDirVersion}/build"
- ];
- installPhase = ''
- install -D drbd/drbd.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/"
- install -D drbd/drbd_transport_tcp.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/"
- '';
- enableParallelBuilding = true;
diff --git a/lass/5pkgs/emot-menu/default.nix b/lass/5pkgs/emot-menu/default.nix
deleted file mode 100644
index 3ce635dac..000000000
--- a/lass/5pkgs/emot-menu/default.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let
- emoticons = writeText "emoticons" ''
-¯\(°_o)/¯ | dunno lol shrug dlol
-¯\_(ツ)_/¯ | dunno lol shrug dlol
-( ͡° ͜ʖ ͡°) | lenny
-¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol
-( ゚д゚) | aaah sad noo
-ヽ(^o^)丿 | hi yay hello
-(^o^; | ups hehe
-(^∇^) | yay
-┗(`皿´)┛ | angry argh
-ヾ(^_^) byebye!! | bye
-<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance
-(-.-)Zzz... | sleep
-(∩╹□╹∩) | oh noes woot
-™ | tm
-ζ | zeta
-(╯°□°)╯ ┻━┻ | table flip
-(」゜ロ゜)」 | why woot
-(_゜_゜_) | gloom I see you
-༼ ༎ຶ ෴ ༎ຶ༽ | sad
-(\/) (°,,,,°) (\/) | krebs
- '';
-writeDashBin "emoticons" ''
- set -efu
- data=$(${coreutils}/bin/cat ${emoticons})
- emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//')
- ${xdotool}/bin/xdotool type --clearmodifiers -- "$emoticon"
- exit 0
diff --git a/lass/5pkgs/firefoxPlugins/noscript.nix b/lass/5pkgs/firefoxPlugins/noscript.nix
deleted file mode 100644
index 67a00a1b2..000000000
--- a/lass/5pkgs/firefoxPlugins/noscript.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ fetchgit, stdenv, bash, zip }:
-stdenv.mkDerivation rec {
- name = "noscript";
- id = "{73a6fe31-595d-460b-a920-fcc0f8843232}";
- src = fetchgit {
- url = "";
- rev = "c900a079793868bb080ab1e23522d29dc121b4c6";
- sha256 = "1y06gh5a622yrsx0h7v92qnvdi97i54ln09zc1lvk8x430z5bdly";
- };
- buildInputs = [ zip ];
- patchPhase = ''
- substituteInPlace "" \
- --replace "/bin/bash" "${bash}/bin/bash"
- '';
- buildPhase = ''
- ./
- '';
- installPhase = ''
- mkdir -p $out/
- cp *.xpi $out/${id}.xpi
- '';
diff --git a/lass/5pkgs/firefoxPlugins/ublock.nix b/lass/5pkgs/firefoxPlugins/ublock.nix
deleted file mode 100644
index 29ef250e8..000000000
--- a/lass/5pkgs/firefoxPlugins/ublock.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ fetchgit, stdenv, bash, python, zip }:
-stdenv.mkDerivation rec {
- name = "ublock";
- id = "{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}";
- src = fetchgit {
- url = "";
- rev = "a70a50052a7914cbf86d46a725812b98434d8c70";
- sha256 = "1qfzy79f8x01i33x0m95k833z1jgxjwb8wvlr6fj6id1kxfvzh77";
- };
- buildInputs = [
- zip
- python
- ];
- patchPhase = ''
- substituteInPlace "tools/" \
- --replace "/bin/bash" "${bash}/bin/bash"
- '';
- buildPhase = ''
- tools/ all
- '';
- installPhase = ''
- mkdir -p $out/
- cp dist/build/uBlock.firefox.xpi $out/${id}.xpi
- '';
diff --git a/lass/5pkgs/firefoxPlugins/vimperator.nix b/lass/5pkgs/firefoxPlugins/vimperator.nix
deleted file mode 100644
index dabef3d20..000000000
--- a/lass/5pkgs/firefoxPlugins/vimperator.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ fetchgit, stdenv, zip }:
-stdenv.mkDerivation rec {
- name = "vimperator";
- id = "";
- src = fetchgit {
- url = "";
- rev = "ba7d8e72516fdc22246748c8183d7bc90f6fb073";
- sha256 = "0drz67qm5hxxzw699rswlpjkg4p2lfipx119pk1nyixrqblcsvq2";
- };
- buildInputs = [ zip ];
- installPhase = ''
- mkdir -p $out/
- cp downloads/vimperator*.xpi $out/${id}.xpi
- '';
diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix
deleted file mode 100644
index ee49951b1..000000000
--- a/lass/5pkgs/init/default.nix
+++ /dev/null
@@ -1,107 +0,0 @@
-{ pkgs, lib, vgname ? "vgname", luksmap ? "luksmap", ... }:
-with lib;
-pkgs.writeScriptBin "init" ''
- #!/usr/bin/env nix-shell
- #! nix-shell -i bash -p cryptsetup gptfdisk jq libxfs
- set -xefuo pipefail
- disk=$1
- if mount | grep -q "$disk"; then
- echo "target device is already mounted, bailout"
- exit 2
- fi
- bootdev="$disk"2
- luksdev="$disk"3
- luksmap=/dev/mapper/${luksmap}
- vgname=${vgname}
- rootdev=/dev/mapper/${vgname}-root
- homedev=/dev/mapper/${vgname}-home
- read -p "LUKS Password: " lukspw
- #
- # partitioning
- #
- #
- # undo:
- # dd if=/dev/zero bs=512 count=34 of=/dev/sda
- # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
- if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
- sgdisk -og "$disk"
- sgdisk -n 1:2048:4095 -c 1:"BIOS Boot Partition" -t 1:ef02 "$disk"
- sgdisk -n 2:4096:+1G -c 2:"EFI System Partition" -t 2:ef00 "$disk"
- sgdisk -n 3:0:0 -c 3:"LUKS container" -t 3:8300 "$disk"
- fi
- if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = "LUKS container"; then
- echo zonk2
- exit 23
- fi
- if ! cryptsetup isLuks "$luksdev"; then
- # aes xts-plain64
- echo -n "$lukspw" | cryptsetup luksFormat "$luksdev" - \
- -h sha512 \
- --iter-time 5000
- fi
- if ! test -e "$luksmap"; then
- echo "$lukspw" | cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" -
- fi
- if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
- pvcreate "$luksmap"
- fi
- if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
- lvchange -a y /dev/mapper/"$vgname"
- if ! test -e "$rootdev"; then lvcreate -L 3G -n root "$vgname"; fi
- #
- # formatting
- #
- if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
- mkfs.vfat "$bootdev"
- fi
- if ! test "$(blkid -o value -s TYPE "$rootdev")" = xfs; then
- mkfs.xfs "$rootdev"
- fi
- if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
- mkdir -p /mnt
- mount "$rootdev" /mnt
- fi
- if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
- mkdir -m 0000 -p /mnt/boot
- mount "$bootdev" /mnt/boot
- fi
- #
- # dependencies for stockholm
- #
- # TODO: get sentinal file from target_path
- mkdir -p /mnt/var/src
- touch /mnt/var/src/.populate
- #
- # print all the infos
- #
- gdisk -l "$disk"
- lsblk "$disk"
- echo READY.
