summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/2configs/shack/mobile.mpd.nix5
-rw-r--r--krebs/2configs/shack/ympd-top-next.patch16
-rw-r--r--krebs/krops.nix14
-rw-r--r--lass/1systems/blue/source.nix14
-rw-r--r--lass/1systems/mors/config.nix1
-rw-r--r--lass/2configs/hardening.nix11
-rw-r--r--lass/2configs/radio.nix61
-rw-r--r--lass/2configs/reaktor-coders.nix46
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix3
-rw-r--r--makefu/0tests/data/secrets/nixos-community0
-rw-r--r--makefu/1systems/x/config.nix4
-rw-r--r--makefu/2configs/bureautomation/default.nix7
-rw-r--r--makefu/2configs/bureautomation/hass.nix97
-rw-r--r--makefu/2configs/dict.nix5
-rw-r--r--makefu/2configs/remote-build/aarch64-community.nix15
-rw-r--r--makefu/2configs/tools/dev.nix1
-rw-r--r--makefu/2configs/virtualisation/virtualbox.nix5
17 files changed, 231 insertions, 74 deletions
diff --git a/krebs/2configs/shack/mobile.mpd.nix b/krebs/2configs/shack/mobile.mpd.nix
index 2dc466edb..751d233ec 100644
--- a/krebs/2configs/shack/mobile.mpd.nix
+++ b/krebs/2configs/shack/mobile.mpd.nix
@@ -1,5 +1,8 @@
{lib,pkgs, ... }:
let
+ pkg = lib.overrideDerivation pkgs.ympd (old: {
+ patches = [ ./ympd-top-next.patch ];
+ });
mpdHost = "mpd.shack";
ympd = name: port: let
webPort = 10000 + port;
@@ -7,7 +10,7 @@ let
systemd.services."ympd-${name}" = {
description = "mpd for ${name}";
wantedBy = [ "multi-user.target" ];
- serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
+ serviceConfig.ExecStart = "${pkg}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
};
services.nginx.virtualHosts."mobile.${name}.mpd.shack" = {
serverAliases = [
diff --git a/krebs/2configs/shack/ympd-top-next.patch b/krebs/2configs/shack/ympd-top-next.patch
new file mode 100644
index 000000000..fd424f11a
--- /dev/null
+++ b/krebs/2configs/shack/ympd-top-next.patch
@@ -0,0 +1,16 @@
+diff --git a/htdocs/index.html b/htdocs/index.html
+index ed77279..eaf92b6 100644
+--- a/htdocs/index.html
++++ b/htdocs/index.html
+@@ -76,6 +76,11 @@
+
+ <div class="col-md-10 col-xs-12">
+ <div class="notifications top-right"></div>
++
++ <ul class="pager">
++ <li id="prev" class="page-btn hide"><a href="">Previous</a></li>
++ <li id="next" class="page-btn"><a href="">Next</a></li>
++ </ul>
+
+ <div class="panel panel-primary">
+ <!-- Default panel contents -->
diff --git a/krebs/krops.nix b/krebs/krops.nix
index 76bca026d..94418fdc2 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -9,13 +9,19 @@
krebs-source = { test ? false }: rec {
nixpkgs = if test then {
- derivation = ''
- with import <nixpkgs> {};
+ derivation = let
+ rev = (lib.importJSON ./nixpkgs.json).rev;
+ sha256 = (lib.importJSON ./nixpkgs.json).sha256;
+ in ''
+ with import (builtins.fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
+ sha256 = "${sha256}";
+ }) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
- rev = "${(lib.importJSON ./nixpkgs.json).rev}";
- sha256 = "${(lib.importJSON ./nixpkgs.json).sha256}";
+ rev = "${rev}";
+ sha256 = "${sha256}";
}
'';
} else {
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index a32c3a829..a52771a4d 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,13 +1,19 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
- derivation = ''
- with import <nixpkgs> {};
+ derivation = let
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ in ''
+ with import (builtins.fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
+ sha256 = "${sha256}";
+ }) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
- rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}";
- sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}";
+ rev = "${rev}";
+ sha256 = "${sha256}";
}
'';
