summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--krebs/3modules/iptables.nix2
-rw-r--r--krebs/3modules/lass/default.nix38
-rw-r--r--krebs/3modules/makefu/default.nix93
-rw-r--r--krebs/3modules/repo-sync.nix135
-rw-r--r--krebs/3modules/tinc_graphs.nix59
-rw-r--r--krebs/5pkgs/Reaktor/default.nix3
-rw-r--r--krebs/5pkgs/default.nix14
-rw-r--r--krebs/5pkgs/git-hooks/default.nix9
-rw-r--r--lass/1systems/cloudkrebs.nix1
-rw-r--r--lass/1systems/dishfire.nix31
-rw-r--r--lass/1systems/echelon.nix2
-rw-r--r--lass/1systems/mors.nix53
-rw-r--r--lass/1systems/prism.nix10
-rw-r--r--lass/1systems/shodan.nix40
-rw-r--r--lass/2configs/baseX.nix13
-rw-r--r--lass/2configs/binary-cache/client.nix9
-rw-r--r--lass/2configs/binary-cache/server.nix30
-rw-r--r--lass/2configs/binary-caches.nix13
-rw-r--r--lass/2configs/buildbot-standalone.nix100
-rw-r--r--lass/2configs/c-base.nix (renamed from lass/2configs/cbase.nix)0
-rw-r--r--lass/2configs/default.nix21
-rw-r--r--lass/2configs/downloading.nix1
-rw-r--r--lass/2configs/exim-smarthost.nix2
-rw-r--r--lass/2configs/fetchWallpaper.nix3
-rw-r--r--lass/2configs/gc.nix8
-rw-r--r--lass/2configs/git.nix13
-rw-r--r--lass/2configs/hw/tp-x220.nix54
-rw-r--r--lass/2configs/mail.nix7
-rw-r--r--lass/2configs/newsbot-js.nix3
-rw-r--r--lass/2configs/nixpkgs.nix8
-rw-r--r--lass/2configs/power-action.nix41
-rw-r--r--lass/2configs/pulse.nix96
-rw-r--r--lass/2configs/radio.nix25
-rw-r--r--lass/2configs/realwallpaper-server.nix32
-rw-r--r--lass/2configs/realwallpaper.nix29
-rw-r--r--lass/2configs/repo-sync.nix106
-rw-r--r--lass/2configs/tests/dummy-secrets/cbase.txt0
-rw-r--r--lass/2configs/tests/dummy-secrets/hashedPasswords.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/icecast-admin-pw1
-rw-r--r--lass/2configs/tests/dummy-secrets/icecast-source-pw1
-rw-r--r--lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv3
-rw-r--r--lass/2configs/tests/dummy-secrets/mysql_rootPassword1
-rw-r--r--lass/2configs/tests/dummy-secrets/nix-serve.key1
-rw-r--r--lass/2configs/tests/dummy-secrets/repos.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv4
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh.id_ed255193
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh.id_rsa3
-rw-r--r--lass/2configs/tests/dummy-secrets/transmission-pw1
-rw-r--r--lass/2configs/umts.nix62
-rw-r--r--lass/2configs/vim.nix463
-rw-r--r--lass/2configs/websites/domsen.nix105
-rw-r--r--lass/2configs/websites/fritz.nix39
-rw-r--r--lass/2configs/weechat.nix1
-rw-r--r--lass/2configs/wordpress.nix59
-rw-r--r--lass/2configs/xserver/Xresources.nix47
-rw-r--r--lass/2configs/zsh.nix8
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/power-action.nix93
-rw-r--r--lass/5pkgs/default.nix9
-rw-r--r--lass/5pkgs/q/default.nix185
-rw-r--r--lass/5pkgs/rs/default.nix6
-rw-r--r--lass/5pkgs/xmonad-lass.nix (renamed from lass/5pkgs/xmonad-lass/Main.hs)17
-rw-r--r--lass/5pkgs/xmonad-lass/.gitignore1
-rw-r--r--lass/5pkgs/xmonad-lass/Makefile6
-rw-r--r--lass/5pkgs/xmonad-lass/xmonad.cabal17
-rw-r--r--makefu/1systems/darth.nix24
-rw-r--r--makefu/1systems/omo.nix47
-rw-r--r--makefu/1systems/pornocauster.nix12
-rw-r--r--makefu/1systems/shoney.nix54
-rw-r--r--makefu/1systems/wry.nix13
-rw-r--r--makefu/2configs/default.nix15
-rw-r--r--makefu/2configs/fs/CAC-CentOS-7-64bit.nix20
-rw-r--r--makefu/2configs/fs/sda-crypto-root.nix6
-rw-r--r--makefu/2configs/hw/CAC.nix13
-rw-r--r--makefu/2configs/hw/fingerprint-reader.nix6
-rw-r--r--makefu/2configs/hw/tp-x220.nix4
-rw-r--r--makefu/2configs/hw/tp-x2x0.nix3
-rw-r--r--makefu/2configs/save-diskspace.nix9
-rw-r--r--makefu/3modules/umts.nix10
-rw-r--r--makefu/5pkgs/bintray-upload/default.nix19
-rw-r--r--makefu/5pkgs/default.nix3
-rw-r--r--makefu/6tests/data/secrets/bepasty-secret.nix1
-rw-r--r--makefu/6tests/data/secrets/hashedPasswords.nix1
-rw-r--r--makefu/6tests/data/secrets/iodinepw.nix1
-rw-r--r--makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv0
-rw-r--r--makefu/6tests/data/secrets/retiolum.rsa_key.priv0
-rw-r--r--makefu/6tests/data/secrets/retiolum.rsa_key.pub0
-rw-r--r--makefu/6tests/data/secrets/sambacred0
-rw-r--r--makefu/6tests/data/secrets/ssh.makefu.id_rsa0
-rw-r--r--makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub0
-rw-r--r--makefu/6tests/data/secrets/ssh_host_ed25519_key0
-rw-r--r--makefu/6tests/data/secrets/tinc.krebsco.de.crt0
-rw-r--r--makefu/6tests/data/secrets/tinc.krebsco.de.key0
-rw-r--r--makefu/6tests/data/secrets/tw-pass.ini0
-rw-r--r--makefu/6tests/data/secrets/wildcard.krebsco.de.crt0
-rw-r--r--makefu/6tests/data/secrets/wildcard.krebsco.de.key0
-rw-r--r--shared/1systems/wolf.nix4
-rw-r--r--shared/2configs/shared-buildbot.nix4
98 files changed, 1899 insertions, 613 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index dccc11b3f..b610ff3d1 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -1,4 +1,4 @@
-arg@{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
let
inherit (pkgs) writeText;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 65da85ac4..d2542041f 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -91,6 +91,7 @@ with config.krebs.lib;
"prism.retiolum"
"prism.r"
"cgit.prism.retiolum"
+ "cache.prism.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -107,36 +108,17 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
};
- fastpoke = {
+ domsen-nas = {
nets = rec {
internet = {
- ip4.addr = "193.22.164.36";
aliases = [
- "fastpoke.internet"
+ "domsen-nas.internet"
];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.253.152";
- ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00";
- aliases = [
- "fastpoke.retiolum"
- "fastpoke.r"
- "cgit.fastpoke.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
- DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
- FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
- ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
- EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
- rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ ip4.addr = "87.138.180.167";
+ ssh.port = 2223;
};
};
- ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b";
+ ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs=";
};
cloudkrebs = {
cores = 1;
@@ -314,5 +296,13 @@ with config.krebs.lib;
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
+ prism-repo-sync = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
+ mail = "lass@prism.r";
+ };
+ mors-repo-sync = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
+ mail = "lass@mors.r";
+ };
};
}
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 7d4bef9ad..0b58c75cb 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -48,6 +48,12 @@ with config.krebs.lib;
-----END RSA PUBLIC KEY-----
'';
};
+ siem = {
+ ip4.addr = "10.8.10.2";
+ aliases = [
+ "darth.siem"
+ ];
+ };
};
};
tsp = {
@@ -98,6 +104,12 @@ with config.krebs.lib;
-----END RSA PUBLIC KEY-----
'';
};
+ siem = {
+ ip4.addr = "10.8.10.4";
+ aliases = [
+ "arch.siem"
+ ];
+ };
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
@@ -184,6 +196,8 @@ with config.krebs.lib;
internet = {
ip4.addr = "104.233.87.86";
aliases = [
+ "wry.i"
+ "paste.i"
"wry.internet"
"paste.internet"
];
@@ -194,10 +208,10 @@ with config.krebs.lib;
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
aliases = [
"graphs.wry.retiolum"
- "graphs.retiolum"
+ "graphs.r" "graphs.retiolum"
"paste.wry.retiolum"
- "paste.retiolum"
- "wry.retiolum"
+ "paste.r" "paste.retiolum"
+ "wry.r" "wry.retiolum"
"wiki.makefu.retiolum"
"wiki.wry.retiolum"
"blog.makefu.retiolum"
@@ -232,15 +246,16 @@ with config.krebs.lib;
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
aliases = [
"filepimp.retiolum"
+ "filepimp.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
- BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
- i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
- 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
- u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
- OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
+ MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
+ 3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
+ wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
+ oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
+ UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
+ 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
@@ -339,6 +354,42 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
+ shoney = rec {
+ cores = 1;
+ nets = {
+ siem = {
+ ip4.addr = "10.8.10.1";
+ aliases = [
+ "sjump.siem"
+ "graphs.siem"
+ ];
+ };
+ internet = {
+ ip4.addr = "64.137.234.215";
+ aliases = [
+ "shoney.i"
+ ];
+ };
+ retiolum = {
+ ip4.addr = "10.243.205.131";
+ ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4";
+ aliases = [
+ "shoney.retiolum"
+ "shoney.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL
+ ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4
+ okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht
+ M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO
+ +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
+ uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
# non-stockholm
@@ -426,6 +477,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
+ lariat = rec {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.64.7";
+ aliases = [
+ "lariat.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX
+ eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA
+ 269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ
+ unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv
+ d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o
+ yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
soundflower = rec {
cores = 1;
nets = {
@@ -568,6 +641,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
+ } // { # hosts only maintained in stockholm, not owned by me
muhbaasu = rec {
cores = 1;
nets = {
@@ -596,7 +670,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
};
- } // { # hosts only maintained in stockholm, not owned by me
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index c5c806cdf..0317d1eca 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -11,38 +11,39 @@ let
api = {
enable = mkEnableOption "repo-sync";
- config = mkOption {
- type = with types;attrsOf (attrsOf (attrsOf str));
+ repos = mkOption {
+ type = with types;attrsOf (attrsOf (attrsOf (attrsOf str)));
example = literalExample ''
# see `repo-sync --help`
# `ref` provides sane defaults and can be omitted
# attrset will be converted to json and be used as config
- {
+ { repo = {
makefu = {
- origin = {
- url = http://github.com/makefu/repo ;
- ref = "heads/dev" ;
- };
- mirror = {
- url = "git@internal:mirror" ;
- ref = "heads/github-mirror-dev" ;
- };
+ origin = {
+ url = http://github.com/makefu/repo ;
+ ref = "heads/dev" ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ ref = "heads/github-mirror-dev" ;
+ };
};
lass = {
- origin = {
- url = http://github.com/lass/repo ;
- };
- mirror = {
- url = "git@internal:mirror" ;
- };
+ origin = {
+ url = http://github.com/lass/repo ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ };
};
"@latest" = {
- mirror = {
- url = "git@internal:mirror";
- ref = "heads/master";
- };
+ mirror = {
+ url = "git@internal:mirror";
+ ref = "heads/master";
+ };
};
+ };
};
'';
};
@@ -56,53 +57,75 @@ let
type = types.str;
default = "/var/lib/repo-sync";
};
+
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "repo-sync";
+ home = cfg.stateDir;
+ };
+ };
+
privateKeyFile = mkOption {
- type = types.str;
- description = ''
- used by repo-sync to identify with ssh service
+ type = types.secret-file;
+ default = {
+ path = "${cfg.stateDir}/ssh.priv";
+ owner = cfg.user;
+ source-path = toString <secrets> + "/repo-sync.ssh.key";
+ };
+ };
+
+ unitConfig = mkOption {