diff --git a/lass/5pkgs/init/ b/lass/5pkgs/init/
deleted file mode 100755
index 13914ad5f..000000000
--- a/lass/5pkgs/init/
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p nixos-generators
-set -efu
-WD=$(dirname "$0")
-nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run
diff --git a/lass/5pkgs/init/test.nix b/lass/5pkgs/init/test.nix
deleted file mode 100644
index e76e7e009..000000000
--- a/lass/5pkgs/init/test.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, lib, pkgs, ... }:
- virtualisation.emptyDiskImages = [
- 8000
- ];
- virtualisation.memorySize = 1500;
- boot.tmpOnTmpfs = true;
- environment.systemPackages = [
- (pkgs.callPackage ./default.nix {})
- ];
- services.mingetty.autologinUser = lib.mkForce "root";
diff --git a/lass/5pkgs/init/ b/lass/5pkgs/init/
deleted file mode 100755
index 0ceaa73ca..000000000
--- a/lass/5pkgs/init/
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p nixos-generators
-set -xefu
-WD=$(realpath $(dirname "$0"))
-TMPDIR=$(mktemp -d)
-cd "$TMPDIR"
-nixos-generate -c "$WD"/test.nix -f vm-nogui --run "$@"
-cd -
-rm -r "$TMPDIR"
diff --git a/lass/5pkgs/install-system/default.nix b/lass/5pkgs/install-system/default.nix
deleted file mode 100644
index 0e13265f6..000000000
--- a/lass/5pkgs/install-system/default.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeDashBin "install-system" ''
- set -efux
- # format
- if ! (sshn "$TARGET" -- mountpoint /mnt); then
- if ! (sshn "$TARGET" -- type -p nix); then
- nix run github:numtide/nixos-remote -- --stop-after-disko --store-paths "$(nix-build --no-out-link -I stockholm="$HOME"/sync/stockholm -I nixos-config="$HOME"/sync/stockholm/lass/1systems/"$SYSTEM"/physical.nix '<nixpkgs/nixos>' -A" /dev/null "$TARGET"
- else
- disko=$(nix-build -I stockholm=$HOME/sync/stockholm -I secrets=$HOME/sync/stockholm/lass/2configs/tests/dummy-secrets -I nixos-config=$HOME/sync/stockholm/lass/1systems/$SYSTEM/physical.nix '<nixpkgs/nixos>' -A
- NIX_SSHOPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' nix-copy-closure --to "$TARGET" "$disko"
- sshn -t "$TARGET" -- "$disko"
- fi
- fi
- # install dependencies
- sshn "$TARGET" << SSH
- if ! type -p git; then
- nix-channel --update
- nix-env -iA nixos.git
- fi
- # populate
- $(nix-build --no-out-link "$HOME"/sync/stockholm/lass/krops.nix -A populate --argstr name "$SYSTEM" --argstr target "$TARGET"/mnt/var/src --arg force true)
- # install
- sshn "$TARGET" << SSH
- NIXOS_CONFIG=/var/src/nixos-config nixos-install --no-root-password -I /mnt/var/src
- nixos-enter -- nixos-rebuild -I /var/src switch --install-bootloader
- umount -R /mnt
- zpool export -fa
diff --git a/lass/5pkgs/knav/default.nix b/lass/5pkgs/knav/default.nix
deleted file mode 100644
index 30d49a1b3..000000000
--- a/lass/5pkgs/knav/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ pkgs, ... }: let
- keynavrc = pkgs.writeText "keynavrc" ''
- clear
- Escape quit
- q record ~/.keynav_macros
- shift+at playback
- u history-back
- a cut-left
- s cut-down
- w cut-up
- d cut-right
- shift+a move-left
- shift+s move-down
- shift+w move-up
- shift+d move-right
- t windowzoom
- c cursorzoom 300 300
- e warp
- 1 click 1
- 2 click 2
- 3 click 3
- '';
-in pkgs.writeScriptBin "knav" ''
- ${pkgs.keynav}/bin/keynav "loadconfig ${keynavrc}, start"
diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix
deleted file mode 100644
index 27e59bb96..000000000
--- a/lass/5pkgs/l-gen-secrets/default.nix
+++ /dev/null
@@ -1,82 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeDashBin "l-gen-secrets" ''
- set -efu
- TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
- if [ "''${DRYRUN-n}" = "n" ]; then
- trap 'rm -rf $TMPDIR' EXIT
- else
- echo "$TMPDIR"
- set -x
- fi
- mkdir -p $TMPDIR/out
- PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
- HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
- # ssh
- ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
- ${pkgs.coreutils}/bin/mv $TMPDIR/ssh.id_ed25519 $TMPDIR/out/
- # tor
- ${pkgs.coreutils}/bin/timeout 1 ${pkgs.tor}/bin/tor --HiddenServiceDir $TMPDIR/tor --HiddenServicePort 1 --SocksPort 0 >/dev/null || :
- ${pkgs.coreutils}/bin/mv $TMPDIR/tor/hs_ed25519_secret_key $TMPDIR/out/ssh-tor.priv
- # tinc
- ${pkgs.coreutils}/bin/mkdir -p $TMPDIR/tinc
- ${pkgs.tinc_pre}/bin/tinc --config $TMPDIR/tinc generate-keys 4096 </dev/null
- ${pkgs.coreutils}/bin/mv $TMPDIR/tinc/ed25519_key.priv $TMPDIR/out/retiolum.ed25519_key.priv
- ${pkgs.coreutils}/bin/mv $TMPDIR/tinc/rsa_key.priv $TMPDIR/out/retiolum.rsa_key.priv
- # wireguard
- ${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/out/wiregrill.key
