diff options
285 files changed, 3143 insertions, 7375 deletions
diff --git a/.gitmodules b/.gitmodules index 7ecb497ea..4779748c8 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,12 +1,12 @@ [submodule "submodules/nix-writers"] path = submodules/nix-writers - url = http://cgit.krebsco.de/nix-writers + url = https://cgit.krebsco.de/nix-writers [submodule "submodules/krops"] path = submodules/krops url = https://cgit.krebsco.de/krops [submodule "lass/5pkgs/autowifi"] path = lass/5pkgs/autowifi url = https://github.com/Lassulus/autowifi -[submodule "jeschli/2configs/elisp"] - path = jeschli/2configs/elisp - url = https://github.com/Jeschli/misc-elisp-scripts.git +[submodule "submodules/disko"] + path = submodules/disko + url = https://github.com/nix-community/disko diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix deleted file mode 100644 index 49b814793..000000000 --- a/jeschli/1systems/bolide/config.nix +++ /dev/null @@ -1,125 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, lib, ... }: -let - unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; -in -{ - imports = - [ - ./hardware-configuration.nix - <stockholm/jeschli> - <stockholm/jeschli/2configs/urxvt.nix> - <stockholm/jeschli/2configs/i3.nix> - <stockholm/jeschli/2configs/emacs.nix> - <stockholm/jeschli/2configs/rust.nix> - ]; - - krebs.build.host = config.krebs.hosts.bolide; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only - boot.initrd.luks.devices = [ { - name = "bla"; - device = "/dev/disk/by-uuid/53f1eeaf-a7ac-456c-a2af-778dd8b8d5b0"; - preLVM = true; - allowDiscards = true; - } ]; -# networking.hostName = "bolide"; # Define your hostname. -# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; - networking.enableB43Firmware = true; #new - - # Select internationalisation properties. - # i18n = { - # consoleFont = "Lat2-Terminus16"; - # consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - # }; - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget - environment.shellAliases = { - n = "nix-shell"; - stocki = pkgs.writeDash "deploy" '' - cd ~/stockholm - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bolide"' - ''; - }; - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - rofi - wget vim - # system helper - ag - curl - copyq - dmenu - git - i3lock - keepass - networkmanagerapplet - rsync - terminator - tmux - wget - # rxvt_unicode - # editors - emacs - # internet - thunderbird - chromium - google-chrome - # programming languages - vscode - go - gcc9 - ccls - unstable.clang_8 - ghc - python37 - python37Packages.pip - # go tools - golint - gotools - # dev tools - elmPackages.elm - gnumake - jetbrains.pycharm-professional - jetbrains.webstorm - jetbrains.goland - # document viewer - zathura - ]; - - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - services.xserver.videoDrivers = [ "nvidia" ]; - -users.extraUsers.jeschli = { - isNormalUser = true; - extraGroups = ["docker" "vboxusers" "audio"]; - uid = 1000; - }; - - hardware.pulseaudio.enable = true; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? - -} - diff --git a/jeschli/1systems/bolide/hardware-configuration.nix b/jeschli/1systems/bolide/hardware-configuration.nix deleted file mode 100644 index 042b746ef..000000000 --- a/jeschli/1systems/bolide/hardware-configuration.nix +++ /dev/null @@ -1,33 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" "wl" ]; - boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; - - fileSystems."/" = - { device = "/dev/bolide-pool/bolide-root"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/bolide-pool/bolide-home"; - fsType = "ext4"; - }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3aeb67c4-5b6e-4df2-8013-607fe0fb8525"; - fsType = "ext4"; - }; - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = "powersave"; - hardware.pulseaudio.enable = true; -} diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix deleted file mode 100644 index 860c5d11c..000000000 --- a/jeschli/1systems/brauerei/config.nix +++ /dev/null @@ -1,200 +0,0 @@ -{ config, pkgs, lib, ... }: -let - mainUser = config.krebs.build.user.name; - unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; -in -{ - imports = [ - <stockholm/jeschli> - ./hardware-configuration.nix - <home-manager/nixos> - <stockholm/jeschli/2configs/emacs.nix> - <stockholm/jeschli/2configs/urxvt.nix> - <stockholm/jeschli/2configs/steam.nix> - <stockholm/jeschli/2configs/virtualbox.nix> - ]; - krebs.build.host = config.krebs.hosts.brauerei; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - # or "nodev" for efi only - boot.initrd.luks.devices = [ { - name = "root"; - device = "/dev/sda2"; - preLVM = true; - allowDiscards = true; - } ]; - networking.networkmanager.enable = true; - time.timeZone = "Europe/Amsterdam"; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - # emacs aliases - ed = "emacsclient"; - edc = "emacsclient --create-frame"; - # nix aliases - ns = "nix-shell"; - # krops - deploy = pkgs.writeDash "deploy" '' - set -eu - export SYSTEM="$1" - $(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - }; - - environment.systemPackages = with pkgs; [ - # system helper - acpi - ag - copyq - curl - dmenu - aspell - ispell - rofi - xdotool - git - gnupg - i3lock - keepass - networkmanagerapplet - pavucontrol - rsync - terminator - tmux - wget - # editors - emacs - # internet - chromium - firefox - google-chrome - thunderbird - # programming languages - elixir - elmPackages.elm - exercism - gcc9 - ccls - unstable.clang_8 - ghc - go - python37 - python37Packages.pip - pipenv - # dev tools - gnumake - jetbrains.clion - jetbrains.goland - jetbrains.pycharm-professional - jetbrains.webstorm - vscode - # document viewer - evince - zathura - # go tools - golint - gotools - # rust - cargo - rustracer - rustup - # orga tools - taskwarrior - # xorg - xorg.xbacklight - # tokei - tokei - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.bash.enableCompletion = true; - # programs.mtr.enable = true; - programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - -# home-manager.useUserPackages = true; -# home-manager.users.jeschli = { -# home.stateVersion = "19.03"; -# }; -# home-manager.enable = true; - -# home-manager.users.jeschli.home.file = { -# ".emacs.d" = { -# source = pkgs.fetchFromGitHub { -# owner = "jeschli"; -# repo = "emacs.d"; -# rev = "8ed6c40"; -# sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0"; -# }; -# recursive = true; -# }; -# }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; -# services.emacs.enable = true; - - virtualisation.docker.enable = true; - - services.xserver = { - enable = true; - - desktopManager = { - xfce.enable = true; - gnome3.enable = true; - }; - - }; - - services.xserver.windowManager.i3.enable = true; - - users.extraUsers.jeschli = { # TODO: define as krebs.users - isNormalUser = true; - extraGroups = ["docker" "vboxusers" "audio"]; - uid = 1000; - }; - users.extraUsers.blafoo = { - isNormalUser = true; - extraGroups = ["audio"]; - uid = 1002; - }; - users.extraUsers.jamie = { - isNormalUser = true; - uid = 1001; # TODO genid - }; - users.users.dev = { - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" - "ssh-rsa AAAAB4NzaC1yc2EAAAADAQABAAACAQC1x9+OtNfwv6LxblnLHeBElxoxLfaYUyvqMrBgnrlkaPjylPv711bvPslnt+YgdPsZQLCoQ2t5f0x0j7ZOMYE9eyRrnr67ITO+Od05u3eCypWOZulekkDL0ZDeYdvoZKOWnbKWnQVRfYuLOEL/g5/9E7MLtIdID8e98b/qHzs/+wmuuDR3zHCNic0BKixgET/EgFvLWezWxJ6D/TTv/5sDAfrC+RUN8ad14sxjKIkS3nkAlm8bhrCxQKaHLUcCJWiweW0gPWYSlp64VHS5lchvqCJlPYQdx0XbwolvlLYru0w74ljLbi3eL35GFFyHSeEjQ73EtVwo53uVKTy7SAORU7JNg6xL9H3ChOLOknN9oHs1K7t/maMsATle0HAFcTuaOhELUmHM8dCJh3nPVWIkzHQ4o3fyaogrpt7/V5j6R1/Ozn7P9n4OdqrjiaWqHlz/XHeYNNWte+a0EW+NubC83yS0Cu3uhZ36C3RET2vNM25CyYOBn4ccClAozayQIb6Cif0tCafMRPgkSlogQd8+SqNZpTnmtllIT3VnT5smgrufy6HETDkrHjApDrsqLtMCFY83RFwt4QLv/L93O7IsGifzmEfD9qD7YBSMNs8ihBIUXPk9doHXvYS506YroxWOxe/C0rzzbaogxQT6JMd1ozfXitRD9v7iBIFAT4Kzjw== christopher.kilian@dcso.de" - ]; - }; - - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" - ]; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - -} diff --git a/jeschli/1systems/brauerei/hardware-configuration.nix b/jeschli/1systems/brauerei/hardware-configuration.nix deleted file mode 100644 index 2cb3e6661..000000000 --- a/jeschli/1systems/brauerei/hardware-configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/e264fc21-45bb-4224-93fc-b0e19c2c3478"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/bd0846ce-7d39-4329-bcb4-7c76becd6ab1"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/42BF-0795"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - hardware.pulseaudio.enable = true; - nix.maxJobs = lib.mkDefault 4; -} diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix deleted file mode 100644 index 86d21f7d3..000000000 --- a/jeschli/1systems/enklave/config.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - <stockholm/jeschli> - <stockholm/jeschli/2configs/retiolum.nix> - <stockholm/jeschli/2configs/IM.nix> - <stockholm/jeschli/2configs/git.nix> - <stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix> - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - "eth*" - "ens*" - ]; - } - { - services.openssh.enable = true; - } - { - sound.enable = false; - } - { - users.extraUsers = { - root.initialPassword = "pfeife123"; - root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" - ]; - jeschli = { - name = "jeschli"; - uid = 1000; - home = "/home/jeschli"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ -"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" - ]; - }; - }; - } - { - services.taskserver = { - enable = true; - fqdn = "enklave.r"; - listenHost = "::"; - listenPort = 53589; - organisations.lass.users = [ "jeschli" ]; - }; - networking.firewall.allowedTCPPorts = [ 53589 8001 ]; - } - ]; - - krebs.build.host = config.krebs.hosts.enklave; -} diff --git a/jeschli/1systems/enklave/taskserver.nix b/jeschli/1systems/enklave/taskserver.nix deleted file mode 100644 index 23b235d70..000000000 --- a/jeschli/1systems/enklave/taskserver.nix +++ /dev/null @@ -1,10 +0,0 @@ - { - services.taskserver = { - enable = true; - fqdn = "enklave.r"; - listenHost = "::"; - listenPort = 53589; - organisations.lass.users = [ "jeschli" ]; - }; - networking.firewall.allowedTCPPorts = [ 53589 ]; - } diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix deleted file mode 100644 index dec69563f..000000000 --- a/jeschli/1systems/reagenzglas/config.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = - [ - <stockholm/jeschli> - <stockholm/jeschli/2configs/emacs.nix> - <stockholm/jeschli/2configs/firefox.nix> - <stockholm/jeschli/2configs/rust.nix> - <stockholm/jeschli/2configs/steam.nix> - <stockholm/jeschli/2configs/python.nix> - ./desktop.nix - ./i3-configuration.nix - ./hardware-configuration.nix - ]; - - # EFI systemd boot loader - boot.loader.systemd-boot.enable = true; - - # Wireless network with network manager - krebs.build.host = config.krebs.hosts.reagenzglas; - # networking.hostName = "nixos"; # Define your hostname. - networking.networkmanager.enable = true; - - # Allow unfree - nixpkgs.config.allowUnfree = true; - - # Select internationalisation properties. - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - ag - alacritty - google-chrome - chromium - copyq - direnv - go - git - gitAndTools.hub - sbcl - rofi - vim - wget - ]; - - users.users.ombi = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - }; - - users.users.jeschli = { - isNormalUser = true; - extraGroups = [ "audio" ]; - }; - -# services.xserver.synaptics.enable = true; - services.xserver.libinput.enable = true; - services.xserver.libinput.disableWhileTyping = true; - - hardware.pulseaudio.enable = true; - - #Enable ssh daemon - services.openssh.enable = true; - - #Enable clight - services.clight.enable = true; - services.geoclue2.enable = true; - location.provider = "geoclue2"; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM1xtX/SF2IzfAIzrXvH4HsW05eTBX8U8MYlEPadq0DS/nHC45hW2PSEUOVsH0UhBRAB+yClVLyN+JAYsuOoQacQqAVq9R7HAoFITdYTMJCxVs4urSRv0pWwTopRIh1rlI+Q0QfdMoeVtO2ZKG3KoRM+APDy2dsX8LTtWjXmh/ZCtpGl1O8TZtz2ZyXyv9OVDPnQiFwPU3Jqs2Z036c+kwxWlxYc55FRuqwRtQ48c/ilPMu+ZvQ22j1Ch8lNuliyAg1b8pZdOkMJF3R8b46IQ8FEqkr3L1YQygYw2M50B629FPgHgeGPMz3mVd+5lzP+okbhPJjMrUqZAUwbMGwGzZ ombi@nixos" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFXgtbgeivxlMKkoEJ4ANhtR+LRMSPrsmL4U5grFUME jeschli@nixos" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG7C3bgoL9VeVl8pgu8sp3PCOs6TXk4R9y7JKJAHGsfm root@baeckerei" - ]; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "19.03"; # Did you read the comment? - -} diff --git a/jeschli/1systems/reagenzglas/desktop.nix b/jeschli/1systems/reagenzglas/desktop.nix deleted file mode 100644 index 88eae086f..000000000 --- a/jeschli/1systems/reagenzglas/desktop.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Configuration for the desktop environment - -{ config, lib, pkgs, ... }: -{ - # Configure basic X-server stuff: - services.xserver = { - enable = true; - xkbOptions = "caps:super"; - exportConfiguration = true; - - displayManager.lightdm.enable = true; - }; - - # Configure fonts - fonts = { - fonts = with pkgs; [ - corefonts - font-awesome-ttf - noto-fonts-cjk - noto-fonts-emoji - powerline-fonts - helvetica-neue-lt-std - ]; - }; -} diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix deleted file mode 100644 index 55f5532d6..000000000 --- a/jeschli/1systems/reagenzglas/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/nvme0n1p8"; - preLVM = true; - } - ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/4d01936e-c876-42c3-962a-d4a20ad0e2e0"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/D455-E4CC"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/jeschli/1systems/reagenzglas/i3-configuration.nix b/jeschli/1systems/reagenzglas/i3-configuration.nix deleted file mode 100644 index 88f63426d..000000000 --- a/jeschli/1systems/reagenzglas/i3-configuration.nix +++ /dev/null @@ -1,181 +0,0 @@ -{pkgs, environment, config, lib, ... }: - -with pkgs; - -let - i3_config_file = pkgs.writeText "config" '' - set $mod Mod4 - - font pango:monospace 8 - - #font pango:DejaVu Sans Mono 8 - - # Before i3 v4.8, we used to recommend this one as the default: - # font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1 - # The font above is very space-efficient, that is, it looks good, sharp and - # clear in small sizes. However, its unicode glyph coverage is limited, the old - # X core fonts rendering does not support right-to-left and this being a bitmap - # font, it doesn’t scale on retina/hidpi displays. - - # Use Mouse+$mod to drag floating windows to their wanted position - floating_modifier $mod - - # start a terminal - bindsym $mod+Return exec alacritty - - # kill focused window - bindsym $mod+Shift+q kill - - # start dmenu (a program launcher) - # bindsym $mod+d exec dmenu_run - - # start dmenu (a program launcher) - bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run - - bindsym $mod+x exec ${pkgs.rofi}/bin/rofi -modi window -show window -auto-select - - bindsym $mod+F1 exec xinput --list | grep Touchpad | sed 's/.*id=\([0-9][0-9]\).*/\1/' | xargs xinput disable - bindsym $mod+F2 exec xinput --list | grep Touchpad | sed 's/.*id=\([0-9][0-9]\).*/\1/' | xargs xinput enable - - # There also is the (new) i3-dmenu-desktop which only displays applications - # shipping a .desktop file. It is a wrapper around dmenu, so you need that - # installed. - # bindsym $mod+d exec --no-startup-id i3-dmenu-desktop - - # change focus - bindsym $mod+j focus left - bindsym $mod+k focus down - bindsym $mod+l focus up - bindsym $mod+semicolon focus right - - # alternatively, you can use the cursor keys: - bindsym $mod+Left focus left - bindsym $mod+Down focus down - bindsym $mod+Up focus up - bindsym $mod+Right focus right - - # move focused window - bindsym $mod+Shift+j move left - bindsym $mod+Shift+k move down - bindsym $mod+Shift+l move up - bindsym $mod+Shift+colon move right - - # alternatively, you can use the cursor keys: - bindsym $mod+Shift+Left move left - bindsym $mod+Shift+Down move down - bindsym $mod+Shift+Up move up - bindsym $mod+Shift+Right move right - - # split in horizontal orientation - bindsym $mod+h split h - - # split in vertical orientation - bindsym $mod+v split v - - # enter fullscreen mode for the focused container - bindsym $mod+f fullscreen toggle - - # change container layout (stacked, tabbed, toggle split) - bindsym $mod+s layout stacking - bindsym $mod+w layout tabbed - bindsym $mod+e layout toggle split - - # toggle tiling / floating - bindsym $mod+Shift+space floating toggle - - # change focus between tiling / floating windows - bindsym $mod+space focus mode_toggle - - # focus the parent container - bindsym $mod+a focus parent - - # focus the child container - #bindsym $mod+d focus child - - # Define names for default workspaces for which we configure key bindings later on. - # We use variables to avoid repeating the names in multiple places. - set $ws1 "1" - set $ws2 "2" - set $ws3 "3" - set $ws4 "4" - set $ws5 "5" - set $ws6 "6" - set $ws7 "7" - set $ws8 "8" - set $ws9 "9" - set $ws10 "10" - - # switch to workspace - bindsym $mod+1 workspace $ws1 - bindsym $mod+2 workspace $ws2 - bindsym $mod+3 workspace $ws3 - bindsym $mod+4 workspace $ws4 - bindsym $mod+5 workspace $ws5 - bindsym $mod+6 workspace $ws6 - bindsym $mod+7 workspace $ws7 - bindsym $mod+8 workspace $ws8 - bindsym $mod+9 workspace $ws9 - bindsym $mod+0 workspace $ws10 - - # move focused container to workspace - bindsym $mod+Shift+1 move container to workspace $ws1 - bindsym $mod+Shift+2 move container to workspace $ws2 - bindsym $mod+Shift+3 move container to workspace $ws3 - bindsym $mod+Shift+4 move container to workspace $ws4 - bindsym $mod+Shift+5 move container to workspace $ws5 - bindsym $mod+Shift+6 move container to workspace $ws6 - bindsym $mod+Shift+7 move container to workspace $ws7 - bindsym $mod+Shift+8 move container to workspace $ws8 - bindsym $mod+Shift+9 move container to workspace $ws9 - bindsym $mod+Shift+0 move container to workspace $ws10 - - # reload the configuration file - bindsym $mod+Shift+c reload - # restart i3 inplace (preserves your layout/session, can be used to upgrade i3) - bindsym $mod+Shift+r restart - # exit i3 (logs you out of your X session) - bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'" - - # resize window (you can also use the mouse for that) - mode "resize" { - # These bindings trigger as soon as you enter the resize mode - - # Pressing left will shrink the window’s width. - # Pressing right will grow the window’s width. - # Pressing up will shrink the window’s height. - # Pressing down will grow the window’s height. - bindsym j resize shrink width 10 px or 10 ppt - bindsym k resize grow height 10 px or 10 ppt - bindsym l resize shrink height 10 px or 10 ppt - bindsym semicolon resize grow width 10 px or 10 ppt - - # same bindings, but for the arrow keys - bindsym Left resize shrink width 10 px or 10 ppt - bindsym Down resize grow height 10 px or 10 ppt - bindsym Up resize shrink height 10 px or 10 ppt - bindsym Right resize grow width 10 px or 10 ppt - - # back to normal: Enter or Escape or $mod+r - bindsym Return mode "default" - bindsym Escape mode "default" - bindsym $mod+r mode "default" - } - - bindsym $mod+r mode "resize" - - # Start i3bar to display a workspace bar (plus the system information i3status - # finds out, if available) - bar { - status_command i3status - } - ''; - -in { - - services.xserver.windowManager.i3 = { - enable = true; - package = pkgs.i3; - configFile = i3_config_file; - }; - -} diff --git a/jeschli/2configs/IM.nix b/jeschli/2configs/IM.nix deleted file mode 100644 index 2366726fb..000000000 --- a/jeschli/2configs/IM.nix +++ /dev/null @@ -1,57 +0,0 @@ -with (import <stockholm/lib>); -{ config, lib, pkgs, ... }: -let - tmux = pkgs.writeDashBin "tmux" '' - export TERM=xterm-256color - exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' - set-option -g default-terminal screen-256color - ''} "$@" - ''; -in { - - services.bitlbee = { - enable = true; - portNumber = 6666; - plugins = [ - pkgs.bitlbee-facebook - pkgs.bitlbee-steam - pkgs.bitlbee-discord - ]; - libpurple_plugins = [ pkgs.telegram-purple ]; - }; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - jeschli.pubkey - jeschli-bln.pubkey - jeschli-brauerei.pubkey - jeschli-bolide.pubkey - ]; - packages = [ tmux ]; - }; - - - systemd.services.chat = { - description = "chat environment setup"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - restartIfChanged = false; - - path = [ - pkgs.rxvt_unicode.terminfo - ]; - - serviceConfig = { - User = "chat"; - RemainAfterExit = true; - Type = "oneshot"; - ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; - ExecStop = "${tmux}/bin/tmux kill-session -t IM"; - }; - }; -} diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix deleted file mode 100644 index 8b61fa29c..000000000 --- a/jeschli/2configs/default.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -{ - imports = [ -# ./vim.nix - ./retiolum.nix - ./zsh.nix - <stockholm/lass/2configs/security-workarounds.nix> - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - ]; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - parallel - proot - populate - - # aliases - (writeDashBin "irc" "ssh chat@enklave -t tmux a") - - #style - most - rxvt_unicode.terminfo - - #monitoring tools - htop - iotop - - #network - iptables - iftop - - #stuff for dl - aria2 - - #neat utils - file - kpaste - krebspaste - mosh - pciutils - psmisc - # q - # rs - tmux - untilport - usbutils - # logify - goify - vim - #unpack stuff - p7zip - unzip - unrar - - (pkgs.writeDashBin "sshn" '' - ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" - '') - ]; - - krebs.enable = true; - networking.hostName = config.krebs.build.host.name; -} diff --git a/jeschli/2configs/elisp b/jeschli/2configs/elisp deleted file mode 160000 -Subproject 279d6a01f5abbab5d28d3a57549b7fec800a510 diff --git a/jeschli/2configs/emacs-org-agenda.nix b/jeschli/2configs/emacs-org-agenda.nix deleted file mode 100644 index 0420dc43d..000000000 --- a/jeschli/2configs/emacs-org-agenda.nix +++ /dev/null @@ -1,2025 +0,0 @@ -let - modifiedBerndHansen = '' -;; Based on http://doc.norang.ca/org-mode.html -;; Organize your life in plain text -;; TODO: minimize this section -(if (boundp 'org-mode-user-lisp-path) - (add-to-list 'load-path org-mode-user-lisp-path) - (add-to-list 'load-path (expand-file-name "~/git/org-mode/lisp"))) - -(add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode)) -(require 'org) - -(add-to-list 'org-modules 'org-habit) - -;; -;; Standard key bindings -(global-set-key "\C-cl" 'org-store-link) -(global-set-key "\C-ca" 'org-agenda) -(global-set-key "\C-cb" 'org-iswitchb) - -;; The following setting is different from the document so that you -;; can override the document org-agenda-files by setting your -;; org-agenda-files in the variable org-user-agenda-files -;; -;; (if (boundp 'org-user-agenda-files) -;; (setq org-agenda-files org-user-agenda-files) -;; (setq org-agenda-files (quote ("~/git/org")))) - -;; Custom Key Bindings -(global-set-key (kbd "<f12>") 'org-agenda) -(global-set-key (kbd "<S-f5>") 'bh/widen) -(global-set-key (kbd "<f9> <f9>") 'bh/show-org-agenda) -(global-set-key (kbd "<f9> b") 'bbdb) -(global-set-key (kbd "<f9> c") 'calendar) -(global-set-key (kbd "<f9> f") 'boxquote-insert-file) -(global-set-key (kbd "<f9> g") 'gnus) -(global-set-key (kbd "<f9> h") 'bh/hide-other) -(global-set-key (kbd "<f9> n") 'bh/toggle-next-task-display) - -(global-set-key (kbd "<f9> I") 'bh/punch-in) -(global-set-key (kbd "<f9> O") 'bh/punch-out) - -(global-set-key (kbd "<f9> o") 'bh/make-org-scratch) - -(global-set-key (kbd "<f9> r") 'boxquote-region) -(global-set-key (kbd "<f9> s") 'bh/switch-to-scratch) - -(global-set-key (kbd "<f9> t") 'bh/insert-inactive-timestamp) -(global-set-key (kbd "<f9> T") 'bh/toggle-insert-inactive-timestamp) - -(global-set-key (kbd "<f9> v") 'visible-mode) -(global-set-key (kbd "<f9> l") 'org-toggle-link-display) -(global-set-key (kbd "<f9> SPC") 'bh/clock-in-last-task) -(global-set-key (kbd "C-<f9>") 'previous-buffer) -(global-set-key (kbd "M-<f9>") 'org-toggle-inline-images) -(global-set-key (kbd "C-x n r") 'narrow-to-region) -(global-set-key (kbd "C-<f10>") 'next-buffer) -(global-set-key (kbd "<f11>") 'org-clock-goto) -(global-set-key (kbd "C-<f11>") 'org-clock-in) -(global-set-key (kbd "C-s-<f12>") 'bh/save-then-publish) -(global-set-key (kbd "C-c c") 'org-capture) - -(defun bh/hide-other () - (interactive) - (save-excursion - (org-back-to-heading 'invisible-ok) - (hide-other) - (org-cycle) - (org-cycle) - (org-cycle))) - -(defun bh/set-truncate-lines () - "Toggle value of truncate-lines and refresh window display." - (interactive) - (setq truncate-lines (not truncate-lines)) - ;; now refresh window display (an idiom from simple.el): - (save-excursion - (set-window-start (selected-window) - (window-start (selected-window))))) - -(defun bh/make-org-scratch () - (interactive) - (find-file "/tmp/publish/scratch.org") - (gnus-make-directory "/tmp/publish")) - -(defun bh/switch-to-scratch () - (interactive) - (switch-to-buffer "*scratch*")) - -(setq org-todo-keywords - (quote ((sequence "TODO(t)" "NEXT(n)" "|" "DONE(d)") - (sequence "WAITING(w@/!)" "HOLD(h@/!)" "|" "CANCELLED(c@/!)" "PHONE" "MEETING")))) - -(setq org-todo-keyword-faces - (quote (("TODO" :foreground "red" :weight bold) - ("NEXT" :foreground "blue" :weight bold) - ("DONE" :foreground "forest green" :weight bold) - ("WAITING" :foreground "orange" :weight bold) - ("HOLD" :foreground "magenta" :weight bold) - ("CANCELLED" :foreground "forest green" :weight bold) - ("MEETING" :foreground "forest green" :weight bold) - ("PHONE" :foreground "forest green" :weight bold)))) - -(setq org-use-fast-todo-selection t) - -(setq org-treat-S-cursor-todo-selection-as-state-change nil) - -(setq org-todo-state-tags-triggers - (quote (("CANCELLED" ("CANCELLED" . t)) - ("WAITING" ("WAITING" . t)) - ("HOLD" ("WAITING") ("HOLD" . t)) - (done ("WAITING") ("HOLD")) - ("TODO" ("WAITING") ("CANCELLED") ("HOLD")) - ("NEXT" ("WAITING") ("CANCELLED") ("HOLD")) - ("DONE" ("WAITING") ("CANCELLED") ("HOLD"))))) - -(setq org-directory "~/projects/notes_privat") -(setq org-default-notes-file "~/projects/notes_privat/refile.org") - -;; I use C-c c to start capture mode -(global-set-key (kbd "C-c c") 'org-capture) - -;; Capture templates for: TODO tasks, Notes, appointments, phone calls, meetings, and org-protocol -(setq org-capture-templates - (quote (("t" "todo" entry (file org-default-notes-file) - "* TODO %?\n%U\n%a\n" :clock-in t :clock-resume t) - ("r" "respond" entry (file org-default-notes-file) - "* NEXT Respond to %:from on %:subject\nSCHEDULED: %t\n%U\n%a\n" :clock-in t :clock-resume t :immediate-finish t) - ("n" "note" entry (file org-default-notes-file) - "* %? :NOTE:\n%U\n%a\n" :clock-in t :clock-resume t) - ("j" "Journal" entry (file+datetree "~/git/org/diary.org") - "* %?\n%U\n" :clock-in t :clock-resume t) - ("w" "org-protocol" entry (file org-default-notes-file) - "* TODO Review %c\n%U\n" :immediate-finish t) - ("m" "Meeting" entry (file org-default-notes-file) - "* MEETING with %? :MEETING:\n%U" :clock-in t :clock-resume t) - ("p" "Phone call" entry (file org-default-notes-file) - "* PHONE %? :PHONE:\n%U" :clock-in t :clock-resume t) - ("h" "Habit" entry (file org-default-notes-file) - "* NEXT %?\n%U\n%a\nSCHEDULED: %(format-time-string \"%<<%Y-%m-%d %a .+1d/3d>>\")\n:PROPERTIES:\n:STYLE: habit\n:REPEAT_TO_STATE: NEXT\n:END:\n")))) - -;; Remove empty LOGBOOK drawers on clock out -(defun bh/remove-empty-drawer-on-clock-out () - (interactive) - (save-excursion - (beginning-of-line 0) - (org-remove-empty-drawer-at (point)))) - -(add-hook 'org-clock-out-hook 'bh/remove-empty-drawer-on-clock-out 'append) - -; Targets include this file and any file contributing to the agenda - up to 9 levels deep -(setq org-refile-targets (quote ((nil :maxlevel . 9) - (org-agenda-files :maxlevel . 9)))) - -; Use full outline paths for refile targets - we file directly with IDO -(setq org-refile-use-outline-path t) - -; Targets complete directly with IDO -(setq org-outline-path-complete-in-steps nil) - -; Allow refile to create parent tasks with confirmation -(setq org-refile-allow-creating-parent-nodes (quote confirm)) - -; Use IDO for both buffer and file completion and ido-everywhere to t -; (setq org-completion-use-ido t) -; (setq ido-everywhere t) -; (setq ido-max-directory-size 100000) -; (ido-mode (quote both)) -; ; Use the current window when visiting files and buffers with ido -; (setq ido-default-file-method 'selected-window) -; (setq ido-default-buffer-method 'selected-window) -; ; Use the current window for indirect buffer display -(setq org-indirect-buffer-display 'current-window) - -;;;; Refile settings -; Exclude DONE state tasks from refile targets -(defun bh/verify-refile-target () - "Exclude todo keywords with a done state from refile targets" - (not (member (nth 2 (org-heading-components)) org-done-keywords))) - -(setq org-refile-target-verify-function 'bh/verify-refile-target) - -;; Do not dim blocked tasks -(setq org-agenda-dim-blocked-tasks nil) - -;; Compact the block agenda view -(setq org-agenda-compact-blocks t) - -;; Custom agenda command definitions -(setq org-agenda-custom-commands - (quote (("N" "Notes" tags "NOTE" - ((org-agenda-overriding-header "Notes") - (org-tags-match-list-sublevels t))) - ("h" "Habits" tags-todo "STYLE=\"habit\"" - ((org-agenda-overriding-header "Habits") - (org-agenda-sorting-strategy - '(todo-state-down effort-up category-keep)))) - (" " "Agenda" - ((agenda "" nil) - (tags "REFILE" - ((org-agenda-overriding-header "Tasks to Refile") - (org-tags-match-list-sublevels nil))) - (tags-todo "-CANCELLED/!" - ((org-agenda-overriding-header "Stuck Projects") - (org-agenda-skip-function 'bh/skip-non-stuck-projects) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "-HOLD-CANCELLED/!" - ((org-agenda-overriding-header "Projects") - (org-agenda-skip-function 'bh/skip-non-projects) - (org-tags-match-list-sublevels 'indented) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "-CANCELLED/!NEXT" - ((org-agenda-overriding-header (concat "Project Next Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks) - (org-tags-match-list-sublevels t) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(todo-state-down effort-up category-keep)))) - (tags-todo "-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Project Subtasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Standalone Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "-CANCELLED+WAITING|HOLD/!" - ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-tasks) - (org-tags-match-list-sublevels nil) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks))) - (tags "-REFILE/" - ((org-agenda-overriding-header "Tasks to Archive") - (org-agenda-skip-function 'bh/skip-non-archivable-tasks) - (org-tags-match-list-sublevels nil)))) - nil) - ("1" "Agenda (@buero|@vpn|WORK)" - ((agenda "" nil) - (tags "REFILE" - ((org-agenda-overriding-header "Tasks to Refile") - (org-tags-match-list-sublevels nil))) - (tags-todo "@buero|@vpn|WORK-CANCELLED/!" - ((org-agenda-overriding-header "Stuck Projects") - (org-agenda-skip-function 'bh/skip-non-stuck-projects) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@buero|@vpn|WORK-HOLD-CANCELLED/!" - ((org-agenda-overriding-header "Projects") - (org-agenda-skip-function 'bh/skip-non-projects) - (org-tags-match-list-sublevels 'indented) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@buero|@vpn|WORK-CANCELLED/!NEXT" - ((org-agenda-overriding-header (concat "Project Next Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks) - (org-tags-match-list-sublevels t) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(todo-state-down effort-up category-keep)))) - (tags-todo "@buero|@vpn|WORK-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Project Subtasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@buero|@vpn|WORK-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Standalone Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@buero|@vpn|WORK-CANCELLED+WAITING|HOLD/!" - ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-tasks) - (org-tags-match-list-sublevels nil) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks))) - (tags "@buero|@vpn|WORK-REFILE/" - ((org-agenda-overriding-header "Tasks to Archive") - (org-agenda-skip-function 'bh/skip-non-archivable-tasks) - (org-tags-match-list-sublevels nil)))) - nil) - ("2" "Agenda (@inet|@home))" - ((agenda "" nil) - (tags "REFILE" - ((org-agenda-overriding-header "Tasks to Refile") - (org-tags-match-list-sublevels nil))) - (tags-todo "@inet|@home-CANCELLED/!" - ((org-agenda-overriding-header "Stuck Projects") - (org-agenda-skip-function 'bh/skip-non-stuck-projects) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@inet|@home-HOLD-CANCELLED/!" - ((org-agenda-overriding-header "Projects") - (org-agenda-skip-function 'bh/skip-non-projects) - (org-tags-match-list-sublevels 'indented) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@inet|@home-CANCELLED/!NEXT" - ((org-agenda-overriding-header (concat "Project Next Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks) - (org-tags-match-list-sublevels t) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(todo-state-down effort-up category-keep)))) - (tags-todo "@inet|@home-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Project Subtasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@inet|@home-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Standalone Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@inet|@home-CANCELLED+WAITING|HOLD/!" - ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-tasks) - (org-tags-match-list-sublevels nil) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks))) - (tags "@inet|@home-REFILE/" - ((org-agenda-overriding-header "Tasks to Archive") - (org-agenda-skip-function 'bh/skip-non-archivable-tasks) - (org-tags-match-list-sublevels nil)))) - nil) - ))) - -(defun bh/org-auto-exclude-function (tag) - "Automatic task exclusion in the agenda with / RET" - (and (cond - ((string= tag "hold") - t) - ((string= tag "farm") - t)) - (concat "-" tag))) - -(setq org-agenda-auto-exclude-function 'bh/org-auto-exclude-function) - -;; -;; Resume clocking task when emacs is restarted -(org-clock-persistence-insinuate) -;; -;; Show lot of clocking history so it's easy to pick items off the C-F11 list -(setq org-clock-history-length 23) -;; Resume clocking task on clock-in if the clock is open -(setq org-clock-in-resume t) -;; Change tasks to NEXT when clocking in -(setq org-clock-in-switch-to-state 'bh/clock-in-to-next) -;; Separate drawers for clocking and logs -(setq org-drawers (quote ("PROPERTIES" "LOGBOOK"))) -;; Save clock data and state changes and notes in the LOGBOOK drawer -(setq org-clock-into-drawer t) -;; Sometimes I change tasks I'm clocking quickly - this removes clocked tasks with 0:00 duration -(setq org-clock-out-remove-zero-time-clocks t) -;; Clock out when moving task to a done state -(setq org-clock-out-when-done t) -;; Save the running clock and all clock history when exiting Emacs, load it on startup -(setq org-clock-persist t) -;; Do not prompt to resume an active clock -(setq org-clock-persist-query-resume nil) -;; Enable auto clock resolution for finding open clocks -(setq org-clock-auto-clock-resolution (quote when-no-clock-is-running)) -;; Include current clocking task in clock reports -(setq org-clock-report-include-clocking-task t) - -(setq bh/keep-clock-running nil) - -(defun bh/clock-in-to-next (kw) - "Switch a task from TODO to NEXT when clocking in. -Skips capture tasks, projects, and subprojects. -Switch projects and subprojects from NEXT back to TODO" - (when (not (and (boundp 'org-capture-mode) org-capture-mode)) - (cond - ((and (member (org-get-todo-state) (list "TODO")) - (bh/is-task-p)) - "NEXT") - ((and (member (org-get-todo-state) (list "NEXT")) - (bh/is-project-p)) - "TODO")))) - -(defun bh/find-project-task () - "Move point to the parent (project) task if any" - (save-restriction - (widen) - (let ((parent-task (save-excursion (org-back-to-heading 'invisible-ok) (point)))) - (while (org-up-heading-safe) - (when (member (nth 2 (org-heading-components)) org-todo-keywords-1) - (setq parent-task (point)))) - (goto-char parent-task) - parent-task))) - -(defun bh/punch-in (arg) - "Start continuous clocking and set the default task to the -selected task. If no task is selected set the Organization task -as the default task." - (interactive "p") - (setq bh/keep-clock-running t) - (if (equal major-mode 'org-agenda-mode) - ;; - ;; We're in the agenda - ;; - (let* ((marker (org-get-at-bol 'org-hd-marker)) - (tags (org-with-point-at marker (org-get-tags-at)))) - (if (and (eq arg 4) tags) - (org-agenda-clock-in '(16)) - (bh/clock-in-organization-task-as-default))) - ;; - ;; We are not in the agenda - ;; - (save-restriction - (widen) - ; Find the tags on the current task - (if (and (equal major-mode 'org-mode) (not (org-before-first-heading-p)) (eq arg 4)) - (org-clock-in '(16)) - (bh/clock-in-organization-task-as-default))))) - -(defun bh/punch-out () - (interactive) - (setq bh/keep-clock-running nil) - (when (org-clock-is-active) - (org-clock-out)) - (org-agenda-remove-restriction-lock)) - -(defun bh/clock-in-default-task () - (save-excursion - (org-with-point-at org-clock-default-task - (org-clock-in)))) - -(defun bh/clock-in-parent-task () - "Move point to the parent (project) task if any and clock in" - (let ((parent-task)) - (save-excursion - (save-restriction - (widen) - (while (and (not parent-task) (org-up-heading-safe)) - (when (member (nth 2 (org-heading-components)) org-todo-keywords-1) - (setq parent-task (point)))) - (if parent-task - (org-with-point-at parent-task - (org-clock-in)) - (when bh/keep-clock-running - (bh/clock-in-default-task))))))) - -(defvar bh/organization-task-id "eb155a82-92b2-4f25-a3c6-0304591af2f9") - -(defun bh/clock-in-organization-task-as-default () - (interactive) - (org-with-point-at (org-id-find bh/organization-task-id 'marker) - (org-clock-in '(16)))) - -(defun bh/clock-out-maybe () - (when (and bh/keep-clock-running - (not org-clock-clocking-in) - (marker-buffer org-clock-default-task) - (not org-clock-resolving-clocks-due-to-idleness)) - (bh/clock-in-parent-task))) - -(add-hook 'org-clock-out-hook 'bh/clock-out-maybe 'append) - -(require 'org-id) -(defun bh/clock-in-task-by-id (id) - "Clock in a task by id" - (org-with-point-at (org-id-find id 'marker) - (org-clock-in nil))) - -(defun bh/clock-in-last-task (arg) - "Clock in the interrupted task if there is one -Skip the default task and get the next one. -A prefix arg forces clock in of the default task." - (interactive "p") - (let ((clock-in-to-task - (cond - ((eq arg 4) org-clock-default-task) - ((and (org-clock-is-active) - (equal org-clock-default-task (cadr org-clock-history))) - (caddr org-clock-history)) - ((org-clock-is-active) (cadr org-clock-history)) - ((equal org-clock-default-task (car org-clock-history)) (cadr org-clock-history)) - (t (car org-clock-history))))) - (widen) - (org-with-point-at clock-in-to-task - (org-clock-in nil)))) - -(setq org-time-stamp-rounding-minutes (quote (1 1))) - -(setq org-agenda-clock-consistency-checks - (quote (:max-duration "4:00" - :min-duration 0 - :max-gap 0 - :gap-ok-around ("4:00")))) - -;; Sometimes I change tasks I'm clocking quickly - this removes clocked tasks with 0:00 duration -(setq org-clock-out-remove-zero-time-clocks t) - -;; Agenda clock report parameters -(setq org-agenda-clockreport-parameter-plist - (quote (:link t :maxlevel 5 :fileskip0 t :compact t :narrow 80))) - -; Set default column view headings: Task Effort Clock_Summary -(setq org-columns-default-format "%80ITEM(Task) %10Effort(Effort){:} %10CLOCKSUM") - -; global Effort estimate values -; global STYLE property values for completion -(setq org-global-properties (quote (("Effort_ALL" . "0:15 0:30 0:45 1:00 2:00 3:00 4:00 5:00 6:00 0:00") - ("STYLE_ALL" . "habit")))) - -;; Agenda log mode items to display (closed and state changes by default) -(setq org-agenda-log-mode-items (quote (closed state))) - -; Tags with fast selection keys -(setq org-tag-alist (quote ((:startgroup) - ("@errand" . ?E) - ("@buero" . ?B) - ("@omw" . ?O) - ("@vpn" . ?V) - ("@inet" . ?I) - ("@home" . ?H) - (:endgroup) - ("WAITING" . ?w) - ("HOLD" . ?h) - ("PERSONAL" . ?p) - ("WORK" . ?w) - ("ORG" . ?o) - ("crypt" . ?e) - ("NOTE" . ?n) - ("CANCELLED" . ?c) - ("FLAGGED" . ??)))) - -; Allow setting single tags without the menu -(setq org-fast-tag-selection-single-key (quote expert)) - -; For tag searches ignore tasks with scheduled and deadline dates -(setq org-agenda-tags-todo-honor-ignore-options t) - -(require 'bbdb) -(require 'bbdb-com) - -(global-set-key (kbd "<f9> p") 'bh/phone-call) - -;; -;; Phone capture template handling with BBDB lookup -;; Adapted from code by Gregory J. Grubbs -(defun bh/phone-call () - "Return name and company info for caller from bbdb lookup" - (interactive) - (let* (name rec caller) - (setq name (completing-read "Who is calling? " - (bbdb-hashtable) - 'bbdb-completion-predicate - 'confirm)) - (when (> (length name) 0) - ; Something was supplied - look it up in bbdb - (setq rec - (or (first - (or (bbdb-search (bbdb-records) name nil nil) - (bbdb-search (bbdb-records) nil name nil))) - name))) - - ; Build the bbdb link if we have a bbdb record, otherwise just return the name - (setq caller (cond ((and rec (vectorp rec)) - (let ((name (bbdb-record-name rec)) - (company (bbdb-record-company rec))) - (concat "[[bbdb:" - name "][" - name "]]" - (when company - (concat " - " company))))) - (rec) - (t "NameOfCaller"))) - (insert caller))) - -(setq org-agenda-span 'day) - -(setq org-stuck-projects (quote ("" nil nil ""))) - -(defun bh/is-project-p () - "Any task with a todo keyword subtask" - (save-restriction - (widen) - (let ((has-subtask) - (subtree-end (save-excursion (org-end-of-subtree t))) - (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1))) - (save-excursion - (forward-line 1) - (while (and (not has-subtask) - (< (point) subtree-end) - (re-search-forward "^\*+ " subtree-end t)) - (when (member (org-get-todo-state) org-todo-keywords-1) - (setq has-subtask t)))) - (and is-a-task has-subtask)))) - -(defun bh/is-project-subtree-p () - "Any task with a todo keyword that is in a project subtree. -Callers of this function already widen the buffer view." - (let ((task (save-excursion (org-back-to-heading 'invisible-ok) - (point)))) - (save-excursion - (bh/find-project-task) - (if (equal (point) task) - nil - t)))) - -(defun bh/is-task-p () - "Any task with a todo keyword and no subtask" - (save-restriction - (widen) - (let ((has-subtask) - (subtree-end (save-excursion (org-end-of-subtree t))) - (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1))) - (save-excursion - (forward-line 1) - (while (and (not has-subtask) - (< (point) subtree-end) - (re-search-forward "^\*+ " subtree-end t)) - (when (member (org-get-todo-state) org-todo-keywords-1) - (setq has-subtask t)))) - (and is-a-task (not has-subtask))))) - -(defun bh/is-subproject-p () - "Any task which is a subtask of another project" - (let ((is-subproject) - (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1))) - (save-excursion - (while (and (not is-subproject) (org-up-heading-safe)) - (when (member (nth 2 (org-heading-components)) org-todo-keywords-1) - (setq is-subproject t)))) - (and is-a-task is-subproject))) - -(defun bh/list-sublevels-for-projects-indented () - "Set org-tags-match-list-sublevels so when restricted to a subtree we list all subtasks. - This is normally used by skipping functions where this variable is already local to the agenda." - (if (marker-buffer org-agenda-restrict-begin) - (setq org-tags-match-list-sublevels 'indented) - (setq org-tags-match-list-sublevels nil)) - nil) - -(defun bh/list-sublevels-for-projects () - "Set org-tags-match-list-sublevels so when restricted to a subtree we list all subtasks. - This is normally used by skipping functions where this variable is already local to the agenda." - (if (marker-buffer org-agenda-restrict-begin) - (setq org-tags-match-list-sublevels t) - (setq org-tags-match-list-sublevels nil)) - nil) - -(defvar bh/hide-scheduled-and-waiting-next-tasks t) - -(defun bh/toggle-next-task-display () - (interactive) - (setq bh/hide-scheduled-and-waiting-next-tasks (not bh/hide-scheduled-and-waiting-next-tasks)) - (when (equal major-mode 'org-agenda-mode) - (org-agenda-redo)) - (message "%s WAITING and SCHEDULED NEXT Tasks" (if bh/hide-scheduled-and-waiting-next-tasks "Hide" "Show"))) - -(defun bh/skip-stuck-projects () - "Skip trees that are not stuck projects" - (save-restriction - (widen) - (let ((next-headline (save-excursion (or (outline-next-heading) (point-max))))) - (if (bh/is-project-p) - (let* ((subtree-end (save-excursion (org-end-of-subtree t))) - (has-next )) - (save-excursion - (forward-line 1) - (while (and (not has-next) (< (point) subtree-end) (re-search-forward "^\\*+ NEXT " subtree-end t)) - (unless (member "WAITING" (org-get-tags-at)) - (setq has-next t)))) - (if has-next - nil - next-headline)) ; a stuck project, has subtasks but no next task - nil)))) - -(defun