summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitmodules8
-rw-r--r--jeschli/1systems/bolide/config.nix125
-rw-r--r--jeschli/1systems/bolide/hardware-configuration.nix33
-rw-r--r--jeschli/1systems/brauerei/config.nix200
-rw-r--r--jeschli/1systems/brauerei/hardware-configuration.nix34
-rw-r--r--jeschli/1systems/enklave/config.nix57
-rw-r--r--jeschli/1systems/enklave/taskserver.nix10
-rw-r--r--jeschli/1systems/reagenzglas/config.nix91
-rw-r--r--jeschli/1systems/reagenzglas/desktop.nix25
-rw-r--r--jeschli/1systems/reagenzglas/hardware-configuration.nix37
-rw-r--r--jeschli/1systems/reagenzglas/i3-configuration.nix181
-rw-r--r--jeschli/2configs/IM.nix57
-rw-r--r--jeschli/2configs/default.nix72
m---------jeschli/2configs/elisp0
-rw-r--r--jeschli/2configs/emacs-org-agenda.nix2025
-rw-r--r--jeschli/2configs/emacs.nix119
-rw-r--r--jeschli/2configs/firefox.nix44
-rw-r--r--jeschli/2configs/git.nix78
-rw-r--r--jeschli/2configs/haskell.nix18
-rw-r--r--jeschli/2configs/home-manager/default.nix9
-rw-r--r--jeschli/2configs/i3.nix247
-rw-r--r--jeschli/2configs/officevpn.nix19
-rw-r--r--jeschli/2configs/os-templates/CentOS-7-64bit.nix16
-rw-r--r--jeschli/2configs/python.nix9
-rw-r--r--jeschli/2configs/retiolum.nix26
-rw-r--r--jeschli/2configs/rust.nix8
-rw-r--r--jeschli/2configs/steam.nix12
-rw-r--r--jeschli/2configs/tests/dummy-secrets/empty0
-rw-r--r--jeschli/2configs/urxvt.nix39
-rw-r--r--jeschli/2configs/vim.nix151
-rw-r--r--jeschli/2configs/virtualbox.nix23
-rw-r--r--jeschli/2configs/xdg.nix14
-rw-r--r--jeschli/2configs/xserver/Xmodmap.nix27
-rw-r--r--jeschli/2configs/xserver/Xresources.nix56
-rw-r--r--jeschli/2configs/xserver/default.nix130
-rw-r--r--jeschli/2configs/xserver/xserver.conf.nix40
-rw-r--r--jeschli/2configs/zsh.nix138
-rw-r--r--jeschli/5pkgs/default.nix11
-rw-r--r--jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix40
-rw-r--r--jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix40
-rw-r--r--jeschli/5pkgs/firefox/dark-reader/default.nix28
-rw-r--r--jeschli/5pkgs/firefox/default.nix18
-rw-r--r--jeschli/5pkgs/firefox/firefox-with-config.nix487
-rw-r--r--jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix40
-rw-r--r--jeschli/5pkgs/firefox/hopper/default.nix45
-rw-r--r--jeschli/5pkgs/firefox/https-everywhere/default.nix29
-rw-r--r--jeschli/5pkgs/firefox/pyocclient/default.nix26
-rw-r--r--jeschli/5pkgs/firefox/rmount/default.nix34
-rw-r--r--jeschli/5pkgs/firefox/ublock-origin/default.nix28
-rw-r--r--jeschli/5pkgs/firefox/user-agent-switcher/default.nix40
-rw-r--r--jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix40
-rw-r--r--jeschli/5pkgs/firefox/wl-clipboard/default.nix25
-rw-r--r--jeschli/5pkgs/simple/default.nix18
-rw-r--r--jeschli/default.nix9
-rw-r--r--jeschli/krops.nix43
-rw-r--r--kartei/default.nix31
-rw-r--r--kartei/krebs/default.nix17
-rw-r--r--kartei/lass/blue.nix40
-rw-r--r--kartei/lass/coaxmetal.nix42
-rw-r--r--kartei/lass/daedalus.nix33
-rw-r--r--kartei/lass/default.nix902
-rw-r--r--kartei/lass/dishfire.nix40
-rw-r--r--kartei/lass/domsen-pixel.nix16
-rw-r--r--kartei/lass/echelon.nix42
-rw-r--r--kartei/lass/green.nix40
-rw-r--r--kartei/lass/hilum.nix43
-rw-r--r--kartei/lass/icarus.nix35
-rw-r--r--kartei/lass/lasspi.nix42
-rw-r--r--kartei/lass/littleT.nix51
-rw-r--r--kartei/lass/massulus.nix44
-rw-r--r--kartei/lass/mors.nix35
-rw-r--r--kartei/lass/neoprism.nix38
-rw-r--r--kartei/lass/phone.nix17
-rw-r--r--kartei/lass/prism.nix125
-rw-r--r--kartei/lass/shodan.nix36
-rw-r--r--kartei/lass/skynet.nix35
-rw-r--r--kartei/lass/ssh/red.ed255191
-rw-r--r--kartei/lass/styx.nix43
-rw-r--r--kartei/lass/tablet.nix16
-rw-r--r--kartei/lass/xerxes.nix52
-rw-r--r--kartei/lass/yellow.nix39
-rw-r--r--kartei/makefu/default.nix24
-rw-r--r--kartei/makefu/wiregrill/telex.pub1
-rw-r--r--kartei/others/default.nix107
-rw-r--r--kartei/oxzi/default.nix62
-rw-r--r--kartei/rtunreal/default.nix35
-rw-r--r--kartei/rtunreal/ssh/rtunreal.runner.pub1
-rw-r--r--kartei/rtunreal/ssh/rtunreal.spinner.pub1
-rw-r--r--kartei/template/default.nix20
-rw-r--r--kartei/tv/default.nix18
-rw-r--r--kartei/xkey/default.nix126
-rw-r--r--kartei/xkey/ssh/xkey.pub1
-rw-r--r--krebs/0tests/data/test-config.nix1
-rw-r--r--krebs/1systems/hotdog/config.nix2
-rw-r--r--krebs/1systems/ponte/config.nix26
-rw-r--r--krebs/1systems/puyak/config.nix3
-rw-r--r--krebs/2configs/default.nix6
-rw-r--r--krebs/2configs/ircd.nix5
-rw-r--r--krebs/2configs/mastodon-proxy.nix24
-rw-r--r--krebs/2configs/mastodon.nix46
-rw-r--r--krebs/2configs/news.nix4
-rw-r--r--krebs/2configs/reaktor2.nix39
-rw-r--r--krebs/2configs/shack/prometheus/alertmanager-telegram.nix17
-rw-r--r--krebs/3modules/default.nix40
-rw-r--r--krebs/3modules/dns.nix13
-rw-r--r--krebs/3modules/ergo.nix133
-rw-r--r--krebs/3modules/exim-smarthost.nix43
-rw-r--r--krebs/3modules/hosts.nix2
-rw-r--r--krebs/3modules/htgen.nix21
-rw-r--r--krebs/3modules/krebs-pages.nix46
-rw-r--r--krebs/3modules/sitemap.nix8
-rw-r--r--krebs/3modules/ssl.nix21
-rw-r--r--krebs/3modules/users.nix20
-rw-r--r--krebs/5pkgs/simple/generate-secrets/default.nix1
-rw-r--r--krebs/5pkgs/simple/git-assembler.nix24
-rw-r--r--krebs/5pkgs/simple/htgen/default.nix7
-rw-r--r--krebs/5pkgs/simple/krebs-pages/fixtures/index.html21
-rw-r--r--krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html133
-rw-r--r--krebs/5pkgs/simple/passwdqc-utils/default.nix11
-rw-r--r--krebs/5pkgs/simple/stable-generate/default.nix64
-rw-r--r--krebs/5pkgs/simple/stable-interrogate/default.nix30
-rw-r--r--krebs/5pkgs/simple/ukrepl.nix11
-rw-r--r--krebs/6assets/krebsAcmeCA.crt22
-rw-r--r--krebs/6assets/krebsRootCA.crt18
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rwxr-xr-xkrebs/update-nixpkgs.sh2
-rw-r--r--lass/1systems/daedalus/config.nix1
-rw-r--r--lass/1systems/mors/config.nix1
-rw-r--r--lass/1systems/neoprism/config.nix25
-rw-r--r--lass/1systems/neoprism/disk.nix116
-rw-r--r--lass/1systems/neoprism/physical.nix42
-rw-r--r--lass/1systems/prism/config.nix2
-rw-r--r--lass/1systems/yellow/config.nix21
-rw-r--r--lass/2configs/autotether.nix16
-rw-r--r--lass/2configs/c-base.nix188
-rw-r--r--lass/2configs/default.nix1
-rw-r--r--lass/2configs/libvirt.nix2
-rw-r--r--lass/2configs/mumble-reminder.nix107
-rw-r--r--lass/2configs/radio/default.nix250
-rw-r--r--lass/2configs/radio/news.nix3
-rw-r--r--lass/2configs/radio/radio.liq112
-rw-r--r--lass/2configs/radio/shell.nix7
-rw-r--r--lass/2configs/radio/weather.nix6
-rw-r--r--lass/2configs/radio/weather_for_ips.py5
-rw-r--r--lass/2configs/retiolum.nix9
-rw-r--r--lass/2configs/websites/util.nix2
-rw-r--r--lass/2configs/wiregrill.nix7
-rw-r--r--lass/5pkgs/install-system/default.nix26
-rw-r--r--lass/5pkgs/l-gen-secrets/default.nix103
-rw-r--r--lib/default.nix36
-rw-r--r--lib/haskell.nix7
-rw-r--r--lib/types.nix19
-rw-r--r--makefu/2configs/bgt/download.binaergewitter.de.nix17
-rw-r--r--makefu/2configs/default.nix2
-rw-r--r--makefu/2configs/gui/look-up.nix18
-rw-r--r--makefu/2configs/home/3dprint.nix2
-rw-r--r--makefu/2configs/home/ham/automation/fenster_auf.nix2
-rw-r--r--makefu/2configs/home/ham/automation/find_phone.nix32
-rw-r--r--makefu/2configs/home/ham/automation/shutdown_button.nix3
-rw-r--r--makefu/2configs/home/ham/automation/urlaub.nix12
-rw-r--r--makefu/2configs/home/ham/default.nix13
-rw-r--r--makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix6
-rw-r--r--makefu/2configs/home/ham/multi/heizung.nix11
-rw-r--r--makefu/2configs/home/ham/sensor/dwd.nix2
-rw-r--r--makefu/2configs/home/ham/sensor/outside.nix9
-rw-r--r--makefu/2configs/home/music.nix10
-rw-r--r--makefu/2configs/main-laptop.nix12
-rw-r--r--makefu/2configs/security/hotfix.nix4
-rw-r--r--makefu/2configs/stats/telegraf/default.nix14
-rw-r--r--makefu/2configs/tools/all.nix2
-rw-r--r--makefu/2configs/tools/init-host/default.nix1