- ${pkgs.coreutils}/bin/cat $TMPDIR/out/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/
- # system passwords
- cat <<EOF > $TMPDIR/out/hashedPasswords.nix
- {
- root = "$HASHED_PASSWORD";
- mainUser = "$HASHED_PASSWORD";
- }
- set +f
- if [ "''${DRYRUN-n}" = "n" ]; then
- cd $TMPDIR/out
- for x in *; do
- ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null
- done
- echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null
- ${pkgs.coreutils}/bin/cat $TMPDIR/tor/hostname | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/torname > /dev/null
- fi
- set -f
- cat <<EOF
- { r6, w6, ... }:
- {
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.changeme";
- ip6.addr = r6 "changeme";
- aliases = [
- ];
- tinc.pubkey = ${"''"}
- $(cat $TMPDIR/tinc/ | sed 's/^/ /')
- ${"''"};
- tinc.pubkey_ed25519 = "$(cat $TMPDIR/tinc/ | ${pkgs.gnused}/bin/sed 's/.* = //')";
- };
- wiregrill = {
- ip6.addr = w6 "changeme";
- aliases = [
- ];
- wireguard.pubkey = ${"''"}
- $(cat $TMPDIR/
- ${"''"};
- };
- };
- ssh.pubkey = "$(cat $TMPDIR/";
- }
diff --git a/lass/5pkgs/logify/default.nix b/lass/5pkgs/logify/default.nix
deleted file mode 100644
index bca7e7971..000000000
--- a/lass/5pkgs/logify/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ curl, writeDashBin }:
-#usage: ping |& logify -I
-writeDashBin "logify" ''
- date_args=''${@:--Is}
- while read line; do echo $(date "$date_args") $line; done
diff --git a/lass/5pkgs/mk_sql_pair/default.nix b/lass/5pkgs/mk_sql_pair/default.nix
deleted file mode 100644
index 738a8daf6..000000000
--- a/lass/5pkgs/mk_sql_pair/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ pkgs, ... }:
-pkgs.writeScriptBin "mk_sql_pair" ''
- #!/bin/sh
- name=$1
- password=$2
- if [ $# -ne 2 ]; then
- echo '$1=name, $2=password'
- exit 23;
- fi
- cat <<EOF
- create database $name;
- create user $name;
- grant all on $name.* to $name@'localhost' identified by '$password';
diff --git a/lass/5pkgs/mpv-poll/default.nix b/lass/5pkgs/mpv-poll/default.nix
deleted file mode 100644
index ee191843e..000000000
--- a/lass/5pkgs/mpv-poll/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ pkgs, ... }:
-pkgs.writeScriptBin "mpv-poll" ''
- #! ${pkgs.bash}/bin/bash
- pl=$1
- hist=''${HISTORY:-"./mpv_history"}
- mpv_options=''${MPV_OPTIONS:-""}
- lastYT=""
- play_video () {
- toPlay=$1
- echo $toPlay >> $hist
- mpv $mpv_options $toPlay
- }
- if ! [ -e $hist ]; then
- touch $hist
- fi
- while :
- do
- if [ -s $pl ]; then
- toPlay=$(head -1 $pl)
- sed -i '1d' $pl
- if $(echo $toPlay | grep -Eq 'https?://(www.)?'); then
- lastYT=$toPlay
- fi
- play_video $toPlay
- else
- if [ -n "$lastYT" ]; then
- next=$(yt-next $lastYT)
- lastYT=$next
- play_video $next
- fi
- sleep 1
- fi
- done
diff --git a/lass/5pkgs/nichtparasoup/default.nix b/lass/5pkgs/nichtparasoup/default.nix
deleted file mode 100644
index fcff7ad54..000000000
--- a/lass/5pkgs/nichtparasoup/default.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ stdenv, pkgs, ... }:
- py = pkgs.python3Packages.python.withPackages (p: [
- p.werkzeug
- p.beautifulsoup4
- ]);
- src = pkgs.fetchFromGitHub {
- owner = "k4cg";
- repo = "nichtparasoup";
- rev = "c6dcd0d";
- sha256 = "10xy20bjdnd5bjv2hf6v5y5wi0mc9555awxkjqf57rk6ngc5w6ss";
- };
-in pkgs.writeDashBin "nichtparasoup" ''
- ${py}/bin/python ${src}/ "$@"
diff --git a/lass/5pkgs/nichtparasoup/exception.patch b/lass/5pkgs/nichtparasoup/exception.patch
deleted file mode 100644
index 34c177de0..000000000
--- a/lass/5pkgs/nichtparasoup/exception.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/ b/
-index 9da9a2b..833ca71 100755
---- a/
-+++ b/
-@@ -211,7 +211,7 @@ def cache_fill_loop():
- try:
- sources[crawler][site].crawl()
- info =
-- except Exception, e:
-+ except Exception as e:
- logger.error("Error in crawler %s - %s: %s" % (crawler, site, e))
- break
diff --git a/lass/5pkgs/nm-dmenu/default.nix b/lass/5pkgs/nm-dmenu/default.nix
deleted file mode 100644
index ff4ba1633..000000000
--- a/lass/5pkgs/nm-dmenu/default.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ pkgs, lib, ... }:
-pkgs.writeDashBin "nm-dmenu" ''
- export PATH=$PATH:${lib.makeBinPath [
- pkgs.dmenu
- pkgs.networkmanagerapplet
- pkgs.procps
- ]}
- exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
diff --git a/lass/5pkgs/otpmenu/default.nix b/lass/5pkgs/otpmenu/default.nix
deleted file mode 100644
index fffe47005..000000000
--- a/lass/5pkgs/otpmenu/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeDashBin "otpmenu" ''
-set -efux
-x=$(${pkgs.pass}/bin/pass git ls-files '*/otp.gpg' \