bh/skip-non-stuck-projects () - "Skip trees that are not stuck projects" - ;; (bh/list-sublevels-for-projects-indented) - (save-restriction - (widen) - (let ((next-headline (save-excursion (or (outline-next-heading) (point-max))))) - (if (bh/is-project-p) - (let* ((subtree-end (save-excursion (org-end-of-subtree t))) - (has-next )) - (save-excursion - (forward-line 1) - (while (and (not has-next) (< (point) subtree-end) (re-search-forward "^\\*+ NEXT " subtree-end t)) - (unless (member "WAITING" (org-get-tags-at)) - (setq has-next t)))) - (if has-next - next-headline - nil)) ; a stuck project, has subtasks but no next task - next-headline)))) - -(defun bh/skip-non-projects () - "Skip trees that are not projects" - ;; (bh/list-sublevels-for-projects-indented) - (if (save-excursion (bh/skip-non-stuck-projects)) - (save-restriction - (widen) - (let ((subtree-end (save-excursion (org-end-of-subtree t)))) - (cond - ((bh/is-project-p) - nil) - ((and (bh/is-project-subtree-p) (not (bh/is-task-p))) - nil) - (t - subtree-end)))) - (save-excursion (org-end-of-subtree t)))) - -(defun bh/skip-non-tasks () - "Show non-project tasks. -Skip project and sub-project tasks, habits, and project related tasks." - (save-restriction - (widen) - (let ((next-headline (save-excursion (or (outline-next-heading) (point-max))))) - (cond - ((bh/is-task-p) - nil) - (t - next-headline))))) - -(defun bh/skip-project-trees-and-habits () - "Skip trees that are projects" - (save-restriction - (widen) - (let ((subtree-end (save-excursion (org-end-of-subtree t)))) - (cond - ((bh/is-project-p) - subtree-end) - ((org-is-habit-p) - subtree-end) - (t - nil))))) - -(defun bh/skip-projects-and-habits-and-single-tasks () - "Skip trees that are projects, tasks that are habits, single non-project tasks" - (save-restriction - (widen) - (let ((next-headline (save-excursion (or (outline-next-heading) (point-max))))) - (cond - ((org-is-habit-p) - next-headline) - ((and bh/hide-scheduled-and-waiting-next-tasks - (member "WAITING" (org-get-tags-at))) - next-headline) - ((bh/is-project-p) - next-headline) - ((and (bh/is-task-p) (not (bh/is-project-subtree-p))) - next-headline) - (t - nil))))) - -(defun bh/skip-project-tasks-maybe () - "Show tasks related to the current restriction. -When restricted to a project, skip project and sub project tasks, habits, NEXT tasks, and loose tasks. -When not restricted, skip project and sub-project tasks, habits, and project related tasks." - (save-restriction - (widen) - (let* ((subtree-end (save-excursion (org-end-of-subtree t))) - (next-headline (save-excursion (or (outline-next-heading) (point-max)))) - (limit-to-project (marker-buffer org-agenda-restrict-begin))) - (cond - ((bh/is-project-p) - next-headline) - ((org-is-habit-p) - subtree-end) - ((and (not limit-to-project) - (bh/is-project-subtree-p)) - subtree-end) - ((and limit-to-project - (bh/is-project-subtree-p) - (member (org-get-todo-state) (list "NEXT"))) - subtree-end) - (t - nil))))) - -(defun bh/skip-project-tasks () - "Show non-project tasks. -Skip project and sub-project tasks, habits, and project related tasks." - (save-restriction - (widen) - (let* ((subtree-end (save-excursion (org-end-of-subtree t)))) - (cond - ((bh/is-project-p) - subtree-end) - ((org-is-habit-p) - subtree-end) - ((bh/is-project-subtree-p) - subtree-end) - (t - nil))))) - -(defun bh/skip-non-project-tasks () - "Show project tasks. -Skip project and sub-project tasks, habits, and loose non-project tasks." - (save-restriction - (widen) - (let* ((subtree-end (save-excursion (org-end-of-subtree t))) - (next-headline (save-excursion (or (outline-next-heading) (point-max))))) - (cond - ((bh/is-project-p) - next-headline) - ((org-is-habit-p) - subtree-end) - ((and (bh/is-project-subtree-p) - (member (org-get-todo-state) (list "NEXT"))) - subtree-end) - ((not (bh/is-project-subtree-p)) - subtree-end) - (t - nil))))) - -(defun bh/skip-projects-and-habits () - "Skip trees that are projects and tasks that are habits" - (save-restriction - (widen) - (let ((subtree-end (save-excursion (org-end-of-subtree t)))) - (cond - ((bh/is-project-p) - subtree-end) - ((org-is-habit-p) - subtree-end) - (t - nil))))) - -(defun bh/skip-non-subprojects () - "Skip trees that are not projects" - (let ((next-headline (save-excursion (outline-next-heading)))) - (if (bh/is-subproject-p) - nil - next-headline))) - -(setq org-archive-mark-done nil) -(setq org-archive-location "%s_archive::* Archived Tasks") - -(defun bh/skip-non-archivable-tasks () - "Skip trees that are not available for archiving" - (save-restriction - (widen) - ;; Consider only tasks with done todo headings as archivable candidates - (let ((next-headline (save-excursion (or (outline-next-heading) (point-max)))) - (subtree-end (save-excursion (org-end-of-subtree t)))) - (if (member (org-get-todo-state) org-todo-keywords-1) - (if (member (org-get-todo-state) org-done-keywords) - (let* ((daynr (string-to-number (format-time-string "%d" (current-time)))) - (a-month-ago (* 60 60 24 (+ daynr 1))) - (last-month (format-time-string "%Y-%m-" (time-subtract (current-time) (seconds-to-time a-month-ago)))) - (this-month (format-time-string "%Y-%m-" (current-time))) - (subtree-is-current (save-excursion - (forward-line 1) - (and (< (point) subtree-end) - (re-search-forward (concat last-month "\\|" this-month) subtree-end t))))) - (if subtree-is-current - subtree-end ; Has a date in this month or last month, skip it - nil)) ; available to archive - (or subtree-end (point-max))) - next-headline)))) -(setq org-alphabetical-lists t) - -;; Explicitly load required exporters -(require 'ox-html) -(require 'ox-latex) -(require 'ox-ascii) - -(setq org-ditaa-jar-path "~/git/org-mode/contrib/scripts/ditaa.jar") -(setq org-plantuml-jar-path "~/java/plantuml.jar") - -(add-hook 'org-babel-after-execute-hook 'bh/display-inline-images 'append) - -; Make babel results blocks lowercase -(setq org-babel-results-keyword "results") - -(defun bh/display-inline-images () - (condition-case nil - (org-display-inline-images) - (error nil))) - -(org-babel-do-load-languages - (quote org-babel-load-languages) - (quote ((emacs-lisp . t) - (dot . t) - (ditaa . t) - (R . t) - (python . t) - (ruby . t) - (gnuplot . t) - (clojure . t) - (shell . t) - (ledger . t) - (org . t) - (plantuml . t) - (latex . t)))) - -; Do not prompt to confirm evaluation -; This may be dangerous - make sure you understand the consequences -; of setting this -- see the docstring for details -(setq org-confirm-babel-evaluate nil) - -; Use fundamental mode when editing plantuml blocks with C-c ' -(add-to-list 'org-src-lang-modes (quote ("plantuml" . fundamental))) - -;; Don't enable this because it breaks access to emacs from my Android phone -(setq org-startup-with-inline-images nil) - -; experimenting with docbook exports - not finished -(setq org-export-docbook-xsl-fo-proc-command "fop %s %s") -(setq org-export-docbook-xslt-proc-command "xsltproc --output %s /usr/share/xml/docbook/stylesheet/nwalsh/fo/docbook.xsl %s") -; -; Inline images in HTML instead of producting links to the image -(setq org-html-inline-images t) -; Do not use sub or superscripts - I currently don't need this functionality in my documents -(setq org-export-with-sub-superscripts nil) -; Use org.css from the norang website for export document stylesheets -(setq org-html-head-extra "<link rel=\"stylesheet\" href=\"http://doc.norang.ca/org.css\" type=\"text/css\" />") -(setq org-html-head-include-default-style nil) -; Do not generate internal css formatting for HTML exports -(setq org-export-htmlize-output-type (quote css)) -; Export with LaTeX fragments -(setq org-export-with-LaTeX-fragments t) -; Increase default number of headings to export -(setq org-export-headline-levels 6) - -; List of projects -; norang - http://www.norang.ca/ -; doc - http://doc.norang.ca/ -; org-mode-doc - http://doc.norang.ca/org-mode.html and associated files -; org - miscellaneous todo lists for publishing -(setq org-publish-project-alist - ; - ; http://www.norang.ca/ (norang website) - ; norang-org are the org-files that generate the content - ; norang-extra are images and css files that need to be included - ; norang is the top-level project that gets published - (quote (("norang-org" - :base-directory "~/git/www.norang.ca" - :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs" - :recursive t - :table-of-contents nil - :base-extension "org" - :publishing-function org-html-publish-to-html - :style-include-default nil - :section-numbers nil - :table-of-contents nil - :html-head "<link rel=\"stylesheet\" href=\"norang.css\" type=\"text/css\" />" - :author-info nil - :creator-info nil) - ("norang-extra" - :base-directory "~/git/www.norang.ca/" - :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs" - :base-extension "css\\|pdf\\|png\\|jpg\\|gif" - :publishing-function org-publish-attachment - :recursive t - :author nil) - ("norang" - :components ("norang-org" "norang-extra")) - ; - ; http://doc.norang.ca/ (norang website) - ; doc-org are the org-files that generate the content - ; doc-extra are images and css files that need to be included - ; doc is the top-level project that gets published - ("doc-org" - :base-directory "~/git/doc.norang.ca/" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs" - :recursive nil - :section-numbers nil - :table-of-contents nil - :base-extension "org" - :publishing-function (org-html-publish-to-html org-org-publish-to-org) - :style-include-default nil - :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />" - :author-info nil - :creator-info nil) - ("doc-extra" - :base-directory "~/git/doc.norang.ca/" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs" - :base-extension "css\\|pdf\\|png\\|jpg\\|gif" - :publishing-function org-publish-attachment - :recursive nil - :author nil) - ("doc" - :components ("doc-org" "doc-extra")) - ("doc-private-org" - :base-directory "~/git/doc.norang.ca/private" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs/private" - :recursive nil - :section-numbers nil - :table-of-contents nil - :base-extension "org" - :publishing-function (org-html-publish-to-html org-org-publish-to-org) - :style-include-default nil - :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />" - :auto-sitemap t - :sitemap-filename "index.html" - :sitemap-title "Norang Private Documents" - :sitemap-style "tree" - :author-info nil - :creator-info nil) - ("doc-private-extra" - :base-directory "~/git/doc.norang.ca/private" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs/private" - :base-extension "css\\|pdf\\|png\\|jpg\\|gif" - :publishing-function org-publish-attachment - :recursive nil - :author nil) - ("doc-private" - :components ("doc-private-org" "doc-private-extra")) - ; - ; Miscellaneous pages for other websites - ; org are the org-files that generate the content - ("org-org" - :base-directory "~/git/org/" - :publishing-directory "/ssh:www-data@www:~/org" - :recursive t - :section-numbers nil - :table-of-contents nil - :base-extension "org" - :publishing-function org-html-publish-to-html - :style-include-default nil - :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />" - :author-info nil - :creator-info nil) - ; - ; http://doc.norang.ca/ (norang website) - ; org-mode-doc-org this document - ; org-mode-doc-extra are images and css files that need to be included - ; org-mode-doc is the top-level project that gets published - ; This uses the same target directory as the 'doc' project - ("org-mode-doc-org" - :base-directory "~/git/org-mode-doc/" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs" - :recursive t - :section-numbers nil - :table-of-contents nil - :base-extension "org" - :publishing-function (org-html-publish-to-html) - :plain-source t - :htmlized-source t - :style-include-default nil - :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />" - :author-info nil - :creator-info nil) - ("org-mode-doc-extra" - :base-directory "~/git/org-mode-doc/" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs" - :base-extension "css\\|pdf\\|png\\|jpg\\|gif\\|org" - :publishing-function org-publish-attachment - :recursive t - :author nil) - ("org-mode-doc" - :components ("org-mode-doc-org" "org-mode-doc-extra")) - ; - ; http://doc.norang.ca/ (norang website) - ; org-mode-doc-org this document - ; org-mode-doc-extra are images and css files that need to be included - ; org-mode-doc is the top-level project that gets published - ; This uses the same target directory as the 'doc' project - ("tmp-org" - :base-directory "/tmp/publish/" - :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs/tmp" - :recursive t - :section-numbers nil - :table-of-contents nil - :base-extension "org" - :publishing-function (org-html-publish-to-html org-org-publish-to-org) - :html-head "<link rel=\"stylesheet\" href=\"http://doc.norang.ca/org.css\" type=\"text/css\" />" - :plain-source t - :htmlized-source t - :style-include-default nil - :auto-sitemap t - :sitemap-filename "index.html" - :sitemap-title "Test Publishing Area" - :sitemap-style "tree" - :author-info t - :creator-info t) - ("tmp-extra" - :base-directory "/tmp/publish/" - :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs/tmp" - :base-extension "css\\|pdf\\|png\\|jpg\\|gif" - :publishing-function org-publish-attachment - :recursive t - :author nil) - ("tmp" - :components ("tmp-org" "tmp-extra"))))) - -; I'm lazy and don't want to remember the name of the project to publish when I modify -; a file that is part of a project. So this function saves the file, and publishes -; the project that includes this file -; -; It's bound to C-S-F12 so I just edit and hit C-S-F12 when I'm done and move on to the next thing -(defun bh/save-then-publish (&optional force) - (interactive "P") - (save-buffer) - (org-save-all-org-buffers) - (let ((org-html-head-extra) - (org-html-validation-link "<a href=\"http://validator.w3.org/check?uri=referer\">Validate XHTML 1.0</a>")) - (org-publish-current-project force))) - -(global-set-key (kbd "C-s-<f12>") 'bh/save-then-publish) - -(setq org-latex-listings t) - -(setq org-html-xml-declaration (quote (("html" . "") - ("was-html" . "<?xml version=\"1.0\" encoding=\"%s\"?>") - ("php" . "<?php echo \"<?xml version=\\\"1.0\\\" encoding=\\\"%s\\\" ?>\"; ?>")))) - -(setq org-export-allow-BIND t) - -; Erase all reminders and rebuilt reminders for today from the agenda -(defun bh/org-agenda-to-appt () - (interactive) - (setq appt-time-msg-list nil) - (org-agenda-to-appt)) - -; Rebuild the reminders everytime the agenda is displayed -(add-hook 'org-finalize-agenda-hook 'bh/org-agenda-to-appt 'append) - -; This is at the end of my .emacs - so appointments are set up when Emacs starts -(bh/org-agenda-to-appt) - -; Activate appointments so we get notifications -(appt-activate t) - -; If we leave Emacs running overnight - reset the appointments one minute after midnight -(run-at-time "24:01" nil 'bh/org-agenda-to-appt) - -;; Enable abbrev-mode -(add-hook 'org-mode-hook (lambda () (abbrev-mode 1))) - -;; Skeletons -;; -;; sblk - Generic block #+begin_FOO .. #+end_FOO -(define-skeleton skel-org-block - "Insert an org block, querying for type." - "Type: " - "#+begin_" str "\n" - _ - \n - "#+end_" str "\n") - -(define-abbrev org-mode-abbrev-table "sblk" "" 'skel-org-block) - -;; splantuml - PlantUML Source block -(define-skeleton skel-org-block-plantuml - "Insert a org plantuml block, querying for filename." - "File (no extension): " - "#+begin_src plantuml :file " str ".png :cache yes\n" - _ - \n - "#+end_src\n") - -(define-abbrev org-mode-abbrev-table "splantuml" "" 'skel-org-block-plantuml) - -(define-skeleton skel-org-block-plantuml-activity - "Insert a org plantuml block, querying for filename." - "File (no extension): " - "#+begin_src plantuml :file " str "-act.png :cache yes :tangle " str "-act.txt\n" - (bh/plantuml-reset-counters) - "@startuml\n" - "skinparam activity {\n" - "BackgroundColor<<New>> Cyan\n" - "}\n\n" - "title " str " - \n" - "note left: " str "\n" - "(*) --> \"" str "\"\n" - "--> (*)\n" - _ - \n - "@enduml\n" - "#+end_src\n") - -(defvar bh/plantuml-if-count 0) - -(defun bh/plantuml-if () - (incf bh/plantuml-if-count) - (number-to-string bh/plantuml-if-count)) - -(defvar bh/plantuml-loop-count 0) - -(defun bh/plantuml-loop () - (incf bh/plantuml-loop-count) - (number-to-string bh/plantuml-loop-count)) - -(defun bh/plantuml-reset-counters () - (setq bh/plantuml-if-count 0 - bh/plantuml-loop-count 0) - "") - -(define-abbrev org-mode-abbrev-table "sact" "" 'skel-org-block-plantuml-activity) - -(define-skeleton skel-org-block-plantuml-activity-if - "Insert a org plantuml block activity if statement" - "" - "if \"\" then\n" - " -> [condition] ==IF" (setq ifn (bh/plantuml-if)) "==\n" - " --> ==IF" ifn "M1==\n" - " -left-> ==IF" ifn "M2==\n" - "else\n" - "end if\n" - "--> ==IF" ifn "M2==") - -(define-abbrev org-mode-abbrev-table "sif" "" 'skel-org-block-plantuml-activity-if) - -(define-skeleton skel-org-block-plantuml-activity-for - "Insert a org plantuml block activity for statement" - "Loop for each: " - "--> ==LOOP" (setq loopn (bh/plantuml-loop)) "==\n" - "note left: Loop" loopn ": For each " str "\n" - "--> ==ENDLOOP" loopn "==\n" - "note left: Loop" loopn ": End for each " str "\n" ) - -(define-abbrev org-mode-abbrev-table "sfor" "" 'skel-org-block-plantuml-activity-for) - -(define-skeleton skel-org-block-plantuml-sequence - "Insert a org plantuml activity diagram block, querying for filename." - "File appends (no extension): " - "#+begin_src plantuml :file " str "-seq.png :cache yes :tangle " str "-seq.txt\n" - "@startuml\n" - "title " str " - \n" - "actor CSR as \"Customer Service Representative\"\n" - "participant CSMO as \"CSM Online\"\n" - "participant CSMU as \"CSM Unix\"\n" - "participant NRIS\n" - "actor Customer" - _ - \n - "@enduml\n" - "#+end_src\n") - -(define-abbrev org-mode-abbrev-table "sseq" "" 'skel-org-block-plantuml-sequence) - -;; sdot - Graphviz DOT block -(define-skeleton skel-org-block-dot - "Insert a org graphviz dot block, querying for filename." - "File (no extension): " - "#+begin_src dot :file " str ".png :cache yes :cmdline -Kdot -Tpng\n" - "graph G {\n" - _ - \n - "}\n" - "#+end_src\n") - -(define-abbrev org-mode-abbrev-table "sdot" "" 'skel-org-block-dot) - -;; sditaa - Ditaa source block -(define-skeleton skel-org-block-ditaa - "Insert a org ditaa block, querying for filename." - "File (no extension): " - "#+begin_src ditaa :file " str ".png :cache yes\n" - _ - \n - "#+end_src\n") - -(define-abbrev org-mode-abbrev-table "sditaa" "" 'skel-org-block-ditaa) - -;; selisp - Emacs Lisp source block -(define-skeleton skel-org-block-elisp - "Insert a org emacs-lisp block" - "" - "#+begin_src emacs-lisp\n" - _ - \n - "#+end_src\n") - -(define-abbrev org-mode-abbrev-table "selisp" "" 'skel-org-block-elisp) - -(defun bh/org-todo (arg) - (interactive "p") - (if (equal arg 4) - (save-restriction - (bh/narrow-to-org-subtree) - (org-show-todo-tree nil)) - (bh/narrow-to-org-subtree) - (org-show-todo-tree nil))) - -(global-set-key (kbd "<S-f5>") 'bh/widen) - -(defun bh/widen () - (interactive) - (if (equal major-mode 'org-agenda-mode) - (progn - (org-agenda-remove-restriction-lock) - (when org-agenda-sticky - (org-agenda-redo))) - (widen))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "W" (lambda () (interactive) (setq bh/hide-scheduled-and-waiting-next-tasks t) (bh/widen)))) - 'append) - -(defun bh/restrict-to-file-or-follow (arg) - "Set agenda restriction to 'file or with argument invoke follow mode. -I don't use follow mode very often but I restrict to file all the time -so change the default 'F' binding in the agenda to allow both" - (interactive "p") - (if (equal arg 4) - (org-agenda-follow-mode) - (widen) - (bh/set-agenda-restriction-lock 4) - (org-agenda-redo) - (beginning-of-buffer))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "F" 'bh/restrict-to-file-or-follow)) - 'append) - -(defun bh/narrow-to-org-subtree () - (widen) - (org-narrow-to-subtree) - (save-restriction - (org-agenda-set-restriction-lock))) - -(defun bh/narrow-to-subtree () - (interactive) - (if (equal major-mode 'org-agenda-mode) - (progn - (org-with-point-at (org-get-at-bol 'org-hd-marker) - (bh/narrow-to-org-subtree)) - (when org-agenda-sticky - (org-agenda-redo))) - (bh/narrow-to-org-subtree))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "N" 'bh/narrow-to-subtree)) - 'append) - -(defun bh/narrow-up-one-org-level () - (widen) - (save-excursion - (outline-up-heading 1 'invisible-ok) - (bh/narrow-to-org-subtree))) - -(defun bh/get-pom-from-agenda-restriction-or-point () - (or (and (marker-position org-agenda-restrict-begin) org-agenda-restrict-begin) - (org-get-at-bol 'org-hd-marker) - (and (equal major-mode 'org-mode) (point)) - org-clock-marker)) - -(defun bh/narrow-up-one-level () - (interactive) - (if (equal major-mode 'org-agenda-mode) - (progn - (org-with-point-at (bh/get-pom-from-agenda-restriction-or-point) - (bh/narrow-up-one-org-level)) - (org-agenda-redo)) - (bh/narrow-up-one-org-level))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "U" 'bh/narrow-up-one-level)) - 'append) - -(defun bh/narrow-to-org-project () - (widen) - (save-excursion - (bh/find-project-task) - (bh/narrow-to-org-subtree))) - -(defun bh/narrow-to-project () - (interactive) - (if (equal major-mode 'org-agenda-mode) - (progn - (org-with-point-at (bh/get-pom-from-agenda-restriction-or-point) - (bh/narrow-to-org-project) - (save-excursion - (bh/find-project-task) - (org-agenda-set-restriction-lock))) - (org-agenda-redo) - (beginning-of-buffer)) - (bh/narrow-to-org-project) - (save-restriction - (org-agenda-set-restriction-lock)))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "P" 'bh/narrow-to-project)) - 'append) - -(defvar bh/project-list nil) - -(defun bh/view-next-project () - (interactive) - (let (num-project-left current-project) - (unless (marker-position org-agenda-restrict-begin) - (goto-char (point-min)) - ; Clear all of the existing markers on the list - (while bh/project-list - (set-marker (pop bh/project-list) nil)) - (re-search-forward "Tasks to Refile") - (forward-visible-line 1)) - - ; Build a new project marker list - (unless bh/project-list - (while (< (point) (point-max)) - (while (and (< (point) (point-max)) - (or (not (org-get-at-bol 'org-hd-marker)) - (org-with-point-at (org-get-at-bol 'org-hd-marker) - (or (not (bh/is-project-p)) - (bh/is-project-subtree-p))))) - (forward-visible-line 1)) - (when (< (point) (point-max)) - (add-to-list 'bh/project-list (copy-marker (org-get-at-bol 'org-hd-marker)) 'append)) - (forward-visible-line 1))) - - ; Pop off the first marker on the list and display - (setq current-project (pop bh/project-list)) - (when current-project - (org-with-point-at current-project - (setq bh/hide-scheduled-and-waiting-next-tasks nil) - (bh/narrow-to-project)) - ; Remove the marker - (setq current-project nil) - (org-agenda-redo) - (beginning-of-buffer) - (setq num-projects-left (length bh/project-list)) - (if (> num-projects-left 0) - (message "%s projects left to view" num-projects-left) - (beginning-of-buffer) - (setq bh/hide-scheduled-and-waiting-next-tasks t) - (error "All projects viewed."))))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "V" 'bh/view-next-project)) - 'append) - -(setq org-show-entry-below (quote ((default)))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "\C-c\C-x<" 'bh/set-agenda-restriction-lock)) - 'append) - -(defun bh/set-agenda-restriction-lock (arg) - "Set restriction lock to current task subtree or file if prefix is specified" - (interactive "p") - (let* ((pom (bh/get-pom-from-agenda-restriction-or-point)) - (tags (org-with-point-at pom (org-get-tags-at)))) - (let ((restriction-type (if (equal arg 4) 'file 'subtree))) - (save-restriction - (cond - ((and (equal major-mode 'org-agenda-mode) pom) - (org-with-point-at pom - (org-agenda-set-restriction-lock restriction-type)) - (org-agenda-redo)) - ((and (equal major-mode 'org-mode) (org-before-first-heading-p)) - (org-agenda-set-restriction-lock 'file)) - (pom - (org-with-point-at pom - (org-agenda-set-restriction-lock restriction-type)))))))) - -;; Limit restriction lock highlighting to the headline only -(setq org-agenda-restriction-lock-highlight-subtree nil) - -;; Always hilight the current agenda line -(add-hook 'org-agenda-mode-hook - '(lambda () (hl-line-mode 1)) - 'append) - -;; Keep tasks with dates on the global todo lists -(setq org-agenda-todo-ignore-with-date nil) - -;; Keep tasks with deadlines on the global todo lists -(setq org-agenda-todo-ignore-deadlines nil) - -;; Keep tasks with scheduled dates on the global todo lists -(setq org-agenda-todo-ignore-scheduled nil) - -;; Keep tasks with timestamps on the global todo lists -(setq org-agenda-todo-ignore-timestamp nil) - -;; Remove completed deadline tasks from the agenda view -(setq org-agenda-skip-deadline-if-done t) - -;; Remove completed scheduled tasks from the agenda view -(setq org-agenda-skip-scheduled-if-done t) - -;; Remove completed items from search results -(setq org-agenda-skip-timestamp-if-done t) - -(setq org-agenda-include-diary nil) -(setq org-agenda-diary-file "~/git/org/diary.org") - -(setq org-agenda-insert-diary-extract-time t) - -;; Include agenda archive files when searching for things -(setq org-agenda-text-search-extra-files (quote (agenda-archives))) - -;; Show all future entries for repeating tasks -(setq org-agenda-repeating-timestamp-show-all t) - -;; Show all agenda dates - even if they are empty -(setq org-agenda-show-all-dates t) - -;; Sorting order for tasks on the agenda -(setq org-agenda-sorting-strategy - (quote ((agenda habit-down time-up user-defined-up effort-up category-keep) - (todo category-up effort-up) - (tags category-up effort-up) - (search category-up)))) - -;; Start the weekly agenda on Monday -(setq org-agenda-start-on-weekday 1) - -;; Enable display of the time grid so we can see the marker for the current time -;; modified like in -;; https://stackoverflow.com/questions/47778775/wrong-type-argument-when-using-org-agenda -(setq org-agenda-time-grid (quote - ((daily today remove-match) - (0900 1100 1300 1500 1700) - "......" "----------------"))) - -;; Display tags farther right -(setq org-agenda-tags-column -102) - -;; -;; Agenda sorting functions -;; -(setq org-agenda-cmp-user-defined 'bh/agenda-sort) - -(defun bh/agenda-sort (a b) - "Sorting strategy for agenda items. -Late deadlines first, then scheduled, then non-late deadlines" - (let (result num-a num-b) - (cond - ; time specific items are already sorted first by org-agenda-sorting-strategy - - ; non-deadline and non-scheduled items next - ((bh/agenda-sort-test 'bh/is-not-scheduled-or-deadline a b)) - - ; deadlines for today next - ((bh/agenda-sort-test 'bh/is-due-deadline a b)) - - ; late deadlines next - ((bh/agenda-sort-test-num 'bh/is-late-deadline '> a b)) - - ; scheduled items for today next - ((bh/agenda-sort-test 'bh/is-scheduled-today a b)) - - ; late scheduled items next - ((bh/agenda-sort-test-num 'bh/is-scheduled-late '> a b)) - - ; pending deadlines last - ((bh/agenda-sort-test-num 'bh/is-pending-deadline '< a b)) - - ; finally default to unsorted - (t (setq result nil))) - result)) - -(defmacro bh/agenda-sort-test (fn a b) - "Test for agenda sort" - `(cond - ; if both match leave them unsorted - ((and (apply ,fn (list ,a)) - (apply ,fn (list ,b))) - (setq result nil)) - ; if a matches put a first - ((apply ,fn (list ,a)) - (setq result -1)) - ; otherwise if b matches put b first - ((apply ,fn (list ,b)) - (setq result 1)) - ; if none match leave them unsorted - (t nil))) - -(defmacro bh/agenda-sort-test-num (fn compfn a b) - `(cond - ((apply ,fn (list ,a)) - (setq num-a (string-to-number (match-string 1 ,a))) - (if (apply ,fn (list ,b)) - (progn - (setq num-b (string-to-number (match-string 1 ,b))) - (setq result (if (apply ,compfn (list num-a num-b)) - -1 - 1))) - (setq result -1))) - ((apply ,fn (list ,b)) - (setq result 1)) - (t nil))) - -(defun bh/is-not-scheduled-or-deadline (date-str) - (and (not (bh/is-deadline date-str)) - (not (bh/is-scheduled date-str)))) - -(defun bh/is-due-deadline (date-str) - (string-match "Deadline:" date-str)) - -(defun bh/is-late-deadline (date-str) - (string-match "\\([0-9]*\\) d\. ago:" date-str)) - -(defun bh/is-pending-deadline (date-str) - (string-match "In \\([^-]*\\)d\.:" date-str)) - -(defun bh/is-deadline (date-str) - (or (bh/is-due-deadline date-str) - (bh/is-late-deadline date-str) - (bh/is-pending-deadline date-str))) - -(defun bh/is-scheduled (date-str) - (or (bh/is-scheduled-today date-str) - (bh/is-scheduled-late date-str))) - -(defun bh/is-scheduled-today (date-str) - (string-match "Scheduled:" date-str)) - -(defun bh/is-scheduled-late (date-str) - (string-match "Sched\.\\(.*\\)x:" date-str)) - -;; Use sticky agenda's so they persist -(setq org-agenda-sticky t) - -;; The following setting is different from the document so that you -;; can override the document path by setting your path in the variable -;; org-mode-user-contrib-lisp-path -;; -(if (boundp 'org-mode-user-contrib-lisp-path) - (add-to-list 'load-path org-mode-user-contrib-lisp-path) - (add-to-list 'load-path (expand-file-name "~/git/org-mode/contrib/lisp"))) - -(require 'org-checklist) - -(setq org-enforce-todo-dependencies t) - -(setq org-hide-leading-stars nil) - -(setq org-startup-indented t) - -(setq org-cycle-separator-lines 0) - -(setq org-blank-before-new-entry (quote ((heading) - (plain-list-item . auto)))) - -(setq org-insert-heading-respect-content nil) - -(setq org-reverse-note-order nil) - -(setq org-show-following-heading t) -(setq org-show-hierarchy-above t) -(setq org-show-siblings (quote ((default)))) - -(setq org-special-ctrl-a/e t) -(setq org-special-ctrl-k t) -(setq org-yank-adjusted-subtrees t) - -(setq org-id-method (quote uuidgen)) - -(setq org-deadline-warning-days 30) - -(setq org-table-export-default-format "orgtbl-to-csv") - -(setq org-link-frame-setup (quote ((vm . vm-visit-folder) - (gnus . org-gnus-no-new-news) - (file . find-file)))) - -; Use the current window for C-c ' source editing -(setq org-src-window-setup 'current-window) - -(setq org-log-done (quote time)) -(setq org-log-into-drawer t) -(setq org-log-state-notes-insert-after-drawers nil) - -(setq org-clock-sound "/usr/local/lib/tngchime.wav") - -; Enable habit tracking (and a bunch of other modules) -(setq org-modules (quote (org-bbdb - org-bibtex - org-crypt - org-gnus - org-id - org-info - org-jsinfo - org-habit - org-inlinetask - org-irc - org-mew - org-mhe - org-protocol - org-rmail - org-vm - org-wl - org-w3m))) - -; position the habit graph on the agenda to the right of the default -(setq org-habit-graph-column 50) - -(run-at-time "06:00" 86400 '(lambda () (setq org-habit-show-habits t))) - -(global-auto-revert-mode t) - -(require 'org-crypt) -; Encrypt all entries before saving -(org-crypt-use-before-save-magic) -(setq org-tags-exclude-from-inheritance (quote ("crypt"))) -; GPG key to use for encryption -(setq org-crypt-key "F0B66B40") - -(setq org-crypt-disable-auto-save nil) - -(setq org-use-speed-commands t) -(setq org-speed-commands-user (quote (("0" . ignore) - ("1" . ignore) - ("2" . ignore) - ("3" . ignore) - ("4" . ignore) - ("5" . ignore) - ("6" . ignore) - ("7" . ignore) - ("8" . ignore) - ("9" . ignore) - - ("a" . ignore) - ("d" . ignore) - ("h" . bh/hide-other) - ("i" progn - (forward-char 1) - (call-interactively 'org-insert-heading-respect-content)) - ("k" . org-kill-note-or-show-branches) - ("l" . ignore) - ("m" . ignore) - ("q" . bh/show-org-agenda) - ("r" . ignore) - ("s" . org-save-all-org-buffers) - ("w" . org-refile) - ("x" . ignore) - ("y" . ignore) - ("z" . org-add-note) - - ("A" . ignore) - ("B" . ignore) - ("E" . ignore) - ("F" . bh/restrict-to-file-or-follow) - ("G" . ignore) - ("H" . ignore) - ("J" . org-clock-goto) - ("K" . ignore) - ("L" . ignore) - ("M" . ignore) - ("N" . bh/narrow-to-org-subtree) - ("P" . bh/narrow-to-org-project) - ("Q" . ignore) - ("R" . ignore) - ("S" . ignore) - ("T" . bh/org-todo) - ("U" . bh/narrow-up-one-org-level) - ("V" . ignore) - ("W" . bh/widen) - ("X" . ignore) - ("Y" . ignore) - ("Z" . ignore)))) - -(defun bh/show-org-agenda () - (interactive) - (if org-agenda-sticky - (switch-to-buffer "*Org Agenda( )*") - (switch-to-buffer "*Org Agenda*")) - (delete-other-windows)) - -(require 'org-protocol) - -(setq require-final-newline t) - -(defvar bh/insert-inactive-timestamp t) - -(defun bh/toggle-insert-inactive-timestamp () - (interactive) - (setq bh/insert-inactive-timestamp (not bh/insert-inactive-timestamp)) - (message "Heading timestamps are %s" (if bh/insert-inactive-timestamp "ON" "OFF"))) - -(defun bh/insert-inactive-timestamp () - (interactive) - (org-insert-time-stamp nil t t nil nil nil)) - -(defun bh/insert-heading-inactive-timestamp () - (save-excursion - (when bh/insert-inactive-timestamp - (org-return) - (org-cycle) - (bh/insert-inactive-timestamp)))) - -(add-hook 'org-insert-heading-hook 'bh/insert-heading-inactive-timestamp 'append) - -(setq org-export-with-timestamps nil) - -(setq org-return-follows-link t) - -(custom-set-faces - ;; custom-set-faces was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - '(org-mode-line-clock ((t (:foreground "red" :box (:line-width -1 :style released-button)))) t)) - -(defun bh/prepare-meeting-notes () - "Prepare meeting notes for email - Take selected region and convert tabs to spaces, mark TODOs with leading >>>, and copy to kill ring for pasting" - (interactive) - (let (prefix) - (save-excursion - (save-restriction - (narrow-to-region (region-beginning) (region-end)) - (untabify (point-min) (point-max)) - (goto-char (point-min)) - (while (re-search-forward "^\\( *-\\\) \\(TODO\\|DONE\\): " (point-max) t) - (replace-match (concat (make-string (length (match-string 1)) ?>) " " (match-string 2) ": "))) - (goto-char (point-min)) - (kill-ring-save (point-min) (point-max)))))) - -(setq org-remove-highlights-with-change t) - -(add-to-list 'Info-default-directory-list "~/git/org-mode/doc") - -(setq org-read-date-prefer-future 'time) - -(setq org-list-demote-modify-bullet (quote (("+" . "-") - ("*" . "-") - ("1." . "-") - ("1)" . "-") - ("A)" . "-") - ("B)" . "-") - ("a)" . "-") - ("b)" . "-") - ("A." . "-") - ("B." . "-") - ("a." . "-") - ("b." . "-")))) - -(setq org-tags-match-list-sublevels t) - -(setq org-agenda-persistent-filter t) - -(setq org-link-mailto-program (quote (compose-mail "%a" "%s"))) - -(add-to-list 'load-path (expand-file-name "~/.emacs.d")) -(require 'smex) -(smex-initialize) - -(global-set-key (kbd "M-x") 'smex) -(global-set-key (kbd "C-x x") 'smex) -(global-set-key (kbd "M-X") 'smex-major-mode-commands) - -;; Bookmark handling -;; -(global-set-key (kbd "<C-f6>") '(lambda () (interactive) (bookmark-set "SAVED"))) - -(require 'org-mime) - -(setq org-agenda-skip-additional-timestamps-same-entry t) - -(setq org-table-use-standard-references (quote from)) - -(setq org-file-apps (quote ((auto-mode . emacs) - ("\\.mm\\'" . system) - ("\\.x?html?\\'" . system) - ("\\.pdf\\'" . system)))) - -; Overwrite the current window with the agenda -(setq org-agenda-window-setup 'current-window) - -(setq org-clone-delete-id t) - -(setq org-cycle-include-plain-lists t) - -(setq org-src-fontify-natively t) - -(setq org-structure-template-alist - (quote (("s" "#+begin_src ?\n\n#+end_src" "<src lang=\"?\">\n\n</src>") - ("e" "#+begin_example\n?\n#+end_example" "<example>\n?\n</example>") - ("q" "#+begin_quote\n?\n#+end_quote" "<quote>\n?\n</quote>") - ("v" "#+begin_verse\n?\n#+end_verse" "<verse>\n?\n</verse>") - ("c" "#+begin_center\n?\n#+end_center" "<center>\n?\n</center>") - ("l" "#+begin_latex\n?\n#+end_latex" "<literal style=\"latex\">\n?\n</literal>") - ("L" "#+latex: " "<literal style=\"latex\">?</literal>") - ("h" "#+begin_html\n?\n#+end_html" "<literal style=\"html\">\n?\n</literal>") - ("H" "#+html: " "<literal style=\"html\">?</literal>") - ("a" "#+begin_ascii\n?\n#+end_ascii") - ("A" "#+ascii: ") - ("i" "#+index: ?" "#+index: ?") - ("I" "#+include %file ?" "<include file=%file markup=\"?\">")))) - -(defun bh/mark-next-parent-tasks-todo () - "Visit each parent task and change NEXT states to TODO" - (let ((mystate (or (and (fboundp 'org-state) - state) - (nth 2 (org-heading-components))))) - (when mystate - (save-excursion - (while (org-up-heading-safe) - (when (member (nth 2 (org-heading-components)) (list "NEXT")) - (org-todo "TODO"))))))) - -(add-hook 'org-after-todo-state-change-hook 'bh/mark-next-parent-tasks-todo 'append) -(add-hook 'org-clock-in-hook 'bh/mark-next-parent-tasks-todo 'append) - -(setq org-startup-folded t) - -(add-hook 'message-mode-hook 'orgstruct++-mode 'append) -(add-hook 'message-mode-hook 'turn-on-auto-fill 'append) -(add-hook 'message-mode-hook 'bbdb-define-all-aliases 'append) -(add-hook 'message-mode-hook 'orgtbl-mode 'append) -; (add-hook 'message-mode-hook 'turn-on-flyspell 'append) ; aspell needs nix fix -(add-hook 'message-mode-hook - '(lambda () (setq fill-column 72)) - 'append) - -;; flyspell mode for spell checking everywhere -; (add-hook 'org-mode-hook 'turn-on-flyspell 'append) ; aspell needs nix fix - -;; Disable keys in org-mode -;; C-c [ -;; C-c ] -;; C-c ; -;; C-c C-x C-q cancelling the clock (we never want this) -(add-hook 'org-mode-hook - '(lambda () - ;; Undefine C-c [ and C-c ] since this breaks my - ;; org-agenda files when directories are include It - ;; expands the files in the directories individually - (org-defkey org-mode-map "\C-c[" 'undefined) - (org-defkey org-mode-map "\C-c]" 'undefined) - (org-defkey org-mode-map "\C-c;" 'undefined) - (org-defkey org-mode-map "\C-c\C-x\C-q" 'undefined)) - 'append) - -(add-hook 'org-mode-hook - (lambda () - (local-set-key (kbd "C-c M-o") 'bh/mail-subtree)) - 'append) - -(defun bh/mail-subtree () - (interactive) - (org-mark-subtree) - (org-mime-subtree)) - -(setq org-src-preserve-indentation nil) -(setq org-edit-src-content-indentation 0) - -(setq org-catch-invisible-edits 'error) - -(setq org-export-coding-system 'utf-8) -(prefer-coding-system 'utf-8) -(set-charset-priority 'unicode) -(setq default-process-coding-system '(utf-8-unix . utf-8-unix)) - -(setq org-time-clocksum-format - '(:hours "%d" :require-hours t :minutes ":%02d" :require-minutes t)) - -(setq org-id-link-to-org-use-id 'create-if-interactive-and-no-custom-id) - -(setq org-emphasis-alist (quote (("*" bold "<b>" "</b>") - ("/" italic "<i>" "</i>") - ("_" underline "<span style=\"text-decoration:underline;\">" "</span>") - ("=" org-code "<code>" "</code>" verbatim) - ("~" org-verbatim "<code>" "</code>" verbatim)))) - -(setq org-use-sub-superscripts nil) - -(setq org-odd-levels-only nil) - -(run-at-time "00:59" 3600 'org-save-all-org-buffers) - -;; --- ombi's extension - -;; found on https://www.reddit.com/r/emacs/comments/8yrklz/using_outlinemode_with_org_agenda/ -(add-hook - 'org-agenda-mode-hook - (lambda () - (setq-local outline-regexp "^[A-Z]") - (setq-local outline-heading-end-regexp ".$") - ;; Any prefix you'd like, though C-' is usually unoccupied. - (setq-local outline-minor-mode-prefix (kbd "C-'")) - (local-set-key "a" 'outline-toggle-children) - (outline-minor-mode +1) - (local-set-key outline-minor-mode-prefix outline-mode-prefix-map))) -''; -in - modifiedBerndHansen diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix deleted file mode 100644 index 5c35bc280..000000000 --- a/jeschli/2configs/emacs.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ config, pkgs, ... }: - -let - pkgsWithOverlay = import <nixpkgs-unstable> { - overlays = [ - (import (builtins.fetchTarball { - url = https://github.com/nix-community/emacs-overlay/archive/403c14c23be188b58c0b1bc197b428041d8a0cea.tar.gz; - })) - ]; - }; - - # The emacs packages that I use - # I differ between - # - stable (Packages that I use for some time - happy with it) - # - unstable (Packages that I use for some time - but may drop) - # - testing (Packages that I try out - the new stuff) - emacsPkgs = epkgs: - (with epkgs.melpaPackages ; - - ## windows-purpose (testing) - [ window-purpose ] ++ - - ## helm (stable) - # emacs completion engine - [ helm helm-ag ] ++ - - ## deft (testing) - # text search for a directory - [ deft ] ++ - - ## lsp mode (unstable) - # Language Server Protocol mode - # Used for rust - [ company-lsp dap-mode helm-lsp lsp-mode lsp-treemacs lsp-ui ] ++ - - ## emacs convenience (stable) - # Mixed and general purpose - [ ag company direnv evil google-this spacemacs-theme ] ++ - - ## common lisp (testing) - [ slime ] ++ - - ## magit (stable) - [ magit ] ++ - - ## bunch of programming languages (unstable) - [ go-mode haskell-mode nix-mode ] ++ - - ## rust (unstable) - [ racer rust-mode ] ++ - - ## python (stable) - # Python IDE for emacs - [ elpy ]) ++ - - ## org-mode - # Org-Mode has several extensions - # and can be seen as an application of its own. - (with epkgs.melpaPackages ; - # testing - [ org-super-agenda org-bullets org-ql ] ++ - # unstable - [ smex org-mime orgit ] - ) ++ - - # stable - (with epkgs.orgPackages ; - [ org-plus-contrib ]) ++ - - # stable - (with epkgs.elpaPackages ; - [ bbdb which-key ]); - -# ## EXWM related (unstable) -# epkgs.exwm -# epkgs.melpaPackages.desktop-environment -# epkgs.melpaPackages.helm-exwm -# ]; - - emacsWithOverlay = pkgsWithOverlay.emacsWithPackagesFromUsePackage { - config = builtins.readFile ./elisp/init.el; - # Package is optional, defaults to pkgs.emacs - package = pkgsWithOverlay.emacsGit; - # Optionally provide extra packages not in the configuration file - extraEmacsPackages = emacsPkgs; - }; - - myEmacs = pkgs.writeDashBin "my-emacs" '' - exec ${emacsWithOverlay}/bin/emacs -q "$@" - ''; - - myEmacsWithDaemon = pkgs.writeDashBin "my-emacs-daemon" '' - exec ${emacsWithOverlay}/bin/emacs -q --daemon -l ${./elisp/init.el} - ''; - - myEmacsClient = pkgs.writeDashBin "meclient" '' - exec ${emacsWithOverlay}/bin/emacsclient --create-frame "$@" - ''; -in { - environment.systemPackages = [ - myEmacs myEmacsWithDaemon myEmacsClient emacsWithOverlay - ]; - -## EXWM Config -# services.xserver = { -# enable = true; -# xkbOptions = "caps:super"; -# exportConfiguration = true; -# -# displayManager.slim.enable = true; -# windowManager.default = "exwm"; -# -# # Set up the login session -# windowManager.session = [{ -# name = "exwm"; -# start = "${emacsWithOverlay}/bin/emacs -q -l " + builtins.toString ./elisp/init.el; -# }]; -# }; -} diff --git a/jeschli/2configs/firefox.nix b/jeschli/2configs/firefox.nix deleted file mode 100644 index 1e1e16918..000000000 --- a/jeschli/2configs/firefox.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, pkgs, ... }: - -let - - wrapper = pkgs.callPackage ../5pkgs/firefox/firefox-with-config.nix { }; - myFirefox = wrapper pkgs.firefox-unwrapped { - - # these plugins are defined in 5pkgs/firefox - extraExtensions = with pkgs ; [ - dark-reader - https-everywhere - ublock-origin - audio-fingerprint-defender - canvas-fingerprint-defender - webgl-fingerprint-defender - font-fingerprint-defender - user-agent-switcher - ]; - - extraPolicies = { - CaptivePortal = false; - }; - - disablePocket = true; - disableFirefoxSync = true; - allowNonSigned = true; - clearDataOnShutdown = true; - disableDrmPlugin = true; - -}; - -in { - - -environment.variables = { - BROWSER = ["firefox"]; -}; - - -environment.systemPackages = with pkgs; [ - myFirefox -]; - -} diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix deleted file mode 100644 index faa8ccf5b..000000000 --- a/jeschli/2configs/git.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - - out = { - services.nginx.enable = true; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - enable = true; - }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = public-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - stockholm = { - cgit.desc = "Bonbon aus Git - die ganze Nacht"; - }; - krebs-page = { - cgit.desc = "Die Krebs Page"; - }; - xmonad-stockholm = { - cgit.desc = "XMonad Stockholm"; - }; - }; - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - channel = "#xxx"; - nick = config.krebs.build.host.name; - refs = [ - "refs/heads/master" - ]; - server = "irc.r"; - verbose = true; - }; - }; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = [ jeschli jeschli-brauerei jeschli-bolide]; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/jeschli/2configs/haskell.nix b/jeschli/2configs/haskell.nix deleted file mode 100644 index 46ae24fb0..000000000 --- a/jeschli/2configs/haskell.