+ type = types.attrsOf types.str;
+ description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit";
+ example = literalExample ''
+ # do not start when running on umts
+ { ConditionPathExists = "!/var/run/ppp0.pid"; }
'';
- default = toString <secrets/wolf-repo-sync.rsa_key.priv>;
+ default = {};
};
+
};
- repo-sync-config = pkgs.writeText "repo-sync-config.json"
- (builtins.toJSON cfg.config);
imp = {
- users.users.repo-sync = {
- name = "repo-sync";
- uid = genid "repo-sync";
- description = "repo-sync user";
- home = cfg.stateDir;
+ krebs.secret.files.repo-sync-key = cfg.privateKeyFile;
+ users.users.${cfg.user.name} = {
+ inherit (cfg.user) home name uid;
createHome = true;
+ description = "repo-sync user";
};
- systemd.timers.repo-sync = {
- description = "repo-sync timer";
- wantedBy = [ "timers.target" ];
+ systemd.timers = mapAttrs' (name: repo:
+ nameValuePair "repo-sync-${name}" {
+ description = "repo-sync timer";
+ wantedBy = [ "timers.target" ];
- timerConfig = cfg.timerConfig;
- };
- systemd.services.repo-sync = {
- description = "repo-sync";
- after = [ "network.target" ];
+ timerConfig = cfg.timerConfig;
+ }
+ ) cfg.repos;
- path = with pkgs; [ ];
+ systemd.services = mapAttrs' (name: repo:
+ let
+ repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json"
+ (builtins.toJSON repo);
+ in nameValuePair "repo-sync-${name}" {
+ description = "repo-sync";
+ after = [ "network.target" "secret.service" ];
- environment = {
- GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
- };
+ environment = {
+ GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
+ REPONAME = "${name}.git";
+ };
- serviceConfig = {
- Type = "simple";
- PermissionsStartOnly = true;
- ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
- cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
- chown repo-sync ${cfg.stateDir}/ssh.priv
- '';
- ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
- WorkingDirectory = cfg.stateDir;
- User = "repo-sync";
- };
- };
+ serviceConfig = {
+ Type = "simple";
+ PermissionsStartOnly = true;
+ ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
+ WorkingDirectory = cfg.stateDir;
+ User = "repo-sync";
+ };
+ unitConfig = cfg.unitConfig;
+ }
+ ) cfg.repos;
};
in out
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index dec89d249..0f1bae090 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -20,6 +20,18 @@ let
default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
};
+ hostsPath = mkOption {
+ type = types.str;
+ description = "Path to Hosts directory";
+ default = "${config.krebs.retiolum.hostsPackage}";
+ };
+
+ network = mkOption {
+ type = types.str;
+ description = "Tinc Network to use";
+ default = "retiolum";
+ };
+
nginx = {
enable = mkEnableOption "enable tinc_graphs to be served with nginx";
@@ -73,10 +85,10 @@ let
};
imp = {
- environment.systemPackages = [ pkgs.tinc_graphs];
+ environment.systemPackages = [ pkgs.tinc_graphs ];
systemd.timers.tinc_graphs = {
description = "Build Tinc Graphs via via timer";
- wantedBy = [ "timers.target"];
+ wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig;
};
systemd.services.tinc_graphs = {
@@ -85,7 +97,8 @@ let
EXTERNAL_FOLDER = external_dir;
INTERNAL_FOLDER = internal_dir;
GEODB = cfg.geodbPath;
- TINC_HOSTPATH = config.krebs.retiolum.hostsPackage;
+ TINC_HOSTPATH = cfg.hostsPath;
+ TINC_NETWORK = cfg.network;
};
restartIfChanged = true;
@@ -103,7 +116,7 @@ let
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
fi
'';
- ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
+ ExecStart = ''${pkgs.tinc_graphs}/bin/all-the-graphs "${cfg.network}"'';
ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
# TODO: this may break if workingDir is set to something stupid
@@ -121,24 +134,26 @@ let
uid = genid "tinc_graphs";
home = "/var/spool/tinc_graphs";
};
-
- krebs.nginx.servers = mkIf cfg.nginx.enable {
- tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
- locations = [
- (nameValuePair "/" ''
- autoindex on;
- root ${internal_dir};
- '')
- ];
- }] ;
- tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
- locations = [
- (nameValuePair "/" ''
- autoindex on;
- root ${external_dir};
- '')
- ];
- }];
+ krebs.nginx = mkIf cfg.nginx.enable {
+ enable = mkDefault true;
+ servers = {
+ tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
+ locations = [
+ (nameValuePair "/" ''
+ autoindex on;
+ root ${internal_dir};
+ '')
+ ];
+ }] ;
+ tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
+ locations = [
+ (nameValuePair "/" ''
+ autoindex on;
+ root ${external_dir};
+ '')
+ ];
+ }];
+ };
};
};
diff --git a/krebs/5pkgs/Reaktor/default.nix b/krebs/5pkgs/Reaktor/default.nix
index c4a362757..fc3710820 100644
--- a/krebs/5pkgs/Reaktor/default.nix
+++ b/krebs/5pkgs/Reaktor/default.nix
@@ -3,6 +3,9 @@
python3Packages.buildPythonPackage rec {
name = "Reaktor-${version}";
version = "0.5.1";
+
+ doCheck = false;
+
propagatedBuildInputs = with pkgs;[
python3Packages.docopt
python3Packages.requests2
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index f2bbaf7f4..f0bda0ee1 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -38,13 +38,13 @@ with config.krebs.lib;
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
- #buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
- # inherit (pkgs.pythonPackages) twisted jinja2;
- # dateutil = pkgs.pythonPackages.dateutil_1_5;
- # sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
- # doCheck = false;
- # });
- #};
+ buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
+ inherit (pkgs.pythonPackages) twisted jinja2;
+ dateutil = pkgs.pythonPackages.dateutil_1_5;
+ sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
+ doCheck = false;
+ });
+ };
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
symlinkJoin = { name, paths, ... }@args: let
diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix
index c8e8c8f53..6f2cb8b6a 100644
--- a/krebs/5pkgs/git-hooks/default.nix
+++ b/krebs/5pkgs/git-hooks/default.nix
@@ -8,13 +8,14 @@ let
};
# TODO irc-announce should return a derivation
- irc-announce = { nick, channel, server, port ? 6667, verbose ? false }: ''
+ irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: ''
#! /bin/sh
set -euf
export PATH=${makeBinPath (with pkgs; [
coreutils
git
+ gnugrep
gnused
])}
@@ -54,6 +55,12 @@ let
h=$(echo $ref | sed 's:^refs/heads/::')
+ ${optionalString (branches != []) ''
+ if ! (echo "$h" | grep -qE "${concatStringsSep "|" branches}"); then
+ echo "we are not serving this branch: $h"
+ exit 0
+ fi
+ ''}
# empty_tree=$(git hash-object -t tree /dev/null)
empty_tree=4b825dc6
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index a3cc9d7b3..5aa35f5a7 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -13,7 +13,6 @@ in {
../2configs/retiolum.nix
../2configs/git.nix
../2configs/realwallpaper.nix
- ../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
{
networking.interfaces.enp2s1.ip4 = [
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index b5e551952..ec9f53694 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -5,7 +5,7 @@
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/default.nix
- ../2configs/exim-retiolum.nix
+ #../2configs/exim-retiolum.nix
../2configs/git.nix
{
boot.loader.grub = {
@@ -63,6 +63,35 @@
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
+ {
+ #TODO: abstract & move to own file
+ krebs.exim-smarthost = {
+ enable = true;
+ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ config.krebs.hosts.mors
+ config.krebs.hosts.uriel
+ config.krebs.hosts.helios
+ ];
+ system-aliases = [
+ { from = "mailer-daemon"; to = "postmaster"; }
+ { from = "postmaster"; to = "root"; }
+ { from = "nobody"; to = "root"; }
+ { from = "hostmaster"; to = "root"; }
+ { from = "usenet"; to = "root"; }
+ { from = "news"; to = "root"; }
+ { from = "webmaster"; to = "root"; }
+ { from = "www"; to = "root"; }
+ { from = "ftp"; to = "root"; }
+ { from = "abuse"; to = "root"; }
+ { from = "noc"; to = "root"; }
+ { from = "security"; to = "root"; }
+ { from = "root"; to = "lass"; }
+ ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.dishfire;
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 97734a7bd..8d944ed40 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -11,7 +11,7 @@ in {
../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/retiolum.nix
- ../2configs/realwallpaper-server.nix
+ ../2configs/realwallpaper.nix
../2configs/privoxy-retiolum.nix
../2configs/git.nix
#../2configs/redis.nix
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index a7a1fd253..f26f0ed5f 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -3,6 +3,7 @@
{
imports = [
../.
+ ../2configs/hw/tp-x220.nix
../2configs/baseX.nix
../2configs/exim-retiolum.nix
../2configs/programs.nix
@@ -14,22 +15,18 @@
../2configs/elster.nix
../2configs/steam.nix
../2configs/wine.nix
- #../2configs/texlive.nix
- ../2configs/binary-caches.nix
- #../2configs/ircd.nix
../2configs/chromium-patched.nix
../2configs/git.nix
- #../2configs/wordpress.nix
../2configs/bitlbee.nix
- #../2configs/firefoxPatched.nix
../2configs/skype.nix
../2configs/teamviewer.nix
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
- ../2configs/cbase.nix
+ ../2configs/c-base.nix
../2configs/mail.nix
../2configs/krebs-pass.nix
- #../2configs/buildbot-standalone.nix
+ ../2configs/umts.nix
+ ../2configs/repo-sync.nix
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@@ -57,17 +54,10 @@
# package = pkgs.postgresql;
# };
#}
- {
- }
];
krebs.build.host = config.krebs.hosts.mors;
- networking.wireless.enable = true;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
@@ -77,7 +67,6 @@
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
@@ -131,8 +120,8 @@
};
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!
@@ -146,7 +135,7 @@
#Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
#echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
#Autosuspend for USB device Biometric Coprocessor
- echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
+ #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
#Runtime PMs
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
@@ -168,22 +157,6 @@
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
'';
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.xserver = {
- videoDriver = "intel";
- vaapiDrivers = [ pkgs.vaapiIntel ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- BusID "PCI:0:2:0"
- '';
- };
-
environment.systemPackages = with pkgs; [
acronym
cac-api
@@ -214,15 +187,11 @@
};
};
- services.mongodb = {
- enable = true;
+ krebs.repo-sync.timerConfig = {
+ OnCalendar = "00:37";
};
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
- ];
- };
+ services.mongodb = {
+ enable = true;
};
}
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 6ed80ac39..5477a8b86 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -19,6 +19,8 @@ in {
../2configs/privoxy-retiolum.nix
../2configs/radio.nix
../2configs/buildbot-standalone.nix
+ ../2configs/repo-sync.nix
+ ../2configs/binary-cache/server.nix
{
imports = [
../2configs/git.nix
@@ -66,8 +68,6 @@ in {
}
{
- #boot.loader.gummiboot.enable = true;
- #boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
devices = [
"/dev/sda"
@@ -110,10 +110,6 @@ in {
{
sound.enable = false;
}
- #{
- # #workaround for server dying after 6-7h
- # boot.kernelPackages = pkgs.linuxPackages_4_2;
- #}
{
nixpkgs.config.allowUnfree = true;
}
@@ -202,7 +198,7 @@ in {
}
{
imports = [
- ../2configs/realwallpaper-server.nix
+ ../2configs/realwallpaper.nix
];
krebs.nginx.servers."lassul.us".locations = [
(lib.nameValuePair "/wallpaper.png" ''
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 6829428ff..96d64bda3 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -4,7 +4,9 @@ with builtins;
{
imports = [
../.