- | ${pkgs.gnused}/bin/sed 's:/otp\.gpg$::' \
- | ${pkgs.dmenu}/bin/dmenu
-otp=$(${(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))}/bin/pass otp code "$x/otp")
-printf %s "$otp" | ${pkgs.wtype}/bin/wtype -s 1 - || printf %s "$otp" | ${pkgs.xdotool}/bin/xdotool type -f -
diff --git a/lass/5pkgs/pop/default.nix b/lass/5pkgs/pop/default.nix
deleted file mode 100644
index cec22e3b1..000000000
--- a/lass/5pkgs/pop/default.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ pkgs, ... }:
-pkgs.writeScriptBin "pop" ''
- #! ${pkgs.bash}/bin/bash
- file=$1
- head -1 $file
- sed -i 1d $file
diff --git a/lass/5pkgs/q/default.nix b/lass/5pkgs/q/default.nix
deleted file mode 100644
index ae8a80266..000000000
--- a/lass/5pkgs/q/default.nix
+++ /dev/null
@@ -1,286 +0,0 @@
-{ pkgs, ... }:
- q-cal = let
- # XXX 23 is the longest line of cal's output
- pad = ''{
- ${pkgs.gnused}/bin/sed '
- # rtrim
- s/ *$//
- # delete last empty line
- ''${/^$/d}
- ' \
- | ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \
- | ${pkgs.gnused}/bin/sed '
- # colorize header
- 1,2s/.*/&/
- # colorize week number
- s/^[ 1-9][0-9]/&/
- '
- }'';
- in ''
- ${pkgs.coreutils}/bin/paste \
- <(${pkgs.utillinux}/bin/cal -mw \
- $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \
- | ${pad}
- ) \
- <(${pkgs.utillinux}/bin/cal -mw \
- | ${pkgs.gnused}/bin/sed '
- # colorize day of month
- s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/&/
- ' \
- | ${pad}
- ) \
- <(${pkgs.utillinux}/bin/cal -mw \
- $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \
- | ${pad}
- ) \
- | ${pkgs.gnused}/bin/sed 's/\t/ /g'
- '';
- q-isodate = ''
- ${pkgs.coreutils}/bin/date \
- '+%Y-%m-%dT%H:%M:%S%:z'
- '';
- q-gitdir = ''
- if test -d .git; then
- #git status --porcelain
- branch=$(
- ${pkgs.git}/bin/git branch \
- | ${pkgs.gnused}/bin/sed -rn 's/^\* (.*)/\1/p'
- )
- echo "± $LOGNAME@''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}:$PWD .git $branch"
- fi
- '';
- q-intel_backlight = ''
- cd /sys/class/backlight/intel_backlight
- </dev/null exec ${pkgs.gawk}/bin/awk '
- END {
- getline actual_brightness < "actual_brightness"
- getline max_brightness < "max_brightness"
- getline brightness < "brightness"
- printf "intel_backlight %d%% %d/%d\n" \
- , actual_brightness / max_brightness * 100 \
- , actual_brightness \
- , max_brightness
- }
- '
- '';
- q-power_supply = let
- power_supply = pkgs.writeBash "power_supply" ''
- set -efu
- uevent=$1
- eval "$(${pkgs.gnused}/bin/sed -n '
- s/^\([A-Z_]\+=[0-9A-Za-z_-]*\)$/export \1/p
- ' $uevent)"
- AC)
- exit # not battery
- ;;
- esac
- exec </dev/null
- exec ${pkgs.gawk}/bin/awk '
- function die(s) {
- printf "%s: %s\n", name, s
- exit 1
- }
- function print_hm(h, m) {
- m = (h - int(h)) * 60
- return sprintf("%dh%dm", h, m)
- }
- function print_bar(n, r, t1, t2, t_col) {
- t1 = int(r * n)
- t2 = n - t1
- if (r >= .42) t_col = "1;32"
- else if (r >= 23) t_col = "1;33"
- else if (r >= 11) t_col = "1;31"
- else t_col = "5;1;31"
- return sgr(t_col) strdup("■", t1) sgr(";30") strdup("■", t2) sgr()
- }
- function sgr(p) {
- return "\x1b[" p "m"
- }
- function strdup(s,n,t) {
- t = sprintf("%"n"s","")
- gsub(/ /,s,t)
- return t
- }
- END {
- charge_unit = "Ah"
- charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6
- charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6
- current_unit = "A"
- current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6
- energy_unit = "Wh"
- energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6
- energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
- power_unit = "W"
- power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6
- voltage_unit = "V"
- voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6
- voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6
- #printf "charge_now: %s\n", charge_now
- #printf "charge_full: %s\n", charge_full
- #printf "current_now: %s\n", current_now
- #printf "energy_now: %s\n", energy_now
- #printf "energy_full: %s\n", energy_full
- #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"]
- #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
- #printf "power_now: %s\n", power_now
- #printf "voltage_now: %s\n", voltage_now
- if (current_now == 0 && voltage_now != 0) {
- current_now = power_now / voltage_now
- }
- if (power_now == 0) {
- power_now = current_now * voltage_now
- }
- if (charge_now == 0 && voltage_min_design != 0) {
- charge_now = energy_now / voltage_min_design
- }
- if (energy_now == 0) {
- energy_now = charge_now * voltage_min_design
- }
- if (charge_full == 0 && voltage_min_design != 0) {