};
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index b6565dc6a..f35ebff56 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -36,6 +36,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/hardening.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
diff --git a/lass/2configs/hardening.nix b/lass/2configs/hardening.nix
new file mode 100644
index 000000000..aee4bf06f
--- /dev/null
+++ b/lass/2configs/hardening.nix
@@ -0,0 +1,11 @@
+{ pkgs, lib, ... }:
+with lib;
+{
+ security.chromiumSuidSandbox.enable = true;
+ security.lockKernelModules = false;
+ boot.kernel.sysctl."user.max_user_namespaces" = 63414;
+
+ imports = [
+ <nixpkgs/nixos/modules/profiles/hardened.nix>
+ ];
+}
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 987632cd1..f88b2627b 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -170,32 +170,45 @@ in {
};
};
- krebs.Reaktor.playlist = {
- nickname = "the_playlist|r";
- channels = [
- "#the_playlist"
- "#krebs"
- ];
- extraEnviron = {
- REAKTOR_HOST = "irc.freenode.org";
- };
- plugins = with pkgs.ReaktorPlugins; [
- (buildSimpleReaktorPlugin "skip" {
- script = "${skip_track}/bin/skip_track";
- pattern = "^skip$";
- })
- (buildSimpleReaktorPlugin "current" {
- script = "${print_current}/bin/print_current";
- pattern = "^current$";
- })
- (buildSimpleReaktorPlugin "suggest" {
- script = "${pkgs.writeDash "suggest" ''
- echo "$@" >> $HOME/playlist_suggest
- ''}";
- pattern = "^suggest: (?P<args>.*)$";
- })
+ krebs.reaktor2.the_playlist = {
+ hostname = "irc.freenode.org";
+ port = "6697";
+ useTLS = true;
+ nick = "the_playlist";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#the_playlist"
+ "#krebs"
+ ];
+ };
+ }
+ {
+ plugin = "system";
+ config = {
+ workdir = config.krebs.reaktor2.the_playlist.stateDir;
+ hooks.PRIVMSG = [
+ {
+ activate = "match";
+ pattern = ''!([^ ]+)(?:\s*(.*))?'';
+ command = 1;
+ arguments = [2];
+ commands = {
+ skip.filename = "${skip_track}/bin/skip_track";
+ current.filename = "${print_current}/bin/print_current";
+ suggest.filename = pkgs.writeDash "suggest" ''
+ echo "$@" >> playlist_suggest
+ '';
+ };
+ }
+ ];
+ };
+ }
];
};
+
services.nginx = {
enable = true;
virtualHosts."radio.lassul.us" = {
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 44d9d6866..4baec1976 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -32,6 +32,7 @@ in {
pattern = ''@([^ ]+) (.*)$'';
command = 1;
arguments = [2];
+ env.HOME = config.krebs.reaktor2.coders.stateDir;
commands = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
@@ -46,36 +47,21 @@ in {
-e "$@"
'';
in {
- pl = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-pl" ''
- ${lambdabotWrapper} "@pl $1"
- '';
- };
- type = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-type" ''
- ${lambdabotWrapper} "@type $1"
- '';
- };
- "let" = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-let" ''
- ${lambdabotWrapper} "@let $1"
- '';
- };
- run = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-run" ''
- ${lambdabotWrapper} "@run $1"
- '';
- };
- kind = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-kind" ''
- ${lambdabotWrapper} "@kind $1"
- '';
- };
+ pl.filename = pkgs.writeDash "lambdabot-pl" ''
+ ${lambdabotWrapper} "@pl $1"
+ '';
+ type.filename = pkgs.writeDash "lambdabot-type" ''
+ ${lambdabotWrapper} "@type $1"
+ '';
+ "let".filename = pkgs.writeDash "lambdabot-let" ''
+ ${lambdabotWrapper} "@let $1"
+ '';
+ run.filename = pkgs.writeDash "lambdabot-run" ''
+ ${lambdabotWrapper} "@run $1"
+ '';
+ kind.filename = pkgs.writeDash "lambdabot-kind" ''
+ ${lambdabotWrapper} "@kind $1"
+ '';
};
}
{
