diff options
36 files changed, 1007 insertions, 36 deletions
diff --git a/jeschli/1systems/reagenzglas/.source.nix.swp b/jeschli/1systems/reagenzglas/.source.nix.swp Binary files differnew file mode 100644 index 000000000..8c1a75f39 --- /dev/null +++ b/jeschli/1systems/reagenzglas/.source.nix.swp diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix new file mode 100644 index 000000000..d65e897ae --- /dev/null +++ b/jeschli/1systems/reagenzglas/config.nix @@ -0,0 +1,146 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + <stockholm/jeschli> + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + # boot.loader.grub.enable = true; + # boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + # Define on which hard drive you want to install Grub. +# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2"; + preLVM = true; + allowDiscards = true; + } + ]; + networking.hostName = "reaganzglas"; # Define your hostname. +# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + nixpkgs.config.allowUnfree = true; + environment.shellAliases = { n = "nix-shell"; }; + environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; + environment.systemPackages = with pkgs; [ + # system helper + ag + curl + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + rxvt_unicode + # editors + emacs + # internet + thunderbird + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + gnumake + # document viewer + zathura + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas" + ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.layout = "us"; + services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; + + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "18.03"; # Did you read the comment? + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + export GOPATH=$HOME/go + export PATH=$PATH:$GOPATH/bin + ''; + }; + + krebs.build.host = config.krebs.hosts.reagenzglas; + + hardware.bluetooth.enable = true; +} diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix new file mode 100644 index 000000000..a6ab3f16e --- /dev/null +++ b/jeschli/1systems/reagenzglas/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/DA40-AC19"; + fsType = "vfat"; + }; + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 8; +# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/jeschli/1systems/reagenzglas/source.nix b/jeschli/1systems/reagenzglas/source.nix new file mode 100644 index 000000000..7543de6b9 --- /dev/null +++ b/jeschli/1systems/reagenzglas/source.nix @@ -0,0 +1,4 @@ +import <stockholm/jeschli/source.nix> { + name = "reagenzglas"; + secure = true; +} diff --git a/jeschli/2configs/copy-vim.nix b/jeschli/2configs/copy-vim.nix new file mode 100644 index 000000000..43fcb1956 --- /dev/null +++ b/jeschli/2configs/copy-vim.nix @@ -0,0 +1,102 @@ +{ config, pkgs, ... }: + + +# let +# customPlugins.ultisnips = pkgs.vimUtils.buildVimPlugin { +# name = "ultisnips"; +# src = pkgs.fetchFromGitHub { +# owner = "SirVer"; +# repo = "ultisnips"; +# rev = "3.1"; +# sha256 = "0p9d91h9pm0nx0d77lqsgv6158q052cyj4nm1rd6zvbay9bkkf8b"; +# }; +# }; +# +let + customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { + name = "vim-javascript"; + src = pkgs.fetchFromGitHub { + owner = "pangloss"; + repo = "vim-javascript"; + rev = "1.2.5.1"; + sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; + }; + }; + customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { + name = "vim-jsx"; + src = pkgs.fetchFromGitHub { + owner = "mxw"; + repo = "vim-jsx"; + rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + }; + }; +in { +# { + environment.systemPackages = [ + (pkgs.vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = '' + :imap jk <Esc> + :vmap v v + :map gr :GoRun<Enter> + :nnoremap <S-TAB> :bnext<CR> + :nnoremap <C-TAB> <c-w><c-w> + set autowrite + set number + set ruler + + noremap x "_x + set clipboard=unnamedplus + + let g:jsx_ext_required = 0 + + let g:go_list_type = "quickfix" + let g:go_test_timeout = '10s' + let g:go_fmt_command = "goimports" + let g:go_snippet_case_type = "camelcase" + let g:go_highlight_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_extra_types = 1 + autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 + let g:rehash256 = 1 + let g:molokai_original = 1 + colorscheme molokai + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:go_metalinter_autosave = 1 + " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] + " let g:go_def_mode = 'godef' + " let g:go_decls_includes = "func,type" + + + " Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe. + let g:UltiSnipsExpandTrigger="<c-e>" + let g:UltiSnipsJumpForwardTrigger="<c-t>" + let g:UltiSnipsJumpBackwardTrigger="<c-q>" + + " If you want :UltiSnipsEdit to split your window. + let g:UltiSnipsEditSplit="vertical" + + if has('persistent_undo') "check if your vim version supports it + set undofile "turn on the feature + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + endif + ''; + + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" "molokai" ]; } # wanted: fatih/molokai + # vim-nix handles indentation better but does not perform sanity + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode + { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } + { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } + { names = [ "UltiSnips" ]; ft_regex = "^go\$"; } + ]; + + }) + ]; +} diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix new file mode 100644 index 000000000..7fb240951 --- /dev/null +++ b/jeschli/2configs/default.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + imports = [ + ./vim.nix + ./retiolum.nix + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + ]; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + parallel + proot + populate + + #style + most + rxvt_unicode.terminfo + + #monitoring tools + htop + iotop + + #network + iptables + iftop + + #stuff for dl + aria2 + + #neat utils + file + kpaste + krebspaste + mosh + pciutils + psmisc + # q + # rs + tmux + untilport + usbutils + # logify + goify + + #unpack stuff + p7zip + unzip + unrar + + (pkgs.writeDashBin "sshn" '' + ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" + '') + ]; + + krebs.enable = true; +} diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix new file mode 100644 index 000000000..403300b30 --- /dev/null +++ b/jeschli/2configs/retiolum.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "gum" + "ni" + "dishfire" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; + + environment.systemPackages = [ + pkgs.tinc + ]; +} diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix new file mode 100644 index 000000000..f6c736fbc --- /dev/null +++ b/jeschli/2configs/vim.nix @@ -0,0 +1,373 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + out = { + environment.systemPackages = [ + (hiPrio vim) + pkgs.python35Packages.flake8 + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + }; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set mouse=a + set ruler + set pastetoggle=<INS> + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set title + set titleold= + set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + let g:syntastic_python_flake8_post_args='--ignore=E501' + + nmap <esc>q :buffer + nmap <M-q> :buffer + + cnoremap <C-A> <Home> + + noremap <C-c> :q<cr> + vnoremap < <gv + vnoremap > >gv + + nnoremap <esc>[5^ :tabp<cr> + nnoremap <esc>[6^ :tabn<cr> + nnoremap <esc>[5@ :tabm -1<cr> + nnoremap <esc>[6@ :tabm +1<cr> + + nnoremap <f1> :tabp<cr> + nnoremap <f2> :tabn<cr> + inoremap <f1> <esc>:tabp<cr> + inoremap <f2> <esc>:tabn<cr> + + " <C-{Up,Down,Right,Left> + noremap <esc>Oa <nop> | noremap! <esc>Oa <nop> + noremap <esc>Ob <nop> | noremap! <esc>Ob <nop> + noremap <esc>Oc <nop> | noremap! <esc>Oc <nop> + noremap <esc>Od <nop> | noremap! <esc>Od <nop> + " <[C]S-{Up,Down,Right,Left> + noremap <esc>[a <nop> | noremap! <esc>[a <nop> + noremap <esc>[b <nop> | noremap! <esc>[b <nop> + noremap <esc>[c <nop> | noremap! <esc>[c <nop> + noremap <esc>[d <nop> | noremap! <esc>[d <nop> + + " search with ack + let g:ackprg = 'ag --vimgrep' + cnoreabbrev Ack Ack! + + " copy/paste from/to xclipboard + noremap x "_x + set clipboard=unnamedplus + ''; + + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.ack-vim + pkgs.vimPlugins.Gundo + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + pkgs.vimPlugins.vim-go + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchFromGitHub { + owner = "bogado"; + repo = "file-line"; + rev = "1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) + ]; + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.symlinkJoin { + name = "vim"; + paths = [ + (pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + '') + pkgs.vim + ]; + }; + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref <nix/src/libexpr/lexer.l> + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + ''; +in +out diff --git a/jeschli/default.nix b/jeschli/default.nix new file mode 100644 index 000000000..7886fef49 --- /dev/null +++ b/jeschli/default.nix @@ -0,0 +1,9 @@ +_: +{ + imports = [ + ../krebs + ./2configs +# ./3modules +# ./5pkgs + ]; +} diff --git a/jeschli/source.nix b/jeschli/source.nix new file mode 100644 index 000000000..d5e14a8dc --- /dev/null +++ b/jeschli/source.nix @@ -0,0 +1,22 @@ +with import <stockholm/lib>; +host@{ name, secure ? false, override ? {} }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "jeschli"; + _file = <stockholm> + "/jeschli/1systems/${name}/source.nix"; +in + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; + nixpkgs.git = { + url = https://github.com/nixos/nixpkgs; + ref = "f9390d6"; + }; + secrets.file = getAttr builder { + buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>; + jeschli = "/home/jeschli/secrets/${name}"; + }; + stockholm.file = toString <stockholm>; + } + override + ] diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 6f015d66b..c0b218c15 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -83,6 +83,7 @@ let rsync utillinux ]; + restartIfChanged = false; serviceConfig = rec { ExecStart = start plan; SyslogIdentifier = ExecStart.name; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7cf02cd8b..caeef2885 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -225,21 +225,26 @@ let }; }) // - # GitHub's IPv4 address range is 192.30.252.0/22 - # Refs https://help.github.com/articles/github-s-ip-addresses/ - # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses) - # Because line length is limited by OPENSSH_LINE_MAX (= 8192), - # we split each /24 into its own entry. - listToAttrs (map - (c: { - name = "github${toString c}"; - value = { - hostNames = ["github.com"] ++ - map (d: "192.30.${toString c}.${toString d}") (range 0 255); - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; - }; - }) - (range 252 255)) + { + github = { + hostNames = [ + "github.com" + # List generated with + # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob + "192.30.253.*" + "192.30.254.*" + "192.30.255.*" + "185.199.108.*" + "185.199.109.*" + "185.199.110.*" + "185.199.111.*" + "18.195.85.27" + "18.194.104.89" + "35.159.8.160" + ]; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; + }; + } // mapAttrs (name: host: { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ff6ba474f..ecf549df9 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -574,6 +574,47 @@ with import <stockholm/lib>; }; }; }; + xerxes = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.1.3"; + ip6.addr = "42::1:3"; + aliases = [ + "xerxes.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U + MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk + gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W + /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb + mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO + X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj + +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim + hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9 + 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4 + H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5 + JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4 + hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe + SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo + 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe + vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3 + Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO + scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv + jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ + Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u + /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0 + bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ + sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; + }; }; users = { lass = { @@ -602,6 +643,10 @@ with import <stockholm/lib>; mail = "lass@icarus.r"; pubkey = builtins.readFile ./ssh/icarus.rsa; }; + lass-xerxes = { + mail = "lass@xerxes.r"; + pubkey = builtins.readFile ./ssh/xerxes.rsa; + }; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; diff --git a/krebs/3modules/lass/ssh/xerxes.rsa b/krebs/3modules/lass/ssh/xerxes.rsa new file mode 100644 index 000000000..2b5da7b25 --- /dev/null +++ b/krebs/3modules/lass/ssh/xerxes.