diff options
58 files changed, 696 insertions, 143 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index daa963bc8..227eb209b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -34,10 +34,10 @@ let ./Reaktor.nix ./realwallpaper.nix ./retiolum-bootstrap.nix - ./retiolum.nix ./rtorrent.nix ./secret.nix ./setuid.nix + ./tinc.nix ./tinc_graphs.nix ./urlwatch.nix ./repo-sync.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ec5811d86..b86e05319 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -10,7 +10,7 @@ with import <stockholm/lib>; internet = { ip4.addr = "144.76.172.188"; aliases = [ - "dishfire.internet" + "dishfire.i" ]; ssh.port = 45621; }; @@ -42,7 +42,7 @@ with import <stockholm/lib>; internet = { ip4.addr = "104.233.79.118"; aliases = [ - "echelon.internet" + "echelon.i" ]; ssh.port = 45621; }; @@ -82,9 +82,8 @@ with import <stockholm/lib>; internet = { ip4.addr = "213.239.205.240"; aliases = [ - "prism.internet" + "prism.i" "paste.i" - "paste.internet" ]; ssh.port = 45621; }; @@ -132,7 +131,7 @@ with import <stockholm/lib>; internet = { ip4.addr = "104.167.113.104"; aliases = [ - "cloudkrebs.internet" + "cloudkrebs.i" ]; ssh.port = 45621; }; @@ -302,6 +301,27 @@ with import <stockholm/lib>; iso = { cores = 1; }; + sokrateslaptop = { + nets = { + retiolum = { + ip4.addr = "10.243.142.104"; + ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; + aliases = [ + "sokrateslaptop.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 + t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ + rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW + egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 + aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V + VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 650344981..33202d0ab 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -26,6 +26,31 @@ with import <stockholm/lib>; }; }; }; + studio = rec { + cores = 4; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; + nets = { + retiolum = { + ip4.addr = "10.243.227.163"; + ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6"; + aliases = [ + "studio.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti + cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk + GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI + jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1 + 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu + 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + fileleech = rec { cores = 4; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; @@ -449,6 +474,7 @@ with import <stockholm/lib>; nets = rec { internet = { ip4.addr = "188.68.40.19"; + ip6.addr = "2a03:4000:17:2df::1"; aliases = [ "gum.i" ]; diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/tinc.nix index 0a3d7ed2f..8af15c13b 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/tinc.nix @@ -17,6 +17,27 @@ let in { enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; + enableLegacy = mkEnableOption "/etc/tinc/${netname}"; + + confDir = mkOption { + type = types.package; + default = pkgs.linkFarm "${netname}-etc-tinc" + (mapAttrsToList (name: path: { inherit name path; }) { + "hosts" = tinc.config.hostsPackage; + "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' + Name = ${tinc.config.host.name} + Interface = ${netname} + ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} + PrivateKeyFile = ${tinc.config.privkey.path} + Port = ${toString tinc.config.host.nets.${netname}.tinc.port} + ${tinc.config.extraConfig} + ''; + "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' + ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up + ${tinc.config.tincUp} + ''; + }); + }; host = mkOption { type = types.host; @@ -175,29 +196,16 @@ let } ) config.krebs.tinc; + environment.etc = mapAttrs' (netname: cfg: + nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy { + source = cfg.confDir; + }) + ) config.krebs.tinc; + systemd.services = mapAttrs (netname: cfg: let tinc = cfg.tincPackage; iproute = cfg.iproutePackage; - - confDir = let - namePathPair = name: path: { inherit name path; }; - in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair { - "hosts" = cfg.hostsPackage; - "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" '' - Name = ${cfg.host.name} - Interface = ${netname} - ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} - PrivateKeyFile = ${cfg.privkey.path} - Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port} - ${cfg.extraConfig} - ''; - "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' - ${iproute}/sbin/ip link set ${netname} up - ${cfg.tincUp} - ''; - } - ); in { description = "Tinc daemon for ${netname}"; after = [ "network.target" ]; @@ -206,7 +214,7 @@ let path = [ tinc iproute ]; serviceConfig = rec { Restart = "always"; - ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; + ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; SyslogIdentifier = netname; }; } diff --git a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py index 22b48e59d..da8e2f726 100644 --- a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py @@ -3,15 +3,17 @@ # Usage: # _from=krebs state_dir=. python sed-plugin.py 'dick butt' # _from=krebs state_dir=. python sed-plugin.py 's/t/l/g' -## dick bull +# > dick bull import shelve from os import environ from os.path import join from sys import