+ ../2configs/hw/tp-x220.nix
../2configs/baseX.nix
+ ../2configs/git.nix
../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
@@ -19,34 +21,10 @@ with builtins;
# };
# };
#}
- {
- #x220 config from mors
- #TODO: make x220 config file (or look in other user dir)
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.xserver = {
- videoDriver = "intel";
- vaapiDrivers = [ pkgs.vaapiIntel ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- BusID "PCI:0:2:0"
- '';
- };
- }
];
krebs.build.host = config.krebs.hosts.shodan;
- networking.wireless.enable = true;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
@@ -56,7 +34,6 @@ with builtins;
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
@@ -67,10 +44,15 @@ with builtins;
"/boot" = {
device = "/dev/sda1";
};
+
+ "/home/lass" = {
+ device = "/dev/pool/home-lass";
+ fsType = "ext4";
+ };
};
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
- # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
- #'';
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ '';
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 16f7502ac..6d26ff89a 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -8,7 +8,13 @@ in {
#./urxvt.nix
./xserver
./mpv.nix
+ #./pulse.nix
+ ./power-action.nix
];
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ };
users.extraUsers.mainUser.extraGroups = [ "audio" ];
@@ -16,11 +22,6 @@ in {
virtualisation.libvirtd.enable = true;
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
programs.ssh.startAgent = false;
security.setuidPrograms = [ "slock" ];
@@ -32,6 +33,7 @@ in {
environment.systemPackages = with pkgs; [
+ acpi
dmenu
gitAndTools.qgit
lm_sensors
@@ -44,6 +46,7 @@ in {
sxiv
xclip
xorg.xbacklight
+ xorg.xhost
xsel
zathura
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
new file mode 100644
index 000000000..108ff7a1e
--- /dev/null
+++ b/lass/2configs/binary-cache/client.nix
@@ -0,0 +1,9 @@
+{ config, ... }:
+
+{
+ nix = {
+ binaryCaches = ["http://cache.prism.r"];
+ binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
+ };
+}
+
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..22ec04307
--- /dev/null
+++ b/lass/2configs/binary-cache/server.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ...}:
+
+{
+ # generate private key with:
+ # nix-store --generate-binary-cache-key my-secret-key my-public-key
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ krebs.nginx = {
+ enable = true;
+ servers.nix-serve = {
+ server-names = [ "cache.prism.r" ];
+ locations = lib.singleton (lib.nameValuePair "/" ''
+ proxy_pass http://localhost:${toString config.services.nix-serve.port};
+ '');
+ };
+ };
+}
+
diff --git a/lass/2configs/binary-caches.nix b/lass/2configs/binary-caches.nix
deleted file mode 100644
index c2727520d..000000000
--- a/lass/2configs/binary-caches.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }:
-
-{
- nix.sshServe.enable = true;
- nix.sshServe.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel"
- ];
- nix.binaryCaches = [
- #"scp://nix-ssh@mors"
- #"scp://nix-ssh@uriel"
- ];
-}
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 604d0728d..04bdcf9d8 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -1,6 +1,14 @@
{ lib, config, pkgs, ... }:
-{
- krebs.buildbot.master = let
+
+with config.krebs.lib;
+
+let
+ sshWrapper = pkgs.writeDash "ssh-wrapper" ''
+ ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@"
+ '';
+
+in {
+ config.krebs.buildbot.master = let
stockholm-mirror-url = http://cgit.prism/stockholm ;
in {
slaves = {
@@ -25,20 +33,38 @@
sched.append(schedulers.SingleBranchScheduler(
## all branches
change_filter=util.ChangeFilter(branch_re=".*"),
- # treeStableTimer=10,
+ treeStableTimer=10,
name="fast-all-branches",
builderNames=["fast-tests"]))
'';
+ build-scheduler = ''
+ # build all hosts
+ sched.append(schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch_re=".*"),
+ treeStableTimer=10,
+ name="prism-all-branches",
+ builderNames=["build-all"]))
+ '';
};
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
- env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"}
+ # TODO: get nixpkgs/stockholm paths from krebs
+ env_lass = {
+ "LOGNAME": "lass",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ }
+ env_makefu = {
+ "LOGNAME": "makefu",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ }
# prepare nix-shell
# the dependencies which are used by the test script
- deps = [ "gnumake", "jq","nix","rsync" ]
+ deps = [ "gnumake", "jq", "nix", "rsync", "proot" ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
nixshell = ["nix-shell",
@@ -51,16 +77,45 @@
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
+ build-all = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
+ addShell(f,name="build-{}".format(i),env=env_lass,
+ command=nixshell + \
+ ["make \
+ test \
+ ssh=${sshWrapper} \
+ target=build@localhost:${config.users.users.build.home}/testbuild \
+ method=build \
+ system={}".format(i)])
+
+ for i in [ "pornocauster", "wry" ]:
+ addShell(f,name="build-{}".format(i),env=env_makefu,
+ command=nixshell + \
+ ["make \
+ test \
+ ssh=${sshWrapper} \
+ target=build@localhost:${config.users.users.build.home}/testbuild \
+ method=build \
+ system={}".format(i)])
+
+ bu.append(util.BuilderConfig(name="build-all",
+ slavenames=slavenames,
+ factory=f))
+
+ '';
+
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
for i in [ "prism", "mors", "echelon" ]:
- addShell(f,name="populate-{}".format(i),env=env,
+ addShell(f,name="populate-{}".format(i),env=env_lass,
command=nixshell + \
["{}( make system={} eval.config.krebs.build.populate \
| jq -er .)".format("!" if "failing" in i else "",i)])
- addShell(f,name="build-test-minimal",env=env,
+ addShell(f,name="build-test-minimal",env=env_lass,
command=nixshell + \
["nix-instantiate \
--show-trace --eval --strict --json \
@@ -86,17 +141,17 @@
};
};
- krebs.buildbot.slave = {
+ config.krebs.buildbot.slave = {
enable = true;
masterhost = "localhost";
username = "testslave";
password = "lasspass";
packages = with pkgs;[ git nix gnumake jq rsync ];
extraEnviron = {
- NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
+ NIX_PATH="nixpkgs=/var/src/nixpkgs";
};
};
- krebs.iptables = {
+ config.krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
@@ -104,4 +159,29 @@
];
};
};
+
+ #ssh workaround for make test
+ options.lass.build-ssh-privkey = mkOption {
+ type = types.secret-file;
+ default = {
+ path = "${config.users.users.buildbotSlave.home}/ssh.privkey";
+ owner = { inherit (config.users.users.buildbotSlave ) name uid;};
+ source-path = toString <secrets> + "/build.ssh.key";
+ };
+ };
+ config.krebs.secret.files = {
+ build-ssh-privkey = config.lass.build-ssh-privkey;
+ };
+ config.users.users = {
+ build = {
+ name = "build";
+ uid = genid "build";
+ home = "/home/build";
+ useDefaultShell = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors"
+ ];
+ };
+ };
}
diff --git a/lass/2configs/cbase.nix b/lass/2configs/c-base.nix
index 9d13bc30d..9d13bc30d 100644
--- a/lass/2configs/cbase.nix
+++ b/lass/2configs/c-base.nix
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 1c06acf38..377554514 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -7,6 +7,9 @@ with config.krebs.lib;
../2configs/zsh.nix
../2configs/mc.nix
../2configs/retiolum.nix
+ ../2configs/nixpkgs.nix
+ ../2configs/binary-cache/client.nix
+ ../2configs/gc.nix
./backups.nix
{
users.extraUsers =
@@ -52,21 +55,18 @@ with config.krebs.lib;
user = config.krebs.users.lass;
source = mapAttrs (_: mkDefault) ({
nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
- secrets = "/home/lass/secrets/${config.krebs.build.host.name}";
+ secrets = if getEnv "dummy_secrets" == "true"
+ then toString <stockholm/lass/2configs/tests/dummy-secrets>
+ else "/home/lass/secrets/${config.krebs.build.host.name}";
#secrets-common = "/home/lass/secrets/common";
- stockholm = "/home/lass/stockholm";
- nixpkgs = {
- url = https://github.com/lassulus/nixpkgs;
- rev = "f632f8edaf80ffa8bf0b8c9b9064cae3ccbe3894";
- dev = "/home/lass/src/nixpkgs";
- };
+ stockholm = getEnv "PWD";
} // optionalAttrs config.krebs.build.host.secure {
#secrets-master = "/home/lass/secrets/master";
});
};
};
- nix.useChroot = true;
+ nix.useSandbox = true;
users.mutableUsers = false;
@@ -114,8 +114,13 @@ with config.krebs.lib;
#neat utils
krebspaste
+ pciutils
psmisc
+ q
+ rs
+ tmux
untilport
+ usbutils
#unpack stuff
p7zip
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 3639a743a..cf9b631c8 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -21,6 +21,7 @@ in {
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
+ config.krebs.users.lass-shodan.pubkey
];
};
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 8199f2bd7..1ba99c8cb 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -28,6 +28,8 @@ with config.krebs.lib;
{ from = "wordpress@ubikmedia.de"; to = lass.mail; }
{ from = "finanzamt@lassul.us"; to = lass.mail; }
{ from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
+ { from = "netzclub@lassul.us"; to = lass.mail; }
+ { from = "nebenan@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index f3b65e816..a724e2e45 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -5,7 +5,8 @@ let
in {
krebs.fetchWallpaper = {
enable = true;
- url = "cloudkrebs/wallpaper.png";
+ unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
+ url = "prism/wallpaper.png";
};
}
diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
new file mode 100644
index 000000000..8762ad95e
--- /dev/null
+++ b/lass/2configs/gc.nix
@@ -0,0 +1,8 @@
+{ config, ... }:
+
+with config.krebs.lib;
+{
+ nix.gc = {
+ automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ];
+ };
+}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index c0affe981..381a37e1b 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -29,18 +29,10 @@ let
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
- painload = {};
stockholm = {
cgit.desc = "take all the computers hostage, they'll love you!";
};
- wai-middleware-time = {};
- web-routes-wai-custom = {};
- go = {};
- newsbot-js = {};
kimsufi-check = {};
- realwallpaper = {};
- xmonad-stockholm = {};
- the_playlist = {};
} // mapAttrs make-public-repo-silent {
the_playlist = {};
};
@@ -50,8 +42,6 @@ let
brain = {
collaborators = with config.krebs.users; [ tv makefu ];
};
- extraction_webinterface = {};
- politics-fetching = {};
} //
import <secrets/repos.nix> { inherit config lib pkgs; }
);
@@ -66,6 +56,7 @@ let
channel = "#retiolum";
server = "cd.retiolum";
verbose = config.krebs.build.host.name == "prism";
+ branches = [ "master" ];
};
};
};
@@ -84,7 +75,7 @@ let
with git // config.krebs.users;
repo:
singleton {
- user = [ lass lass-helios lass-uriel ];
+ user = [ lass lass-uriel ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix
new file mode 100644
index 000000000..be1faccea
--- /dev/null
+++ b/lass/2configs/hw/tp-x220.nix
@@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+{
+ networking.wireless.enable = lib.mkDefault true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ hardware.cpu.intel.updateMicrocode = true;
+
+ zramSwap.enable = true;
+ zramSwap.numDevices = 2;
+
+ hardware.trackpoint = {
+ enable = true;
+ sensitivity = 220;
+ speed = 0;
+ emulateWheel = true;
+ };
+
+ services.tlp.enable = true;
+ services.tlp.extraConfig = ''
+ # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
+ #START_CHARGE_THRESH_BAT0=80
+ STOP_CHARGE_THRESH_BAT0=95
+
+ CPU_SCALING_GOVERNOR_ON_AC=performance
+ CPU_SCALING_GOVERNOR_ON_BAT=ondemand
+ CPU_MIN_PERF_ON_AC=0
+ CPU_MAX_PERF_ON_AC=100
+ CPU_MIN_PERF_ON_BAT=0
+ CPU_MAX_PERF_ON_BAT=30
+ '';
+
+ boot = {
+ kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
+ extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+ };
+
+ hardware.opengl.extraPackages = [
+ pkgs.vaapiIntel
+ pkgs.vaapiVdpau
+ ];
+
+ services.xserver = {
+ videoDriver = "intel";
+ deviceSection = ''
+ Option "AccelMethod" "sna"
+ '';
+ };
+
+ security.rngd.enable = true;
+}
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 72d6f987f..7c050005b 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -10,8 +10,9 @@ let
account default: prism
'';
- msmtp = pkgs.writeDashBin "msmtp" ''
- exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
+ msmtp = pkgs.writeBashBin "msmtp" ''
+ ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \
+ ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
'';
muttrc = pkgs.writeText "muttrc" ''
@@ -42,7 +43,7 @@ let
set nm_record = yes
set nm_record_tags = "-inbox me archive"
set virtual_spoolfile=yes # enable virtual folders
- set sendmail="msmtp" # enables parsing of outgoing mail
+ set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail
set use_from=yes
set envelope_from=yes
diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index 636b44395..f2b70d831 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -41,7 +41,6 @@ let
cryptogon|http://www.cryptogon.com/?feed=rss2|#news
csm|http://rss.csmonitor.com/feeds/csm|#news
csm_world|http://rss.csmonitor.com/feeds/world|#news
- cyberguerrilla|https://www.cyberguerrilla.org/a/2012/?feed=rss2|#news
danisch|http://www.danisch.de/blog/feed/|#news
dod|http://www.defense.gov/news/afps2.xml|#news
dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news
@@ -102,7 +101,7 @@ let
npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news
npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news
npr_world|http://www.npr.org/rss/rss.php?id=1004|#news
- nsa|http://www.nsa.gov/rss.shtml|#news #bullerei
+ nsa|https://www.nsa.gov/rss.xml|#news #bullerei
nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news
painload|https://github.com/krebscode/painload/commits/master.atom|#news
phys|http://phys.org/rss-feed/|#news
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
new file mode 100644
index 000000000..0021a8615
--- /dev/null
+++ b/lass/2configs/nixpkgs.nix
@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+ krebs.build.source.nixpkgs = {
+ url = https://github.com/lassulus/nixpkgs;
+ rev = "c78f9ad2f91019648bdcf5a911f86ea3a397d290";
+ };
+}
diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix
new file mode 100644
index 000000000..0ff8547c7
--- /dev/null
+++ b/lass/2configs/power-action.nix
@@ -0,0 +1,41 @@
+{ config, pkgs, ... }:
+
+let
+ suspend = pkgs.writeDash "suspend" ''
+ ${pkgs.systemd}/bin/systemctl suspend
+ '';
+
+ speak = text:
+ pkgs.writeDash "speak" ''
+ ${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}"
+ '';
+
+in {
+ lass.power-action = {
+ enable = true;
+ plans.low-battery = {
+ upperLimit = 30;
+ lowerLimit = 25;
+ charging = false;
+ action = pkgs.writeDash "warn-low-battery" ''
+ ${speak "power level low"}
+ '';
+ };
+ plans.suspend = {
+ upperLimit = 10;
+ lowerLimit = 0;
+ charging = false;
+ action = pkgs.writeDash "suspend-wrapper" ''
+ /var/setuid-wrappers/sudo ${suspend}
+ '';
+ };
+ };
+
+ users.users.power-action.extraGroups = [
+ "audio"
+ ];
+
+ security.sudo.extraConfig = ''
+ ${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend}
+ '';
+}
diff --git a/lass/2configs/pulse.nix b/lass/2configs/pulse.nix
new file mode 100644
index 000000000..3be482191
--- /dev/null
+++ b/lass/2configs/pulse.nix
@@ -0,0 +1,96 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+ pkg = pkgs.pulseaudioLight;
+ runDir = "/run/pulse";
+
+ alsaConf = pkgs.writeText "asound.conf" ''
+ ctl_type.pulse {
+ libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_ctl_pulse.so;
+ }
+ pcm_type.pulse {
+ libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_pcm_pulse.so;
+ }
+ ctl.!default {
+ type pulse
+ }
+ pcm.!default {
+ type pulse
+ }
+ '';
+
+ clientConf = pkgs.writeText "client.conf" ''
+ autospawn=no
+ default-server = unix:${runDir}/socket
+ '';
+
+ daemonConf = pkgs.writeText "daemon.conf" ''
+ exit-idle-time=0
+ flat-volumes = no
+ default-fragments = 4
+ default-fragment-size-msec = 25
+ '';
+
+ configFile = pkgs.writeText "default.pa" ''
+ .include ${pkg}/etc/pulse/default.pa
+ load-module ${toString [
+ "module-native-protocol-unix"
+ "auth-anonymous=1"
+ "socket=${runDir}/socket"
+ ]}
+ '';
+in
+
+{
+ environment = {
+ etc = {
+ "asound.conf".source = alsaConf;
+ # XXX mkForce is not strong enough (and neither is mkOverride) to create
+ # /etc/pulse/client.conf, see pulseaudio-hack below for a solution.
