diff options
60 files changed, 1423 insertions, 157 deletions
diff --git a/jeschli/1systems/reagenzglas/.source.nix.swp b/jeschli/1systems/reagenzglas/.source.nix.swp Binary files differnew file mode 100644 index 000000000..8c1a75f39 --- /dev/null +++ b/jeschli/1systems/reagenzglas/.source.nix.swp diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix new file mode 100644 index 000000000..d65e897ae --- /dev/null +++ b/jeschli/1systems/reagenzglas/config.nix @@ -0,0 +1,146 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + <stockholm/jeschli> + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + # boot.loader.grub.enable = true; + # boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + # Define on which hard drive you want to install Grub. +# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2"; + preLVM = true; + allowDiscards = true; + } + ]; + networking.hostName = "reaganzglas"; # Define your hostname. +# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + nixpkgs.config.allowUnfree = true; + environment.shellAliases = { n = "nix-shell"; }; + environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; + environment.systemPackages = with pkgs; [ + # system helper + ag + curl + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + rxvt_unicode + # editors + emacs + # internet + thunderbird + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + gnumake + # document viewer + zathura + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas" + ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.layout = "us"; + services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; + + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "18.03"; # Did you read the comment? + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + export GOPATH=$HOME/go + export PATH=$PATH:$GOPATH/bin + ''; + }; + + krebs.build.host = config.krebs.hosts.reagenzglas; + + hardware.bluetooth.enable = true; +} diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix new file mode 100644 index 000000000..a6ab3f16e --- /dev/null +++ b/jeschli/1systems/reagenzglas/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/DA40-AC19"; + fsType = "vfat"; + }; + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 8; +# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/jeschli/1systems/reagenzglas/source.nix b/jeschli/1systems/reagenzglas/source.nix new file mode 100644 index 000000000..7543de6b9 --- /dev/null +++ b/jeschli/1systems/reagenzglas/source.nix @@ -0,0 +1,4 @@ +import <stockholm/jeschli/source.nix> { + name = "reagenzglas"; + secure = true; +} diff --git a/jeschli/2configs/copy-vim.nix b/jeschli/2configs/copy-vim.nix new file mode 100644 index 000000000..43fcb1956 --- /dev/null +++ b/jeschli/2configs/copy-vim.nix @@ -0,0 +1,102 @@ +{ config, pkgs, ... }: + + +# let +# customPlugins.ultisnips = pkgs.vimUtils.buildVimPlugin { +# name = "ultisnips"; +# src = pkgs.fetchFromGitHub { +# owner = "SirVer"; +# repo = "ultisnips"; +# rev = "3.1"; +# sha256 = "0p9d91h9pm0nx0d77lqsgv6158q052cyj4nm1rd6zvbay9bkkf8b"; +# }; +# }; +# +let + customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { + name = "vim-javascript"; + src = pkgs.fetchFromGitHub { + owner = "pangloss"; + repo = "vim-javascript"; + rev = "1.2.5.1"; + sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; + }; + }; + customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { + name = "vim-jsx"; + src = pkgs.fetchFromGitHub { + owner = "mxw"; + repo = "vim-jsx"; + rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + }; + }; +in { +# { + environment.systemPackages = [ + (pkgs.vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = '' + :imap jk <Esc> + :vmap v v + :map gr :GoRun<Enter> + :nnoremap <S-TAB> :bnext<CR> + :nnoremap <C-TAB> <c-w><c-w> + set autowrite + set number + set ruler + + noremap x "_x + set clipboard=unnamedplus + + let g:jsx_ext_required = 0 + + let g:go_list_type = "quickfix" + let g:go_test_timeout = '10s' + let g:go_fmt_command = "goimports" + let g:go_snippet_case_type = "camelcase" + let g:go_highlight_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_extra_types = 1 + autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 + let g:rehash256 = 1 + let g:molokai_original = 1 + colorscheme molokai + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:go_metalinter_autosave = 1 + " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] + " let g:go_def_mode = 'godef' + " let g:go_decls_includes = "func,type" + + + " Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe. + let g:UltiSnipsExpandTrigger="<c-e>" + let g:UltiSnipsJumpForwardTrigger="<c-t>" + let g:UltiSnipsJumpBackwardTrigger="<c-q>" + + " If you want :UltiSnipsEdit to split your window. + let g:UltiSnipsEditSplit="vertical" + + if has('persistent_undo') "check if your vim version supports it + set undofile "turn on the feature + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + endif + ''; + + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" "molokai" ]; } # wanted: fatih/molokai + # vim-nix handles indentation better but does not perform sanity + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode + { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } + { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } + { names = [ "UltiSnips" ]; ft_regex = "^go\$"; } + ]; + + }) + ]; +} diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix new file mode 100644 index 000000000..7fb240951 --- /dev/null +++ b/jeschli/2configs/default.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + imports = [ + ./vim.nix + ./retiolum.nix + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + ]; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + parallel + proot + populate + + #style + most + rxvt_unicode.terminfo + + #monitoring tools + htop + iotop + + #network + iptables + iftop + + #stuff for dl + aria2 + + #neat utils + file + kpaste + krebspaste + mosh + pciutils + psmisc + # q + # rs + tmux + untilport + usbutils + # logify + goify + + #unpack stuff + p7zip + unzip + unrar + + (pkgs.writeDashBin "sshn" '' + ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" + '') + ]; + + krebs.enable = true; +} diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix new file mode 100644 index 000000000..403300b30 --- /dev/null +++ b/jeschli/2configs/retiolum.