argv -d = shelve.open(join(environ['state_dir'],'sed-plugin.shelve'),writeback=True) -usr = environ['_from'] import re +d = shelve.open(join(environ['state_dir'], 'sed-plugin.shelve'), writeback=True) +usr = environ['_from'] + + def is_regex(line): myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$') return myre.match(line) @@ -19,15 +21,15 @@ def is_regex(line): line = argv[1] if is_regex(line): - last = d.get(usr,None) + last = d.get(usr, None) if last: - from subprocess import Popen,PIPE - p = Popen(['sed',line],stdin=PIPE,stdout=PIPE) - so,se = p.communicate(bytes("{}\n".format(last),"UTF-8")) + from subprocess import Popen, PIPE + p = Popen(['sed', line], stdin=PIPE, stdout=PIPE) + so, se = p.communicate(bytes("{}\n".format(last), "UTF-8")) if p.returncode: print("something went wrong when trying to process your regex: {}".format(se.decode())) ret = so.decode() - print("\x1b[1m{}\x1b[0m meinte: {}".format(usr,ret.strip())) + print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) if ret: d[usr] = ret diff --git a/krebs/5pkgs/goify/default.nix b/krebs/5pkgs/goify/default.nix index e2849b5c7..9c44aaeeb 100644 --- a/krebs/5pkgs/goify/default.nix +++ b/krebs/5pkgs/goify/default.nix @@ -1,17 +1,18 @@ { pkgs, ... }: -pkgs.writeDashBin "goify" '' +pkgs.writeBashBin "goify" '' set -euf GO_HOST=''${GO_HOST:-go} while read line; do - echo "$line" | sed -E 's|https?://\S*|\n&\n|g' | while read word; do - if echo "$word" | grep -Eq ^https?:; then - ${pkgs.curl}/bin/curl -Ss -F uri="$word" http://"$GO_HOST" | tr -d '\r' + echo "$line" | sed 's|https\?://\S*|\n&\n|g' | while read word; do + if echo "$word" | grep -q '^https\?:'; then + ${pkgs.curl}/bin/curl -Ss -F uri="$word" http://"$GO_HOST" \ + | tr -d '\r' else - echo "$word"; - fi; - done | sed '/^$/d' | tr '\n' ' '; echo; + echo "$word" + fi + done | grep . | tr '\n' ' '; echo done '' diff --git a/krebs/5pkgs/haskell-overrides/news.nix b/krebs/5pkgs/haskell-overrides/news.nix new file mode 100644 index 000000000..ba5e7a5e1 --- /dev/null +++ b/krebs/5pkgs/haskell-overrides/news.nix @@ -0,0 +1,18 @@ +{ mkDerivation, base, bloomfilter, bytestring, feed, fetchgit, lens +, stdenv, wreq +}: +mkDerivation { + pname = "news"; + version = "1.0.0"; + src = fetchgit { + url = "http://cgit.lassul.us/news"; + sha256 = "1n3ffr2a5irr5aly0y7qsafag3kxvyyh077ayk0vdwbd0s9hvnjs"; + rev = "c3eb2c0a1a34fc41e18d0bc99b1c4dc73aa6eb20"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + base bloomfilter bytestring feed lens wreq + ]; + license = stdenv.lib.licenses.mit; +} diff --git a/krebs/5pkgs/weechat/default.nix b/krebs/5pkgs/weechat/default.nix index f5dc6a8d4..c703ca8bf 100644 --- a/krebs/5pkgs/weechat/default.nix +++ b/krebs/5pkgs/weechat/default.nix @@ -21,12 +21,12 @@ let in stdenv.mkDerivation rec { - version = "1.7.1"; + version = "1.8"; name = "weechat-${version}"; src = fetchurl { url = "http://weechat.org/files/src/weechat-${version}.tar.bz2"; - sha256 = "1020m1lsm8lg9n0dlxgp2wbn9b0r11g8r0namnzi2x6gvxn7iyf0"; + sha256 = "10km0437lg9ms6f16h20s89l2w9f9g597rykybxb16s95ql48z08"; }; outputs = [ "out" "doc" ]; diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 298c9083d..99760dfdb 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -48,6 +48,7 @@ with import <stockholm/lib>; maven arandr libreoffice + mpv ]; } #{ diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 99399550c..30fc674bc 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -7,7 +7,6 @@ with import <stockholm/lib>; ../../krebs ../3modules ../5pkgs - ../2configs/binary-cache/client.nix ../2configs/mc.nix ../2configs/nixpkgs.nix ../2configs/vim.nix diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index c897ab655..01cfe5414 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -256,7 +256,7 @@ in { { krebs.Reaktor.coders = { nickname = "Reaktor|lass"; - channels = [ "#coders" ]; + channels = [ "#coders" "#germany" ]; extraEnviron = { REAKTOR_HOST = "irc.hackint.org"; }; diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 7b38e44c6..62b823c3f 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -92,7 +92,6 @@ in { nixshell = [ "nix-shell", "-I", "stockholm=.", - "-I", "nixpkgs=/var/src/nixpkgs", "-p" ] + deps + [ "--run" ] @@ -107,11 +106,9 @@ in { for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: addShell(f,name="build-{}".format(i),env=env_shared, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -119,11 +116,9 @@ in { for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -131,11 +126,9 @@ in { for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: addShell(f,name="build-{}".format(i),env=env_makefu, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -143,11 +136,9 @@ in { for i in [ "hiawatha", "onondaga" ]: addShell(f,name="build-{}".format(i),env=env_nin, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -211,7 +202,7 @@ in { ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ make system=prism pkgs.