-rw-r--r--makefu/5pkgs/airsensor-py/default.nix6
-rw-r--r--makefu/5pkgs/pkgrename/default.nix8
-rw-r--r--makefu/5pkgs/ratt/default.nix2
-rw-r--r--makefu/krops.nix6
m---------submodules/disko0
m---------submodules/nix-writers0
-rw-r--r--tv/1systems/alnus/config.nix3
l---------tv/1systems/alnus/lib1
l---------tv/1systems/au/lib1
-rw-r--r--tv/1systems/bu/config.nix6
l---------tv/1systems/bu/lib1
l---------tv/1systems/lib1
-rw-r--r--tv/1systems/mu/config.nix3
l---------tv/1systems/mu/lib1
-rw-r--r--tv/1systems/nomic/config.nix3
l---------tv/1systems/nomic/lib1
-rw-r--r--tv/1systems/querel/config.nix3
l---------tv/1systems/querel/lib1
-rw-r--r--tv/1systems/wu/config.nix3
l---------tv/1systems/wu/lib1
-rw-r--r--tv/1systems/xu/config.nix4
l---------tv/1systems/xu/lib1
-rw-r--r--tv/1systems/zu/config.nix3
-rw-r--r--tv/2configs/backup.nix5
-rw-r--r--tv/2configs/bash/default.nix23
l---------tv/2configs/bash/lib1
-rw-r--r--tv/2configs/binary-cache/default.nix2
l---------tv/2configs/binary-cache/lib1
-rw-r--r--tv/2configs/br.nix2
-rw-r--r--tv/2configs/default.nix20
-rw-r--r--tv/2configs/exim-retiolum.nix7
-rw-r--r--tv/2configs/exim-smarthost.nix7
-rw-r--r--tv/2configs/gitconfig.nix7
-rw-r--r--tv/2configs/gitrepos.nix9
-rw-r--r--tv/2configs/htop.nix7
-rw-r--r--tv/2configs/hw/AO753.nix7
l---------tv/2configs/hw/lib1
-rw-r--r--tv/2configs/hw/w110er.nix5
-rw-r--r--tv/2configs/hw/x220.nix13
-rw-r--r--tv/2configs/imgur.nix7
l---------tv/2configs/lib1
-rw-r--r--tv/2configs/nginx/default.nix7
-rw-r--r--tv/2configs/nginx/krebs-pages.nix13
l---------tv/2configs/nginx/lib1
-rw-r--r--tv/2configs/nginx/public_html.nix7
-rw-r--r--tv/2configs/pki/default.nix2
l---------tv/2configs/pki/lib1
-rw-r--r--tv/2configs/ppp.nix2
-rw-r--r--tv/2configs/pulse.nix6
l---------tv/2configs/repo-sync/lib1
-rw-r--r--tv/2configs/repo-sync/wiki.nix5
-rw-r--r--tv/2configs/retiolum.nix7
-rw-r--r--tv/2configs/ssh.nix7
-rw-r--r--tv/2configs/sshd.nix2
-rw-r--r--tv/2configs/urlwatch.nix2
-rw-r--r--tv/2configs/vim.nix9
-rw-r--r--tv/2configs/xdg.nix7
-rw-r--r--tv/2configs/xp-332.nix2
-rw-r--r--tv/2configs/xserver/Xmodmap.nix2
-rw-r--r--tv/2configs/xserver/default.nix5
l---------tv/2configs/xserver/lib1
-rw-r--r--tv/2configs/xserver/sxiv.nix2
-rw-r--r--tv/2configs/xserver/urxvt.nix2
-rw-r--r--tv/2configs/xserver/xserver.conf.nix5
-rw-r--r--tv/3modules/Xresources.nix2
-rw-r--r--tv/3modules/charybdis/config.nix2
-rw-r--r--tv/3modules/charybdis/default.nix3
l---------tv/3modules/charybdis/lib1
-rw-r--r--tv/3modules/dnsmasq.nix2
-rw-r--r--tv/3modules/ejabberd/default.nix4
l---------tv/3modules/ejabberd/lib1
-rw-r--r--tv/3modules/focus.nix2
-rw-r--r--tv/3modules/hosts.nix7
-rw-r--r--tv/3modules/hw.nix2
-rw-r--r--tv/3modules/im.nix2
-rw-r--r--tv/3modules/iptables.nix6
l---------tv/3modules/lib1
-rw-r--r--tv/3modules/org.freedesktop.machine1.host-shell.nix3
-rw-r--r--tv/3modules/slock.nix2
-rw-r--r--tv/3modules/x0vncserver.nix4
-rw-r--r--tv/5pkgs/default.nix9
-rw-r--r--tv/5pkgs/haskell/default.nix2
l---------tv/5pkgs/haskell/lib1
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/default.nix8
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/Build.hs24
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs113
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/main.hs53
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal5
l---------tv/5pkgs/lib1
-rw-r--r--tv/5pkgs/override/default.nix2
-rw-r--r--tv/5pkgs/override/fzf/complete1.patch90
-rw-r--r--tv/5pkgs/override/fzf/default.nix8
l---------tv/5pkgs/override/lib1
-rw-r--r--tv/5pkgs/rpi/default.nix4
l---------tv/5pkgs/rpi/lib1
-rw-r--r--tv/5pkgs/simple/alacritty-font-size.nix67
-rw-r--r--tv/5pkgs/simple/alacritty-tv.nix92
-rw-r--r--tv/5pkgs/simple/bash-fzf-history.nix2
-rw-r--r--tv/5pkgs/simple/default.nix2
-rw-r--r--tv/5pkgs/simple/imagescan-plugin-networkscan.nix2
l---------tv/5pkgs/simple/lib1
-rw-r--r--tv/5pkgs/simple/pinentry-urxvt/default.nix78
l---------tv/5pkgs/simple/pinentry-urxvt/lib1
-rw-r--r--tv/5pkgs/simple/q/default.nix4
l---------tv/5pkgs/simple/q/lib1
-rw-r--r--tv/5pkgs/vim/default.nix6
-rw-r--r--tv/5pkgs/vim/hack.nix4
l---------tv/5pkgs/vim/lib1
-rw-r--r--tv/5pkgs/vim/nix.nix4
-rw-r--r--tv/5pkgs/vim/showsyntax.nix2
-rw-r--r--tv/5pkgs/vim/tv.nix2
-rw-r--r--tv/5pkgs/vim/vim.nix4
l---------tv/lib1
285 files changed, 3143 insertions, 7375 deletions
diff --git a/.gitmodules b/.gitmodules
index 7ecb497ea..4779748c8 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,12 +1,12 @@
[submodule "submodules/nix-writers"]
path = submodules/nix-writers
- url = http://cgit.krebsco.de/nix-writers
+ url = https://cgit.krebsco.de/nix-writers
[submodule "submodules/krops"]
path = submodules/krops
url = https://cgit.krebsco.de/krops
[submodule "lass/5pkgs/autowifi"]
path = lass/5pkgs/autowifi
url = https://github.com/Lassulus/autowifi
-[submodule "jeschli/2configs/elisp"]
- path = jeschli/2configs/elisp
- url = https://github.com/Jeschli/misc-elisp-scripts.git
+[submodule "submodules/disko"]
+ path = submodules/disko
+ url = https://github.com/nix-community/disko
diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix
deleted file mode 100644
index 49b814793..000000000
--- a/jeschli/1systems/bolide/config.nix
+++ /dev/null
@@ -1,125 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, lib, ... }:
-let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in
-{
- imports =
- [
- ./hardware-configuration.nix
- <stockholm/jeschli>
- <stockholm/jeschli/2configs/urxvt.nix>
- <stockholm/jeschli/2configs/i3.nix>
- <stockholm/jeschli/2configs/emacs.nix>
- <stockholm/jeschli/2configs/rust.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.bolide;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # boot.loader.grub.efiSupport = true;
- # boot.loader.grub.efiInstallAsRemovable = true;
- # boot.loader.efi.efiSysMountPoint = "/boot/efi";
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only
- boot.initrd.luks.devices = [ {
- name = "bla";
- device = "/dev/disk/by-uuid/53f1eeaf-a7ac-456c-a2af-778dd8b8d5b0";
- preLVM = true;
- allowDiscards = true;
- } ];
-# networking.hostName = "bolide"; # Define your hostname.
-# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
- networking.networkmanager.enable = true;
- networking.enableB43Firmware = true; #new
-
- # Select internationalisation properties.
- # i18n = {
- # consoleFont = "Lat2-Terminus16";
- # consoleKeyMap = "us";
- # defaultLocale = "en_US.UTF-8";
- # };
-
- # Set your time zone.
- # time.timeZone = "Europe/Amsterdam";
-
- # List packages installed in system profile. To search by name, run:
- # $ nix-env -qaP | grep wget
- environment.shellAliases = {
- n = "nix-shell";
- stocki = pkgs.writeDash "deploy" ''
- cd ~/stockholm
- exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bolide"'
- '';
- };
- nixpkgs.config.allowUnfree = true;
- environment.systemPackages = with pkgs; [
- rofi
- wget vim
- # system helper
- ag
- curl
- copyq
- dmenu
- git
- i3lock
- keepass
- networkmanagerapplet
- rsync
- terminator
- tmux
- wget
- # rxvt_unicode
- # editors
- emacs
- # internet
- thunderbird
- chromium
- google-chrome
- # programming languages
- vscode
- go
- gcc9
- ccls
- unstable.clang_8
- ghc
- python37
- python37Packages.pip
- # go tools
- golint
- gotools
- # dev tools
- elmPackages.elm
- gnumake
- jetbrains.pycharm-professional
- jetbrains.webstorm
- jetbrains.goland
- # document viewer
- zathura
- ];
-
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- services.xserver.videoDrivers = [ "nvidia" ];
-
-users.extraUsers.jeschli = {
- isNormalUser = true;
- extraGroups = ["docker" "vboxusers" "audio"];
- uid = 1000;
- };
-
- hardware.pulseaudio.enable = true;
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "17.09"; # Did you read the comment?