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "gum" + "ni" + "dishfire" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; + + environment.systemPackages = [ + pkgs.tinc + ]; +} diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix new file mode 100644 index 000000000..f6c736fbc --- /dev/null +++ b/jeschli/2configs/vim.nix @@ -0,0 +1,373 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + out = { + environment.systemPackages = [ + (hiPrio vim) + pkgs.python35Packages.flake8 + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + }; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set mouse=a + set ruler + set pastetoggle=<INS> + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set title + set titleold= + set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + let g:syntastic_python_flake8_post_args='--ignore=E501' + + nmap <esc>q :buffer + nmap <M-q> :buffer + + cnoremap <C-A> <Home> + + noremap <C-c> :q<cr> + vnoremap < <gv + vnoremap > >gv + + nnoremap <esc>[5^ :tabp<cr> + nnoremap <esc>[6^ :tabn<cr> + nnoremap <esc>[5@ :tabm -1<cr> + nnoremap <esc>[6@ :tabm +1<cr> + + nnoremap <f1> :tabp<cr> + nnoremap <f2> :tabn<cr> + inoremap <f1> <esc>:tabp<cr> + inoremap <f2> <esc>:tabn<cr> + + " <C-{Up,Down,Right,Left> + noremap <esc>Oa <nop> | noremap! <esc>Oa <nop> + noremap <esc>Ob <nop> | noremap! <esc>Ob <nop> + noremap <esc>Oc <nop> | noremap! <esc>Oc <nop> + noremap <esc>Od <nop> | noremap! <esc>Od <nop> + " <[C]S-{Up,Down,Right,Left> + noremap <esc>[a <nop> | noremap! <esc>[a <nop> + noremap <esc>[b <nop> | noremap! <esc>[b <nop> + noremap <esc>[c <nop> | noremap! <esc>[c <nop> + noremap <esc>[d <nop> | noremap! <esc>[d <nop> + + " search with ack + let g:ackprg = 'ag --vimgrep' + cnoreabbrev Ack Ack! + + " copy/paste from/to xclipboard + noremap x "_x + set clipboard=unnamedplus + ''; + + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.ack-vim + pkgs.vimPlugins.Gundo + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + pkgs.vimPlugins.vim-go + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchFromGitHub { + owner = "bogado"; + repo = "file-line"; + rev = "1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) + ]; + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.symlinkJoin { + name = "vim"; + paths = [ + (pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + '') + pkgs.vim + ]; + }; + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref <nix/src/libexpr/lexer.l> + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + ''; +in +out diff --git a/jeschli/default.nix b/jeschli/default.nix new file mode 100644 index 000000000..7886fef49 --- /dev/null +++ b/jeschli/default.nix @@ -0,0 +1,9 @@ +_: +{ + imports = [ + ../krebs + ./2configs +# ./3modules +# ./5pkgs + ]; +} diff --git a/jeschli/source.nix b/jeschli/source.nix new file mode 100644 index 000000000..d5e14a8dc --- /dev/null +++ b/jeschli/source.nix @@ -0,0 +1,22 @@ +with import <stockholm/lib>; +host@{ name, secure ? false, override ? {} }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "jeschli"; + _file = <stockholm> + "/jeschli/1systems/${name}/source.nix"; +in + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; + nixpkgs.git = { + url = https://github.com/nixos/nixpkgs; + ref = "f9390d6"; + }; + secrets.file = getAttr builder { + buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>; + jeschli = "/home/jeschli/secrets/${name}"; + }; + stockholm.file = toString <stockholm>; + } + override + ] diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index adbc1ebe1..b56f5c543 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -104,7 +104,7 @@ in "dummy_secrets": "true", }, command=[ - "nix-shell", "--run", " ".join(["test", + "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test", "--user={}".format(user), "--system={}".format(host), "--force-populate", diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 5bedbcf25..caeef2885 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -61,6 +61,7 @@ let hosts = mkOption { type = with types; attrsOf host; + default = {}; }; users = mkOption { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index d2c3000d6..ecf549df9 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -535,6 +535,86 @@ with import <stockholm/lib>; }; }; }; + reagenzglas = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.27.27"; + ip6.addr = "42::27"; + aliases = [ + "reagenzglas.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P + bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0 + utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO + 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5 + hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u + mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW + 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06 + aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw + pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu + 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/ + lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5 + +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz + 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli + PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0 + ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn + GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE + hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2 + ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX + vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe + G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44 + 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x + Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + xerxes = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.1.3"; + ip6.addr = "42::1:3"; + aliases = [ + "xerxes.