- charge_full = energy_full / voltage_min_design
- }
- if (energy_full == 0) {
- energy_full = charge_full * voltage_min_design
- }
- if (charge_now == 0 || charge_full == 0) {
- die("unknown charge")
- }
- charge_ratio = charge_now / charge_full
- out = out name
- out = out sprintf(" %s", print_bar(10, charge_ratio))
- out = out sprintf(" %d%", charge_ratio * 100)
- out = out sprintf(" %.2f%s", charge_now, charge_unit)
- if (current_now != 0) {
- out = out sprintf("/%.1f%s", current_now, current_unit)
- }
- out = out sprintf(" %d%s", energy_full, energy_unit)
- if (power_now != 0) {
- out = out sprintf("/%.1f%s", power_now, power_unit)
- }
- if (current_now != 0) {
- out = out sprintf(" %s", print_hm(charge_now / current_now))
- }
- print out
- }
- '
- '';
- in ''
- for uevent in /sys/class/power_supply/*/uevent; do
- ${power_supply} "$uevent" || :
- done
- '';
- q-virtualization = ''
- echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
- '';
- q-wireless = ''
- for dev in $(
- ${pkgs.iw}/bin/iw dev \
- | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
- ); do
- inet=$(${pkgs.iproute2}/bin/ip addr show $dev \
- | ${pkgs.gnused}/bin/sed -n '
- s/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p
- ') \
- || unset inet
- ssid=$(${pkgs.iw}/bin/iw dev $dev link \
- | ${pkgs.gnused}/bin/sed -n '
- s/.*\tSSID: \(.*\)/\1/p
- ') \
- || unset ssid
- echo "$dev''${inet+ $inet}''${ssid+ $ssid}"
- done
- '';
- q-online = ''
- if ${pkgs.curl}/bin/curl -s >/dev/null; then
- echo 'online'
- else
- echo offline
- fi
- '';
- q-thermal_zone = ''
- for i in /sys/class/thermal/thermal_zone*; do
- type=$(${pkgs.coreutils}/bin/cat $i/type)
- temp=$(${pkgs.coreutils}/bin/cat $i/temp)
- printf '%s %s°C\n' $type $(echo $temp / 1000 | ${pkgs.bc}/bin/bc)
- done
- '';
- q-todo = ''
- if test -e "$TODO_file"; then
- ${pkgs.coreutils}/bin/cat "$TODO_file" \
- | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) '
- BEGIN { print "remind=0" }
- /^[0-9]/{
- x = $1
- gsub(".", "\\\\&", x)
- rest = substr($0, index($0, " "))
- rest = $0
- sub(" *", "", rest)
- gsub(".", "\\\\&", rest)
- print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \
- echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \
- (( remind++ ))"
- }
- END { print "test $remind = 0 && echo \"nothing to remind\"" }
- ' \
- | {
- # bash needed for (( ... ))
- ${pkgs.bash}/bin/bash
- }
- else
- echo "$TODO_file: no such file or directory"
- fi
- '';
-# bash needed for <(...)
-pkgs.writeBashBin "q" ''
- set -eu
- export PATH=/var/empty
- (${q-todo}) || :
- if [ "$PWD" != "$HOME" ]; then
- (HOME=$PWD; ${q-todo}) || :
- fi
- echo
- ${q-cal}
- echo
- ${q-isodate}
- (${q-gitdir}) &
- (${q-intel_backlight}) &
- (${q-power_supply}) &
- (${q-virtualization}) &
- (${q-wireless}) &
- (${q-online}) &
- (${q-thermal_zone}) &
- wait
diff --git a/lass/5pkgs/review-mail-queue/default.nix b/lass/5pkgs/review-mail-queue/default.nix
deleted file mode 100644
index c8c66706c..000000000
--- a/lass/5pkgs/review-mail-queue/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ pkgs }: let
- review = pkgs.writers.writeBash "review-mail" ''
- mail="$1"
- ${pkgs.exim}/bin/exim -Mvc "$mail" | grep -E 'Subject:|To:'
- ${pkgs.exim}/bin/exim -Mvl "$mail"
- while :; do
- read -p 'delete?' key
- case "$key" in
- v*)
- ${pkgs.exim}/bin/exim -Mvc "$mail"
- ;;
- d*)
- ${pkgs.exim}/bin/exim -Mrm "$mail"
- break
- ;;
- r*)
- ${pkgs.exim}/bin/exim -Mt "$mail"
- break
- ;;
- n*)
- break
- ;;
- esac
- done
- echo '-------------------'
- echo '-------------------'
- echo '-------------------'
- echo '-------------------'
- echo '-------------------'
- '';
-in pkgs.writers.writeBashBin "review-mail" ''
- for mail in $(${pkgs.exim}/bin/exim -bp \
- | ${pkgs.gnugrep}/bin/grep frozen \
- | ${pkgs.gawk}/bin/awk '{print $3}'); do
- ${review} "$mail"
- done
diff --git a/lass/5pkgs/rs/default.nix b/lass/5pkgs/rs/default.nix
deleted file mode 100644
index 6b27908fb..000000000
--- a/lass/5pkgs/rs/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ pkgs, ... }:
-#TODO: get tab-completion working again
-pkgs.writeBashBin "rs" ''
- rsync -vaP --append-verify "$@"
diff --git a/lass/5pkgs/searx/default.nix b/lass/5pkgs/searx/default.nix
deleted file mode 100644
index e5ce5788a..000000000
--- a/lass/5pkgs/searx/default.nix
+++ /dev/null
@@ -1,69 +0,0 @@
-{ lib, nixosTests, python3, python3Packages, fetchFromGitHub, fetchpatch }:
-with python3Packages;
-toPythonModule (buildPythonApplication rec {
- pname = "searx";
- version = "1.0.0";
- # Can not use PyPI because certain test files are missing.