-
-}
-
diff --git a/jeschli/1systems/bolide/hardware-configuration.nix b/jeschli/1systems/bolide/hardware-configuration.nix
deleted file mode 100644
index 042b746ef..000000000
--- a/jeschli/1systems/bolide/hardware-configuration.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
- boot.kernelModules = [ "kvm-intel" "wl" ];
- boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
-
- fileSystems."/" =
- { device = "/dev/bolide-pool/bolide-root";
- fsType = "ext4";
- };
-
- fileSystems."/home" =
- { device = "/dev/bolide-pool/bolide-home";
- fsType = "ext4";
- };
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/3aeb67c4-5b6e-4df2-8013-607fe0fb8525";
- fsType = "ext4";
- };
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 8;
- powerManagement.cpuFreqGovernor = "powersave";
- hardware.pulseaudio.enable = true;
-}
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
deleted file mode 100644
index 860c5d11c..000000000
--- a/jeschli/1systems/brauerei/config.nix
+++ /dev/null
@@ -1,200 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
- mainUser = config.krebs.build.user.name;
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in
-{
- imports = [
- <stockholm/jeschli>
- ./hardware-configuration.nix
- <home-manager/nixos>
- <stockholm/jeschli/2configs/emacs.nix>
- <stockholm/jeschli/2configs/urxvt.nix>
- <stockholm/jeschli/2configs/steam.nix>
- <stockholm/jeschli/2configs/virtualbox.nix>
- ];
- krebs.build.host = config.krebs.hosts.brauerei;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
- # or "nodev" for efi only
- boot.initrd.luks.devices = [ {
- name = "root";
- device = "/dev/sda2";
- preLVM = true;
- allowDiscards = true;
- } ];
- networking.networkmanager.enable = true;
- time.timeZone = "Europe/Amsterdam";
-
- nixpkgs.config.allowUnfree = true;
-
- environment.shellAliases = {
- # emacs aliases
- ed = "emacsclient";
- edc = "emacsclient --create-frame";
- # nix aliases
- ns = "nix-shell";
- # krops
- deploy = pkgs.writeDash "deploy" ''
- set -eu
- export SYSTEM="$1"
- $(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
- '';
- };
-
- environment.systemPackages = with pkgs; [
- # system helper
- acpi
- ag
- copyq
- curl
- dmenu
- aspell
- ispell
- rofi
- xdotool
- git
- gnupg
- i3lock
- keepass
- networkmanagerapplet
- pavucontrol
- rsync
- terminator
- tmux
- wget
- # editors
- emacs
- # internet
- chromium
- firefox
- google-chrome
- thunderbird
- # programming languages
- elixir
- elmPackages.elm
- exercism
- gcc9
- ccls
- unstable.clang_8
- ghc
- go
- python37
- python37Packages.pip
- pipenv
- # dev tools
- gnumake
- jetbrains.clion
- jetbrains.goland
- jetbrains.pycharm-professional
- jetbrains.webstorm
- vscode
- # document viewer
- evince
- zathura
- # go tools
- golint
- gotools
- # rust
- cargo
- rustracer
- rustup
- # orga tools
- taskwarrior
- # xorg
- xorg.xbacklight
- # tokei
- tokei
- ];
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.bash.enableCompletion = true;
- # programs.mtr.enable = true;
- programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
-
-# home-manager.useUserPackages = true;
-# home-manager.users.jeschli = {
-# home.stateVersion = "19.03";
-# };
-# home-manager.enable = true;
-
-# home-manager.users.jeschli.home.file = {
-# ".emacs.d" = {
-# source = pkgs.fetchFromGitHub {
-# owner = "jeschli";
-# repo = "emacs.d";
-# rev = "8ed6c40";
-# sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0";
-# };
-# recursive = true;
-# };
-# };
-
- # List services that you want to enable:
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-# services.emacs.enable = true;
-
- virtualisation.docker.enable = true;
-
- services.xserver = {
- enable = true;
-
- desktopManager = {
- xfce.enable = true;
- gnome3.enable = true;
- };
-
- };
-
- services.xserver.windowManager.i3.enable = true;
-
- users.extraUsers.jeschli = { # TODO: define as krebs.users
- isNormalUser = true;
- extraGroups = ["docker" "vboxusers" "audio"];
- uid = 1000;
- };
- users.extraUsers.blafoo = {
- isNormalUser = true;
- extraGroups = ["audio"];
- uid = 1002;
- };
- users.extraUsers.jamie = {
- isNormalUser = true;
- uid = 1001; # TODO genid
- };
- users.users.dev = {
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
- "ssh-rsa AAAAB4NzaC1yc2EAAAADAQABAAACAQC1x9+OtNfwv6LxblnLHeBElxoxLfaYUyvqMrBgnrlkaPjylPv711bvPslnt+YgdPsZQLCoQ2t5f0x0j7ZOMYE9eyRrnr67ITO+Od05u3eCypWOZulekkDL0ZDeYdvoZKOWnbKWnQVRfYuLOEL/g5/9E7MLtIdID8e98b/qHzs/+wmuuDR3zHCNic0BKixgET/EgFvLWezWxJ6D/TTv/5sDAfrC+RUN8ad14sxjKIkS3nkAlm8bhrCxQKaHLUcCJWiweW0gPWYSlp64VHS5lchvqCJlPYQdx0XbwolvlLYru0w74ljLbi3eL35GFFyHSeEjQ73EtVwo53uVKTy7SAORU7JNg6xL9H3ChOLOknN9oHs1K7t/maMsATle0HAFcTuaOhELUmHM8dCJh3nPVWIkzHQ4o3fyaogrpt7/V5j6R1/Ozn7P9n4OdqrjiaWqHlz/XHeYNNWte+a0EW+NubC83yS0Cu3uhZ36C3RET2vNM25CyYOBn4ccClAozayQIb6Cif0tCafMRPgkSlogQd8+SqNZpTnmtllIT3VnT5smgrufy6HETDkrHjApDrsqLtMCFY83RFwt4QLv/L93O7IsGifzmEfD9qD7YBSMNs8ihBIUXPk9doHXvYS506YroxWOxe/C0rzzbaogxQT6JMd1ozfXitRD9v7iBIFAT4Kzjw== christopher.kilian@dcso.de"
- ];
- };
-
-
- users.users.root.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
- ];
-
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "17.09"; # Did you read the comment?
-
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
-}
diff --git a/jeschli/1systems/brauerei/hardware-configuration.nix b/jeschli/1systems/brauerei/hardware-configuration.nix
deleted file mode 100644
index 2cb3e6661..000000000
--- a/jeschli/1systems/brauerei/hardware-configuration.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/e264fc21-45bb-4224-93fc-b0e19c2c3478";
- fsType = "ext4";
- };
-
- fileSystems."/home" =
- { device = "/dev/disk/by-uuid/bd0846ce-7d39-4329-bcb4-7c76becd6ab1";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/42BF-0795";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- hardware.pulseaudio.enable = true;
- nix.maxJobs = lib.mkDefault 4;
-}
diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix
deleted file mode 100644
index 86d21f7d3..000000000
--- a/jeschli/1systems/enklave/config.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/jeschli>
- <stockholm/jeschli/2configs/retiolum.nix>
- <stockholm/jeschli/2configs/IM.nix>
- <stockholm/jeschli/2configs/git.nix>
- <stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix>
- {
- networking.dhcpcd.allowInterfaces = [
- "enp*"
- "eth*"
- "ens*"
- ];
- }
- {
- services.openssh.enable = true;
- }
- {
- sound.enable = false;
- }
- {
- users.extraUsers = {
- root.initialPassword = "pfeife123";
- root.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
- ];
- jeschli = {
- name = "jeschli";
- uid = 1000;
- home = "/home/jeschli";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- ];
- openssh.authorizedKeys.keys = [
-"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
- ];
- };
- };
- }
- {
- services.taskserver = {
- enable = true;
- fqdn = "enklave.r";
- listenHost = "::";
- listenPort = 53589;
- organisations.lass.users = [ "jeschli" ];
- };
- networking.firewall.allowedTCPPorts = [ 53589 8001 ];
- }
- ];
-
- krebs.build.host = config.krebs.hosts.enklave;
-}
diff --git a/jeschli/1systems/enklave/taskserver.nix b/jeschli/1systems/enklave/taskserver.nix
deleted file mode 100644
index 23b235d70..000000000
--- a/jeschli/1systems/enklave/taskserver.nix
+++ /dev/null
@@ -1,10 +0,0 @@
- {
- services.taskserver = {
- enable = true;
- fqdn = "enklave.r";
- listenHost = "::";
- listenPort = 53589;
- organisations.lass.users = [ "jeschli" ];
- };
- networking.firewall.allowedTCPPorts = [ 53589 ];
- }
diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix
deleted file mode 100644
index dec69563f..000000000
--- a/jeschli/1systems/reagenzglas/config.nix
+++ /dev/null
@@ -1,91 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports =
- [
- <stockholm/jeschli>
- <stockholm/jeschli/2configs/emacs.nix>
- <stockholm/jeschli/2configs/firefox.nix>
- <stockholm/jeschli/2configs/rust.nix>
- <stockholm/jeschli/2configs/steam.nix>
- <stockholm/jeschli/2configs/python.nix>
- ./desktop.nix
- ./i3-configuration.nix
- ./hardware-configuration.nix
- ];
-
- # EFI systemd boot loader
- boot.loader.systemd-boot.enable = true;
-
- # Wireless network with network manager
- krebs.build.host = config.krebs.hosts.reagenzglas;
- # networking.hostName = "nixos"; # Define your hostname.
- networking.networkmanager.enable = true;
-
- # Allow unfree
- nixpkgs.config.allowUnfree = true;
-
- # Select internationalisation properties.
- i18n = {
- consoleKeyMap = "us";
- defaultLocale = "en_US.UTF-8";
- };
-
- # Set your time zone.
- time.timeZone = "Europe/Berlin";
-
- # List packages installed in system profile. To search, run:
- # $ nix search wget
- environment.systemPackages = with pkgs; [
- ag
- alacritty
- google-chrome
- chromium
- copyq
- direnv
- go
- git
- gitAndTools.hub
- sbcl
- rofi
- vim
- wget
- ];
-
- users.users.ombi = {
- isNormalUser = true;
- extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
- };
-
- users.users.jeschli = {
- isNormalUser = true;
- extraGroups = [ "audio" ];
- };
-
-# services.xserver.synaptics.enable = true;
- services.xserver.libinput.enable = true;
- services.xserver.libinput.disableWhileTyping = true;
-
- hardware.pulseaudio.enable = true;
-
- #Enable ssh daemon
- services.openssh.enable = true;
-
- #Enable clight
- services.clight.enable = true;
- services.geoclue2.enable = true;
- location.provider = "geoclue2";
-
- users.users.root.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM1xtX/SF2IzfAIzrXvH4HsW05eTBX8U8MYlEPadq0DS/nHC45hW2PSEUOVsH0UhBRAB+yClVLyN+JAYsuOoQacQqAVq9R7HAoFITdYTMJCxVs4urSRv0pWwTopRIh1rlI+Q0QfdMoeVtO2ZKG3KoRM+APDy2dsX8LTtWjXmh/ZCtpGl1O8TZtz2ZyXyv9OVDPnQiFwPU3Jqs2Z036c+kwxWlxYc55FRuqwRtQ48c/ilPMu+ZvQ22j1Ch8lNuliyAg1b8pZdOkMJF3R8b46IQ8FEqkr3L1YQygYw2M50B629FPgHgeGPMz3mVd+5lzP+okbhPJjMrUqZAUwbMGwGzZ ombi@nixos"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFXgtbgeivxlMKkoEJ4ANhtR+LRMSPrsmL4U5grFUME jeschli@nixos"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG7C3bgoL9VeVl8pgu8sp3PCOs6TXk4R9y7JKJAHGsfm root@baeckerei"
- ];
-
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "19.03"; # Did you read the comment?