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U + MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk + gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W + /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb + mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO + X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj + +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim + hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9 + 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4 + H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5 + JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4 + hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe + SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo + 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe + vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3 + Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO + scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv + jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ + Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u + /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0 + bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ + sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; + }; }; users = { lass = { @@ -563,6 +643,10 @@ with import <stockholm/lib>; mail = "lass@icarus.r"; pubkey = builtins.readFile ./ssh/icarus.rsa; }; + lass-xerxes = { + mail = "lass@xerxes.r"; + pubkey = builtins.readFile ./ssh/xerxes.rsa; + }; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; @@ -583,5 +667,8 @@ with import <stockholm/lib>; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; mail = "joerg@higgsboson.tk"; }; + jeschli = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01"; + }; }; } diff --git a/krebs/3modules/lass/ssh/xerxes.rsa b/krebs/3modules/lass/ssh/xerxes.rsa new file mode 100644 index 000000000..2b5da7b25 --- /dev/null +++ b/krebs/3modules/lass/ssh/xerxes.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGjBN0aFs6GxNwMjCvlddbN6+vb6LZuWiWWe+wbAynaGuGbae0TXCLp0/eMNy7fH8poDjpdW9M4mKbBFKOqyG8WJLCPFoQw761tjKl1hccJn0hFSkQAEGKxtfzHlAl/Mz+59yvqNg7/WNSivv41hE7btYltzRy238VQDYFv2eLM7acyxrgGo7tWOtkbpfELj5cM8Qw1j3TF9bGV5pK6IOEtaHbmalS8Iiz77syAu+6E/y6zKBTtGMHI15l6RNJ/Y7A1LM/WwuNL+9dJMYWJFVHy3/4dpaxiioHREiSawUbz9wNHknCrT6vaPCIVVcujhz9Oee1C5UiYUyyfJrFYdlzaTg7FuLNIt2hKMY6NYx1D8/Pwpq1JOsaEfK/K5ytCgaJb115mRevcaUA5s7KYNWHmmZvy08JzCgSM6ZPRtfkQIcha77wVq6DugJ+KgBz+oADQRKiaMrumOMldd0B3q4Oxb71gDTE1XLAbWJnd/0Up1H5GAtZZUUrMUslZiU/23R6SOkyEMLWQTx/KgkWcz8DZLtib5o03uZpfJDVqp2CR+sjmy4x9aa+lSaOzuZP0KRyg+mOKl0o3zL7TNAzrzSCORVBg7nOh+0SPJkDxVRkc6dVY1L3ZOfdm2P/19fhWEr5ECgVrmYYKnDPwWY1iWJlZsiEc3Mj7KB1m44ov0FJg2hiNnydImqcXTCoszp515MBmeHnpqJsqEZuWS8dAnaEiOwZaSKIO1E7lQ7CoP86+eD4yAwLq6fb2tgjHT69LgDMaIha4hMfrO2o4UDVw9OZMfnPtyatI4pxplaQDoQM1p0dej0rZ7uxL1tfoKAyT0UCdtjhxfnNs0x1gOQbML4eGbqyKuyF82eOQRgKRDqH/tParoE4SRBVi7o3s0kILRmXA3ng3n1uhEiGwPTH8JsQ9huM+XOhH8+CzQeg4yb/jCrhsDzvLaW654+ouq9G+kjwqmO4vLNs5eZxfae84rppbS2MJqK1x8rkJixvKBKEfvYJOuDNV+hXyMbToaq8qtGy7cCSq4+UDio3DsSHY0Tpt9e+yEzoOOqFQLQyq6uHv/+u9MY+VADoa4N64U3S2SXul9tE3g6hOAY0F5BYMbxQSuj59kzwghlAmbsyWN2FCmWdsfCQkkZX7wCTj20DtZB/GdVSGNgHGAoU5JZrXKca3A2Yc9hzbYjyNYr0NmQ9NUbkbaOkcYJRIUXtS2OBOHP+FoUkkqL3ieKXR07l5xJbWLzbyVUxN9Zii4Baj5xnDO/RLZPDvTUxbER/0d1orMZztL2EKmfSn4j4uhWqpi04Rg9sWH+WVLAq22EKhAuqcFEOUimjcyZWYKxcAq5Z51NJNBQB7euz55eCJUZkBUYEpNuYr0UDlmBxKB2r6ZWDeNXT7eLxBdwDHCHSqXV7qOG1vMhHtjbbxmQMnkQ4InhO9TdpaN3tj67nGmc6hhgYO4b7NvyL1/pvDPrHrR/3GzkDkwqvt3uESdVdqAJSCk6gFh9V1aGs= lass@xerxes diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 080b8fced..9f1842b88 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -107,7 +107,7 @@ with import <stockholm/lib>; ci = true; cores = 1; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; + # ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; nets = { internet = { ip4.addr = "185.215.224.160"; @@ -500,7 +500,7 @@ with import <stockholm/lib>; }; retiolum = { ip4.addr = "10.243.214.15"; - ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; + # ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; aliases = [ "wbob.r" ]; diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 0211b31ba..b2e3aa7c5 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -173,6 +173,7 @@ let REPONAME = "${name}.git"; }; + restartIfChanged = false; serviceConfig = { Type = "simple"; PermissionsStartOnly = true; diff --git a/krebs/5pkgs/simple/apt-cacher-ng/default.nix b/krebs/5pkgs/simple/apt-cacher-ng/default.nix deleted file mode 100644 index e3986713b..000000000 --- a/krebs/5pkgs/simple/apt-cacher-ng/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ stdenv, fetchurl, cmake, doxygen, zlib, openssl, bzip2, pkgconfig, libpthreadstubs }: - -stdenv.mkDerivation rec { - name = "apt-cacher-ng-${version}"; - version = "2"; - - src = fetchurl { - url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz"; - sha256 = "0bkc3012vinridl5ch46pwnxjalymx4wf6nxax64nm7bdkcj9azf"; - }; - - NIX_LDFLAGS = "-lpthread"; - buildInputs = [ doxygen cmake zlib openssl bzip2 pkgconfig libpthreadstubs ]; - - meta = { - description = "A caching proxy specialized for linux distribution files"; - homepage = http://www.unix-ag.uni-kl.de/~bloch/acng/; - license = stdenv.lib.licenses.gpl2; - maintainers = [ stdenv.lib.maintainers.makefu ]; - }; -} diff --git a/krebs/source.nix b/krebs/source.nix index 39a388e03..73e216900 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString <stockholm>; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "0c5a587eeba5302ff87e494baefd2f14f4e19bee"; # nixos-17.09 @ 2017-11-10 + ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13 }; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index fee43f8cd..ad133802f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -179,7 +179,7 @@ with import <stockholm/lib>; echo 'secrets are crypted' >&2 exit 23 else - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' fi ''; predeploy = pkgs.writeDash "predeploy" '' diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b18abf509..87270b8b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -287,6 +287,15 @@ in { } <stockholm/krebs/2configs/reaktor-krebs.nix> <stockholm/lass/2configs/dcso-dev.nix> + { + krebs.git.rules = [ + { + user = [ config.krebs.users.jeschli ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix new file mode 100644 index 000000000..0669748f5 --- /dev/null +++ b/lass/1systems/xerxes/config.