{}".format(i)]) bu.append(util.BuilderConfig(name="build-pkgs", @@ -255,7 +246,7 @@ in { options.lass.build-ssh-privkey = mkOption { type = types.secret-file; default = { - path = "${config.users.users.buildbotworker.home}/ssh.privkey"; + path = "${config.users.users.buildbotworker.home}/.ssh/id_rsa"; owner = { inherit (config.users.users.buildbotworker ) name uid;}; source-path = toString <secrets> + "/build.ssh.key"; }; @@ -263,16 +254,10 @@ in { config.krebs.secret.files = { build-ssh-privkey = config.lass.build-ssh-privkey; }; - config.users.users = { - build = { - name = "build"; - uid = genid "build"; - home = "/home/build"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors" - ]; - }; + config.users.users.buildbotworker = { + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP" + ]; }; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e33514ee0..ffed5bb70 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -150,6 +150,7 @@ with import <stockholm/lib>; untilport usbutils logify + goify #unpack stuff p7zip diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 72866c067..5f686e26e 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -30,6 +30,10 @@ let rules = concatMap make-rules (attrValues repos); public-repos = mapAttrs make-public-repo { + news = { + cgit.desc = "take a rss feed and a timeout and print it to stdout"; + cgit.section = "software"; + }; stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; cgit.section = "configuration"; diff --git a/lass/2configs/ircd.nix b/lass/2configs/ircd.nix index 4d2c134b6..b72e2b087 100644 --- a/lass/2configs/ircd.nix +++ b/lass/2configs/ircd.nix @@ -94,6 +94,8 @@ general { #maybe we want ident someday? disable_auth = yes; + throttle_duration = 1; + throttle_count = 1000; }; ''; }; diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index d9c6274db..bb068e7a1 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -34,7 +34,7 @@ let down = moveToDir "Y" "./down"; in { - krebs.per-user.lass.packages = [ + environment.systemPackages = [ mpv ]; } diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index d38af211f..070795d14 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -3,19 +3,17 @@ let newsfile = pkgs.writeText "feeds" '' aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news - aktuelle_themen|http://bundestag.de/service/rss/Bundestag_Aktuelle_Themen.rss|#news #bundestag allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#news - anon|http://anoninsiders.net/feed/|#news antirez|http://antirez.com/rss|#news arbor|http://feeds2.feedburner.com/asert/|#news archlinux|http://www.archlinux.org/feeds/news/|#news ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news augustl|http://augustl.com/atom.xml|#news bbc|http://feeds.bbci.co.uk/news/rss.xml|#news + bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#news bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag - bdt_pressemitteilungen|http://bundestag.de/service/rss/Bundestag_Presse.rss|#news #bundestag - bdt_wd|http://bundestag.de/service/rss/Bundestag_WD.rss|#news #bundestag + bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news @@ -30,9 +28,7 @@ let chan_b|https://boards.4chan.org/b/index.rss|#brainfuck chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck - cna|http://www.channelnewsasia.com/starterkit/servlet/cna/rss/home.xml|#news coinspotting|http://coinspotting.com/rss|#news #financial - cryptanalysis|https://cryptanalys.is/rss.php|#news cryptocoinsnews|http://www.cryptocoinsnews.com/feed/|#news #financial cryptogon|http://www.cryptogon.com/?feed=rss2|#news csm|http://rss.csmonitor.com/feeds/csm|#news @@ -52,12 +48,9 @@ let fars|http://www.farsnews.com/rss.php|#news #test faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news faz_politik|http://www.faz.net/rss/aktuell/politik/|#news - faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news #financial - fbi|http://www.fbi.gov/homepage/RSS|#news #bullerei - fbi_news|http://www.fbi.gov/news/news_blog/rss.xml|#news - fbi_press|http://www.fbi.gov/news/current/rss.xml|#news #bullerei - fbi_stories|http://www.fbi.gov/news/stories/all-stories/rss.xml|#news #bullerei - fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news #financial + faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news + fbi|https://www.fbi.gov/news/rss.xml|#news + fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news fefe|http://blog.fefe.de/rss.xml|#news forbes|http://www.forbes.com/forbes/feed2/|#news forbes_realtime|http://www.forbes.com/real-time/feed2/|#news @@ -65,18 +58,18 @@ let geheimorganisation|http://geheimorganisation.org/feed/|#news GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news gmanet|http://www.gmanetwork.com/news/rss/news|#news - golem|http://www.golem.de/rss.php?feed=RSS1.0|#news + golem|https://rss.golem.de/rss.php|#news google|http://news.google.com/?output=rss|#news greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news gulli|http://ticker.gulli.com/rss/|#news handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial - heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news + heise|https://www.heise.de/newsticker/heise-atom.xml|#news hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial hindu|http://www.thehindu.com/?service=rss|#news ign|http://feeds.ign.com/ign/all|#news independent|http://www.independent.com/rss/headlines/|#news - indymedia|http://de.indymedia.org/RSS/newswire.xml|#news + indymedia|https://de.indymedia.org/rss.xml|#news info_libera|http://www.informationliberation.com/rss.xml|#news klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#news korea_herald|http://www.koreaherald.com/rss_xml.php|#news @@ -123,11 +116,11 @@ let sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news