+ #"pulse/client.conf" = mkForce { source = clientConf; };
+ #"pulse/client.conf".source = mkForce clientConf;
+ "pulse/default.pa".source = configFile;
+ "pulse/daemon.pa".source = daemonConf;
+ };
+ systemPackages = [
+ pkg
+ ] ++ optionals config.services.xserver.enable [
+ pkgs.pavucontrol
+ ];
+ };
+
+ # Allow PulseAudio to get realtime priority using rtkit.
+ security.rtkit.enable = true;
+
+ system.activationScripts.pulseaudio-hack = ''
+ ln -fns ${clientConf} /etc/pulse/client.conf
+ '';
+
+ systemd.services.pulse = {
+ wantedBy = [ "sound.target" ];
+ before = [ "sound.target" ];
+ environment = {
+ PULSE_RUNTIME_PATH = "${runDir}/home";
+ };
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/pulseaudio";
+ ExecStartPre = pkgs.writeDash "pulse-start" ''
+ install -o pulse -g audio -m 0750 -d ${runDir}
+ install -o pulse -g audio -m 0700 -d ${runDir}/home
+ '';
+ PermissionsStartOnly = "true";
+ User = "pulse";
+ };
+ };
+
+ users = {
+ groups.pulse.gid = config.users.users.pulse.uid;
+ users.pulse = {
+ uid = genid "pulse";
+ group = "pulse";
+ extraGroups = [ "audio" ];
+ home = "${runDir}/home";
+ };
+ };
+}
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 17be327b9..59678dbff 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -11,7 +11,7 @@ let
source-password = import <secrets/icecast-source-pw>;
add_random = pkgs.writeDashBin "add_random" ''
- mpc add "$(mpc ls | shuf -n1)"
+ ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)"
'';
skip_track = pkgs.writeDashBin "skip_track" ''
@@ -52,13 +52,8 @@ in {
print_current
ncmpcpp
mpc_cli
- tmux
];
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
- '';
-
services.mpd = {
enable = true;
group = "radio";
@@ -67,7 +62,7 @@ in {
audio_output {
type "shout"
encoding "ogg"
- name "my cool stream"
+ name "the_playlist"
host "localhost"
port "8000"
mount "/radio.ogg"
@@ -84,7 +79,7 @@ in {
# Optional Parameters
user "source"
# description "here is my long description"
- # genre "jazz"
+ genre "good music"
} # end of audio_output
'';
@@ -114,7 +109,7 @@ in {
wantedBy = [ "timers.target" ];
timerConfig = {
- OnCalendar = "*:*";
+ OnCalendar = "*:0/1";
};
};
@@ -123,8 +118,8 @@ in {
LIMIT=$1 #in secconds
timeLeft () {
- playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
- currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
+ playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
+ currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
expr ''${playlistDuration:-0} - ''${currentTime:-0}
}
@@ -136,16 +131,10 @@ in {
description = "radio playlist autoadder";
after = [ "network.target" ];
- path = with pkgs; [
- gawk
- mpc_cli
- ];
-
restartIfChanged = true;
serviceConfig = {
- Restart = "always";
- ExecStart = "${autoAdd} 100";
+ ExecStart = "${autoAdd} 150";
};
};
diff --git a/lass/2configs/realwallpaper-server.nix b/lass/2configs/realwallpaper-server.nix
deleted file mode 100644
index 7340fc7ca..000000000
--- a/lass/2configs/realwallpaper-server.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ config, lib, ... }:
-
-let
- hostname = config.krebs.build.host.name;
- inherit (lib)
- nameValuePair
- ;
-
-in {
- imports = [
- ./realwallpaper.nix
- ];
-
- krebs.nginx.servers.wallpaper = {
- server-names = [
- hostname
- ];
- locations = [
- (nameValuePair "/wallpaper.png" ''
- root /tmp/;
- '')
- ];
- };
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
- };
-}
diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix
index c69cb1660..2ab52ed92 100644
--- a/lass/2configs/realwallpaper.nix
+++ b/lass/2configs/realwallpaper.nix
@@ -1,5 +1,30 @@
-{ config, ... }:
+{ config, lib, ... }:
-{
+let
+ hostname = config.krebs.build.host.name;
+ inherit (lib)
+ nameValuePair
+ ;
+
+in {
krebs.realwallpaper.enable = true;
+
+ krebs.nginx.servers.wallpaper = {
+ server-names = [
+ hostname
+ ];
+ locations = [
+ (nameValuePair "/wallpaper.png" ''
+ root /tmp/;
+ '')
+ ];
+ };
+
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
+ ];
+ };
+ };
}
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
new file mode 100644
index 000000000..45a4e2afd
--- /dev/null
+++ b/lass/2configs/repo-sync.nix
@@ -0,0 +1,106 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+let
+ mirror = "git@${config.networking.hostName}:";
+
+ defineRepo = name: announce: let
+ repo = {
+ public = true;
+ name = mkDefault "${name}";
+ cgit.desc = mkDefault "mirror for ${name}";
+ hooks = mkIf announce (mkDefault {
+ post-receive = pkgs.git-hooks.irc-announce {
+ nick = config.networking.hostName;
+ verbose = false;
+ channel = "#retiolum";
+ server = "cd.retiolum";
+ branches = [ "newest" ];
+ };
+ });
+ };
+ in {
+ rules = with git; singleton {
+ user = with config.krebs.users; [
+ config.krebs.users."${config.networking.hostName}-repo-sync"
+ lass
+ lass-shodan
+ ];
+ repo = [ repo ];
+ perm = push ''refs/*'' [ non-fast-forward create delete merge ];
+ };
+ repos."${name}" = repo;
+ };
+
+ sync-retiolum = name:
+ {
+ krebs.repo-sync.repos.${name} = {
+ makefu = {
+ origin.url = "http://cgit.gum/${name}";
+ mirror.url = "${mirror}${name}";
+ };
+ tv = {
+ origin.url = "http://cgit.cd/${name}";
+ mirror.url = "${mirror}${name}";
+ };
+ lassulus = {
+ origin.url = "http://cgit.prism/${name}";
+ mirror.url = "${mirror}${name}";
+ };
+ "@latest" = {
+ mirror.url = "${mirror}${name}";
+ mirror.ref = "heads/newest";
+ };
+ };
+ krebs.git = defineRepo name (config.networking.hostName == "prism");
+ };
+
+ sync-remote = name: url:
+ {
+ krebs.repo-sync.repos.${name} = {
+ remote = {
+ origin.url = url;
+ mirror.url = "${mirror}${name}";
+ };
+ };
+ krebs.git = defineRepo name (config.networking.hostName == "prism");
+ };
+
+ sync-remote-silent = name: url:
+ {
+ krebs.repo-sync.repos.${name} = {
+ remote = {
+ origin.url = url;
+ mirror.url = "${mirror}${name}";
+ };
+ };
+ krebs.git = defineRepo name false;
+ };
+
+in {
+ krebs.repo-sync = {
+ enable = true;
+ unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
+ };
+ imports = [
+ (sync-remote "array" "https://github.com/makefu/array")
+ (sync-remote "email-header" "https://github.com/4z3/email-header")
+ (sync-remote "mycube-flask" "https://github.com/makefu/mycube-flask")
+ (sync-remote "reaktor-titlebot" "https://github.com/makefu/reaktor-titlebot")
+ (sync-remote "repo-sync" "https://github.com/makefu/repo-sync")
+ (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger")
+ (sync-remote "xintmap" "https://github.com/4z3/xintmap")
+ (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
+ (sync-retiolum "go")
+ (sync-retiolum "much")
+ (sync-retiolum "newsbot-js")
+ (sync-retiolum "painload")
+ (sync-retiolum "realwallpaper")
+ (sync-retiolum "stockholm")
+ (sync-retiolum "wai-middleware-time")
+ (sync-retiolum "web-routes-wai-custom")
+ (sync-retiolum "xmonad-stockholm")
+ ];
+}
+
diff --git a/lass/2configs/tests/dummy-secrets/cbase.txt b/lass/2configs/tests/dummy-secrets/cbase.txt
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/cbase.txt
diff --git a/lass/2configs/tests/dummy-secrets/hashedPasswords.nix b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix
@@ -0,0 +1 @@
+{}
diff --git a/lass/2configs/tests/dummy-secrets/icecast-admin-pw b/lass/2configs/tests/dummy-secrets/icecast-admin-pw
new file mode 100644
index 000000000..16b542cee
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/icecast-admin-pw
@@ -0,0 +1 @@
+"blabla"
diff --git a/lass/2configs/tests/dummy-secrets/icecast-source-pw b/lass/2configs/tests/dummy-secrets/icecast-source-pw
new file mode 100644
index 000000000..16b542cee
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/icecast-source-pw
@@ -0,0 +1 @@
+"blabla"
diff --git a/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv
new file mode 100644
index 000000000..215a7fa0c
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv
@@ -0,0 +1,3 @@
+-----BEGIN RSA PRIVATE KEY-----
+this is a private key
+-----END RSA PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/mysql_rootPassword b/lass/2configs/tests/dummy-secrets/mysql_rootPassword
new file mode 100644
index 000000000..922a74472
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/mysql_rootPassword
@@ -0,0 +1 @@
+blabla123
diff --git a/lass/2configs/tests/dummy-secrets/nix-serve.key b/lass/2configs/tests/dummy-secrets/nix-serve.key
new file mode 100644
index 000000000..91448ad2f
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/nix-serve.key
@@ -0,0 +1 @@
+key-name:blabla123
diff --git a/lass/2configs/tests/dummy-secrets/repos.nix b/lass/2configs/tests/dummy-secrets/repos.nix
new file mode 100644
index 000000000..eed712458
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/repos.nix
@@ -0,0 +1 @@
+_: {}
diff --git a/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
new file mode 100644
index 000000000..99a4033f6
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
@@ -0,0 +1,4 @@
+
+-----BEGIN RSA PRIVATE KEY-----
+this is a private key
+-----END RSA PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519
new file mode 100644
index 000000000..5c12da0b3
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519
@@ -0,0 +1,3 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+private key bla
+-----END OPENSSH PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_rsa b/lass/2configs/tests/dummy-secrets/ssh.id_rsa
new file mode 100644
index 000000000..885cf61f0
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/ssh.id_rsa
@@ -0,0 +1,3 @@
+-----BEGIN RSA PRIVATE KEY-----
+private key bla
+-----END RSA PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/transmission-pw b/lass/2configs/tests/dummy-secrets/transmission-pw
new file mode 100644
index 000000000..b71df1a2d
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/transmission-pw
@@ -0,0 +1 @@
+"krebskrebs123"
diff --git a/lass/2configs/umts.nix b/lass/2configs/umts.nix
new file mode 100644
index 000000000..c1fce9ea2
--- /dev/null
+++ b/lass/2configs/umts.nix
@@ -0,0 +1,62 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+let
+ nixpkgs-1509 = import (pkgs.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs-channels";
+ rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
+ sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
+ }) {};
+
+ wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
+
+ modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09";
+
+ # TODO: currently it is only netzclub
+ umts-bin = pkgs.writeScriptBin "umts" ''
+ #!/bin/sh
+ set -euf
+ systemctl stop wpa_supplicant
+ systemctl start umts
+ trap "systemctl stop umts && systemctl start wpa_supplicant;trap - INT TERM EXIT;exit" INT TERM EXIT
+ echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
+ journalctl -xfu umts
+ '';
+
+ wvdial-defaults = ''
+ Modem = ${modem-device}
+ Init1 = AT+CFUN=1
+ Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+ Baud = 460800