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/hw/gpd-pocket.nix> + <stockholm/lass/2configs/boot/stock-x220.nix> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + ]; + + krebs.build.host = config.krebs.hosts.xerxes; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0" + ''; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/16C8-D053"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ]; + networking.wireless.enable = true; +} diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix new file mode 100644 index 000000000..11f5bf796 --- /dev/null +++ b/lass/1systems/xerxes/source.nix @@ -0,0 +1,11 @@ +with import <stockholm/lib>; +import <stockholm/lass/source.nix> { + name = "xerxes"; + secure = true; + override = { + nixpkgs.git = mkForce { + url = https://github.com/lassulus/nixpkgs; + ref = "3eccd0b"; + }; + }; +} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 32a9f66cf..9712bafff 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -112,10 +112,6 @@ in { xkbOptions = "caps:backspace"; }; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - services.urxvtd.enable = true; services.xresources.enable = true; lass.screenlock.enable = true; diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix index 35bac8fee..ad307c797 100644 --- a/lass/2configs/br.nix +++ b/lass/2configs/br.nix @@ -18,7 +18,7 @@ with import <stockholm/lib>; netDevices = { bra = { model = "MFCL2700DN"; - ip = "10.23.42.221"; + ip = "10.42.23.221"; }; }; }; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 6c381863c..9459cfd6f 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -5,19 +5,23 @@ let mainUser = config.users.extraUsers.mainUser; - browser-select = pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu) + browser-select = let + sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) + (mapAttrsToList (name: value: { inherit name value; }) + config.lass.browser.paths); + in pkgs.writeScriptBin "browser-select" '' + BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) case $BROWSER in ${concatMapStringsSep "\n" (n: '' - ${n}) - export BIN=${config.lass.browser.paths.${n}}/bin/${n} + ${n.name}) + export BIN=${n.value.path}/bin/${n.name} ;; - '') (attrNames config.lass.browser.paths)} + '') (sortedPaths)} esac $BIN "$@" ''; - createChromiumUser = name: extraGroups: + createChromiumUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ @@ -31,7 +35,7 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name} = bin; + lass.browser.paths.${name}.path = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -40,10 +44,10 @@ let ]; }; - createFirefoxUser = name: extraGroups: + createFirefoxUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ ''; in { users.extraUsers.${name} = { @@ -54,7 +58,10 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name} = bin; + lass.browser.paths.${name} = { + path = bin; + inherit precedence; + }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -79,14 +86,24 @@ in { type = types.path; }; options.lass.browser.paths = mkOption { - type = with types; attrsOf path; + type = types.attrsOf (types.submodule ({ + options = { + path = mkOption { + type = types.path; + }; + precedence = mkOption { + type = types.int; + default = 0; + }; + }; + })); }; } - ( createFirefoxUser "ff" [ "audio" ] ) - ( createChromiumUser "cr" [ "video" "audio" ] ) + ( createFirefoxUser "ff" [ "audio" ] 10 ) + ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "gm" [ "video" "audio" ] 8 ) ( createChromiumUser "wk" [ "video" "audio" ] ) ( createChromiumUser "fb" [ "video" "audio" ] ) - ( createChromiumUser "gm" [ "video" "audio" ] ) ( createChromiumUser "com" [ "video" "audio" ] ) ]; } diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index b7fcc7aab..2b91f91d6 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -15,6 +15,7 @@ in { createHome = true; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.lass-android.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" ]; @@ -42,6 +43,10 @@ in { }; }; + krebs.per-user.dev.packages = [ + pkgs.go + ]; + security.sudo.extraConfig = '' ${mainUser.name} ALL=(dev) NOPASSWD: ALL ''; diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f8b750093..0e00dc2fd 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -22,6 +22,7 @@ with import <stockholm/lib>; config.krebs.users.lass.pubkey config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-icarus.pubkey + config.krebs.users.lass-xerxes.pubkey ]; }; mainUser = { diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 763633dd9..2d848773f 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -48,6 +48,7 @@ with import <stockholm/lib>; { from = "tomtop@lassul.us"; to = lass.mail; } { from = "aliexpress@lassul.us"; to = lass.mail; } { from = "business@lassul.us"; to = lass.mail; } + { from = "payeer@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index d114a826d..6cea271c1 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -57,7 +57,7 @@ let in { environment.systemPackages = with pkgs; [ - dwarf_fortress + (dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; }) doom1 doom2 vdoom1 diff --git a/lass/2configs/hw/gpd-pocket.nix b/lass/2configs/hw/gpd-pocket.nix new file mode 100644 index 000000000..87b4c518b --- /dev/null +++ b/lass/2configs/hw/gpd-pocket.