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, ... }: -let - all-hies = import (fetchTarball "https://github.com/infinisil/all-hies/tarball/master") {}; -in -{ - environment.systemPackages = with pkgs; [ - cabal2nix - gcc - ghc - haskellPackages.cabal-install - haskellPackages.ghcid - haskellPackages.hindent - haskellPackages.hlint - haskellPackages.hoogle - haskellPackages.stack - (all-hies.selection { selector = p: {inherit (p) ghc864; }; }) - ]; -} diff --git a/jeschli/2configs/home-manager/default.nix b/jeschli/2configs/home-manager/default.nix deleted file mode 100644 index ad8663d58..000000000 --- a/jeschli/2configs/home-manager/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - imports = [ - <home-manager/nixos> - ]; - home-manager.useUserPackages = true; - home-manager.users.jeschli = { - home.stateVersion = "19.03"; - }; -} diff --git a/jeschli/2configs/i3.nix b/jeschli/2configs/i3.nix deleted file mode 100644 index 1a6c4927a..000000000 --- a/jeschli/2configs/i3.nix +++ /dev/null @@ -1,247 +0,0 @@ -{pkgs, environment, config, lib, ... }: - -with pkgs; - -let - - i3_conf_file = pkgs.writeText "config" '' - - # i3 config file (v4) - # doc: https://i3wm.org/docs/userguide.html - - set $mod Mod4 - - # Font for window titles. Will also be used by the bar unless a different font - # is used in the bar {} block below. - font pango:monospace 8 - - # Use Mouse+$mod to drag floating windows to their wanted position - floating_modifier $mod - - # start a terminal - bindsym $mod+Return exec i3-sensible-terminal - - # kill focused window - bindsym $mod+Shift+q kill - - # start rofi program launcher - bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run - # Switch windows with rofi - bindsym $mod+x exec ${pkgs.rofi}/bin/rofi -modi window -show window -auto-select - - # There also is the (new) i3-dmenu-desktop which only displays applications - # shipping a .desktop file. It is a wrapper around dmenu, so you need that - # installed. - # bindsym $mod+d exec --no-startup-id i3-dmenu-desktop - - # change focus - bindsym $mod+j focus left - bindsym $mod+k focus down - bindsym $mod+l focus up - bindsym $mod+semicolon focus right - - # alternatively, you can use the cursor keys: - bindsym $mod+Left focus left - bindsym $mod+Down focus down - bindsym $mod+Up focus up - bindsym $mod+Right focus right - - # move focused window - bindsym $mod+Shift+j move left - bindsym $mod+Shift+k move down - bindsym $mod+Shift+l move up - bindsym $mod+Shift+semicolon move right - - # alternatively, you can use the cursor keys: - bindsym $mod+Shift+Left move left - bindsym $mod+Shift+Down move down - bindsym $mod+Shift+Up move up - bindsym $mod+Shift+Right move right - - # split in horizontal orientation - bindsym $mod+h split h - - # split in vertical orientation - bindsym $mod+v split v - - # enter fullscreen mode for the focused container - bindsym $mod+f fullscreen toggle - - # change container layout (stacked, tabbed, toggle split) - bindsym $mod+s layout stacking - bindsym $mod+w layout tabbed - bindsym $mod+e layout toggle split - - # toggle tiling / floating - bindsym $mod+Shift+space floating toggle - - # change focus between tiling / floating windows - bindsym $mod+space focus mode_toggle - - # focus the parent container - bindsym $mod+a focus parent - - # focus the child container - #bindsym $mod+d focus child - - # Define names for default workspaces for which we configure key bindings later on. - # We use variables to avoid repeating the names in multiple places. - set $ws1 "1" - set $ws2 "2" - set $ws3 "3: Emacs" - set $ws4 "4" - set $ws5 "5" - set $ws6 "6" - set $ws7 "7" - set $ws8 "8" - set $ws9 "9" - set $ws10 "10" - - assign [class="emacs"] $ws3 - - # switch to workspace - bindsym $mod+1 workspace $ws1 - bindsym $mod+2 workspace $ws2 - bindsym $mod+3 workspace $ws3 - bindsym $mod+4 workspace $ws4 - bindsym $mod+5 workspace $ws5 - bindsym $mod+6 workspace $ws6 - bindsym $mod+7 workspace $ws7 - bindsym $mod+8 workspace $ws8 - bindsym $mod+9 workspace $ws9 - bindsym $mod+0 workspace $ws10 - - # move focused container to workspace - bindsym $mod+Shift+1 move container to workspace $ws1 - bindsym $mod+Shift+2 move container to workspace $ws2 - bindsym $mod+Shift+3 move container to workspace $ws3 - bindsym $mod+Shift+4 move container to workspace $ws4 - bindsym $mod+Shift+5 move container to workspace $ws5 - bindsym $mod+Shift+6 move container to workspace $ws6 - bindsym $mod+Shift+7 move container to workspace $ws7 - bindsym $mod+Shift+8 move container to workspace $ws8 - bindsym $mod+Shift+9 move container to workspace $ws9 - bindsym $mod+Shift+0 move container to workspace $ws10 - - # reload the configuration file - bindsym $mod+Shift+c reload - # restart i3 inplace (preserves your layout/session, can be used to upgrade i3) - bindsym $mod+Shift+r restart - # exit i3 (logs you out of your X session) - bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'" - - # resize window (you can also use the mouse for that) - mode "resize" { - # These bindings trigger as soon as you enter the resize mode - - # Pressing left will shrink the window’s width. - # Pressing right will grow the window’s width. - # Pressing up will shrink the window’s height. - # Pressing down will grow the window’s height. - bindsym j resize shrink width 10 px or 10 ppt - bindsym k resize grow height 10 px or 10 ppt - bindsym l resize shrink height 10 px or 10 ppt - bindsym semicolon resize grow width 10 px or 10 ppt - - # same bindings, but for the arrow keys - bindsym Left resize shrink width 10 px or 10 ppt - bindsym Down resize grow height 10 px or 10 ppt - bindsym Up resize shrink height 10 px or 10 ppt - bindsym Right resize grow width 10 px or 10 ppt - - # back to normal: Enter or Escape or $mod+r - bindsym Return mode "default" - bindsym Escape mode "default" - bindsym $mod+r mode "default" - } - - bindsym $mod+r mode "resize" - - bar { - status_command i3status - position top - } - - ####################### - # # - # AUTORUNS # - # # - ####################### - # Start firefox - exec --no-startup-id ${pkgs.firefox}/bin/firefox --new-instance --setDefaultBrowser - - # Start my-emacs server - exec --no-startup-id my-emacs-daemon - ''; - -in { - - ####################### - # # - # AUTORANDR # - # # - ####################### - - # Start autorandr on display change - services.autorandr = { - enable = true; - defaultTarget = "mobile"; - }; - - # What to execute after resolution has been changed - environment.etc."xdg/autorandr/postswitch" = { - text = '' sleep 4 && i3-msg "restart" ''; - - }; - - # Start autorandr once on startup - systemd.user.services.boot-autorandr = { - description = "Autorandr service"; - partOf = [ "graphical-session.target" ]; - wantedBy = [ "graphical-session.target" ]; - serviceConfig = { - ExecStart = "${pkgs.autorandr}/bin/autorandr -c"; - Type = "oneshot"; - }; - }; - - - - ####################### - # # - # XSERVER # - # # - ####################### -services.xserver.enable = true; - - # Enable i3 Window Manager - services.xserver.windowManager.i3 = { - enable = true; - package = pkgs.i3; - configFile = i3_conf_file; - }; - - - # ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name} - # ${pkgs.xorg.xhost}/bin/xhost -LOCAL: - services.xserver.windowManager.default = "i3"; - services.xserver.desktopManager.xterm.enable = false; - - - # Enable the X11 windowing system. - services.xserver.displayManager.lightdm.enable = true; - - # Allow users in video group to change brightness - environment.systemPackages = with pkgs; [ - rofi # Dmenu replacement - acpilight # Replacement for xbacklight - brightnessctl - arandr # Xrandr gui - feh - wirelesstools # To get wireless statistics - acpi - xorg.xhost - xorg.xauth - ]; - -} diff --git a/jeschli/2configs/officevpn.nix b/jeschli/2configs/officevpn.nix deleted file mode 100644 index eb0477d51..000000000 --- a/jeschli/2configs/officevpn.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, ... }: - -{ - nixpkgs.config.packageOverrides = pkgs: { - openvpn = pkgs.openvpn.override { pkcs11Support = true; useSystemd = false;}; - }; - - environment.systemPackages = with pkgs; [ - opensc - openvpn - yubikey-manager - ]; - - services.pcscd.enable = true; - - # To start the vpn manually execute - # $ openvpn --config clien.ovpn -} - diff --git a/jeschli/2configs/os-templates/CentOS-7-64bit.nix b/jeschli/2configs/os-templates/CentOS-7-64bit.nix deleted file mode 100644 index fb34e94e2..000000000 --- a/jeschli/2configs/os-templates/CentOS-7-64bit.nix +++ /dev/null @@ -1,16 +0,0 @@ -_: - -{ - imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ]; - - boot.loader.grub = { - device = "/dev/sda"; - splashImage = null; - }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; -} diff --git a/jeschli/2configs/python.nix b/jeschli/2configs/python.nix deleted file mode 100644 index 0c32e1fc8..000000000 --- a/jeschli/2configs/python.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - python37 - python37Packages.pip - pipenv - ]; -} diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix deleted file mode 100644 index f22609655..000000000 --- a/jeschli/2configs/retiolum.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, ... }: - -{ - - krebs.tinc.retiolum = { - enable = true; - connectTo = [ - "prism" - "gum" - "ni" - "dishfire" - "enklave" - ]; - }; - - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; - - networking.firewall.allowedTCPPorts = [ 80 655 ]; - networking.firewall.allowedUDPPorts = [ 655 ]; - - environment.systemPackages = [ - pkgs.tinc - ]; -} diff --git a/jeschli/2configs/rust.nix b/jeschli/2configs/rust.nix deleted file mode 100644 index 46addb15c..000000000 --- a/jeschli/2configs/rust.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - rustup - gcc - ]; -} diff --git a/jeschli/2configs/steam.nix b/jeschli/2configs/steam.nix deleted file mode 100644 index 06a068a3f..000000000 --- a/jeschli/2configs/steam.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, pkgs, ... }: - -{ - - nixpkgs.config.steam.java = true; - environment.systemPackages = with pkgs; [ - steam - ]; - hardware.opengl.driSupport32Bit = true; - - #ports for inhome streaming -} diff --git a/jeschli/2configs/tests/dummy-secrets/empty b/jeschli/2configs/tests/dummy-secrets/empty deleted file mode 100644 index e69de29bb..000000000 --- a/jeschli/2configs/tests/dummy-secrets/empty +++ /dev/null diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix deleted file mode 100644 index 4049a47a3..000000000 --- a/jeschli/2configs/urxvt.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -{ - options.jeschliFontSize = mkOption { - type = types.int; - default = 12; - }; - config = { - services.urxvtd.enable = true; - krebs.xresources.enable = true; - krebs.xresources.resources.urxvt = '' - *foreground: rgb:a8/a8/a8 - *background: rgb:00/00/00 - *faceName: DejaVu Sans Mono - *faceSize: ${toString config.jeschliFontSize} - *color0: rgb:00/00/00 - *color1: rgb:a8/00/00 - *color2: rgb:00/a8/00 - *color3: rgb:a8/54/00 - *color4: rgb:26/8b/d2 - *color5: rgb:a8/00/a8 - *color6: rgb:00/a8/a8 - *color7: rgb:a8/a8/a8 - *color8: rgb:54/54/54 - *color9: rgb:fc/54/54 - *color10: rgb:54/fc/54 - *color11: rgb:fc/fc/54 - *color12: rgb:54/54/fc - *color13: rgb:fc/54/fc - *color14: rgb:54/fc/fc - *color15: rgb:fc/fc/fc - - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*font: xft:DejaVu Sans Mono:pixelsize=${toString config.jeschliFontSize} - URXvt*faceSize: ${toString config.jeschliFontSize} - ''; - }; -} diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix deleted file mode 100644 index 586016f60..000000000 --- a/jeschli/2configs/vim.nix +++ /dev/null @@ -1,151 +0,0 @@ -{ config, pkgs, ... }: - -with import <stockholm/lib>; -let - customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { - name = "vim-javascript"; - src = pkgs.fetchFromGitHub { - owner = "pangloss"; - repo = "vim-javascript"; - rev = "1.2.5.1"; - sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; - }; - }; - customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { - name = "vim-jsx"; - src = pkgs.fetchFromGitHub { - owner = "mxw"; - repo = "vim-jsx"; - rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; - }; - }; - customPlugins.vim-fileline = pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchFromGitHub { - owner = "bogado"; - repo = "file-line"; - rev = "1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }; -in { - environment.systemPackages = [ - (pkgs.vim_configurable.customize { - name = "vim"; - vimrcConfig.customRC = let - colorscheme = ''colorscheme molokai''; - highlightTrailingWhiteSpaces = '' - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - ''; - setStatements = '' - set autowrite - set clipboard=unnamedplus - set listchars=trail:¶ - set mouse=a - set nocompatible - set path+=** - set ruler - set undodir=$HOME/.vim/undo "directory where the undo files will be stored - set undofile "turn on the feature - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - ''; - remapStatements = '' - imap jk <Esc> - map gr :GoRun<Enter> " Map gr to execute go run - map tt :GoTest<Enter> " Map tt to execute go test - map nf :NERDTreeToggle<CR> - nnoremap <C-TAB> <c-w><c-w> - nnoremap <S-TAB> :bnext<CR> - noremap x "_x - vmap v v - ''; - settingsForGo = '' - let g:go_decls_includes = "func,type" - let g:go_def_mode = 'godef' - let g:go_fmt_command = "goimports" - let g:go_highlight_extra_types = 1 - let g:go_highlight_fields = 1 - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_types = 1 - let g:go_list_type = "quickfix" - let g:go_metalinter_autosave = 1 - let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] - let g:go_snippet_case_type = "camelcase" - let g:go_test_timeout = '10s' - let g:jsx_ext_required = 0 - let g:molokai_original = 1 - let g:rehash256 = 1 - ''; - settingsForElm = '' - let g:polyglot_disabled = ['elm'] - let g:elm_detailed_complete = 1 - let g:elm_format_autosave = 1 - let g:elm_syntastic_show_warnings = 1 - ''; - in '' - ${colorscheme} - ${highlightTrailingWhiteSpaces} - ${remapStatements} - ${setStatements} - ${settingsForElm} - ${settingsForGo} - " dont expand tabs in go files and show it with four whitespaces. - autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 - ''; - vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; - vimrcConfig.vam.pluginDictionaries = [ - { names = [ - "ctrlp" - "easymotion" - "elm-vim" - "vim-fileline" - "molokai" - "nerdtree" - "snipmate" - "surround" - "Syntastic" - "undotree" - ]; - } - { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } - { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode - { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } - { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } - ]; - }) - ]; - - # set up the directories up if they are not there. -# Needs to be changed. -# vim = let -# dirs = { -# backupdir = "$HOME/.cache/vim/backup"; -# swapdir = "$HOME/.cache/vim/swap"; -# undodir = "$HOME/.cache/vim/undo"; -# }; -# files = { -# viminfo = "$HOME/.cache/vim/info"; -# }; -# -# mkdirs = let -# dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); -# in assert out != ""; out; -# alldirs = attrValues dirs ++ map dirOf (attrValues files); -# in unique (sort lessThan alldirs); -# in -# pkgs.symlinkJoin { -# name = "vim"; -# paths = [ -# (pkgs.writeDashBin "vim" '' -# set -efu -# (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) -# exec ${pkgs.vim}/bin/vim "$@" -# '') -# pkgs.vim -# ]; -# }; - -} diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix deleted file mode 100644 index c9bb8c41f..000000000 --- a/jeschli/2configs/virtualbox.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.jeschli; - -in { - #services.virtualboxHost.enable = true; - virtualisation.virtualbox.host.enable = true; - - users.extraUsers = { - virtual = { - name = "virtual"; - description = "user for running VirtualBox"; - home = "/home/virtual"; - useDefaultShell = true; - extraGroups = [ "vboxusers" "audio" ]; - createHome = true; - }; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(virtual) NOPASSWD: ALL - ''; -} diff --git a/jeschli/2configs/xdg.nix b/jeschli/2configs/xdg.nix deleted file mode 100644 index 18bac9b38..000000000 --- a/jeschli/2configs/xdg.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ - environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; - - systemd.tmpfiles.rules = let - forUsers = flip map users; - isUser = { name, group, ... }: - name == "root" || hasSuffix "users" group; - users = filter isUser (mapAttrsToList (_: id) config.users.users); - in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -"); -} diff --git a/jeschli/2configs/xserver/Xmodmap.nix b/jeschli/2configs/xserver/Xmodmap.nix deleted file mode 100644 index d2b1b2604..000000000 --- a/jeschli/2configs/xserver/Xmodmap.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, pkgs, ... }: - -with import <stockholm/lib>; - -pkgs.writeText "Xmodmap" '' - !keycode 66 = Caps_Lock - !remove Lock = Caps_Lock - clear Lock - - ! caps lock - keycode 66 = Mode_switch - - keycode 13 = 4 dollar EuroSign cent - keycode 30 = u U udiaeresis Udiaeresis - keycode 32 = o O odiaeresis Odiaeresis - keycode 38 = a A adiaeresis Adiaeresis - keycode 39 = s S ssharp - - keycode 33 = p P Greek_pi Greek_PI - keycode 46 = l L Greek_lambda Greek_LAMBDA - - keycode 54 = c C cacute Cacute - - ! BULLET OPERATOR - keycode 17 = 8 asterisk U2219 - keycode 27 = r R r U211D -'' diff --git a/jeschli/2configs/xserver/Xresources.nix b/jeschli/2configs/xserver/Xresources.nix deleted file mode 100644 index ebe7159ff..000000000 --- a/jeschli/2configs/xserver/Xresources.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -pkgs.writeText "Xresources" /* xdefaults */ '' - Xcursor.theme: aero-large-drop - Xcursor.size: 128 - - URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}‘’" - URxvt*eightBitInput: false - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 - URxvt*scrollBar: false - URxvt*background: #050505 - URxvt*foreground: #d0d7d0 - URxvt*cursorColor: #f042b0 - URxvt*cursorColor2: #f0b000 - URxvt*cursorBlink: off - URxvt*jumpScroll: true - URxvt*allowSendEvents: false - URxvt*charClass: 33:48,37:48,45-47:48,64:48,38:48,61:48,63:48 - URxvt*cutNewline: False - URxvt*cutToBeginningOfLine: False - URxvt*font: xft:Monospace:size=12 - URxvt*font: xft:Monospace:size=12:bold - URxvt*color0: #232342 - URxvt*color3: #c07000 - URxvt*color4: #4040c0 - URxvt*color7: #c0c0c0 - URxvt*color8: #707070 - URxvt*color9: #ff6060 - URxvt*color10: #70ff70 - URxvt*color11: #ffff70 - URxvt*color12: #7070ff - URxvt*color13: #ff50ff - URxvt*color14: #70ffff - URxvt*color15: #ffffff - - URxvt*iso14755: False - - URxvt*urgentOnBell: True - URxvt*visualBell: True - - ! ref https://github.com/muennich/urxvt-perls - URxvt*perl-ext: default,url-select - URxvt*keysym.M-u: perl:url-select:select_next - URxvt*url-select.underline: true - URxvt*colorUL: #4682B4 - URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl - URxvt*saveLines: 10000 - - root-urxvt*background: #230000 - root-urxvt*foreground: #e0c0c0 - root-urxvt*BorderColor: #400000 - root-urxvt*color0: #800000 -'' diff --git a/jeschli/2configs/xserver/default.nix b/jeschli/2configs/xserver/default.nix deleted file mode 100644 index 44c35ca37..000000000 --- a/jeschli/2configs/xserver/default.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ config, pkgs, ... }@args: -with import <stockholm/lib>; -let - cfg = { - cacheDir = cfg.dataDir; - configDir = "/var/empty"; - dataDir = "/run/xdg/${cfg.user.name}/xmonad"; - user = config.krebs.users.jeschli; - }; -in { - - environment.systemPackages = [ - pkgs.font-size - pkgs.gitAndTools.qgit - pkgs.mpv - pkgs.sxiv - pkgs.xdotool - pkgs.xsel - pkgs.zathura - ]; - - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; - - # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /run/wrappers/bin - krebs.setuid.slock = { - filename = "${pkgs.slock}/bin/slock"; - group = "wheel"; - envp = { - DISPLAY = ":${toString config.services.xserver.display}"; - USER = cfg.user.name; - }; - }; - - systemd.services.display-manager.enable = false; - - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - - XMONAD_CACHE_DIR = cfg.cacheDir; - XMONAD_CONFIG_DIR = cfg.configDir; - XMONAD_DATA_DIR = cfg.dataDir; - - XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & - ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & - ${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} & - ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & - ${config.services.xserver.displayManager.sessionCommands} - if test -z "$DBUS_SESSION_BUS_ADDRESS"; then - exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" "" - fi - export DBUS_SESSION_BUS_ADDRESS - ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS - wait - ''; - - # XXX JSON is close enough :) - XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ - "dashboard" # we start here - "stockholm" - "pycharm" - "chromium" - "iRC" - "git" - "hipbird" - ]); - }; - serviceConfig = { - SyslogIdentifier = "xmonad"; - ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [ - "\${XMONAD_CACHE_DIR}" - "\${XMONAD_CONFIG_DIR}" - "\${XMONAD_DATA_DIR}" - ]}"; - ExecStart = "${pkgs.xmonad-jeschli}/bin/xmonad"; - ExecStop = "${pkgs.xmonad-jeschli}/bin/xmonad --shutdown"; - User = cfg.user.name; - WorkingDirectory = cfg.user.home; - }; - }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" - ]; - reloadIfChanged = true; - environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); - }; - serviceConfig = { - SyslogIdentifier = "xserver"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = toString [ - "${pkgs.xorg.xorgserver}/bin/X" - ":${toString config.services.xserver.display}" - "vt${toString config.services.xserver.tty}" - "-config ${import ./xserver.conf.nix args}" - "-logfile /dev/null -logverbose 0 -verbose 3" - "-nolisten tcp" - "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" - ]; - }; - }; - - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - SyslogIdentifier = "urxvtd"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = cfg.user.name; - }; - }; -} diff --git a/jeschli/2configs/xserver/xserver.conf.nix b/jeschli/2configs/xserver/xserver.conf.nix deleted file mode 100644 index 6f34e0150..000000000 --- a/jeschli/2configs/xserver/xserver.conf.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - cfg = config.services.xserver; -in - -pkgs.stdenv.mkDerivation { - name = "xserver.conf"; - - xfs = optionalString (cfg.useXFS != false) - ''FontPath "${toString cfg.useXFS}"''; - - inherit (cfg) config; - - buildCommand = - '' - echo 'Section "Files"' >> $out - echo $xfs >> $out - - for i in ${toString config.fonts.fonts}; do - if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then - for j in $(find $i -name fonts.dir); do - echo " FontPath \"$(dirname $j)\"" >> $out - done - fi - done - - for i in $(find ${toString cfg.modules} -type d); do - if test $(echo $i/*.so* | wc -w) -ne 0; then - echo " ModulePath \"$i\"" >> $out - fi - done - - echo 'EndSection' >> $out - - echo "$config" >> $out - ''; -} diff --git a/jeschli/2configs/zsh.nix b/jeschli/2configs/zsh.nix deleted file mode 100644 index 0f6775efb..000000000 --- a/jeschli/2configs/zsh.nix +++ /dev/null @@ -1,138 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - environment.systemPackages = [ pkgs.fzf ]; - programs.zsh = { - enable = true; - shellInit = '' - #disable config wizard - zsh-newuser-install() { :; } - ''; - interactiveShellInit = '' - setopt autocd extendedglob - bindkey -e - - #history magic - bindkey "[A" up-line-or-local-history - bindkey "[B" down-line-or-local-history - - up-line-or-local-history() { - zle set-local-history 1 - zle up-line-or-history - zle set-local-history 0 - } - zle -N up-line-or-local-history - down-line-or-local-history() { - zle set-local-history 1 - zle down-line-or-history - zle set-local-history 0 - } - zle -N down-line-or-local-history - - setopt share_history - setopt hist_ignore_dups - # setopt inc_append_history - bindkey '^R' history-incremental-search-backward - - #C-x C-e open line in editor - autoload -z edit-command-line - zle -N edit-command-line - bindkey "^X^E" edit-command-line - - #fzf inclusion - source ${pkgs.fzf}/share/fzf/completion.zsh - source ${pkgs.fzf}/share/fzf/key-bindings.zsh - - #completion magic - autoload -Uz compinit - compinit - zstyle ':completion:*' menu select - - #enable automatic rehashing of $PATH - zstyle ':completion:*' rehash true - - eval $(dircolors -b ${pkgs.fetchFromGitHub { - owner = "trapd00r"; - repo = "LS_COLORS"; - rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0"; - sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4"; - }}/LS_COLORS) - - #beautiful colors - alias ls='ls --color' - # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} - - #emacs bindings - bindkey "[7~" beginning-of-line - bindkey "[8~" end-of-line - bindkey "Oc" emacs-forward-word - bindkey "Od" emacs-backward-word - - #aliases - alias ll='ls -l' - alias la='ls -la' - - #fancy window title magic - ''; - promptInit = '' - # TODO: figure out why we need to set this here - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - SAVEHIST=$HISTSIZE - - autoload -U promptinit - promptinit - - p_error='%(?..%F{red}%?%f )' - t_error='%(?..%? )' - - case $UID in - 0) - p_username='%F{red}root%f' - t_username='root' - ;; - 1337) - p_username="" - t_username="" - ;; - *) - p_username='%F{blue}%n%f' - t_username='%n' - ;; - esac - - if test -n "$SSH_CLIENT"; then - p_hostname='@%F{magenta}%M%f ' - t_hostname='@%M ' - else - p_hostname="" - t_hostname="" - fi - - #check if in nix shell - if test -n "$buildInputs"; then - p_nixshell='%F{green}[s]%f ' - t_nixshell='[s] ' - else - p_nixshell="" - t_nixshell="" - fi - - PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ " - TITLE="$t_error$t_username$t_hostname$t_nixshell%~" - case $TERM in - (*xterm* | *rxvt*) - function precmd { - PROMPT_EVALED="$(print -P $TITLE)" - echo -ne "\033]0;$$ $PROMPT_EVALED\007" - } - # This is seen while the shell waits for a command to complete. - function preexec { - PROMPT_EVALED="$(print -P $TITLE)" - echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" - } - ;; - esac - ''; - }; - users.defaultUserShell = "/run/current-system/sw/bin/zsh"; -} diff --git a/jeschli/5pkgs/default.nix b/jeschli/5pkgs/default.nix deleted file mode 100644 index 3fa5b5e85..000000000 --- a/jeschli/5pkgs/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -with import <stockholm/lib>; - -self: super: - -# Import files and subdirectories like they are overlays. -foldl' mergeAttrs {} - (map - (name: import (./. + "/${name}") self super) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) diff --git a/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix deleted file mode 100644 index 05815e132..000000000 --- a/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ stdenv, fetchurl, unzip, jq, zip }: - -stdenv.mkDerivation rec { - pname = "audio-fingerprint-defender-${version}"; - version = "0.1.3"; - - extid = "@audio-fingerprint-defender"; - signed = false; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3363623/audiocontext_fingerprint_defender-${version}-an+fx.xpi"; - sha256 = "0yfk5vqwjg4g25c98psj56sw3kv8imxav3nss4hbibflgla1h5pb"; - }; - - phases = [ "buildPhase" ]; - - buildInputs = [ zip unzip jq ]; - - buildPhase = '' - mkdir -p $out/${extid} - unzip ${src} -d $out/${extid} - NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) - echo "$NEW_MANIFEST" > $out/${extid}/manifest.json - cd $out/${extid} - zip -r -FS $out/${extid}.xpi * - rm -r $out/${extid} - ''; - - meta = with stdenv.lib; { - description = "Audio context fingerprint defender firefox browser addon"; - homepage = https://mybrowseraddon.com/audiocontext-defender.html; - license = { - fullName = "Mozilla Public License Version 2.0"; - shortName = "moz2"; - spdxId = "mozilla-2.0"; - url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix deleted file mode 100644 index 21b4b3f97..000000000 --- a/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ stdenv, fetchurl, unzip, jq, zip }: - -stdenv.mkDerivation rec { - pname = "canvas-fingerprint-defender-${version}"; - version = "0.1.5"; - - extid = "@canvas-fingerprint-defender"; - signed = false; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3362272/canvas_fingerprint_defender-${version}-an+fx.xpi?src=recommended"; - sha256 = "1hg00zsrw7ij7bc222j83g2wm3ml1aj34zg5im1802cjq4qqvbld"; - }; - - phases = [ "buildPhase" ]; - - buildInputs = [ zip unzip jq ]; - - buildPhase = '' - mkdir -p $out/${extid} - unzip ${src} -d $out/${extid} - NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) - echo "$NEW_MANIFEST" > $out/${extid}/manifest.json - cd $out/${extid} - zip -r -FS $out/${extid}.xpi * - rm -r $out/${extid} - ''; - - meta = with stdenv.lib; { - description = "Canvas fingerprint defender firefox browser addon"; - homepage = https://mybrowseraddon.com/webgl-defender.html; - license = { - fullName = "Mozilla Public License Version 2.0"; - shortName = "moz2"; - spdxId = "mozilla-2.0"; - url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/dark-reader/default.nix b/jeschli/5pkgs/firefox/dark-reader/default.nix deleted file mode 100644 index 44f4f9054..000000000 --- a/jeschli/5pkgs/firefox/dark-reader/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - pname = "dark-reader-${version}"; - version = "4.8.1"; - - extid = "addon@darkreader.org"; - signed = true; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3404143/dark_reader-${version}-an+fx.xpi"; - sha256 = "0ic0i56jhmxymvy68bs5hqcjvdvw3vks5r58i2ygmpsm190rlldb"; - }; - - phases = [ "installPhase" ]; - - installPhase = '' - install -D ${src} "$out/${extid}.xpi" - ''; - - meta = with stdenv.lib; { - description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing."; - homepage = https://github.com/darkreader/darkreader; - license = licenses.mit; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/default.nix b/jeschli/5pkgs/firefox/default.nix deleted file mode 100644 index 6ba4fec83..000000000 --- a/jeschli/5pkgs/firefox/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -with import <stockholm/lib>; - -self: super: - -let - # This callPackage will try to detect obsolete overrides. - callPackage = path: args: let - override = self.callPackage path args; - upstream = optionalAttrs (override ? "name") - (super.${(parseDrvName override.name).name} or {}); - in if upstream ? "name" && - override ? "name" && - compareVersions upstream.name override.name != -1 - then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override - else override; -in - - mapNixDir (path: callPackage path {}) ./. diff --git a/jeschli/5pkgs/firefox/firefox-with-config.nix b/jeschli/5pkgs/firefox/firefox-with-config.nix deleted file mode 100644 index fc22c434e..000000000 --- a/jeschli/5pkgs/firefox/firefox-with-config.nix +++ /dev/null @@ -1,487 +0,0 @@ -{ stdenv, lib, pkgs, makeDesktopItem, makeWrapper, lndir, replace, config - -## various stuff that can be plugged in -, flashplayer, hal-flash -, MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2 -, jrePlugin, icedtea_web -, bluejeans, djview4, adobe-reader -, fribid, gnome3/*.gnome-shell*/ -, esteidfirefoxplugin ? "" -, browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow -, udev -, kerberos - -}: - -## configurability of the wrapper itself - -browser: - -let - wrapper = - { browserName ? browser.browserName or (builtins.parseDrvName browser.name).name - , name ? (browserName + "-" + (builtins.parseDrvName browser.name).version) - , desktopName ? # browserName with first letter capitalized - (lib.toUpper (lib.substring 0 1 browserName) + lib.substring 1 (-1) browserName) - , nameSuffix ? "" - , icon ? browserName - , extraPlugins ? [] - , extraPrefs ? "" - , extraExtensions ? [ ] - , allowNonSigned ? false - , disablePocket ? false - , disableTelemetry ? true - , disableDrmPlugin ? false - , showPunycodeUrls ? true - , disableFirefoxStudies ? true - , disableFirefoxSync ? false - , useSystemCertificates ? true - , dontCheckDefaultBrowser ? false - # For more information about anti tracking - # vist https://wiki.kairaven.de/open/app/firefox - , activateAntiTracking ? true - , disableFeedbackCommands ? true - , disableDNSOverHTTPS ? true - , disableGoogleSafebrowsing ? false - , clearDataOnShutdown ? false - , homepage ? "about:blank" - # For more information about policies visit - # https://github.com/mozilla/policy-templates#enterprisepoliciesenabled - , extraPolicies ? {} - , extraNativeMessagingHosts ? [] - , gdkWayland ? false - }: - - assert gdkWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used - - let - - # If extraExtensions has been set disable manual extensions - disableManualExtensions = if lib.count (x: true) extraExtensions > 0 then true else false; - - cfg = config.${browserName} or {}; - enableAdobeFlash = cfg.enableAdobeFlash or false; - ffmpegSupport = browser.ffmpegSupport or false; - gssSupport = browser.gssSupport or false; - jre = cfg.jre or false; - icedtea = cfg.icedtea or false; - supportsJDK = - stdenv.hostPlatform.system == "i686-linux" || - stdenv.hostPlatform.system == "x86_64-linux" || - stdenv.hostPlatform.system == "armv7l-linux" || - stdenv.hostPlatform.system == "aarch64-linux"; - - plugins = - assert !(jre && icedtea); - if builtins.hasAttr "enableVLC" cfg - then throw "The option \"${browserName}.enableVLC\" has been removed since Firefox no longer supports npapi plugins" - else - ([ ] - ++ lib.optional enableAdobeFlash flashplayer - ++ lib.optional (cfg.enableDjvu or false) (djview4) - ++ lib.optional (cfg.enableMPlayer or false) (MPlayerPlugin browser) - ++ lib.optional (supportsJDK && jre && jrePlugin ? mozillaPlugin) jrePlugin - ++ lib.optional icedtea icedtea_web - ++ lib.optional (cfg.enableFriBIDPlugin or false) fribid - ++ lib.optional (cfg.enableGnomeExtensions or false) gnome3.gnome-shell - ++ lib.optional (cfg.enableBluejeans or false) bluejeans - ++ lib.optional (cfg.enableAdobeReader or false) adobe-reader - ++ lib.optional (cfg.enableEsteid or false) esteidfirefoxplugin - ++ extraPlugins - ); - nativeMessagingHosts = - ([ ] - ++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass) - ++ lib.optional (cfg.enableBukubrow or false) bukubrow - ++ lib.optional (cfg.enableGnomeExtensions or false) chrome-gnome-shell - ++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator - ++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma-browser-integration - ++ extraNativeMessagingHosts - ); - libs = lib.optional stdenv.isLinux udev - ++ lib.optional ffmpegSupport ffmpeg - ++ lib.optional gssSupport kerberos - ++ lib.optionals (cfg.enableQuakeLive or false) - (with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsaLib zlib ]) - ++ lib.optional (enableAdobeFlash && (cfg.enableAdobeFlashDRM or false)) hal-flash - ++ lib.optional (config.pulseaudio or true) libpulseaudio; - gtk_modules = [ libcanberra-gtk2 ]; - - enterprisePolicies = - { - policies = { - DisableAppUpdate = true; - } // lib.optionalAttrs disableManualExtensions ( - { - ExtensionSettings = { - "*" = { - blocked_install_message = "You can't have manual extension mixed with nix extensions"; - installation_mode = "blocked"; - }; - - } // lib.foldr (e: ret: - ret // { - "${e.extid}" = { - installation_mode = "allowed"; - }; - } - ) {} extraExtensions; - } - ) // lib.optionalAttrs disablePocket ( - { - DisablePocket = true; - } - ) // lib.optionalAttrs disableTelemetry ( - { - DisableTelemetry = true; - } - ) // lib.optionalAttrs disableFirefoxStudies ( - { - DisableFirefoxStudies = true; - } - ) // lib.optionalAttrs disableFirefoxSync ( - { - DisableFirefoxAccounts = true; - } - ) // lib.optionalAttrs useSystemCertificates ( - { - # Disable useless firefox certificate store - Certificates = { - ImportEnterpriseRoots = true; - }; - } - ) // lib.optionalAttrs ( - if lib.count (x: true) extraExtensions > 0 then true else false) ( - { - # Don't try to update nix installed addons - DisableSystemAddonUpdate = true; - - # But update manually installed addons - ExtensionUpdate = false; - } - ) // lib.optionalAttrs dontCheckDefaultBrowser ( - { - DontCheckDefaultBrowser = true; - } - )// lib.optionalAttrs disableDNSOverHTTPS ( - { - DNSOverHTTPS = { - Enabled = false; - }; - } - ) // lib.optionalAttrs clearDataOnShutdown ( - { - SanitizeOnShutdown = true; - } - ) // lib.optionalAttrs disableFeedbackCommands ( - { - DisableFeedbackCommands = true; - } - ) // lib.optionalAttrs ( if homepage == "" then false else true) ( - { - Homepage = { - URL = homepage; - Locked = true; - }; - } - ) // extraPolicies ;} ; - - - extensions = builtins.map (a: - if ! (builtins.hasAttr "signed" a) || ! (builtins.isBool a.signed) then - throw "Addon ${a.pname} needs boolean attribute 'signed' " - else if ! (builtins.hasAttr "extid" a) || ! (builtins.isString a.extid) then - throw "Addon ${a.pname} needs a string attribute 'extid'" - else if a.signed == false && !allowNonSigned then - throw "Disable signature checking in firefox if you want ${a.pname} addon" - else a - ) extraExtensions; - - policiesJson = builtins.toFile "policies.json" - (builtins.toJSON enterprisePolicies); - - mozillaCfg = builtins.toFile "mozilla.cfg" '' - // First line must be a comment - - // Remove default top sites - lockPref("browser.newtabpage.pinned", ""); - lockPref("browser.newtabpage.activity-stream.default.sites", ""); - - // Deactivate first run homepage - lockPref("browser.startup.firstrunSkipsHomepage", false); - - // If true, don't show the privacy policy tab on first run - lockPref("datareporting.policy.dataSubmissionPolicyBypassNotification", true); - - ${ - if allowNonSigned == true then - ''lockPref("xpinstall.signatures.required", false)'' - else - "" - } - - ${ - if showPunycodeUrls == true then - '' - lockPref("network.IDN_show_punycode", true); - '' - else - "" - } - - ${ - if disableManualExtensions == true then - '' - lockPref("extensions.getAddons.showPane", false); - lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); - lockPref("app.update.auto", false); - '' - else - "" - } - - ${ - if disableDrmPlugin == true then - '' - lockPref("media.gmp-gmpopenh264.enabled", false); - lockPref("media.gmp-widevinecdm.enabled", false); - '' - else - "" - } - - ${ - if activateAntiTracking == true then - '' - // Tracking - lockPref("browser.send_pings", false); - lockPref("browser.send_pings.require_same_host", true); - lockPref("network.dns.disablePrefetch", true); - lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false); - lockPref("browser.search.geoip.url", ""); - lockPref("privacy.firstparty.isolate", true); - lockPref("privacy.userContext.enabled", true); - lockPref("privacy.userContext.ui.enabled", true); - lockPref("privacy.firstparty.isolate.restrict_opener_access", false); - lockPref("network.http.referer.XOriginPolicy", 1); - lockPref("network.http.referer.hideOnionSource", true); - lockPref(" privacy.spoof_english", true); - - // This option is currently not usable because of bug: - // https://bugzilla.mozilla.org/show_bug.cgi?id=1557620 - // lockPref("privacy.resistFingerprinting", true); - '' - else "" - } - ${ - if disableTelemetry == true then - '' - // Telemetry - lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); - lockPref("browser.ping-centre.telemetry", false); - lockPref("devtools.onboarding.telemetry.logged", false); - lockPref("toolkit.telemetry.archive.enabled", false); - lockPref("toolkit.telemetry.bhrPing.enabled", false); - lockPref("toolkit.telemetry.enabled", false); - lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); - lockPref("toolkit.telemetry.hybridContent.enabled", false); - lockPref("toolkit.telemetry.newProfilePing.enabled", false); - lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); - lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); - lockPref("dom.push.enabled", false); - lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); - lockPref("security.ssl.errorReporting.enabled", false); - '' - else "" - } - - ${ - if disableGoogleSafebrowsing == true then - '' - // Google data sharing - lockPref("browser.safebrowsing.blockedURIs.enabled", false); - lockPref("browser.safebrowsing.downloads.enabled", false); - lockPref("browser.safebrowsing.malware.enabled", false); - lockPref("browser.safebrowsing.passwords.enabled", false); - lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); - lockPref("browser.safebrowsing.malware.enabled", false); - lockPref("browser.safebrowsing.phishing.enabled", false); - lockPref("browser.safebrowsing.provider.mozilla.gethashURL", ""); - lockPref("browser.safebrowsing.provider.mozilla.updateURL", ""); - '' - else "" - } - - // User customization - ${extraPrefs} - ''; - in stdenv.mkDerivation { - inherit name; - - desktopItem = makeDesktopItem { - name = browserName; - exec = "${browserName}${nameSuffix} %U"; - inherit icon; - comment = ""; - desktopName = "${desktopName}${nameSuffix}${lib.optionalString gdkWayland " (Wayland)"}"; - genericName = "Web Browser"; - categories = "Application;Network;WebBrowser;"; - mimeType = stdenv.lib.concatStringsSep ";" [ - "text/html" - "text/xml" - "application/xhtml+xml" - "application/vnd.mozilla.xul+xml" - "x-scheme-handler/http" - "x-scheme-handler/https" - "x-scheme-handler/ftp" - ]; - }; - - nativeBuildInputs = [ makeWrapper lndir ]; - buildInputs = lib.optional (browser ? gtk3) browser.gtk3; - - buildCommand = lib.optionalString stdenv.isDarwin '' - mkdir -p $out/Applications - cp -R --no-preserve=mode,ownership ${browser}/Applications/${browserName}.app $out/Applications - rm -f $out${browser.execdir or "/bin"}/${browserName} - '' + '' - - # Link the runtime. The executable itself has to be copied, - # because it will resolve paths relative to its true location. - # Any symbolic links have to be replicated as well. - cd "${browser}" - find . -type d -exec mkdir -p "$out"/{} \; - - find . -type f \( -not -name "${browserName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \; - - find . -type f -name "${browserName}" -print0 | while read -d $'\0' f; do - cp -P --no-preserve=mode,ownership "${browser}/$f" "$out/$f" - chmod a+rwx "$out/$f" - done - - # fix links and absolute references - cd "${browser}" - - find . -type l -print0 | while read -d $'\0' l; do - target="$(readlink "$l" | ${replace}/bin/replace-literal -es -- "${browser}" "$out")" - ln -sfT "$target" "$out/$l" - done - - # This will not patch binaries, only "text" files. - # Its there for the wrapper mostly. - cd "$out" - ${replace}/bin/replace-literal -esfR -- "${browser}" "$out" - - # create the wrapper - - executablePrefix="$out${browser.execdir or "/bin"}" - executablePath="$executablePrefix/${browserName}" - - if [ ! -x "$executablePath" ] - then - echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'" - exit 1 - fi - - if [ ! -L "$executablePath" ] - then - # Careful here, the file at executablePath may already be - # a wrapper. That is why we postfix it with -old instead - # of -wrapped. - oldExe="$executablePrefix"/".