- src = fetchFromGitHub {
- owner = "searx";
- repo = "searx";
- rev = "v${version}";
- sha256 = "0ghkx8g8jnh8yd46p4mlbjn2zm12nx27v7qflr4c8xhlgi0px0mh";
- };
- postPatch = ''
- sed -i 's/==.*$//' requirements.txt
- '';
- preBuild = ''
- export SEARX_DEBUG="true";
- '';
- propagatedBuildInputs = [
- Babel
- certifi
- dateutil
- flask
- flaskbabel
- gevent
- grequests
- jinja2
- langdetect
- lxml
- ndg-httpsclient
- pyasn1
- pyasn1-modules
- pygments
- pysocks
- pytz
- pyyaml
- requests
- speaklater
- werkzeug
- ];
- # tests try to connect to network
- doCheck = false;
- # checkInputs = [
- # Babel mock nose2 covCore pep8 plone-testing splinter
- # unittest2 zope_testrunner selenium
- # ];
- postInstall = ''
- # Create a symlink for easier access to static data
- mkdir -p $out/share
- ln -s ../${python3.sitePackages}/searx/static $out/share/
- '';
- passthru.tests = { inherit (nixosTests) searx; };
- meta = with lib; {
- homepage = "";
- description = "A privacy-respecting, hackable metasearch engine";
- license = licenses.agpl3Plus;
- maintainers = with maintainers; [ matejc fpletz globin danielfullmer ];
- };
diff --git a/lass/5pkgs/sshify/default.nix b/lass/5pkgs/sshify/default.nix
deleted file mode 100644
index 445b9b4aa..000000000
--- a/lass/5pkgs/sshify/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ pkgs }:
-# usage: sshify prism.r -- curl
-pkgs.writers.writeBashBin "sshify" ''
- set -efu
- TMPDIR=$(mktemp -d)
- while [[ "$#" -gt 0 ]]; do
- case $1 in
- --)
- shift
- break
- ;;
- *)
- SSH_ARGS+=($1)
- ;;
- esac
- shift
- done
- if [[ "$#" -le 0 ]]; then
- echo no command specified
- exit 1
- fi
- RANDOM_HIGH_PORT=$(shuf -i 20000-65000 -n 1)
- cat << EOF >$TMPDIR/proxychains.conf
- [ProxyList]
- ssh -fNM -S "$TMPDIR/socket" -D "$RANDOM_HIGH_PORT" "''${SSH_ARGS[@]}"
- trap "ssh -S $TMPDIR/socket -O exit bla 2>/dev/null; rm -rf $TMPDIR >&2" EXIT
- ${pkgs.proxychains-ng}/bin/proxychains4 -q -f "$TMPDIR/proxychains.conf" "$@"
diff --git a/lass/5pkgs/sshvnc/default.nix b/lass/5pkgs/sshvnc/default.nix
deleted file mode 100644
index f66ed1b0d..000000000
--- a/lass/5pkgs/sshvnc/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeBashBin "sshvnc" ''
- set -xm
- RANDOM_HIGH_PORT=$(shuf -i 20000-65000 -n 1)
- ssh "$@" -f -L $RANDOM_HIGH_PORT:localhost:$RANDOM_HIGH_PORT -- x11vnc -noxdamage -noxfixes -noxrecord -display :0 -localhost -rfbport $RANDOM_HIGH_PORT
- sleep 3
- _JAVA_AWT_WM_NONREPARENTING=1 ${pkgs.turbovnc}/bin/vncviewer localhost:$RANDOM_HIGH_PORT
diff --git a/lass/5pkgs/sxiv/default.nix b/lass/5pkgs/sxiv/default.nix
deleted file mode 100644
index 04fc1c3f6..000000000
--- a/lass/5pkgs/sxiv/default.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ nsxiv, writers }:
-writers.writeDashBin "sxiv" ''
- set -efu
- tmpfile="''${TMPDIR:-/tmp}/nsxiv_pipe_$$"
- trap 'rm -f -- $tmpfile' EXIT
- if [ "$#" -eq 0 ]; then
- if [ -t 0 ]; then
- echo "sxiv: No arguments provided" >&2; exit 1
- else
- # Consume stdin and put it in the temporal file
- cat > "$tmpfile"
- fi
- fi
- for arg in "$@"; do
- # if it's a pipe then drain it to $tmpfile
- [ -p "$arg" ] && cat "$arg" > "$tmpfile"
- done
- if [ -s "$tmpfile" ]; then
- ${nsxiv}/bin/nsxiv -q "$@" "$tmpfile" # -q to silence warnings
- else
- ${nsxiv}/bin/nsxiv "$@" # fallback
- fi
diff --git a/lass/5pkgs/tdlib-purple/default.nix b/lass/5pkgs/tdlib-purple/default.nix
deleted file mode 100644
index d7937da58..000000000
--- a/lass/5pkgs/tdlib-purple/default.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ stdenv, pkgs, fetchFromGitHub, cmake, pidgin, libwebp, libtgvoip } :
- tdlib = stdenv.mkDerivation rec {
- version = "1.6.0";
- pname = "tdlib";
- src = fetchFromGitHub {
- owner = "tdlib";
- repo = "td";
- rev = "v${version}";
- sha256 = "0zlzpl6fgszg18kwycyyyrnkm255dvc6fkq0b0y32m5wvwwl36cv";
- };
- buildInputs = with pkgs; [ gperf openssl readline zlib ];
- nativeBuildInputs = [ pkgs.cmake ];
- };
-in stdenv.mkDerivation rec {
- pname = "tdlib-purple";
- version = "0.7.8";
- src = fetchFromGitHub {
- owner = "ars3niy";
- repo = pname;
- rev = "v${version}";
- sha256 = "17g54mcxsidcx37l6m4p8i06ln1hvq3347dhdl9xkkn7pqpwvv1c";
- };
- cmakeFlags = [
- "-Dtgvoip_INCLUDE_DIRS=${}/include/tgvoip"
- ];
- nativeBuildInputs = [ cmake ];
- buildInputs = [ pidgin tdlib libwebp libtgvoip ];
- installPhase = ''
- mkdir -p $out/lib/purple-2/
- cp *.so $out/lib/purple-2/
- '';
- meta = with stdenv.lib; {
- homepage = "";
- description = "New libpurple plugin for Telegram";
- license = licenses.gpl2;
- maintainers = [ maintainers.lassulus ];
- platforms = platforms.linux;
- };
diff --git a/lass/5pkgs/unimenu/default.nix b/lass/5pkgs/unimenu/default.nix
deleted file mode 100644
index cf2a15277..000000000
--- a/lass/5pkgs/unimenu/default.nix
+++ /dev/null
@@ -1,101 +0,0 @@
- lib,
- runCommand,
- fetchurl,
- writeText,
- writers,
- coreutils,
- dmenu,
- gnused,
- libnotify,
- xclip,
- xdotool,
- gawk,
-}: let
- unicode-file = runCommand "unicode.txt" {} ''