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: + +let + dummy_firmware = pkgs.writeTextFile { + name = "brcmfmac4356-pcie.txt"; + text = builtins.readFile ./brcmfmac4356-pcie.txt; + destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt"; + }; +in { + #imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; + hardware.firmware = [ dummy_firmware ]; + hardware.enableRedistributableFirmware = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" "sdhci_pci" ]; + boot.kernelPackages = pkgs.linuxPackages_4_14; + boot.kernelParams = [ + "fbcon=rotate:1" + ]; + services.xserver.displayManager.sessionCommands = '' + (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) + ''; + services.xserver.dpi = 200; + fonts.fontconfig.dpi = 200; + lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola"; + lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola"; + lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol"; +} diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index bf7decc40..f5651da13 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -29,4 +29,9 @@ options = ["nosuid" "nodev" "noatime"]; }; }; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + } diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 77f0c79e3..25ca1f455 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -153,15 +153,15 @@ in { }; security.acme.certs."cgit.lassul.us" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/acme-challenges"; + email = "lassulus@lassul.us"; + webroot = "/var/lib/acme/acme-challenge"; plugins = [ "account_key.json" - "key.pem" "fullchain.pem" + "key.pem" ]; group = "nginx"; - allowKeysForGroup = true; + user = "nginx"; }; @@ -170,6 +170,9 @@ in { addSSL = true; sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; + locations."/.well-known/acme-challenge".extraConfig = '' + root /var/lib/acme/acme-challenge; + ''; }; users.users.blog = { diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 5b668c88f..10df08e7f 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -23,7 +23,7 @@ screengrab = pkgs.writeDashBin "screengrab" '' resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')" - ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :0.0 -s $resolution -c:v huffyuv $1 + ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1 ''; }; } diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 65bec117d..d3f76903d 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -30,6 +30,7 @@ import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch) +import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) @@ -39,10 +40,10 @@ import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) import XMonad.Layout.NoBorders (smartBorders) +import XMonad.Layout.SimplestFloat (simplestFloat) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Util.EZConfig (additionalKeysP) -import XMonad.Layout.SimpleFloat (simpleFloat) import XMonad.Stockholm.Shutdown @@ -59,7 +60,7 @@ main = getArgs >>= \case main' :: IO () main' = do - xmonad + xmonad $ ewmh $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def { terminal = myTerm @@ -77,7 +78,7 @@ main' = do myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat + defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) myKeyMap :: [([Char], X ())] myKeyMap = @@ -86,6 +87,8 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") + + , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") diff --git a/lass/source.nix b/lass/source.nix index 292b92a9e..710bfdf2d 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "f9390d6"; + ref = "cb751f9"; }; secrets.file = getAttr builder { buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 98d5d2988..b66ef1ab8 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -46,7 +46,7 @@ in { # services <stockholm/makefu/2configs/share/gum.nix> - <stockholm/makefu/2configs/sabnzbd.nix> + # <stockholm/makefu/2configs/sabnzbd.nix> <stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/iodined.nix> <stockholm/makefu/2configs/vpn/openvpn-server.nix> @@ -65,6 +65,8 @@ in { <stockholm/makefu/2configs/deployment/graphs.nix> <stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/boot-euer.nix> + <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix> + { services.taskserver.enable = true; services.taskserver.fqdn = config.krebs.build.host.name; @@ -84,13 +86,40 @@ in { # Temporary: # <stockholm/makefu/2configs/temp/rst-issue.nix> + <stockholm/makefu/2configs/virtualisation/docker.nix> + + #{ + # services.dockerRegistry.enable = true; + # networking.firewall.allowedTCPPorts = [ 8443 ]; + + # services.nginx.virtualHosts."euer.krebsco.de" = { + # forceSSL = true; + # enableACME = true; + # extraConfig = '' + # client_max_body_size 1000M; + # ''; + # locations."/".proxyPass = "http://localhost:5000"; + # }; + #} + { # wireguard server + networking.firewall.allowedUDPPorts = [ 51820 ]; + #networking.wireguard.interfaces.wg0 = { + # ips = [ "10.244.0.1/24" ]; + # privateKeyFile = (toString <secrets>) + "/wireguard.key"; + # allowedIPsAsRoutes = true; + # peers = [{ + # allowedIPs = [ "0.0.0.0/0" "::/0" ]; + # publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + # }]; + #}; + } ]; makefu.dl-dir = "/var/download"; services.openssh.hostKeys = [ - { bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; } - { path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ]; + { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; } + { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ]; ###### stable services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; krebs.build.host = config.krebs.hosts.gum; diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 1d157460b..4af87dc10 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -61,6 +61,7 @@ in { # logs to influx <stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/telegraf> + <stockholm/makefu/2configs/stats/telegraf/europastats.nix> # services <stockholm/makefu/2configs/syncthing.nix> diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix index 7b751e514..680fa2cbc 100644 --- a/makefu/1systems/tsp/config.nix +++ b/makefu/1systems/tsp/config.nix @@ -32,6 +32,8 @@ # acer aspire networking.wireless.enable = lib.mkDefault true; + services.xserver.synaptics.enable = true; + hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index ac51fd9ca..c30ee4c58 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -3,6 +3,7 @@ let rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115"; datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F"; user = config.makefu.gui.user; + primaryIP = "192.168.8.11"; in { imports = @@ -10,16 +11,18 @@ in { <stockholm/makefu> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/tools/core-gui.nix> - <stockholm/makefu/2configs/tools/extra-gui.nix> - <stockholm/makefu/2configs/tools/media.nix> + <stockholm/makefu/2configs/disable_v6.nix> + # <stockholm/makefu/2configs/tools/core-gui.nix> + # <stockholm/makefu/2configs/tools/extra-gui.nix> + # <stockholm/makefu/2configs/tools/media.nix> <stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/mqtt.nix> - <stockholm/makefu/2configs/deployment/led-fader.nix> # <stockholm/makefu/2configs/gui/wbob-kiosk.nix> + <stockholm/makefu/2configs/stats/client.nix> + # <stockholm/makefu/2configs/gui/studio-virtual.nix> # <stockholm/makefu/2configs/audio/jack-on-pulse.nix> # <stockholm/makefu/2configs/audio/realtime-audio.nix> @@ -27,6 +30,41 @@ in { # Services <stockholm/makefu/2configs/remote-build/slave.nix> + <stockholm/makefu/2configs/share/wbob.nix> + + <stockholm/makefu/2configs/stats/telegraf> + <stockholm/makefu/2configs/deployment/led-fader.nix> + <stockholm/makefu/2configs/stats/external/aralast.nix> + <stockholm/makefu/2configs/stats/telegraf/airsensor.nix> + <stockholm/makefu/2configs/deployment/bureautomation> + (let + collectd-port = 25826; + influx-port = 8086; + grafana-port = 3000; # TODO nginx forward + db = "collectd_db"; + logging-interface = "enp0s25"; + in { + services.grafana.enable = true; + services.grafana.addr = "0.0.0.0"; + + services.influxdb.enable = true; + services.influxdb.extraConfig = { + meta.hostname = config.krebs.build.host.name; + # meta.logging-enabled = true; + http.bind-address = ":${toString influx-port}"; + admin.bind-address = ":8083"; + collectd = [{ + enabled = true; + typesdb = "${pkgs.collectd}/share/collectd/types.db"; + database = db; + bind-address = ":${toString collectd-port}"; + }]; + }; + + networking.firewall.extraCommands = '' + iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + ''; + }) # temporary # <stockholm/makefu/2configs/temp/rst-issue.nix> diff --git a/makefu/1systems/wbob/source.nix b/makefu/1systems/wbob/source.nix index 6f079d712..b768aa87d 100644 --- a/makefu/1systems/wbob/source.nix +++ b/makefu/1systems/wbob/source.nix @@ -1,4 +1,4 @@ import <stockholm/makefu/source.nix> { name="wbob"; - musnix = true; + # musnix = true; } diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/deployment/bgt/hidden_service.nix new file mode 100644 index 000000000..c1a31b8dc --- /dev/null +++ b/makefu/2configs/deployment/bgt/hidden_service.nix @@ -0,0 +1,48 @@ +{ pkgs, lib, ... }: + +with lib; +let + name = "bgt_cyberwar_hidden_service"; + sec = (toString <secrets>) + "/"; + secdir = sec + name; + srvdir = "/var/lib/tor/onion/"; + basedir = srvdir + name; + hn = builtins.readFile (secdir + "/hostname"); +in +{ + systemd.services.prepare-hidden-service = { + wantedBy = [ "local-fs.target" ]; + before = [ "tor.service" ]; + serviceConfig = { + ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' + #!/bin/sh + set -euf + if ! test -d "${basedir}" ;then + mkdir -p "${srvdir}" + cp -r "${secdir}" "${srvdir}" + chown -R tor:tor "${srvdir}" + chmod -R 700 "${basedir}" + else + echo "not overwriting ${basedir}" + fi + ''; + Type = "oneshot"; + RemainAfterExit = "yes"; + TimeoutSec = "0"; + }; + }; + services.nginx.virtualHosts."${hn}".locations."/" = { + proxyPass = "https://blog.binaergewitter.de"; + extraConfig = '' + proxy_set_header Host blog.binaergewitter.de; + proxy_ssl_server_name on; + ''; + }; + services.tor = { + enable = true; + hiddenServices."${name}".map = [ + { port = "80"; } + # { port = "443"; toHost = "blog.binaergewitter.de"; } + ]; + }; +} diff --git a/makefu/2configs/deployment/bureautomation/default.nix b/makefu/2configs/deployment/bureautomation/default.nix new file mode 100644 index 000000000..3897537ea --- /dev/null +++ b/makefu/2configs/deployment/bureautomation/default.nix @@ -0,0 +1,41 @@ +{ pkgs, lib, ... }: + +with lib; +let + port = 3001; + runit = pkgs.writeDash "runit" '' + set -xeuf + PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin + name=''${1?must provide name as first arg} + state=''${2?must provide state as second arg} + # val=''${3?must provide val as third arg} + + # we ignore non-alerting events + test $state = alerting || exit 0 + + echo $name - $state + curl 'http://bauarbeiterlampe/ay?o=1' + sleep 5 + curl 'http://bauarbeiterlampe/ay?o=1' + ''; +in { + services.logstash = { + package = pkgs.logstash5; + enable = true; + inputConfig = '' + http { + port => ${toString port} + host => "127.0.0.1" + } + ''; + filterConfig = '' + ''; + outputConfig = '' + stdout { codec => json } + exec { command => "${runit} '%{ruleName}' '%{state}'" } + ''; + extraSettings = '' + path.plugins: [ "${pkgs.logstash-output-exec}" ] + ''; + }; +} diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 4c17a1d50..292b6679d 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -1,27 +1,25 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, buildPythonPackage, ... }: -with import <stockholm/lib>; let mq = "192.168.8.11"; - pkg = pkgs.stdenv.mkDerivation { + pkg = pkgs.python3Packages.buildPythonPackage { name = "ampel-master"; + src = pkgs.fetchgit { url = "http://cgit.euer.krebsco.de/ampel"; - rev = "07a6791de368e16cc0864d2676fd255eba522cee"; - sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q"; + rev = "531741b"; + sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c"; }; - buildInputs = [ - (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ + propagatedBuildInputs = with pkgs.python3Packages; [ docopt paho-mqtt - ])) + requests + pytz + influxdb + httplib2 + google_api_python_client ]; - installPhase = '' - install -m755 -D fade.py $out/bin/fade.py - install -m755 -D ampel.py $out/bin/ampel - install -m755 -D times.json $out/share/times.json - ''; }; in { systemd.services.led-fader = { @@ -34,7 +32,9 @@ in { serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2"; - ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; + ExecStart = "${pkg}/bin/ampel 4"; + Restart = "always"; + RestartSec = 10; PrivateTmp = true; }; }; diff --git a/makefu/2configs/deployment/scrape/default.nix b/makefu/2configs/deployment/scrape/default.nix new file mode 100644 index 000000000..c7a5b5c14 --- /dev/null +++ b/makefu/2configs/deployment/scrape/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./elkstack.nix + ./selenium.nix + ]; +} diff --git a/makefu/2configs/deployment/scrape/selenium.nix b/makefu/2configs/deployment/scrape/selenium.nix new file mode 100644 index 000000000..d700259ba --- /dev/null +++ b/makefu/2configs/deployment/scrape/selenium.nix @@ -0,0 +1,65 @@ +{config, pkgs, lib, ...