shackspace|http://shackspace.de/?feed=rss2|#news shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news - sky_busi|http://news.sky.com/feeds/rss/business.xml|#news - sky_pol|http://news.sky.com/feeds/rss/politics.xml|#news - sky_strange|http://news.sky.com/feeds/rss/strange.xml|#news - sky_tech|http://news.sky.com/feeds/rss/technology.xml|#news - sky_world|http://news.sky.com/feeds/rss/world.xml|#news + sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#news + sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#news + sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#news + sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#news + sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#news slashdot|http://rss.slashdot.org/Slashdot/slashdot|#news slate|http://feeds.slate.com/slate|#news spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news @@ -138,7 +131,7 @@ let stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news #financial - sz_wissen|http://suche.sueddeutsche.de/rss/Wissen|#news + sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#news tagesschau|http://www.tagesschau.de/newsticker.rdf|#news taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news telegraph_finance|http://www.telegraph.co.uk/finance/rss|#news #financial diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 4f1347b82..49c44aa88 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "aa03833"; + ref = "2bb9c1c"; }; } diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 6e96f8845..1e14e31bb 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -145,6 +145,12 @@ in { script = "${print_current}/bin/print_current"; pattern = "^current$"; }) + (buildSimpleReaktorPlugin "suggest" { + script = "${pkgs.writeDash "suggest" '' + echo "$@" >> $HOME/playlist_suggest + ''}"; + pattern = "^suggest: (?P<args>.*)$"; + }) ]; }; services.nginx.virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 7a7bf95be..7f1b36c96 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -5,7 +5,6 @@ krebs.iptables = { tables = { filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } ]; @@ -13,6 +12,7 @@ }; krebs.tinc.retiolum = { + enableLegacy = true; enable = true; connectTo = [ "prism" diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 3a8979427..0771570ca 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -80,6 +80,9 @@ in { locations."= /retiolum-hosts.tar.bz2".extraConfig = '' alias ${config.krebs.tinc.retiolum.hostsArchive}; ''; + locations."= /retiolum.hosts".extraConfig = '' + alias ${pkgs.retiolum-hosts}; + ''; locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 8d55da7fd..ee688e18c 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -4,10 +4,10 @@ let mainUser = config.users.extraUsers.mainUser; in { - environment.systemPackages = with pkgs; [ + krebs.per-user.wine.packages = with pkgs; [ wineUnstable ]; - users.extraUsers = { + users.users= { wine = { name = "wine"; description = "user for running wine"; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 959c9d1b4..73692446a 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -5,6 +5,7 @@ _: ./folderPerms.nix ./hosts.nix ./mysql-backup.nix + ./news.nix ./umts.nix ./usershadow.nix ./xresources.nix diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix new file mode 100644 index 000000000..06b80df8d --- /dev/null +++ b/lass/3modules/news.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + cfg = config.lass.news; + + out = { + options.lass.news = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "news"; + feeds = mkOption { + type = types.listOf (types.submodule { options = { + nick = mkOption { + type = types.str; + }; + feedurl = mkOption { + type = types.str; + }; + interval = mkOption { + type = types.int; + default = 1000; + }; + channels = mkOption { + type = types.listOf types.str; + }; + };}); + }; + user = mkOption { + type = types.user; + default = { + name = "news"; + home = "/var/lib/news"; + }; + }; + ircServer = mkOption { + type = types.str; + default = "echelon.r"; + description = "to which server the bot should connect"; + }; + }; + + imp = { + + users.users.${cfg.user.name} = { + inherit (cfg.user) home name uid; + createHome = true; + }; + + systemd.services = listToAttrs (map (feed: + nameValuePair "news-${feed.nick}" { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + SyslogIdentifier = "news-${feed.nick}"; + User = cfg.user.name; + PrivateTmp = true; + Restart = "always"; + ExecStart = pkgs.writeDash "news-${feed.nick}" '' + ${pkgs.haskellPackages.news}/bin/news '${feed.feedurl}' '${toString feed.interval}' \ + | ${pkgs.goify}/bin/goify \ + | while :; do + ${pkgs.haskellPackages.kirk}/bin/ircout --nick '${feed.nick}' --host '${cfg.ircServer}' \ + \${concatStringsSep " \\" feed.channels} + done + ''; + }; + } + ) cfg.feeds); + + }; + +in out diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index fd52325ae..6e6ba56fa 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -19,6 +19,7 @@ q = pkgs.callPackage ./q {}; rs = pkgs.callPackage ./rs/default.nix {}; urban = pkgs.callPackage ./urban/default.nix {}; + xml2json = pkgs.callPackage ./xml2json/default.nix {}; xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; }; yt-next = pkgs.callPackage ./yt-next/default.nix {}; }; diff --git a/lass/5pkgs/xml2json/default.nix b/lass/5pkgs/xml2json/default.nix new file mode 100644 index 000000000..78690d4b7 --- /dev/null +++ b/lass/5pkgs/xml2json/default.