+ phone= *99#
+ Username = netzclub
+ Password = netzclub
+ Stupid Mode = 1
+ Idle Seconds = 0
+ '';
+
+
+ out = {
+ environment.shellAliases = {
+ umts = "sudo ${umts-bin}/bin/umts";
+ };
+
+ security.sudo.extraConfig = ''
+ lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts
+ '';
+
+ environment.wvdial.dialerDefaults = wvdial-defaults;
+
+ systemd.services.umts = {
+ description = "UMTS wvdial Service";
+ serviceConfig = {
+ Type = "simple";
+ Restart = "always";
+ RestartSec = "10s";
+ ExecStart = "${wvdial}/bin/wvdial -n";
+ };
+ };
+ };
+in out
+
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index 8295d9d49..9eed08635 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -1,158 +1,351 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+with config.krebs.lib;
let
- customPlugins = {
- mustang2 = pkgs.vimUtils.buildVimPlugin {
- name = "Mustang2";
- src = pkgs.fetchFromGitHub {
- owner = "croaker";
- repo = "mustang-vim";
- rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
- sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
- };
- };
- unimpaired = pkgs.vimUtils.buildVimPlugin {
- name = "unimpaired-vim";
- src = pkgs.fetchFromGitHub {
- owner = "tpope";
- repo = "vim-unimpaired";
- rev = "11dc568dbfd7a56866a4354c737515769f08e9fe";
- sha256 = "1an941j5ckas8l3vkfhchdzjwcray16229rhv3a1d4pbxifwshi8";
- };
- };
- brogrammer = pkgs.vimUtils.buildVimPlugin {
- name = "brogrammer";
- src = pkgs.fetchFromGitHub {
- owner = "marciomazza";
- repo = "vim-brogrammer-theme";
- rev = "3e412d8e8909d8d89eb5a4cbe955b5bc0833a3c3";
- sha256 = "0am1qk8ls74z5ipgf9viacayq08y9i9vd7sxxiivwgsjh2ancbv6";
- };
- };
- file-line = pkgs.vimUtils.buildVimPlugin {
- name = "file-line";
- src = pkgs.fetchFromGitHub {
- owner = "bogado";
- repo = "file-line";
- rev = "f9ffa1879ad84ce4a386110446f395bc1795b72a";
- sha256 = "173n47w9zd01rcyrrmm194v79xq7d1ggzr19n1lsxrqfgr2c1rvk";
- };
- };
+ out = {
+ environment.systemPackages = [
+ vim
+ ];
+
+ environment.etc.vimrc.source = vimrc;
+
+ environment.variables.EDITOR = mkForce "vim";
+ environment.variables.VIMINIT = ":so /etc/vimrc";
};
-in {
+ extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
+ pkgs.vimPlugins.Gundo
+ pkgs.vimPlugins.Syntastic
+ pkgs.vimPlugins.undotree
+ (pkgs.vimUtils.buildVimPlugin {
+ name = "file-line-1.0";
+ src = pkgs.fetchgit {
+ url = git://github.com/bogado/file-line;
+ rev = "refs/tags/1.0";
+ sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
+ };
+ })
+ ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "hack";
+ in {
+ name = "vim-color-${name}-1.0.2";
+ destination = "/colors/${name}.vim";
+ text = /* vim */ ''
+ set background=dark
+ hi clear
+ if exists("syntax_on")
+ syntax clear
+ endif
+
+ let colors_name = ${toJSON name}
+
+ hi Normal ctermbg=235
+ hi Comment ctermfg=242
+ hi Constant ctermfg=062
+ hi Identifier ctermfg=068
+ hi Function ctermfg=041
+ hi Statement ctermfg=167
+ hi PreProc ctermfg=167
+ hi Type ctermfg=041
+ hi Delimiter ctermfg=251
+ hi Special ctermfg=062
- environment.systemPackages = [
- (pkgs.vim_configurable.customize {
+ hi Garbage ctermbg=088
+ hi TabStop ctermbg=016
+ hi Todo ctermfg=174 ctermbg=NONE
+
+ hi NixCode ctermfg=148
+ hi NixData ctermfg=149
+ hi NixQuote ctermfg=150
+
+ hi diffNewFile ctermfg=207
+ hi diffFile ctermfg=207
+ hi diffLine ctermfg=207
+ hi diffSubname ctermfg=207
+ hi diffAdded ctermfg=010
+ hi diffRemoved ctermfg=009
+ '';
+ })))
+ ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "vim";
+ in {
+ name = "vim-syntax-${name}-1.0.0";
+ destination = "/syntax/${name}.vim";
+ text = /* vim */ ''
+ ${concatMapStringsSep "\n" (s: /* vim */ ''
+ syn keyword vimColor${s} ${s}
+ \ containedin=ALLBUT,vimComment,vimLineComment
+ hi vimColor${s} ctermfg=${s}
+ '') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
+ '';
+ })))
+ ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "showsyntax";
+ in {
+ name = "vim-plugin-${name}-1.0.0";
+ destination = "/plugin/${name}.vim";
+ text = /* vim */ ''
+ if exists('g:loaded_showsyntax')
+ finish
+ endif
+ let g:loaded_showsyntax = 0
- vimrcConfig.customRC = ''
- set nocompatible
- set t_Co=16
- syntax on
- " TODO autoload colorscheme file
- set background=dark
- colorscheme brogrammer
- filetype off
- filetype plugin indent on
+ fu! ShowSyntax()
+ let id = synID(line("."), col("."), 1)
+ let name = synIDattr(id, "name")
+ let transName = synIDattr(synIDtrans(id),"name")
+ if name != transName
+ let name .= " (" . transName . ")"
+ endif
+ echo "Syntax: " . name
+ endfu
- imap <F1> <nop>
+ command! -n=0 -bar ShowSyntax :call ShowSyntax()
+ '';
+ })))
+ ];
- set mouse=a
- set ruler
- set showmatch
- set backspace=2
- set visualbell
- set encoding=utf8
- set showcmd
- set wildmenu
+ dirs = {
+ backupdir = "$HOME/.cache/vim/backup";
+ swapdir = "$HOME/.cache/vim/swap";
+ undodir = "$HOME/.cache/vim/undo";
+ };
+ files = {
+ viminfo = "$HOME/.cache/vim/info";
+ };
- set title
- set titleold=
- set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
+ mkdirs = let
+ dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
+ in assert out != ""; out;
+ alldirs = attrValues dirs ++ map dirOf (attrValues files);
+ in unique (sort lessThan alldirs);
- set autoindent
+ vim = pkgs.writeDashBin "vim" ''
+ set -efu
+ (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
+ exec ${pkgs.neovim}/bin/nvim "$@"
+ '';
- set ttyfast
+ vimrc = pkgs.writeText "vimrc" ''
+ set nocompatible
- set pastetoggle=<INS>
+ set autoindent
+ set backspace=indent,eol,start
+ set backup
+ set backupdir=${dirs.backupdir}/
+ set directory=${dirs.swapdir}//
+ set hlsearch
+ set incsearch
+ set mouse=a
+ set noruler
+ set pastetoggle=<INS>
+ set runtimepath=${extra-runtimepath},$VIMRUNTIME
+ set shortmess+=I
+ set showcmd
+ set showmatch
+ set ttimeoutlen=0
+ set undodir=${dirs.undodir}
+ set undofile
+ set undolevels=1000000
+ set undoreload=1000000
+ set viminfo='20,<1000,s100,h,n${files.viminfo}
+ set visualbell
+ set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
+ set wildmenu
+ set wildmode=longest,full
+ set et ts=2 sts=2 sw=2
- " Force Saving Files that Require Root Permission
- command! W silent w !sudo tee "%" >/dev/null
+ filetype plugin indent on
- nnoremap <C-c> :q<Return>
- vnoremap < <gv
- vnoremap > >gv
+ set t_Co=256
+ colorscheme hack
+ syntax on
- nmap <esc>q :buffer
+ au Syntax * syn match Garbage containedin=ALL /\s\+$/
+ \ | syn match TabStop containedin=ALL /\t\+/
+ \ | syn keyword Todo containedin=ALL TODO
+ au BufRead,BufNewFile *.hs so ${hs.vim}
- "Tabwidth
- set ts=2 sts=2 sw=2 et
+ au BufRead,BufNewFile *.nix so ${nix.vim}
- " create Backup/tmp/undo dirs
- function! InitBackupDir()
- let l:parent = $HOME . '/.vim/'
- let l:backup = l:parent . 'backups/'
- let l:tmpdir = l:parent . 'tmp/'
- let l:undodi = l:parent . 'undo/'
+ au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
- if !isdirectory(l:parent)
- call mkdir(l:parent)
- endif
- if !isdirectory(l:backup)
- call mkdir(l:backup)
- endif
- if !isdirectory(l:tmpdir)
- call mkdir(l:tmpdir)
- endif
- if !isdirectory(l:undodi)
- call mkdir(l:undodi)
- endif
- endfunction
- call InitBackupDir()
-
- " Backups & Files
- set backup
- set backupdir=~/.vim/backups
- set directory=~/.vim/tmp//
- set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
- set undodir=$HOME/.vim/undo
- set undofile
-
- " highlight whitespaces
- highlight ExtraWhitespace ctermbg=red guibg=red
- match ExtraWhitespace /\s\+$/
- autocmd BufWinEnter * match ExtraWhitespace /\s\+$/
- autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@<!$/
- autocmd InsertLeave * match ExtraWhitespace /\s\+$/
- autocmd BufWinLeave * call clearmatches()
-
- "ft specific stuff
- autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
- autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
-
- "esc timeout
- set timeoutlen=1000 ttimeoutlen=0
-
- "foldfunctions
- inoremap <F9> <C-O>za
- nnoremap <F9> za
- onoremap <F9> <C-C>za
- vnoremap <F9> zf
- '';
-
- vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
- vimrcConfig.vam.pluginDictionaries = [
- { names = [
- "brogrammer"
- "file-line"
- "Gundo"
- ]; }
- { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
+ "Syntastic config
+ let g:syntastic_python_checkers=['flake8']
+
+ nmap <esc>q :buffer
+ nmap <M-q> :buffer
+
+ cnoremap <C-A> <Home>
+
+ noremap <C-c> :q<cr>
+ vnoremap < <gv
+ vnoremap > >gv
+
+ nnoremap <esc>[5^ :tabp<cr>
+ nnoremap <esc>[6^ :tabn<cr>
+ nnoremap <esc>[5@ :tabm -1<cr>
+ nnoremap <esc>[6@ :tabm +1<cr>
+
+ nnoremap <f1> :tabp<cr>
+ nnoremap <f2> :tabn<cr>
+ inoremap <f1> <esc>:tabp<cr>
+ inoremap <f2> <esc>:tabn<cr>
+
+ " <C-{Up,Down,Right,Left>
+ noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
+ noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
+ noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
+ noremap <esc>Od <nop> | noremap! <esc>Od <nop>
+ " <[C]S-{Up,Down,Right,Left>
+ noremap <esc>[a <nop> | noremap! <esc>[a <nop>
+ noremap <esc>[b <nop> | noremap! <esc>[b <nop>
+ noremap <esc>[c <nop> | noremap! <esc>[c <nop>
+ noremap <esc>[d <nop> | noremap! <esc>[d <nop>
+ vnoremap u <nop>
+ '';
+
+ hs.vim = pkgs.writeText "hs.vim" ''
+ syn region String start=+\[[[:alnum:]]*|+ end=+|]+
+
+ hi link ConId Identifier
+ hi link VarId Identifier
+ hi link hsDelimiter Delimiter
+ '';
+
+ nix.vim = pkgs.writeText "nix.vim" ''
+ setf nix
+
+ " Ref <nix/src/libexpr/lexer.l>
+ syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
+ syn match NixINT /\<[0-9]\+\>/
+ syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
+ syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
+ syn region NixSTRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ syn region NixIND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+
+ syn match NixOther /[():/;=.,?\[\]]/
+
+ syn match NixCommentMatch /\(^\|\s\)#.*/
+ syn region NixCommentRegion start="/\*" end="\*/"
+
+ hi link NixCode Statement
+ hi link NixData Constant
+ hi link NixComment Comment
+
+ hi link NixCommentMatch NixComment
+ hi link NixCommentRegion NixComment
+ hi link NixID NixCode
+ hi link NixINT NixData
+ hi link NixPATH NixData
+ hi link NixHPATH NixData
+ hi link NixSPATH NixData
+ hi link NixURI NixData
+ hi link NixSTRING NixData
+ hi link NixIND_STRING NixData
+
+ hi link NixEnter NixCode
+ hi link NixOther NixCode
+ hi link NixQuote NixData
+
+ syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
+ syn cluster nix_ind_strings contains=NixIND_STRING
+ syn cluster nix_strings contains=NixSTRING
+
+ ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
+ startAlts = filter isString [
+ ''/\* ${lang} \*/''
+ extraStart
];
+ sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
+ in /* vim */ ''
+ syn include @nix_${lang}_syntax syntax/${lang}.vim