-
-}
diff --git a/jeschli/1systems/reagenzglas/desktop.nix b/jeschli/1systems/reagenzglas/desktop.nix
deleted file mode 100644
index 88eae086f..000000000
--- a/jeschli/1systems/reagenzglas/desktop.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-# Configuration for the desktop environment
-
-{ config, lib, pkgs, ... }:
-{
- # Configure basic X-server stuff:
- services.xserver = {
- enable = true;
- xkbOptions = "caps:super";
- exportConfiguration = true;
-
- displayManager.lightdm.enable = true;
- };
-
- # Configure fonts
- fonts = {
- fonts = with pkgs; [
- corefonts
- font-awesome-ttf
- noto-fonts-cjk
- noto-fonts-emoji
- powerline-fonts
- helvetica-neue-lt-std
- ];
- };
-}
diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix
deleted file mode 100644
index 55f5532d6..000000000
--- a/jeschli/1systems/reagenzglas/hardware-configuration.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/nvme0n1p8";
- preLVM = true;
- }
- ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/4d01936e-c876-42c3-962a-d4a20ad0e2e0";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/D455-E4CC";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 8;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/jeschli/1systems/reagenzglas/i3-configuration.nix b/jeschli/1systems/reagenzglas/i3-configuration.nix
deleted file mode 100644
index 88f63426d..000000000
--- a/jeschli/1systems/reagenzglas/i3-configuration.nix
+++ /dev/null
@@ -1,181 +0,0 @@
-{pkgs, environment, config, lib, ... }:
-
-with pkgs;
-
-let
- i3_config_file = pkgs.writeText "config" ''
- set $mod Mod4
-
- font pango:monospace 8
-
- #font pango:DejaVu Sans Mono 8
-
- # Before i3 v4.8, we used to recommend this one as the default:
- # font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
- # The font above is very space-efficient, that is, it looks good, sharp and
- # clear in small sizes. However, its unicode glyph coverage is limited, the old
- # X core fonts rendering does not support right-to-left and this being a bitmap
- # font, it doesn’t scale on retina/hidpi displays.
-
- # Use Mouse+$mod to drag floating windows to their wanted position
- floating_modifier $mod
-
- # start a terminal
- bindsym $mod+Return exec alacritty
-
- # kill focused window
- bindsym $mod+Shift+q kill
-
- # start dmenu (a program launcher)
- # bindsym $mod+d exec dmenu_run
-
- # start dmenu (a program launcher)
- bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run
-
- bindsym $mod+x exec ${pkgs.rofi}/bin/rofi -modi window -show window -auto-select
-
- bindsym $mod+F1 exec xinput --list | grep Touchpad | sed 's/.*id=\([0-9][0-9]\).*/\1/' | xargs xinput disable
- bindsym $mod+F2 exec xinput --list | grep Touchpad | sed 's/.*id=\([0-9][0-9]\).*/\1/' | xargs xinput enable
-
- # There also is the (new) i3-dmenu-desktop which only displays applications
- # shipping a .desktop file. It is a wrapper around dmenu, so you need that
- # installed.
- # bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
-
- # change focus
- bindsym $mod+j focus left
- bindsym $mod+k focus down
- bindsym $mod+l focus up
- bindsym $mod+semicolon focus right
-
- # alternatively, you can use the cursor keys:
- bindsym $mod+Left focus left
- bindsym $mod+Down focus down
- bindsym $mod+Up focus up
- bindsym $mod+Right focus right
-
- # move focused window
- bindsym $mod+Shift+j move left
- bindsym $mod+Shift+k move down
- bindsym $mod+Shift+l move up
- bindsym $mod+Shift+colon move right
-
- # alternatively, you can use the cursor keys:
- bindsym $mod+Shift+Left move left
- bindsym $mod+Shift+Down move down
- bindsym $mod+Shift+Up move up
- bindsym $mod+Shift+Right move right
-
- # split in horizontal orientation
- bindsym $mod+h split h
-
- # split in vertical orientation
- bindsym $mod+v split v
-
- # enter fullscreen mode for the focused container
- bindsym $mod+f fullscreen toggle
-
- # change container layout (stacked, tabbed, toggle split)
- bindsym $mod+s layout stacking
- bindsym $mod+w layout tabbed
- bindsym $mod+e layout toggle split
-
- # toggle tiling / floating
- bindsym $mod+Shift+space floating toggle
-
- # change focus between tiling / floating windows
- bindsym $mod+space focus mode_toggle
-
- # focus the parent container
- bindsym $mod+a focus parent
-
- # focus the child container
- #bindsym $mod+d focus child
-
- # Define names for default workspaces for which we configure key bindings later on.
- # We use variables to avoid repeating the names in multiple places.
- set $ws1 "1"
- set $ws2 "2"
- set $ws3 "3"
- set $ws4 "4"
- set $ws5 "5"
- set $ws6 "6"
- set $ws7 "7"
- set $ws8 "8"
- set $ws9 "9"
- set $ws10 "10"
-
- # switch to workspace
- bindsym $mod+1 workspace $ws1
- bindsym $mod+2 workspace $ws2
- bindsym $mod+3 workspace $ws3
- bindsym $mod+4 workspace $ws4
- bindsym $mod+5 workspace $ws5
- bindsym $mod+6 workspace $ws6
- bindsym $mod+7 workspace $ws7
- bindsym $mod+8 workspace $ws8
- bindsym $mod+9 workspace $ws9
- bindsym $mod+0 workspace $ws10
-
- # move focused container to workspace
- bindsym $mod+Shift+1 move container to workspace $ws1
- bindsym $mod+Shift+2 move container to workspace $ws2
- bindsym $mod+Shift+3 move container to workspace $ws3
- bindsym $mod+Shift+4 move container to workspace $ws4
- bindsym $mod+Shift+5 move container to workspace $ws5
- bindsym $mod+Shift+6 move container to workspace $ws6
- bindsym $mod+Shift+7 move container to workspace $ws7
- bindsym $mod+Shift+8 move container to workspace $ws8
- bindsym $mod+Shift+9 move container to workspace $ws9
- bindsym $mod+Shift+0 move container to workspace $ws10
-
- # reload the configuration file
- bindsym $mod+Shift+c reload
- # restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
- bindsym $mod+Shift+r restart
- # exit i3 (logs you out of your X session)
- bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"
-
- # resize window (you can also use the mouse for that)
- mode "resize" {
- # These bindings trigger as soon as you enter the resize mode
-
- # Pressing left will shrink the window’s width.
- # Pressing right will grow the window’s width.
- # Pressing up will shrink the window’s height.
- # Pressing down will grow the window’s height.
- bindsym j resize shrink width 10 px or 10 ppt
- bindsym k resize grow height 10 px or 10 ppt
- bindsym l resize shrink height 10 px or 10 ppt
- bindsym semicolon resize grow width 10 px or 10 ppt
-
- # same bindings, but for the arrow keys
- bindsym Left resize shrink width 10 px or 10 ppt
- bindsym Down resize grow height 10 px or 10 ppt
- bindsym Up resize shrink height 10 px or 10 ppt
- bindsym Right resize grow width 10 px or 10 ppt
-
- # back to normal: Enter or Escape or $mod+r
- bindsym Return mode "default"
- bindsym Escape mode "default"
- bindsym $mod+r mode "default"
- }
-
- bindsym $mod+r mode "resize"
-
- # Start i3bar to display a workspace bar (plus the system information i3status
- # finds out, if available)
- bar {
- status_command i3status
- }
- '';
-
-in {
-
- services.xserver.windowManager.i3 = {
- enable = true;
- package = pkgs.i3;
- configFile = i3_config_file;
- };
-
-}
diff --git a/jeschli/2configs/IM.nix b/jeschli/2configs/IM.nix
deleted file mode 100644
index 2366726fb..000000000
--- a/jeschli/2configs/IM.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-with (import <stockholm/lib>);
-{ config, lib, pkgs, ... }:
-let
- tmux = pkgs.writeDashBin "tmux" ''
- export TERM=xterm-256color
- exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
- set-option -g default-terminal screen-256color
- ''} "$@"
- '';
-in {
-
- services.bitlbee = {
- enable = true;
- portNumber = 6666;
- plugins = [
- pkgs.bitlbee-facebook
- pkgs.bitlbee-steam
- pkgs.bitlbee-discord
- ];
- libpurple_plugins = [ pkgs.telegram-purple ];
- };
-
- users.extraUsers.chat = {
- home = "/home/chat";
- uid = genid "chat";
- useDefaultShell = true;
- createHome = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- jeschli.pubkey
- jeschli-bln.pubkey
- jeschli-brauerei.pubkey
- jeschli-bolide.pubkey
- ];
- packages = [ tmux ];
- };
-
-
- systemd.services.chat = {
- description = "chat environment setup";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- restartIfChanged = false;
-
- path = [
- pkgs.rxvt_unicode.terminfo
- ];
-
- serviceConfig = {
- User = "chat";
- RemainAfterExit = true;
- Type = "oneshot";
- ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
- ExecStop = "${tmux}/bin/tmux kill-session -t IM";
- };
- };
-}
diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix
deleted file mode 100644
index 8b61fa29c..000000000
--- a/jeschli/2configs/default.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
- imports = [
-# ./vim.nix
- ./retiolum.nix
- ./zsh.nix
- <stockholm/lass/2configs/security-workarounds.nix>
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- ];
-
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- gnumake
- jq
- parallel
- proot
- populate
-
- # aliases
- (writeDashBin "irc" "ssh chat@enklave -t tmux a")
-
- #style
- most
- rxvt_unicode.terminfo
-
- #monitoring tools
- htop
- iotop
-
- #network
- iptables
- iftop
-
- #stuff for dl
- aria2
-
- #neat utils
- file
- kpaste
- krebspaste
- mosh
- pciutils
- psmisc
- # q
- # rs
- tmux
- untilport
- usbutils
- # logify
- goify
- vim
- #unpack stuff
- p7zip
- unzip
- unrar
-
- (pkgs.writeDashBin "sshn" ''
- ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
- '')
- ];
-
- krebs.enable = true;
- networking.hostName = config.krebs.build.host.name;
-}
diff --git a/jeschli/2configs/elisp b/jeschli/2configs/elisp
deleted file mode 160000
-Subproject 279d6a01f5abbab5d28d3a57549b7fec800a510
diff --git a/jeschli/2configs/emacs-org-agenda.nix b/jeschli/2configs/emacs-org-agenda.nix
deleted file mode 100644
index 0420dc43d..000000000
--- a/jeschli/2configs/emacs-org-agenda.nix
+++ /dev/null
@@ -1,2025 +0,0 @@
-let
- modifiedBerndHansen = ''
-;; Based on http://doc.norang.ca/org-mode.html
-;; Organize your life in plain text
-;; TODO: minimize this section
-(if (boundp 'org-mode-user-lisp-path)
- (add-to-list 'load-path org-mode-user-lisp-path)
- (add-to-list 'load-path (expand-file-name "~/git/org-mode/lisp")))
-
-(add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode))
-(require 'org)
-
-(add-to-list 'org-modules 'org-habit)
-
-;;
-;; Standard key bindings
-(global-set-key "\C-cl" 'org-store-link)
-(global-set-key "\C-ca" 'org-agenda)
-(global-set-key "\C-cb" 'org-iswitchb)
-
-;; The following setting is different from the document so that you
-;; can override the document org-agenda-files by setting your
-;; org-agenda-files in the variable org-user-agenda-files
-;;
-;; (if (boundp 'org-user-agenda-files)
-;; (setq org-agenda-files org-user-agenda-files)
-;; (setq org-agenda-files (quote ("~/git/org"))))
-
-;; Custom Key Bindings
-(global-set-key (kbd "<f12>") 'org-agenda)
-(global-set-key (kbd "<S-f5>") 'bh/widen)
-(global-set-key (kbd "<f9> <f9>") 'bh/show-org-agenda)
-(global-set-key (kbd "<f9> b") 'bbdb)
-(global-set-key (kbd "<f9> c") 'calendar)
-(global-set-key (kbd "<f9> f") 'boxquote-insert-file)
-(global-set-key (kbd "<f9> g") 'gnus)
-(global-set-key (kbd "<f9> h") 'bh/hide-other)
-(global-set-key (kbd "<f9> n") 'bh/toggle-next-task-display)
-
-(global-set-key (kbd "<f9> I") 'bh/punch-in)
-(global-set-key (kbd "<f9> O") 'bh/punch-out)
-
-(global-set-key (kbd "<f9> o") 'bh/make-org-scratch)
-
-(global-set-key (kbd "<f9> r") 'boxquote-region)
-(global-set-key (kbd "<f9> s") 'bh/switch-to-scratch)
-
-(global-set-key (kbd "<f9> t") 'bh/insert-inactive-timestamp)
-(global-set-key (kbd "<f9> T") 'bh/toggle-insert-inactive-timestamp)
-
-(global-set-key (kbd "<f9> v") 'visible-mode)
-(global-set-key (kbd "<f9> l") 'org-toggle-link-display)
-(global-set-key (kbd "<f9> SPC") 'bh/clock-in-last-task)
-(global-set-key (kbd "C-<f9>") 'previous-buffer)
-(global-set-key (kbd "M-<f9>") 'org-toggle-inline-images)
-(global-set-key (kbd "C-x n r") 'narrow-to-region)
-(global-set-key (kbd "C-<f10>") 'next-buffer)
-(global-set-key (kbd "<f11>") 'org-clock-goto)
-(global-set-key (kbd "C-<f11>") 'org-clock-in)
-(global-set-key (kbd "C-s-<f12>") 'bh/save-then-publish)
-(global-set-key (kbd "C-c c") 'org-capture)
-
-(defun bh/hide-other ()
- (interactive)
- (save-excursion
- (org-back-to-heading 'invisible-ok)
- (hide-other)
- (org-cycle)
- (org-cycle)
- (org-cycle)))
-
-(defun bh/set-truncate-lines ()
- "Toggle value of truncate-lines and refresh window display."