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGjBN0aFs6GxNwMjCvlddbN6+vb6LZuWiWWe+wbAynaGuGbae0TXCLp0/eMNy7fH8poDjpdW9M4mKbBFKOqyG8WJLCPFoQw761tjKl1hccJn0hFSkQAEGKxtfzHlAl/Mz+59yvqNg7/WNSivv41hE7btYltzRy238VQDYFv2eLM7acyxrgGo7tWOtkbpfELj5cM8Qw1j3TF9bGV5pK6IOEtaHbmalS8Iiz77syAu+6E/y6zKBTtGMHI15l6RNJ/Y7A1LM/WwuNL+9dJMYWJFVHy3/4dpaxiioHREiSawUbz9wNHknCrT6vaPCIVVcujhz9Oee1C5UiYUyyfJrFYdlzaTg7FuLNIt2hKMY6NYx1D8/Pwpq1JOsaEfK/K5ytCgaJb115mRevcaUA5s7KYNWHmmZvy08JzCgSM6ZPRtfkQIcha77wVq6DugJ+KgBz+oADQRKiaMrumOMldd0B3q4Oxb71gDTE1XLAbWJnd/0Up1H5GAtZZUUrMUslZiU/23R6SOkyEMLWQTx/KgkWcz8DZLtib5o03uZpfJDVqp2CR+sjmy4x9aa+lSaOzuZP0KRyg+mOKl0o3zL7TNAzrzSCORVBg7nOh+0SPJkDxVRkc6dVY1L3ZOfdm2P/19fhWEr5ECgVrmYYKnDPwWY1iWJlZsiEc3Mj7KB1m44ov0FJg2hiNnydImqcXTCoszp515MBmeHnpqJsqEZuWS8dAnaEiOwZaSKIO1E7lQ7CoP86+eD4yAwLq6fb2tgjHT69LgDMaIha4hMfrO2o4UDVw9OZMfnPtyatI4pxplaQDoQM1p0dej0rZ7uxL1tfoKAyT0UCdtjhxfnNs0x1gOQbML4eGbqyKuyF82eOQRgKRDqH/tParoE4SRBVi7o3s0kILRmXA3ng3n1uhEiGwPTH8JsQ9huM+XOhH8+CzQeg4yb/jCrhsDzvLaW654+ouq9G+kjwqmO4vLNs5eZxfae84rppbS2MJqK1x8rkJixvKBKEfvYJOuDNV+hXyMbToaq8qtGy7cCSq4+UDio3DsSHY0Tpt9e+yEzoOOqFQLQyq6uHv/+u9MY+VADoa4N64U3S2SXul9tE3g6hOAY0F5BYMbxQSuj59kzwghlAmbsyWN2FCmWdsfCQkkZX7wCTj20DtZB/GdVSGNgHGAoU5JZrXKca3A2Yc9hzbYjyNYr0NmQ9NUbkbaOkcYJRIUXtS2OBOHP+FoUkkqL3ieKXR07l5xJbWLzbyVUxN9Zii4Baj5xnDO/RLZPDvTUxbER/0d1orMZztL2EKmfSn4j4uhWqpi04Rg9sWH+WVLAq22EKhAuqcFEOUimjcyZWYKxcAq5Z51NJNBQB7euz55eCJUZkBUYEpNuYr0UDlmBxKB2r6ZWDeNXT7eLxBdwDHCHSqXV7qOG1vMhHtjbbxmQMnkQ4InhO9TdpaN3tj67nGmc6hhgYO4b7NvyL1/pvDPrHrR/3GzkDkwqvt3uESdVdqAJSCk6gFh9V1aGs= lass@xerxes diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 0211b31ba..b2e3aa7c5 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -173,6 +173,7 @@ let REPONAME = "${name}.git"; }; + restartIfChanged = false; serviceConfig = { Type = "simple"; PermissionsStartOnly = true; diff --git a/krebs/5pkgs/haskell/nix-diff.nix b/krebs/5pkgs/haskell/nix-diff/default.nix index 2070dbd2e..df0315048 100644 --- a/krebs/5pkgs/haskell/nix-diff.nix +++ b/krebs/5pkgs/haskell/nix-diff/default.nix @@ -4,12 +4,15 @@ }: mkDerivation { pname = "nix-diff"; - version = "1.0.0"; + version = "1.0.0-krebs1"; src = fetchgit { url = "https://github.com/Gabriel439/nix-diff"; sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k"; rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d"; }; + patches = [ + ./nixos-system.patch + ]; isLibrary = false; isExecutable = true; executableHaskellDepends = [ diff --git a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch new file mode 100644 index 000000000..03e186aa9 --- /dev/null +++ b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch @@ -0,0 +1,18 @@ +diff --git a/src/Main.hs b/src/Main.hs +index 959ab8e..d3b6077 100644 +--- a/src/Main.hs ++++ b/src/Main.hs +@@ -95,7 +95,12 @@ pathToText path = + underneath `/nix/store`, but this is the overwhelmingly common use case + -} + derivationName :: FilePath -> Text +-derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText ++derivationName p = ++ if Data.Text.isPrefixOf "nixos-system" s ++ then "nixos-system" ++ else s ++ where ++ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p + + -- | Group input derivations by their name + groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text)) diff --git a/krebs/5pkgs/simple/cidr2glob.nix b/krebs/5pkgs/simple/cidr2glob.nix new file mode 100644 index 000000000..9b0b3f86b --- /dev/null +++ b/krebs/5pkgs/simple/cidr2glob.nix @@ -0,0 +1,30 @@ +{ python, writeScriptBin, ... }: + +let + pythonEnv = python.withPackages (ps: [ ps.netaddr ]); +in + writeScriptBin "cidr2glob" '' + #! ${pythonEnv}/bin/python + + import netaddr + import re + import sys + + def cidr2glob(cidr): + net = netaddr.IPNetwork(cidr) + + if net.prefixlen <= 8: + return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8)) + elif net.prefixlen <= 16: + return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16)) + elif net.prefixlen <= 24: + return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24)) + else: + return map(lambda ip: str(ip), list(net)) + + if __name__ == "__main__": + for