+ unlet b:current_syntax
- })
- ];
-}
+ syn match nix_${lang}_sigil
+ \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
+ \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
+ \ transparent
+
+ syn region nix_${lang}_region_STRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn region nix_${lang}_region_IND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn cluster nix_ind_strings
+ \ add=nix_${lang}_region_IND_STRING
+
+ syn cluster nix_strings
+ \ add=nix_${lang}_region_STRING
+
+ syn cluster nix_has_dollar_curly
+ \ add=@nix_${lang}_syntax
+ '') {
+ c = {};
+ cabal = {};
+ haskell = {};
+ sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
+ vim.extraStart =
+ ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
+ })}
+
+ " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
+ syn clear shVarAssign
+
+ syn region nixINSIDE_DOLLAR_CURLY
+ \ matchgroup=NixEnter
+ \ start="[$]{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=@nix_has_dollar_curly
+ \ transparent
+
+ syn region nix_inside_curly
+ \ matchgroup=NixEnter
+ \ start="{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
+ \ transparent
+
+ syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
+ \ containedin=@nix_ind_strings
+ \ contained
+
+ syn match NixQuote /\\./he=s+1
+ \ containedin=@nix_strings
+ \ contained
+
+ syn sync fromstart
+
+ let b:current_syntax = "nix"
+
+ set isk=@,48-57,_,192-255,-,'
+ '';
+in
+out
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 45d09c3b9..f88dc927e 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -11,9 +11,9 @@ let
serveWordpress;
msmtprc = pkgs.writeText "msmtprc" ''
- account prism
+ account localhost
host localhost
- account default: prism
+ account default: localhost
'';
sendmail = pkgs.writeDash "msmtp" ''
@@ -23,23 +23,55 @@ let
in {
imports = [
./sqlBackup.nix
- (ssl [ "reich-gebaeudereinigung.de" ])
- (servePage [ "reich-gebaeudereinigung.de" ])
+ (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
+ (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
- (ssl [ "karlaskop.de" ])
- (servePage [ "karlaskop.de" ])
+ (ssl [ "karlaskop.de" "www.karlaskop.de" ])
+ (servePage [ "karlaskop.de" "www.karlaskop.de" ])
- (ssl [ "makeup.apanowicz.de" ])
- (servePage [ "makeup.apanowicz.de" ])
+ (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
+ (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
- (ssl [ "pixelpocket.de" ])
- (servePage [ "pixelpocket.de" ])
+ (ssl [ "pixelpocket.de" "www.pixelpocket.de" ])
+ (servePage [ "pixelpocket.de" "www.pixelpocket.de" ])
- (ssl [ "o.ubikmedia.de" ])
- (serveOwncloud [ "o.ubikmedia.de" ])
+ (ssl [ "o.ubikmedia.de" "www.o.ubikmedia.de" ])
+ (serveOwncloud [ "o.ubikmedia.de" "www.o.ubikmedia.de" ])
- (ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
- (serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
+ (ssl [
+ "ubikmedia.de"
+ "aldona.ubikmedia.de"
+ "apanowicz.de"
+ "nirwanabluete.de"
+ "aldonasiech.com"
+ "360gradvideo.tv"
+ "ubikmedia.eu"
+ "facts.cloud"
+ "www.ubikmedia.de"
+ "www.aldona.ubikmedia.de"
+ "www.apanowicz.de"
+ "www.nirwanabluete.de"
+ "www.aldonasiech.com"
+ "www.360gradvideo.tv"
+ "www.ubikmedia.eu"
+ "www.facts.cloud"
+ ])
+ (serveWordpress [
+ "ubikmedia.de"
+ "apanowicz.de"
+ "nirwanabluete.de"
+ "aldonasiech.com"
+ "360gradvideo.tv"
+ "ubikmedia.eu"
+ "facts.cloud"
+ "*.ubikmedia.de"
+ "www.apanowicz.de"
+ "www.nirwanabluete.de"
+ "www.aldonasiech.com"
+ "www.360gradvideo.tv"
+ "www.ubikmedia.eu"
+ "www.facts.cloud"
+ ])
];
lass.mysqlBackup.config.all.databases = [
@@ -47,6 +79,27 @@ in {
"o_ubikmedia_de"
];
+ krebs.backup.plans = {
+ prism-sql-domsen = {
+ method = "push";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-sql"; };
+ startAt = "00:01";
+ };
+ prism-http-domsen = {
+ method = "push";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-http"; };
+ startAt = "00:10";
+ };
+ prism-o-ubikmedia-domsen = {
+ method = "push";
+ src = { host = config.krebs.hosts.prism; path = "/srv/o.ubikmedia.de-data"; };
+ dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-owncloud"; };
+ startAt = "00:30";
+ };
+ };
+
users.users.domsen = {
uid = genid "domsen";
description = "maintenance acc for domsen";
@@ -56,18 +109,18 @@ in {
createHome = true;
};
- #services.phpfpm.phpOptions = ''
- # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
- # sendmail_path = ${sendmail} -t
- #'';
- services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
- options = ''
- extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
- sendmail_path = ${sendmail} -t -i"
- '';
- } ''
- cat ${pkgs.php}/etc/php-recommended.ini > $out
- echo "$options" >> $out
+ services.phpfpm.phpOptions = ''
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ sendmail_path = ${sendmail} -t
'';
+ #services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
+ # options = ''
+ # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ # sendmail_path = "${sendmail} -t -i"
+ # '';
+ #} ''
+ # cat ${pkgs.php}/etc/php-recommended.ini > $out
+ # echo "$options" >> $out
+ #'';
}
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 63efbecb6..0107da739 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -1,10 +1,10 @@
{ config, pkgs, lib, ... }:
+with lib;
let
inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
genid
head
- nameValuePair
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
ssl
@@ -12,6 +12,16 @@ let
serveWordpress
;
+ msmtprc = pkgs.writeText "msmtprc" ''
+ account localhost
+ host localhost
+ account default: localhost
+ '';
+
+ sendmail = pkgs.writeDash "msmtp" ''
+ exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
+ '';
+
in {
imports = [
./sqlBackup.nix
@@ -48,7 +58,34 @@ in {
"ttf_kleinaspach_de"
];
+ #password protect some dirs
+ krebs.nginx.servers."biostase.de".locations = [
+ (nameValuePair "/old_biostase.de" ''
+ auth_basic "Administrator Login";
+ auth_basic_user_file /srv/http/biostase.de/old_biostase.de/.htpasswd;
+ '')
+ (nameValuePair "/mysqldumper" ''
+ auth_basic "Administrator Login";
+ auth_basic_user_file /srv/http/biostase.de/mysqldumper/.htpasswd;
+ '')
+ ];
+
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.fritz.pubkey
];
+
+ services.phpfpm.phpOptions = ''
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ sendmail_path = ${sendmail} -t
+ '';
+
+ #services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
+ # options = ''
+ # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ # sendmail_path = "${sendmail} -t -i"
+ # '';
+ #} ''
+ # cat ${pkgs.php}/etc/php-recommended.ini > $out
+ # echo "$options" >> $out
+ #'';
}
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index 5e14871ac..0bfd9fe6b 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -5,7 +5,6 @@ let
in {
krebs.per-user.chat.packages = with pkgs; [
mosh
- tmux
weechat
];
diff --git a/lass/2configs/wordpress.nix b/lass/2configs/wordpress.nix
deleted file mode 100644
index bd59080d9..000000000
--- a/lass/2configs/wordpress.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- containers.wordpress = {
- privateNetwork = true;
- hostAddress = "192.168.101.1";
- localAddress = "192.168.101.2";
-
- config = {
- imports = [
- ../../krebs/3modules/iptables.nix
- ];
-
- krebs.iptables = {
- enable = true;
- tables = {
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- ];
- };
- };
-
- environment.systemPackages = with pkgs; [
- iptables
- ];
-
- services.postgresql = {
- enable = true;
- package = pkgs.postgresql;
- };
-
- services.httpd = {
- enable = true;
- adminAddr = "root@apanowicz.de";
- extraModules = [
- { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }
- ];
- virtualHosts = [
- {
- hostName = "wordpress";
- serverAliases = [ "wordpress" "www.wordpress" ];
-
- extraSubservices = [
- {
- serviceName = "wordpress";
- }
- ];
- }
- ];
- };
- };
- };
-}
diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix
index e3b0f45dc..5d3661706 100644
--- a/lass/2configs/xserver/Xresources.nix
+++ b/lass/2configs/xserver/Xresources.nix
@@ -19,9 +19,48 @@ pkgs.writeText "Xresources" ''
URxvt.intensityStyles: false
- URxvt*background: #000000
- URxvt*foreground: #ffffff
+ URxvt*background: #050505
+ ! URxvt*background: #041204
+
+ !URxvt.depth: 32
+ !URxvt*background: rgba:0500/0500/0500/cccc
+
+ ! URxvt*background: #080810
+ URxvt*foreground: #d0d7d0
+ ! URxvt*background: black
+ ! URxvt*foreground: white
+ ! URxvt*background: rgb:00/00/40
+ ! URxvt*foreground: rgb:a0/a0/d0
+ ! XTerm*cursorColor: rgb:00/00/60
+ URxvt*cursorColor: #f042b0
+ URxvt*cursorColor2: #f0b000
+ URxvt*cursorBlink: off
+ ! URxvt*cursorUnderline: true
+ ! URxvt*highlightColor: #232323
+ ! URxvt*highlightTextColor: #b0ffb0
+
+ URxvt*.pointerBlank: true
+ URxvt*.pointerBlankDelay: 987654321
+ URxvt*.pointerColor: #f042b0
+ URxvt*.pointerColor2: #050505
+
+ ! URxvt*color0: #000000
+ ! URxvt*color1: #c00000
+ ! URxvt*color2: #80c070
+ URxvt*color3: #c07000
+ ! URxvt*color4: #0000c0
+ URxvt*color4: #4040c0
+ ! URxvt*color5: #c000c0
+ ! URxvt*color6: #008080
+ URxvt*color7: #c0c0c0
+
+ URxvt*color8: #707070
+ URxvt*color9: #ff6060
+ URxvt*color10: #70ff70
+ URxvt*color11: #ffff70
+ URxvt*color12: #7070ff
+ URxvt*color13: #ff50ff
+ URxvt*color14: #70ffff
+ URxvt*color15: #ffffff
- !change unreadable blue
- URxvt*color4: #268bd2
''
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index 7299e9ac0..b221d7677 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -7,9 +7,6 @@
zsh-newuser-install() { :; }
'';
interactiveShellInit = ''
- HISTFILE=~/.histfile
- HISTSIZE=1000000
- SAVEHIST=100000
#unsetopt nomatch
setopt autocd extendedglob
bindkey -e
@@ -92,6 +89,11 @@
esac
'';
promptInit = ''
+ # TODO: figure out why we need to set this here
+ HISTSIZE=900001
+ HISTFILESIZE=$HISTSIZE
+ SAVEHIST=$HISTSIZE
+
autoload -U promptinit
promptinit
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 380d83a91..b3037205e 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -4,6 +4,7 @@ _:
./ejabberd
./folderPerms.nix
./mysql-backup.nix
+ ./power-action.nix
./urxvtd.nix
./wordpress_nginx.nix
./xresources.nix
diff --git a/lass/3modules/power-action.nix b/lass/3modules/power-action.nix
new file mode 100644
index 000000000..3116514a8
--- /dev/null
+++ b/lass/3modules/power-action.nix
@@ -0,0 +1,93 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+let
+ cfg = config.lass.power-action;
+
+ out = {
+ options.lass.power-action = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "power-action";
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "power-action";
+ };
+ };
+ startAt = mkOption {
+ type = types.str;
+ default = "*:0/1";
+ };
+ plans = mkOption {
+ type = with types; attrsOf (submodule {
+ options = {
+ charging = mkOption {
+ type = nullOr bool;
+ default = null;
+ description = ''
+ check for charging status.