- ${
- writers.writePython3 "" {flakeIgnore = ["E501" "E722"];} ''
- import csv
- with open("${
- fetchurl {
- url = "";
- sha256 = "sha256-NgGOaGV/3LNIX2NmMP/oyFMuAcl3cD0oA/W4nWxf6vs=";
- }
- }", "r") as unicode_data:
- reader = csv.reader(unicode_data, delimiter=";")
- next(reader) # skip first row containing \0
- for row in reader:
- codepoint = row[0]
- name = row[1]
- alternate_name = row[10]
- try:
- print(chr(int(codepoint, 16)), codepoint, name, alternate_name, sep=" ")
- except:
- continue
- ''
- } > $out
- '';
- kaomoji-file = writeText "kaomoji.txt" ''
- ¯\(°_o)/¯ dunno lol shrug dlol
- ¯\_(ツ)_/¯ dunno lol shrug dlol
- ( ͡° ͜ʖ ͡°) lenny
- ¯\_( ͡° ͜ʖ ͡°)_/¯ lenny shrug dlol
- ( ゚д゚) aaah sad noo
- ヽ(^o^)丿 hi yay hello
- (^o^: ups hehe
- (^∇^) yay
- ┗(`皿´)┛ angry argh
- ヾ(^_^) byebye!! bye
- <(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) dance
- (-.-)Zzz... sleep
- (∩╹□╹∩) oh noes woot
- (╯°□°)╯ ┻━┻ table flip
- (」゜ロ゜)」 why woot
- (_゜_゜_) gloom I see you
- ༼ ༎ຶ ෴ ༎ຶ༽ sad
- (\/) (°,,,,°) (\/) krebs
- ┳━┳ ヽ(ಠل͜ಠ)ノ putting table back
- ┻━┻︵ \(°□°)/ ︵ ┻━┻ flip all dem tablez
- (`・ω・´) bear look
- ᕦ(ຈل͜ຈ)ᕤ strong flex muscle bicep
- ᕦ(ò_óˇ)ᕤ strong flex muscle bicep
- (๑>ᴗ<๑) excite
- (∩ ` -´)⊃━━☆゚.*・。゚ wizard spell magic
- ╰( ͡° ͜ʖ ͡° )つ──☆*:・゚ wizard spell magic
- ◕ ◡ ◕ puss in boots big eye
- ≋≋≋≋≋̯̫⌧̯̫(ˆ•̮ ̮•ˆ) nyan cat
- ʕ•ᴥ•ʔ bear
- (ԾɷԾ) adventure time
- (⁀ᗢ⁀) happy yay
- (≧◡≦) happy yay
- \(º □ º )/ panic
- 𓂺 penis
- 𓂸 penis
- __〆( ̄ー ̄ ) write down
- __〆(º □ º) write down
- __〆(^_^) write down
- C= C= C= C= C=┌(;・ω・)┘ running fast here
- ▓▒░(°◡°)░▒▓ dont care
- (๑ᵔ⤙ᵔ๑) nom food eating
- (·•᷄ࡇ •᷅ ) ohoh sad
- ᕕ( ᐛ )ᕗ hehe lol letsgo
- (^_~) wink
- '';
- # ref
- writers.writeDashBin "unimenu" ''
- history_file=$HOME/.cache/unimenu
- PATH=${lib.makeBinPath [coreutils dmenu gnused libnotify xclip xdotool]}
- chosen=$(cat "$history_file" ${kaomoji-file} ${unicode-file} | dmenu -p unicode -i -l 10 | tee --append "$history_file" | sed "s/ .*//")
- [ "$chosen" != "" ] || exit
- echo "$chosen" | tr -d '\n' | xclip -selection clipboard
- if [ -n "$1" ]; then
- xdotool key Shift+Insert
- else
- notify-send --app-name="$(basename "$0")" "'$chosen' copied to clipboard." &
- fi
- ''
diff --git a/lass/5pkgs/urban/default.nix b/lass/5pkgs/urban/default.nix
deleted file mode 100644
index fb8adaed9..000000000
--- a/lass/5pkgs/urban/default.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ pkgs, ... }:
-pkgs.writeScriptBin "urban" ''
- #!/bin/sh
- set -euf
- term=$1
- curl -LsS ''"$term" \
- | sed 's/<\/\?a\>[^>]*>//g' \
- | sed 's/<\([^>]*\)>/\n<\1\n/g' \
- | grep . \
- | sed -n '/<div class=.meaning./,/<\/div/p' \
- | sed 's/<div class=.meaning./-----/' \
- | grep -v '^</div\>' \
- | grep -v '^<br\>' \
- | sed '
- s/&quot;/"/g
- s/&#39;/'\'''/g
- s/&gt;/>/g
- s/&lt;/>/g
- '
diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix
deleted file mode 100644
index 20c546dbb..000000000
--- a/lass/5pkgs/xephyrify/default.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{ writeDashBin, writeHaskellPackage, coreutils, xorg, virtualgl, ... }:
- xephyrify-xmonad = writeHaskellPackage "xephyrify-xmonad" {
- executables.xmonad = {
- extra-depends = [
- "containers"
- "unix"
- "xmonad"
- ];
- text = /* haskell */ ''
- module Main where
- import XMonad
- import Data.Monoid
- import System.Posix.Process (executeFile)
- import qualified Data.Map as Map
- main :: IO ()
- main = do
- xmonad def
- { workspaces = [ "1" ]
- , layoutHook = myLayoutHook
- , keys = myKeys
- , normalBorderColor = "#000000"
- , focusedBorderColor = "#000000"
- , handleEventHook = myEventHook
- }
- myEventHook :: Event -> X All
- myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
- spawn "${xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
- return (All True)
- myEventHook _ = do
- return (All True)
- myLayoutHook = Full
- myKeys _ = Map.fromList []
- '';
- };
- };
-in writeDashBin "xephyrify" ''
- NDISPLAY=''${NDISPLAY:-$(${coreutils}/bin/shuf -i 100-65536 -n 1)}
- echo "using DISPLAY $NDISPLAY"
- ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -dpi 60 -nolisten local :$NDISPLAY &
- if test -n $DROP_TO_USER; then
- sleep 1
- ls /tmp/.X11-unix/
- id
- ${coreutils}/bin/chgrp "$DROP_TO_USER" "/tmp/.X11-unix/X$NDISPLAY"
- ${coreutils}/bin/chmod 770 "/tmp/.X11-unix/X$NDISPLAY"
- fi
- DISPLAY=:$NDISPLAY ${xephyrify-xmonad}/bin/xmonad &
- DISPLAY=:$NDISPLAY ${virtualgl}/bin/vglrun "$@"
- kill $XMONAD_PID
- kill $XEPHYR_PID
diff --git a/lass/5pkgs/xml2json/default.nix b/lass/5pkgs/xml2json/default.nix
deleted file mode 100644
index 78690d4b7..000000000
--- a/lass/5pkgs/xml2json/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ pkgs, ... }:
- pp = pkgs.python35Packages;
-in pp.buildPythonPackage rec {
- name = "xml2json-${version}";
- version = "22ffcd";
- propagatedBuildInputs = [
- pp.simplejson
- ];
- src = pkgs.fetchFromGitHub {
- owner = "hay";
- repo = "xml2json";
- rev = "${version}";