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: +let + pp = pkgs.python35Packages; +in pp.buildPythonPackage rec { + name = "xml2json-${version}"; + version = "22ffcd"; + propagatedBuildInputs = [ + pp.simplejson + ]; + src = pkgs.fetchFromGitHub { + owner = "hay"; + repo = "xml2json"; + rev = "${version}"; + sha256 = "1snjd6q6bk517350gdrl8kkphkra0iaz56i583h2q57ab09r29vc"; + }; + doCheck = false; +} diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 93ca8f643..92c446212 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -4,8 +4,11 @@ with import <stockholm/lib>; let external-mac = "3a:66:48:8e:82:b2"; external-ip = config.krebs.build.host.nets.internet.ip4.addr; + external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; external-gw = "188.68.40.1"; + external-gw6 = "fe80::1"; external-netmask = 22; + external-netmask6 = 64; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; in { @@ -14,7 +17,7 @@ in { <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/headless.nix ../2configs/fs/single-partition-ext4.nix - ../2configs/smart-monitor.nix + # ../2configs/smart-monitor.nix ../2configs/git/cgit-retiolum.nix ../2configs/backup.nix # ../2configs/mattermost-docker.nix @@ -55,7 +58,6 @@ in { # ../2configs/logging/central-logging-client.nix ]; - services.smartd.devices = [ { device = main-disk;} ]; makefu.dl-dir = "/var/download"; @@ -134,6 +136,11 @@ in { address = external-ip; prefixLength = external-netmask; }]; + interfaces.et0.ip6 = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + defaultGateway6 = external-gw6; defaultGateway = external-gw; nameservers = [ "8.8.8.8" ]; }; diff --git a/makefu/1systems/studio.nix b/makefu/1systems/studio.nix new file mode 100644 index 000000000..400d9f883 --- /dev/null +++ b/makefu/1systems/studio.nix @@ -0,0 +1,75 @@ +{ config, pkgs, ... }: +{ + imports = [ + ../. + ../2configs/vncserver.nix + ../2configs/vim.nix + ../2configs/disable_v6.nix + ../2configs/jack-on-pulse.nix + ../2configs/gui/studio.nix + + ]; + makefu.gui.user = "user"; # we use an extra user + krebs = { + enable = true; + tinc.retiolum.enable = true; + build.host = config.krebs.hosts.studio; + }; + networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedUDPPorts = [ 655 ]; + + + environment.systemPackages = with pkgs;[ + # audio foo + ## pulseaudio + pavucontrol + paprefs + pamixer + + # extra alsa tools + alsa-hdspconf + alsa-hdspmixer + alsa-hdsploader + + # recording + darkice + (mumble.override { jackSupport = true; }) + + # browsing + firefox + chromium + ]; + + + nixpkgs.config.allowUnfree = true; + fonts = { + enableCoreFonts = true; + enableFontDir = true; + enableGhostscriptFonts = true; + fonts = [ ]; + }; + # ingos favorite display manager + + + # hardware + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/0aeda516-230e-4c54-9e27-13515c2f3f21"; + fsType = "ext4"; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/1914af67-5a8f-41d3-a1c2-211c39605da9"; } ]; + users.users.user = { + isNormalUser = true; + extraGroups = [ "wheel" "audio" ]; + uid = 1000; + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; +} diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 9809abf4c..25fc2b49b 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -7,7 +7,7 @@ imports = [ # Include the results of the hardware scan. ../. - ../2configs/base-gui.nix + ../2configs/gui/base.nix ../2configs/fs/sda-crypto-root.nix # hardware specifics are in here ../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index 43fbd6d2b..7f465ec72 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -1,20 +1,28 @@ { config, pkgs, lib, ... }: -let +let rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115"; datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F"; + user = config.makefu.gui.user; in { imports = [ # Include the results of the hardware scan. ../. ../2configs/zsh-user.nix - ../2configs/base-gui.nix ../2configs/tools/core.nix ../2configs/tools/core-gui.nix ../2configs/tools/extra-gui.nix ../2configs/tools/media.nix ../2configs/virtualization.nix ../2configs/tinc/retiolum.nix + ../2configs/mqtt.nix + ../2configs/deployment/led-fader.nix + # ../2configs/gui/wbob-kiosk.nix + + ../2configs/gui/studio.nix + ../2configs/audio/jack-on-pulse.nix + ../2configs/audio/realtime-audio.nix + ../2configs/vncserver.nix ]; krebs = { @@ -24,25 +32,10 @@ in { swapDevices = [ { device = "/var/swap"; } ]; - services.xserver = { - layout = lib.mkForce "de"; - - windowManager = lib.mkForce { - awesome.enable = false; - default = "none"; - }; - desktopManager.xfce.enable = true; - - # xrandrHeads = [ "HDMI1" "HDMI2" ]; - # prevent screen from turning off, disable dpms - displayManager.sessionCommands = '' - xset s off -dpms - xrandr --output HDMI2 --right-of HDMI1 - ''; - }; networking.firewall.allowedUDPPorts = [ 655 ]; networking.firewall.allowedTCPPorts = [ 655 49152 ]; + networking.firewall.trustedInterfaces = [ "enp0s25" ]; #services.tinc.networks.siem = { # name = "display"; # extraConfig = '' @@ -85,7 +78,7 @@ in { # TODO: add crypto layer systemd.services."synergy-client" = { environment.DISPLAY = ":0"; - serviceConfig.User = "makefu"; + serviceConfig.User = user; }; services.synergy = { diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 