+ null = don't care
+ true = only if system is charging
+ false = only if system is discharging
+ '';
+ };
+ upperLimit = mkOption {
+ type = int;
+ };
+ lowerLimit = mkOption {
+ type = int;
+ };
+ action = mkOption {
+ type = path;
+ };
+ };
+ });
+ };
+ };
+
+ imp = {
+ systemd.services.power-action = {
+ serviceConfig = rec {
+ ExecStart = startScript;
+ User = cfg.user.name;
+ };
+ startAt = cfg.startAt;
+ };
+ users.users.${cfg.user.name} = {
+ inherit (cfg.user) name uid;
+ };
+ };
+
+ startScript = pkgs.writeDash "power-action" ''
+ set -euf
+
+ power="$(${powerlvl})"
+ state="$(${state})"
+ ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)}
+ '';
+ charging_check = plan:
+ if (plan.charging == null) then "" else
+ if plan.charging
+ then ''&& [ "$state" = "true" ]''
+ else ''&& ! [ "$state" = "true" ]''
+ ;
+
+ writeRule = _: plan:
+ "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi";
+
+ powerlvl = pkgs.writeDash "powerlvl" ''
+ cat /sys/class/power_supply/BAT0/capacity
+ '';
+
+ state = pkgs.writeDash "state" ''
+ if [ "$(cat /sys/class/power_supply/BAT0/status)" = "Discharging" ]
+ then echo "false"
+ else echo "true"
+ fi
+ '';
+
+in out
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 467867f63..c48188f9d 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -3,6 +3,9 @@
{
nixpkgs.config.packageOverrides = rec {
acronym = pkgs.callPackage ./acronym/default.nix {};
+ ejabberd = pkgs.callPackage ./ejabberd {
+ erlang = pkgs.erlangR16;
+ };
firefoxPlugins = {
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
@@ -10,11 +13,11 @@
};
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
+ q = pkgs.callPackage ./q {};
+ rs = pkgs.callPackage ./rs/default.nix {};
untilport = pkgs.callPackage ./untilport/default.nix {};
urban = pkgs.callPackage ./urban/default.nix {};
- xmonad-lass =
- let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
- pkgs.haskellPackages.callPackage src {};
+ xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; };
yt-next = pkgs.callPackage ./yt-next/default.nix {};
};
}
diff --git a/lass/5pkgs/q/default.nix b/lass/5pkgs/q/default.nix
new file mode 100644
index 000000000..644be0d17
--- /dev/null
+++ b/lass/5pkgs/q/default.nix
@@ -0,0 +1,185 @@
+{ pkgs, ... }:
+let
+ q-cal = let
+ # XXX 23 is the longest line of cal's output
+ pad = ''{
+ ${pkgs.gnused}/bin/sed '
+ # rtrim
+ s/ *$//
+
+ # delete last empty line
+ ''${/^$/d}
+ ' \
+ | ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \
+ | ${pkgs.gnused}/bin/sed '
+ # colorize header
+ 1,2s/.*/&/
+
+ # colorize week number
+ s/^[ 1-9][0-9]/&/
+ '
+ }'';
+ in ''
+ ${pkgs.coreutils}/bin/paste \
+ <(${pkgs.utillinux}/bin/cal -mw \
+ $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \
+ | ${pad}
+ ) \
+ <(${pkgs.utillinux}/bin/cal -mw \
+ | ${pkgs.gnused}/bin/sed '
+ # colorize day of month
+ s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/&/
+ ' \
+ | ${pad}
+ ) \
+ <(${pkgs.utillinux}/bin/cal -mw \
+ $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \
+ | ${pad}
+ ) \
+ | ${pkgs.gnused}/bin/sed 's/\t/ /g'
+ '';
+
+ q-isodate = ''
+ ${pkgs.coreutils}/bin/date \
+ '+%Y-%m-%dT%H:%M:%S%:z'
+ '';
+
+ q-gitdir = ''
+ if test -d .git; then
+ #git status --porcelain
+ branch=$(
+ ${pkgs.git}/bin/git branch \
+ | ${pkgs.gnused}/bin/sed -rn 's/^\* (.*)/\1/p'
+ )
+ echo "± $LOGNAME@''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}:$PWD .git $branch"
+ fi
+ '';
+
+ q-power_supply = ''
+ for uevent in /sys/class/power_supply/*/uevent; do
+ if test -f $uevent; then
+ eval "$(${pkgs.gnused}/bin/sed -n '
+ s/^\([A-Z_]\+=\)\(.*\)/\1'\'''\2'\'''/p
+ ' $uevent)"
+
+ if test "x''${POWER_SUPPLY_CHARGE_NOW-}" = x; then
+ continue
+ fi
+
+ charge_percentage=$(echo "
+ scale=2
+ $POWER_SUPPLY_CHARGE_NOW / $POWER_SUPPLY_CHARGE_FULL
+ " | ${pkgs.bc}/bin/bc)
+
+ lfc=$POWER_SUPPLY_CHARGE_FULL
+ rc=$POWER_SUPPLY_CHARGE_NOW
+ #rc=2800
+ N=78; N=76
+ N=10
+ n=$(echo $N-1 | ${pkgs.bc}/bin/bc)
+ centi=$(echo "$rc*100/$lfc" | ${pkgs.bc}/bin/bc)
+ deci=$(echo "$rc*$N/$lfc" | ${pkgs.bc}/bin/bc)
+ energy_evel=$(
+ echo -n '☳ ' # TRIGRAM FOR THUNDER
+ if test $centi -ge 42; then echo -n ''
+ elif test $centi -ge 23; then echo -n ''
+ elif test $centi -ge 11; then echo -n ''
+ else echo -n ''; fi
+ for i in $(${pkgs.coreutils}/bin/seq 1 $deci); do
+ echo -n ■
+ done
+ echo -n ''
+ for i in $(${pkgs.coreutils}/bin/seq $deci $n); do
+ echo -n ■
+ done
+ echo '' $rc #/ $lfc
+ )
+ echo "$energy_evel $charge_percentage"
+ fi
+ done
+ '';
+
+ q-virtualization = ''
+ echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
+ '';
+
+ q-wireless = ''
+ for dev in $(
+ ${pkgs.iw}/bin/iw dev \
+ | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
+ ); do
+ inet=$(${pkgs.iproute}/bin/ip addr show $dev \
+ | ${pkgs.gnused}/bin/sed -n '
+ s/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p
+ ') \
+ || unset inet
+ ssid=$(${pkgs.iw}/bin/iw dev $dev link \
+ | ${pkgs.gnused}/bin/sed -n '
+ s/.*\tSSID: \(.*\)/\1/p
+ ') \
+ || unset ssid
+ echo "$dev''${inet+ $inet}''${ssid+ $ssid}"
+ done
+ '';
+
+ q-online = ''
+ if ${pkgs.curl.bin}/bin/curl -s google.com >/dev/null; then
+ echo 'online'
+ else
+ echo offline
+ fi
+ '';
+
+ q-thermal_zone = ''
+ for i in /sys/class/thermal/thermal_zone*; do
+ type=$(${pkgs.coreutils}/bin/cat $i/type)
+ temp=$(${pkgs.coreutils}/bin/cat $i/temp)
+ printf '%s %s°C\n' $type $(echo $temp / 1000 | ${pkgs.bc}/bin/bc)
+ done
+ '';
+
+ q-todo = ''
+ TODO_file=$HOME/TODO
+ if test -e "$TODO_file"; then
+ ${pkgs.coreutils}/bin/cat "$TODO_file" \
+ | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) '
+ BEGIN { print "remind=0" }
+ /^[0-9]/{
+ x = $1
+ gsub(".", "\\\\&", x)
+ rest = substr($0, index($0, " "))
+ rest = $0
+ sub(" *", "", rest)
+ gsub(".", "\\\\&", rest)
+ print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \
+ echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \
+ (( remind++ ))"
+ }
+ END { print "test $remind = 0 && echo \"nothing to remind\"" }
+ ' \
+ | {
+ # bash needed for (( ... ))
+ ${pkgs.bash}/bin/bash
+ }
+ else
+ echo "$TODO_file: no such file or directory"
+ fi
+ '';
+
+in
+# bash needed for <(...)
+pkgs.writeBashBin "q" ''
+ set -eu
+ export PATH=/var/empty
+ ${q-cal}
+ echo
+ ${q-isodate}
+ (${q-gitdir}) &
+ (${q-power_supply}) &
+ (${q-virtualization}) &
+ (${q-wireless}) &
+ (${q-online}) &
+ (${q-thermal_zone}) &
+ wait
+ ${q-todo}
+''
diff --git a/lass/5pkgs/rs/default.nix b/lass/5pkgs/rs/default.nix
new file mode 100644
index 000000000..6b27908fb
--- /dev/null
+++ b/lass/5pkgs/rs/default.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+
+#TODO: get tab-completion working again
+pkgs.writeBashBin "rs" ''
+ rsync -vaP --append-verify "$@"
+''
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass.nix
index d7c66bf4d..841821a7a 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -1,3 +1,15 @@
+{ pkgs, ... }:
+pkgs.writeHaskell "xmonad-lass" {
+ executables.xmonad = {
+ extra-depends = [
+ "containers"
+ "unix"
+ "X11"
+ "xmonad"
+ "xmonad-contrib"
+ "xmonad-stockholm"
+ ];
+ text = ''
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
{-# LANGUAGE LambdaCase #-}
@@ -147,3 +159,8 @@ gridConfig = def
, gs_navigate = navNSearch
, gs_font = myFont
}
+
+ '';
+ };
+}
+
diff --git a/lass/5pkgs/xmonad-lass/.gitignore b/lass/5pkgs/xmonad-lass/.gitignore
deleted file mode 100644
index 616204547..000000000
--- a/lass/5pkgs/xmonad-lass/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/shell.nix
diff --git a/lass/5pkgs/xmonad-lass/Makefile b/lass/5pkgs/xmonad-lass/Makefile
deleted file mode 100644
index cbb0776e6..000000000
--- a/lass/5pkgs/xmonad-lass/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-.PHONY: ghci
-ghci: shell.nix
- nix-shell --command 'exec ghci -Wall'
-
-shell.nix: xmonad.cabal
- cabal2nix --shell . > $@
diff --git a/lass/5pkgs/xmonad-lass/xmonad.cabal b/lass/5pkgs/xmonad-lass/xmonad.cabal
deleted file mode 100644
index 37809b599..000000000
--- a/lass/5pkgs/xmonad-lass/xmonad.cabal
+++ /dev/null
@@ -1,17 +0,0 @@
-Author: lass
-Build-Type: Simple
-Cabal-Version: >= 1.2
-License: MIT
-Name: xmonad-lass
-Version: 0
-
-Executable xmonad
- Build-Depends:
- base,
- containers,
- unix,
- xmonad,
- xmonad-contrib,
- xmonad-stockholm
- GHC-Options: -Wall -O3 -threaded -rtsopts
- Main-Is: Main.hs
diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix
index 2f2358ddc..5f1d6e121 100644
--- a/makefu/1systems/darth.nix
+++ b/makefu/1systems/darth.nix
@@ -17,19 +17,31 @@ in {
../2configs/exim-retiolum.nix
../2configs/virtualization.nix
];
-
- networking.firewall.allowedUDPPorts = [ 80 655 67 ];
- networking.firewall.allowedTCPPorts = [ 80 655 ];
- networking.firewall.checkReversePath = false;
+ services.tinc.networks.siem = {
+ name = "sdarth";
+ extraConfig = "ConnectTo = sjump";
+ };
#networking.firewall.enable = false;
- # virtualisation.nova.enableSingleNode = true;
krebs.retiolum.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
- networking.wireless.enable = true;
+ networking = {
+ wireless.enable = true;
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedUDPPorts = [ 80 655 1655 67 ];
+ allowedTCPPorts = [ 80 655 1655 ];
+ };
+ # fallback connection to the internal virtual network
+ interfaces.virbr3.ip4 = [{
+ address = "10.8.8.2";
+ prefixLength = 24;
+ }];
+ };
# TODO smartd omo darth gum all-in-one
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index fbd06a9c7..e71055f54 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -5,9 +5,10 @@
{ config, pkgs, lib, ... }:
let
byid = dev: "/dev/disk/by-id/" + dev;
- keyFile = "/dev/disk/by-id/usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
- rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
- homePartition = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3";
+ keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
+ rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
+ rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2";
+ primaryInterface = "enp1s0";
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
# cryptsetup luksAddKey $dev tmpkey
# cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
@@ -15,14 +16,14 @@ let
# omo Chassis:
# __FRONT_
- # |* d2 |
+ # |* d0 |
# | |
# |* d3 |
# | |
- # |* d0 |
+ # |* d3 |
# | |
- # |* d1 |
# |* |
+ # |* d2 |
# | * r0 |
# |_______|
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
@@ -38,27 +39,31 @@ in {
[
../.
# TODO: unlock home partition via ssh
- ../2configs/fs/single-partition-ext4.nix
+ ../2configs/fs/sda-crypto-root.nix
../2configs/zsh-user.nix
../2configs/exim-retiolum.nix
../2configs/smart-monitor.nix
../2configs/mail-client.nix
- ../2configs/share-user-sftp.nix
- ../2configs/graphite-standalone.nix
+ #../2configs/graphite-standalone.nix
+ #../2configs/share-user-sftp.nix
../2configs/omo-share.nix
+
+ ## as long as pyload is not in nixpkgs:
+ # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
];
krebs.retiolum.enable = true;
- networking.firewall.trustedInterfaces = [ "enp3s0" ];
+ networking.firewall.trustedInterfaces = [ primaryInterface ];
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
# tcp:80 - nginx for sharing files
# tcp:655 udp:655 - tinc
# tcp:8111 - graphite
+ # tcp:8112 - pyload
# tcp:9090 - sabnzbd
# tcp:9200 - elasticsearch
# tcp:5601 - kibana
networking.firewall.allowedUDPPorts = [ 655 ];
- networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
+ networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ];
# services.openssh.allowSFTP = false;
@@ -66,6 +71,9 @@ in {
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ virtualisation.docker.enable = true;
+
+
# HDD Array stuff
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
@@ -76,15 +84,11 @@ in {
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
+
fileSystems = let
cryptMount = name:
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
- in {
- "/home" = {
- device = "/dev/mapper/home";
- fsType = "ext4";
- };
- } // cryptMount "crypt0"
+ in cryptMount "crypt0"
// cryptMount "crypt1"
// cryptMount "crypt2";
@@ -101,15 +105,16 @@ in {
usbkey = name: device: {
inherit name device keyFile;
keyFileSize = 4096;
+ allowDiscards = true;
};
in [
- (usbkey "home" homePartition)
+ (usbkey "luksroot" rootPartition)
(usbkey "crypt0" cryptDisk0)
(usbkey "crypt1" cryptDisk1)
(usbkey "crypt2" cryptDisk2)
];
};
- loader.grub.device = rootDisk;
+ loader.grub.device = lib.mkForce rootDisk;
initrd.availableKernelModules = [
"ahci"
@@ -121,12 +126,12 @@ in {
"usbhid"
];
- kernelModules = [ "kvm-amd" ];
+ kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
hardware.enableAllFirmware = true;
- hardware.cpu.amd.updateMicrocode = true;
+ hardware.cpu.intel.updateMicrocode = true;
zramSwap.enable = true;
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index fa39b121c..7b6c18342 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -31,6 +31,7 @@
# hardware specifics are in here
../2configs/hw/tp-x220.nix
+ ../2configs/hw/rtl8812au.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix
# ../2configs/mediawiki.nix
@@ -43,6 +44,14 @@
# ../2configs/temp/sabnzbd.nix
];
+ services.tinc.networks.siem = {
+ name = "makefu";
+ extraConfig = ''
+ ConnectTo = sdarth
+ ConnectTo = sjump
+ '';
+ };
+
krebs.nginx = {
default404 = false;
servers.default.listen = [ "80 default_server" ];
@@ -59,7 +68,6 @@
networking.firewall.allowedUDPPorts = [ 665 ];
krebs.build.host = config.krebs.hosts.pornocauster;
-
krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
krebs.retiolum = {
enable = true;
@@ -68,4 +76,6 @@
networking.extraHosts = ''
192.168.1.11 omo.local
'';
+ # hard dependency because otherwise the device will not be unlocked
+ boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
}
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix
new file mode 100644
index 000000000..1fe8871d2
--- /dev/null
+++ b/makefu/1systems/shoney.nix
@@ -0,0 +1,54 @@
+{ config, pkgs, ... }:
+let
+ tinc-siem-ip = "10.8.10.1";
+
+ ip = "64.137.234.215";
+ alt-ip = "64.137.234.210";
+ extra-ip = "64.137.234.114"; #currently unused
+ gw = "64.137.234.1";
+in {
+ imports = [
+ ../.