${browserName}"-old - mv "$executablePath" "$oldExe" - else - oldExe="$(readlink -v --canonicalize-existing "$executablePath")" - fi - - - makeWrapper "$oldExe" "$out${browser.execdir or "/bin"}/${browserName}${nameSuffix}" \ - --suffix-each MOZ_PLUGIN_PATH ':' "$plugins" \ - --suffix LD_LIBRARY_PATH ':' "$libs" \ - --suffix-each GTK_PATH ':' "$gtk_modules" \ - --suffix-each LD_PRELOAD ':' "$(cat $(filterExisting $(addSuffix /extra-ld-preload $plugins)))" \ - --prefix-contents PATH ':' "$(filterExisting $(addSuffix /extra-bin-path $plugins))" \ - --suffix PATH ':' "$out${browser.execdir or "/bin"}" \ - --set MOZ_APP_LAUNCHER "${browserName}${nameSuffix}" \ - --set MOZ_SYSTEM_DIR "$out/lib/mozilla" \ - ${lib.optionalString gdkWayland '' - --set GDK_BACKEND "wayland" \ - ''}${lib.optionalString (browser ? gtk3) - ''--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ - --suffix XDG_DATA_DIRS : '${gnome3.adwaita-icon-theme}/share' - '' - } - - if [ -e "${browser}/share/icons" ]; then - mkdir -p "$out/share" - ln -s "${browser}/share/icons" "$out/share/icons" - else - for res in 16 32 48 64 128; do - mkdir -p "$out/share/icons/hicolor/''${res}x''${res}/apps" - icon=( "${browser}/lib/"*"/browser/chrome/icons/default/default''${res}.png" ) - if [ -e "$icon" ]; then ln -s "$icon" \ - "$out/share/icons/hicolor/''${res}x''${res}/apps/${browserName}.png" - fi - done - fi - - install -D -t $out/share/applications $desktopItem/share/applications/* - - mkdir -p $out/lib/mozilla - for ext in ${toString nativeMessagingHosts}; do - lndir -silent $ext/lib/mozilla $out/lib/mozilla - done - - # For manpages, in case the program supplies them - mkdir -p $out/nix-support - echo ${browser} > $out/nix-support/propagated-user-env-packages - - # user customization - mkdir -p $out/lib/firefox - - # creating policies.json - mkdir -p "$out/lib/firefox/distribution" - - cat > "$out/lib/firefox/distribution/policies.json" < ${policiesJson} - - # preparing for autoconfig - mkdir -p "$out/lib/firefox/defaults/pref" - - cat > "$out/lib/firefox/defaults/pref/autoconfig.js" <<EOF - pref("general.config.filename", "mozilla.cfg"); - pref("general.config.obscure_value", 0); - EOF - - cat > "$out/lib/firefox/mozilla.cfg" < ${mozillaCfg} - - mkdir -p $out/lib/firefox/distribution/extensions - - for i in ${toString extensions}; do - ln -s -t $out/lib/firefox/distribution/extensions $i/* - done - ''; - - preferLocalBuild = true; - - # Let each plugin tell us (through its `mozillaPlugin') attribute - # where to find the plugin in its tree. - plugins = map (x: x + x.mozillaPlugin) plugins; - libs = lib.makeLibraryPath libs + ":" + lib.makeSearchPathOutput "lib" "lib64" libs; - gtk_modules = map (x: x + x.gtkModule) gtk_modules; - - passthru = { unwrapped = browser; }; - - disallowedRequisites = [ stdenv.cc ]; - - meta = browser.meta // { - description = - browser.meta.description - + " (with plugins: " - + lib.concatStrings (lib.intersperse ", " (map (x: x.name) plugins)) - + ")"; - hydraPlatforms = []; - priority = (browser.meta.priority or 0) - 1; # prefer wrapper over the package - }; - }; -in - lib.makeOverridable wrapper diff --git a/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix deleted file mode 100644 index 26751beef..000000000 --- a/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ stdenv, fetchurl, unzip, jq, zip }: - -stdenv.mkDerivation rec { - pname = "font-fingerprint-defender-${version}"; - version = "0.1.0"; - - extid = "@font-fingerprint-defender"; - signed = false; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3387637/font_fingerprint_defender-${version}-an+fx.xpi"; - sha256 = "1aidkvisnx6qd7hn2x756rvzmbnaz6laqbwq0j5yd86g1kc56dr0"; - }; - - phases = [ "buildPhase" ]; - - buildInputs = [ zip unzip jq ]; - - buildPhase = '' - mkdir -p $out/${extid} - unzip ${src} -d $out/${extid} - NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) - echo "$NEW_MANIFEST" > $out/${extid}/manifest.json - cd $out/${extid} - zip -r -FS $out/${extid}.xpi * - rm -r $out/${extid} - ''; - - meta = with stdenv.lib; { - description = "Font fingerprint defender firefox browser addon"; - homepage = https://mybrowseraddon.com/font-defender.html; - license = { - fullName = "Mozilla Public License Version 2.0"; - shortName = "moz2"; - spdxId = "mozilla-2.0"; - url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/hopper/default.nix b/jeschli/5pkgs/firefox/hopper/default.nix deleted file mode 100644 index 569fc6aaf..000000000 --- a/jeschli/5pkgs/firefox/hopper/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ stdenv, fetchurl, pkgs, makeWrapper, lib }: - -stdenv.mkDerivation rec { - name = "${pname}-${version}"; - pname = "hopper"; - version = "4.5.16"; - rev = "v${lib.versions.major version}"; - - src = fetchurl { - url = "https://d2ap6ypl1xbe4k.cloudfront.net/Hopper-${rev}-${version}-Linux.pkg.tar.xz"; - sha256 = "0gjnn7f6ibfx46k4bbj8ra7k04s0mrpq7316brgzks6x5yd1m584"; - }; - - sourceRoot = "."; - - ldLibraryPath = with pkgs; stdenv.lib.makeLibraryPath [ -libbsd.out libffi.out gmpxx.out python27Full.out python27Packages.libxml2.out qt5.qtbase zlib xlibs.libX11.out xorg_sys_opengl.out xlibs.libXrender.out gcc-unwrapped.lib - ]; - - nativeBuildInputs = [ makeWrapper ]; - - installPhase = '' - mkdir -p $out/bin - mkdir -p $out/lib - mkdir -p $out/share - cp $sourceRoot/opt/hopper-${rev}/bin/Hopper $out/bin/hopper - cp -r $sourceRoot/opt/hopper-${rev}/lib $out - cp -r $sourceRoot/usr/share $out/share - patchelf \ - --set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \ - $out/bin/hopper - # Details: https://nixos.wiki/wiki/Qt - wrapProgram $out/bin/hopper \ - --suffix LD_LIBRARY_PATH : ${ldLibraryPath} \ - --suffix QT_PLUGIN_PATH : ${pkgs.qt5.qtbase}/lib/qt-${pkgs.qt5.qtbase.qtCompatVersion}/plugins - ''; - - meta = { - homepage = "https://www.hopperapp.com/index.html"; - description = "A macOS and Linux Disassembler"; - license = stdenv.lib.licenses.unfree; - maintainers = [ stdenv.lib.maintainers.luis ]; - platforms = stdenv.lib.platforms.linux; - }; -} diff --git a/jeschli/5pkgs/firefox/https-everywhere/default.nix b/jeschli/5pkgs/firefox/https-everywhere/default.nix deleted file mode 100644 index 66fede43c..000000000 --- a/jeschli/5pkgs/firefox/https-everywhere/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - pname = "https-everywhere-${version}"; - version = "2019.6.27"; - - extid = "https-everywhere@eff.org"; - signed = true; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3060290/https_everywhere-${version}-an+fx.xpi"; - sha256 = "0743lhn9phn7n6c0886h9ddn1n8vhzbl0vrw177zs43995aj3frp"; - }; - - phases = [ "installPhase" ]; - - installPhase = '' - install -D ${src} "$out/${extid}.xpi" - - ''; - - meta = { - description = "Https everywhere browser addon"; - homepage = https://www.eff.org/https-everywhere; - license = stdenv.lib.licenses.gpl2Plus; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/pyocclient/default.nix b/jeschli/5pkgs/firefox/pyocclient/default.nix deleted file mode 100644 index cd91f6171..000000000 --- a/jeschli/5pkgs/firefox/pyocclient/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, python37Packages }: - -python37Packages.buildPythonPackage rec { - pname = "pyocclient"; - version = "0.4"; - - src = python37Packages.fetchPypi { - inherit pname version; - sha256 = "19k3slrk2idixsdw61in9a3jxglvkigkn5kvwl37lj8hrwr4yq6q"; - }; - - doCheck = false; - - propagatedBuildInputs = with python37Packages; [ - requests - six - ]; - - meta = with lib; { - homepage = https://github.com/owncloud/pyocclient/; - description = "Nextcloud / Owncloud library for python"; - license = licenses.mit; - maintainers = with maintainers; [ ]; - }; - -} diff --git a/jeschli/5pkgs/firefox/rmount/default.nix b/jeschli/5pkgs/firefox/rmount/default.nix deleted file mode 100644 index 22631f420..000000000 --- a/jeschli/5pkgs/firefox/rmount/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ stdenv, fetchgit, makeWrapper, lib, pkgs ? import <nixpkgs> {} }: -with pkgs; - -stdenv.mkDerivation rec { - name = "rmount-${version}"; - version = "1.0.1"; - rev = "v${version}"; - - src = fetchgit { - rev = "9df124780d2e66f01c70afaecf92090669c5ffb6"; - url = "https://github.com/Luis-Hebendanz/rmount"; - sha256 = "0ydb6sspfnfa3y6gg1r8sk4r58il6636lpqwb2rw7dzmb4b8hpd2"; - }; - - buildInputs = [ stdenv makeWrapper ]; - - installPhase = '' - mkdir -p $out/bin - mkdir -p $out/share/man/man1 - cp ${src}/rmount.man $out/share/man/man1/rmount.1 - cp ${src}/rmount.bash $out/bin/rmount-noenv - cp ${src}/config.json $out/share/config.json - chmod +x $out/bin/rmount-noenv - - makeWrapper $out/bin/rmount-noenv $out/bin/rmount \ - --prefix PATH : ${lib.makeBinPath [ nmap jq cifs-utils sshfs ]} - ''; - - meta = { - homepage = "https://github.com/Luis-Hebendanz/rmount"; - description = "Remote mount utility which parses a json file"; - license = stdenv.lib.licenses.mit; - }; -} diff --git a/jeschli/5pkgs/firefox/ublock-origin/default.nix b/jeschli/5pkgs/firefox/ublock-origin/default.nix deleted file mode 100644 index 002fa3efc..000000000 --- a/jeschli/5pkgs/firefox/ublock-origin/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - pname = "ublock-origin-${version}"; - version = "1.21.2"; - - extid = "uBlock0@raymondhill.net"; - signed = true; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3361355/ublock_origin-${version}-an+fx.xpi"; - sha256 = "0ypdq3z61mrymknl37qlq6379bx9f2fsgbgr0czbhqs9f2vwszkc"; - }; - - phases = [ "installPhase" ]; - - installPhase = '' - install -D ${src} "$out/${extid}.xpi" - ''; - - meta = with stdenv.lib; { - description = "ublock origin firefox browser addon"; - homepage = https://github.com/gorhill/uBlock; - license = licenses.gpl3; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/user-agent-switcher/default.nix b/jeschli/5pkgs/firefox/user-agent-switcher/default.nix deleted file mode 100644 index c96f11129..000000000 --- a/jeschli/5pkgs/firefox/user-agent-switcher/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ stdenv, fetchurl, unzip, jq, zip }: - -stdenv.mkDerivation rec { - pname = "user-agent-switcher-${version}"; - version = "0.3.2"; - - extid = "@user-agent-switcher"; - signed = false; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3370255/user_agent_switcher_and_manager-${version}-an+fx.xpi"; - sha256 = "0lrw1xf6fsxr47bifkayfxpysv8s2p9ghmbmw2s7ymhrgy42i6v5"; - }; - - phases = [ "buildPhase" ]; - - buildInputs = [ zip unzip jq ]; - - buildPhase = '' - mkdir -p $out/${extid} - unzip ${src} -d $out/${extid} - NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) - echo "$NEW_MANIFEST" > $out/${extid}/manifest.json - cd $out/${extid} - zip -r -FS $out/${extid}.xpi * - rm -r $out/${extid} - ''; - - meta = with stdenv.lib; { - description = "User agent switcher"; - homepage = https://add0n.com/useragent-switcher.html; - license = { - fullName = "Mozilla Public License Version 2.0"; - shortName = "moz2"; - spdxId = "mozilla-2.0"; - url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix deleted file mode 100644 index 4e608d182..000000000 --- a/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ stdenv, fetchurl, unzip, jq, zip }: - -stdenv.mkDerivation rec { - pname = "webgl-fingerprint-defender-${version}"; - version = "0.1.2"; - - extid = "@webgl-fingerprint-defender"; - signed = false; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3362869/webgl_fingerprint_defender-${version}-an+fx.xpi"; - sha256 = "06hfr5hxr4qw0jx6i9fi9gdk5211z08brnvqj2jlmpyc3dwl4pif"; - }; - - phases = [ "buildPhase" ]; - - buildInputs = [ zip unzip jq ]; - - buildPhase = '' - mkdir -p $out/${extid} - unzip ${src} -d $out/${extid} - NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) - echo "$NEW_MANIFEST" > $out/${extid}/manifest.json - cd $out/${extid} - zip -r -FS $out/${extid}.xpi * - rm -r $out/${extid} - ''; - - meta = with stdenv.lib; { - description = "Canvas defender firefox browser addon"; - homepage = https://mybrowseraddon.com/webgl-defender.html; - license = { - fullName = "Mozilla Public License Version 2.0"; - shortName = "moz2"; - spdxId = "mozilla-2.0"; - url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/wl-clipboard/default.nix b/jeschli/5pkgs/firefox/wl-clipboard/default.nix deleted file mode 100644 index 349d910da..000000000 --- a/jeschli/5pkgs/firefox/wl-clipboard/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig -, wayland, wayland-protocols }: - -stdenv.mkDerivation rec { - pname = "wl-clipboard"; - version = "2.0.0"; - - src = fetchFromGitHub { - owner = "bugaevc"; - repo = "wl-clipboard"; - rev = "v${version}"; - sha256 = "0c4w87ipsw09aii34szj9p0xfy0m00wyjpll0gb0aqmwa60p0c5d"; - }; - - nativeBuildInputs = [ meson ninja pkgconfig wayland-protocols ]; - buildInputs = [ wayland ]; - - meta = with stdenv.lib; { - description = "Command-line copy/paste utilities for Wayland"; - homepage = https://github.com/bugaevc/wl-clipboard; - license = licenses.gpl3; - maintainers = with maintainers; [ dywedir ]; - platforms = platforms.linux; - }; -} diff --git a/jeschli/5pkgs/simple/default.nix b/jeschli/5pkgs/simple/default.nix deleted file mode 100644 index 6ba4fec83..000000000 --- a/jeschli/5pkgs/simple/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -with import <stockholm/lib>; - -self: super: - -let - # This callPackage will try to detect obsolete overrides. - callPackage = path: args: let - override = self.callPackage path args; - upstream = optionalAttrs (override ? "name") - (super.${(parseDrvName override.name).name} or {}); - in if upstream ? "name" && - override ? "name" && - compareVersions upstream.name override.name != -1 - then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override - else override; -in - - mapNixDir (path: callPackage path {}) ./. diff --git a/jeschli/default.nix b/jeschli/default.nix deleted file mode 100644 index b57932719..000000000 --- a/jeschli/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ../krebs - ./2configs - ]; - - nixpkgs.config.packageOverrides = import ./5pkgs pkgs; -} diff --git a/jeschli/krops.nix b/jeschli/krops.nix deleted file mode 100644 index 242f1f7bb..000000000 --- a/jeschli/krops.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ name }: let - inherit (import ../krebs/krops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - (krebs-source { test = test; }) - { - nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; - nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs"; - ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; - }; - secrets = if test then { - file = toString ./2configs/tests/dummy-secrets; - } else { - file = "${lib.getEnv "HOME"}/secrets/${name}"; - }; - } - { - home-manager.git = { - url = https://github.com/rycee/home-manager; - ref = "2ccbf43"; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - inherit target; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) - test = { target }: pkgs.krops.writeTest "${name}-test" { - force = true; - inherit target; - source = source { test = true; }; - }; -} diff --git a/kartei/default.nix b/kartei/default.nix index 1b11f0fd5..6024e2351 100644 --- a/kartei/default.nix +++ b/kartei/default.nix @@ -1,15 +1,18 @@ -{ config, lib, ... }: { - config = lib.mkMerge (map (path: { krebs = import path { inherit config; }; }) [ - ./dbalan - ./jeschli - ./kmein - ./krebs - ./lass - ./makefu - ./mic92 - ./others - ./palo - ./rtunreal - ./tv - ]); +{ config, lib, ... }: let + removeTemplate = + # TODO don't remove during CI + lib.flip builtins.removeAttrs ["template"]; +in { + config = + lib.mkMerge + (lib.mapAttrsToList + (name: _type: let + path = ./. + "/${name}"; + in { + krebs = import path { inherit config; }; + }) + (removeTemplate + (lib.filterAttrs + (_name: type: type == "directory") + (builtins.readDir ./.)))); } diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix index 6da73ff83..7419ba13f 100644 --- a/kartei/krebs/default.nix +++ b/kartei/krebs/default.nix @@ -15,7 +15,6 @@ with import ../../lib; "test-all-krebs-modules" ] (name: { inherit name; - cores = 1; nets = { retiolum = { ip4.addr = "10.243.73.57"; @@ -36,7 +35,6 @@ in { hosts = mapAttrs hostDefaults ({ filebitch = { ci = true; - cores = 4; nets = { shack = { ip4 = { @@ -134,7 +132,6 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo "; }; onebutton = { - cores = 1; nets = { retiolum = { ip4.addr = "10.243.0.101"; @@ -163,14 +160,21 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe "; }; ponte = { - cores = 1; owner = config.krebs.users.krebs; + extraZones = { + "krebsco.de" = /* bindzone */ '' + krebsco.de. 60 IN A ${config.krebs.hosts.ponte.nets.internet.ip4.addr} + ''; + }; nets = rec { internet = { - ip4 = { + ip4 = rec { addr = "141.147.36.79"; - prefix = "0.0.0.0/0"; + prefix = "${addr}/32"; }; + aliases = [ + "ponte.i" + ]; }; retiolum = { via = internet; @@ -204,7 +208,6 @@ in { }; puyak = { ci = true; - cores = 4; nets = { retiolum = { ip4.addr = "10.243.77.2"; diff --git a/kartei/lass/blue.nix b/kartei/lass/blue.nix new file mode 100644 index 000000000..ddec9553d --- /dev/null +++ b/kartei/lass/blue.nix @@ -0,0 +1,40 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.77"; + ip6.addr = r6 "b1ce"; + aliases = [ + "blue.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd + QwyX4PvVm9WItPmmNy+RE2y0Mf04LxZ7RLm5+e0wPuhXXQyhZ06CNd6tjeaKfXUc + sNeC1Vjuh1hsyYJLR5Xf/YRNJQKoaHjbkXGt+rSK7PPuCcsUPOSZSEAgHYVvcFzM + wWE4kTDcBZeISB4+yLmPIZXhnDImRRMEurFNRiocoMmEIu/zyYVq8rnlTl972Agu + PMGo1HqVxCouEWstRvtX5tJmV8yruRbH4tADAruLXErLLwUAx/AYDNRjY1TYYetJ + RoaxejmZVVIvR+hWaDLkHZO89+to6wS5IVChs1anFxMNN6Chq2v8Bb2Nyy1oG/H/ + HzXxj1Rn7CN9es5Wl0UX4h9Zg+hfspoI75lQ509GLusYOyFwgmFF02eMpxgHBiWm + khSJzPkFdYJKUKaZI0nQEGGsFJOe/Se5jj70x3Q5XEuUoQqyahAqwQIYh6uwhbuP + 49RBPHpE+ry6smhUPLTitrRsqeBU4RZRNsUAYyCbwyAH1i+K3Q5PSovgPtlHVr2N + w+VZCzsrtOY2fxXw0e+mncrx/Qga62s4m6a/dyukA5RytA9f6bBsvSTqr7/EQTs6 + ZEBoPudk7ULNEbfjmJtBkeG7wKIlpgzVg/JaCAwMuSgVjrpIHrZmjOVvmOwB8W6J + Ch/o7chVljAwW4JmyRnhZbMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "vf3JzuLpEkjcwZtuJ/0M9Zjfp5ChKXvkORMXsZ4nJKL"; + }; + }; + wiregrill = { + ip6.addr = w6 "b1ce"; + aliases = [ + "blue.w" + ]; + wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U="; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; + syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD"; +} diff --git a/kartei/lass/coaxmetal.nix b/kartei/lass/coaxmetal.nix new file mode 100644 index 000000000..d32f279fe --- /dev/null +++ b/kartei/lass/coaxmetal.nix @@ -0,0 +1,42 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.17"; + ip6.addr = r6 "17"; + aliases = [ + "coaxmetal.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA + xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK + gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU + WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek + ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32 + G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F + G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO + IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX + K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE + 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly + bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo + l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "bEGgA5Wupw+Dgh6Ub7V21Y3wOmyspW1rKGrZsVhi3cO"; + }; + }; + wiregrill = { + ip6.addr = w6 "17"; + aliases = [ + "coaxmetal.w" + ]; + wireguard.pubkey = '' + lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET "; + syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ"; +} diff --git a/kartei/lass/daedalus.nix b/kartei/lass/daedalus.nix new file mode 100644 index 000000000..891cbd293 --- /dev/null +++ b/kartei/lass/daedalus.nix @@ -0,0 +1,33 @@ +{ r6, w6, ... }: +{ + nets = rec { + retiolum = { + ip4.addr = "10.243.133.115"; + ip6.addr = r6 "daed"; + aliases = [ + "daedalus.r" + ]; + tinc = { + pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8 + 5hz7go+l3Z7IhTc/HbpGFJ5QJJNFSuSpLfZVyi+cKAUVheTivIniHFIRw37JbJ4+ + qWTlVe3uvOiZ0cA9S6LrbzqAUTLbH0JlWj36mvGIPICDr9YSEkIUKbenxjJlIpX8 + ECEBm8RU1aq3PUo/cVjmpqircynVJBbRCXZiHoxyLXNmh23d0fCPCabEYWhJhgaR + arkYRls5A14HGMI52F3ehnhED3k0mU8/lb4OzYgk34FjuZGmyRWIfrEKnqL4Uu2w + 3pmEvswG1WYG/3+YE80C5OpCE4BUKAzYSwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + pubkey_ed25519 = "ybmNcRLtZ0NxlxIRE3bdc2G4lLXtTGXu+iRaXMTKCNG"; + }; + }; + wiregrill = { + ip6.addr = w6 "daed"; + aliases = [ + "daedalus.w" + ]; + wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI="; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g"; +} diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix index 0c314e9ec..de776fca0 100644 --- a/kartei/lass/default.nix +++ b/kartei/lass/default.nix @@ -3,6 +3,12 @@ with import ../../lib; r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; + hostFiles = + builtins.map (lib.removeSuffix ".nix") ( + builtins.filter + (x: lib.hasSuffix ".nix" x && x != "default.nix") + (lib.attrNames (builtins.readDir ./.)) + ); in { dns.providers = { @@ -13,894 +19,10 @@ in { consul = true; ci = true; monitoring = true; - }) { - dishfire = { - cores = 4; - nets = rec { - internet = { - ip4 = rec { - addr = "157.90.232.92"; - prefix = "${addr}/32"; - }; - aliases = [ - "dishfire.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.133.99"; - ip6.addr = r6 "d15f:1233"; - aliases = [ - "dishfire.r" - "grafana.lass.r" - "prometheus.lass.r" - "alert.lass.r" - ]; - tinc = { - pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs - Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 - uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK - R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd - vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U - HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - pubkey_ed25519 = "P+bhzhgTNdohWdec//t/e+8cI7zUOsS+Kq/AOtineAO"; - }; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; - }; - prism = rec { - cores = 4; - extraZones = { - "krebsco.de" = '' - cache IN A ${nets.internet.ip4.addr} - p IN A ${nets.internet.ip4.addr} - c IN A ${nets.internet.ip4.addr} - paste IN A ${nets.internet.ip4.addr} - prism IN A ${nets.internet.ip4.addr} - ''; - "lassul.us" = '' - $TTL 3600 - @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300) - 60 IN NS ns16.ovh.net. - 60 IN NS dns16.ovh.net. - 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} - IN MX 5 mail.lassul.us. - 60 IN TXT v=spf1 mx a:lassul.us -all - 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) - default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" - cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - io 60 IN NS ions.lassul.us. - ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - confusion 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - ''; - }; - nets = rec { - internet = { - ip4 = { - addr = "95.216.1.150"; - prefix = "0.0.0.0/0"; - }; - ip6 = { - addr = "2a01:4f9:2a:1e9::1"; - prefix = "2a01:4f9:2a:1e9::/64"; - }; - aliases = [ - "prism.i" - "paste.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.0.103"; - ip6.addr = r6 "1"; - aliases = [ - "prism.r" - "cache.prism.r" - "cgit.prism.r" - "bota.r" - "flix.r" - "jelly.r" - "paste.r" - "c.r" - "p.r" - "search.r" - "radio-news.r" - ]; - tinc = { - pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje - fxrKn67JbDb0cTAiDkI88alHBd8xeq2I6+CY90NT6PNVfsQBFx2v5YXafELXJWlo - rBvPFrR7nt1VzmG/hzkY8RwgC8hC6jRn7cvWWPCkvm2ZnNtYqAjiYMcUcWv6Vn9Z - ytPgkebDF9KpD8bL4vQu9iPZGNZpwncCw/Ix66oyTM6e24j/fTYgp7xn28wVUzUB - wWDH0uMQOxyBGFutEvAQ48XZ+QQxZv+2ZGqWJ+MeXreUPNP5wTxFCQOrkR1EXNio - /jgdHXtU5wVvqPwziukwwnfGJYUUHw7mjdo6ps5rch/aDxs0lahNc2TMbhr3rqgA - BkXVfwDTt8W/PB6Z0Y/djXOlUmQKO39OgZuhsYzqM4Uj17up7CDY77SiQYrV901C - 9CR5oFsAvV+WIMFUBc7ZZGPotJ9nZ2yyLQh+fT3sXuqFpGlyaI2SAm2edZUXKWQ5 - Q6AIyQRPkTNRCDuvXxIMdmOE++tBnyCI/Psn/Qet5gFcSsUMPhto8Yaka4SgJfyu - 3iIojFUzskowLWt6dBOGm5brI/OaKz0gyw5K3Hb4T7Jz+EwoeJfhbdZYA6NIY+qH - TGGl+47ffT+8e+1hvcAnO+bN5Br8WPN3+VD4FQD5yTb6pCFdZuL3QEyoKc9eugDb - g/+rFOsI8bfVeH5zZrl6B6XJBLGeKEECf3zwE2JObO3IuwxATSkahx1jAEy+hFyZ - kPwooGj03tkgVGc2AxgdHbfmNUbSVkO+m+ouBojikSrnFNKRTS/wZ69RVg3tl4qg - 7F4Vs/aMQ9bSWycvRBZQXITPQ1Y6mCEUj2mSKVHmgy/5rqwz2va/Yc1zhUptcINo - 7ztGiEzFMPGagkTs/Ntuqh2VbC/MwTao0BKl+gyCNwrACnNW87X4og2gtG3ukduz - cnSupO84hdTrclthsSEH/rLUauBsuIch58S/F7KCz9hwK45+Btky7Kz4mf/pE451 - k88QfDHw/cTSzlESPnEnthrRnhxn0fW7FRwJpieKm2AmyEEjSiiYt8mUdD3teKj0 - dgYrcGQkCnhmKDawgcw46wstBG/sAKT8qnZPRmlzKpcCS186ffuobQvj42LSmuMu - ToANi5pw2yEfzwLxNG/3whozB9rqwbqV/YAR/mthMxD0IXpLDKXlV1IeD7MfpV8i - jx6SghnkX/s2F7UTOlwJYe/Gl1biLRB8EPnOZKadHR0BRWFd+Qz6pJDp0B13jT3/ - AEPNGXLwVjmdhy2TVec3OGL/CukPEdiW1Urw5lfOc9dacTXjTNTXzod7Ub6s7ZOE - T7Y4dsVeW4OM7NmE/riqS3cG9obGWO7gIQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - pubkey_ed25519 = "XbBBPg+dtZM1LRN46VAujVKIC6VSo6nFoHo/1unbggO"; - }; - }; - wiregrill = { - via = internet; - ip4.addr = "10.244.1.103"; - ip6.addr = w6 "1"; - aliases = [ - "prism.w" - ]; - wireguard = { - pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; - subnets = [ - (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR - (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR - "10.244.1.0/24" - ]; - }; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; - syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU"; - }; - mors = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.0.2"; - ip6.addr = r6 "dea7"; - aliases = [ - "mors.r" - ]; - tinc = { - pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE - H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R - +P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+ - 1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa - 9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU - O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - pubkey_ed25519 = "kuh0cP/HjGOQ+NafR3zjmqp+RAnA59F4CgtzENj9/MM"; - }; - }; - wiregrill = { - ip6.addr = w6 "dea7"; - aliases = [ - "mors.w" - ]; - wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za3J3SQ="; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; - syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH"; - }; - shodan = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.0.4"; - ip6.addr = r6 "50da"; - aliases = [ - "shodan.r" - ]; - tinc = { - pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT - YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7 - ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF - 7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4 - xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ - V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - pubkey_ed25519 = "Ptc5VuYkRd5+zHibZwNe3DEgGHHvAk0Ul00dW1YXsrC"; - }; - }; - wiregrill = { - ip6.addr = w6 "50da"; - ip4.addr = "10.244.1.4"; - aliases = [ - "shodan.w" - ]; - wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30="; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C"; - syncthing.id = "AU5RTWC-HXNMDRT-TN4ZHXY-JMQ6EQB-4ZPOZL7-AICZMCZ-LNS2XXQ-DGTI2Q6"; - }; - icarus = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.133.114"; - ip6.addr = r6 "1205"; - aliases = [ - "icarus.r" - ]; - tinc = { - pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr - Q4CeN+pi2SZHEOiRm3jO8sOkGlv4I1WGs/nOu5Beb4/8wFH6wbm4cqXTqH/qFwCK - 7+9Bke8TUaoDj9E4ol9eyOx6u8Cto3ZRAUi6m1ilrfs1szFGS5ZX7mxI73uhki6t - k6Zb5sa9G8WLcLPIN7tk3Nd0kofd/smwxSN0mXoTgbAf1DZ3Fnkgox/M5VnwpPW7 - zLzbWNFyLIgDGbQ5vZBlJW7c4O0KrMlftvEQ80GeZXaKNt6UK7LSAQ4Njn+8sXTt - gl0Dx29bSPU3L8udj0Vu6ul7CiQ5bZzUCQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - pubkey_ed25519 = "vUc/ynOlNqB7a+sr0BmfdRv0dATtGZTjsU2qL2yGInK"; - }; - }; - wiregrill = { - ip6.addr = w6 "1205"; - aliases = [ - "icarus.w" - ]; - wireguard.pubkey = "mVe3YdlWOlVF5+YD5vgNha3s03dv6elmNVsARtPLXQQ="; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj"; - syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4"; - }; - daedalus = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.133.115"; - ip6.addr = r6 "daed"; - aliases = [ - "daedalus.r" - ]; - tinc = { - pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8 - 5hz7go+l3Z7IhTc/HbpGFJ5QJJNFSuSpLfZVyi+cKAUVheTivIniHFIRw37JbJ4+ - qWTlVe3uvOiZ0cA9S6LrbzqAUTLbH0JlWj36mvGIPICDr9YSEkIUKbenxjJlIpX8 - ECEBm8RU1aq3PUo/cVjmpqircynVJBbRCXZiHoxyLXNmh23d0fCPCabEYWhJhgaR - arkYRls5A14HGMI52F3ehnhED3k0mU8/lb4OzYgk34FjuZGmyRWIfrEKnqL4Uu2w - 3pmEvswG1WYG/3+YE80C5OpCE4BUKAzYSwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - pubkey_ed25519 = "ybmNcRLtZ0NxlxIRE3bdc2G4lLXtTGXu+iRaXMTKCNG"; - }; - }; - wiregrill = { - ip6.addr = w6 "daed"; - aliases = [ - "daedalus.w" - ]; - wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI="; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g"; - }; - skynet = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.133.116"; - ip6.addr = r6 "5ce7"; - aliases = [ - "skynet.r" - ]; - tinc = { - pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX - Ic457utOSGxTE+90yXXez2DD9llJMMyd+O06lHJ7CxtbJGBNr3jwoUZVCdBuuo5B - p9XfhXU9l9fUsbc1+a/cDjPBhQv8Uqmc6tOX+52H1aqZsa4W50c9Dv5vjsHgxCB0 - yiUd2MrKptCQTdmMM9Mf0XWKPPOuwpHpxaomlrpUz07LisFVGGHCflOvj5PAy8Da - NC+AfNgR/76yfuYWcv4NPo9acjD9AIftS2c0tD3szyHBCGaYK/atKzIoBbFbOtMb - mwG3B0X3UdphkqGDGsvT+66Kcv2jnKwL0wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - pubkey_ed25519 = "9s7eB16k7eAtHyneffTCmYR7s3mRpJqpVVjSPGaVKKN"; - }; - }; - wiregrill = { - ip6.addr = w6 "5ce7"; - aliases = [ - "skynet.w" - ]; - wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU="; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; - syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3"; - }; - littleT = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.133.77"; - ip6.addr = r6 "771e"; - aliases = [ - "littleT.r" - ]; - tinc = { - pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF - /m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY - 1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO - ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G - sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR - M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/ - Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT - +cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY - xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c - aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm - 7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v - k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B - idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ - y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D - SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i - mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH - PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB - ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5 - Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS - 8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt - NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW - 5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - pubkey_ed25519 = "rDnc4Ha+M6fyN5JU4lkV9NKfMBtIHOcG4/AUB9KodiP"; - }; - }; - wiregrill = { - ip6.addr = w6 "771e"; - aliases = [ - "littleT.w" - ]; - wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg="; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; - syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD"; - }; - xerxes = { - cores = 2; - consul = false; - nets = rec { - retiolum = { - ip4.addr = "10.243.1.3"; - ip6.addr = r6 "3"; - aliases = [ - "xerxes.r" - ]; - tinc = { - pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U - MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk - gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W - /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb - mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO - X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj - +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim - hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9 - 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4 - H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5 - JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4 - hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe - SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo - 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe - vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3 - Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO - scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv - jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ - Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u - /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0 - bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ - sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - pubkey_ed25519 = "PRtxFg/zw8dmwEGEM+u28N5GWuGNiHSNlaieplVSqQK"; - }; - }; - wiregrill = { - ip6.addr = w6 "3"; - aliases = [ - "xerxes.w" - ]; - wireguard.pubkey = "UTm8B8YUVvBGqwwxAUMVFsVQFQGQ6jbcXAavZ8LxYT8="; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; - syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM"; - }; - yellow = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.14"; - ip6.addr = r6 "3110"; - aliases = [ - "yellow.r" - ]; - tinc = { - pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP - MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY - b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU - Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd - OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP - vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6 - C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp - Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU - 52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg - zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p - DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ - Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ== - -----END PUBLIC KEY----- - ''; - pubkey_ed25519 = "qZBhDSW6ir1/w6lOngg2feCZj9W9AfifEMlKXcOb5QE"; - }; - }; - wiregrill = { - ip6.addr = w6 "3110"; - aliases = [ - "yellow.w" - ]; - wireguard.pubkey = "YeWbR3mW+nOVBE7bcNSzF5fjj9ppd8OGHBJqERAUVxU="; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje "; - }; - blue = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.77"; - ip6.addr = r6 "b1ce"; - aliases = [ - "blue.r" - ]; - tinc = { - pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd - QwyX4PvVm9WItPmmNy+RE2y0Mf04LxZ7RLm5+e0wPuhXXQyhZ06CNd6tjeaKfXUc - sNeC1Vjuh1hsyYJLR5Xf/YRNJQKoaHjbkXGt+rSK7PPuCcsUPOSZSEAgHYVvcFzM - wWE4kTDcBZeISB4+yLmPIZXhnDImRRMEurFNRiocoMmEIu/zyYVq8rnlTl972Agu - PMGo1HqVxCouEWstRvtX5tJmV8yruRbH4tADAruLXErLLwUAx/AYDNRjY1TYYetJ - RoaxejmZVVIvR+hWaDLkHZO89+to6wS5IVChs1anFxMNN6Chq2v8Bb2Nyy1oG/H/ - HzXxj1Rn7CN9es5Wl0UX4h9Zg+hfspoI75lQ509GLusYOyFwgmFF02eMpxgHBiWm - khSJzPkFdYJKUKaZI0nQEGGsFJOe/Se5jj70x3Q5XEuUoQqyahAqwQIYh6uwhbuP - 49RBPHpE+ry6smhUPLTitrRsqeBU4RZRNsUAYyCbwyAH1i+K3Q5PSovgPtlHVr2N - w+VZCzsrtOY2fxXw0e+mncrx/Qga62s4m6a/dyukA5RytA9f6bBsvSTqr7/EQTs6 - ZEBoPudk7ULNEbfjmJtBkeG7wKIlpgzVg/JaCAwMuSgVjrpIHrZmjOVvmOwB8W6J - Ch/o7chVljAwW4JmyRnhZbMCAwEAAQ== - -----END PUBLIC KEY----- - ''; - pubkey_ed25519 = "vf3JzuLpEkjcwZtuJ/0M9Zjfp5ChKXvkORMXsZ4nJKL"; - }; - }; - wiregrill = { - ip6.addr = w6 "b1ce"; - aliases = [ - "blue.w" - ]; - wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U="; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; - syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD"; - }; - - green = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.66"; - ip6.addr = r6 "12ee"; - aliases = [ - "green.r" - ]; - tinc = { - pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk - uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx - ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477 - n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI - hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6 - m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6 - BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1 - pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy - 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk - UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA - udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT - 3MVh92sFyMVYkJcL7SISk80CAwEAAQ== - -----END PUBLIC KEY----- - ''; - pubkey_ed25519 = "WfH8ULtWklOFK6htphdSSL46vHn6TkJIhsvK9fK+4+C"; - }; - }; - wiregrill = { - ip6.addr = w6 "12ee"; - aliases = [ - "green.w" - ]; - wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk="; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 "; - syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; - }; - - massulus = { - cores = 1; - ci = false; - nets = { - retiolum = { - ip4.addr = "10.243.0.113"; - ip6.addr = r6 "113"; - aliases = [ - "massulus.r" - ]; - tinc = { - pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt - ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN - ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K - zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3 - F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e - v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd - kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF - LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW - EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb - KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl - oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00 - yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ== - -----END PUBLIC KEY----- - ''; - pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM"; - port = 1655; - }; - }; - wiregrill = { - ip6.addr = w6 "113"; - aliases = [ - "massulus.w" - ]; - wireguard.pubkey = '' - 4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ= - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 "; - }; - - phone = { - consul = false; - nets = { - wiregrill = { - ip4.addr = "10.244.1.13"; - ip6.addr = w6 "a"; - aliases = [ - "phone.w" - ]; - wireguard.pubkey = "FY4PB8E/RC2JvtLgq/IDyMmZ9Ln6pz6eGyoytmUFMgk="; - }; - }; - external = true; - ci = false; - syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; - }; - tablet = { - consul = false; - nets = { - wiregrill = { - ip4.addr = "10.244.1.14"; - ip6.addr = w6 "b"; - aliases = [ - "tablet.w" - ]; - wireguard.pubkey = "eIafsxYEFCqmWNFon6ZsYXeDrK4X1UJ9KD0zmNZjgEI="; - }; - }; - external = true; - ci = false; - }; - hilum = { - consul = false; - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.20.123"; - ip6.addr = r6 "005b"; - aliases = [ - "hilum.r" - ]; - tinc = { - pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb - pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi - V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c - SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh - 4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE - saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz - vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY - 8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ - wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3 - RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh - Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl - 87b8jfJNXlKFW+EBxBxN2uECAwEAAQ== - -----END PUBLIC KEY----- - ''; - pubkey_ed25519 = "9D50r3DmftSe2L++jPktQRbcCrE4sEazMewgbQbodRH"; - }; - }; - wiregrill = { - ip6.addr = w6 "005b"; - aliases = [ - "hilum.w" - ]; - wireguard.pubkey = '' - 0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw= - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w"; - syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC"; - }; - styx = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.11.1"; - ip6.addr = r6 "111"; - aliases = [ - "styx.r" - ]; - tinc = { - pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn - ETYrLu/TJjq5iSQx/JbbonJriMS3X/0+m8JREzeol67svQDuZEXTEg5EfEldxrrU - aZpNmTSmFbj2NLLCIfNBL/oLOvg9ElzhN+f+4jvakfEKi7Y7LekV25VVGrHbOEVE - 3G6XWfHx5qO5Vd6kqNWQKD3LG38aZ/Lx9XYDMbujYxPGCtOsabtAz8BKo/RgOZzi - 6A/54RFhdecJm0VoQk3iKpp2YqyCN6dLfJVLil4cREs4sW6nDyF4Y4l3dtZdfskq - m/MoZt6fwOjNIKuI9DGdU4/X1hQelnemstzxY5x1XwG52cz+ww0h7pMF2aggsHqn - Vmaq3b0fXrbn066Ybkbhz3UEIU9zKQGYaANGCnXxbvkd5lWbIN60GEXGE3zYJSAt - EH3FLDTGa27fTNgAnbdnSV40KWKN4FM0iY/xrt3aOXfneTP9S2fqzTVEL9vd04C/ - 7RWvRjvZ7mlAi+kVKSHkOibFVjeo+Z4Pvw5YxCAavrjXCiWj8zP8o3MNWcq/bMao - Uk9zBMXymm8zX43w5LNnhf59oitBjiY/mzZ3NDI9N3szMvJsaUEnhO4Kq1CWtMs2 - 6/TpEyRSmen1UmNwgKKFx3rELuctwMmNbOLL8cGLotEBhIk7vnZKD7NvLVX7xtOF - wzhy2N6a3ypB4XqM7dBzzAUCAwEAAQ== - -----END PUBLIC KEY----- - ''; - pubkey_ed25519 = "yVT5nQstw+o5P0ZoBK81G7sL6nQEBwg42wyBn6ogZgK"; - }; - }; - wiregrill = { - ip6.addr = w6 "111"; - aliases = [ - "styx.w" - ]; - wireguard.pubkey = '' - 0BZfd8f0pZMRfyoHrdYZY0cR5zfFvJcS8gQLn6xGuFs= - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU "; - syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN"; - }; - - coaxmetal = { - cores = 16; - nets = { - retiolum = { - ip4.addr = "10.243.0.17"; - ip6.addr = r6 "17"; - aliases = [ - "coaxmetal.r" - ]; - tinc = { - pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA - xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK - gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU - WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek - ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32 - G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F - G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO - IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX - K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE - 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly - bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo - l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ== - -----END PUBLIC KEY----- - ''; - pubkey_ed25519 = "bEGgA5Wupw+Dgh6Ub7V21Y3wOmyspW1rKGrZsVhi3cO"; - }; - }; - wiregrill = { - ip6.addr = w6 "17"; - aliases = [ - "coaxmetal.w" - ]; - wireguard.pubkey = '' - lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38= - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET "; - syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ"; - }; - - echelon = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.3"; - ip6.addr = r6 "4"; - aliases = [ - "echelon.r" - ]; - tinc = { - pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxTpl0YvJWiF9cAYeAdp - 1gG18vrSeYDpmVCsZmxi2qyeWNM4JGSVPYoagyKHSDGH60xvktRh/1Zat+1hHR0A - MAjDIENn9hAICQ8lafnm2v3+xzLNoTMJTYG3eba2MlJpAH0rYP0E5xBhQj9DCSAe - UpEZWAwCKDCOmg/9h0gvs3kh0HopwjOE1IEzApgg05Yuhna96IATVdBAC7uF768V - rJZNkQRvhetGxB459C58uMdcRK3degU6HMpZIXjJk6bqkzKBMm7C3lsAfaWulfez - gavFSHC15NbHkz+fcVZNZReJhfTHP7k05xo5vYpDhszdUSjc3MtWBmk5v9zdS1pO - c+20a1eurr1EPoYBqjQL0tLBwuQc2tN5XqJKVY5LGAnojAI6ktPKPLR6qZHC4Kna - dgJ/S1BzHVxniYh3/rEzhXioneZ6oZgO+65WtsS42WAvh/53U/Q3chgI074Jssze - ev09+zU8Xj0vX/7KpRKy5Vln6RGkQbKAIt7TZL5cJALswQDzcCO4WTv1X5KoG3+D - KfTMfl9HzFsv59uHKlUqUguN5e8CLdmjgU1v2WvHBCw1PArIE8ZC0Tu2bMi5i9Vq - GHxVn9O4Et5yPocyQtE4zOfGfqwR/yNa//Zs1b6DxQ73tq7rbBQaAzq7lxW6Ndbr - 43jjLL40ONdFxX7qW/DhT9MCAwEAAQ== - -----END PUBLIC KEY----- - ''; - pubkey_ed25519 = "LgJ7+/sq7t+Ym/DjJrWesIpUw1Lw7bxPi0XFHtsVWLB"; - }; - }; - wiregrill = { - ip6.addr = w6 "3"; - aliases = [ - "echelon.w" - ]; - wireguard.pubkey = '' - SLdk0lph2rSFU+3dyrWDU1CT/oU+HPcOVYeGVIgDpEc= - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; - syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ"; - }; - - lasspi = { - consul = false; - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.1.89"; - ip6.addr = r6 "189"; - aliases = [ - "lasspi.r" - ]; - tinc = { - pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3zUXIiw8/9okrGaxlAR1 - JvoXNxAzLj5wwE2B0A+9ppev7Vl52HJarNoM6+0RN4aZDGMhDWg8J5ZQSdGUNm5F - CIdxE1TwLXxzW5nd7BIb+MVsjtw0pxId7Gxq6Wgtx1QljUdsp8OVrJActqsmXYMl - oYEWdENHRONYTCyhs+Kd18MERyxQCqOXOnD170iaFuCcHiIa2nSOtlk+aIPNIE/P - Qsp7Q0RCRvqd5LszsI7bp3gZL9mgGquQEW+3ZxSaIYHGTdK/zI4PHYpEa7IvdJFS - BJjJj+PbilnSxy7iL826O8ckxBqA0rNS0EynCKCI0DoVimCeklk20vLagDyXiDyC - VW2774j1rF35eIowPTBVJNfquEptNDl9MLV3MC2P8gnCZp5x+7dEwpqsvecBQ7Z8 - +Ry9JZ/zlWi5qT86SrwKKqJqRhWHjZZSRzWdo4ypaNOy0cKHb2DcVfgn38Kf16xs - QM11XLCRE8VLIVl5UFgrF6q/0f8JP1BG8RO90NDsLwIW/EwKiJ9OGFtayvxkmgHP - zgmzgws8cn50762OPkp4OVzVexN77d9N8GU9QXAlsFyn2FJlO26DvFON4fHIf0bP - 6lqI1Up2jAy0eSl2txlxxKbKRlkIaebHulhxIxQ1djA+xPb/5cfasom9Qqwf6/Lc - 287nChBcbY+HlshTe0lZdrkCAwEAAQ== - -----END PUBLIC KEY----- - ''; - pubkey_ed25519 = "vSCHU+/BkoCo6lL5OmikALKBWgkRY8JRo4q8ZZRd5EG"; - }; - }; - wiregrill = { - ip6.addr = w6 "189"; - aliases = [ - "lasspi.w" - ]; - wireguard.pubkey = '' - IIBAiG7jZEliQJJsNUQswLsB5FQFkAfq5IwyHAp71Vw= - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjYOaTQE9OvvIaWWjO+3/uSy7rvnhnJA48rWYeB2DfB"; - }; - - domsen-pixel = { - consul = false; - nets = { - wiregrill = { - ip4.addr = "10.244.1.17"; - ip6.addr = w6 "d0"; - aliases = [ - "domsen-pixel.w" - ]; - wireguard.pubkey = "cGuBSB1DftIsanbxrSG/i4FiC+TmQrs+Z0uE6SPscHY="; - }; - }; - external = true; - ci = false; - }; - - }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + }) ( + lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") { inherit config krebs lib r6 w6; }) + ); users = rec { lass = lass-yubikey; lass-yubikey = { @@ -916,6 +38,10 @@ in { mail = "lass@green.r"; pubkey = builtins.readFile ./ssh/green.ed25519; }; + lass-red = { + mail = "lass@red.r"; + pubkey = builtins.readFile ./ssh/red.ed25519; + }; lass-mors = { mail = "lass@mors.r"; pubkey = builtins.readFile ./ssh/mors.rsa; diff --git a/kartei/lass/dishfire.nix b/kartei/lass/dishfire.nix new file mode 100644 index 000000000..548320584 --- /dev/null +++ b/kartei/lass/dishfire.nix @@ -0,0 +1,40 @@ +{ r6, w6, ... }: +{ + nets = rec { + internet = { + ip4 = rec { + addr = "157.90.232.92"; + prefix = "${addr}/32"; + }; + aliases = [ + "dishfire.i" + ]; + ssh.port = 45621; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.133.99"; + ip6.addr = r6 "d15f:1233"; + aliases = [ + "dishfire.r" + "grafana.lass.r" + "prometheus.lass.r" + "alert.lass.r" + ]; + tinc = { + pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs + Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 + uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK + R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd + vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U + HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + pubkey_ed25519 = "P+bhzhgTNdohWdec//t/e+8cI7zUOsS+Kq/AOtineAO"; + }; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; +} diff --git a/kartei/lass/domsen-pixel.nix b/kartei/lass/domsen-pixel.nix new file mode 100644 index 000000000..66785f8bd --- /dev/null +++ b/kartei/lass/domsen-pixel.nix @@ -0,0 +1,16 @@ +{ r6, w6, ... }: +{ + consul = false; + nets = { + wiregrill = { + ip4.addr = "10.244.1.17"; + ip6.addr = w6 "d0"; + aliases = [ + "domsen-pixel.w" + ]; + wireguard.pubkey = "cGuBSB1DftIsanbxrSG/i4FiC+TmQrs+Z0uE6SPscHY="; + }; + }; + external = true; + ci = false; +} diff --git a/kartei/lass/echelon.nix b/kartei/lass/echelon.nix new file mode 100644 index 000000000..d66033ba4 --- /dev/null +++ b/kartei/lass/echelon.nix @@ -0,0 +1,42 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.3"; + ip6.addr = r6 "4"; + aliases = [ + "echelon.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxTpl0YvJWiF9cAYeAdp + 1gG18vrSeYDpmVCsZmxi2qyeWNM4JGSVPYoagyKHSDGH60xvktRh/1Zat+1hHR0A + MAjDIENn9hAICQ8lafnm2v3+xzLNoTMJTYG3eba2MlJpAH0rYP0E5xBhQj9DCSAe + UpEZWAwCKDCOmg/9h0gvs3kh0HopwjOE1IEzApgg05Yuhna96IATVdBAC7uF768V + rJZNkQRvhetGxB459C58uMdcRK3degU6HMpZIXjJk6bqkzKBMm7C3lsAfaWulfez + gavFSHC15NbHkz+fcVZNZReJhfTHP7k05xo5vYpDhszdUSjc3MtWBmk5v9zdS1pO + c+20a1eurr1EPoYBqjQL0tLBwuQc2tN5XqJKVY5LGAnojAI6ktPKPLR6qZHC4Kna + dgJ/S1BzHVxniYh3/rEzhXioneZ6oZgO+65WtsS42WAvh/53U/Q3chgI074Jssze + ev09+zU8Xj0vX/7KpRKy5Vln6RGkQbKAIt7TZL5cJALswQDzcCO4WTv1X5KoG3+D + KfTMfl9HzFsv59uHKlUqUguN5e8CLdmjgU1v2WvHBCw1PArIE8ZC0Tu2bMi5i9Vq + GHxVn9O4Et5yPocyQtE4zOfGfqwR/yNa//Zs1b6DxQ73tq7rbBQaAzq7lxW6Ndbr + 43jjLL40ONdFxX7qW/DhT9MCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "LgJ7+/sq7t+Ym/DjJrWesIpUw1Lw7bxPi0XFHtsVWLB"; + }; + }; + wiregrill = { + ip6.addr = w6 "3"; + aliases = [ + "echelon.w" + ]; + wireguard.pubkey = '' + SLdk0lph2rSFU+3dyrWDU1CT/oU+HPcOVYeGVIgDpEc= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; + syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ"; +} diff --git a/kartei/lass/green.nix b/kartei/lass/green.nix new file mode 100644 index 000000000..1c5d0aead --- /dev/null +++ b/kartei/lass/green.nix @@ -0,0 +1,40 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.66"; + ip6.addr = r6 "12ee"; + aliases = [ + "green.