65df426e5..d1503c8d7 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -38,6 +38,8 @@ with import <stockholm/lib>; # ../2configs/temp/sabnzbd.nix + # development + ../2configs/sources # Krebs # ../2configs/disable_v6.nix diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix new file mode 100644 index 000000000..09d03ea9f --- /dev/null +++ b/makefu/2configs/audio/jack-on-pulse.nix @@ -0,0 +1,45 @@ +{ config, pkgs, ... }: +let + pulse = pkgs.pulseaudioFull; + user = config.makefu.gui.user; +in +{ + sound.enable = true; + hardware.pulseaudio = { + enable = true; + package = pulse; + }; + + environment.systemPackages = with pkgs; [ jack2Full ]; + # from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html + + systemd.services = { + jackdbus = { + description = "Runs jack, and points pulseaudio at it"; + serviceConfig = { + User = user; + Type = "oneshot"; + ExecStart = pkgs.writeScript "start_jack.sh" '' + #! ${pkgs.bash}/bin/bash + . ${config.system.build.setEnvironment} + sleep 5 # wait for the gui to load + + ${pkgs.jack2Full}/bin/jack_control start + sleep 3 # give some time for sources/sinks to be created + + ${pulse}/bin/pacmd set-default-sink jack_out + ${pulse}/bin/pacmd set-default-source jack_in + ''; + ExecStop = pkgs.writeScript "stop_jack.sh" '' + #! ${pkgs.bash}/bin/bash + . ${config.system.build.setEnvironment} + + ${pkgs.jack2Full}/bin/jack_control stop + ''; + RemainAfterExit = true; + }; + after = [ "display-manager.service" "sound.target" ]; + wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/makefu/2configs/audio/realtime-audio.nix b/makefu/2configs/audio/realtime-audio.nix new file mode 100644 index 000000000..fbeacd025 --- /dev/null +++ b/makefu/2configs/audio/realtime-audio.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: +let + user = config.makefu.gui.user; +in +{ + imports = [ + ../sources/musnix.nix # populate musnix + <musnix> + ]; + musnix.enable = true; + musnix.kernel.optimize = true; + musnix.kernel.realtime = true; + # TODO: musnix.kernel.packages = pkgs.linuxPackages_latest_rt; + + users.users."${user}".extraGroups = [ "audio" ]; +} diff --git a/makefu/2configs/avahi.nix b/makefu/2configs/avahi.nix new file mode 100644 index 000000000..59f59fd80 --- /dev/null +++ b/makefu/2configs/avahi.nix @@ -0,0 +1,8 @@ +{ pkgs, ...}: +{ + services.avahi = { + enable = true; + wideArea = false; + }; + environment.systemPackages = [ pkgs.avahi ]; +} diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 9ed890326..1cc78bfc1 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: with import <stockholm/lib>; let # preparation: @@ -32,4 +32,7 @@ in { # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; }; + environment.systemPackages = [ + pkgs.borgbackup + ]; } diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 6cc891047..0d61e8dee 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import <stockholm/lib>; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "4fac473"; # unstable @ 2017-03-31 + command-not-found + ref = "a772c3a"; # unstable @ 2017-05-09 + graceful requests2 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix new file mode 100644 index 000000000..a18416497 --- /dev/null +++ b/makefu/2configs/deployment/led-fader.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + mq = "192.168.8.11"; + + pkg = pkgs.stdenv.mkDerivation { + name = "ampel-master"; + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/ampel"; + rev = "07a6791de368e16cc0864d2676fd255eba522cee"; + sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q"; + }; + buildInputs = [ + (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ + docopt + paho-mqtt + ])) + ]; + installPhase = '' + install -m755 -D fade.py $out/bin/fade.py + install -m755 -D ampel.py $out/bin/ampel + install -m755 -D times.json $out/share/times.json + ''; + }; +in { + systemd.services.led-fader = { + description = "Send led change to message queue"; + environment = { + NIX_PATH = "/var/src"; + }; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + # User = "nobody"; # need a user with permissions to run nix-shell + ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/deployment/wiki-irc.nix b/makefu/2configs/deployment/wiki-irc.nix index a7527f796..dc7c8afe8 100644 --- a/makefu/2configs/deployment/wiki-irc.nix +++ b/makefu/2configs/deployment/wiki-irc.nix @@ -40,9 +40,9 @@ in { file { path => "/tmp/logs.json" codec => "json_lines" } if [output] { irc { - channels => [ "#krebs" ] + channels => [ "#nixos" , "#krebs" ] host => "irc.freenode.net" - nick => "nixos-wiki" + nick => "nixos-users-wiki" format => "%{output}" } } diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 81a5cde81..96b6c303d 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -19,6 +19,7 @@ let cgit.desc = "Build new Stockholm hosts"; }; cac-api = { }; + ampel = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/gui/base.nix index 1a19ab36b..bf6bef29d 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/gui/base.nix @@ -65,7 +65,7 @@ in cat |derp <<EOF XTerm*background: black XTerm*foreground: white - XTerm*FaceName : xft:xos4 Terminus:pixelsize=14 + XTerm*FaceName : xft:xos4 Terminus:pixelsize=11 URxvt*termName: rxvt URxvt*saveLines: 10000 @@ -77,7 +77,7 @@ in URxvt.background: black URxvt.urgentOnBell: true URxvt.visualBell: false - URxvt.font : xft:xos4 Terminus:size=12 + URxvt.font : xft:xos4 Terminus:size=11 ! blue diff --git a/makefu/2configs/gui/studio.nix b/makefu/2configs/gui/studio.nix new file mode 100644 index 000000000..08157fda4 --- /dev/null +++ b/makefu/2configs/gui/studio.nix @@ -0,0 +1,22 @@ +{ config, lib, ... }: +let + user = config.makefu.gui.user; +in +{ + services.xserver.enable = true; + services.xserver.displayManager.sddm = { + enable = true; + autoLogin.enable = true; + autoLogin.user = user; + }; + # services.xserver.windowMananger.default = "plasma5"; + services.xserver.desktopManager = { + default = "plasma5"; + plasma5.enable = true; + }; + + services.xserver.layout = "us"; + services.xserver.xkbVariant = "altgr-intl"; + services.xserver.xkbOptions = "ctrl:nocaps"; + +} diff --git a/makefu/2configs/urxvtd.nix b/makefu/2configs/gui/urxvtd.nix index 286b87ab3..286b87ab3 100644 --- a/makefu/2configs/urxvtd.nix +++ b/makefu/2configs/gui/urxvtd.nix diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix new file mode 100644 index 000000000..4b7a0c333 --- /dev/null +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -0,0 +1,23 @@ +{ lib, ... }: +{ + + imports = [ + ./base.nix + ]; + services.xserver = { + layout = lib.mkForce "de"; + + windowManager = lib.mkForce { + awesome.enable = false; + default = "none"; + }; + desktopManager.xfce.enable = true; + + # xrandrHeads = [ "HDMI1" "HDMI2" ]; + # prevent screen from turning off, disable dpms + displayManager.sessionCommands = '' + xset s off -dpms + xrandr --output HDMI2 --right-of HDMI1 + ''; + }; +} diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index eaf6dec97..827da0c8d 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -11,7 +11,7 @@ let user = config.krebs.build.user.name; in { imports = [ - ./base-gui.nix + ./gui/base.nix ./fetchWallpaper.nix ./zsh-user.nix ./tools/core.nix diff --git a/makefu/2configs/sources/default.nix b/makefu/2configs/sources/default.nix new file mode 100644 index 000000000..232117aec --- /dev/null +++ b/makefu/2configs/sources/default.nix @@ -0,0 +1,7 @@ +# the builder pc (my laptop) will also require the sources i use to deploy +# other boxes +{ + imports = [ + ./musnix.nix + ]; +} diff --git a/makefu/2configs/sources/musnix.nix b/makefu/2configs/sources/musnix.nix new file mode 100644 index 000000000..d02dd4a48 --- /dev/null +++ b/makefu/2configs/sources/musnix.nix @@ -0,0 +1,6 @@ +{ + krebs.build.source.musnix.git = { + url = https://github.com/musnix/musnix.git; + ref = "37a8378"; + }; +} diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index d1dcec657..9493b2b7b 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -20,6 +20,7 @@ https://api.github.com/repos/dorimanx/exfat-nofuse/commits https://api.github.com/repos/dorimanx/exfat-nofuse/tags https://api.github.com/repos/radare/radare2/tags + https://api.github.com/repos/rapid7/metasploit-framework/tags ]; }; } diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix new file mode 100644 index 000000000..c56b3e294 --- /dev/null +++ b/makefu/2configs/vncserver.nix @@ -0,0 +1,62 @@ +{config,lib,pkgs, ...}: +with lib; +let + pwfile = (toString <secrets>)+ "/vnc-password"; # create with `vncpasswd` + pwtmp = "/tmp/vnc-password"; + # nixos-unstable tigervnc is currently broken :\ + package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc; + user = config.makefu.gui.user; + vnc_port = 5900; + web_port = 6080; +in { + networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ]; + systemd.services = { + terminal-server = { + description = "VNC Terminal Server"; + after = [ "display-manager.service" "graphical.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = user; + Restart = "always"; + ExecStartPre = pkgs.writeDash "terminal-pre" '' + sleep 5 + install -m0700 -o ${user} ${pwfile} ${pwtmp} + ''; + ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}"; + PermissionsStartOnly = true; + PrivateTmp = true; + }; + }; + terminal-web = { + description = "noVNC Web Server"; + after = [ "terminal-server.service" "graphical.target" "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}"; + PrivateTmp = true; + }; + }; + }; + services.nginx.enable = true; + services.nginx.virtualHosts._.locations = { + "/" = { + root = "${pkgs.novnc}"; + index = "vnc_auto.html"; + }; + "/websockify" = { + proxyPass = "http://127.0.0.1:6080/"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # VNC connection timeout + proxy_read_timeout 61s; + + # Disable cache + proxy_buffering off; + ''; + }; + }; +} diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix index dbd29d748..846642580 100644 --- a/makefu/3modules/server-config.nix +++ b/makefu/3modules/server-config.nix @@ -6,5 +6,10 @@ with import <stockholm/lib>; type = types.str; description = "Primary interface of the server"; }; + options.makefu.gui.user = lib.mkOption { + type = types.str; + description = "GUI user"; + default = config.krebs.build.user.name; + }; } diff --git a/makefu/3modules/taskserver.nix b/makefu/3modules/taskserver.nix index 808e70425..40a18fe05 100644 --- a/makefu/3modules/taskserver.nix +++ b/makefu/3modules/taskserver.nix @@ -41,8 +41,8 @@ let Type = "simple"; ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}"; WorkingDirectory = cfg.workingDir; - PrivateTmp = true; - InaccessibleDirectories = "/home /boot /opt /mnt /media"; + # PrivateTmp = true; + # InaccessibleDirectories = "/home /boot /opt /mnt /media"; User = "taskd"; }; }; diff --git a/makefu/5pkgs/acdcli/default.nix b/makefu/5pkgs/acdcli/default.nix index 6442fecbf..13b19e482 100644 --- a/makefu/5pkgs/acdcli/default.nix +++ b/makefu/5pkgs/acdcli/default.nix @@ -4,7 +4,7 @@ with python3Packages; buildPythonPackage rec { name = "acdcli-${version}"; version = "0.3.2"; propagatedBuildInputs = [ - dateutil colorama fusepy appdirs requests2 requests_toolbelt six + dateutil colorama fusepy appdirs requests requests_toolbelt six ]; src = fetchurl { url = "mirror://pypi/a/acdcli/${name}.tar.gz"; diff --git a/makefu/5pkgs/alsa-tools/default.nix b/makefu/5pkgs/alsa-tools/default.nix index 9a672f048..5134c10ec 100644 --- a/makefu/5pkgs/alsa-tools/default.nix +++ b/makefu/5pkgs/alsa-tools/default.nix @@ -1,4 +1,4 @@ -{stdenv,alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk}: +{stdenv,alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk3}: stdenv.mkDerivation rec { name = "alsa-${alsaToolTarget}-${version}"; @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { sha256 = "1lgvyb81md25s9ciswpdsbibmx9s030kvyylf0673w3kbamz1awl"; }; sourceRoot = "${alsaToolsName}/${alsaToolTarget}/"; - buildInputs = [ alsaLib fltk13 gtk ncurses ]; + buildInputs = [ alsaLib fltk13 gtk3 ncurses ]; meta = { homepage = http://www.alsa-project.org/; diff --git a/makefu/5pkgs/bintray-upload/default.nix b/makefu/5pkgs/bintray-upload/default.nix index 1e9582cca..099b8ca88 100644 --- a/makefu/5pkgs/bintray-upload/default.nix +++ b/makefu/5pkgs/bintray-upload/default.nix @@ -10,7 +10,7 @@ pkgs.python3Packages.buildPythonPackage rec { sha256 = "1401saisk98n5wgw73nwh8hb484vayw5c6dlypxc1fp4ybym4zi9"; }; - propagatedBuildInputs = with pkgs.python3Packages; [ requests2 ]; + propagatedBuildInputs = with pkgs.python3Packages; [ requests ]; meta = { description = "Simple BinTray utility for uploading packages"; diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix index 020b2fdc2..e7c26da55 100644 --- a/makefu/5pkgs/devpi/default.nix +++ b/makefu/5pkgs/devpi/default.nix @@ -56,7 +56,7 @@ let sha256 = "0l3a7iyk596x6pvzg7604lzzi012qszr804fqn6f517zcy1xz23j"; }; - propagatedBuildInputs = with pkgs.python3Packages; [ requests2 py ]; + propagatedBuildInputs = with pkgs.python3Packages; [ requests py ]; meta = { homepage = https://bitbucket.org/hpk42/devpi; diff --git a/makefu/5pkgs/elchhub/default.nix b/makefu/5pkgs/elchhub/default.nix index a28267cb1..76ba834ab 100644 --- a/makefu/5pkgs/elchhub/default.nix +++ b/makefu/5pkgs/elchhub/default.nix @@ -16,7 +16,7 @@ in buildPythonPackage rec { version = "1.0.5"; propagatedBuildInputs = [ flask - requests2 + requests ftputil redis ]; diff --git a/makefu/5pkgs/novnc/default.nix b/makefu/5pkgs/novnc/default.nix new file mode 100644 index 000000000..b1d62248d --- /dev/null +++ b/makefu/5pkgs/novnc/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, pkgs }: +# source: https://github.com/hyphon81/Nixtack/blob/master/noVNC/noVNC.nix +let +in + +stdenv.mkDerivation rec { + name = "novnc-${version}"; + version = "0.6.2"; + + src = fetchurl { + url = "https://github.com/novnc/noVNC/archive/v${version}.tar.gz"; + sha256 = "16ygbdzdmnfg9a26d9il4a6fr16qmq0ix9imfbpzl0drfbj7z8kh"; + }; + p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify + pkgs.coreutils pkgs.which pkgs.procps ]; + # TODO: propagatedBuildInputs does not seem to work with shell scripts + patchPhase = '' + sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh + ''; + installPhase = '' + mkdir -p $out/bin + cp utils/launch.sh $out/bin/launch-novnc.sh + chmod +x $out/bin/launch-novnc.sh + mkdir -p $out/images + cp -r images/* $out/images/ + mkdir -p $out/include + cp -r include/* $out/include/ + cp favicon.ico $out + cp vnc.html $out + cp vnc_auto.html $out + ''; + + meta = with stdenv.lib; { + homepage = http://novnc.com/info.html; + repositories.git = git://github.com/novnc/noVNC.git; + description = '' + A HTML5 VNC Client + ''; + license = licenses.mpl20; + }; +} diff --git a/makefu/5pkgs/shackie/default.nix b/makefu/5pkgs/shackie/default.nix new file mode 100644 index 000000000..b6cf8afe6 --- /dev/null +++ b/makefu/5pkgs/shackie/default.nix @@ -0,0 +1,33 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python3Packages; +let + asyncio-irc = buildPythonPackage rec { + name = "asyncio-irc-${version}"; + version = "2016-09-02"; + src = fetchFromGitHub { + owner = "watchtower"; + repo = "asyncirc"; + rev = "5384d19"; + sha256 = "0xgzdvp0ig0im7r3vbqd3a9rzac0lkk2mvf7y4fw56p8k61df8nv"; + }; + propagatedBuildInputs = [ blinker ]; + }; +in +buildPythonPackage rec { + name = "shackie-${version}"; + version = "2017-04-24"; + propagatedBuildInputs = [ + asyncio-irc + beautifulsoup4 + lxml + pytz + redis + requests + ]; + src = fetchFromGitHub { + owner = "shackspace"; + repo = "shackie"; + rev = "e717ec7"; + sha256 = "1ffbjm3x2xcyxl42hfsjs5xg1pm0xsprdi5if9zxa5ycqydmiw3l"; + }; +} diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 49c0d3d95..e7f600cd0 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with import <stockholm/lib>; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 @ 2017-03-03 + ref = "22da5d02466ffe465735986d705675982f3646a0"; # nixos-17.03 @ 2017-05-13 }; secrets.file = if getEnv "dummy_secrets" == "true" |