- (interactive)
- (setq truncate-lines (not truncate-lines))
- ;; now refresh window display (an idiom from simple.el):
- (save-excursion
- (set-window-start (selected-window)
- (window-start (selected-window)))))
-
-(defun bh/make-org-scratch ()
- (interactive)
- (find-file "/tmp/publish/scratch.org")
- (gnus-make-directory "/tmp/publish"))
-
-(defun bh/switch-to-scratch ()
- (interactive)
- (switch-to-buffer "*scratch*"))
-
-(setq org-todo-keywords
- (quote ((sequence "TODO(t)" "NEXT(n)" "|" "DONE(d)")
- (sequence "WAITING(w@/!)" "HOLD(h@/!)" "|" "CANCELLED(c@/!)" "PHONE" "MEETING"))))
-
-(setq org-todo-keyword-faces
- (quote (("TODO" :foreground "red" :weight bold)
- ("NEXT" :foreground "blue" :weight bold)
- ("DONE" :foreground "forest green" :weight bold)
- ("WAITING" :foreground "orange" :weight bold)
- ("HOLD" :foreground "magenta" :weight bold)
- ("CANCELLED" :foreground "forest green" :weight bold)
- ("MEETING" :foreground "forest green" :weight bold)
- ("PHONE" :foreground "forest green" :weight bold))))
-
-(setq org-use-fast-todo-selection t)
-
-(setq org-treat-S-cursor-todo-selection-as-state-change nil)
-
-(setq org-todo-state-tags-triggers
- (quote (("CANCELLED" ("CANCELLED" . t))
- ("WAITING" ("WAITING" . t))
- ("HOLD" ("WAITING") ("HOLD" . t))
- (done ("WAITING") ("HOLD"))
- ("TODO" ("WAITING") ("CANCELLED") ("HOLD"))
- ("NEXT" ("WAITING") ("CANCELLED") ("HOLD"))
- ("DONE" ("WAITING") ("CANCELLED") ("HOLD")))))
-
-(setq org-directory "~/projects/notes_privat")
-(setq org-default-notes-file "~/projects/notes_privat/refile.org")
-
-;; I use C-c c to start capture mode
-(global-set-key (kbd "C-c c") 'org-capture)
-
-;; Capture templates for: TODO tasks, Notes, appointments, phone calls, meetings, and org-protocol
-(setq org-capture-templates
- (quote (("t" "todo" entry (file org-default-notes-file)
- "* TODO %?\n%U\n%a\n" :clock-in t :clock-resume t)
- ("r" "respond" entry (file org-default-notes-file)
- "* NEXT Respond to %:from on %:subject\nSCHEDULED: %t\n%U\n%a\n" :clock-in t :clock-resume t :immediate-finish t)
- ("n" "note" entry (file org-default-notes-file)
- "* %? :NOTE:\n%U\n%a\n" :clock-in t :clock-resume t)
- ("j" "Journal" entry (file+datetree "~/git/org/diary.org")
- "* %?\n%U\n" :clock-in t :clock-resume t)
- ("w" "org-protocol" entry (file org-default-notes-file)
- "* TODO Review %c\n%U\n" :immediate-finish t)
- ("m" "Meeting" entry (file org-default-notes-file)
- "* MEETING with %? :MEETING:\n%U" :clock-in t :clock-resume t)
- ("p" "Phone call" entry (file org-default-notes-file)
- "* PHONE %? :PHONE:\n%U" :clock-in t :clock-resume t)
- ("h" "Habit" entry (file org-default-notes-file)
- "* NEXT %?\n%U\n%a\nSCHEDULED: %(format-time-string \"%<<%Y-%m-%d %a .+1d/3d>>\")\n:PROPERTIES:\n:STYLE: habit\n:REPEAT_TO_STATE: NEXT\n:END:\n"))))
-
-;; Remove empty LOGBOOK drawers on clock out
-(defun bh/remove-empty-drawer-on-clock-out ()
- (interactive)
- (save-excursion
- (beginning-of-line 0)
- (org-remove-empty-drawer-at (point))))
-
-(add-hook 'org-clock-out-hook 'bh/remove-empty-drawer-on-clock-out 'append)
-
-; Targets include this file and any file contributing to the agenda - up to 9 levels deep
-(setq org-refile-targets (quote ((nil :maxlevel . 9)
- (org-agenda-files :maxlevel . 9))))
-
-; Use full outline paths for refile targets - we file directly with IDO
-(setq org-refile-use-outline-path t)
-
-; Targets complete directly with IDO
-(setq org-outline-path-complete-in-steps nil)
-
-; Allow refile to create parent tasks with confirmation
-(setq org-refile-allow-creating-parent-nodes (quote confirm))
-
-; Use IDO for both buffer and file completion and ido-everywhere to t
-; (setq org-completion-use-ido t)
-; (setq ido-everywhere t)
-; (setq ido-max-directory-size 100000)
-; (ido-mode (quote both))
-; ; Use the current window when visiting files and buffers with ido
-; (setq ido-default-file-method 'selected-window)
-; (setq ido-default-buffer-method 'selected-window)
-; ; Use the current window for indirect buffer display
-(setq org-indirect-buffer-display 'current-window)
-
-;;;; Refile settings
-; Exclude DONE state tasks from refile targets
-(defun bh/verify-refile-target ()
- "Exclude todo keywords with a done state from refile targets"
- (not (member (nth 2 (org-heading-components)) org-done-keywords)))
-
-(setq org-refile-target-verify-function 'bh/verify-refile-target)
-
-;; Do not dim blocked tasks
-(setq org-agenda-dim-blocked-tasks nil)
-
-;; Compact the block agenda view
-(setq org-agenda-compact-blocks t)
-
-;; Custom agenda command definitions
-(setq org-agenda-custom-commands
- (quote (("N" "Notes" tags "NOTE"
- ((org-agenda-overriding-header "Notes")
- (org-tags-match-list-sublevels t)))
- ("h" "Habits" tags-todo "STYLE=\"habit\""
- ((org-agenda-overriding-header "Habits")
- (org-agenda-sorting-strategy
- '(todo-state-down effort-up category-keep))))
- (" " "Agenda"
- ((agenda "" nil)
- (tags "REFILE"
- ((org-agenda-overriding-header "Tasks to Refile")
- (org-tags-match-list-sublevels nil)))
- (tags-todo "-CANCELLED/!"
- ((org-agenda-overriding-header "Stuck Projects")
- (org-agenda-skip-function 'bh/skip-non-stuck-projects)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "-HOLD-CANCELLED/!"
- ((org-agenda-overriding-header "Projects")
- (org-agenda-skip-function 'bh/skip-non-projects)
- (org-tags-match-list-sublevels 'indented)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "-CANCELLED/!NEXT"
- ((org-agenda-overriding-header (concat "Project Next Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks)
- (org-tags-match-list-sublevels t)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(todo-state-down effort-up category-keep))))
- (tags-todo "-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Project Subtasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Standalone Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "-CANCELLED+WAITING|HOLD/!"
- ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-tasks)
- (org-tags-match-list-sublevels nil)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)))
- (tags "-REFILE/"
- ((org-agenda-overriding-header "Tasks to Archive")
- (org-agenda-skip-function 'bh/skip-non-archivable-tasks)
- (org-tags-match-list-sublevels nil))))
- nil)
- ("1" "Agenda (@buero|@vpn|WORK)"
- ((agenda "" nil)
- (tags "REFILE"
- ((org-agenda-overriding-header "Tasks to Refile")
- (org-tags-match-list-sublevels nil)))
- (tags-todo "@buero|@vpn|WORK-CANCELLED/!"
- ((org-agenda-overriding-header "Stuck Projects")
- (org-agenda-skip-function 'bh/skip-non-stuck-projects)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@buero|@vpn|WORK-HOLD-CANCELLED/!"
- ((org-agenda-overriding-header "Projects")
- (org-agenda-skip-function 'bh/skip-non-projects)
- (org-tags-match-list-sublevels 'indented)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@buero|@vpn|WORK-CANCELLED/!NEXT"
- ((org-agenda-overriding-header (concat "Project Next Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks)
- (org-tags-match-list-sublevels t)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(todo-state-down effort-up category-keep))))
- (tags-todo "@buero|@vpn|WORK-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Project Subtasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@buero|@vpn|WORK-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Standalone Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@buero|@vpn|WORK-CANCELLED+WAITING|HOLD/!"
- ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-tasks)
- (org-tags-match-list-sublevels nil)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)))
- (tags "@buero|@vpn|WORK-REFILE/"
- ((org-agenda-overriding-header "Tasks to Archive")
- (org-agenda-skip-function 'bh/skip-non-archivable-tasks)
- (org-tags-match-list-sublevels nil))))
- nil)
- ("2" "Agenda (@inet|@home))"
- ((agenda "" nil)
- (tags "REFILE"
- ((org-agenda-overriding-header "Tasks to Refile")
- (org-tags-match-list-sublevels nil)))
- (tags-todo "@inet|@home-CANCELLED/!"
- ((org-agenda-overriding-header "Stuck Projects")
- (org-agenda-skip-function 'bh/skip-non-stuck-projects)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@inet|@home-HOLD-CANCELLED/!"
- ((org-agenda-overriding-header "Projects")
- (org-agenda-skip-function 'bh/skip-non-projects)
- (org-tags-match-list-sublevels 'indented)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@inet|@home-CANCELLED/!NEXT"
- ((org-agenda-overriding-header (concat "Project Next Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks)
- (org-tags-match-list-sublevels t)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(todo-state-down effort-up category-keep))))
- (tags-todo "@inet|@home-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Project Subtasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@inet|@home-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Standalone Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@inet|@home-CANCELLED+WAITING|HOLD/!"
- ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-tasks)
- (org-tags-match-list-sublevels nil)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)))
- (tags "@inet|@home-REFILE/"
- ((org-agenda-overriding-header "Tasks to Archive")
- (org-agenda-skip-function 'bh/skip-non-archivable-tasks)
- (org-tags-match-list-sublevels nil))))
- nil)
- )))
-
-(defun bh/org-auto-exclude-function (tag)
- "Automatic task exclusion in the agenda with / RET"
- (and (cond
- ((string= tag "hold")
- t)
- ((string= tag "farm")
- t))
- (concat "-" tag)))
-
-(setq org-agenda-auto-exclude-function 'bh/org-auto-exclude-function)
-
-;;
-;; Resume clocking task when emacs is restarted
-(org-clock-persistence-insinuate)
-;;
-;; Show lot of clocking history so it's easy to pick items off the C-F11 list
-(setq org-clock-history-length 23)
-;; Resume clocking task on clock-in if the clock is open
-(setq org-clock-in-resume t)
-;; Change tasks to NEXT when clocking in
-(setq org-clock-in-switch-to-state 'bh/clock-in-to-next)
-;; Separate drawers for clocking and logs
-(setq org-drawers (quote ("PROPERTIES" "LOGBOOK")))
-;; Save clock data and state changes and notes in the LOGBOOK drawer
-(setq org-clock-into-drawer t)
-;; Sometimes I change tasks I'm clocking quickly - this removes clocked tasks with 0:00 duration
-(setq org-clock-out-remove-zero-time-clocks t)
-;; Clock out when moving task to a done state
-(setq org-clock-out-when-done t)
-;; Save the running clock and all clock history when exiting Emacs, load it on startup
-(setq org-clock-persist t)
-;; Do not prompt to resume an active clock
-(setq org-clock-persist-query-resume nil)
-;; Enable auto clock resolution for finding open clocks
-(setq org-clock-auto-clock-resolution (quote when-no-clock-is-running))
-;; Include current clocking task in clock reports
-(setq org-clock-report-include-clocking-task t)
-
-(setq bh/keep-clock-running nil)
-
-(defun bh/clock-in-to-next (kw)
- "Switch a task from TODO to NEXT when clocking in.
-Skips capture tasks, projects, and subprojects.
-Switch projects and subprojects from NEXT back to TODO"
- (when (not (and (boundp 'org-capture-mode) org-capture-mode))
- (cond
- ((and (member (org-get-todo-state) (list "TODO"))
- (bh/is-task-p))
- "NEXT")
- ((and (member (org-get-todo-state) (list "NEXT"))
- (bh/is-project-p))
- "TODO"))))
-
-(defun bh/find-project-task ()
- "Move point to the parent (project) task if any"
- (save-restriction
- (widen)
- (let ((parent-task (save-excursion (org-back-to-heading 'invisible-ok) (point))))
- (while (org-up-heading-safe)
- (when (member (nth 2 (org-heading-components)) org-todo-keywords-1)
- (setq parent-task (point))))
- (goto-char parent-task)
- parent-task)))
-
-(defun bh/punch-in (arg)
- "Start continuous clocking and set the default task to the
-selected task. If no task is selected set the Organization task
-as the default task."
- (interactive "p")
- (setq bh/keep-clock-running t)
- (if (equal major-mode 'org-agenda-mode)
- ;;
- ;; We're in the agenda
- ;;
- (let* ((marker (org-get-at-bol 'org-hd-marker))
- (tags (org-with-point-at marker (org-get-tags-at))))
- (if (and (eq arg 4) tags)
- (org-agenda-clock-in '(16))
- (bh/clock-in-organization-task-as-default)))
- ;;
- ;; We are not in the agenda
- ;;
- (save-restriction
- (widen)
- ; Find the tags on the current task
- (if (and (equal major-mode 'org-mode) (not (org-before-first-heading-p)) (eq arg 4))
- (org-clock-in '(16))
- (bh/clock-in-organization-task-as-default)))))
-
-(defun bh/punch-out ()
- (interactive)
- (setq bh/keep-clock-running nil)
- (when (org-clock-is-active)
- (org-clock-out))
- (org-agenda-remove-restriction-lock))
-
-(defun bh/clock-in-default-task ()
- (save-excursion
- (org-with-point-at org-clock-default-task
- (org-clock-in))))
-
-(defun bh/clock-in-parent-task ()
- "Move point to the parent (project) task if any and clock in"
- (let ((parent-task))
- (save-excursion
- (save-restriction
- (widen)
- (while (and (not parent-task) (org-up-heading-safe))
- (when (member (nth 2 (org-heading-components)) org-todo-keywords-1)
- (setq parent-task (point))))
- (if parent-task
- (org-with-point-at parent-task
- (org-clock-in))
- (when bh/keep-clock-running
- (bh/clock-in-default-task)))))))
-
-(defvar bh/organization-task-id "eb155a82-92b2-4f25-a3c6-0304591af2f9")
-
-(defun bh/clock-in-organization-task-as-default ()
- (interactive)
- (org-with-point-at (org-id-find bh/organization-task-id 'marker)
- (org-clock-in '(16))))
-
-(defun bh/clock-out-maybe ()
- (when (and bh/keep-clock-running
- (not org-clock-clocking-in)
- (marker-buffer org-clock-default-task)
- (not org-clock-resolving-clocks-due-to-idleness))
- (bh/clock-in-parent-task)))
-
-(add-hook 'org-clock-out-hook 'bh/clock-out-maybe 'append)
-
-(require 'org-id)
-(defun bh/clock-in-task-by-id (id)
- "Clock in a task by id"
- (org-with-point-at (org-id-find id 'marker)
- (org-clock-in nil)))
-
-(defun bh/clock-in-last-task (arg)
- "Clock in the interrupted task if there is one
-Skip the default task and get the next one.
-A prefix arg forces clock in of the default task."
- (interactive "p")
- (let ((clock-in-to-task
- (cond
- ((eq arg 4) org-clock-default-task)
- ((and (org-clock-is-active)
- (equal org-clock-default-task (cadr org-clock-history)))
- (caddr org-clock-history))
- ((org-clock-is-active) (cadr org-clock-history))
- ((equal org-clock-default-task (car org-clock-history)) (cadr org-clock-history))
- (t (car org-clock-history)))))
- (widen)
- (org-with-point-at clock-in-to-task
- (org-clock-in nil))))
-
-(setq org-time-stamp-rounding-minutes (quote (1 1)))
-
-(setq org-agenda-clock-consistency-checks
- (quote (:max-duration "4:00"
- :min-duration 0
- :max-gap 0
- :gap-ok-around ("4:00"))))
-
-;; Sometimes I change tasks I'm clocking quickly - this removes clocked tasks with 0:00 duration
-(setq org-clock-out-remove-zero-time-clocks t)
-
-;; Agenda clock report parameters
-(setq org-agenda-clockreport-parameter-plist
- (quote (:link t :maxlevel 5 :fileskip0 t :compact t :narrow 80)))
-
-; Set default column view headings: Task Effort Clock_Summary
-(setq org-columns-default-format "%80ITEM(Task) %10Effort(Effort){:} %10CLOCKSUM")
-
-; global Effort estimate values
-; global STYLE property values for completion
-(setq org-global-properties (quote (("Effort_ALL" . "0:15 0:30 0:45 1:00 2:00 3:00 4:00 5:00 6:00 0:00")
- ("STYLE_ALL" . "habit"))))
-
-;; Agenda log mode items to display (closed and state changes by default)
-(setq org-agenda-log-mode-items (quote (closed state)))
-
-; Tags with fast selection keys
-(setq org-tag-alist (quote ((:startgroup)
- ("@errand" . ?E)
- ("@buero" . ?B)
- ("@omw" . ?O)
- ("@vpn" . ?V)
- ("@inet" . ?I)
- ("@home" . ?H)
- (:endgroup)
- ("WAITING" . ?w)
- ("HOLD" . ?h)
- ("PERSONAL" . ?p)
- ("WORK" . ?w)
- ("ORG" . ?o)
- ("crypt" . ?e)
- ("NOTE" . ?n)
- ("CANCELLED" . ?c)
- ("FLAGGED" . ??))))
-
-; Allow setting single tags without the menu
-(setq org-fast-tag-selection-single-key (quote expert))
-
-; For tag searches ignore tasks with scheduled and deadline dates
-(setq org-agenda-tags-todo-honor-ignore-options t)
-
-(require 'bbdb)
-(require 'bbdb-com)
-
-(global-set-key (kbd "<f9> p") 'bh/phone-call)
-
-;;
-;; Phone capture template handling with BBDB lookup
-;; Adapted from code by Gregory J. Grubbs
-(defun bh/phone-call ()
- "Return name and company info for caller from bbdb lookup"
- (interactive)
- (let* (name rec caller)
- (setq name (completing-read "Who is calling? "
- (bbdb-hashtable)
- 'bbdb-completion-predicate
- 'confirm))
- (when (> (length name) 0)
- ; Something was supplied - look it up in bbdb
- (setq rec
- (or (first
- (or (bbdb-search (bbdb-records) name nil nil)
- (bbdb-search (bbdb-records) nil name nil)))
- name)))
-
- ; Build the bbdb link if we have a bbdb record, otherwise just return the name
- (setq caller (cond ((and rec (vectorp rec))
- (let ((name (bbdb-record-name rec))
- (company (bbdb-record-company rec)))
- (concat "[[bbdb:"
- name "]["
- name "]]"
- (when company
- (concat " - " company)))))
- (rec)
- (t "NameOfCaller")))
- (insert caller)))
-
-(setq org-agenda-span 'day)
-
-(setq org-stuck-projects (quote ("" nil nil "")))
-
-(defun bh/is-project-p ()
- "Any task with a todo keyword subtask"
- (save-restriction
- (widen)
- (let ((has-subtask)
- (subtree-end (save-excursion (org-end-of-subtree t)))
- (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1)))
- (save-excursion
- (forward-line 1)
- (while (and (not has-subtask)
- (< (point) subtree-end)
- (re-search-forward "^\*+ " subtree-end t))
- (when (member (org-get-todo-state) org-todo-keywords-1)
- (setq has-subtask t))))
- (and is-a-task has-subtask))))
-
-(defun bh/is-project-subtree-p ()
- "Any task with a todo keyword that is in a project subtree.