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk + uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx + ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477 + n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI + hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6 + m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6 + BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1 + pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy + 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk + UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA + udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT + 3MVh92sFyMVYkJcL7SISk80CAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "WfH8ULtWklOFK6htphdSSL46vHn6TkJIhsvK9fK+4+C"; + }; + }; + wiregrill = { + ip6.addr = w6 "12ee"; + aliases = [ + "green.w" + ]; + wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk="; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 "; + syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; +} diff --git a/kartei/lass/hilum.nix b/kartei/lass/hilum.nix new file mode 100644 index 000000000..27fd0620a --- /dev/null +++ b/kartei/lass/hilum.nix @@ -0,0 +1,43 @@ +{ r6, w6, ... }: +{ + consul = false; + nets = { + retiolum = { + ip4.addr = "10.243.20.123"; + ip6.addr = r6 "005b"; + aliases = [ + "hilum.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb + pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi + V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c + SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh + 4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE + saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz + vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY + 8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ + wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3 + RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh + Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl + 87b8jfJNXlKFW+EBxBxN2uECAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "9D50r3DmftSe2L++jPktQRbcCrE4sEazMewgbQbodRH"; + }; + }; + wiregrill = { + ip6.addr = w6 "005b"; + aliases = [ + "hilum.w" + ]; + wireguard.pubkey = '' + 0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w"; + syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC"; +} diff --git a/kartei/lass/icarus.nix b/kartei/lass/icarus.nix new file mode 100644 index 000000000..c19d4e15c --- /dev/null +++ b/kartei/lass/icarus.nix @@ -0,0 +1,35 @@ +{ r6, w6, ... }: +{ + nets = rec { + retiolum = { + ip4.addr = "10.243.133.114"; + ip6.addr = r6 "1205"; + aliases = [ + "icarus.r" + ]; + tinc = { + pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr + Q4CeN+pi2SZHEOiRm3jO8sOkGlv4I1WGs/nOu5Beb4/8wFH6wbm4cqXTqH/qFwCK + 7+9Bke8TUaoDj9E4ol9eyOx6u8Cto3ZRAUi6m1ilrfs1szFGS5ZX7mxI73uhki6t + k6Zb5sa9G8WLcLPIN7tk3Nd0kofd/smwxSN0mXoTgbAf1DZ3Fnkgox/M5VnwpPW7 + zLzbWNFyLIgDGbQ5vZBlJW7c4O0KrMlftvEQ80GeZXaKNt6UK7LSAQ4Njn+8sXTt + gl0Dx29bSPU3L8udj0Vu6ul7CiQ5bZzUCQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + pubkey_ed25519 = "vUc/ynOlNqB7a+sr0BmfdRv0dATtGZTjsU2qL2yGInK"; + }; + }; + wiregrill = { + ip6.addr = w6 "1205"; + aliases = [ + "icarus.w" + ]; + wireguard.pubkey = "mVe3YdlWOlVF5+YD5vgNha3s03dv6elmNVsARtPLXQQ="; + }; + }; + secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj"; + syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4"; +} diff --git a/kartei/lass/lasspi.nix b/kartei/lass/lasspi.nix new file mode 100644 index 000000000..aab44bc5e --- /dev/null +++ b/kartei/lass/lasspi.nix @@ -0,0 +1,42 @@ +{ r6, w6, ... }: +{ + consul = false; + nets = { + retiolum = { + ip4.addr = "10.243.1.89"; + ip6.addr = r6 "189"; + aliases = [ + "lasspi.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3zUXIiw8/9okrGaxlAR1 + JvoXNxAzLj5wwE2B0A+9ppev7Vl52HJarNoM6+0RN4aZDGMhDWg8J5ZQSdGUNm5F + CIdxE1TwLXxzW5nd7BIb+MVsjtw0pxId7Gxq6Wgtx1QljUdsp8OVrJActqsmXYMl + oYEWdENHRONYTCyhs+Kd18MERyxQCqOXOnD170iaFuCcHiIa2nSOtlk+aIPNIE/P + Qsp7Q0RCRvqd5LszsI7bp3gZL9mgGquQEW+3ZxSaIYHGTdK/zI4PHYpEa7IvdJFS + BJjJj+PbilnSxy7iL826O8ckxBqA0rNS0EynCKCI0DoVimCeklk20vLagDyXiDyC + VW2774j1rF35eIowPTBVJNfquEptNDl9MLV3MC2P8gnCZp5x+7dEwpqsvecBQ7Z8 + +Ry9JZ/zlWi5qT86SrwKKqJqRhWHjZZSRzWdo4ypaNOy0cKHb2DcVfgn38Kf16xs + QM11XLCRE8VLIVl5UFgrF6q/0f8JP1BG8RO90NDsLwIW/EwKiJ9OGFtayvxkmgHP + zgmzgws8cn50762OPkp4OVzVexN77d9N8GU9QXAlsFyn2FJlO26DvFON4fHIf0bP + 6lqI1Up2jAy0eSl2txlxxKbKRlkIaebHulhxIxQ1djA+xPb/5cfasom9Qqwf6/Lc + 287nChBcbY+HlshTe0lZdrkCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "vSCHU+/BkoCo6lL5OmikALKBWgkRY8JRo4q8ZZRd5EG"; + }; + }; + wiregrill = { + ip6.addr = w6 "189"; + aliases = [ + "lasspi.w" + ]; + wireguard.pubkey = '' + IIBAiG7jZEliQJJsNUQswLsB5FQFkAfq5IwyHAp71Vw= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjYOaTQE9OvvIaWWjO+3/uSy7rvnhnJA48rWYeB2DfB"; +} diff --git a/kartei/lass/littleT.nix b/kartei/lass/littleT.nix new file mode 100644 index 000000000..297d2dc62 --- /dev/null +++ b/kartei/lass/littleT.nix @@ -0,0 +1,51 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.133.77"; + ip6.addr = r6 "771e"; + aliases = [ + "littleT.r" + ]; + tinc = { + pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF + /m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY + 1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO + ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G + sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR + M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/ + Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT + +cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY + xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c + aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm + 7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v + k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B + idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ + y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D + SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i + mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH + PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB + ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5 + Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS + 8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt + NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW + 5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + pubkey_ed25519 = "rDnc4Ha+M6fyN5JU4lkV9NKfMBtIHOcG4/AUB9KodiP"; + }; + }; + wiregrill = { + ip6.addr = w6 "771e"; + aliases = [ + "littleT.w" + ]; + wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg="; + }; + }; + secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; + syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD"; +} diff --git a/kartei/lass/massulus.nix b/kartei/lass/massulus.nix new file mode 100644 index 000000000..6876e02b9 --- /dev/null +++ b/kartei/lass/massulus.nix @@ -0,0 +1,44 @@ +{ r6, w6, ... }: +{ + ci = false; + nets = { + retiolum = { + ip4.addr = "10.243.0.113"; + ip6.addr = r6 "113"; + aliases = [ + "massulus.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt + ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN + ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K + zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3 + F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e + v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd + kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF + LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW + EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb + KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl + oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00 + yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM"; + port = 1655; + }; + }; + wiregrill = { + ip6.addr = w6 "113"; + aliases = [ + "massulus.w" + ]; + wireguard.pubkey = '' + 4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 "; + syncthing.id = "R2EGJ5S-PQMETUP-C2UGXQG-A6VP7TB-NGSN3MV-C7OGSWT-SZ34L3X-H6IF6AQ"; +} diff --git a/kartei/lass/mors.nix b/kartei/lass/mors.nix new file mode 100644 index 000000000..c483fe5a3 --- /dev/null +++ b/kartei/lass/mors.nix @@ -0,0 +1,35 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.2"; + ip6.addr = r6 "dea7"; + aliases = [ + "mors.r" + ]; + tinc = { + pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE + H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R + +P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+ + 1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa + 9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU + O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + pubkey_ed25519 = "kuh0cP/HjGOQ+NafR3zjmqp+RAnA59F4CgtzENj9/MM"; + }; + }; + wiregrill = { + ip6.addr = w6 "dea7"; + aliases = [ + "mors.w" + ]; + wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za3J3SQ="; + }; + }; + secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; + syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH"; +} diff --git a/kartei/lass/neoprism.nix b/kartei/lass/neoprism.nix new file mode 100644 index 000000000..74b8aca3c --- /dev/null +++ b/kartei/lass/neoprism.nix @@ -0,0 +1,38 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.99"; + ip6.addr = r6 "99"; + aliases = [ + "neoprism.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwQiPQT9XQkeAIMohNhIVH1Er73LS36JQu/bokNSAlgRjiHfmWVQw + hpmI0hO5ewI/HSxVH8MqITTjj8fp5+TOY5rxb3qj9SKGmoDpENw7g7BJsrpydu8+ + hdvC4btCibAeTeaNqubPMoJLnwuh7NJ9ucYAcRU24FI6qR/Q973a3rzWYBfPd4w9 + +Lq3ltFE4m6eLiL4ruQGR9Fc4HOJshJlUDUovGIC/98Fu468OuCaka4fR/IXD13O + khc5LfAzm2PLuD25YZRjw27Pv3txYOWzb9ZfI8BS+7WUg1nKPDVZErvj97OouqVH + binDgKLdLsamJgi+BrZs9uoxmXK9b459B3J6z4/d8dXTAW/cczqsODzsJnvw8IEE + u45Pm3sY49vmnNsVhDEIPad3ZDitgeWW6UVBR+EJHp+r1TZ8eLaeUTdV6x3zIrHv + dkobgI/0ynujSeMVzXA8cRDuLLVz0CwvNQ9FWzciZw4prOPjUDeSaOlIISOD4q8O + u/jRfaIzPuQNyQN/0B9gUacHOGkQ3sZ33gFt1j6YdfjWnHn2Ddxm99nXfYUo82oC + tEMui/7Vtj5G9dqDCzEacECvKqNVY2MRq5gpX+X5IwSbNc/vmykqhuDB5fzZWXRD + AmRfNCsuFCw3EehPWkdH9JJxysBa52sAB387CL44bJ2rfRglTAKZYNUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "/k2/hpq3XdSKfPPSAolfIx/AUgtKNF6kgv+WRTKtMqG"; + }; + wiregrill = { + ip6.addr = w6 "99"; + aliases = [ + "neoprism.w" + ]; + wireguard.pubkey = '' + lhMJvEZOREjCSS3BbBxel0dJ3Mxjj0m82sUXqyYlUx0= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEljpF/rqA2o9CcZny8Kdg1Ij9JmHsmuS/ii+HS5T7rW "; +} diff --git a/kartei/lass/phone.nix b/kartei/lass/phone.nix new file mode 100644 index 000000000..e4e0f58c1 --- /dev/null +++ b/kartei/lass/phone.nix @@ -0,0 +1,17 @@ +{ r6, w6, ... }: +{ + consul = false; + nets = { + wiregrill = { + ip4.addr = "10.244.1.13"; + ip6.addr = w6 "a"; + aliases = [ + "phone.w" + ]; + wireguard.pubkey = "FY4PB8E/RC2JvtLgq/IDyMmZ9Ln6pz6eGyoytmUFMgk="; + }; + }; + external = true; + ci = false; + syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; +} diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix new file mode 100644 index 000000000..c7965debf --- /dev/null +++ b/kartei/lass/prism.nix @@ -0,0 +1,125 @@ +{ config, krebs, r6, w6, ... }: +rec { + extraZones = { + "krebsco.de" = '' + cache 60 IN A ${nets.internet.ip4.addr} + p 60 IN A ${nets.internet.ip4.addr} + c 60 IN A ${nets.internet.ip4.addr} + paste 60 IN A ${nets.internet.ip4.addr} + prism 60 IN A ${nets.internet.ip4.addr} + social 60 IN A ${nets.internet.ip4.addr} + ''; + "lassul.us" = '' + $TTL 3600 + @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300) + 60 IN NS ns16.ovh.net. + 60 IN NS dns16.ovh.net. + 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} + IN MX 5 mail.lassul.us. + 60 IN TXT "v=spf1 mx -all" + 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) + default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" + cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + cgit CNAME ${config.krebs.hosts.prism.nets.internet.ip4.addr} + pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + io 60 IN NS ions.lassul.us. + ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + mail 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} + flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + ''; + }; + nets = rec { + internet = { + ip4 = { + addr = "95.216.1.150"; + prefix = "0.0.0.0/0"; + }; + ip6 = { + addr = "2a01:4f9:2a:1e9::1"; + prefix = "2a01:4f9:2a:1e9::/64"; + }; + aliases = [ + "prism.i" + "paste.i" + ]; + ssh.port = 45621; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.0.103"; + ip6.addr = r6 "1"; + aliases = [ + "prism.r" + "cache.prism.r" + "cgit.prism.r" + "bota.r" + "flix.r" + "jelly.r" + "paste.r" + "c.r" + "p.r" + "search.r" + "radio-news.r" + ]; + tinc = { + pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje + fxrKn67JbDb0cTAiDkI88alHBd8xeq2I6+CY90NT6PNVfsQBFx2v5YXafELXJWlo + rBvPFrR7nt1VzmG/hzkY8RwgC8hC6jRn7cvWWPCkvm2ZnNtYqAjiYMcUcWv6Vn9Z + ytPgkebDF9KpD8bL4vQu9iPZGNZpwncCw/Ix66oyTM6e24j/fTYgp7xn28wVUzUB + wWDH0uMQOxyBGFutEvAQ48XZ+QQxZv+2ZGqWJ+MeXreUPNP5wTxFCQOrkR1EXNio + /jgdHXtU5wVvqPwziukwwnfGJYUUHw7mjdo6ps5rch/aDxs0lahNc2TMbhr3rqgA + BkXVfwDTt8W/PB6Z0Y/djXOlUmQKO39OgZuhsYzqM4Uj17up7CDY77SiQYrV901C + 9CR5oFsAvV+WIMFUBc7ZZGPotJ9nZ2yyLQh+fT3sXuqFpGlyaI2SAm2edZUXKWQ5 + Q6AIyQRPkTNRCDuvXxIMdmOE++tBnyCI/Psn/Qet5gFcSsUMPhto8Yaka4SgJfyu + 3iIojFUzskowLWt6dBOGm5brI/OaKz0gyw5K3Hb4T7Jz+EwoeJfhbdZYA6NIY+qH + TGGl+47ffT+8e+1hvcAnO+bN5Br8WPN3+VD4FQD5yTb6pCFdZuL3QEyoKc9eugDb + g/+rFOsI8bfVeH5zZrl6B6XJBLGeKEECf3zwE2JObO3IuwxATSkahx1jAEy+hFyZ + kPwooGj03tkgVGc2AxgdHbfmNUbSVkO+m+ouBojikSrnFNKRTS/wZ69RVg3tl4qg + 7F4Vs/aMQ9bSWycvRBZQXITPQ1Y6mCEUj2mSKVHmgy/5rqwz2va/Yc1zhUptcINo + 7ztGiEzFMPGagkTs/Ntuqh2VbC/MwTao0BKl+gyCNwrACnNW87X4og2gtG3ukduz + cnSupO84hdTrclthsSEH/rLUauBsuIch58S/F7KCz9hwK45+Btky7Kz4mf/pE451 + k88QfDHw/cTSzlESPnEnthrRnhxn0fW7FRwJpieKm2AmyEEjSiiYt8mUdD3teKj0 + dgYrcGQkCnhmKDawgcw46wstBG/sAKT8qnZPRmlzKpcCS186ffuobQvj42LSmuMu + ToANi5pw2yEfzwLxNG/3whozB9rqwbqV/YAR/mthMxD0IXpLDKXlV1IeD7MfpV8i + jx6SghnkX/s2F7UTOlwJYe/Gl1biLRB8EPnOZKadHR0BRWFd+Qz6pJDp0B13jT3/ + AEPNGXLwVjmdhy2TVec3OGL/CukPEdiW1Urw5lfOc9dacTXjTNTXzod7Ub6s7ZOE + T7Y4dsVeW4OM7NmE/riqS3cG9obGWO7gIQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + pubkey_ed25519 = "XbBBPg+dtZM1LRN46VAujVKIC6VSo6nFoHo/1unbggO"; + }; + }; + wiregrill = { + via = internet; + ip4.addr = "10.244.1.103"; + ip6.addr = w6 "1"; + aliases = [ + "prism.w" + ]; + wireguard = { + pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; + subnets = [ + (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR + (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR + "10.244.1.0/24" + ]; + }; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU"; +} diff --git a/kartei/lass/shodan.nix b/kartei/lass/shodan.nix new file mode 100644 index 000000000..50ab86e6e --- /dev/null +++ b/kartei/lass/shodan.nix @@ -0,0 +1,36 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.4"; + ip6.addr = r6 "50da"; + aliases = [ + "shodan.r" + ]; + tinc = { + pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT + YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7 + ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF + 7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4 + xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ + V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + pubkey_ed25519 = "Ptc5VuYkRd5+zHibZwNe3DEgGHHvAk0Ul00dW1YXsrC"; + }; + }; + wiregrill = { + ip6.addr = w6 "50da"; + ip4.addr = "10.244.1.4"; + aliases = [ + "shodan.w" + ]; + wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30="; + }; + }; + secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C"; + syncthing.id = "AU5RTWC-HXNMDRT-TN4ZHXY-JMQ6EQB-4ZPOZL7-AICZMCZ-LNS2XXQ-DGTI2Q6"; +} diff --git a/kartei/lass/skynet.nix b/kartei/lass/skynet.nix new file mode 100644 index 000000000..2109d2e35 --- /dev/null +++ b/kartei/lass/skynet.nix @@ -0,0 +1,35 @@ +{ r6, w6, ... }: +{ + nets = rec { + retiolum = { + ip4.addr = "10.243.133.116"; + ip6.addr = r6 "5ce7"; + aliases = [ + "skynet.r" + ]; + tinc = { + pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX + Ic457utOSGxTE+90yXXez2DD9llJMMyd+O06lHJ7CxtbJGBNr3jwoUZVCdBuuo5B + p9XfhXU9l9fUsbc1+a/cDjPBhQv8Uqmc6tOX+52H1aqZsa4W50c9Dv5vjsHgxCB0 + yiUd2MrKptCQTdmMM9Mf0XWKPPOuwpHpxaomlrpUz07LisFVGGHCflOvj5PAy8Da + NC+AfNgR/76yfuYWcv4NPo9acjD9AIftS2c0tD3szyHBCGaYK/atKzIoBbFbOtMb + mwG3B0X3UdphkqGDGsvT+66Kcv2jnKwL0wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + pubkey_ed25519 = "9s7eB16k7eAtHyneffTCmYR7s3mRpJqpVVjSPGaVKKN"; + }; + }; + wiregrill = { + ip6.addr = w6 "5ce7"; + aliases = [ + "skynet.w" + ]; + wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU="; + }; + }; + secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; + syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3"; +} diff --git a/kartei/lass/ssh/red.ed25519 b/kartei/lass/ssh/red.ed25519 new file mode 100644 index 000000000..ee5d3e20e --- /dev/null +++ b/kartei/lass/ssh/red.ed25519 @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp diff --git a/kartei/lass/styx.nix b/kartei/lass/styx.nix new file mode 100644 index 000000000..0b13c1184 --- /dev/null +++ b/kartei/lass/styx.nix @@ -0,0 +1,43 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.11.1"; + ip6.addr = r6 "111"; + aliases = [ + "styx.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn + ETYrLu/TJjq5iSQx/JbbonJriMS3X/0+m8JREzeol67svQDuZEXTEg5EfEldxrrU + aZpNmTSmFbj2NLLCIfNBL/oLOvg9ElzhN+f+4jvakfEKi7Y7LekV25VVGrHbOEVE + 3G6XWfHx5qO5Vd6kqNWQKD3LG38aZ/Lx9XYDMbujYxPGCtOsabtAz8BKo/RgOZzi + 6A/54RFhdecJm0VoQk3iKpp2YqyCN6dLfJVLil4cREs4sW6nDyF4Y4l3dtZdfskq + m/MoZt6fwOjNIKuI9DGdU4/X1hQelnemstzxY5x1XwG52cz+ww0h7pMF2aggsHqn + Vmaq3b0fXrbn066Ybkbhz3UEIU9zKQGYaANGCnXxbvkd5lWbIN60GEXGE3zYJSAt + EH3FLDTGa27fTNgAnbdnSV40KWKN4FM0iY/xrt3aOXfneTP9S2fqzTVEL9vd04C/ + 7RWvRjvZ7mlAi+kVKSHkOibFVjeo+Z4Pvw5YxCAavrjXCiWj8zP8o3MNWcq/bMao + Uk9zBMXymm8zX43w5LNnhf59oitBjiY/mzZ3NDI9N3szMvJsaUEnhO4Kq1CWtMs2 + 6/TpEyRSmen1UmNwgKKFx3rELuctwMmNbOLL8cGLotEBhIk7vnZKD7NvLVX7xtOF + wzhy2N6a3ypB4XqM7dBzzAUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "yVT5nQstw+o5P0ZoBK81G7sL6nQEBwg42wyBn6ogZgK"; + weight = null; + }; + }; + wiregrill = { + ip6.addr = w6 "111"; + aliases = [ + "styx.w" + ]; + wireguard.pubkey = '' + 0BZfd8f0pZMRfyoHrdYZY0cR5zfFvJcS8gQLn6xGuFs= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU "; + syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN"; +} diff --git a/kartei/lass/tablet.nix b/kartei/lass/tablet.nix new file mode 100644 index 000000000..ea7e5d007 --- /dev/null +++ b/kartei/lass/tablet.nix @@ -0,0 +1,16 @@ +{ r6, w6, ... }: +{ + consul = false; + nets = { + wiregrill = { + ip4.addr = "10.244.1.14"; + ip6.addr = w6 "b"; + aliases = [ + "tablet.w" + ]; + wireguard.pubkey = "eIafsxYEFCqmWNFon6ZsYXeDrK4X1UJ9KD0zmNZjgEI="; + }; + }; + external = true; + ci = false; +} diff --git a/kartei/lass/xerxes.nix b/kartei/lass/xerxes.nix new file mode 100644 index 000000000..96f619a70 --- /dev/null +++ b/kartei/lass/xerxes.nix @@ -0,0 +1,52 @@ +{ r6, w6, ... }: +{ + consul = false; + nets = rec { + retiolum = { + ip4.addr = "10.243.1.3"; + ip6.addr = r6 "3"; + aliases = [ + "xerxes.r" + ]; + tinc = { + pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U + MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk + gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W + /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb + mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO + X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj + +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim + hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9 + 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4 + H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5 + JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4 + hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe + SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo + 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe + vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3 + Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO + scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv + jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ + Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u + /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0 + bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ + sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + pubkey_ed25519 = "PRtxFg/zw8dmwEGEM+u28N5GWuGNiHSNlaieplVSqQK"; + }; + }; + wiregrill = { + ip6.addr = w6 "3"; + aliases = [ + "xerxes.w" + ]; + wireguard.pubkey = "UTm8B8YUVvBGqwwxAUMVFsVQFQGQ6jbcXAavZ8LxYT8="; + }; + }; + secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; + syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM"; +} diff --git a/kartei/lass/yellow.nix b/kartei/lass/yellow.nix new file mode 100644 index 000000000..ebf824950 --- /dev/null +++ b/kartei/lass/yellow.nix @@ -0,0 +1,39 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.14"; + ip6.addr = r6 "3110"; + aliases = [ + "yellow.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP + MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY + b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU + Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd + OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP + vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6 + C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp + Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU + 52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg + zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p + DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ + Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "qZBhDSW6ir1/w6lOngg2feCZj9W9AfifEMlKXcOb5QE"; + }; + }; + wiregrill = { + ip6.addr = w6 "3110"; + aliases = [ + "yellow.w" + ]; + wireguard.pubkey = "YeWbR3mW+nOVBE7bcNSzF5fjj9ppd8OGHBJqERAUVxU="; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje "; +} diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index f9997b2d2..bf49a1766 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -58,21 +58,18 @@ with import ../../lib; in { hosts = mapAttrs hostDefaults { cake = rec { - cores = 4; ci = false; nets = { retiolum.ip4.addr = "10.243.136.236"; }; }; crapi = rec { # raspi1 - cores = 1; ci = false; nets = { retiolum.ip4.addr = "10.243.136.237"; }; }; firecracker = { - cores = 4; nets = { retiolum.ip4.addr = "10.243.12.12"; }; @@ -80,28 +77,24 @@ in { studio = rec { ci = false; - cores = 4; nets = { retiolum.ip4.addr = "10.243.227.163"; }; }; fileleech = rec { ci = false; - cores = 4; nets = { retiolum.ip4.addr = "10.243.113.98"; }; }; tsp = { ci = true; - cores = 1; nets = { retiolum.ip4.addr = "10.243.0.212"; }; }; x = { ci = true; - cores = 4; syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5"; nets = { retiolum.ip4.addr = "10.243.0.91"; @@ -113,7 +106,6 @@ in { }; filepimp = rec { ci = false; - cores = 1; nets = { retiolum.ip4.addr = "10.243.153.102"; }; @@ -121,7 +113,6 @@ in { omo = rec { ci = true; - cores = 2; syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK"; nets = { retiolum = { @@ -139,7 +130,6 @@ in { }; wbob = rec { ci = true; - cores = 4; nets = { retiolum = { ip4.addr = "10.243.214.15"; @@ -151,6 +141,12 @@ in { }; }; }; + # pixel3a + telex.nets.wiregrill = { + aliases = ["telex.w"]; + ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address; + }; + latte = rec { ci = true; extraZones = { @@ -158,7 +154,6 @@ in { latte.euer IN A ${nets.internet.ip4.addr} ''; }; - cores = 4; nets = rec { internet = { ip4.addr = "178.254.30.202"; @@ -240,7 +235,6 @@ in { music.euer IN A ${nets.internet.ip4.addr} ''; }; - cores = 8; nets = rec { internet = { ip4.addr = "142.132.189.140"; @@ -296,7 +290,6 @@ in { sdev = rec { ci = true; - cores = 1; nets = { retiolum.ip4.addr = "10.243.83.237"; }; @@ -306,7 +299,6 @@ in { # non-stockholm flap = rec { - cores = 1; extraZones = { "krebsco.de" = '' flap IN A ${nets.internet.ip4.addr} @@ -326,7 +318,6 @@ in { }; nukular = rec { - cores = 1; nets = { retiolum = { ip4.addr = "10.243.231.219"; @@ -336,17 +327,14 @@ in { shackdev = rec { # router@shack - cores = 1; nets.wiregrill.ip4.addr = "10.244.245.2"; }; rockit = rec { # router@home - cores = 1; nets.wiregrill.ip4.addr = "10.244.245.3"; }; senderechner = rec { - cores = 2; nets = { retiolum = { ip4.addr = "10.243.0.163"; diff --git a/kartei/makefu/wiregrill/telex.pub b/kartei/makefu/wiregrill/telex.pub new file mode 100644 index 000000000..12a42177e --- /dev/null +++ b/kartei/makefu/wiregrill/telex.pub @@ -0,0 +1 @@ +T7Cr80dBbtPFCPdz4OS7whDlQJzn2Orclq5rLVtD+Ds= diff --git a/kartei/others/default.nix b/kartei/others/default.nix index 214880cb3..de0bd2f7f 100644 --- a/kartei/others/default.nix +++ b/kartei/others/default.nix @@ -43,7 +43,6 @@ in { }; }; horisa = { - cores = 2; owner = config.krebs.users.ulrich; # main laptop nets = { retiolum = { @@ -57,7 +56,6 @@ in { }; }; hasegateway = { - cores = 1; owner = config.krebs.users.hase; nets = { #internet = { @@ -343,7 +341,6 @@ in { }; }; tpsw = { - cores = 2; owner = config.krebs.users.ciko; # main laptop nets = { retiolum = { @@ -592,106 +589,6 @@ in { syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC"; nets = {}; }; - catalonia = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.13.12"; - aliases = [ "catalonia.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y - gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA - VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE - Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e - FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ - HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3 - mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3 - zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6 - sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3 - ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf - vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL"; - }; - }; - }; - sicily = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.161.1"; - aliases = [ "sicily.r" "mukke.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg - aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam - xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod - 1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/ - IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7 - KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC - 7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L - LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp - T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB - w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO - 8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN"; - }; - }; - }; - rojava = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.23.42"; - aliases = [ "rojava.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd - B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb - HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61 - Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD - lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW - +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs - 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2 - vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx - HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+ - XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4 - yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F"; - }; - }; - }; - aland = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.12.34"; - aliases = [ "aland.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY - CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU - plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb - DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx - aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+ - OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1 - ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X - TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa - aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX - zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf - VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A"; - }; - }; - }; papawhakaaro = { owner = config.krebs.users.feliks; nets = { @@ -857,10 +754,6 @@ in { mail = "xq@shackspace.de"; pubkey = ssh-for "xq"; }; - xkey = { - mail = "xkey@krebsco.de"; - pubkey = ssh-for "xkey"; - }; miaoski = { }; filly = { diff --git a/kartei/oxzi/default.nix b/kartei/oxzi/default.nix new file mode 100644 index 000000000..a4d23b01a --- /dev/null +++ b/kartei/oxzi/default.nix @@ -0,0 +1,62 @@ +{ config, ... }: let + lib = import ../../lib; +in { + users.oxzi = { + mail = "post@0x21.biz"; + }; + hosts = { + ancha = { + owner = config.krebs.users.oxzi; + nets.retiolum = { + aliases = [ + "ancha.oxzi.r" + "gosh.r" + ]; + ip4.addr = "10.243.32.1"; + ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "ancha"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA5RSP7nWZ1c04kvQBxoHqcdRKpJuRDzD3f0Nl2KhS7QsAqHJGdK7T + RrsoZcvJaKIFnlohJ4T1YpGGcXqShhTmKt3sm/0awLhD+zTE8lAlvEj+lnCkHls8 + eXO+VDB5FelibW/wEnvdImxKBaSVt4RLmMyTuzS9xklEq8Q+wMvzJktnV3pWJjYX + /JBYQEUHlrqXldBlKGHkU1KhFZHD/wzV5Ybkku4w1BHrMUHJNwHpTshD/QBDiJFj + iRA3e3Jfpp3qj2uWetGuP7NlFpZCh/fSrTqkAE8uShcFlplbgJIEGz2pp644maqw + XxRWPH1Iy5NHwVz/GSzQ67vsEunRJjueFQk8gxnhjh/CAlmE9VdxfGQOkejBAq+X + zCbqyflLPPz3Qx56TVpmAOY4gma7sfsaYAv+zv2paUxFKBfZrEL5UNoIevV9kZDn + nDixTQ6cDxHt3yCVzvwqTTBktZ0mYom43lvKSUnihDrQL1u338labFPtsZTOK4bo + 687ToSUC6u80VcnMTZxPFYOgTMjdCZPo+j1bhzmCQQCzcStRSeKRta+LOYb73Tjz + M6CwC9uaHDxhtmysXpZ4Qp83tfU6h/AsBJJpBdpkyLYXTq+E32pIq6RtKFFQL00O + /e0DzUzSB30oKLW1i2ZxWRQMVqvNdKsyq4glI4eRjnRmrnXOwTb7Y2MCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "oLvC/Y3jfGH4a8mBbv9eCCWKsx32gDGW/iCyia/fuBD"; + }; + }; + marohu = { + owner = config.krebs.users.oxzi; + nets.retiolum = { + aliases = [ + "marohu.oxzi.r" + ]; + ip4.addr = "10.243.32.2"; + ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "marohu"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxHLkvuH9JMXay/fEmoWTEqLHg9A50EzkxPVBn4nyezgp5vxsUqJz + Ys0VnO6jjgz9T6N8u0CaavsqFy+X48A/+uB5nd/nGDZNaeTg+HUdznT4OFAJEaDi + uQREDsR5ZwmpI534eESHMdn5LSb/+5CUgj2xsoOBxnukALm1YccPxR0PPibCm+Z1 + P8r+1+nBgIPv+cknTXzhWMF/L7UOXuyV3Jmk1BIhwYmzWVes6idtIyJwoCbssoQT + cl21Czvhwx63o/QEa81qKeCK3AAAnMbp1tAxnzl7Wr/cSoBYRgSIZkOQPEUNHvpF + fT9UzZ3DZyAOMWNjqiK1M93VruFYer05qO3jGgumDey/9gLjP6GMjBw9jVDNY9yn + 8mOKz9dkrP3v/A96Uqp+w/lYO87YrxA+h9BYY4jyPngGh0DoXddHLHAKco39vbq8 + 4vQRsK5QNgquF7O9aBDMSrFosk1VFedpZQwC2LaXcjtI3aMq3vIURTbuWkutAjAd + p9a5dRa62pWk41n6yLmalCkqnHoqVUaft9wZIxbcrDLUso7QxY6kFhjADSijnr5B + HrBXJhNLGVjBD/W++l2CJ+L4njmy4eGrOTBvIzosCMbtgMtfuu7WSQhsjxTwclbD + utT3hmgxDPZydsvzRMsLNvNQwUoiLAL4mz27V9hYcJTKPAbUL3y8h48CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "q/DIqHkb/8Qu7OrCXaBeuxkT9XNPmxo8uF3GkFFC6rJ"; + }; + }; + }; +} diff --git a/kartei/rtunreal/default.nix b/kartei/rtunreal/default.nix index 5f00e3d45..faa593c63 100644 --- a/kartei/rtunreal/default.nix +++ b/kartei/rtunreal/default.nix @@ -15,13 +15,18 @@ let ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }; }); + ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); in { users = rec { - rtunreal = { - # Mail is temporary as it will change in the future and I - # don't want it to be semi permanent - # mail: krebscotemp(a)user-sites[point]de + rtunreal = rtunreal-spinner; + rtunreal-spinner = { + mail = "unreal@rtinf.net"; + pubkey = ssh-for "rtunreal.spinner"; + }; + rtunreal-runner = { + inherit (rtunreal-spinner) mail; + pubkey = ssh-for "rtunreal.runner"; }; }; hosts = mapAttrs hostDefaults { @@ -47,5 +52,27 @@ in tinc.pubkey_ed25519 = "eHWJxlhbUQY0rT2PLqbqb9W4hf7zHh3+gEIRaGrxAdB"; }; }; + rtrunner = { + nets.retiolum = { + aliases = [ "runner.rtunreal.r" ]; + ip4.addr = "10.243.20.22"; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwWSzslk21TbghFsEWk+A0FobqgxrYyyimzSw772OhIpDmCLd63Vr + x1A/ytEObngMgv/YDTZrp23uFo9uFipAIZPBFBPDPi3fa8OuaGY6MFP6961Ui30l + 4cHBfhuokfdDZxaARwsUtk3RgvFjQvF//Wgj6MIMg3lBMxr00/U3bhegkhP2NyT6 + NCB9xbM6iJQyzOum49u0NHXUEkDzpHWm85CcyV4UTv+MQEnXU4l2irYFu+ArTPEn + dHqbKBd8lPuLTH1ehiOTh85qC/KV36jHWwmguR96aVEplrFMgV43VnpJj5jLa1NQ + n00JiCkCVf89LkAz4ZXtQ+5cvDRSWQGYql+J3KJ28YynLPOIlVlEJ+HjhaSQT/3O + qiREOjp2KPpnSoY5561J2LfmL+shpsVzyFxO+2P0K2bE5K66LfTfmoLUiHKq4/SR + 8EPBZfwvMyWbL3vxngFhZKI01LMsf0YJxu9FWCOPa2X6B7JAxr1jMn0Uzw3ZvNnq + q6QK/sJhuM1/ddmCMofKYeOtfdunnboniFzI2QValuIdmlOi7nYNqy+gSrxRSWnJ + PTzGoJB9R4/PufSGJxUr7FCRxSY/TN7fJF74YVG9iVz2ttEuwdUI3ORQVrORbpEI + wEtM64cb0Dt2WyB3Sit8UGtK59BPYJcU7PB+tMnNLynPzFdkj8gDZtsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "YJE4KD9PhDjxucDAGrbec5Yqqf3A8/VU0J0NV8EPXuN"; + }; + }; }; } diff --git a/kartei/rtunreal/ssh/rtunreal.runner.pub b/kartei/rtunreal/ssh/rtunreal.runner.pub new file mode 100644 index 000000000..401941d8d --- /dev/null +++ b/kartei/rtunreal/ssh/rtunreal.runner.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOQJOT6cBwg5xXHR+zpS7+VMcx4F73Qm+X4cWaFqRp+g5ru0M/xb+T2icX189j0qWe3BwpftupzaHy7h4sZRTIcRGwlu8LRGFY1WpL8ftgvWCG45ZD3Lp1nX3XpOfBTZD+XYoNOWVM4kuL/+wWYGQYKzo4Ui3kKFEPo0hrShN7GEMim76Xm3m7sldGW0vBzSk8DpLykDLt+RxrLeY2xGI112fjAVvaWn82KE+kflaQIF5XZNVPFqNTMvhRL+ZHTal1SeN3i2TdcbxV9DMLQ/s5bcSLatae/SMlYqNipTpX+lodBqc0d7e0LfwYJERkAHB0NX3TfQPB5tB8EReGMoOm2m0TPdIRGhaEAM5abB5cQr3KV/r2BAVTrcA6ij2f2GszVNNllhHQHvpv5RZUw8+htvFbaTv0Ww+3X1CY/B+hQQ9st4DIfC0o2or38BE1cn90mqfqvl1s/uplkX3ToYo8PU8j0SqVtBWNq/E7lHecTIZqUL5NX32xUnXvjmhZgtU= trr@runner diff --git a/kartei/rtunreal/ssh/rtunreal.spinner.pub b/kartei/rtunreal/ssh/rtunreal.spinner.pub new file mode 100644 index 000000000..79c83ea19 --- /dev/null +++ b/kartei/rtunreal/ssh/rtunreal.spinner.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAWBFNy2N6Exx7tHlbUDXERJjT7PhIs+vZIWPmhh3qLieeC1tAOf9XcbgVGL3bAryyaCEr1s2bZ6rs2L1JgFFJEGE9TCbfl2dfJIslCPP4OmKxwciIo+T4eXbanGDV0hzW+/vvMyQeWcVT27BrANYR7R28nURmXa1aQ9nWdnHy1Evuv4fI/e+6o3AKEji6Spl5FHs3T9+5vrEwsdq7Mewbfel6gAb3xmp9DIR0Kz0QnitwwErcZYgA2o64C6DLNgsG2l1PrZxE3/MaB6FyzCyOfU8C0FovWlvmmOXkwFPZz1HN1KkKZKV50H4ffiN0cVSLBt6NW6s0v7TWhJyrbIEr trr@spinner diff --git a/kartei/template/default.nix b/kartei/template/default.nix new file mode 100644 index 000000000..2acf78d38 --- /dev/null +++ b/kartei/template/default.nix @@ -0,0 +1,20 @@ +{ config, ... }: let + lib = import ../../lib; +in { + users.DUMMYUSER = { + mail = "DUMMYUSER@example.ork"; + }; + hosts.DUMMYHOST = { + owner = config.krebs.users.DUMMYUSER; + nets.retiolum = { + aliases = [ "DUMMYHOST.DUMMYUSER.r" ]; + ip6.addr = (lib.krebs.genipv6 "retiolum" "DUMMYUSER" { hostName = "DUMMYHOST"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + DUMMYTINCPUBKEYRSA + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "DUMMYTINCPUBKEYED25519"; + }; + }; +} diff --git a/kartei/tv/default.nix b/kartei/tv/default.nix index e6cfedb02..005c26e88 100644 --- a/kartei/tv/default.nix +++ b/kartei/tv/default.nix @@ -40,7 +40,6 @@ in { hosts = mapAttrs evalHost { alnus = { ci = true; - cores = 2; nets = { retiolum = { ip4.addr = "10.243.21.1"; @@ -64,7 +63,6 @@ in { }; au = { ci = true; - cores = 4; nets = { retiolum = { ip4.addr = "10.243.13.39"; @@ -89,7 +87,6 @@ in { }; bu = { ci = true; - cores = 4; nets = { retiolum = { ip4.addr = "10.243.13.36"; @@ -138,7 +135,6 @@ in { }; mu = { ci = true; - cores = 2; nets = { retiolum = { ip4.addr = "10.243.20.1"; @@ -169,8 +165,10 @@ in { cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} + search.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} + search.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} krebsco.de. 60 IN MX 5 ni - krebsco.de. 60 IN TXT v=spf1 mx -all + krebsco.de. 60 IN TXT "v=spf1 mx -all" tv 300 IN NS ni ''; }; @@ -196,6 +194,8 @@ in { aliases = [ "ni.r" "cgit.ni.r" + "krebs.ni.r" + "search.ni.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -226,7 +226,6 @@ in { }; nomic = { ci = true; - cores = 2; nets = { retiolum = { ip4.addr = "10.243.0.110"; @@ -252,7 +251,6 @@ in { }; wu = { ci = true; - cores = 4; nets = { retiolum = { ip4.addr = "10.243.13.37"; @@ -278,7 +276,6 @@ in { }; querel = { ci = true; - cores = 2; nets = { retiolum = { ip4.addr = "10.243.22.22"; @@ -309,14 +306,12 @@ in { pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s="; }; ci = true; - cores = 4; nets = { retiolum = { ip4.addr = "10.243.13.38"; aliases = [ "xu.r" "cgit.xu.r" - "krebs.xu.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -336,7 +331,6 @@ in { }; zu = { ci = true; - cores = 4; nets = { retiolum = { ip4.addr = "10.243.13.40"; @@ -366,7 +360,7 @@ in { "http://cgit.krebsco.de" = { desc = "Git repositories"; }; - "http://krebs.xu.r" = { + "http://krebs.ni.r" = { desc = "krebs-pages mirror"; }; }; diff --git a/kartei/xkey/default.nix b/kartei/xkey/default.nix new file mode 100644 index 000000000..a8a6648ce --- /dev/null +++ b/kartei/xkey/default.nix @@ -0,0 +1,126 @@ +with import ../../lib; +{ config, ... }: +let + maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else []; + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + owner = config.krebs.users.kmein; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum = { + ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill = { + ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + }; + }); + ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); +in +{ + users = rec { + xkey = { + mail = "xkey@krebsco.de"; + pubkey = ssh-for "xkey"; + }; + }; + hosts = mapAttrs hostDefaults { + aland = { + nets = { + retiolum = { + ip4.addr = "10.243.12.34"; + aliases = [ "aland.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY + CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU + plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb + DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx + aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+ + OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1 + ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X + TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa + aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX + zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf + VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A"; + }; + }; + }; + catalonia = { + nets = { + retiolum = { + ip4.addr = "10.243.13.12"; + aliases = [ "catalonia.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y + gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA + VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE + Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e + FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ + HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3 + mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3 + zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6 + sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3 + ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf + vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL"; + }; + }; + }; + rojava = { + nets = { + retiolum = { + ip4.addr = "10.243.23.42"; + aliases = [ "rojava.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd + B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb + HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61 + Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD + lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW + +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs + 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2 + vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx + HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+ + XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4 + yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F"; + }; + }; + }; + sicily = { + nets = { + retiolum = { + ip4.addr = "10.243.161.1"; + aliases = [ "sicily.r" "mukke.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg + aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam + xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod + 1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/ + IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7 + KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC + 7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L + LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp + T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB + w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO + 8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN"; + }; + }; + }; + }; +} diff --git a/kartei/xkey/ssh/xkey.pub b/kartei/xkey/ssh/xkey.pub new file mode 100644 index 000000000..a50522fce --- /dev/null +++ b/kartei/xkey/ssh/xkey.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwyWKyTjg00x1M1PCDBXbixmdZObZiMLAW0f9KGFvC diff --git a/krebs/0tests/data/test-config.nix b/krebs/0tests/data/test-config.nix index f0927ddd9..33cb01245 100644 --- a/krebs/0tests/data/test-config.nix +++ b/krebs/0tests/data/test-config.nix @@ -8,7 +8,6 @@ ]; krebs.hosts.minimal = { - cores = 1; secure = false; }; diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 02749dafe..9849937d5 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -14,6 +14,7 @@ <stockholm/krebs/2configs/mud.nix> <stockholm/krebs/2configs/cal.nix> + <stockholm/krebs/2configs/mastodon.nix> ## shackie irc bot <stockholm/krebs/2configs/shack/reaktor.nix> @@ -21,6 +22,7 @@ krebs.build.host = config.krebs.hosts.hotdog; krebs.github-hosts-sync.enable = true; + krebs.pages.enable = true; boot.isContainer = true; networking.useDHCP = false; diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix index 8250ebad9..2f55995cf 100644 --- a/krebs/1systems/ponte/config.nix +++ b/krebs/1systems/ponte/config.nix @@ -7,5 +7,31 @@ <stockholm/krebs/2configs/matterbridge.nix> ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.logRefusedConnections = false; + networking.firewall.logRefusedUnicastsOnly = false; + + # Move Internet-facing SSH port to reduce logspam. + networking.firewall.extraCommands = let + host = config.krebs.build.host; + in /* sh */ '' + iptables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22 + iptables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22 + iptables -t nat -A PREROUTING -d ${host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT + iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0 + + ip6tables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22 + ip6tables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22 + ip6tables -t nat -A PREROUTING -d ${host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT + ip6tables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0 + ''; + krebs.build.host = config.krebs.hosts.ponte; + + krebs.pages.enable = true; + krebs.pages.nginx.addSSL = true; + krebs.pages.nginx.enableACME = true; + + security.acme.acceptTerms = true; + security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de"; } diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index f4bd472a4..033cb94d1 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -110,7 +110,8 @@ <stockholm/krebs/2configs/shack/prometheus/server.nix> <stockholm/krebs/2configs/shack/prometheus/blackbox.nix> #<stockholm/krebs/2configs/shack/prometheus/unifi.nix> - <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix> + # TODO: alertmanager 0.24+ supports telegram + # <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix> ]; krebs.build.host = config.krebs.hosts.puyak; diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 38d770316..fffe128e6 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -27,9 +27,6 @@ with import <stockholm/lib>; ]; console.keyMap = "us"; - i18n = { - defaultLocale = lib.mkForce "C"; - }; programs.ssh.startAgent = false; @@ -60,4 +57,7 @@ with import <stockholm/lib>; # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "17.03"; + + # maybe fix Error: unsupported locales detected: + i18n.defaultLocale = mkDefault "C.UTF-8"; } diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index c6c91e074..5435ea166 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,9 +5,10 @@ 6667 ]; - krebs.ergo = { + services.ergochat = { enable = true; - config = { + settings = { + server.name = "irc.r"; server.secure-nets = [ "42::0/16" "10.240.0.0/12" diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix new file mode 100644 index 000000000..4d359c3fe --- /dev/null +++ b/krebs/2configs/mastodon-proxy.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: +{ + services.nginx = { + enable = true; + virtualHosts."social.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + # TODO use this in 22.11 + # recommendedProxySettings = true; + proxyPass = "http://hotdog.r"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + ''; + }; + }; + }; +} diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix new file mode 100644 index 000000000..145b383ed --- /dev/null +++ b/krebs/2configs/mastodon.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresql = { + enable = true; + dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}"; + package = pkgs.postgresql_11; + }; + systemd.tmpfiles.rules = [ + "d /var/state/postgresql 0700 postgres postgres -" + ]; + + services.mastodon = { + enable = true; + localDomain = "social.krebsco.de"; + configureNginx = true; + trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr; + smtp.createLocally = false; + smtp.fromAddress = "derp"; + }; + + services.nginx.virtualHosts.