+ ../2configs/save-diskspace.nix
+ ../2configs/hw/CAC.nix
+ ../2configs/fs/CAC-CentOS-7-64bit.nix
+ ];
+
+
+
+ services.tinc.networks.siem.name = "sjump";
+
+ krebs = {
+ enable = true;
+ retiolum.enable = true;
+ build.host = config.krebs.hosts.shoney;
+ nginx.enable = true;
+ tinc_graphs = {
+ enable = true;
+ network = "siem";
+ hostsPath = "/etc/tinc/siem/hosts";
+ nginx = {
+ enable = true;
+ # TODO: remove hard-coded hostname
+ complete = {
+ listen = [ "${tinc-siem-ip}:80" ];
+ server-names = [ "graphs.siem" ];
+ };
+ };
+ };
+ };
+ networking = {
+ interfaces.enp2s1.ip4 = [
+ { address = ip; prefixLength = 24; }
+ { address = alt-ip; prefixLength = 24; }
+ ];
+
+ defaultGateway = gw;
+ nameservers = [ "8.8.8.8" ];
+ firewall = {
+ trustedInterfaces = [ "tinc.siem" ];
+ allowedUDPPorts = [ 655 1655 ];
+ allowedTCPPorts = [ 655 1655 ];
+ };
+ };
+}
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index d9f8ded83..5788cb654 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -9,9 +9,9 @@ in {
imports = [
../.
# TODO: copy this config or move to krebs
- ../../tv/2configs/hw/CAC.nix
- ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/headless.nix
+ ../2configs/hw/CAC.nix
+ ../2configs/fs/CAC-CentOS-7-64bit.nix
+ ../2configs/save-diskspace.nix
../2configs/bepasty-dual.nix
@@ -27,8 +27,7 @@ in {
../2configs/collectd/collectd-base.nix
];
krebs.retiolum.enable = true;
- services.nixosManual.enable = false;
- programs.man.enable = false;
+
krebs.build.host = config.krebs.hosts.wry;
krebs.Reaktor = {
@@ -83,9 +82,5 @@ in {
nameservers = [ "8.8.8.8" ];
};
- # small machine - do not forget to gc every day
- nix.gc.automatic = true;
- nix.gc.dates = "03:10";
-
environment.systemPackages = [ ];
}
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 62daed8be..422927b28 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -16,6 +16,8 @@ with config.krebs.lib;
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
krebs = {
enable = true;
+
+ dns.providers.siem = "hosts";
search-domain = "retiolum";
build = {
user = config.krebs.users.makefu;
@@ -24,7 +26,9 @@ with config.krebs.lib;
url = https://github.com/nixos/nixpkgs;
rev = "63b9785"; # stable @ 2016-06-01
};
- secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/";
+ secrets = if getEnv "dummy_secrets" == "true"
+ then toString <stockholm/makefu/6tests/data/secrets>
+ else "/home/makefu/secrets/${config.krebs.build.host.name}";
stockholm = "/home/makefu/stockholm";
# Defaults for all stockholm users?
@@ -154,6 +158,15 @@ with config.krebs.lib;
"net.ipv6.conf.default.use_tempaddr" = 2;
};
+ system.activationScripts.nix-defexpr = ''
+ (set -euf
+ for i in /home/makefu /root/;do
+ f="$i/.nix-defexpr"
+ rm -fr "$f"
+ ln -s /var/src/nixpkgs "$f"
+ done)
+ '';
+
i18n = {
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
diff --git a/makefu/2configs/fs/CAC-CentOS-7-64bit.nix b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix
new file mode 100644
index 000000000..c9eb97f44
--- /dev/null
+++ b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix
@@ -0,0 +1,20 @@
+_:
+
+{
+ boot.loader.grub = {
+ device = "/dev/sda";
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/centos/root";
+ fsType = "xfs";
+ };
+ "/boot" = {
+ device = "/dev/sda1";
+ fsType = "xfs";
+ };
+ };
+ swapDevices = [
+ { device = "/dev/centos/swap"; }
+ ];
+}
diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix
index b82c0e44e..5c7cdf716 100644
--- a/makefu/2configs/fs/sda-crypto-root.nix
+++ b/makefu/2configs/fs/sda-crypto-root.nix
@@ -1,16 +1,16 @@
{ config, lib, pkgs, ... }:
# sda: bootloader grub2
-# sda1: boot ext4 (label nixboot)
+# sda1: boot ext4 (label nixboot) - must be unlocked on boot if required:
+ # boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
# sda2: cryptoluks -> ext4
with config.krebs.lib;
{
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
+ loader.grub.device = lib.mkDefault "/dev/sda";
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
};
diff --git a/makefu/2configs/hw/CAC.nix b/makefu/2configs/hw/CAC.nix
new file mode 100644
index 000000000..9ed18344a
--- /dev/null
+++ b/makefu/2configs/hw/CAC.nix
@@ -0,0 +1,13 @@
+_:
+{
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "vmw_pvscsi"
+ ];
+ boot.loader.grub.splashImage = null;
+ nix = {
+ daemonIONiceLevel = 1;
+ daemonNiceLevel = 1;
+ };
+ sound.enable = false;
+}
diff --git a/makefu/2configs/hw/fingerprint-reader.nix b/makefu/2configs/hw/fingerprint-reader.nix
new file mode 100644
index 000000000..1f2f00b03
--- /dev/null
+++ b/makefu/2configs/hw/fingerprint-reader.nix
@@ -0,0 +1,6 @@
+_: {
+ # add fingerprint with fprintd-enroll
+ services.fprintd.enable = true;
+ security.pam.services.login.fprintAuth = true;
+ security.pam.services.xscreensaver.fprintAuth = true;
+}
diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix
index be3d1eb70..1c9a34965 100644
--- a/makefu/2configs/hw/tp-x220.nix
+++ b/makefu/2configs/hw/tp-x220.nix
@@ -5,7 +5,7 @@ with config.krebs.lib;
imports = [ ./tp-x2x0.nix ];
boot = {
- kernelModules = [ "kvm-intel" "acpi_call" ];
+ kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
};
@@ -28,7 +28,7 @@ with config.krebs.lib;
# enable HDMI output switching with pulseaudio
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
- ${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
+ ${builtins.readFile "${config.hardware.pulseaudio.package.out}/etc/pulse/default.pa"}
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"
'';
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 7f9dc67a5..c10ec1314 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -22,7 +22,8 @@ with config.krebs.lib;
services.tlp.enable = true;
services.tlp.extraConfig = ''
- START_CHARGE_THRESH_BAT0=80
+ # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
+ #START_CHARGE_THRESH_BAT0=80
STOP_CHARGE_THRESH_BAT0=95
CPU_SCALING_GOVERNOR_ON_AC=performance
diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix
new file mode 100644
index 000000000..cc2b29cac
--- /dev/null
+++ b/makefu/2configs/save-diskspace.nix
@@ -0,0 +1,9 @@
+_:
+# TODO: do not check out nixpkgs master but fetch revision from github
+{
+ services.nixosManual.enable = false;
+ programs.man.enable = false;
+ services.journald.extraConfig = "SystemMaxUse=50M";
+ nix.gc.automatic = true;
+ nix.gc.dates = "03:10";
+}
diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix
index e527a5cb7..300467e1f 100644
--- a/makefu/3modules/umts.nix
+++ b/makefu/3modules/umts.nix
@@ -3,6 +3,14 @@
with config.krebs.lib;
let
+ nixpkgs-1509 = import (pkgs.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs-channels";
+ rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
+ sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
+ }) {};
+
+ wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
+
# TODO: currently it is only netzclub
umts-bin = pkgs.writeScriptBin "umts" ''
#!/bin/sh
@@ -62,7 +70,7 @@ let
Type = "simple";
Restart = "always";
RestartSec = "10s";
- ExecStart = "${pkgs.wvdial}/bin/wvdial -n";
+ ExecStart = "${wvdial}/bin/wvdial -n";
};
};
};
diff --git a/makefu/5pkgs/bintray-upload/default.nix b/makefu/5pkgs/bintray-upload/default.nix
new file mode 100644
index 000000000..1e9582cca
--- /dev/null
+++ b/makefu/5pkgs/bintray-upload/default.nix
@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+
+pkgs.python3Packages.buildPythonPackage rec {
+ name = "bintray-upload-${version}";
+ version = "0.1.2";
+ src = pkgs.fetchFromGitHub {
+ owner = "makefu";
+ repo = "bintray-upload";
+ rev = "4e76724";
+ sha256 = "1401saisk98n5wgw73nwh8hb484vayw5c6dlypxc1fp4ybym4zi9";
+ };
+
+ propagatedBuildInputs = with pkgs.python3Packages; [ requests2 ];
+
+ meta = {
+ description = "Simple BinTray utility for uploading packages";
+ license = pkgs.stdenv.lib.licenses.asl20;
+ };
+}
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 6d227fa6d..bb6290af2 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -13,7 +13,8 @@ in
nodemcu-uploader = callPackage ./nodemcu-uploader {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
inherit (callPackage ./devpi {}) devpi-web devpi-server;
- skytraq-logger = callPackage ./skytraq-logger/ {};
+ skytraq-logger = callPackage ./skytraq-logger {};
taskserver = callPackage ./taskserver {};
+ bintray-upload = callPackage ./bintray-upload {};
};
}
diff --git a/makefu/6tests/data/secrets/bepasty-secret.nix b/makefu/6tests/data/secrets/bepasty-secret.nix
new file mode 100644
index 000000000..f5e704702
--- /dev/null
+++ b/makefu/6tests/data/secrets/bepasty-secret.nix
@@ -0,0 +1 @@
+"derp"
diff --git a/makefu/6tests/data/secrets/hashedPasswords.nix b/makefu/6tests/data/secrets/hashedPasswords.nix
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/makefu/6tests/data/secrets/hashedPasswords.nix
@@ -0,0 +1 @@
+{}
diff --git a/makefu/6tests/data/secrets/iodinepw.nix b/makefu/6tests/data/secrets/iodinepw.nix
new file mode 100644
index 000000000..f5e704702
--- /dev/null
+++ b/makefu/6tests/data/secrets/iodinepw.nix
@@ -0,0 +1 @@
+"derp"
diff --git a/makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv b/makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv
diff --git a/makefu/6tests/data/secrets/retiolum.rsa_key.priv b/makefu/6tests/data/secrets/retiolum.rsa_key.priv
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/retiolum.rsa_key.priv
diff --git a/makefu/6tests/data/secrets/retiolum.rsa_key.pub b/makefu/6tests/data/secrets/retiolum.rsa_key.pub
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/retiolum.rsa_key.pub
diff --git a/makefu/6tests/data/secrets/sambacred b/makefu/6tests/data/secrets/sambacred
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/sambacred
diff --git a/makefu/6tests/data/secrets/ssh.makefu.id_rsa b/makefu/6tests/data/secrets/ssh.makefu.id_rsa
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/ssh.makefu.id_rsa
diff --git a/makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub b/makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub
diff --git a/makefu/6tests/data/secrets/ssh_host_ed25519_key b/makefu/6tests/data/secrets/ssh_host_ed25519_key
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/ssh_host_ed25519_key
diff --git a/makefu/6tests/data/secrets/tinc.krebsco.de.crt b/makefu/6tests/data/secrets/tinc.krebsco.de.crt
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/tinc.krebsco.de.crt
diff --git a/makefu/6tests/data/secrets/tinc.krebsco.de.key b/makefu/6tests/data/secrets/tinc.krebsco.de.key
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/tinc.krebsco.de.key
diff --git a/makefu/6tests/data/secrets/tw-pass.ini b/makefu/6tests/data/secrets/tw-pass.ini
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/tw-pass.ini
diff --git a/makefu/6tests/data/secrets/wildcard.krebsco.de.crt b/makefu/6tests/data/secrets/wildcard.krebsco.de.crt
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/wildcard.krebsco.de.crt
diff --git a/makefu/6tests/data/secrets/wildcard.krebsco.de.key b/makefu/6tests/data/secrets/wildcard.krebsco.de.key
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/6tests/data/secrets/wildcard.krebsco.de.key
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 53334d6f1..180510066 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -22,7 +22,7 @@ in
# local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
-
+ krebs.retiolum.extraConfig = "TCPOnly = yes";
services.grafana = {
enable = true;
addr = "0.0.0.0";
@@ -37,7 +37,7 @@ in
networking = {
firewall.enable = false;
- interfaces.eth0.ip4 = [{
+ interfaces.enp0s3.ip4 = [{
address = shack-ip;
prefixLength = 20;
}];
diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix
index 5f3b35304..6c40d9966 100644
--- a/shared/2configs/shared-buildbot.nix
+++ b/shared/2configs/shared-buildbot.nix
@@ -26,7 +26,7 @@
stockholm_repo,
workdir='stockholm-poller', branches=True,
project='stockholm',
- pollinterval=120))
+ pollinterval=60))
'';
scheduler = {
force-scheduler = ''
@@ -43,7 +43,7 @@
sched.append(schedulers.SingleBranchScheduler(
## all branches
change_filter=util.ChangeFilter(branch_re=".*"),
- # treeStableTimer=10,
+ treeStableTimer=10,
name="fast-all-branches",
builderNames=["fast-tests"]))
'';
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 10:47:04 +0000
[cgit] Unable to lock slot /tmp/cgit/25200000.lock: No such file or directory (2)