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index 483e37bc8..1f2e7110e 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -41,6 +41,7 @@ import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize)
import XMonad.Layout.NoBorders (smartBorders)
+import XMonad.Layout.MouseResizableTile (mouseResizableTile)
import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
@@ -93,7 +94,7 @@ main' = do
myLayoutHook = defLayout
where
- defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
+ defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeOne
diff --git a/makefu/0tests/data/secrets/nixos-community b/makefu/0tests/data/secrets/nixos-community
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/0tests/data/secrets/nixos-community
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 35779507b..138735d91 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -14,10 +14,12 @@
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
+ <stockholm/makefu/2configs/dict.nix>
<stockholm/makefu/2configs/backup/state.nix>
# <stockholm/makefu/2configs/dnscrypt/client.nix>
<stockholm/makefu/2configs/avahi.nix>
+ <stockholm/makefu/2configs/support-nixos.nix>
# Debugging
# <stockholm/makefu/2configs/disable_v6.nix>
@@ -64,7 +66,7 @@
<stockholm/makefu/2configs/tor.nix>
<stockholm/makefu/2configs/vpn/vpngate.nix>
# <stockholm/makefu/2configs/buildbot-standalone.nix>
- # <stockholm/makefu/2configs/remote-build/master.nix>
+ <stockholm/makefu/2configs/remote-build/aarch64-community.nix>
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index 3897537ea..917044d63 100644
--- a/makefu/2configs/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
@@ -5,7 +5,7 @@ let
port = 3001;
runit = pkgs.writeDash "runit" ''
set -xeuf
- PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin
+ PATH=${pkgs.mosquitto}/bin:${pkgs.coreutils}/bin
name=''${1?must provide name as first arg}
state=''${2?must provide state as second arg}
# val=''${3?must provide val as third arg}
@@ -14,9 +14,10 @@ let
test $state = alerting || exit 0
echo $name - $state
- curl 'http://bauarbeiterlampe/ay?o=1'
+ topic=plug
+ mosquitto_pub -t /bam/$topic/cmnd/POWER -m ON
sleep 5
- curl 'http://bauarbeiterlampe/ay?o=1'
+ mosquitto_pub -t /bam/$topic/cmnd/POWER -m OFF
'';
in {
services.logstash = {
diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
index 57184bdf7..b70c9b030 100644
--- a/makefu/2configs/bureautomation/hass.nix
+++ b/makefu/2configs/bureautomation/hass.nix
@@ -1,5 +1,40 @@
{ pkgs, lib, ... }:
let
+ tasmota_rgb = name: topic:
+# LED WS2812b
+# effect_state_topic: "stat/led/Scheme"
+# effect_command_topic: "cmnd/led/Scheme"
+# effect_value_template: "{{ value_json.Scheme }}"
+ { platform = "mqtt";
+ inherit name;
+ retain = false;
+ qos = 1;
+ optimistic = false;
+ # state
+ # TODO: currently broken, will not use the custom state topic
+ state_topic = "/bam/${topic}/stat/POWER";
+ command_topic = "/bam/${topic}/cmnd/POWER";
+ availability_topic = "/bam/${topic}/tele/LWT";
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ # brightness
+ brightness_state_topic = "/bam/${topic}/stat/Dimmer";
+ brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
+ brightness_value_template = "{{ value_json.Dimmer }}";
+ brightness_scale = 100;
+ # color
+ rgb_state_topic = "/bam/${topic}/stat/Color";
+ rgb_command_topic = "/bam/${topic}/cmnd/Color2";
+ rgb_command_mode = "hex";
+ rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
+ # effects
+ effect_state_topic = "/bam/${topic}/stat/Scheme";
+ effect_command_topic = "/bam/${topic}/cmnd/Scheme";
+ effect_value_template = "{{ value_json.Scheme }}";
+ effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
+};
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
@@ -74,6 +109,10 @@ in {