-Callers of this function already widen the buffer view."
- (let ((task (save-excursion (org-back-to-heading 'invisible-ok)
- (point))))
- (save-excursion
- (bh/find-project-task)
- (if (equal (point) task)
- nil
- t))))
-
-(defun bh/is-task-p ()
- "Any task with a todo keyword and no subtask"
- (save-restriction
- (widen)
- (let ((has-subtask)
- (subtree-end (save-excursion (org-end-of-subtree t)))
- (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1)))
- (save-excursion
- (forward-line 1)
- (while (and (not has-subtask)
- (< (point) subtree-end)
- (re-search-forward "^\*+ " subtree-end t))
- (when (member (org-get-todo-state) org-todo-keywords-1)
- (setq has-subtask t))))
- (and is-a-task (not has-subtask)))))
-
-(defun bh/is-subproject-p ()
- "Any task which is a subtask of another project"
- (let ((is-subproject)
- (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1)))
- (save-excursion
- (while (and (not is-subproject) (org-up-heading-safe))
- (when (member (nth 2 (org-heading-components)) org-todo-keywords-1)
- (setq is-subproject t))))
- (and is-a-task is-subproject)))
-
-(defun bh/list-sublevels-for-projects-indented ()
- "Set org-tags-match-list-sublevels so when restricted to a subtree we list all subtasks.
- This is normally used by skipping functions where this variable is already local to the agenda."
- (if (marker-buffer org-agenda-restrict-begin)
- (setq org-tags-match-list-sublevels 'indented)
- (setq org-tags-match-list-sublevels nil))
- nil)
-
-(defun bh/list-sublevels-for-projects ()
- "Set org-tags-match-list-sublevels so when restricted to a subtree we list all subtasks.
- This is normally used by skipping functions where this variable is already local to the agenda."
- (if (marker-buffer org-agenda-restrict-begin)
- (setq org-tags-match-list-sublevels t)
- (setq org-tags-match-list-sublevels nil))
- nil)
-
-(defvar bh/hide-scheduled-and-waiting-next-tasks t)
-
-(defun bh/toggle-next-task-display ()
- (interactive)
- (setq bh/hide-scheduled-and-waiting-next-tasks (not bh/hide-scheduled-and-waiting-next-tasks))
- (when (equal major-mode 'org-agenda-mode)
- (org-agenda-redo))
- (message "%s WAITING and SCHEDULED NEXT Tasks" (if bh/hide-scheduled-and-waiting-next-tasks "Hide" "Show")))
-
-(defun bh/skip-stuck-projects ()
- "Skip trees that are not stuck projects"
- (save-restriction
- (widen)
- (let ((next-headline (save-excursion (or (outline-next-heading) (point-max)))))
- (if (bh/is-project-p)
- (let* ((subtree-end (save-excursion (org-end-of-subtree t)))
- (has-next ))
- (save-excursion
- (forward-line 1)
- (while (and (not has-next) (< (point) subtree-end) (re-search-forward "^\\*+ NEXT " subtree-end t))
- (unless (member "WAITING" (org-get-tags-at))
- (setq has-next t))))
- (if has-next
- nil
- next-headline)) ; a stuck project, has subtasks but no next task
- nil))))
-
-(defun bh/skip-non-stuck-projects ()
- "Skip trees that are not stuck projects"
- ;; (bh/list-sublevels-for-projects-indented)
- (save-restriction
- (widen)
- (let ((next-headline (save-excursion (or (outline-next-heading) (point-max)))))
- (if (bh/is-project-p)
- (let* ((subtree-end (save-excursion (org-end-of-subtree t)))
- (has-next ))
- (save-excursion
- (forward-line 1)
- (while (and (not has-next) (< (point) subtree-end) (re-search-forward "^\\*+ NEXT " subtree-end t))
- (unless (member "WAITING" (org-get-tags-at))
- (setq has-next t))))
- (if has-next
- next-headline
- nil)) ; a stuck project, has subtasks but no next task
- next-headline))))
-
-(defun bh/skip-non-projects ()
- "Skip trees that are not projects"
- ;; (bh/list-sublevels-for-projects-indented)
- (if (save-excursion (bh/skip-non-stuck-projects))
- (save-restriction
- (widen)
- (let ((subtree-end (save-excursion (org-end-of-subtree t))))
- (cond
- ((bh/is-project-p)
- nil)
- ((and (bh/is-project-subtree-p) (not (bh/is-task-p)))
- nil)
- (t
- subtree-end))))
- (save-excursion (org-end-of-subtree t))))
-
-(defun bh/skip-non-tasks ()
- "Show non-project tasks.
-Skip project and sub-project tasks, habits, and project related tasks."
- (save-restriction
- (widen)
- (let ((next-headline (save-excursion (or (outline-next-heading) (point-max)))))
- (cond
- ((bh/is-task-p)
- nil)
- (t
- next-headline)))))
-
-(defun bh/skip-project-trees-and-habits ()
- "Skip trees that are projects"
- (save-restriction
- (widen)
- (let ((subtree-end (save-excursion (org-end-of-subtree t))))
- (cond
- ((bh/is-project-p)
- subtree-end)
- ((org-is-habit-p)
- subtree-end)
- (t
- nil)))))
-
-(defun bh/skip-projects-and-habits-and-single-tasks ()
- "Skip trees that are projects, tasks that are habits, single non-project tasks"
- (save-restriction
- (widen)
- (let ((next-headline (save-excursion (or (outline-next-heading) (point-max)))))
- (cond
- ((org-is-habit-p)
- next-headline)
- ((and bh/hide-scheduled-and-waiting-next-tasks
- (member "WAITING" (org-get-tags-at)))
- next-headline)
- ((bh/is-project-p)
- next-headline)
- ((and (bh/is-task-p) (not (bh/is-project-subtree-p)))
- next-headline)
- (t
- nil)))))
-
-(defun bh/skip-project-tasks-maybe ()
- "Show tasks related to the current restriction.
-When restricted to a project, skip project and sub project tasks, habits, NEXT tasks, and loose tasks.
-When not restricted, skip project and sub-project tasks, habits, and project related tasks."
- (save-restriction
- (widen)
- (let* ((subtree-end (save-excursion (org-end-of-subtree t)))
- (next-headline (save-excursion (or (outline-next-heading) (point-max))))
- (limit-to-project (marker-buffer org-agenda-restrict-begin)))
- (cond
- ((bh/is-project-p)
- next-headline)
- ((org-is-habit-p)
- subtree-end)
- ((and (not limit-to-project)
- (bh/is-project-subtree-p))
- subtree-end)
- ((and limit-to-project
- (bh/is-project-subtree-p)
- (member (org-get-todo-state) (list "NEXT")))
- subtree-end)
- (t
- nil)))))
-
-(defun bh/skip-project-tasks ()
- "Show non-project tasks.
-Skip project and sub-project tasks, habits, and project related tasks."
- (save-restriction
- (widen)
- (let* ((subtree-end (save-excursion (org-end-of-subtree t))))
- (cond
- ((bh/is-project-p)
- subtree-end)
- ((org-is-habit-p)
- subtree-end)
- ((bh/is-project-subtree-p)
- subtree-end)
- (t
- nil)))))
-
-(defun bh/skip-non-project-tasks ()
- "Show project tasks.
-Skip project and sub-project tasks, habits, and loose non-project tasks."
- (save-restriction
- (widen)
- (let* ((subtree-end (save-excursion (org-end-of-subtree t)))
- (next-headline (save-excursion (or (outline-next-heading) (point-max)))))
- (cond
- ((bh/is-project-p)
- next-headline)
- ((org-is-habit-p)
- subtree-end)
- ((and (bh/is-project-subtree-p)
- (member (org-get-todo-state) (list "NEXT")))
- subtree-end)
- ((not (bh/is-project-subtree-p))
- subtree-end)
- (t
- nil)))))
-
-(defun bh/skip-projects-and-habits ()
- "Skip trees that are projects and tasks that are habits"
- (save-restriction
- (widen)
- (let ((subtree-end (save-excursion (org-end-of-subtree t))))
- (cond
- ((bh/is-project-p)
- subtree-end)
- ((org-is-habit-p)
- subtree-end)
- (t
- nil)))))
-
-(defun bh/skip-non-subprojects ()
- "Skip trees that are not projects"
- (let ((next-headline (save-excursion (outline-next-heading))))
- (if (bh/is-subproject-p)
- nil
- next-headline)))
-
-(setq org-archive-mark-done nil)
-(setq org-archive-location "%s_archive::* Archived Tasks")
-
-(defun bh/skip-non-archivable-tasks ()
- "Skip trees that are not available for archiving"
- (save-restriction
- (widen)
- ;; Consider only tasks with done todo headings as archivable candidates
- (let ((next-headline (save-excursion (or (outline-next-heading) (point-max))))
- (subtree-end (save-excursion (org-end-of-subtree t))))
- (if (member (org-get-todo-state) org-todo-keywords-1)
- (if (member (org-get-todo-state) org-done-keywords)
- (let* ((daynr (string-to-number (format-time-string "%d" (current-time))))
- (a-month-ago (* 60 60 24 (+ daynr 1)))
- (last-month (format-time-string "%Y-%m-" (time-subtract (current-time) (seconds-to-time a-month-ago))))
- (this-month (format-time-string "%Y-%m-" (current-time)))
- (subtree-is-current (save-excursion
- (forward-line 1)
- (and (< (point) subtree-end)
- (re-search-forward (concat last-month "\\|" this-month) subtree-end t)))))
- (if subtree-is-current
- subtree-end ; Has a date in this month or last month, skip it
- nil)) ; available to archive
- (or subtree-end (point-max)))
- next-headline))))
-(setq org-alphabetical-lists t)
-
-;; Explicitly load required exporters
-(require 'ox-html)
-(require 'ox-latex)
-(require 'ox-ascii)
-
-(setq org-ditaa-jar-path "~/git/org-mode/contrib/scripts/ditaa.jar")
-(setq org-plantuml-jar-path "~/java/plantuml.jar")
-
-(add-hook 'org-babel-after-execute-hook 'bh/display-inline-images 'append)
-
-; Make babel results blocks lowercase
-(setq org-babel-results-keyword "results")
-
-(defun bh/display-inline-images ()
- (condition-case nil
- (org-display-inline-images)
- (error nil)))
-
-(org-babel-do-load-languages
- (quote org-babel-load-languages)
- (quote ((emacs-lisp . t)
- (dot . t)
- (ditaa . t)
- (R . t)
- (python . t)
- (ruby . t)
- (gnuplot . t)
- (clojure . t)
- (shell . t)
- (ledger . t)
- (org . t)
- (plantuml . t)
- (latex . t))))
-
-; Do not prompt to confirm evaluation
-; This may be dangerous - make sure you understand the consequences
-; of setting this -- see the docstring for details
-(setq org-confirm-babel-evaluate nil)
-
-; Use fundamental mode when editing plantuml blocks with C-c '
-(add-to-list 'org-src-lang-modes (quote ("plantuml" . fundamental)))
-
-;; Don't enable this because it breaks access to emacs from my Android phone
-(setq org-startup-with-inline-images nil)
-
-; experimenting with docbook exports - not finished
-(setq org-export-docbook-xsl-fo-proc-command "fop %s %s")