${config.services.mastodon.localDomain} = { + forceSSL = lib.mkForce false; + enableACME = lib.mkForce false; + locations."@proxy".extraConfig = '' + proxy_redirect off; + proxy_pass_header Server; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + ''; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + ]; + + environment.systemPackages = [ + (pkgs.writers.writeDashBin "tootctl" '' + sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@" + '') + (pkgs.writers.writeDashBin "create-mastodon-user" '' + set -efu + nick=$1 + /run/current-system/sw/bin/tootctl accounts create "$nick" --email "$nick"@krebsco.de --confirmed + /run/current-system/sw/bin/tootctl accounts approve "$nick" + '') + ]; +} diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 3649aeeea..d6c6371da 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -68,8 +68,8 @@ wantedBy = [ "multi-user.target" ]; }; - krebs.ergo.openFilesLimit = 16384; - krebs.ergo.config = { + services.ergochat.openFilesLimit = 16384; + services.ergochat.settings = { limits.nicklen = 100; limits.identlen = 100; history.enabled = false; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 13b59fa82..11aaf876a 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -64,8 +64,7 @@ let pkgs.curl pkgs.stable-generate ]} - stable_url=$(stable-generate "$@") - paste_url=$(curl -Ss "$stable_url" | + paste_url=$(stable-generate "$@" | curl -Ss http://p.r --data-binary @- | tail -1 ) @@ -73,6 +72,22 @@ let ''; }; }; + interrogate = { + pattern = "^!interrogate (.*)$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writeDash "interrogate" '' + set -efux + + export PATH=${makeBinPath [ + pkgs.stable-interrogate + ]} + caption=$(stable-interrogate "$@") + echo "$_from: $caption" + ''; + }; + }; confuse_hackint = { pattern = "^!confuse (.*)$"; @@ -87,8 +102,7 @@ let pkgs.stable-generate ]} case $_msgtarget in \#*) - stable_url=$(stable-generate "$@") - paste_url=$(curl -Ss "$stable_url" | + paste_url=$(stable-generate "$@" | curl -Ss https://p.krebsco.de --data-binary @- | tail -1 ) @@ -132,7 +146,7 @@ let command = 1; arguments = [2]; env.TASKDATA = "${stateDir}/${name}"; - commands = { + commands = rec { add.filename = pkgs.writeDash "${name}-task-add" '' ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1" ''; @@ -145,6 +159,7 @@ let delete.filename = pkgs.writeDash "${name}-task-delete" '' ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1" ''; + del = delete; done.filename = pkgs.writeDash "${name}-task-done" '' ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1" ''; @@ -289,7 +304,18 @@ let longitude=$(echo "$poi" | jq -r .longitude) fi - restaurant=$(osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude") + for api_endpoint in \ + https://lz4.overpass-api.de/api/interpreter \ + https://z.overpass-api.de/api/interpreter \ + https://maps.mail.ru/osm/tools/overpass/api/interpreter \ + https://overpass.openstreetmap.ru/api/interpreter \ + https://overpass.kumi.systems/api/interpreter + do + restaurant=$(osm-restaurants --endpoint "$api_endpoint" --radius "$2" --latitude "$latitude" --longitude "$longitude") + if [ "$?" -eq 0 ]; then + break + fi + done printf '%s' "$restaurant" | tail -1 | jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"' ''; }; @@ -297,6 +323,7 @@ let bedger-add bedger-balance hooks.sed + interrogate say (generators.command_hook { inherit (commands) dance random-emoji nixos-version; diff --git a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix b/krebs/2configs/shack/prometheus/alertmanager-telegram.nix deleted file mode 100644 index 8527001cb..000000000 --- a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ...}: -{ - systemd.services.alertmanager-bot-telegram = { - wantedBy = [ "multi-user.target" ]; - after = [ "ip-up.target" ]; - serviceConfig = { - EnvironmentFile = toString <secrets/shack/telegram_bot.env>; - DynamicUser = true; - StateDirectory = "alertbot"; - ExecStart = ''${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \ - --alertmanager.url=http://alert.prometheus.shack --log.level=info \ - --store=bolt --bolt.path=/var/lib/alertbot/bot.db \ - --listen.addr="0.0.0.0:16320" \ - --template.paths=${./templates}/shack.tmpl''; - }; - }; -} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 70fc05813..bff7e135f 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -7,6 +7,7 @@ let out = { imports = [ ../../kartei + ../../submodules/disko/module.nix ./acl.nix ./airdcpp.nix ./announce-activation.nix @@ -20,7 +21,6 @@ let ./ci ./current.nix ./dns.nix - ./ergo.nix ./exim-retiolum.nix ./exim-smarthost.nix ./exim.nix @@ -35,6 +35,7 @@ let ./iptables.nix ./kapacitor.nix ./konsens.nix + ./krebs-pages.nix ./monit.nix ./nixpkgs.nix ./on-failure.nix @@ -49,6 +50,7 @@ let ./secret.nix ./setuid.nix ./shadow.nix + ./sitemap.nix ./ssl.nix ./sync-containers.nix ./systemd.nix @@ -56,6 +58,7 @@ let ./tinc_graphs.nix ./upstream ./urlwatch.nix + ./users.nix ./xresources.nix ./zones.nix ]; @@ -66,15 +69,6 @@ let api = { enable = mkEnableOption "krebs"; - users = mkOption { - type = with types; attrsOf user; - }; - - sitemap = mkOption { - default = {}; - type = types.attrsOf types.sitemap.entry; - }; - zone-head-config = mkOption { type = with types; attrsOf str; description = '' @@ -91,10 +85,6 @@ let @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) IN NS ns19.ovh.net. IN NS dns19.ovh.net. - IN A 185.199.108.153 - IN A 185.199.109.153 - IN A 185.199.110.153 - IN A 185.199.111.153 ''; }; }; @@ -102,28 +92,6 @@ let imp = lib.mkMerge [ { - krebs.dns.providers = { - "krebsco.de" = "zones"; - shack = "hosts"; - i = "hosts"; - r = "hosts"; - w = "hosts"; - }; - - krebs.dns.search-domain = mkDefault "r"; - - krebs.users = { - krebs = { - home = "/krebs"; - mail = "spam@krebsco.de"; - }; - root = { - home = "/root"; - pubkey = config.krebs.build.host.ssh.pubkey; - uid = 0; - }; - }; - services.openssh.hostKeys = let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) [privkey]; diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix index 8acc4ccd8..8a74d3067 100644 --- a/krebs/3modules/dns.nix +++ b/krebs/3modules/dns.nix @@ -1,12 +1,21 @@ with import <stockholm/lib>; -{ +{ config, ... }: { options = { krebs.dns.providers = mkOption { type = types.attrsOf types.str; }; - krebs.dns.search-domain = mkOption { type = types.nullOr types.hostname; }; }; + config = mkIf config.krebs.enable { + krebs.dns.providers = { + "krebsco.de" = "zones"; + shack = "hosts"; + i = "hosts"; + r = "hosts"; + w = "hosts"; + }; + krebs.dns.search-domain = mkDefault "r"; + }; } diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix deleted file mode 100644 index d5f167e79..000000000 --- a/krebs/3modules/ergo.nix +++ /dev/null @@ -1,133 +0,0 @@ -{ config, lib, options, pkgs, ... }: { - options = { - krebs.ergo = { - enable = lib.mkEnableOption "Ergo IRC daemon"; - openFilesLimit = lib.mkOption { - type = lib.types.int; - default = 1024; - description = '' - Maximum number of open files. Limits the clients and server connections. - ''; - }; - config = lib.mkOption { - type = (pkgs.formats.json {}).type; - description = '' - Ergo IRC daemon configuration file. - https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml - ''; - default = { - network = { - name = "krebstest"; - }; - server = { - name = "${config.networking.hostName}.r"; - listeners = { - ":6667" = {}; - }; - casemapping = "permissive"; - enforce-utf = true; - lookup-hostnames = false; - ip-cloaking = { - enabled = false; - }; - forward-confirm-hostnames = false; - check-ident = false; - relaymsg = { - enabled = false; - }; - max-sendq = "1M"; - ip-limits = { - count = false; - throttle = false; - }; - }; - datastore = { - autoupgrade = true; - path = "/var/lib/ergo/ircd.db"; - }; - accounts = { - authentication-enabled = true; - registration = { - enabled = true; - allow-before-connect = true; - throttling = { - enabled = true; - duration = "10m"; - max-attempts = 30; - }; - bcrypt-cost = 4; - email-verification.enabled = false; - }; - multiclient = { - enabled = true; - allowed-by-default = true; - always-on = "opt-out"; - auto-away = "opt-out"; - }; - }; - channels = { - default-modes = "+ntC"; - registration = { - enabled = true; - }; - }; - limits = { - nicklen = 32; - identlen = 20; - channellen = 64; - awaylen = 390; - kicklen = 390; - topiclen = 390; - }; - history = { - enabled = true; - channel-length = 2048; - client-length = 256; - autoresize-window = "3d"; - autoreplay-on-join = 0; - chathistory-maxmessages = 100; - znc-maxmessages = 2048; - restrictions = { - expire-time = "1w"; - query-cutoff = "none"; - grace-period = "1h"; - }; - retention = { - allow-individual-delete = false; - enable-account-indexing = false; - }; - tagmsg-storage = { - default = false; - whitelist = [ - "+draft/react" - "+react" - ]; - }; - }; - }; - }; - }; - }; - config = let - cfg = config.krebs.ergo; - configFile = pkgs.writeJSON "ergo.conf" cfg.config; - in lib.mkIf cfg.enable ({ - environment.etc."ergo.yaml".source = configFile; - krebs.ergo.config = - lib.mapAttrsRecursive (_: lib.mkDefault) options.krebs.ergo.config.default; - systemd.services.ergo = { - description = "Ergo IRC daemon"; - wantedBy = [ "multi-user.target" ]; - # reload currently not working as expected - # reloadIfChanged = true; - restartTriggers = [ configFile ]; - serviceConfig = { - ExecStart = "${pkgs.ergochat}/bin/ergo run --conf /etc/ergo.yaml"; - ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID"; - DynamicUser = true; - StateDirectory = "ergo"; - LimitNOFILE = "${toString cfg.openFilesLimit}"; - }; - }; - }); -} diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index fe149448b..7c176d224 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -12,6 +12,8 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; + enableSPFVerification = mkEnableOption "SPF verification"; + authenticators = mkOption { type = types.attrsOf types.str; default = {}; @@ -123,10 +125,12 @@ let # XXX We abuse local_domains to mean "domains, we're the gateway for". domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} + domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains} hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts} - acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data + acl_smtp_mail = acl_check_mail + acl_smtp_rcpt = acl_check_rcpt never_users = root @@ -173,11 +177,46 @@ let acl_check_data: warn - sender_domains = ${concatStringsSep ":" cfg.sender_domains} + sender_domains = +sender_domains set acl_m_special_dom = $sender_address_domain accept + acl_check_mail: + ${if cfg.enableSPFVerification then indent /* exim */ '' + accept + authenticated = * + accept + hosts = +relay_from_hosts + deny + spf = fail : softfail + log_message = spf=$spf_result + message = SPF validation failed: \ + $sender_host_address is not allowed to send mail from \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + deny + spf = permerror + log_message = spf=$spf_result + message = SPF validation failed: \ + syntax error in SPF record(s) for \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + defer + spf = temperror + log_message = spf=$spf_result; deferred + message = temporary error during SPF validation; \ + please try again later + warn + spf = none : neutral + log_message = spf=$spf_result + accept + add_header = $spf_received + '' else indent /* exim */ '' + accept + ''} begin routers diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index ae0136303..bd1bb1652 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -11,7 +11,7 @@ in { }; }; - config = { + config = mkIf config.krebs.enable { networking.hosts = filterAttrs (_name: value: value != []) diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 375e26974..b760ea671 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -2,6 +2,12 @@ with import <stockholm/lib>; let + optionalAttr = name: value: + if name != null then + { ${name} = value; } + else + {}; + cfg = config.krebs.htgen; out = { @@ -30,8 +36,15 @@ let }; script = mkOption { - type = types.str; + type = types.nullOr types.str; + default = null; + }; + + scriptFile = mkOption { + type = types.nullOr (types.either types.package types.pathname); + default = null; }; + user = mkOption { type = types.user; default = { @@ -54,8 +67,10 @@ let after = [ "network.target" ]; environment = { HTGEN_PORT = toString htgen.port; - HTGEN_SCRIPT = htgen.script; - }; + } + // optionalAttr "HTGEN_SCRIPT" htgen.script + // optionalAttr "HTGEN_SCRIPT_FILE" htgen.scriptFile + ; serviceConfig = { SyslogIdentifier = "htgen"; User = htgen.user.name; diff --git a/krebs/3modules/krebs-pages.nix b/krebs/3modules/krebs-pages.nix new file mode 100644 index 000000000..6dd046a8b --- /dev/null +++ b/krebs/3modules/krebs-pages.nix @@ -0,0 +1,46 @@ +{ config, modulesPath, pkgs, ... }: let + cfg = config.krebs.pages; + lib = import ../../lib; + extraTypes.nginx-vhost = lib.types.submodule ( + lib.recursiveUpdate + (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix") + { inherit config lib; }) + {} + ); +in { + options.krebs.pages = { + enable = lib.mkEnableOption "krebs-pages"; + domain = lib.mkOption { + type = lib.types.hostname; + default = "krebsco.de"; + }; + nginx = lib.mkOption { + type = extraTypes.nginx-vhost; + default = {}; + example = lib.literalExpression /* nix */ '' + { + # To enable encryption and let let's encrypt take care of certificate + enableACME = true; + forceSSL = true; + } + ''; + description = lib.mkDoc '' + With this option, you can customize the nginx virtualHost settings. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.krebs-pages; + }; + }; + config = lib.mkIf cfg.enable { + services.nginx = { + enable = lib.mkDefault true; + virtualHosts.${cfg.domain} = lib.mkMerge [ cfg.nginx { + root = lib.mkForce cfg.package; + locations."= /ip".return = "200 $remote_addr"; + locations."= /redirect".return = "301 /redirect"; + }]; + }; + }; +} diff --git a/krebs/3modules/sitemap.nix b/krebs/3modules/sitemap.nix new file mode 100644 index 000000000..ec2179db1 --- /dev/null +++ b/krebs/3modules/sitemap.nix @@ -0,0 +1,8 @@ +let + lib = import ../../lib; +in { + options.krebs.sitemap = lib.mkOption { + type = with lib.types; attrsOf sitemap.entry; + default = {}; + }; +} diff --git a/krebs/3modules/ssl.nix b/krebs/3modules/ssl.nix index 3a9b5d329..8cbd8dcce 100644 --- a/krebs/3modules/ssl.nix +++ b/krebs/3modules/ssl.nix @@ -5,26 +5,7 @@ in { rootCA = lib.mkOption { type = lib.types.str; readOnly = true; - default = '' - -----BEGIN CERTIFICATE----- - MIIC0jCCAjugAwIBAgIJAKeARo6lDD0YMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD - VQQGEwJaWjESMBAGA1UECAwJc3RhdGVsZXNzMRAwDgYDVQQKDAdLcmVic2NvMQsw - CQYDVQQLDAJLTTEWMBQGA1UEAwwNS3JlYnMgUm9vdCBDQTEnMCUGCSqGSIb3DQEJ - ARYYcm9vdC1jYUBzeW50YXgtZmVobGVyLmRlMB4XDTE0MDYxMTA4NTMwNloXDTM5 - MDIwMTA4NTMwNlowgYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3Mx - EDAOBgNVBAoMB0tyZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBS - b290IENBMScwJQYJKoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUw - gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMs/WNyeQziccllLqom7bfCjlh6/ - /qx9p6UOqpw96YOOT3sh/mNSBLyNxIUJbWsU7dN5hT7HkR7GwzpfKDtudd9qiZeU - QNYQ+OL0HdOnApjdPqdspZfKxKTXyC1T1vJlaODsM1RBrjLK9RUcQZeNhgg3iM9B - HptOCrMI2fjCdZuVAgMBAAGjUDBOMB0GA1UdDgQWBBSKeq01+rAwp7yAXwzlwZBo - 3EGVLzAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGVLzAMBgNVHRMEBTAD - AQH/MA0GCSqGSIb3DQEBBQUAA4GBAIWIffZuQ43ddY2/ZnjAxPCRpM3AjoKIwEj9 - GZuLJJ1sB9+/PAPmRrpmUniRkPLD4gtmolDVuoLDNAT9os7/v90yg5dOuga33Ese - 725musUbhEoQE1A1oVHrexBs2sQOplxHKsVXoYJp2/trQdqvaNaEKc3EeVnzFC63 - 80WiO952 - -----END CERTIFICATE----- - ''; + default = builtins.readFile ../6assets/krebsRootCA.crt; }; intermediateCA = lib.mkOption { type = lib.types.str; diff --git a/krebs/3modules/users.nix b/krebs/3modules/users.nix new file mode 100644 index 000000000..c1ad4b44b --- /dev/null +++ b/krebs/3modules/users.nix @@ -0,0 +1,20 @@ +{ config, ... }: let + lib = import ../../lib; +in { + options.krebs.users = lib.mkOption { + type = with lib.types; attrsOf user; + }; + config = lib.mkIf config.krebs.enable { + krebs.users = { + krebs = { + home = "/krebs"; + mail = "spam@krebsco.de"; + }; + root = { + home = "/root"; + pubkey = config.krebs.build.host.ssh.pubkey; + uid = 0; + }; + }; + }; +} diff --git a/krebs/5pkgs/simple/generate-secrets/default.nix b/krebs/5pkgs/simple/generate-secrets/default.nix index f9a7450f7..a3c9f67c5 100644 --- a/krebs/5pkgs/simple/generate-secrets/default.nix +++ b/krebs/5pkgs/simple/generate-secrets/default.nix @@ -23,7 +23,6 @@ pkgs.writers.writeDashBin "generate-secrets" '' cat <<EOF $HOSTNAME = { - cores = 1; owner = config.krebs.users.krebs; nets = { retiolum = { diff --git a/krebs/5pkgs/simple/git-assembler.nix b/krebs/5pkgs/simple/git-assembler.nix new file mode 100644 index 000000000..095dddf0f --- /dev/null +++ b/krebs/5pkgs/simple/git-assembler.nix @@ -0,0 +1,24 @@ +{ pkgs, stdenv }: + +stdenv.mkDerivation rec { + pname = "git-assembler"; + version = "1.3"; + + src = pkgs.fetchFromGitLab { + owner = "wavexx"; + repo = "git-assembler"; + rev = "v${version}"; + hash = "sha256-A+ygt6Fxiu6EkVoQU5L1rhxu2e1HU0nbqJFzLzXzHBo="; + }; + + buildInputs = [ + pkgs.python3 + ]; + + buildPhase = ":"; + + installPhase = '' + mkdir -p $out/bin + cp git-assembler $out/bin + ''; +} diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix index 14b6f4c58..1ee13783b 100644 --- a/krebs/5pkgs/simple/htgen/default.nix +++ b/krebs/5pkgs/simple/htgen/default.nix @@ -1,13 +1,12 @@ { fetchgit, lib, pkgs, stdenv }: stdenv.mkDerivation rec { pname = "htgen"; - version = "1.3.1"; + version = "1.4.0"; - #src = <htgen>; src = fetchgit { - url = "http://cgit.krebsco.de/htgen"; + url = "https://cgit.krebsco.de/htgen"; rev = "refs/tags/${version}"; - sha256 = "0ml8kp89bwkrwy6iqclzyhxgv2qn9dcpwaafbmsr4mgcl70zx22r"; + sha256 = "1k6xdr4g1p2wjiyizwh33ihw3azbar7kmhyxywcq0whpip9inpmj"; }; installPhase = '' diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html index e6b7034b3..68b2cbad6 100644 --- a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html +++ b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html @@ -24,19 +24,10 @@ } </script> <body> - <p> - <a href="http://krebscode.github.io/minikrebs/linuxtag"> - Linuxtag Heckenkrebs Presentation - </a> - </p> - <p> - <a href="http://krebscode.github.io/writeups"> - CTF Writeups - </a> - </p> - <p> - <a href="thesauron.html"> - Thesauron - </a> - </p> + <p><a href='https://cgit.krebsco.de/krops/about/'>krops</a></p> + <p><a href='https://github.com/krebs/cholerab/blob/master/thesauron.adoc'>Thesauron</a></p> + <p><a href='https://nixos.wiki/'>Project: The new NixOS wiki</a></p> + <p><a target="_blank" href="https://www.amazon.de/?&_encoding=UTF8&tag=krebscode06-21&linkCode=ur2&linkId=d4430b368b8aceeca92101cd4a4cdd1d&camp=1638&creative=6742">Go through this amazon affiliate link and generate krebsgold</a><img src="//ir-de.amazon-adsystem.com/e/ir?t=krebscode06-21&l=ur2&o=3" width="1" height="1" border="0" alt="" style="border:none !important; margin:0px !important;" /></p> + <p> <a href="https://s.click.aliexpress.com/e/_A5luNt" target="_parent">Go through this aliexpress affiliate link and generate krebsgold</a></p> + </body> diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html deleted file mode 100644 index bcf1c5d48..000000000 --- a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html +++ /dev/null @@ -1,133 +0,0 @@ -<p>Cholerab n. -[de] -- Kunstwort aus Kollaboration und Cholera. Beschreibt den Zustand, dass - Zusammenarbeit niemals gut, einfach und ohne Schmerzen funktioniert. -- Teamwork-Plattform für Krebscode.</p> - -<p>eigentlich adv. -[de] -- Hinweis darauf, dass der Inhalt eines Satzes eine Soll-Realität beschreibt, - die nicht der Fall ist. -Antonym: tatsaechlich</p> - -<p>ghost n. -[de] -- Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen - Festplatten) aber wohl nie wieder kommen wird. -Siehe: Wiederbelebung</p> - -<p>KD;RP abbr. (pronounciation: kah-derp) -[en] -- Short for Krebs Darknet / Retiolum Prefix.</p> - -<p>krebs -[de] -- krebs ist ein soziales Experiment, eine Organisation, das zweit aelteste - Softwareprojekt im Shack und viel verteilte infrastruktur.</p> - -<p>kremium -[en] -- coinage derived from the words premium and krebs -see: broken -usage: Reaktor ircbot has unfixed broken behavior since ever->“Kremium Software”</p> - -<p>KRI abbr. (pronounciation: [en] cry) -[en] -- Short for Krebs Request for Implementation. - Derived from Scheme Requests for Implementation (SRFI).</p> - -<p>litterate programming n. -[en] -- any code that has not been proved mathematically.</p> - -<p>Nahziel n. -[de] -- Ziel mit höchst möglicher Priorität.</p> - -<p>Nahzielerfahrung n. -[de] -- das Erlebnis der (endgültigen) Nichterreichung eines Nahziels (obwohl - nur noch wenig ((quasi-) infinitesimal viel) nötig gewesen wäre).</p> - -<p>parentheses of fear -[en] -- unnecessary parentheses, usually used when order of precedence is unknown. - - Examples: 1 + (2 * 3)</p> - -<p>Protip n. -[en] -- (Probably vague) description how a task can be solved. - - Antonym: Spoiler - - Example: - - To defeat the Cyberdaemon, shoot at it until it dies. - - RTFM</p> - -<p>Punching Lemma n. -[de] -- Sozialer Druck zur Aufrechterhaltung der Ordnung in dem sozialen Geflaecht - von Krebs</p> - -<p>ref, n. -[en] -- A reference like an URI, ISBN, name of a person, etc.</p> - -<p>reftrace, n. -[en] -- A stacktrace-like representation of refs that lead to some (any kind of) - conclusion. Usually generated by a human. The conclusion can be either on - the top or on the bottom of the stack. If the order is ambiguous, then it - should be communicated explicitly. - - Example: (conclusion first) - - http://en.wikipedia.org/wiki/Stack_trace - - google “stacktrace” (first entry / 2014–12–05T12:13:58Z) - - think about some example [this could be omitted, as it’s obvious…]</p> - -<p>Retiolum n. -[en] -- The official darknet of Krebs which utilizes the Retiolum Prefix to - address individual nodes.</p> - -<p>Retiolum Prefix n. -[en] -- The universally accepted IPv6-prefix, 42::/16. Anyone can has a - /128-subnet and, if require, anything larger.</p> - -<p>Retiolum Realtime Map n. -[en] -- The network map of the public visible part of Retiolum.</p> - -<p>RRM [abbr.][en] -- Short for Retiolum Retiolum Map.</p> - -<p>Sanatorium n. -[en] -- The Krebs Control and Command Center. -- An Retiolum-based IRC-channel where all Reaktor-enabled nodes gather - and lurk for relevant input.</p> - -<p>Spoiler n. -[en] -- A subset of walkthrough, i.e. any individual steps may be omitted. - - Antonym: Protip</p> - -<p>tatsaechlich, adv. -[de] -- Hinweis darauf, dass der Inhalt eines Satzes exakt der Realität entspricht. -Antonym: eigentlich</p> - -<p>Verkrebsung n. -[de] -- Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs - Komponente) auf einem beliebigem System.</p> - -<p>Walkthrough n. -[en] -- Description of the individual steps to complete a task. - - Examples: - - program code - - small-step semantics</p> - -<p>Wiederbelebung n. -[de] -- Ein ghost wird im Darknet wieder erreichbar -Siehe: ghost</p> diff --git a/krebs/5pkgs/simple/passwdqc-utils/default.nix b/krebs/5pkgs/simple/passwdqc-utils/default.nix index 4cc8d5b21..1def3167c 100644 --- a/krebs/5pkgs/simple/passwdqc-utils/default.nix +++ b/krebs/5pkgs/simple/passwdqc-utils/default.nix @@ -1,16 +1,17 @@ { fetchurl, lib, stdenv -, pam +, libxcrypt +, linux-pam , wordset-file ? null, # set your own wordset-file }: stdenv.mkDerivation rec { - name = "passwdqc-utils-${version}"; - version = "1.3.0"; - buildInputs = [ pam ]; + pname = "passwdqc-utils"; + version = "2.0.2"; + buildInputs = [ libxcrypt linux-pam ]; src = fetchurl { url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz"; - sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93"; + hash = "sha256-/x9QV2TAIPakSEseDMT9vy4/cbUikm2QtHCRBMoGBKs="; }; buildTargets = "utils"; diff --git a/krebs/5pkgs/simple/stable-generate/default.nix b/krebs/5pkgs/simple/stable-generate/default.nix index fac261613..dc9c826f9 100644 --- a/krebs/5pkgs/simple/stable-generate/default.nix +++ b/krebs/5pkgs/simple/stable-generate/default.nix @@ -1,64 +1,32 @@ { pkgs, lib, ... }: -pkgs.writers.writeDashBin "stable-generate" '' +pkgs.writers.writeBashBin "stable-generate" '' set -efu export PATH=${lib.makeBinPath [ + pkgs.coreutils pkgs.curl pkgs.jq ]} STABLE_URL=''${STABLE_URL:-http://stable-confusion.r} - PAYLOAD=$(jq -cn --arg query "$*" '{fn_index: 51, data: [ - $query, - "", - "None", - "None", - 20, # sampling steps - "Euler a", # sampling method - false, # restore faces - false, - 1, - 1, - 7, - -1, - -1, - 0, - 0, - 0, - false, - 512, #probably resolution - 512, #probably resolution - false, - 0.7, - 0, - 0, - "None", - "", - false, - false, - false, - "", - "Seed", - "", - "Nothing", - "", - true, - false, - false, - null, - "", - ""], session_hash: "hello_this_is_dog"}') + PAYLOAD=$(jq -cn --arg prompt "$*" '{ + prompt: $prompt + }') - data=$(curl -Ssf "$STABLE_URL/run/predict/" \ + filename=$(mktemp) + curl -Ssf "$STABLE_URL/sdapi/v1/txt2img" \ -X POST \ --Header 'Content-Type: application/json' \ - --data "$PAYLOAD" - ) - export data + --data "$PAYLOAD" | + jq -r '.images[0]' | + base64 --decode > "$filename" - filename=$(jq -rn 'env.data | fromjson.data[0][0].name') - - echo "$STABLE_URL/file=$filename" + if test -t 1; then + echo "$filename" + else + cat "$filename" + rm "$filename" + fi '' diff --git a/krebs/5pkgs/simple/stable-interrogate/default.nix b/krebs/5pkgs/simple/stable-interrogate/default.nix new file mode 100644 index 000000000..7cc7509eb --- /dev/null +++ b/krebs/5pkgs/simple/stable-interrogate/default.nix @@ -0,0 +1,30 @@ +{ pkgs, lib, ... }: + +pkgs.writers.writeBashBin "stable-interrogate" '' + set -xefu + set -o pipefail + + export PATH=${lib.makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.jq + ]} + + STABLE_URL=''${STABLE_URL:-http://stable-confusion.r} + + (if test -e "$1"; then + cat "$1" + elif [[ "$1" =~ ^https?: ]]; then + curl -fSs "$1" + else + echo 'input not recognized' >&2 + exit 1 + fi) | base64 | + jq -Rsrc '{ + image: ., + model: "deepdanbooru", # clip is broken right now :( + }' | + curl -Ssf "$STABLE_URL/sdapi/v1/interrogate" \ + -X POST -H 'Content-Type: application/json' -d @- | + jq -r '.caption' +'' diff --git a/krebs/5pkgs/simple/ukrepl.nix b/krebs/5pkgs/simple/ukrepl.nix new file mode 100644 index 000000000..bdea4181f --- /dev/null +++ b/krebs/5pkgs/simple/ukrepl.nix @@ -0,0 +1,11 @@ +{ lib, pkgs,stdenv }: +let + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "ukrepl"; + rev = "0baa5cc4d5c3c17af704b69a800dd1f520ded8e3"; + hash = "sha256:1lnhkf02f18fvf3l2fcszvs4x115lql17akabd5ph9ff9z33k8rv"; + }; +in + pkgs.writers.writePython3Bin "ukrepl" {} (builtins.readFile (src + "/ukrepl")) + diff --git a/krebs/6assets/krebsAcmeCA.crt b/krebs/6assets/krebsAcmeCA.crt index 1cd5aed0b..bf05b44f4 100644 --- a/krebs/6assets/krebsAcmeCA.crt +++ b/krebs/6assets/krebsAcmeCA.crt @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICWTCCAcKgAwIBAgIQbAfVX2J0VIzhEYSPVAB4SzANBgkqhkiG9w0BAQsFADCB +MIICWTCCAcKgAwIBAgIQIpBt0MsRpYd8LWNdb9MfITANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq -hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMTAwODQ5 -MDZaFw0yMjEyMTAwODQ5MDZaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT -BgcqhkjOPQIBBggqhkjOPQMBBwNCAATL8dNO7ajNe60Km7wHrG06tCUj5kQKWsrQ -Ay7KX8zO+RwQpYhd/i4bqpeGkGWh8uHLZ+164FlZaLgHO10DRja5o4GAMH4wDgYD -VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFMt9yJED -mPRhXsrNZ0x+GtzjdnTLMB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv -MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEANo/2 -teIuEsniwxVdqu+ukjqOXHIkBK7F91+G7BuDjBlx2U96v1MwsmT4D9upajERnOOD -tLx990Sj4t3avRTpytt+qLeIMIxt62YksUXVjDWndqaDcEUat5ZVEQsZ0ZmjOHrA -BaB65eU0xhJWKAZdk55GqHEFz3Ym4rx7WUaomzk= +hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMjEyMDYxODI2 +MDhaFw0yMzEyMDYxODI2MDhaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT +BgcqhkjOPQIBBggqhkjOPQMBBwNCAAT4KuemY4BowAbFjzCvi+PthBTWCtewnAbr +qDSlA602QcuQVmqa1/3TaYag7KNDgeg5eshMRI9GN/boKTpgcLeZo4GAMH4wDgYD +VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJYxArnj +SEArwloaM5blBymFmcL2MB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv +MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEAekCt +XrKwanrcy6+k3YfXWGiMJ47Ys7Mfa5UfIs7QiXv74MgtklLsX63D27hKn5rd7wk4 +20wXLMhb8ofrKnO4mt0VFRSGm9/cq9N/c/uuf4hMzhAJmusgkn02GG+cafqZ9ab9 +MjLmveT9WHphmgQTnJPEeYP2U2faHKIp6Gwv5qc= -----END CERTIFICATE----- diff --git a/krebs/6assets/krebsRootCA.crt b/krebs/6assets/krebsRootCA.crt new file mode 100644 index 000000000..3938c58b4 --- /dev/null +++ b/krebs/6assets/krebsRootCA.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0jCCAjugAwIBAgIJAKeARo6lDD0YMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD +VQQGEwJaWjESMBAGA1UECAwJc3RhdGVsZXNzMRAwDgYDVQQKDAdLcmVic2NvMQsw +CQYDVQQLDAJLTTEWMBQGA1UEAwwNS3JlYnMgUm9vdCBDQTEnMCUGCSqGSIb3DQEJ +ARYYcm9vdC1jYUBzeW50YXgtZmVobGVyLmRlMB4XDTE0MDYxMTA4NTMwNloXDTM5 +MDIwMTA4NTMwNlowgYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3Mx +EDAOBgNVBAoMB0tyZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBS +b290IENBMScwJQYJKoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMs/WNyeQziccllLqom7bfCjlh6/ +/qx9p6UOqpw96YOOT3sh/mNSBLyNxIUJbWsU7dN5hT7HkR7GwzpfKDtudd9qiZeU +QNYQ+OL0HdOnApjdPqdspZfKxKTXyC1T1vJlaODsM1RBrjLK9RUcQZeNhgg3iM9B +HptOCrMI2fjCdZuVAgMBAAGjUDBOMB0GA1UdDgQWBBSKeq01+rAwp7yAXwzlwZBo +3EGVLzAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGVLzAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAIWIffZuQ43ddY2/ZnjAxPCRpM3AjoKIwEj9 +GZuLJJ1sB9+/PAPmRrpmUniRkPLD4gtmolDVuoLDNAT9os7/v90yg5dOuga33Ese +725musUbhEoQE1A1oVHrexBs2sQOplxHKsVXoYJp2/trQdqvaNaEKc3EeVnzFC63 +80WiO952 +-----END CERTIFICATE----- diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index a5d67f2fc..644192bbf 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "b457130e8a21608675ddf12c7d85227b22a27112", - "date": "2022-11-16T11:03:19+00:00", - "path": "/nix/store/jr123qfmrl53imi48naxh6zs486fqmz2-nixpkgs", - "sha256": "16cjrr3np3f428lxw8yk6n2dqi7mg08zf6h6gv75zpw865jz44df", + "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "date": "2022-12-11T09:33:23+00:00", + "path": "/nix/store/lmiwldi32kcc2qgm68swxgb3xzba0ayc-nixpkgs", + "sha256": "1hmx7hhjr74fqmxhb49yfyrpqhzwayrq48xwjv3a117czpb0gnjx", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index f836f63f9..17bffe634 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "6474d93e007e4d165bcf48e7f87de2175c93d10b", - "date": "2022-11-16T11:41:31+01:00", - "path": "/nix/store/z86f31carhz3sf78kn3lkyq748drgp63-nixpkgs", - "sha256": "00swm7hz3fjyzps75bjyqviw6dqg2cc126wc7lcc1rjkpdyk5iwg", + "rev": "9d692a724e74d2a49f7c985132972f991d144254", + "date": "2022-12-16T13:36:40-05:00", + "path": "/nix/store/76wc0ymx7rw348hpl0bp0yb77sf40xd6-nixpkgs", + "sha256": "1byh49p3kwi6adb1izaalj2ab9disfzq1cx526gwgv20ilmphvnr", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 59dbd91b5..97c069d86 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-22.05' \ + --rev refs/heads/nixos-22.11' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index d6943c110..9ef858e28 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -53,6 +53,7 @@ with import <stockholm/lib>; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; services.xserver.desktopManager.plasma5.enable = true; + services.tlp.enable = lib.mkForce false; services.xserver.layout = "de"; } { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index dd479f267..6d0d177ec 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -41,6 +41,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/ppp/umts-stick.nix> # <stockholm/lass/2configs/remote-builder/morpheus.nix> # <stockholm/lass/2configs/remote-builder/prism.nix> + <stockholm/lass/2configs/autotether.nix> { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix new file mode 100644 index 000000000..e4f9d2560 --- /dev/null +++ b/lass/1systems/neoprism/config.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/libvirt.nix> + { # TODO make new hfos.nix out of this vv + users.users.riot = { + uid = pkgs.stockholm.lib.genid_uint31 "riot"; + isNormalUser = true; + extraGroups = [ "libvirtd" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" + ]; + }; + # krebs.iptables.tables.filter.FORWARD.rules = [ + # { v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; } + # { v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; } + # ]; + } + ]; + + krebs.build.host = config.krebs.hosts.neoprism; +} diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix new file mode 100644 index 000000000..cf9a8cef4 --- /dev/null +++ b/lass/1systems/neoprism/disk.nix @@ -0,0 +1,116 @@ +{ lib, ... }: +{ + disk = (lib.genAttrs [ "/dev/nvme0n1" "/dev/nvme1n1" ] (disk: { + type = "disk"; + device = disk; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "boot"; + type = "partition"; + start = "0"; + end = "1M"; + part-type = "primary"; + flags = ["bios_grub"]; + } + { + type = "partition"; + name = "ESP"; + start = "1M"; + end = "1GiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "mdraid"; + name = "boot"; + }; + } + { + type = "partition"; + name = "zfs"; + start = "1GiB"; + end = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + } + ]; + }; + })) // { + hdd1 = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "zfs"; + pool = "tank"; + }; + }; + }; + mdadm = { + boot = { + type = "mdadm"; + level = 1; + metadata = "1.0"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + mode = "mirror"; + mountpoint = "/"; + rootFsOptions = { + }; + datasets.reserved = { + zfs_type = "filesystem"; + options.refreservation = "1G"; + }; + }; + tank = { + type = "zpool"; + datasets = { + reserved = { + zfs_type = "filesystem"; + options.refreservation = "1G"; + }; + containers = { + zfs_type = "filesystem"; + mountpoint = "/var/lib/containers"; + }; + home = { + zfs_type = "filesystem"; + mountpoint = "/home"; + }; + srv = { + zfs_type = "filesystem"; + mountpoint = "/srv"; + }; + libvirt = { + zfs_type = "filesystem"; + mountpoint = "/var/lib/libvirt"; + }; + # encrypted = { + # zfs_type = "filesystem"; + # options = { + # mountpoint = "none"; + # encryption = "aes-256-gcm"; + # keyformat = "passphrase"; + # keylocation = "prompt"; + # }; + # }; + + # "encrypted/download" = { + # zfs_type = "filesystem"; + # mountpoint = "/var/download"; + # }; + }; + }; + }; +} diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix new file mode 100644 index 000000000..4ffb749f1 --- /dev/null +++ b/lass/1systems/neoprism/physical.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +{ + + imports = [ + ./config.nix + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + disko.devices = import ./disk.nix; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; + boot.kernelModules = [ "kvm-amd" ]; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + # networking config + boot.kernelParams = [ "net.ifnames=0" ]; + networking.bridges."ext-br".interfaces = [ "eth0" ]; + networking = { + hostId = "2283aaae"; + defaultGateway = "95.217.192.1"; + defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; }; + # Use google's public DNS server + nameservers = [ "8.8.8.8" ]; + interfaces.ext-br.ipv4.addresses = [ + { + address = "95.217.192.59"; + prefixLength = 26; + } + ]; + interfaces.ext-br.ipv6.addresses = [ + { + address = "2a01:4f9:4a:4f1a::1"; + prefixLength = 64; + } + ]; + }; + +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7bffc39aa..594a21c02 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -111,6 +111,8 @@ with import <stockholm/lib>; <stockholm/lass/2configs/jitsi.nix> <stockholm/lass/2configs/fysiirc.nix> <stockholm/lass/2configs/bgt-bot> + <stockholm/lass/2configs/mumble-reminder.nix> + <stockholm/krebs/2configs/mastodon-proxy.nix> { services.tor = { enable = true; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 52d7a0f1f..ecf0337ed 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -1,6 +1,6 @@ -with import <stockholm/lib>; -{ config, lib, pkgs, ... }: -{ +{ config, lib, pkgs, ... }: let + vpnIp = "85.202.81.161"; +in { imports = [ <stockholm/lass> <stockholm/lass/2configs> @@ -11,6 +11,8 @@ with import <stockholm/lib>; users.groups.download.members = [ "transmission" ]; + networking.useHostResolvConf = false; + networking.useNetworkd = true; systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ]; systemd.services.transmission.after = [ "openvpn-nordvpn.service" ]; services.transmission = { @@ -167,13 +169,24 @@ with import <stockholm/lib>; { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin ]; + tables.filter.OUTPUT = { + policy = "DROP"; + rules = [ + { v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; } + { predicate = "-o tun0"; target = "ACCEPT"; } + { predicate = "-o retiolum"; target = "ACCEPT"; } + { v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; } + { v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; } + { v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; } + ]; + }; }; services.openvpn.servers.nordvpn.config = '' client dev tun proto udp - remote 194.110.84.106 1194 + remote ${vpnIp} 1194 resolv-retry infinite remote-random nobind diff --git a/lass/2configs/autotether.nix b/lass/2configs/autotether.nix new file mode 100644 index 000000000..98712303e --- /dev/null +++ b/lass/2configs/autotether.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: +{ + systemd.services.usb_tether = { + script = '' + ${pkgs.android-tools}/bin/adb -s QV770FAMEK wait-for-device + ${pkgs.android-tools}/bin/adb -s QV770FAMEK shell svc usb setFunctions rndis + ''; + }; + services.udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="fce/320d/510", TAG+="systemd", ENV{SYSTEMD_WANTS}="usb_tether.service" + ''; + systemd.network.networks.android = { + matchConfig.Name = "enp0s20u1"; + DHCP = "yes"; + }; +} diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix index 3e533fb74..a8dd3dd1d 100644 --- a/lass/2configs/c-base.nix +++ b/lass/2configs/c-base.nix @@ -1,97 +1,115 @@ { config, lib, pkgs, ... }: let - inherit (import <stockholm/lib>) genid; - in { - users.extraUsers = { - cbasevpn = rec { - name = "cbasevpn"; - uid = genid "cbasevpn"; - description = "user for running c-base openvpn"; - home = "/home/${name}"; - }; - }; - - users.extraGroups.cbasevpn.gid = genid "cbasevpn"; - environment.systemPackages = [ pkgs.cifs-utils ]; - services.openvpn.servers = { - c-base = { - config = '' - client - dev tap - proto tcp - remote vpn.ext.c-base.org 1194 - resolv-retry infinite - nobind - user cbasevpn - group cbasevpn - persist-key - persist-tun - - auth-nocache - #auth-user-pass - auth-user-pass ${toString <secrets/cbase.txt>} - - comp-lzo - verb 3 - - #script-security 2 - #up /etc/openvpn/update-resolv-conf - #down /etc/openvpn/update-resolv-conf - - <ca> - -----BEGIN CERTIFICATE----- - MIIDUjCCArugAwIBAgIJAOOk8EXgjsf5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV - BAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZj - LWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJ - ARYQYWRtYXhAYy1iYXNlLm9yZzAeFw0wOTAyMTMwOTE1MzdaFw0xOTAyMTEwOTE1 - MzdaMHoxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGlu - MQ8wDQYDVQQKEwZjLWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEf - MB0GCSqGSIb3DQEJARYQYWRtYXhAYy1iYXNlLm9yZzCBnzANBgkqhkiG9w0BAQEF - AAOBjQAwgYkCgYEAt3wEgXbqFKxs8z/E4rv13hkRi6J+QdshNzntm7rTOmUsXKE7 - IEwoJSglrmsDPv4UqE86A7bjW7YYSFjhzxFRkTEHJanyOCF48ZPItVl7Eq7T81co - uR+6lAhxnLDrwnPJCC83NzAa6lw8U1DsQRDkayKlrQrtZq6++pFFEvZvt1cCAwEA - AaOB3zCB3DAdBgNVHQ4EFgQUqkSbdXS90+HtqXDeAI+PcyTSSHEwgawGA1UdIwSB - pDCBoYAUqkSbdXS90+HtqXDeAI+PcyTSSHGhfqR8MHoxCzAJBgNVBAYTAkRFMQsw - CQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZjLWJhc2UxGzAZ - BgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhA - Yy1iYXNlLm9yZ4IJAOOk8EXgjsf5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF - BQADgYEAOBANG1H4uEEWk3sbeQoSMeA3LFG1+6MgFGk2WAdeHYuV9GKYBq6/PLP5 - ffw+FNkiDjLSeSQO88vHYJr2V1v8n/ZoCIT+1VBcDWXTpGz0YxDI1iBauO3tUPzK - wGs46RA/S0YwiZw64MaUHd88ZVadjKy9kNoO3w6/vpAS6s/Mh+o= - -----END CERTIFICATE----- - </ca> - key-direction 1 - <tls-auth> - # - # 2048 bit OpenVPN static key - # - -----BEGIN OpenVPN Static key V1----- - 5d49aa8c9cec18de7ab6e0b5cd09a368 - d3f1b8b77e055e448804fa0e14f487cb - 491681742f96b54a23fb8639aa9ed14e - c40b86a5546b888c4f3873f23c956e87 - 169076ec869127ffc85353fd5928871c - da19776b79f723abb366fae6cdfe4ad6 - 7ef667b7d05a7b78dfd5ea1d2da276dc - 5f6c82313fe9c1178c7256b8d1d081b0 - 4c80bc8f21add61fbc52c158579edc1d - bbde230afb9d0e531624ce289a17098a - 3261f9144a9a2a6f0da4250c9eed4086 - 187ec6fa757a454de743a349e32af193 - e9f8b49b010014bdfb3240d992f2f234 - 581d0ce05d4e07a2b588ad9b0555b704 - 9d5edc28efde59226ec8942feed690a1 - 2acd0c8bc9424d6074d0d495391023b6 - -----END OpenVPN Static key V1----- - </tls-auth> - ''; + systemd.network.networks.c-base = { + matchConfig.Name = "c-base"; + networkConfig = { + IgnoreCarrierLoss = "3s"; + KeepConfiguration = "static"; + DNS = "10.0.1.254"; + Domains = "cbrp3.c-base.org"; }; + routes = [ + { routeConfig = { + Destination = "10.0.1.0/24"; + Gateway = "172.31.77.1"; + };} + { routeConfig = { + Destination = "91.102.9.99/32"; # vorstand.c-base.org + Gateway = "172.31.77.1"; + };} + ]; + }; + services.openvpn.servers.c-base = { + config = '' + remote vpn.ext.c-base.org 1194 + verify-x509-name vpn.ext.c-base.org name + client + proto udp + dev-type tun + dev c-base + resolv-retry infinite + nobind + # user openvpn + # group openvpn + persist-key + persist-tun + comp-lzo + # register-dns + # block-outside-dns + script-security 2 + auth-user-pass ${toString <secrets/cbase.txt>} + #auth-user-pass + key-direction 1 + <tls-auth> + # + # 2048 bit OpenVPN static key + # + -----BEGIN OpenVPN Static key V1----- + 54a66ed1048bed7508703347e89d68d6 + 5586e6a5d1218cf8675941031d540be6 + 993e07200a16ad3b770b659932ee71e5 + f8080b5c9fa2acb3893abd40fad2552c + fdaf17565e617ae450efcccf5652dca5 + a16419509024b075941098731eb25ac0 + a64f963ece3dca1d2a64a9c5e17839d7 + 5b5080165a9b2dc90ef111879d7d3173 + 2d1027ae42d869394aca08da4472a9d0 + 6b724b4ed43a957feef7d6dfc86da241 + 74828fa0e1240941586f0d937cac32fc + 13cc81e7bed58817353d6afaff7e6a26 + 4f9cc086af79c1cdca660d86e18cff96 + 69dd3d392caf09a468894a8504f4cc7c + 7ae0072e6d9ad90b166ad13a39c57b3c + 3a869e27a1d89deb161c255227551713 + -----END OpenVPN Static key V1----- + </tls-auth> + <ca> + -----BEGIN CERTIFICATE----- + MIIGsDCCBJigAwIBAgIJAPkM1l2zA306MA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD + VQQGEwJERTEPMA0GA1UEBxMGQmVybGluMRswGQYDVQQLExJ2cG4uZXh0LmMtYmFz + ZS5vcmcxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEbMBkGA1UEKRMSdnBu + LmV4dC5jLWJhc2Uub3JnMR8wHQYJKoZIhvcNAQkBFhBhZG1heEBjLWJhc2Uub3Jn + MB4XDTE2MDcwOTE4MjkyMFoXDTI2MDcxMDE4MjkyMFowgZYxCzAJBgNVBAYTAkRF + MQ8wDQYDVQQHEwZCZXJsaW4xGzAZBgNVBAsTEnZwbi5leHQuYy1iYXNlLm9yZzEb + MBkGA1UEAxMSdnBuLmV4dC5jLWJhc2Uub3JnMRswGQYDVQQpExJ2cG4uZXh0LmMt + YmFzZS5vcmcxHzAdBgkqhkiG9w0BCQEWEGFkbWF4QGMtYmFzZS5vcmcwggIiMA0G + CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXEs+uWCXLNmm+lgP9x7u3FqWa4pPI + h64c6EWIULMATrhEw+Ej4fpCXwU9otFaO04fAeJmZGkDcnAYdBDiCeI0luOSdj44 + Bg9KecSei/TskqjhDVnEBp65hiz0rZE6c1baPdLYmD5xrXWb3i0zrlBYFawuL6C2 + lwVCEm3cadvkDJ2DleMuu3NblV8ViIDN0HZqzJNP72g1I0MgohkpetACXlf7MzQV + PFHfzvb04Rj2lJ8BDhceQ0WmjtVV/Ag6nka5oi954OeHMujRuH+rZYiQZDZpJLHK + Kh1KWTVlWPRy+AvCi9lweDWSmLccq7Ug4xMtDF4I5qW3tjCd0xqpZ21Xmo2JyKtY + 4h8wEDPqiJvgwvkXsH17GLn5ZxiMcQuRJQYZqJephkzR9uccJeWSS76kwm/vLqG3 + +eORlYnyjiNXtiMIhmAEFjpWUrGH8v4CijpUNP6E63ynGrRVXK684YQXkqL+xPAt + t6dsMBUwf94a2S1o2kgvuRCim1wlHvf1QsHrO/Hwgpzc8no/daWL+Z9Rq9okTHNK + nc1G5dv8TkmxIDYnLm07QMzzBoOT36BcGtkEBA+0xhQlX5PyQdM5/jnZVhdSBmoP + MbZXPoU/gJAIuuBuwdTlgCzYf44/9/YU/AnW8eLrbhm9KtMtoMpatrWorKqk/GPv + /lGNRQuNffrbiQIDAQABo4H+MIH7MB0GA1UdDgQWBBTf5cYbK+KCF9u9aobFlLbu + ilwX4jCBywYDVR0jBIHDMIHAgBTf5cYbK+KCF9u9aobFlLbuilwX4qGBnKSBmTCB + ljELMAkGA1UEBhMCREUxDzANBgNVBAcTBkJlcmxpbjEbMBkGA1UECxMSdnBuLmV4 + dC5jLWJhc2Uub3JnMRswGQYDVQQDExJ2cG4uZXh0LmMtYmFzZS5vcmcxGzAZBgNV + BCkTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhAYy1i + YXNlLm9yZ4IJAPkM1l2zA306MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD + ggIBAMs1moiS7UZ4neOivQjqwKrBbm1j3tgmPLhDfNMmXYarGhnBGAlLxLAQWtG+ + Fnbx8KcsJnrsWcGfZcst1z45S4a5oBdVNKOfgkMOG0glZorIDO8Odrb51rpyzU0v + 0wcNumMNWhkFuo2OTBHPnnJIWEAFwwCCSCL0I0hQxxoaV36kphjuIwzrMJhd+XAT + 24En58cNp6sPRDd+FzOH08uFINevyzKWYxkMgVj+e3fbuiyOB8RqvndKvtfBBcpB + cCO86lGnj/ETMDciTczUShxaMn9wV1zr1KH1xvT3ohUeOcQZGbGTcjG4mxlns8ZO + U5J3Yrcd1eMfJq9Bwd3zPsTLnT8LwIS8vfYRav9b34XdqcBG73dhrjsicMK0Qy0z + Qz7vKJzcvrEnKuaMyB3mCxz/UvbNc2Bupwm4FmzN5eFjDs+7paYFdfOzqMjoRP+8 + bcXSqDN5P2eUd7cdsZXaFNcsf1FkWlE3GudVBOmNJqz9zBab/T5J+l4Z90Pd6OUX + GNozEvLhcJkvPKA526TegHTGC8hMquxKc9tpOzNRqZJMFa+UG1mgMrMepRmM/B3s + QrKI1C11iCVYfb9J0tQUkfENHMx4J7mG2DZAhnKWQDU2awM41qU4A7aBYaJvDPnQ + RRcbaT0D794lKUQwH/mZuyKzF22oZNk1o1TV2SaFXqgX5tDt + -----END CERTIFICATE----- + </ca> + ''; }; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 49a04e9c2..e649c0dea 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -69,7 +69,6 @@ with import <stockholm/lib>; ]; networking.hostName = config.krebs.build.host.name; - nix.maxJobs = config.krebs.build.host.cores; krebs = { enable = true; diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix index 78d5ae0e9..d391e0d7b 100644 --- a/lass/2configs/libvirt.nix +++ b/lass/2configs/libvirt.