(tasmota_plug "Blitzdings" "plug2")
(tasmota_plug "Fernseher" "plug3")
(tasmota_plug "Feuer" "plug4")
+ (tasmota_plug "Nachtlicht" "plug5")
+ ];
+ light = [
+ (tasmota_rgb "Status Felix" "status1")
];
binary_sensor = [
{ platform = "mqtt";
@@ -169,12 +208,16 @@ in {
};
automation = [
"automation.turn_off_fernseher_10_minutes_after_last_movement"
+ "automation.turn_off_nachtlicht_on_sunrise"
+ "automation.turn_on_nachtlicht_on_motion_and_dusk"
];
switches = [
"switch.bauarbeiterlampe"
"switch.blitzdings"
"switch.fernseher"
"switch.feuer"
+ "switch.nachtlicht"
+ "light.status_felix"
];
camera = [
"camera.Baumarkt"
@@ -207,11 +250,55 @@ in {
};
action = {
service = "homeassistant.turn_on";
- entity_id = [ "switch.fernseher" "switch.feuer" ];
+ entity_id = [
+ "switch.fernseher"
+ "switch.feuer"
+ "light.status_felix"
+ ];
+ };
+ }
+ {
+ alias = "Turn off Nachtlicht on sunrise";
+ trigger =
+ {
+ platform = "sun";
+ event = "sunrise";
+ };
+ action =
+ {
+ service = "homeassistant.turn_off";
+ entity_id = [ "switch.nachtlicht" ];
+ };
+ }
+ {
+ alias = "Turn on Nachtlicht on motion and dusk";
+ trigger =
+ {
+ platform = "state";
+ entity_id = "binary_sensor.motion";
+ to = "on";
+ };
+ condition = # 'when dark'
+ {
+ condition = "or";
+ conditions = [
+ { condition = "sun";
+ after = "sunset";
+ after_offset = "-00:45:00"; # on dusk
+ }
+ { condition = "sun";
+ before = "sunrise";
+ }
+ ];
+ };
+ action =
+ {
+ service = "homeassistant.turn_on";
+ entity_id = [ "switch.nachtlicht" ];
};
}
{ alias = "Turn off Fernseher 10 minutes after last movement";
- trigger = [
+ trigger = [
{ # trigger when movement was detected at the time
platform = "state";
entity_id = "binary_sensor.motion";
@@ -226,7 +313,11 @@ in {
];
action = {
service = "homeassistant.turn_off";
- entity_id = [ "switch.fernseher" "switch.feuer" ];
+ entity_id = [
+ "switch.fernseher"
+ "switch.feuer"
+ "light.status_felix"
+ ];
};
condition =
{ condition = "and";
diff --git a/makefu/2configs/dict.nix b/makefu/2configs/dict.nix
new file mode 100644
index 000000000..6db9102ba
--- /dev/null
+++ b/makefu/2configs/dict.nix
@@ -0,0 +1,5 @@
+{ pkgs, ... }:
+{
+ services.dictd.enable = true;
+ services.dictd.DBs = with pkgs.dictdDBs; [ wiktionary wordnet deu2eng eng2deu ];
+}
diff --git a/makefu/2configs/remote-build/aarch64-community.nix b/makefu/2configs/remote-build/aarch64-community.nix
new file mode 100644
index 000000000..d57eacd68
--- /dev/null
+++ b/makefu/2configs/remote-build/aarch64-community.nix
@@ -0,0 +1,15 @@
+{
+ nix = {
+ distributedBuilds = true;
+ buildMachines = [
+ {
+ hostName = "aarch64.nixos.community";
+ maxJobs = 64;
+ sshKey = toString <secrets/nixos-community>;
+ sshUser = "makefu";
+ system = "aarch64-linux";
+ supportedFeatures = [ "big-parallel" ];
+ }
+ ];
+ };
+}
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index f8e3f9f46..0c877fc7b 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -4,6 +4,7 @@
users.users.makefu.packages = with pkgs;[
python3
python3Packages.pyserial
+ picocom
python3Packages.virtualenv
# embedded
gi
diff --git a/makefu/2configs/virtualisation/virtualbox.nix b/makefu/2configs/virtualisation/virtualbox.nix
index e90cc1e8d..a8a50939f 100644
--- a/makefu/2configs/virtualisation/virtualbox.nix
+++ b/makefu/2configs/virtualisation/virtualbox.nix
@@ -2,8 +2,7 @@
{
virtualisation.virtualbox.host.enable = true;
- nixpkgs.config.virtualbox.enableExtensionPack = true;
- virtualisation.virtualbox.host.enableHardening = false;
-
+ virtualisation.virtualbox.host.enableExtensionPack = true;
+ # virtualisation.virtualbox.host.enableHardening = false;
users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ];
}