- sha256 = "1snjd6q6bk517350gdrl8kkphkra0iaz56i583h2q57ab09r29vc";
- };
- doCheck = false;
diff --git a/lass/5pkgs/xonsh2/default.nix b/lass/5pkgs/xonsh2/default.nix
deleted file mode 100644
index d55d22445..000000000
--- a/lass/5pkgs/xonsh2/default.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ lib, stdenv
-, fetchFromGitHub
-, python39Packages
-, glibcLocales
-, coreutils
-, git
-, extraInputs ? []
-}: let
- python3Packages = python39Packages;
-in python3Packages.buildPythonApplication rec {
- pname = "xonsh2";
- version = "master";
- # fetch from github because the pypi package ships incomplete tests
- src = fetchFromGitHub {
- owner = "anki-code";
- repo = "xonsh2";
- rev = "bd96fcdce9319ab6b90c7d9ac47d2249b61144d0";
- sha256 = "0b632rac8macfp2mmvhh1f34cf1m5qfpjajwnf676qk7jzn79vx6";
- };
- LC_ALL = "en_US.UTF-8";
- postPatch = ''
- sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' scripts/
- find scripts -name 'xonsh*' -exec sed -i -e "s|env -S|env|" {} \;
- find -name "*.xsh" | xargs sed -ie 's|/usr/bin/env|${coreutils}/bin/env|'
- patchShebangs .
- '';
- doCheck = false;
- checkPhase = ''
- HOME=$TMPDIR pytest -k 'not test_repath_backslash and not test_os and not test_man_completion and not test_builtins and not test_main and not test_ptk_highlight and not test_pyghooks'
- HOME=$TMPDIR pytest -k 'test_builtins or test_main' --reruns 5
- HOME=$TMPDIR pytest -k 'test_ptk_highlight'
- '';
- checkInputs = [ python3Packages.pytest python3Packages.pytest-rerunfailures glibcLocales git ];
- propagatedBuildInputs = with python3Packages; [ ply prompt_toolkit pygments ] ++ extraInputs;
- meta = with lib; {
- description = "A Python-ish, BASHwards-compatible shell";
- homepage = "";
- # changelog = "${version}";
- license = licenses.bsd3;
- platforms = platforms.all;
- };
- passthru = {
- shellPath = "/bin/xonsh2";
- };
diff --git a/lass/5pkgs/yt-next/default.nix b/lass/5pkgs/yt-next/default.nix
deleted file mode 100644
index 8132b4f05..000000000
--- a/lass/5pkgs/yt-next/default.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ pkgs, ... }:
-pkgs.writeScriptBin "yt-next" ''
- #! ${pkgs.bash}/bin/bash
- vid=$1
- num=''${NUM:-1}
- curl -Ls $1 \
- | grep 'href="/watch?v=' \
- | head -n$num \
- | sed 's,.*href="\([^"]*\)".*,\1,'
diff --git a/lass/default.nix b/lass/default.nix
deleted file mode 100644
index d077cc09f..000000000
--- a/lass/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }:
- imports = [
- ../krebs
- ./2configs
- ./3modules
- ];
- nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
diff --git a/lass/krops.nix b/lass/krops.nix
deleted file mode 100644
index a7dcaf5bf..000000000
--- a/lass/krops.nix
+++ /dev/null
@@ -1,96 +0,0 @@
-{ name }: let
- inherit (import ../krebs/krops.nix { inherit name; })
- krebs-source
- lib
- pkgs
- ;
- source = { test }: lib.evalSource ([
- (krebs-source { test = test; })
- {
- nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
- nixpkgs = lib.mkForce (if test then {
- derivation = let
- rev = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
- sha256 = (lib.importJSON ../krebs/nixpkgs-unstable.json).sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- '';
- } else {
- git = {
- ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
- url =;
- shallow = true;
- };
- });
- secrets = if test then {
- file = toString ./2configs/tests/dummy-secrets;
- } else {
- pass = {
- dir = "${lib.getEnv "HOME"}/sync/pwstore";
- name = "hosts/${name}";
- };
- };
- stockholm.file = lib.mkForce {
- path = toString ../.;
- useChecksum = true;
- };
- }
- (if lib.pathExists (./. + "/1systems/${name}/source.nix") then
- import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs test; }
- else
- {}
- )
- ]);
-in {
- deploy = { target ? "root@${name}/var/src", offline ? false }: pkgs.krops.writeCommand "deploy" {
- command = targetPath: ''
- set -xfu
- outDir=$(mktemp -d)
- trap "rm -rf $outDir;" INT TERM EXIT
- build=$(command -v nom-build || echo "nix-build")
- $build \
- -I "${targetPath}" \
- '<nixpkgs/nixos>' -A \
- -o "$outDir/out" \
- ${lib.optionalString offline "--option substitute false"} \
- # -vvvvv --show-trace
- nix-env -p /nix/var/nix/profiles/system --set "$outDir/out"
- "$outDir/out/bin/switch-to-configuration" switch
- '';
- source = source { test = false; };
- allocateTTY = true;
- inherit target;
- };
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
- populate = { target, force ? false }: pkgs.populate {
- inherit force;
- source = source { test = false; };
- target = lib.mkTarget target;
- };
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
- test = { target }: pkgs.krops.writeTest "${name}-test" {
- force = true;
- inherit target;
- source = source { test = true; };
- };
diff --git a/lass/tombstone b/lass/tombstone
new file mode 100644
index 000000000..e3b051963
--- /dev/null
+++ b/lass/tombstone
@@ -0,0 +1 @@
+this config has been moved to for now
[cgit] Unable to lock slot /tmp/cgit/bf100000.lock: No such file or directory (2)