}: +with <stockholm/lib>; +let + selenium-pw = <secrets/selenium-vncpasswd>; +in { + services.jenkinsSlave.enable = true; + users.users.selenium = { + uid = genid "selenium"; + extraGroups = [ "plugdev" ]; + }; + + fonts.enableFontDir = true; + + # networking.firewall.allowedTCPPorts = [ 5910 ]; + + systemd.services.selenium-X11 = + { + description = "X11 vnc for selenium"; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.xorg.xorgserver pkgs.tightvnc pkgs.dwm ]; + environment = + { + DISPLAY = ":10"; + }; + script = '' + set -ex + [ -e /tmp/.X10-lock ] && ( set +e ; chmod u+w /tmp/.X10-lock ; rm /tmp/.X10-lock ) + [ -e /tmp/.X11-unix/X10 ] && ( set +e ; chmod u+w /tmp/.X11-unix/X10 ; rm /tmp/.X11-unix/X10 ) + mkdir -p ~/.vnc + cp -f ${selenium-pw} ~/.vnc/passwd + chmod go-rwx ~/.vnc/passwd + echo > ~/.vnc/xstartup + chmod u+x ~/.vnc/xstartup + vncserver $DISPLAY -geometry 1280x1024 -depth 24 -name jenkins -ac + dwm + ''; + preStop = '' + vncserver -kill $DISPLAY + ''; + serviceConfig = { + User = "selenium"; + }; + }; + + systemd.services.selenium-server = + { + description = "selenium-server"; + wantedBy = [ "multi-user.target" ]; + requires = [ "selenium-X11.service" ]; + path = [ pkgs.chromium + pkgs.firefoxWrapper ]; + environment = + { + DISPLAY = ":10"; + }; + script = '' + ${pkgs.selenium-server-standalone}/bin/selenium-server -Dwebdriver.enable.native.events=1 + ''; + serviceConfig = { + User = "selenium"; + }; + }; + + +} diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 7d7a4ec57..e4fef7c3c 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -30,20 +30,14 @@ in { browseable = "yes"; "guest ok" = "yes"; }; - usenet = { - path = "/media/crypt0/usenet/dst"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - pyload = { - path = "/media/crypt0/pyload"; + crypt0 = { + path = "/media/crypt0"; "read only" = "yes"; browseable = "yes"; "guest ok" = "yes"; }; - crypt0 = { - path = "/media/crypt0"; + crypX-games = { + path = "/media/cryptX/games"; "read only" = "yes"; browseable = "yes"; "guest ok" = "yes"; diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix new file mode 100644 index 000000000..7d3fc38fe --- /dev/null +++ b/makefu/2configs/share/wbob.nix @@ -0,0 +1,38 @@ +{config, ... }:{ + networking.firewall.allowedUDPPorts = [ 137 138 ]; + networking.firewall.allowedTCPPorts = [ 139 445 ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + incoming = { + path = "/data/incoming"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + data = { + path = "/data/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/makefu/2configs/stats/telegraf/airsensor.nix b/makefu/2configs/stats/telegraf/airsensor.nix new file mode 100644 index 000000000..09d23e7d4 --- /dev/null +++ b/makefu/2configs/stats/telegraf/airsensor.nix @@ -0,0 +1,19 @@ +{ pkgs, ...}: + +{ + services.udev.extraRules = '' + SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input" + ''; + users.users.telegraf.extraGroups = [ "input" ]; + services.telegraf.extraConfig.inputs.exec = [ + { + commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"]; + timeout = "10s"; + data_format = "value"; + data_type = "integer"; + name_override = "airquality"; + interval = "10s"; + tags.unit="VOC"; + } + ]; +} diff --git a/makefu/2configs/stats/telegraf/default.nix b/makefu/2configs/stats/telegraf/default.nix index 4da6561d6..049a9c037 100644 --- a/makefu/2configs/stats/telegraf/default.nix +++ b/makefu/2configs/stats/telegraf/default.nix @@ -2,9 +2,6 @@ let url = "http://localhost:8086"; in { - imports = [ - ./europastats.nix - ]; services.telegraf = { enable = true; extraConfig = { diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 46872279a..26e9808b2 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -13,10 +13,12 @@ esptool cac-api cac-panel + krebszones ovh-zone whatsupnix brain gen-oath-safe cdrtools + stockholm ]; } diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index bcc068d82..e25290297 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -14,5 +14,6 @@ saleae-logic arduino-user-env gitAndTools.gitFull + signal-desktop ]; } diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 8da615963..40ea4523d 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -7,5 +7,6 @@ users.users.makefu.packages = with pkgs; [ games-user-env wine + pkg2zip ]; } diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index f280fc852..6be078f6a 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -8,11 +8,12 @@ in users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; programs.zsh= { enable = true; - enableCompletion = false ; #manually at the end + enableCompletion = true ; #manually at the end interactiveShellInit = '' HISTSIZE=900001 HISTFILESIZE=$HISTSIZE SAVEHIST=$HISTSIZE + HISTFILE=$HOME/.zsh_history setopt HIST_IGNORE_ALL_DUPS setopt HIST_IGNORE_SPACE @@ -65,13 +66,15 @@ in zle -N fzf-file-widget bindkey '^T' fzf-file-widget - # Auto-Completion - for p in ''${(z)NIX_PROFILES}; do - fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions) - done - autoload -U compinit && compinit compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + + # ctrl-x ctrl-e + autoload -U edit-command-line + zle -N edit-command-line + bindkey '^xe' edit-command-line + bindkey '^x^e' edit-command-line + ''; promptInit = '' diff --git a/makefu/5pkgs/PkgDecrypt/default.nix b/makefu/5pkgs/PkgDecrypt/default.nix new file mode 100644 index 000000000..80bcbcac1 --- /dev/null +++ b/makefu/5pkgs/PkgDecrypt/default.nix @@ -0,0 +1,27 @@ +{ stdenv, lib, pkgs, fetchFromGitHub, ... }: +stdenv.mkDerivation rec { + name = "PkgDecrypt-2017-12-01"; + rev = "e2f9518"; + + src = fetchFromGitHub { + owner = "St4rk"; + repo = "PkgDecrypt"; + inherit rev; + sha256 = "0dk13qamxyny0vc990s06vqddxwwc6xmikb1pkc3rnys98yda29p"; + }; + + installPhase = '' + install -m755 -D pkg_dec $out/bin/pkg_dec + install -m755 -D make_key $out/bin/make_key + ''; + + buildInputs = with pkgs;[ + zlib + ]; + + meta = { + homepage = https://github.com/St4rk/PkgDecrypt; + description = "St4rk's Vita pkg decrypter"; + license = lib.licenses.gpl2; + }; +} diff --git a/makefu/5pkgs/airsensor-py/default.nix b/makefu/5pkgs/airsensor-py/default.nix new file mode 100644 index 000000000..4eae26c0d --- /dev/null +++ b/makefu/5pkgs/airsensor-py/default.nix @@ -0,0 +1,17 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python3Packages; +buildPythonApplication rec { + name = "airsensor-py-${version}"; + version = "2017-12-05"; + propagatedBuildInputs = [ + pyusb + click + ]; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "airsensor-py"; + rev = "7ac5f185dc848fca1b556e4c0396dd73f6a93995"; + sha256 = "0387b025y8kb0zml7916p70hmzc3y18kqh46b9xv5qayljxymq2w"; + }; +} diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 80a453ddc..80a0d33cd 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -24,7 +24,7 @@ in { alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; - inherit (callPackage ./devpi {}) devpi-web devpi-server; + inherit (callPackage ./devpi {}) devpi-web ; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { patches = [ ./custom/inkscape/dxf_fix.patch ]; diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix index e7c26da55..3ddcd9641 100644 --- a/makefu/5pkgs/devpi/default.nix +++ b/makefu/5pkgs/devpi/default.nix @@ -14,18 +14,6 @@ let propagatedBuildInputs = with pkgs.python3Packages; [ docutils bleach pygments ]; }; - devpi-client = pkgs.python3Packages.buildPythonPackage rec { - name = "devpi-client"; - version = "2.7.0"; - - src = pkgs.fetchurl { - url = "mirror://pypi/d/devpi-client/devpi-client-${version}.tar.gz"; - sha256 = "0z7vaf0a66n82mz0vx122pbynjvkhp2mjf9lskgyv09y3bxzzpj3"; - }; - patches = [ ./py3-fix-encoding.patch ]; - buildInputs = with pkgs.python3Packages; [ tox check-manifest pkginfo ]; - propagatedBuildInputs = with pkgs.python3Packages; [ devpi-common py ]; - }; devpi-web = pkgs.python3Packages.buildPythonPackage rec { name = "devpi-web"; version = "3.1.1"; @@ -37,7 +25,7 @@ let }; propagatedBuildInputs = with pkgs.python3Packages; - [ devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ]; + [ pkgs.devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ]; meta = { homepage = https://bitbucket.org/hpk42/devpi; @@ -47,53 +35,7 @@ let }; }; - devpi-common-3 = pkgs.python3Packages.buildPythonPackage rec { - name = "devpi-common"; - version = "3.0.1"; - - src = pkgs.fetchurl { - url = "mirror://pypi/d/devpi-common/devpi-common-${version}.tar.gz"; - sha256 = "0l3a7iyk596x6pvzg7604lzzi012qszr804fqn6f517zcy1xz23j"; - }; - - propagatedBuildInputs = with pkgs.python3Packages; [ requests py ]; - - meta = { - homepage = https://bitbucket.org/hpk42/devpi; - description = "Utilities jointly used by devpi-server and devpi-client"; - license = licenses.mit; - maintainers = with maintainers; [ lewo makefu ]; - }; - }; - - devpi-server = pkgs.python3Packages.buildPythonPackage rec { - name = "devpi-server"; - version = "4.1.1"; - - # original postFixup adds "import sys; sys.argv[0] = 'devpi-server'" to - # `.devpi-server-wrapped` which - # results in "not existing devpi-server: 'devpi-server'" - postFixup = ""; - - src = pkgs.fetchurl { - url = "mirror://pypi/d/devpi-server/devpi-server-${version}.tar.gz"; - sha256 = "1icbn1nw6w0sc5150fr69rlhs0j5ldnnxfzl2qabq2wi0dbar8hf"; - }; - - propagatedBuildInputs = with pkgs.python3Packages; - [ devpi-common-3 execnet itsdangerous pluggy waitress pyramid ]; - buildInputs = with pkgs.python3Packages; [ pytest beautifulsoup4 webtest ]; - - meta = { - homepage = https://bitbucket.org/hpk42/devpi; - description = "Devpi Server"; - license = licenses.mit; - maintainers = with maintainers; [ makefu ]; - }; - }; - in { - inherit devpi-server devpi-client; devpi-web = pkgs.python3.buildEnv.override { extraLibs = [ devpi-web devpi-server ]; }; diff --git a/makefu/5pkgs/pkg2zip/default.nix b/makefu/5pkgs/pkg2zip/default.nix new file mode 100644 index 000000000..36c3d7176 --- /dev/null +++ b/makefu/5pkgs/pkg2zip/default.nix @@ -0,0 +1,29 @@ +{ stdenv, lib, pkgs, fetchFromGitHub, ... }: +stdenv.mkDerivation rec { + name = "pkg2zip-2017-12-01"; + rev = "fccad26"; + + src = fetchFromGitHub { + owner = "mmozeiko"; + repo = "pkg2zip"; + inherit rev; + sha256 = "1sq9yx5cbllmc0yyxhvb6c0yq1mkd1mn8njgkkgxz8alw9zwlarp"; + }; + + installPhase = '' + install -m755 -D pkg2zip $out/bin/pkg2zip + + install -m755 -D rif2zrif.py $out/bin/rif2zrif + install -m755 -D zrif2rif.py $out/bin/zrif2rif + ''; + + buildInputs = with pkgs;[ + python3 + ]; + + meta = { + homepage = https://github.com/St4rk/PkgDecrypt; + description = "St4rk's Vita pkg decrypter"; + license = lib.licenses.gpl2; + }; +} diff --git a/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname b/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname new file mode 100644 index 000000000..2ae3807f1 --- /dev/null +++ b/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname @@ -0,0 +1 @@ +dickbutt2342.onion diff --git a/makefu/source.nix b/makefu/source.nix index aa49062e9..ce5855430 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,7 +11,7 @@ let then "buildbot" else "makefu"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - ref = "6778819"; # unstable @ 2017-11-14 + ref = "3874de4"; # unstable @ 2017-12-08 # + do_sqlite3 ruby: 55a952be5b5 in |