cidr in sys.stdin: + for glob in cidr2glob(cidr): + print glob + + '' diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index fee43f8cd..ad133802f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -179,7 +179,7 @@ with import <stockholm/lib>; echo 'secrets are crypted' >&2 exit 23 else - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' fi ''; predeploy = pkgs.writeDash "predeploy" '' diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b18abf509..87270b8b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -287,6 +287,15 @@ in { } <stockholm/krebs/2configs/reaktor-krebs.nix> <stockholm/lass/2configs/dcso-dev.nix> + { + krebs.git.rules = [ + { + user = [ config.krebs.users.jeschli ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix new file mode 100644 index 000000000..0669748f5 --- /dev/null +++ b/lass/1systems/xerxes/config.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/hw/gpd-pocket.nix> + <stockholm/lass/2configs/boot/stock-x220.nix> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + ]; + + krebs.build.host = config.krebs.hosts.xerxes; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0" + ''; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/16C8-D053"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ]; + networking.wireless.enable = true; +} diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix new file mode 100644 index 000000000..11f5bf796 --- /dev/null +++ b/lass/1systems/xerxes/source.nix @@ -0,0 +1,11 @@ +with import <stockholm/lib>; +import <stockholm/lass/source.nix> { + name = "xerxes"; + secure = true; + override = { + nixpkgs.git = mkForce { + url = https://github.com/lassulus/nixpkgs; + ref = "3eccd0b"; + }; + }; +} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 32a9f66cf..9712bafff 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -112,10 +112,6 @@ in { xkbOptions = "caps:backspace"; }; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - services.urxvtd.enable = true; services.xresources.enable = true; lass.screenlock.enable = true; diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix index 35bac8fee..ad307c797 100644 --- a/lass/2configs/br.nix +++ b/lass/2configs/br.nix @@ -18,7 +18,7 @@ with import <stockholm/lib>; netDevices = { bra = { model = "MFCL2700DN"; - ip = "10.23.42.221"; + ip = "10.42.23.221"; }; }; }; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index a858d3fec..9459cfd6f 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -47,7 +47,7 @@ let createFirefoxUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ ''; in { users.extraUsers.${name} = { diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index b7fcc7aab..2b91f91d6 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -15,6 +15,7 @@ in { createHome = true; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.lass-android.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" ]; @@ -42,6 +43,10 @@ in { }; }; + krebs.per-user.dev.packages = [ + pkgs.go + ]; + security.sudo.extraConfig = '' ${mainUser.name} ALL=(dev) NOPASSWD: ALL ''; diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f8b750093..0e00dc2fd 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -22,6 +22,7 @@ with import <stockholm/lib>; config.krebs.users.lass.pubkey config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-icarus.pubkey + config.krebs.users.lass-xerxes.pubkey ]; }; mainUser = { diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 763633dd9..2d848773f 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -48,6 +48,7 @@ with import <stockholm/lib>; { from = "tomtop@lassul.us"; to = lass.mail; } { from = "aliexpress@lassul.us"; to = lass.mail; } { from = "business@lassul.us"; to = lass.mail; } + { from = "payeer@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index d114a826d..6cea271c1 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -57,7 +57,7 @@ let in { environment.systemPackages = with pkgs; [ - dwarf_fortress + (dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; }) doom1 doom2 vdoom1 diff --git a/lass/2configs/hw/gpd-pocket.nix b/lass/2configs/hw/gpd-pocket.nix index e3d212741..87b4c518b 100644 --- a/lass/2configs/hw/gpd-pocket.nix +++ b/lass/2configs/hw/gpd-pocket.nix @@ -7,14 +7,22 @@ let destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt"; }; in { + #imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; hardware.firmware = [ dummy_firmware ]; + hardware.enableRedistributableFirmware = true; + boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" "sdhci_pci" ]; boot.kernelPackages = pkgs.linuxPackages_4_14; boot.kernelParams = [ "fbcon=rotate:1" ]; - services.tlp.enable = true; services.xserver.displayManager.sessionCommands = '' (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) ''; + services.xserver.dpi = 200; + fonts.fontconfig.dpi = 200; + lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola"; + lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola"; + lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol"; } diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index bf7decc40..f5651da13 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -29,4 +29,9 @@ options = ["nosuid" "nodev" "noatime"]; }; }; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + } diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 77f0c79e3..25ca1f455 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -153,15 +153,15 @@ in { }; security.acme.certs."cgit.lassul.us" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/acme-challenges"; + email = "lassulus@lassul.us"; + webroot = "/var/lib/acme/acme-challenge"; plugins = [ "account_key.json" - "key.pem" "fullchain.pem" + "key.pem" ]; group = "nginx"; - allowKeysForGroup = true; + user = "nginx"; }; @@ -170,6 +170,9 @@ in { addSSL = true; sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; + locations."/.well-known/acme-challenge".extraConfig = '' + root /var/lib/acme/acme-challenge; + ''; }; users.users.blog = { diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 5b668c88f..10df08e7f 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -23,7 +23,7 @@ screengrab = pkgs.writeDashBin "screengrab" '' resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')" - ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :0.0 -s $resolution -c:v huffyuv $1 + ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1 ''; }; } diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 65bec117d..d3f76903d 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -30,6 +30,7 @@ import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch) +import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) @@ -39,10 +40,10 @@ import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) import XMonad.Layout.NoBorders (smartBorders) +import XMonad.Layout.SimplestFloat (simplestFloat) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Util.EZConfig (additionalKeysP) -import XMonad.Layout.SimpleFloat (simpleFloat) import XMonad.Stockholm.Shutdown @@ -59,7 +60,7 @@ main = getArgs >>= \case main' :: IO () main' = do - xmonad + xmonad $ ewmh $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def { terminal = myTerm @@ -77,7 +78,7 @@ main' = do myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat + defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) myKeyMap :: [([Char], X ())] myKeyMap = @@ -86,6 +87,8 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") + + , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") diff --git a/lass/source.nix b/lass/source.nix index 292b92a9e..b60a6cb6c 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "f9390d6"; + ref = "b4a0c01"; }; secrets.file = getAttr builder { buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index a35254345..509257c48 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -13,8 +13,16 @@ with import <stockholm/lib>; http://www.exim.org/ + { + url = https://api.github.com/repos/Gabriel439/nix-diff/git/refs/heads/master; + filter = "system:${pkgs.jq}/bin/jq -r .object.sha"; + } + # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix - https://api.github.com/repos/simple-evcorr/sec/tags + { + url = https://api.github.com/repos/simple-evcorr/sec/tags; + filter = "system:${pkgs.jq}/bin/jq ."; + } # ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix https://thp.io/2008/urlwatch/ @@ -47,7 +55,7 @@ with import <stockholm/lib>; #http://hackage.haskell.org/package/web-page # ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github* - https://help.github.com/articles/github-s-ip-addresses/ + https://api.github.com/meta # <stockholm/tv/2configs/xserver/xserver.conf.nix> # is derived from `configFile` in: |