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, ... }: { - users.users.mainUser.extraGroups = [ "libvirtd" ]; virtualisation.libvirtd.enable = true; + security.polkit.enable = true; krebs.iptables.tables.filter.INPUT.rules = [ { v6 = false; predicate = "-i virbr0 -p udp -m udp --dport 53"; target = "ACCEPT"; } diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix new file mode 100644 index 000000000..fe75a96a6 --- /dev/null +++ b/lass/2configs/mumble-reminder.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: let + write_to_irc = chan: pkgs.writeDash "write_to_irc" '' + ${pkgs.curl}/bin/curl -fsSv --unix-socket '${lib.removePrefix "unix:" config.krebs.reaktor2.mumble-reminder.API.listen}' http://z/ \ + -H content-type:application/json \ + -d "$(${pkgs.jq}/bin/jq -n \ + --arg text "$1" '{ + command:"PRIVMSG", + params:["${chan}",$text] + }' + )" + ''; + animals = '' + Erdferkel + Paviane + Raupen + Australischen Wildhunde + Emus + Flundern + Gorillas + Kolibris + Schwarzfersenantilopen + Quallen + Kois + Faulaffen + Schraubenziegen + Nachtigalle + Okapis + Stachelschweine + Kurzschwanzkängurus + Waschbären + ''; + systemPlugin = { + plugin = "system"; + config = { + hooks.PRIVMSG = [ + { + pattern = "^erriner mich$"; + activate = "match"; + command = { + filename = pkgs.writeDash "add_remind" '' + echo "$_from" >> /var/lib/reaktor2-mumble-reminder/users + sort /var/lib/reaktor2-mumble-reminder/users | uniq > /var/lib/reaktor2-mumble-reminder/users.tmp + mv /var/lib/reaktor2-mumble-reminder/users.tmp /var/lib/reaktor2-mumble-reminder/users + echo "Ich werde $_from in zukunft an das meetup errinern" + ''; + }; + } + { + pattern = "^nerv nicht$"; + activate = "match"; + command = { + filename = pkgs.writeDash "add_remind" '' + ${pkgs.gnused}/bin/sed -i "/$_from/d" /var/lib/reaktor2-mumble-reminder/users + echo "okok, Ich werde $_from nich mehr errinern" + ''; + }; + } + ]; + }; + }; + +in { + krebs.reaktor2.mumble-reminder = { + hostname = "irc.hackint.org"; + nick = "lassulus__"; + API.listen = "unix:/var/lib/reaktor2-mumble-reminder/reaktor_hackint.sock"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#krebs" + "#nixos" + ]; + }; + } + systemPlugin + ]; + port = "6697"; + }; + systemd.services.mumble-reminder-nixos = { + description = "weekly reminder for nixos mumble"; + startAt = "Thu *-*-* 19:00:00 Europe/Berlin"; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "mumble_reminder" '' + animals=' + ${animals} + ' + ${write_to_irc "#nixos"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!" + ${write_to_irc "#nixos"} "kommt auf mumble://lassul.us" + ''; + }; + }; + systemd.services.mumble-reminder-krebs = { + description = "weekly reminder for nixos mumble"; + startAt = "Thu *-*-* 19:00:00 Europe/Berlin"; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "mumble_reminder" '' + animals=' + ${animals} + ' + ${write_to_irc "#krebs"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!" + ${write_to_irc "#krebs"} "$(cat /var/lib/reaktor2-mumble-reminder/users | ${pkgs.findutils}/bin/xargs echo) : mumble?" + ''; + }; + }; +} diff --git a/lass/2configs/radio/default.nix b/lass/2configs/radio/default.nix index 2f503eae9..dfb3d7e0b 100644 --- a/lass/2configs/radio/default.nix +++ b/lass/2configs/radio/default.nix @@ -1,85 +1,54 @@ -{ config, pkgs, ... }: -with pkgs.stockholm.lib; +{ config, pkgs, lib, ... }: let name = "radio"; music_dir = "/home/radio/music"; - add_random = pkgs.writeDashBin "add_random" '' - ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" \ - | grep -Ev '/other/|/.graveyard/' \ - | grep '\.ogg$' \ - | shuf -n1 \ - | sed 's,${music_dir}/,,' \ - )" - ''; - - get_current_track_position = pkgs.writeDash "get_current_track_position" '' - ${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }' - ''; - - skip_track = pkgs.writeBashBin "skip_track" '' + skip_track = pkgs.writers.writeBashBin "skip_track" '' set -eu - ${add_random}/bin/add_random - music_dir=${escapeShellArg music_dir} - current_track=$(${pkgs.mpc_cli}/bin/mpc current -f %file%) - track_infos=$(${print_current}/bin/print_current) - skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$music_dir"/"$current_track" || echo 0) - if [[ "$current_track" =~ ^the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then - skip_count=$((skip_count+1)) - ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$music_dir"/"$current_track" - echo skipping: "$track_infos" skip_count: "$skip_count" - else - mkdir -p "$music_dir"/the_playlist/.graveyard/ - mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/.graveyard/ - echo killing: "$track_infos" - fi - ${pkgs.mpc_cli}/bin/mpc -q next + # TODO come up with new rating, without moving files + # current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename) + # track_infos=$(${print_current}/bin/print_current) + # skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$current_track" || echo 0) + # if [[ "$current_track" =~ .*/the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then + # skip_count=$((skip_count+1)) + # ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$current_track" + # echo skipping: "$track_infos" skip_count: "$skip_count" + # else + # mkdir -p "$music_dir"/the_playlist/.graveyard/ + # mv "$current_track" "$music_dir"/the_playlist/.graveyard/ + # echo killing: "$track_infos" + # fi + ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/skip | + ${pkgs.jq}/bin/jq -r '.filename' ''; good_track = pkgs.writeBashBin "good_track" '' set -eu - music_dir=${escapeShellArg music_dir} - current_track=$(${pkgs.mpc_cli}/bin/mpc current -f %file%) + current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename) track_infos=$(${print_current}/bin/print_current) - if [[ "$current_track" =~ ^the_playlist/music/.* ]]; then - ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$music_dir"/"$current_track" - else - mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/music/ || : - fi + # TODO come up with new rating, without moving files + # if [[ "$current_track" =~ .*/the_playlist/music/.* ]]; then + # ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$current_track" + # else + # mv "$current_track" "$music_dir"/the_playlist/music/ || : + # fi echo good: "$track_infos" ''; - track_youtube_link = pkgs.writeDash "track_youtube_link" '' - ${pkgs.mpc_cli}/bin/mpc current -f %file% \ - | ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://www.youtube.com/watch?v=\1@' - ''; - print_current = pkgs.writeDashBin "print_current" '' - echo "$(${pkgs.mpc_cli}/bin/mpc current -f %file%) \ - $(${track_youtube_link})" - ''; - - print_current_json = pkgs.writeDashBin "print_current_json" '' - ${pkgs.jq}/bin/jq -n -c \ - --arg name "$(${pkgs.mpc_cli}/bin/mpc current)" \ - --arg artist "$(${pkgs.mpc_cli}/bin/mpc current -f %artist%)" \ - --arg title "$(${pkgs.mpc_cli}/bin/mpc current -f %title%)" \ - --arg filename "$(${pkgs.mpc_cli}/bin/mpc current -f %file%)" \ - --arg position "$(${get_current_track_position})" \ - --arg length "$(${pkgs.mpc_cli}/bin/mpc current -f %time%)" \ - --arg youtube "$(${track_youtube_link})" '{ - name: $name, - artist: $artist, - title: $title, - filename: $filename, - position: $position, - length: $length, - youtube: $youtube - }' + file=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | + ${pkgs.jq}/bin/jq -r '.filename' | + ${pkgs.gnused}/bin/sed 's,^${music_dir},,' + ) + link=$(${pkgs.curl}/bin/curl http://localhost:8002/current | + ${pkgs.jq}/bin/jq -r '.filename' | + ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://youtu.be/\1@' + ) + echo "$file": "$link" ''; set_irc_topic = pkgs.writeDash "set_irc_topic" '' @@ -113,15 +82,14 @@ in { users.users = { "${name}" = rec { inherit name; - createHome = mkForce false; + createHome = lib.mkForce false; group = name; - uid = genid_uint31 name; + uid = pkgs.stockholm.lib.genid_uint31 name; description = "radio manager"; home = "/home/${name}"; useDefaultShell = true; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey - lass-mors.pubkey ]; }; }; @@ -131,50 +99,35 @@ in { }; krebs.per-user.${name}.packages = with pkgs; [ - add_random good_track skip_track print_current - print_current_json - ncmpcpp - mpc_cli ]; - services.mpd = { - enable = true; - user = "radio"; - musicDirectory = "${music_dir}"; - dataDir = "/home/radio/state"; # TODO create this somwhere - extraConfig = '' - log_level "default" - auto_update "yes" - volume_normalization "yes" - - audio_output { - type "httpd" - name "raw radio" - encoder "wave" - port "7900" - format "44100:16:2" - always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. - tags "yes" # httpd supports sending tags to listening streams. - } - ''; + services.liquidsoap.streams.radio = ./radio.liq; + systemd.services.radio = { + environment = { + RADIO_PORT = "8002"; + HOOK_TRACK_CHANGE = pkgs.writers.writeDash "on_change" '' + set -xefu + LIMIT=1000 #how many tracks to keep in the history + HISTORY_FILE=/var/lib/radio/recent + + listeners=$(${pkgs.curl}/bin/curl -fSs lassul.us:8000/status-json.xsl | + ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0) + echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE" + echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" + ${set_irc_topic} "playing: $filename listeners: $listeners" + ''; + MUSIC = "${music_dir}/the_playlist"; + ICECAST_HOST = "localhost"; + }; + path = [ + pkgs.yt-dlp + ]; + serviceConfig.User = lib.mkForce "radio"; }; - services.liquidsoap.streams.radio-news = pkgs.writeText "radio-news.liq" '' - source = mksafe(input.http("http://localhost:7900/raw.wave")) - - output.icecast(mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), source) - output.icecast(mount = '/music.mp3', password = 'hackme', %mp3.vbr(), source) - output.icecast(mount = '/music.opus', password = 'hackme', %opus(bitrate = 96), source) - - extra_input = amplify(1.4, audio_to_stereo(input.harbor("live", port=1338))) - o = smooth_add(normal = source, special = extra_input) - output.icecast(mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), o) - output.icecast(mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), o) - output.icecast(mount = '/radio.opus', password = 'hackme', %opus(bitrate = 96), o) - ''; services.icecast = { enable = true; hostname = "radio.lassul.us"; @@ -195,73 +148,8 @@ in { }; }; - systemd.timers.radio = { - description = "radio autoadder timer"; - wantedBy = [ "timers.target" ]; - - timerConfig = { - OnCalendar = "*:0/1"; - }; - }; - - systemd.services.radio = let - autoAdd = pkgs.writeDash "autoAdd" '' - LIMIT=$1 #in seconds - - timeLeft () { - playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') - currentTime=$(${get_current_track_position}) - expr ''${playlistDuration:-0} - ''${currentTime:-0} - } - - if test $(timeLeft) -le $LIMIT; then - ${add_random}/bin/add_random - fi - ${pkgs.mpc_cli}/bin/mpc play > /dev/null - ''; - in { - description = "radio playlist autoadder"; - after = [ "network.target" ]; - - restartIfChanged = true; - - serviceConfig = { - ExecStart = "${autoAdd} 150"; - }; - }; - - systemd.services.radio-recent = let - recentlyPlayed = pkgs.writeDash "recentlyPlayed" '' - set -xefu - LIMIT=1000 #how many tracks to keep in the history - HISTORY_FILE=/var/lib/radio/recent - while :; do - ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null - ${pkgs.mpc_cli}/bin/mpc current -f %file% - done | while read track; do - - listeners=$(${pkgs.curl}/bin/curl lassul.us:8000/status-json.xsl | - ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add') - echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" - echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" - ${set_irc_topic} "playing: $track listeners: $listeners" - done - ''; - in { - description = "radio recently played"; - after = [ "mpd.service" "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - restartIfChanged = true; - - serviceConfig = { - ExecStart = recentlyPlayed; - User = "radio"; - }; - }; - # allow reaktor2 to modify files - systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = mkForce false; + systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = lib.mkForce false; krebs.reaktor2.the_playlist = { hostname = "irc.hackint.org"; @@ -300,6 +188,12 @@ in { like.filename = "${good_track}/bin/good_track"; current.filename = "${print_current}/bin/print_current"; + wish.filename = pkgs.writeDash "wish" '' + echo "youtube-dl:$1" | ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish -d @- > /dev/null + ''; + wishlist.filename = pkgs.writeDash "wishlist" '' + ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish | ${pkgs.jq}/bin/jq -r '.[]' + ''; suggest.filename = pkgs.writeDash "suggest" '' echo "$@" >> playlist_suggest ''; @@ -316,15 +210,8 @@ in { user = { name = "radio"; }; - script = ''. ${pkgs.writeDash "radio" '' + scriptFile = pkgs.writeDash "radio" '' case "$Method $Request_URI" in - "GET /current") - printf 'HTTP/1.1 200 OK\r\n' - printf 'Connection: close\r\n' - printf '\r\n' - ${print_current_json}/bin/print_current_json - exit - ;; "POST /skip") printf 'HTTP/1.1 200 OK\r\n' printf 'Connection: close\r\n' @@ -344,7 +231,7 @@ in { exit ;; esac - ''}''; + ''; }; services.nginx = { @@ -365,7 +252,7 @@ in { alias /var/lib/radio/recent; ''; locations."= /current".extraConfig = '' - proxy_pass http://localhost:8001; + proxy_pass http://localhost:8002; ''; locations."= /skip".extraConfig = '' proxy_pass http://localhost:8001; @@ -375,10 +262,11 @@ in { ''; locations."= /radio.sh".alias = pkgs.writeScript "radio.sh" '' #!/bin/sh + trap 'exit 0' EXIT while sleep 1; do mpv \ --cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \ - 'http://lassul.us:8000/radio.opus' + 'http://lassul.us:8000/radio.ogg' done ''; locations."= /controls".extraConfig = '' diff --git a/lass/2configs/radio/news.nix b/lass/2configs/radio/news.nix index e5b5405ff..0dc711e6c 100644 --- a/lass/2configs/radio/news.nix +++ b/lass/2configs/radio/news.nix @@ -3,7 +3,8 @@ let send_to_radio = pkgs.writers.writeDashBin "send_to_radio" '' ${pkgs.vorbis-tools}/bin/oggenc - | - ${pkgs.libshout}/bin/shout --format ogg --host localhost --port 1338 --mount /live + ${pkgs.cyberlocker-tools}/bin/cput news.ogg + ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/newsshow ''; gc_news = pkgs.writers.writeDashBin "gc_news" '' diff --git a/lass/2configs/radio/radio.liq b/lass/2configs/radio/radio.liq new file mode 100644 index 000000000..70d316043 --- /dev/null +++ b/lass/2configs/radio/radio.liq @@ -0,0 +1,112 @@ +log.stdout.set(true) + +# use yt-dlp +settings.protocol.youtube_dl.path.set("yt-dlp") + +## functions + +def stringify_attrs(attrs) = + let json.stringify out = (attrs : [(string * string)] as json.object) + out +end + +def filter_graveyard(req) = + filename = request.filename(req) + if string.match(pattern = '.*/\\.graveyard/.*', filename) then + false + else + true + end +end + +def queue_contents(q) = + list.map(fun (req) -> request.uri(req), q) +end +## main + +env = environment() +port = string.to_int(env["RADIO_PORT"], default = 8000) + +all_music = playlist(env["MUSIC"], check_next = filter_graveyard) +wishlist = request.queue() +tracks = fallback(track_sensitive = true, [wishlist, all_music]) +tracks = blank.eat(tracks) + +last_metadata = ref([]) +def on_metadata(m) = + last_metadata := m + print("changing tracks") + out = process.read(env["HOOK_TRACK_CHANGE"], env = m) + print(out) +end +tracks.on_metadata(on_metadata) + +# some nice effects +music = crossfade(tracks) +music = mksafe(music) +music = normalize(music) + +news = request.queue() +radio = smooth_add(normal = music, special = amplify(1.5, news)) + +if string.length(env["ICECAST_HOST"]) > 0 then + output.icecast(host = env["ICECAST_HOST"], mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), music) + output.icecast(host = env["ICECAST_HOST"], mount = '/music.mp3', password = 'hackme', %mp3.vbr(), music) + output.icecast(host = env["ICECAST_HOST"], mount = '/music.opus', password = 'hackme', %opus(bitrate = 128), music) + + output.icecast(host = env["ICECAST_HOST"], mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), radio) + output.icecast(host = env["ICECAST_HOST"], mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), radio) + output.icecast(host = env["ICECAST_HOST"], mount = '/radio.opus', password = 'hackme', %opus(bitrate = 128), radio) +else + output(fallible = true, buffer(radio)) +end + +interactive.harbor(port = port) + +def current(~protocol, ~headers, ~data, uri) = + http.response(content_type = "application/json", data = stringify_attrs( + !last_metadata + )) +end +harbor.http.register("/current", port = port, current) + +def skip(~protocol, ~headers, ~data, uri) = + tracks.skip() + http.response(content_type = "application/json", data = stringify_attrs( + !last_metadata + )) +end +harbor.http.register("/skip", method = "POST", port = port, skip) + +def all_tracks(~protocol, ~headers, ~data, uri) = + http.response(content_type = "application/json", data = json.stringify( + all_music.remaining_files() + )) +end +harbor.http.register("/all_tracks", port = port, all_tracks) + +def wish_track(~protocol, ~headers, ~data, uri) = + # disallow process: + if string.match(pattern = '^process:', data) then + http.response(code = 400) + else + # TODO report errors back + wish = request.create(data) + wishlist.push(wish) + http.response(content_type = "application/json", data = "ok") + end +end +harbor.http.register("/wish", method = "POST", port = port, wish_track) + +def wish_tracklist(~protocol, ~headers, ~data, uri) = + http.response(content_type = "application/json", data = json.stringify( + queue_contents(wishlist.queue()) + )) +end +harbor.http.register("/wish", port = port, wish_tracklist) + +def newsshow(~protocol, ~headers, ~data, uri) = + news.push(request.create("http://c.r/news.ogg")) + http.response(content_type = "application/json", data = "ok") +end +harbor.http.register("/newsshow", method = "POST", port = port, newsshow) diff --git a/lass/2configs/radio/shell.nix b/lass/2configs/radio/shell.nix new file mode 100644 index 000000000..9d00e3b06 --- /dev/null +++ b/lass/2configs/radio/shell.nix @@ -0,0 +1,7 @@ +{ pkgs ? import <nixpkgs> {} }: +pkgs.mkShell { + buildInputs = [ + pkgs.liquidsoap + pkgs.yt-dlp + ]; +} diff --git a/lass/2configs/radio/weather.nix b/lass/2configs/radio/weather.nix index 3beac6693..704bf7218 100644 --- a/lass/2configs/radio/weather.nix +++ b/lass/2configs/radio/weather.nix @@ -6,7 +6,7 @@ let } ./weather_for_ips.py; weather_report = pkgs.writers.writeDashBin "weather_report" '' - set -efu + set -efux export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.curl @@ -14,7 +14,7 @@ let pkgs.jc pkgs.jq ]}" - curl -z /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb + curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY ss -no 'sport = :8000' | @@ -42,7 +42,7 @@ in { --arg to "$(date -u +'%FT%TZ' -d '+1 hours')" \ --slurp --raw-input --compact-output --ascii-output \ '{text: ., from: $from, to: $to, priority: 100}' | - retry -t 5 -d 10 -- curl -v -d@- http://radio-news.r + retry -t 5 -d 10 -- curl -fSs -d@- http://radio-news.r ''; startAt = "*:58:00"; serviceConfig = { diff --git a/lass/2configs/radio/weather_for_ips.py b/lass/2configs/radio/weather_for_ips.py index 587cc1f28..1f8489bd1 100644 --- a/lass/2configs/radio/weather_for_ips.py +++ b/lass/2configs/radio/weather_for_ips.py @@ -24,9 +24,10 @@ for ip in fileinput.input(): weather = json.loads(resp.text) output.append( f'Weather report for {location.city.name}, {location.country.name}. ' - f'Currently it is {weather["current"]["weather"][0]["description"]} outside ' + f'It is {weather["current"]["weather"][0]["description"]} outside ' f'with a temperature of {weather["current"]["temp"]:.1f} degrees, ' - f'and a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second. ' + f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second ' + f'and a humidity of {weather["current"]["humidity"]} percent. ' f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. ' ) diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index b8c9d4f8d..746bc069d 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -27,6 +27,15 @@ LocalDiscovery = no ''} ''; + tincUp = lib.mkIf config.systemd.network.enable ""; + }; + + systemd.network.networks.retiolum = { + matchConfig.Name = "retiolum"; + address = [ + "${config.krebs.build.host.nets.retiolum.ip4.addr}/16" + "${config.krebs.build.host.nets.retiolum.ip6.addr}/16" + ]; }; nixpkgs.config.packageOverrides = pkgs: { diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 22b1669b0..bffa1036b 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -174,7 +174,6 @@ rec { services.phpfpm.pools."${domain}" = { user = "nginx"; group = "nginx"; - phpPackage = pkgs.php74; extraConfig = '' listen = /srv/http/${domain}/phpfpm.pool pm = dynamic @@ -228,7 +227,6 @@ rec { services.phpfpm.pools."${domain}" = { user = "nginx"; group = "nginx"; - phpPackage = pkgs.php74; extraConfig = '' listen = /srv/http/${domain}/phpfpm.pool pm = dynamic diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix index 54257d2c4..ba6358ab7 100644 --- a/lass/2configs/wiregrill.nix +++ b/lass/2configs/wiregrill.nix @@ -23,6 +23,13 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { { precedence = 1000; predicate = "-i wiregrill -o eth0"; target = "ACCEPT"; } { precedence = 1000; predicate = "-o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } ]; + systemd.network.networks.wiregrill = { + matchConfig.Name = "wiregrill"; + address = + (optional (!isNull self.ip4) "${self.ip4.addr}/16") ++ + (optional (!isNull self.ip6) "${self.ip6.addr}/48") + ; + }; networking.wireguard.interfaces.wiregrill = { ips = diff --git a/lass/5pkgs/install-system/default.nix b/lass/5pkgs/install-system/default.nix new file mode 100644 index 000000000..9a392e669 --- /dev/null +++ b/lass/5pkgs/install-system/default.nix @@ -0,0 +1,26 @@ +{ pkgs }: +pkgs.writers.writeDashBin "install-system" '' + set -efux + SYSTEM=$1 + TARGET=$2 + # format + if ! (sshn "$TARGET" -- mountpoint /mnt); then + nix run github:numtide/nixos-remote -- --stop-after-disko --store-paths "$(nix-build --no-out-link -I stockholm="$HOME"/sync/stockholm -I nixos-config="$HOME"/sync/stockholm/lass/1systems/"$SYSTEM"/physical.nix '<nixpkgs/nixos>' -A config.system.build.diskoNoDeps)" /dev/null "$TARGET" + fi + + # install dependencies + sshn "$TARGET" << SSH + nix-channel --update + nix-env -iA nixos.git + SSH + + # populate + $(nix-build --no-out-link "$HOME"/sync/stockholm/lass/krops.nix -A populate --argstr name "$SYSTEM" --argstr target "$TARGET"/mnt/var/src --arg force true) + + # install + sshn "$TARGET" << SSH + ln -s /mnt/var/src /var/src + NIXOS_CONFIG=/var/src/nixos-config nixos-install --no-root-password -I /var/src + zpool export -fa + SSH +'' diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix index d999a4334..27e59bb96 100644 --- a/lass/5pkgs/l-gen-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -1,57 +1,82 @@ { pkgs }: -pkgs.writeDashBin "l-gen-secrets" '' - HOSTNAME="$1" +pkgs.writers.writeDashBin "l-gen-secrets" '' + set -efu + HOSTNAME=$1 TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + if [ "''${DRYRUN-n}" = "n" ]; then + trap 'rm -rf $TMPDIR' EXIT + else + echo "$TMPDIR" + set -x + fi + mkdir -p $TMPDIR/out + PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null + # ssh ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null - ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null - ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null - ${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/wiregrill.key - ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub - cat <<EOF > $TMPDIR/hashedPasswords.nix + ${pkgs.coreutils}/bin/mv $TMPDIR/ssh.id_ed25519 $TMPDIR/out/ + + # tor + ${pkgs.coreutils}/bin/timeout 1 ${pkgs.tor}/bin/tor --HiddenServiceDir $TMPDIR/tor --HiddenServicePort 1 --SocksPort 0 >/dev/null || : + ${pkgs.coreutils}/bin/mv $TMPDIR/tor/hs_ed25519_secret_key $TMPDIR/out/ssh-tor.priv + + # tinc + ${pkgs.coreutils}/bin/mkdir -p $TMPDIR/tinc + ${pkgs.tinc_pre}/bin/tinc --config $TMPDIR/tinc generate-keys 4096 </dev/null + ${pkgs.coreutils}/bin/mv $TMPDIR/tinc/ed25519_key.priv $TMPDIR/out/retiolum.ed25519_key.priv + ${pkgs.coreutils}/bin/mv $TMPDIR/tinc/rsa_key.priv $TMPDIR/out/retiolum.rsa_key.priv + + # wireguard + ${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/out/wiregrill.key + ${pkgs.coreutils}/bin/cat $TMPDIR/out/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub + + # system passwords + cat <<EOF > $TMPDIR/out/hashedPasswords.nix { root = "$HASHED_PASSWORD"; mainUser = "$HASHED_PASSWORD"; } EOF - cd $TMPDIR - for x in *; do - ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null - done - echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null + set +f + if [ "''${DRYRUN-n}" = "n" ]; then + cd $TMPDIR/out + for x in *; do + ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null + done + echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null + ${pkgs.coreutils}/bin/cat $TMPDIR/tor/hostname | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/torname > /dev/null + fi + set -f cat <<EOF - $HOSTNAME = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.changeme"; - ip6.addr = r6 "changeme"; - aliases = [ - "$HOSTNAME.r" - ]; - tinc.pubkey = ${"''"} - $(cat $TMPDIR/retiolum.rsa_key.pub) - ${"''"}; - }; - wiregrill = { - ip6.addr = w6 "changeme"; - aliases = [ - "$HOSTNAME.w" - ]; - wireguard.pubkey = ${"''"} - $(cat $TMPDIR/wiregrill.pub) - ${"''"}; - }; + { r6, w6, ... }: + { + nets = { + retiolum = { + ip4.addr = "10.243.0.changeme"; + ip6.addr = r6 "changeme"; + aliases = [ + "$HOSTNAME.r" + ]; + tinc.pubkey = ${"''"} + $(cat $TMPDIR/tinc/rsa_key.pub | sed 's/^/ /') + ${"''"}; + tinc.pubkey_ed25519 = "$(cat $TMPDIR/tinc/ed25519_key.pub | ${pkgs.gnused}/bin/sed 's/.* = //')"; + }; + wiregrill = { + ip6.addr = w6 "changeme"; + aliases = [ + "$HOSTNAME.w" + ]; + wireguard.pubkey = ${"''"} + $(cat $TMPDIR/wiregrill.pub) + ${"''"}; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; }; + ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; + } EOF - - rm -rf $TMPDIR '' - diff --git a/lib/default.nix b/lib/default.nix index 7c3b0370e..280f04299 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -39,6 +39,8 @@ let ne = x: y: x != y; mod = x: y: x - y * (x / y); + on = b: u: x: y: b (u x) (u y); + genid = lib.genid_uint32; # TODO remove genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2; genid_uint32 = import ./genid.nix { inherit lib; }; @@ -95,9 +97,12 @@ let path = dirPath + "/${relPath}"; in nameValuePair (toPackageName name) (f path)) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir dirPath)))); + (attrNames + (filterAttrs isNixDirEntry (readDir dirPath)))); + + isNixDirEntry = name: type: + (type == "regular" && hasSuffix ".nix" name && name != "default.nix") || + (type == "directory" && !hasPrefix "." name); # https://tools.ietf.org/html/rfc5952 normalize-ip6-addr = @@ -182,6 +187,30 @@ let in filter (x: x != []) ([acc.chunk] ++ acc.chunks); + # Filter adjacent duplicate elements. + uniq = uniqBy eq; + + # Filter adjacent duplicate elements determined via the given function. + uniqBy = cmp: let + f = a: s: + if length s == 0 then + [] + else let + b = head s; + in + if cmp a b then + f b (tail s) + else + [b] ++ f b (tail s); + in + s: + if length s == 0 then + [] + else let + b = head s; + in + [b] ++ f b (tail s); + warnOldVersion = oldName: newName: if compareVersions oldName newName != -1 then trace "Upstream `${oldName}' gets overridden by `${newName}'." newName @@ -191,3 +220,4 @@ let in lib +// { inherit lib; } diff --git a/lib/haskell.nix b/lib/haskell.nix index 4f0ee05ab..f87cfa761 100644 --- a/lib/haskell.nix +++ b/lib/haskell.nix @@ -39,7 +39,12 @@ rec { in if parse == null then (pkgs.writeText name s).overrideAttrs (old: { - dependencies = old.dependencies or [] ++ dependencies; + dependencies = + lib.uniq + (lib.sort (lib.on lib.lessThan (lib.getAttr "name")) + (filter + (lib.ne null) + (old.dependencies or [] ++ dependencies))); }) else diff --git a/lib/types.nix b/lib/types.nix index 0e0e093fb..9f278c650 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -18,9 +18,6 @@ rec { type = label; default = config._module.args.name; }; - cores = mkOption { - type = uint; - }; nets = mkOption { type = attrsOf net; default = {}; @@ -136,7 +133,7 @@ rec { default = null; }; ip4 = mkOption { - type = nullOr (submodule { + type = nullOr (submodule (ip4: { options = { addr = mkOption { type = addr4; @@ -146,13 +143,15 @@ rec { } // { retiolum.default = "10.243.0.0/16"; wiregrill.default = "10.244.0.0/16"; - }.${config._module.args.name} or {}); + }.${config._module.args.name} or { + default = "${ip4.config.addr}/32"; + }); }; - }); + })); default = null; }; ip6 = mkOption { - type = nullOr (submodule { + type = nullOr (submodule (ip6: { options = { addr = mkOption { type = addr6; @@ -163,9 +162,11 @@ rec { } // { retiolum.default = "42:0::/32"; wiregrill.default = "42:1::/32"; - }.${config._module.args.name} or {}); + }.${config._module.args.name} or { + default = "${ip6.config.addr}/128"; + }); }; - }); + })); default = null; }; ssh = mkOption { diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index d49ad158b..31da31a71 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -43,16 +43,13 @@ in { services.logrotate = { enable = true; - config = '' - ${bgtaccess} ${bgterror} { - rotate 5 - weekly - create 600 nginx nginx - postrotate - ${pkgs.systemd}/bin/systemctl reload nginx - endscript - } - ''; + settings.bgt = { + files = [ bgtaccess bgterror ]; + rotate = 5; + frequency = "weekly"; + create = "600 nginx nginx"; + postrotate = "${pkgs.systemd}/bin/systemctl reload nginx"; + }; }; # 20.09 unharden nginx to write logs diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 66c77e1eb..9a08a4497 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -11,7 +11,7 @@ with import <stockholm/lib>; ./editor/vim.nix ./binary-cache/nixos.nix ./minimal.nix - ./security/hotfix.nix + # ./security/hotfix.nix ]; # users are super important diff --git a/makefu/2configs/gui/look-up.nix b/makefu/2configs/gui/look-up.nix new file mode 100644 index 000000000..e04098cc2 --- /dev/null +++ b/makefu/2configs/gui/look-up.nix @@ -0,0 +1,18 @@ +{pkgs, config, ... }: +let + user = config.krebs.build.user.name; + window-manager = "awesome"; +in + { + systemd.services.look-up = { + startAt = "*:30"; + serviceConfig = { + ExecStart= pkgs.writeDash "look-up" '' + set -x + eval "export '$(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)'" + ${pkgs.libnotify}/bin/notify-send -u critical -t 9999999 'look up once in a while' + ''; + User = user; + }; + }; +} diff --git a/makefu/2configs/home/3dprint.nix b/makefu/2configs/home/3dprint.nix index 859a18840..09f2ce6fd 100644 --- a/makefu/2configs/home/3dprint.nix +++ b/makefu/2configs/home/3dprint.nix @@ -9,7 +9,7 @@ # also ensure that the webcam always comes up under the same name services.udev.extraRules = '' SUBSYSTEM=="vchiq",GROUP="video",MODE="0660" - SUBSYSTEM=="video4linux", ATTR{name}=="UVC Camera (046d:0825)",SYMLINK+="web_cam", MODE="0666", GROUP="video" + KERNEL=="video*",ATTRS{vendor}=="0x046d", ATTRS{device}=="0x0825", GROUP="video", SYMLINK+="web_cam" ''; systemd.services.octoprint = { path = [ pkgs.libraspberrypi ]; diff --git a/makefu/2configs/home/ham/automation/fenster_auf.nix b/makefu/2configs/home/ham/automation/fenster_auf.nix index b3682fe0c..698327ff4 100644 --- a/makefu/2configs/home/ham/automation/fenster_auf.nix +++ b/makefu/2configs/home/ham/automation/fenster_auf.nix @@ -88,7 +88,7 @@ in { duschfenster_lang_offen.name = "Duschfenster lange offen"; ist_sommer = { name = "Es ist Sommer"; - initial = true; # TODO + initial = false; # TODO }; }; diff --git a/makefu/2configs/home/ham/automation/find_phone.nix b/makefu/2configs/home/ham/automation/find_phone.nix new file mode 100644 index 000000000..d94942c9f --- /dev/null +++ b/makefu/2configs/home/ham/automation/find_phone.nix @@ -0,0 +1,32 @@ +{ + services.home-assistant.config.script = { + find_felix_phone.sequence = [ + { + service = "notify.mobile_app_pixel_3a"; + data = { + title= "Finde Mich!"; + message= "Such Such Such"; + data = { + ttl = 0; + priority = "high"; + channel = "alarm_stream"; + }; + }; + } + ]; + find_tablet.sequence = [ + { + service = "notify.mobile_app_nova3"; + data = { + title = "Finde Mich!"; + message = "Such Such Such"; + data = { + ttl = 0; + priority = "high"; + channel = "alarm_stream"; + }; + }; + } + ]; + }; +} diff --git a/makefu/2configs/home/ham/automation/shutdown_button.nix b/makefu/2configs/home/ham/automation/shutdown_button.nix index ec1a25567..ec84bbe94 100644 --- a/makefu/2configs/home/ham/automation/shutdown_button.nix +++ b/makefu/2configs/home/ham/automation/shutdown_button.nix @@ -47,6 +47,9 @@ in { { service = "media_player.media_stop"; target.entity_id = all_media_player; } + { service = "script.turn_on"; + target.entity_id = "script.alle_heizungen_aus"; + } ]; } ]; diff --git a/makefu/2configs/home/ham/automation/urlaub.nix b/makefu/2configs/home/ham/automation/urlaub.nix index 7f47c9da5..019e65d25 100644 --- a/makefu/2configs/home/ham/automation/urlaub.nix +++ b/makefu/2configs/home/ham/automation/urlaub.nix @@ -11,18 +11,6 @@ let weihnachtslicht = "light.wohnzimmer_fenster_lichterkette_licht"; fernsehlicht = "light.wled"; - all_lights = [ - schranklicht weihnachtslicht fernsehlicht - # extra lights to also turn off - # wohnzimmer - "light.wohnzimmer_komode_osram" - "light.wohnzimmer_stehlampe_osram" - # arbeitszimmer - "light.wled_4" - "light.arbeitszimmer_schrank_dimmer" - "light.arbeitszimmer_pflanzenlicht" - ]; - final_off = "00:37"; turn_on = entity_id: offset: diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index b08152935..ca5fcd17c 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -18,6 +18,7 @@ in { # ./multi/flurlicht.nix ./multi/kurzzeitwecker.nix ./multi/the_playlist.nix + ./multi/heizung.nix # ./multi/fliegen-couter.nix ./device_tracker/openwrt.nix @@ -43,9 +44,10 @@ in { ./automation/wohnzimmer_rf_fernbedienung.nix # ./automation/ladestecker_timer.nix ./automation/flurlicht.nix - ./automation/giesskanne.nix - ./automation/pflanzen_giessen_erinnerung.nix - # ./automation/urlaub.nix + # ./automation/giesskanne.nix + # ./automation/pflanzen_giessen_erinnerung.nix + ./automation/find_phone.nix + ./automation/urlaub.nix ./automation/moodlight.nix ./automation/shutdown_button.nix ./automation/project_tracker.nix @@ -192,5 +194,10 @@ in { configDir = hassdir; }; + krebs.secret.files."hass-secrets" = { + source-path = toString <secrets> + "/hass/secrets.yaml"; + path = "/var/lib/hass/secrets.yaml"; + owner.name = "hass"; + }; state = [ "/var/lib/hass/known_devices.yaml" ]; } diff --git a/makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix b/makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix index 26fec370f..11d13886e 100644 --- a/makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix +++ b/makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix @@ -63,6 +63,12 @@ in (remote_action "b9" [ { service = "rest_command.good_song"; } ]) (remote_action "b10" [ { service = "rest_command.bad_song"; } ]) + (remote_action "b11" [ + { + service = "script.turn_on"; + target.entity_id = "script.find_felix_phone"; + } + ]) (remote_action "3" ((say "Starte Lass") ++ [ diff --git a/makefu/2configs/home/ham/multi/heizung.nix b/makefu/2configs/home/ham/multi/heizung.nix new file mode 100644 index 000000000..73f90dfe0 --- /dev/null +++ b/makefu/2configs/home/ham/multi/heizung.nix @@ -0,0 +1,11 @@ +{ + services.home-assistant.config = + { + # 18 Grad + script.alle_heizungen_aus.sequence = [{ + service = "climate.set_temperature"; + target.entity_id = [ "climate.wohnzimmer_heizung" ]; + data.temperature = "18.0"; + }]; + }; +} diff --git a/makefu/2configs/home/ham/sensor/dwd.nix b/makefu/2configs/home/ham/sensor/dwd.nix index c1d55d03c..623f099a3 100644 --- a/makefu/2configs/home/ham/sensor/dwd.nix +++ b/makefu/2configs/home/ham/sensor/dwd.nix @@ -4,5 +4,7 @@ { platform = "dwd_weather_warnings"; region_name = "Stadt Stuttgart"; } + { platform = "nina"; + } ]; } diff --git a/makefu/2configs/home/ham/sensor/outside.nix b/makefu/2configs/home/ham/sensor/outside.nix index 332746be8..d05e8a1f6 100644 --- a/makefu/2configs/home/ham/sensor/outside.nix +++ b/makefu/2configs/home/ham/sensor/outside.nix @@ -4,8 +4,7 @@ services.home-assistant.config.sensor = [ { platform = "darksky"; - api_key = lib.removeSuffix "\n" - (builtins.readFile <secrets/hass/darksky.apikey>); + api_key = "!secret darksky"; language = "de"; monitored_conditions = [ "summary" "icon" @@ -21,5 +20,11 @@ units = "si" ; scan_interval = "00:30:00"; } + { + platform = "open_meteo"; + } + { + platform = "met"; + } ]; } diff --git a/makefu/2configs/home/music.nix b/makefu/2configs/home/music.nix index 205b47fec..f3b9f50f1 100644 --- a/makefu/2configs/home/music.nix +++ b/makefu/2configs/home/music.nix @@ -9,7 +9,8 @@ in MusicFolder = "/media/cryptX/music/kinder"; Address = "0.0.0.0"; }; - systemd.services.navidrome.after = [ "media-cryptX.mount" ]; + systemd.services.navidrome.after = [ "media-cryptX.mount" "cryptsetup.target" +"local-fs.target" "remote-fs.target" ]; state = [ "/var/lib/navidrome" ]; # networking.firewall.allowedTCPPorts = [ 4040 ]; @@ -27,4 +28,11 @@ in locations."/".proxyWebsockets = true; }; networking.firewall.allowedTCPPorts = [ port ]; + # also configure dlna + services.minidlna.enable = true; + services.minidlna.settings = { + inotify = "yes"; + friendly_name = "omo"; + media_dir = [ "A,/media/cryptX/music" ]; + }; } diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index cb78c823f..a7181cfe9 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -12,6 +12,7 @@ let in { imports = [ ./gui/base.nix + ./gui/look-up.nix ./fetchWallpaper.nix ./zsh-user.nix ./tools/core.nix @@ -72,15 +73,4 @@ in { location.latitude = 48.7; location.longitude = 9.1; - systemd.services.look-up = { - startAt = "*:30"; - serviceConfig = { - ExecStart= pkgs.writeDash "look-up" '' - set -x - eval "export '$(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)'" - ${pkgs.libnotify}/bin/notify-send -u critical -t 9999999 'look up once in a while' - ''; - User = user; - }; - }; } diff --git a/makefu/2configs/security/hotfix.nix b/makefu/2configs/security/hotfix.nix deleted file mode 100644 index fc52f21e6..000000000 --- a/makefu/2configs/security/hotfix.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, lib,... }: { - # https://github.com/berdav/CVE-2021-4034 - security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" ""); -} diff --git a/makefu/2configs/stats/telegraf/default.nix b/makefu/2configs/stats/telegraf/default.nix index 5a81e2749..941685695 100644 --- a/makefu/2configs/stats/telegraf/default.nix +++ b/makefu/2configs/stats/telegraf/default.nix @@ -17,13 +17,13 @@ in { # data_format = "influx"; #}]; - #mqtt = [{ - # servers = [ mqtt_server ]; - # topic_prefix = "/telegraf"; - # data_format = "json"; - # qos = 0; - # batch = false; - #}]; + mqtt = [{ + servers = [ mqtt_server ]; + topic_prefix = "/telegraf"; + data_format = "json"; + qos = 0; + batch = false; + }]; }; }; }; diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index 37673768a..3086a0bb2 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -1,6 +1,6 @@ { imports = [ - ./android-pentest.nix + # ./android-pentest.nix ./consoles.nix ./core-gui.nix ./core.nix diff --git a/makefu/2configs/tools/init-host/default.nix b/makefu/2configs/tools/init-host/default.nix index d1d3f7195..84f8e7730 100644 --- a/makefu/2configs/tools/init-host/default.nix +++ b/makefu/2configs/tools/init-host/default.nix @@ -23,7 +23,6 @@ pkgs.writeDashBin "generate-secrets" '' cat <<EOF $HOSTNAME = { - cores = 1; owner = config.krebs.users.makefu; nets = { retiolum = { diff --git a/makefu/5pkgs/airsensor-py/default.nix b/makefu/5pkgs/airsensor-py/default.nix index 4eae26c0d..86ea22d8d 100644 --- a/makefu/5pkgs/airsensor-py/default.nix +++ b/makefu/5pkgs/airsensor-py/default.nix @@ -2,7 +2,7 @@ with pkgs.python3Packages; buildPythonApplication rec { name = "airsensor-py-${version}"; - version = "2017-12-05"; + version = "1.0.0"; propagatedBuildInputs = [ pyusb click @@ -11,7 +11,7 @@ buildPythonApplication rec { src = fetchFromGitHub { owner = "makefu"; repo = "airsensor-py"; - rev = "7ac5f185dc848fca1b556e4c0396dd73f6a93995"; - sha256 = "0387b025y8kb0zml7916p70hmzc3y18kqh46b9xv5qayljxymq2w"; + rev = "1.0.0"; + sha256 = "1jpvvl965bg3ymvr58c433jyy0smczn65fnqsskxn7basznii5g8"; }; } diff --git a/makefu/5pkgs/pkgrename/default.nix b/makefu/5pkgs/pkgrename/default.nix index 5eeb161e7..1b5ecc486 100644 --- a/makefu/5pkgs/pkgrename/default.nix +++ b/makefu/5pkgs/pkgrename/default.nix @@ -2,19 +2,19 @@ }: stdenv.mkDerivation rec { name = "pkgrename"; - version = "1.03"; + version = "1.05"; src = fetchFromGitHub { owner = "hippie68"; repo = "pkgrename"; - rev = "c3e5c47ed9367273bd09577af46d3d9bf87b2a50"; - sha256 = "0cphxdpj04h1i0qf5mji3xqdsbyilvd5b4gwp4vx914r6k5f0xf3"; + rev = "c7c95f0ea49324433db4a7df8db8b0905198e62e"; + sha256 = "komFm9VRdH4DPxcnHzbm/sGVEWMbfcvFPLEFdbU/K5g="; }; buildInputs = [ curl.dev ]; buildPhase = '' cd pkgrename.c - gcc pkgrename.c src/*.c -o pkgrename -lcurl -s -O1 $(curl-config --cflags --libs) + $CC pkgrename.c src/*.c -o pkgrename -s -O3 $(curl-config --cflags --libs) -Wl,--allow-multiple-definition ''; installPhase = '' install -D pkgrename $out/bin/pkgrename diff --git a/makefu/5pkgs/ratt/default.nix b/makefu/5pkgs/ratt/default.nix index 0ad94c55e..575a33f2b 100644 --- a/makefu/5pkgs/ratt/default.nix +++ b/makefu/5pkgs/ratt/default.nix @@ -11,7 +11,7 @@ buildGoModule rec { }; proxyVendor = true; - vendorSha256 = "sha256-AOtWR7Ew+0I7+TrMZOCxOKGCv+mlvcqy9s+gX2JKwnE="; + vendorSha256 = "sha256-tCSwyusVstEkz2pXYGX5JmS+VgqErSPtnh4LomaaFcE="; # tests try to access the internet to scrape websites doCheck = false; diff --git a/makefu/krops.nix b/makefu/krops.nix index d907c8e36..94677609e 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -75,20 +75,20 @@ (lib.mkIf ( host-src.hw ) { nixos-hardware.git = { url = https://github.com/nixos/nixos-hardware.git; - ref = "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1"; + ref = "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b"; }; }) (lib.mkIf ( host-src.nix-ld ) { nix-ld.git = { url = https://github.com/Mic92/nix-ld.git; - ref = "c25cc4b"; + ref = "7d251c0c5adf6b9b003499243be257d0f130b3d6"; }; }) (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "1de492f"; + ref = "054d9e3187ca00479e8036dc0e92900a384f30fd"; }; }) ]; diff --git a/submodules/disko b/submodules/disko new file mode 160000 +Subproject df3a607ad7ee431f4831a51af2c464aa8a8813f diff --git a/submodules/nix-writers b/submodules/nix-writers -Subproject c528cf970e292790b414b4c1c8c8e9d7e73b2a7 +Subproject 0c8de150426476b5287cf2787bbd85263691a80 diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index c36fbc4bf..90501d56d 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - imports = [ <stockholm/tv> <stockholm/tv/2configs/hw/x220.nix> diff --git a/tv/1systems/alnus/lib b/tv/1systems/alnus/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/alnus/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/au/lib b/tv/1systems/au/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/au/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/bu/config.nix b/tv/1systems/bu/config.nix index 11cdac398..22e5f1484 100644 --- a/tv/1systems/bu/config.nix +++ b/tv/1systems/bu/config.nix @@ -1,7 +1,5 @@ -{ config, pkgs, ... }: let - lib = import ../../../lib; -in { - +with import ./lib; +{ config, pkgs, ... }: { imports = [ ./disks.nix <stockholm/tv> diff --git a/tv/1systems/bu/lib b/tv/1systems/bu/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/bu/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/lib b/tv/1systems/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 00bd5da15..00cdf84c1 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - imports = [ <stockholm/tv> <stockholm/tv/2configs/br.nix> diff --git a/tv/1systems/mu/lib b/tv/1systems/mu/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/mu/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index 4dc0b4e82..fb67814db 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.nomic; imports = [ diff --git a/tv/1systems/nomic/lib b/tv/1systems/nomic/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/nomic/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix index 44c7685e8..8df29f75e 100644 --- a/tv/1systems/querel/config.nix +++ b/tv/1systems/querel/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - imports = [ <stockholm/tv> <stockholm/tv/2configs/retiolum.nix> diff --git a/tv/1systems/querel/lib b/tv/1systems/querel/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/querel/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index bf250cefa..4d45f6d40 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ../lib; { config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.wu; imports = [ diff --git a/tv/1systems/wu/lib b/tv/1systems/wu/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/wu/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 8a86e209b..6ca62ac0d 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.xu; imports = [ @@ -11,7 +10,6 @@ with import <stockholm/lib>; <stockholm/tv/2configs/gitrepos.nix> <stockholm/tv/2configs/mail-client.nix> <stockholm/tv/2configs/man.nix> - <stockholm/tv/2configs/nginx/krebs-pages.nix> <stockholm/tv/2configs/nginx/public_html.nix> <stockholm/tv/2configs/ppp.nix> <stockholm/tv/2configs/pulse.nix> diff --git a/tv/1systems/xu/lib b/tv/1systems/xu/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/xu/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index 8a3040a36..169fa6bd6 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.zu; imports = [ diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index a5e0cf4c7..c8ab73b50 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -1,6 +1,5 @@ -{ config, lib, ... }: -with import <stockholm/lib>; -{ +with import ./lib; +{ config, pkgs, ... }: { krebs.backup.plans = { } // mapAttrs (_: recursiveUpdate { snapshots = { diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix index 92e2499a9..e38566b78 100644 --- a/tv/2configs/bash/default.nix +++ b/tv/2configs/bash/default.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { programs.bash = { interactiveShellInit = /* sh */ '' HISTCONTROL='erasedups:ignorespace' @@ -17,8 +14,20 @@ with import <stockholm/lib>; case $UID in ${shell.escape (toString config.krebs.users.tv.uid)}) - if test ''${SHLVL-1} = 1; then - case ''${XMONAD_SPAWN_WORKSPACE-} in + if test ''${SHLVL-1} = 1 && test -n "''${DISPLAY-}"; then + _CURRENT_DESKTOP_NAME=''${_CURRENT_DESKTOP_NAME-$( + ${pkgs.xorg.xprop}/bin/xprop -notype -root \ + 32i _NET_CURRENT_DESKTOP \ + 8s _NET_DESKTOP_NAMES \ + | + ${pkgs.gnused}/bin/sed -r 's/.* = //;s/"//g;s/, /\a/g' | + { + read -r _NET_CURRENT_DESKTOP + IFS=$'\a' read -ra _NET_DESKTOP_NAMES + echo "''${_NET_DESKTOP_NAMES[$_NET_CURRENT_DESKTOP]}" + } + )} + case $_CURRENT_DESKTOP_NAME in stockholm) cd ~/stockholm ;; diff --git a/tv/2configs/bash/lib b/tv/2configs/bash/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/bash/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix index 58791f4f6..66d740715 100644 --- a/tv/2configs/binary-cache/default.nix +++ b/tv/2configs/binary-cache/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with import <stockholm/lib>; +{ config, lib, pkgs, ... }: with import ./lib; { environment.etc."binary-cache.pubkey".text = config.krebs.build.host.binary-cache.pubkey; diff --git a/tv/2configs/binary-cache/lib b/tv/2configs/binary-cache/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/binary-cache/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/br.nix b/tv/2configs/br.nix index e6a46e903..4a8db2e38 100644 --- a/tv/2configs/br.nix +++ b/tv/2configs/br.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { imports = [ diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index f3ce2da40..9babb92c2 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - boot.tmpOnTmpfs = true; krebs.enable = true; @@ -38,7 +37,7 @@ with import <stockholm/lib>; { i18n.defaultLocale = mkDefault "C.UTF-8"; security.sudo.extraConfig = '' - Defaults env_keep+="SSH_CLIENT XMONAD_SPAWN_WORKSPACE" + Defaults env_keep+="SSH_CLIENT _CURRENT_DESKTOP_NAME" Defaults mailto="${config.krebs.users.tv.mail}" Defaults !lecture ''; @@ -46,14 +45,15 @@ with import <stockholm/lib>; } { - # TODO check if both are required: - nix.sandboxPaths = [ "/etc/protocols" pkgs.iana-etc.outPath ]; - - nix.requireSignedBinaryCaches = true; - - nix.binaryCaches = ["https://cache.nixos.org"]; + nix.extraOptions = '' + auto-optimise-store = true + ''; - nix.useSandbox = true; + # TODO check if both are required: + nix.settings.extra-sandbox-paths = [ + "/etc/protocols" + pkgs.iana-etc.outPath + ]; } { nixpkgs.config.allowUnfree = false; diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix index 3d4ada46b..fefc6dd24 100644 --- a/tv/2configs/exim-retiolum.nix +++ b/tv/2configs/exim-retiolum.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { environment.systemPackages = [ pkgs.eximlog ]; diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 4a0dcf616..e905536df 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { environment.systemPackages = [ pkgs.eximlog ]; diff --git a/tv/2configs/gitconfig.nix b/tv/2configs/gitconfig.nix index 771a4b2a4..fb9b78e6a 100644 --- a/tv/2configs/gitconfig.nix +++ b/tv/2configs/gitconfig.nix @@ -1,8 +1,5 @@ -{ config, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { environment.etc.gitconfig.text = '' [alias] patch = !${pkgs.git}/bin/git --no-pager diff --no-color diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 50444c1ee..d8e7755fe 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let { +with import ./lib; +{ config, pkgs, ... }: let { body = { @@ -134,7 +131,6 @@ let { web-routes-wai-custom = {}; xintmap = {}; xmonad-aeson = {}; - xmonad-stockholm = {}; xmonad-web = {}; } // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) { cac-api = { @@ -165,6 +161,7 @@ let { soundcloud = { cgit.desc = "SoundCloud command line interface"; }; + xmonad-stockholm = {}; }); restricted-repos = mapAttrs make-restricted-repo ( diff --git a/tv/2configs/htop.nix b/tv/2configs/htop.nix index e78caeb5f..09372980f 100644 --- a/tv/2configs/htop.nix +++ b/tv/2configs/htop.nix @@ -1,8 +1,5 @@ -{ pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ pkgs, ... }: { nixpkgs.config.packageOverrides = super: { htop = pkgs.symlinkJoin { name = "htop"; diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix index dd6fcfe67..b998fcf7c 100644 --- a/tv/2configs/hw/AO753.nix +++ b/tv/2configs/hw/AO753.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { imports = [ ../smartd.nix diff --git a/tv/2configs/hw/lib b/tv/2configs/hw/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/hw/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix index 09dd9a49d..bf749a98a 100644 --- a/tv/2configs/hw/w110er.nix +++ b/tv/2configs/hw/w110er.nix @@ -1,6 +1,5 @@ -{ pkgs, ... }: let - lib = import <stockholm/lib>; -in { +with import ./lib; +{ pkgs, ... }: { imports = [ ../smartd.nix { diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 8c68cdef0..ee3c7dc04 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -1,7 +1,5 @@ -{ config, pkgs, ... }: let - lib = import <stockholm/lib>; -in -{ +with import ./lib; +{ config, pkgs, ... }: { imports = [ ../smartd.nix { @@ -28,8 +26,8 @@ in } { - nix.buildCores = 2; - nix.maxJobs = 2; + nix.settings.cores = 2; + nix.settings.max-jobs = 2; } (if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then { nix.daemonCPUSchedPolicy = "batch"; @@ -61,6 +59,9 @@ in emulateWheel = true; }; + # Conflicts with TLP, but gets enabled by DEs. + services.power-profiles-daemon.enable = false; + services.tlp.enable = true; services.tlp.settings = { START_CHARGE_THRESH_BAT0 = 80; diff --git a/tv/2configs/imgur.nix b/tv/2configs/imgur.nix index ba84fd2df..e22122761 100644 --- a/tv/2configs/imgur.nix +++ b/tv/2configs/imgur.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - services.nginx.virtualHosts."ni.r" = { locations."/image" = { extraConfig = /* nginx */ '' @@ -18,8 +17,6 @@ with import <stockholm/lib>; krebs.htgen.imgur = { port = 7771; - script = /* sh */ '' - (. ${pkgs.htgen-imgur}/bin/htgen-imgur) - ''; + scriptFile = "${pkgs.htgen-imgur}/bin/htgen-imgur"; }; } diff --git a/tv/2configs/lib b/tv/2configs/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix index efea3a844..6844df99b 100644 --- a/tv/2configs/nginx/default.nix +++ b/tv/2configs/nginx/default.nix @@ -1,8 +1,5 @@ -{ config, lib, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, ... }: { services.nginx = { enableReload = true; diff --git a/tv/2configs/nginx/krebs-pages.nix b/tv/2configs/nginx/krebs-pages.nix deleted file mode 100644 index 4dd643db7..000000000 --- a/tv/2configs/nginx/krebs-pages.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, pkgs, ... }: -{ - services.nginx = { - virtualHosts.krebs-pages = { - serverAliases = [ - "krebs.${config.krebs.build.host.name}.r" - ]; - extraConfig = '' - root ${pkgs.krebs-pages}; - ''; - }; - }; -} diff --git a/tv/2configs/nginx/lib b/tv/2configs/nginx/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/nginx/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix index 43d7189ef..c2403cd8d 100644 --- a/tv/2configs/nginx/public_html.nix +++ b/tv/2configs/nginx/public_html.nix @@ -1,8 +1,5 @@ -{ config, lib, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, ... }: { services.nginx = { enable = true; virtualHosts.default = { diff --git a/tv/2configs/pki/default.nix b/tv/2configs/pki/default.nix index 51a5c716f..415755b16 100644 --- a/tv/2configs/pki/default.nix +++ b/tv/2configs/pki/default.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let certFile = config.environment.etc."ssl/certs/ca-certificates.crt".source; diff --git a/tv/2configs/pki/lib b/tv/2configs/pki/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/pki/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix index c801401b2..24d2831c4 100644 --- a/tv/2configs/ppp.nix +++ b/tv/2configs/ppp.nix @@ -1,5 +1,5 @@ +with import ./lib; { config, pkgs, ... }: let - lib = import <stockholm/lib>; cfg = { pin = "@${toString <secrets/o2.pin>}"; ttys.ppp = "/dev/ttyACM0"; diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index 513a0eb17..7a07e8154 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -1,7 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let +with import ./lib; +{ config, pkgs, ... }: let pkg = pkgs.pulseaudio; runDir = "/run/pulse"; diff --git a/tv/2configs/repo-sync/lib b/tv/2configs/repo-sync/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/repo-sync/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/repo-sync/wiki.nix b/tv/2configs/repo-sync/wiki.nix index 913439906..515e731c4 100644 --- a/tv/2configs/repo-sync/wiki.nix +++ b/tv/2configs/repo-sync/wiki.nix @@ -1,6 +1,5 @@ -{ config, pkgs, ... }: let - lib = import <stockholm/lib>; -in { +with import ./lib; +{ config, pkgs, ... }: { krebs.repo-sync.enable = true; krebs.repo-sync.repos.wiki.branches.hotdog = { origin.url = "http://cgit.hotdog.r/wiki"; diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix index 3c3b2adf0..de77de381 100644 --- a/tv/2configs/retiolum.nix +++ b/tv/2configs/retiolum.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { krebs.tinc.retiolum = { enable = true; connectTo = filter (ne config.krebs.build.host.name) [ diff --git a/tv/2configs/ssh.nix b/tv/2configs/ssh.nix index 84d247362..ad828813d 100644 --- a/tv/2configs/ssh.nix +++ b/tv/2configs/ssh.nix @@ -1,8 +1,5 @@ -{ config, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { # Override NixOS's "Allow DSA keys for now." environment.etc."ssh/ssh_config".text = mkForce '' AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} diff --git a/tv/2configs/sshd.nix b/tv/2configs/sshd.nix index 79af5b01f..4da8c8216 100644 --- a/tv/2configs/sshd.nix +++ b/tv/2configs/sshd.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, ... }: let cfg.host = config.krebs.build.host; in { diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 619b04459..7ba364ff3 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let exec = filename: args: url: { inherit url; diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index fed74c921..b8819ee36 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -1,7 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let { +with import ./lib; +{ config, pkgs, ... }: let { body = { environment.systemPackages = [ vim-wrapper @@ -13,7 +11,7 @@ let { environment.variables.VIMINIT = ":so /etc/vimrc"; }; - extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + extra-runtimepath = pkgs.tv.vim.makeRuntimePath [ pkgs.tv.vimPlugins.elixir pkgs.tv.vimPlugins.file-line pkgs.tv.vimPlugins.fzf @@ -79,6 +77,7 @@ let { set showmatch set timeoutlen=0 set ttimeoutlen=0 + set ttymouse=sgr set undodir=${dirs.undodir} set undofile set undolevels=1000000 diff --git a/tv/2configs/xdg.nix b/tv/2configs/xdg.nix index 18bac9b38..b7c14af5a 100644 --- a/tv/2configs/xdg.nix +++ b/tv/2configs/xdg.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; systemd.tmpfiles.rules = let diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix index a97fb3679..51fd1ae8c 100644 --- a/tv/2configs/xp-332.nix +++ b/tv/2configs/xp-332.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { environment.etc."utsushi.conf".text = '' diff --git a/tv/2configs/xserver/Xmodmap.nix b/tv/2configs/xserver/Xmodmap.nix index 8e8e3dfdd..8e555e927 100644 --- a/tv/2configs/xserver/Xmodmap.nix +++ b/tv/2configs/xserver/Xmodmap.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: -with import <stockholm/lib>; +with import ./lib; pkgs.writeText "Xmodmap" '' !keycode 66 = Caps_Lock diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 8bedb0e81..f534b557e 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -1,6 +1,5 @@ -{ config, pkgs, ... }@args: -with import <stockholm/lib>; -let +with import ./lib; +{ config, pkgs, ... }@args: let cfg = { cacheDir = cfg.dataDir; configDir = "/var/empty"; diff --git a/tv/2configs/xserver/lib b/tv/2configs/xserver/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/xserver/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/xserver/sxiv.nix b/tv/2configs/xserver/sxiv.nix index 10e450da4..eb862f887 100644 --- a/tv/2configs/xserver/sxiv.nix +++ b/tv/2configs/xserver/sxiv.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let cfg.user = config.krebs.build.user; in { diff --git a/tv/2configs/xserver/urxvt.nix b/tv/2configs/xserver/urxvt.nix index 2d504e165..3502c6356 100644 --- a/tv/2configs/xserver/urxvt.nix +++ b/tv/2configs/xserver/urxvt.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let cfg.user = config.krebs.build.user; in { diff --git a/tv/2configs/xserver/xserver.conf.nix b/tv/2configs/xserver/xserver.conf.nix index 99038e5fc..3fdfebf1b 100644 --- a/tv/2configs/xserver/xserver.conf.nix +++ b/tv/2configs/xserver/xserver.conf.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; +with import ./lib; +{ config, pkgs, ... }: let cfg = config.services.xserver; diff --git a/tv/3modules/Xresources.nix b/tv/3modules/Xresources.nix index ab233dd65..266531de9 100644 --- a/tv/3modules/Xresources.nix +++ b/tv/3modules/Xresources.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let cfg = { enable = config.services.xserver.enable && config.tv.Xresources != {}; diff --git a/tv/3modules/charybdis/config.nix b/tv/3modules/charybdis/config.nix index dccbfde67..4669345eb 100644 --- a/tv/3modules/charybdis/config.nix +++ b/tv/3modules/charybdis/config.nix @@ -1,4 +1,4 @@ -{ config, ... }: with import <stockholm/lib>; let +{ config, ... }: with import ./lib; let cfg = config.tv.charybdis; in toFile "charybdis.conf" '' /* doc/example.conf - brief example configuration file diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 96aae702a..4a0f99503 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -1,4 +1,5 @@ -{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let +with import ./lib; +{ config, pkgs, ... }@args: let cfg = config.tv.charybdis; in { options.tv.charybdis = { diff --git a/tv/3modules/charybdis/lib b/tv/3modules/charybdis/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/3modules/charybdis/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/3modules/dnsmasq.nix b/tv/3modules/dnsmasq.nix index ab24ac089..e1dfdea34 100644 --- a/tv/3modules/dnsmasq.nix +++ b/tv/3modules/dnsmasq.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, ... }: let cfg = config.tv.dnsmasq; in { diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index edc5296b0..e3a41a57b 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -1,5 +1,5 @@ -{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let - +with import ./lib; +{ config, pkgs, ... }: let cfg = config.tv.ejabberd; gen-dhparam = pkgs.writeDash "gen-dhparam" '' diff --git a/tv/3modules/ejabberd/lib b/tv/3modules/ejabberd/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/3modules/ejabberd/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/3modules/focus.nix b/tv/3modules/focus.nix index b1a7b2e52..c16d44243 100644 --- a/tv/3modules/focus.nix +++ b/tv/3modules/focus.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { options.tv.focus.enable = mkEnableOption "tv.focus"; } diff --git a/tv/3modules/hosts.nix b/tv/3modules/hosts.nix index 118740510..2d382e266 100644 --- a/tv/3modules/hosts.nix +++ b/tv/3modules/hosts.nix @@ -1,8 +1,5 @@ -{ config, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, ... }: { options.tv.hosts = mkOption { type = types.attrsOf types.host; default = diff --git a/tv/3modules/hw.nix b/tv/3modules/hw.nix index 6eb722d2f..db1a77c85 100644 --- a/tv/3modules/hw.nix +++ b/tv/3modules/hw.nix @@ -1,5 +1,5 @@ +with import ./lib; let - lib = import <stockholm/lib>; local.types.screen = lib.types.submodule { options.width = lib.mkOption { type = lib.types.uint; diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix index e98a57327..76a61b191 100644 --- a/tv/3modules/im.nix +++ b/tv/3modules/im.nix @@ -1,6 +1,6 @@ +with import ./lib; { config, pkgs, ... }: let im = config.tv.im; - lib = import <stockholm/lib>; in { options = { tv.im.client.enable = lib.mkEnableOption "tv.im.client" // { diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 9cf0bd5a2..c4bf4644d 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -1,7 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let { +with import ./lib; +{ config, pkgs, ... }: let { cfg = config.tv.iptables; body = { diff --git a/tv/3modules/lib b/tv/3modules/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/3modules/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/3modules/org.freedesktop.machine1.host-shell.nix b/tv/3modules/org.freedesktop.machine1.host-shell.nix index e1a5323d6..7d31edf9d 100644 --- a/tv/3modules/org.freedesktop.machine1.host-shell.nix +++ b/tv/3modules/org.freedesktop.machine1.host-shell.nix @@ -1,4 +1,5 @@ -{ config, ... }: let lib = import ../../lib; in { +with import ./lib; +{ config, ... }: { options.org.freedesktop.machine1.host-shell.access = lib.mkOption { default = {}; type = diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix index 926adc8e0..a08303215 100644 --- a/tv/3modules/slock.nix +++ b/tv/3modules/slock.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let cfg = config.tv.slock; in { diff --git a/tv/3modules/x0vncserver.nix b/tv/3modules/x0vncserver.nix index 4dbb34df0..f19bfebcc 100644 --- a/tv/3modules/x0vncserver.nix +++ b/tv/3modules/x0vncserver.nix @@ -1,8 +1,6 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let - cfg = config.tv.x0vncserver; - in { options.tv.x0vncserver = { display = mkOption { diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 5a018a166..245d0542b 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,4 +1,4 @@ -with import ../../lib; +with import ./lib; let pushBack = x: xs: if elem x xs then @@ -14,7 +14,6 @@ fix (foldl' (flip extends) (_: super) (map (name: import (./. + "/${name}")) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (pushBack "override" - (attrNames (readDir ./.)))))) + (pushBack "override" + (attrNames + (filterAttrs isNixDirEntry (readDir ./.)))))) diff --git a/tv/5pkgs/haskell/default.nix b/tv/5pkgs/haskell/default.nix index 33fd2506a..f05223d72 100644 --- a/tv/5pkgs/haskell/default.nix +++ b/tv/5pkgs/haskell/default.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; let overrides = self: super: mapNixDir (path: self.callPackage path {}) [ diff --git a/tv/5pkgs/haskell/lib b/tv/5pkgs/haskell/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/haskell/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/haskell/xmonad-tv/default.nix b/tv/5pkgs/haskell/xmonad-tv/default.nix index edb5f258e..be3eca982 100644 --- a/tv/5pkgs/haskell/xmonad-tv/default.nix +++ b/tv/5pkgs/haskell/xmonad-tv/default.nix @@ -1,6 +1,6 @@ { mkDerivation, aeson, base, bytestring, containers, directory -, extra, lib, template-haskell, th-env, unix, X11, xmonad -, xmonad-contrib, xmonad-stockholm +, extra, filepath, lib, systemd, template-haskell, th-env +, transformers, unix, X11, xmonad, xmonad-contrib }: mkDerivation { pname = "xmonad-tv"; @@ -9,8 +9,8 @@ mkDerivation { isLibrary = false; isExecutable = true; executableHaskellDepends = [ - aeson base bytestring containers directory extra template-haskell - th-env unix X11 xmonad xmonad-contrib xmonad-stockholm + aeson base bytestring containers directory extra filepath systemd + template-haskell th-env transformers unix X11 xmonad xmonad-contrib ]; license = lib.licenses.mit; } diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Build.hs b/tv/5pkgs/haskell/xmonad-tv/src/Build.hs new file mode 100644 index 000000000..553a129b1 --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/Build.hs @@ -0,0 +1,24 @@ +{-# LANGUAGE TemplateHaskell #-} +{-# LANGUAGE TypeApplications #-} + +module Build where + +import XMonad (Dimension) +import THEnv.JSON (getCompileEnvJSONExp) + + +myFont :: String +myFont = + "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" + +myScreenWidth :: Dimension +myScreenWidth = + $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_SCREEN_WIDTH") + +myTermFontWidth :: Dimension +myTermFontWidth = + $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_TERM_FONT_WIDTH") + +myTermPadding :: Dimension +myTermPadding = + 2 diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs b/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs new file mode 100644 index 000000000..d4a4d93cf --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs @@ -0,0 +1,113 @@ +{-# LANGUAGE LambdaCase #-} + +module Shutdown + ( newShutdownEventHandler + , shutdown + ) + where + +import Control.Applicative ((<|>), empty) +import Control.Concurrent (threadDelay) +import Control.Monad (forever, guard, when) +import Data.Monoid (All(All)) +import System.Directory (XdgDirectory(XdgData), createDirectoryIfMissing, doesFileExist, getAppUserDataDirectory, getXdgDirectory) +import System.Exit (exitSuccess) +import System.Environment (lookupEnv) +import System.FilePath ((</>)) +import System.IO.Error (isDoesNotExistError, tryIOError) +import System.IO (hPutStrLn, stderr) +import System.Posix.Process (getProcessID) +import System.Posix.Signals (nullSignal, signalProcess) +import System.Posix.Types (ProcessID) +import XMonad hiding (getXMonadDataDir) + + +-- XXX this is for compatibility with both xmonad<0.17 and xmonad>=0.17 +getXMonadDataDir :: IO String +getXMonadDataDir = xmEnvDir <|> xmDir <|> xdgDir + where + -- | Check for xmonad's environment variables first + xmEnvDir :: IO String + xmEnvDir = + maybe empty pure =<< lookupEnv "XMONAD_DATA_DIR" + + -- | Check whether the config file or a build script is in the + -- @~\/.xmonad@ directory + xmDir :: IO String + xmDir = do + d <- getAppUserDataDirectory "xmonad" + conf <- doesFileExist $ d </> "xmonad.hs" + build <- doesFileExist $ d </> "build" + pid <- doesFileExist $ d </> "xmonad.pid" + + -- Place *everything* in ~/.xmonad if yes + guard $ conf || build || pid + pure d + + -- | Use XDG directories as a fallback + xdgDir :: IO String + xdgDir = do + d <- getXdgDirectory XdgData "xmonad" + d <$ createDirectoryIfMissing True d + + +newShutdownEventHandler :: IO (Event -> X All) +newShutdownEventHandler = do + writeProcessIDToFile + return handleShutdownEvent + +handleShutdownEvent :: Event -> X All +handleShutdownEvent = \case + ClientMessageEvent { ev_message_type = mt } -> do + isShutdownEvent <- (mt ==) <$> getAtom "XMONAD_SHUTDOWN" + when isShutdownEvent $ do + broadcastMessage ReleaseResources + writeStateToFile + io exitSuccess >> return () + return (All (not isShutdownEvent)) + _ -> + return (All True) + +sendShutdownEvent :: IO () +sendShutdownEvent = do + dpy <- openDisplay "" + rw <- rootWindow dpy $ defaultScreen dpy + a <- internAtom dpy "XMONAD_SHUTDOWN" False + allocaXEvent $ \e -> do + setEventType e clientMessage + setClientMessageEvent e rw a 32 0 currentTime + sendEvent dpy rw False structureNotifyMask e + sync dpy False + +shutdown :: IO () +shutdown = do + pid <- readProcessIDFromFile + sendShutdownEvent + hPutStrLn stderr ("waiting for: " <> show pid) + result <- tryIOError (waitProcess pid) + if isSuccess result + then hPutStrLn stderr ("result: " <> show result <> " [AKA success^_^]") + else hPutStrLn stderr ("result: " <> show result) + where + isSuccess = either isDoesNotExistError (const False) + +waitProcess :: ProcessID -> IO () +waitProcess pid = forever (signalProcess nullSignal pid >> threadDelay 10000) + +-- +-- PID file stuff +-- + +getProcessIDFileName :: IO FilePath +getProcessIDFileName = (</> "xmonad.pid") <$> getXMonadDataDir + +writeProcessIDToFile :: IO () +writeProcessIDToFile = do + pidFileName <- getProcessIDFileName + pid <- getProcessID + writeFile pidFileName (show pid) + +readProcessIDFromFile :: IO ProcessID +readProcessIDFromFile = do + pidFileName <- getProcessIDFileName + read <$> readFile pidFileName diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index 81373f410..c921d428b 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -1,6 +1,4 @@ {-# LANGUAGE LambdaCase #-} -{-# LANGUAGE TemplateHaskell #-} -{-# LANGUAGE TypeApplications #-} module Main (main) where @@ -32,25 +30,9 @@ import Data.Ratio import XMonad.Hooks.Place (placeHook, smart) import XMonad.Actions.PerWorkspaceKeys (chooseAction) -import XMonad.Stockholm.Pager -import XMonad.Stockholm.Shutdown +import Shutdown (shutdown, newShutdownEventHandler) -import THEnv.JSON (getCompileEnvJSONExp) - - -myFont :: String -myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" - -myScreenWidth :: Dimension -myScreenWidth = - $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_SCREEN_WIDTH") - -myTermFontWidth :: Dimension -myTermFontWidth = - $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_TERM_FONT_WIDTH") - -myTermPadding :: Dimension -myTermPadding = 2 +import Build (myFont, myScreenWidth, myTermFontWidth, myTermPadding) main :: IO () @@ -136,13 +118,6 @@ spawnRootTerm = Nothing -spawnTermAt :: String -> X () -spawnTermAt ws = do - env <- io getEnvironment - let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env - forkFile {-pkg:rxvt_unicode-}"urxvtc" [] (Just env') - - myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) myKeys conf = Map.fromList $ [ ((_4 , xK_Escape ), forkFile {-pkg-}"slock" [] Nothing) @@ -151,11 +126,9 @@ myKeys conf = Map.fromList $ , ((_4 , xK_o ), forkFile {-pkg:fzmenu-}"otpmenu" [] Nothing) , ((_4 , xK_p ), forkFile {-pkg:fzmenu-}"passmenu" [] Nothing) - , ((_4 , xK_x ), chooseAction spawnTermAt) + , ((_4 , xK_x ), forkFile {-pkg:rxvt_unicode-}"urxvtc" [] Nothing) , ((_4C , xK_x ), spawnRootTerm) - , ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) - , ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) , ((_C , xK_Menu ), toggleWS) , ((_4 , xK_space ), withFocused $ \w -> ifM (isFloatingX w) xdeny $ sendMessage NextLayout) @@ -233,23 +206,3 @@ xdeny = , "-e", "sleep", "0.05" ] Nothing - - -pagerConfig :: PagerConfig -pagerConfig = def - { pc_font = myFont - , pc_cellwidth = 64 - , pc_matchmethod = MatchPrefix - , pc_windowColors = windowColors - } - where - windowColors _ _ _ True _ = ("#ef4242","#ff2323") - windowColors wsf m c u wf = do - let y = defaultWindowColors wsf m c u wf - if m == False && wf == True - then ("#402020", snd y) - else y - - -allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] -allWorkspaceNames = return . map W.tag . W.workspaces diff --git a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal index f3bd2e0ab..a3ddcb039 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal +++ b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal @@ -15,14 +15,15 @@ executable xmonad containers, directory, extra, + filepath, template-haskell, th-env, unix, X11, xmonad, - xmonad-contrib, - xmonad-stockholm + xmonad-contrib other-modules: + Shutdown, THEnv.JSON default-language: Haskell2010 ghc-options: -O2 -Wall -threaded diff --git a/tv/5pkgs/lib b/tv/5pkgs/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix index f719a9f69..87b7ce929 100644 --- a/tv/5pkgs/override/default.nix +++ b/tv/5pkgs/override/default.nix @@ -1,4 +1,4 @@ -with import ../../../lib; +with import ./lib; self: super: mapNixDir (path: import path self super) ./. diff --git a/tv/5pkgs/override/fzf/complete1.patch b/tv/5pkgs/override/fzf/complete1.patch index 4b2126a2c..3e3f2c4d5 100644 --- a/tv/5pkgs/override/fzf/complete1.patch +++ b/tv/5pkgs/override/fzf/complete1.patch @@ -1,50 +1,72 @@ +commit 57cbd76c068121b685399fdb4649e7ba537983d6 +Author: tv <tv@krebsco.de> +Date: Mon Dec 5 15:24:30 2022 +0100 + + Add --complete-1 option + +diff --git a/man/man1/fzf.1 b/man/man1/fzf.1 +index 79e7291..3b8a753 100644 +--- a/man/man1/fzf.1 ++++ b/man/man1/fzf.1 +@@ -685,6 +685,9 @@ interactive finder and automatically select the only match + If there is no match for the initial query (\fB--query\fR), do not start + interactive finder and exit immediately + .TP ++.B "--complete-1" ++Exit interactive finder when there's exactly one match ++.TP + .BI "-f, --filter=" "STR" + Filter mode. Do not start interactive finder. When used with \fB--no-sort\fR, + fzf becomes a fuzzy-version of grep. diff --git a/src/core.go b/src/core.go -index a18c3a1..a3d92a4 100644 +index 2ddddc3..09afff2 100644 --- a/src/core.go +++ b/src/core.go -@@ -331,6 +331,13 @@ func Run(opts *Options, version string, revision string) { +@@ -337,8 +337,14 @@ func Run(opts *Options, version string, revision string) { + } + determine(val.final) } - } - terminal.UpdateList(val, clearSelection()) -+ if (opts.Complete1) { -+ count := val.Length() -+ if count == 1 { ++ } else { ++ if opts.Complete1 && val.Length() == 1 { + opts.Printer(val.Get(0).item.AsString(opts.Ansi)) + terminal.reqBox.Set(reqClose, nil) ++ } else { ++ terminal.UpdateList(val, clearSelection()) + } -+ } + } +- terminal.UpdateList(val, clearSelection()) } } } diff --git a/src/options.go b/src/options.go -index a55dc34..7f121cd 100644 +index 5400311..1e38fe4 100644 --- a/src/options.go +++ b/src/options.go -@@ -92,6 +92,7 @@ const usage = `usage: fzf [options] - -1, --select-1 Automatically select the only match - -0, --exit-0 Exit immediately when there's no match - -f, --filter=STR Filter mode. Do not start interactive finder. -+ --complete-1 Exit interactive finder when there's exactly one match - --print-query Print query as the first line - --expect=KEYS Comma-separated list of keys to complete fzf - --read0 Read input delimited by ASCII NUL characters -@@ -208,6 +209,7 @@ type Options struct { - Query string - Select1 bool - Exit0 bool -+ Complete1 bool - Filter *string - ToggleSort bool - Expect map[tui.Event]string -@@ -269,6 +271,7 @@ func defaultOptions() *Options { - Query: "", - Select1: false, - Exit0: false, -+ Complete1: false, - Filter: nil, - ToggleSort: false, - Expect: make(map[tui.Event]string), -@@ -1311,6 +1314,8 @@ func parseOptions(opts *Options, allArgs []string) { +@@ -108,6 +108,7 @@ const usage = `usage: fzf [options] + -1, --select-1 Automatically select the only match + -0, --exit-0 Exit immediately when there's no match + -f, --filter=STR Filter mode. Do not start interactive finder. ++ --complete-1 Exit interactive finder when there's exactly one match + --print-query Print query as the first line + --expect=KEYS Comma-separated list of keys to complete fzf + --read0 Read input delimited by ASCII NUL characters +@@ -274,6 +275,7 @@ type Options struct { + Query string + Select1 bool + Exit0 bool ++ Complete1 bool + Filter *string + ToggleSort bool + Expect map[tui.Event]string +@@ -342,6 +344,7 @@ func defaultOptions() *Options { + Query: "", + Select1: false, + Exit0: false, ++ Complete1: false, + Filter: nil, + ToggleSort: false, + Expect: make(map[tui.Event]string), +@@ -1546,6 +1549,8 @@ func parseOptions(opts *Options, allArgs []string) { opts.Exit0 = true case "+0", "--no-exit-0": opts.Exit0 = false diff --git a/tv/5pkgs/override/fzf/default.nix b/tv/5pkgs/override/fzf/default.nix index 661db0ed5..2254d455a 100644 --- a/tv/5pkgs/override/fzf/default.nix +++ b/tv/5pkgs/override/fzf/default.nix @@ -1,9 +1,7 @@ self: super: super.fzf.overrideAttrs (old: { - # XXX cannot use `patches` because fzf has a custom patchPhase - patchPhase = '' - patch -Np1 < ${./complete1.patch} - ${old.patchPhase or ""} - ''; + patches = old.patches or [] ++ [ + ./complete1.patch + ]; }) diff --git a/tv/5pkgs/override/lib b/tv/5pkgs/override/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/override/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/rpi/default.nix b/tv/5pkgs/rpi/default.nix index f0ac47f6a..e41d6373f 100644 --- a/tv/5pkgs/rpi/default.nix +++ b/tv/5pkgs/rpi/default.nix @@ -1,6 +1,4 @@ -let - lib = import <stockholm/lib>; -in +with import ./lib; self: super: diff --git a/tv/5pkgs/rpi/lib b/tv/5pkgs/rpi/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/rpi/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/simple/alacritty-font-size.nix b/tv/5pkgs/simple/alacritty-font-size.nix new file mode 100644 index 000000000..84bc3f616 --- /dev/null +++ b/tv/5pkgs/simple/alacritty-font-size.nix @@ -0,0 +1,67 @@ +{ pkgs }: + +pkgs.writeDashBin "font-size-alacritty" '' + # usage: font-size-alacritty (+N|-N|=N) + # Increase by, decrease by, or set font size to the value N. + + set -efu + + min_size=8 + + op=''${1%%[0-9]*} + op=''${op:-=} + + value=''${1#[=+-]} + + window_id=$(${pkgs.xdotool}/bin/xdotool getactivewindow) + + current_size=$( + ${pkgs.xorg.xprop}/bin/xprop -notype -id $window_id FONT_SIZE | + ${pkgs.gnused}/bin/sed -rn 's/.* = ([0-9]+)$/\1/p' + ) + + # usage: set_font_size WINDOW_ID FONT_SIZE + set_font_size() { + ${pkgs.alacritty}/bin/alacritty msg config -w $1 font.size=$2 + ${pkgs.xorg.xprop}/bin/xprop -id $1 -f FONT_SIZE 32c -set FONT_SIZE $2 + } + + # usage: reset_font_size WINDOW_ID + reset_font_size() { + ${pkgs.alacritty}/bin/alacritty msg config -w $1 font.size=$min_size + ${pkgs.xorg.xprop}/bin/xprop -id $1 -remove FONT_SIZE + } + + # usage: make_next_size + make_next_size() { + case $op in + -) next_size=$(expr $current_size - $value) ;; + =) next_size=$value ;; + +) + next_size=$(expr $current_size + $value) + test $next_size -ge $min_size || next_size=$min_size + ;; + esac + } + + if test -z "$current_size"; then + current_size=0 + make_next_size + if test $next_size -ge $min_size; then + ${pkgs.alacritty}/bin/alacritty msg config -w $window_id \ + font.normal.family='Input Mono' \ + font.normal.style=Condensed \ + font.bold.family='Input Mono' \ + font.bold.style=Bold + set_font_size $window_id $next_size + fi + else + make_next_size + if test $next_size -ge $min_size; then + set_font_size $window_id $next_size + else + ${pkgs.alacritty}/bin/alacritty msg config -w $window_id -r + reset_font_size $window_id + fi + fi +'' diff --git a/tv/5pkgs/simple/alacritty-tv.nix b/tv/5pkgs/simple/alacritty-tv.nix new file mode 100644 index 000000000..d80c46cbb --- /dev/null +++ b/tv/5pkgs/simple/alacritty-tv.nix @@ -0,0 +1,92 @@ +{ pkgs }: + +let + lib = import ./lib; + font-size = arg: { + program = "${pkgs.font-size-alacritty}/bin/font-size-alacritty"; + args = [arg]; + }; + config = { + bell.animation = "EaseOut"; + bell.duration = 50; + bell.color = "#ff00ff"; + colors.cursor.cursor = "#f042b0"; + colors.primary.background = "#202020"; + colors.primary.foreground = "#d0d7d0"; + colors.normal.black = "#000000"; + colors.normal.red = "#cd0000"; + colors.normal.green = "#00cd00"; + colors.normal.yellow = "#bc7004"; + colors.normal.blue = "#4343be"; + colors.normal.magenta = "#cb06cb"; + colors.normal.cyan = "#04c9c9"; + colors.normal.white = "#bebebe"; + colors.bright.black = "#727272"; + colors.bright.red = "#fb6262"; + colors.bright.green = "#72fb72"; + colors.bright.yellow = "#fbfb72"; + colors.bright.blue = "#7272fb"; + colors.bright.magenta = "#fb53fb"; + colors.bright.cyan = "#72fbfb"; + colors.bright.white = "#fbfbfb"; + draw_bold_text_with_bright_colors = true; + font.normal.family = "Clean"; + font.bold.family = "Clean"; + font.bold.style = "Regular"; + font.size = 10; + hints.enabled = [ + { + regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\\u0000-\\u001F\\u007F-\\u009F<>\"\\s{-}\\^⟨⟩`]+"; + mouse.enabled = true; + post_processing = true; + action = "Select"; + } + ]; + key_bindings = [ + { key = "Up"; mods = "Shift|Control"; command = font-size "=14"; } + { key = "Up"; mods = "Control"; command = font-size "+1"; } + { key = "Down"; mods = "Control"; command = font-size "-1"; } + { key = "Down"; mods = "Shift|Control"; command = font-size "=0"; } + ]; + scrolling.multiplier = 8; + }; + config-file = pkgs.writeJSON "alacritty-tv.json" config; +in + +pkgs.symlinkJoin { + name = "alacritty-tv"; + paths = [ + (pkgs.writeDashBin "alacritty" '' + # usage: + # alacritty [--singleton] [ARGS...] + + set -efu + + # Use home so Alacritty can find the configuration without arguments. + # HOME will be reset once in Alacritty. + HOME=$TMPDIR/Alacritty + export HOME + + # Install stored configuration if it has changed. + # This allows for both declarative updates and runtime modifications. + ${pkgs.coreutils}/bin/mkdir -p "$HOME" + if test "$(${pkgs.coreutils}/bin/cat "$HOME"/ref)" != ${config-file}; then + echo ${config-file} > "$HOME"/ref + ${pkgs.coreutils}/bin/cp ${config-file} "$HOME"/.alacritty.yml + fi + + case ''${1-} in + --singleton) + shift + if ! ${pkgs.alacritty}/bin/alacritty msg create-window "$@"; then + ${pkgs.alacritty}/bin/alacritty "$@" & + fi + ;; + *) + exec ${pkgs.alacritty}/bin/alacritty "$@" + ;; + esac + '') + pkgs.alacritty + ]; +} diff --git a/tv/5pkgs/simple/bash-fzf-history.nix b/tv/5pkgs/simple/bash-fzf-history.nix index 88a8e9e4a..1166ec7fd 100644 --- a/tv/5pkgs/simple/bash-fzf-history.nix +++ b/tv/5pkgs/simple/bash-fzf-history.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { pkgs , edit-key ? "ctrl-e" diff --git a/tv/5pkgs/simple/default.nix b/tv/5pkgs/simple/default.nix index 9fb45dd1a..82a19a9b1 100644 --- a/tv/5pkgs/simple/default.nix +++ b/tv/5pkgs/simple/default.nix @@ -1,4 +1,4 @@ -with import ../../../lib; +with import ./lib; self: super: diff --git a/tv/5pkgs/simple/imagescan-plugin-networkscan.nix b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix index c3f2deaca..4f9b84b22 100644 --- a/tv/5pkgs/simple/imagescan-plugin-networkscan.nix +++ b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { preFixup = '' patchelf --set-interpreter \ - ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \ + ${pkgs.pkgsi686Linux.glibc}/lib/ld-linux-x86-64.so.2 \ $out/lib/utsushi/networkscan # libstdc++.so.6 diff --git a/tv/5pkgs/simple/lib b/tv/5pkgs/simple/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/simple/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/simple/pinentry-urxvt/default.nix b/tv/5pkgs/simple/pinentry-urxvt/default.nix index 65b76c077..ad8039ff2 100644 --- a/tv/5pkgs/simple/pinentry-urxvt/default.nix +++ b/tv/5pkgs/simple/pinentry-urxvt/default.nix @@ -1,8 +1,7 @@ +with import ./lib; { pkgs, ... }@args: let - lib = import <stockholm/lib>; - # config cannot be declared in the input attribute set because that would # cause callPackage to inject the wrong config. Instead, get it from ... # via args. @@ -20,7 +19,11 @@ let type = lib.types.str; }; display = lib.mkOption { - default = ":0"; + default = null; + type = lib.types.nullOr lib.types.str; + }; + xwud.className = lib.mkOption { + default = "PinentryUrxvtXwudFloat"; type = lib.types.str; }; }; @@ -30,12 +33,77 @@ let in + # pinentry-urxvt - A mechanism for PIN entry utilizing rxvt-unicode + # + # This spawns a PIN entry terminal on top of a tinted screenshot of the + # current display's root window. The display for spawning the terminal can + # be predefined, in which case both the current and the predefined display + # will show the screenshot. + # + # The purpose of the screenshot, aside from looking nice, is to prevent entry + # of the PIN into the wrong window, e.g. by accidentally moving the cursor + # while typing. If necessary, the screenshot can be closed by sending 'q', + # 'Q', or ctrl-c while its focused. + # pkgs.write "pinentry-urxvt" { "/bin/pinentry".link = pkgs.writeDash "pinentry-urxvt-wrapper" '' set -efu + + trap cleanup EXIT + + cleanup() { + ${pkgs.utillinux}/bin/kill -- $(${pkgs.coreutils}/bin/cat "$displayers") + rm "$displayers" + rm "$screenshot" + } + + displayers=$(${pkgs.coreutils}/bin/mktemp -t pinentry-urxvt.$$.displayers.XXXXXXXX) + screenshot=$(${pkgs.coreutils}/bin/mktemp -t pinentry-urxvt.$$.screenshot.XXXXXXXX) + + ${pkgs.xorg.xwd}/bin/xwd -root | + ${pkgs.imagemagick}/bin/convert xwd:- -fill \#424242 -colorize 80% xwd:"$screenshot" + + display_screenshot() { + ${pkgs.exec "pinentry-urxvt.display_screenshot" { + filename = "${pkgs.xorg.xwud}/bin/xwud"; + argv = [ + cfg.xwud.className + "-noclick" + ]; + }} < "$screenshot" & + wait_for_screenshot $! && echo $! >>"$displayers" + } + + # Wait for the xwud window by trying to intercept the call to munmap(). + # If it cannot be intercepted within 0.1s, assume that attaching strace + # wasn't fast enough or xwud doesn't call munmap() anymore. In either + # case fall back to search the window by class name, assuming there can + # be only one per display. + wait_for_screenshot() { + if ! \ + ${pkgs.coreutils}/bin/timeout 0.1 \ + ${pkgs.strace}/bin/strace -p "$1" -e munmap 2>&1 | + read -r _ + then + until ${pkgs.xdotool}/bin/xdotool search \ + --classname ${lib.shell.escape cfg.xwud.className} + do + ${pkgs.coreutils}/bin/sleep 0.1 + done + fi + } + + display_screenshot + + ${lib.optionalString (cfg.display != null) /* sh */ '' + if test "$DISPLAY" != ${lib.shell.escape cfg.display}; then + export DISPLAY=${lib.shell.escape cfg.display} + display_screenshot + fi + ''} + exec 3<&0 4>&1 5>&2 - export DISPLAY=${lib.shell.escape cfg.display} - exec ${pkgs.rxvt_unicode}/bin/urxvt \ + ${pkgs.rxvt_unicode}/bin/urxvt \ -name ${lib.shell.escape cfg.appName} \ -e ${pkgs.writeDash "pinentry-urxvt-tty" '' set -efu diff --git a/tv/5pkgs/simple/pinentry-urxvt/lib b/tv/5pkgs/simple/pinentry-urxvt/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/simple/pinentry-urxvt/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix index e17282e17..2ae71db52 100644 --- a/tv/5pkgs/simple/q/default.nix +++ b/tv/5pkgs/simple/q/default.nix @@ -1,5 +1,5 @@ -{ pkgs, ... }: -with import <stockholm/lib>; +with import ./lib; +{ pkgs }: let q-cal = let diff --git a/tv/5pkgs/simple/q/lib b/tv/5pkgs/simple/q/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/simple/q/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/vim/default.nix b/tv/5pkgs/vim/default.nix index 5582be3fd..c143592ad 100644 --- a/tv/5pkgs/vim/default.nix +++ b/tv/5pkgs/vim/default.nix @@ -1,7 +1,11 @@ -with import <stockholm/lib>; +with import ./lib; self: super: { tv = super.tv // { + vim = { + makePlugin = outPath: outPath // { inherit outPath; }; + makeRuntimePath = concatMapStringsSep "," (getAttr "outPath"); + }; vimPlugins = mapNixDir (path: self.callPackage path {}) ./.; }; } diff --git a/tv/5pkgs/vim/hack.nix b/tv/5pkgs/vim/hack.nix index 2145cc166..922d85ba2 100644 --- a/tv/5pkgs/vim/hack.nix +++ b/tv/5pkgs/vim/hack.nix @@ -1,7 +1,7 @@ -with import <stockholm/lib>; +with import ./lib; { pkgs }: -(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let +pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let name = "hack"; in { name = "vim-color-${name}-1.0.2"; diff --git a/tv/5pkgs/vim/lib b/tv/5pkgs/vim/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/vim/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/vim/nix.nix b/tv/5pkgs/vim/nix.nix index 6715af737..43caf46c2 100644 --- a/tv/5pkgs/vim/nix.nix +++ b/tv/5pkgs/vim/nix.nix @@ -1,7 +1,7 @@ -with import <stockholm/lib>; +with import ./lib; { pkgs }: -(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" { +pkgs.tv.vim.makePlugin (pkgs.write "vim-syntax-nix-nested" { "/syntax/haskell.vim".text = '' syn region String start=+\[[[:alnum:]]*|+ end=+|]+ diff --git a/tv/5pkgs/vim/showsyntax.nix b/tv/5pkgs/vim/showsyntax.nix index a5547e46a..c27dd0447 100644 --- a/tv/5pkgs/vim/showsyntax.nix +++ b/tv/5pkgs/vim/showsyntax.nix @@ -1,6 +1,6 @@ { pkgs }: -(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let +pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let name = "showsyntax"; in { name = "vim-plugin-${name}-1.0.0"; diff --git a/tv/5pkgs/vim/tv.nix b/tv/5pkgs/vim/tv.nix index ae6245b87..dee6b2df8 100644 --- a/tv/5pkgs/vim/tv.nix +++ b/tv/5pkgs/vim/tv.nix @@ -1,6 +1,6 @@ { pkgs }: -(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { +pkgs.tv.vim.makePlugin (pkgs.write "vim-tv" { # # Haskell # diff --git a/tv/5pkgs/vim/vim.nix b/tv/5pkgs/vim/vim.nix index 216ab6abb..c5693a243 100644 --- a/tv/5pkgs/vim/vim.nix +++ b/tv/5pkgs/vim/vim.nix @@ -1,7 +1,7 @@ -with import <stockholm/lib>; +with import ./lib; { pkgs }: -(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let +pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let name = "vim"; in { name = "vim-syntax-${name}-1.0.0"; @@ -0,0 +1 @@ +../lib
\ No newline at end of file |