-(setq org-export-docbook-xslt-proc-command "xsltproc --output %s /usr/share/xml/docbook/stylesheet/nwalsh/fo/docbook.xsl %s")
-;
-; Inline images in HTML instead of producting links to the image
-(setq org-html-inline-images t)
-; Do not use sub or superscripts - I currently don't need this functionality in my documents
-(setq org-export-with-sub-superscripts nil)
-; Use org.css from the norang website for export document stylesheets
-(setq org-html-head-extra "<link rel=\"stylesheet\" href=\"http://doc.norang.ca/org.css\" type=\"text/css\" />")
-(setq org-html-head-include-default-style nil)
-; Do not generate internal css formatting for HTML exports
-(setq org-export-htmlize-output-type (quote css))
-; Export with LaTeX fragments
-(setq org-export-with-LaTeX-fragments t)
-; Increase default number of headings to export
-(setq org-export-headline-levels 6)
-
-; List of projects
-; norang - http://www.norang.ca/
-; doc - http://doc.norang.ca/
-; org-mode-doc - http://doc.norang.ca/org-mode.html and associated files
-; org - miscellaneous todo lists for publishing
-(setq org-publish-project-alist
- ;
- ; http://www.norang.ca/ (norang website)
- ; norang-org are the org-files that generate the content
- ; norang-extra are images and css files that need to be included
- ; norang is the top-level project that gets published
- (quote (("norang-org"
- :base-directory "~/git/www.norang.ca"
- :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs"
- :recursive t
- :table-of-contents nil
- :base-extension "org"
- :publishing-function org-html-publish-to-html
- :style-include-default nil
- :section-numbers nil
- :table-of-contents nil
- :html-head "<link rel=\"stylesheet\" href=\"norang.css\" type=\"text/css\" />"
- :author-info nil
- :creator-info nil)
- ("norang-extra"
- :base-directory "~/git/www.norang.ca/"
- :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs"
- :base-extension "css\\|pdf\\|png\\|jpg\\|gif"
- :publishing-function org-publish-attachment
- :recursive t
- :author nil)
- ("norang"
- :components ("norang-org" "norang-extra"))
- ;
- ; http://doc.norang.ca/ (norang website)
- ; doc-org are the org-files that generate the content
- ; doc-extra are images and css files that need to be included
- ; doc is the top-level project that gets published
- ("doc-org"
- :base-directory "~/git/doc.norang.ca/"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs"
- :recursive nil
- :section-numbers nil
- :table-of-contents nil
- :base-extension "org"
- :publishing-function (org-html-publish-to-html org-org-publish-to-org)
- :style-include-default nil
- :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />"
- :author-info nil
- :creator-info nil)
- ("doc-extra"
- :base-directory "~/git/doc.norang.ca/"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs"
- :base-extension "css\\|pdf\\|png\\|jpg\\|gif"
- :publishing-function org-publish-attachment
- :recursive nil
- :author nil)
- ("doc"
- :components ("doc-org" "doc-extra"))
- ("doc-private-org"
- :base-directory "~/git/doc.norang.ca/private"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs/private"
- :recursive nil
- :section-numbers nil
- :table-of-contents nil
- :base-extension "org"
- :publishing-function (org-html-publish-to-html org-org-publish-to-org)
- :style-include-default nil
- :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />"
- :auto-sitemap t
- :sitemap-filename "index.html"
- :sitemap-title "Norang Private Documents"
- :sitemap-style "tree"
- :author-info nil
- :creator-info nil)
- ("doc-private-extra"
- :base-directory "~/git/doc.norang.ca/private"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs/private"
- :base-extension "css\\|pdf\\|png\\|jpg\\|gif"
- :publishing-function org-publish-attachment
- :recursive nil
- :author nil)
- ("doc-private"
- :components ("doc-private-org" "doc-private-extra"))
- ;
- ; Miscellaneous pages for other websites
- ; org are the org-files that generate the content
- ("org-org"
- :base-directory "~/git/org/"
- :publishing-directory "/ssh:www-data@www:~/org"
- :recursive t
- :section-numbers nil
- :table-of-contents nil
- :base-extension "org"
- :publishing-function org-html-publish-to-html
- :style-include-default nil
- :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />"
- :author-info nil
- :creator-info nil)
- ;
- ; http://doc.norang.ca/ (norang website)
- ; org-mode-doc-org this document
- ; org-mode-doc-extra are images and css files that need to be included
- ; org-mode-doc is the top-level project that gets published
- ; This uses the same target directory as the 'doc' project
- ("org-mode-doc-org"
- :base-directory "~/git/org-mode-doc/"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs"
- :recursive t
- :section-numbers nil
- :table-of-contents nil
- :base-extension "org"
- :publishing-function (org-html-publish-to-html)
- :plain-source t
- :htmlized-source t
- :style-include-default nil
- :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />"
- :author-info nil
- :creator-info nil)
- ("org-mode-doc-extra"
- :base-directory "~/git/org-mode-doc/"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs"
- :base-extension "css\\|pdf\\|png\\|jpg\\|gif\\|org"
- :publishing-function org-publish-attachment
- :recursive t
- :author nil)
- ("org-mode-doc"
- :components ("org-mode-doc-org" "org-mode-doc-extra"))
- ;
- ; http://doc.norang.ca/ (norang website)
- ; org-mode-doc-org this document
- ; org-mode-doc-extra are images and css files that need to be included
- ; org-mode-doc is the top-level project that gets published
- ; This uses the same target directory as the 'doc' project
- ("tmp-org"
- :base-directory "/tmp/publish/"
- :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs/tmp"
- :recursive t
- :section-numbers nil
- :table-of-contents nil
- :base-extension "org"
- :publishing-function (org-html-publish-to-html org-org-publish-to-org)
- :html-head "<link rel=\"stylesheet\" href=\"http://doc.norang.ca/org.css\" type=\"text/css\" />"
- :plain-source t
- :htmlized-source t
- :style-include-default nil
- :auto-sitemap t
- :sitemap-filename "index.html"
- :sitemap-title "Test Publishing Area"
- :sitemap-style "tree"
- :author-info t
- :creator-info t)
- ("tmp-extra"
- :base-directory "/tmp/publish/"
- :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs/tmp"
- :base-extension "css\\|pdf\\|png\\|jpg\\|gif"
- :publishing-function org-publish-attachment
- :recursive t
- :author nil)
- ("tmp"
- :components ("tmp-org" "tmp-extra")))))
-
-; I'm lazy and don't want to remember the name of the project to publish when I modify
-; a file that is part of a project. So this function saves the file, and publishes
-; the project that includes this file
-;
-; It's bound to C-S-F12 so I just edit and hit C-S-F12 when I'm done and move on to the next thing
-(defun bh/save-then-publish (&optional force)
- (interactive "P")
- (save-buffer)
- (org-save-all-org-buffers)
- (let ((org-html-head-extra)
- (org-html-validation-link "<a href=\"http://validator.w3.org/check?uri=referer\">Validate XHTML 1.0</a>"))
- (org-publish-current-project force)))
-
-(global-set-key (kbd "C-s-<f12>") 'bh/save-then-publish)
-
-(setq org-latex-listings t)
-
-(setq org-html-xml-declaration (quote (("html" . "")
- ("was-html" . "<?xml version=\"1.0\" encoding=\"%s\"?>")
- ("php" . "<?php echo \"<?xml version=\\\"1.0\\\" encoding=\\\"%s\\\" ?>\"; ?>"))))
-
-(setq org-export-allow-BIND t)
-
-; Erase all reminders and rebuilt reminders for today from the agenda
-(defun bh/org-agenda-to-appt ()
- (interactive)
- (setq appt-time-msg-list nil)
- (org-agenda-to-appt))
-
-; Rebuild the reminders everytime the agenda is displayed
-(add-hook 'org-finalize-agenda-hook 'bh/org-agenda-to-appt 'append)
-
-; This is at the end of my .emacs - so appointments are set up when Emacs starts
-(bh/org-agenda-to-appt)
-
-; Activate appointments so we get notifications
-(appt-activate t)
-
-; If we leave Emacs running overnight - reset the appointments one minute after midnight
-(run-at-time "24:01" nil 'bh/org-agenda-to-appt)
-
-;; Enable abbrev-mode
-(add-hook 'org-mode-hook (lambda () (abbrev-mode 1)))
-
-;; Skeletons
-;;
-;; sblk - Generic block #+begin_FOO .. #+end_FOO
-(define-skeleton skel-org-block
- "Insert an org block, querying for type."
- "Type: "
- "#+begin_" str "\n"
- _ - \n
- "#+end_" str "\n")
-
-(define-abbrev org-mode-abbrev-table "sblk" "" 'skel-org-block)
-
-;; splantuml - PlantUML Source block
-(define-skeleton skel-org-block-plantuml
- "Insert a org plantuml block, querying for filename."
- "File (no extension): "
- "#+begin_src plantuml :file " str ".png :cache yes\n"
- _ - \n
- "#+end_src\n")
-
-(define-abbrev org-mode-abbrev-table "splantuml" "" 'skel-org-block-plantuml)
-
-(define-skeleton skel-org-block-plantuml-activity
- "Insert a org plantuml block, querying for filename."
- "File (no extension): "
- "#+begin_src plantuml :file " str "-act.png :cache yes :tangle " str "-act.txt\n"
- (bh/plantuml-reset-counters)
- "@startuml\n"
- "skinparam activity {\n"
- "BackgroundColor<<New>> Cyan\n"
- "}\n\n"
- "title " str " - \n"
- "note left: " str "\n"
- "(*) --> \"" str "\"\n"
- "--> (*)\n"
- _ - \n
- "@enduml\n"
- "#+end_src\n")
-
-(defvar bh/plantuml-if-count 0)
-
-(defun bh/plantuml-if ()
- (incf bh/plantuml-if-count)
- (number-to-string bh/plantuml-if-count))
-
-(defvar bh/plantuml-loop-count 0)
-
-(defun bh/plantuml-loop ()
- (incf bh/plantuml-loop-count)
- (number-to-string bh/plantuml-loop-count))
-
-(defun bh/plantuml-reset-counters ()
- (setq bh/plantuml-if-count 0
- bh/plantuml-loop-count 0)
- "")
-
-(define-abbrev org-mode-abbrev-table "sact" "" 'skel-org-block-plantuml-activity)
-
-(define-skeleton skel-org-block-plantuml-activity-if
- "Insert a org plantuml block activity if statement"
- ""
- "if \"\" then\n"
- " -> [condition] ==IF" (setq ifn (bh/plantuml-if)) "==\n"
- " --> ==IF" ifn "M1==\n"
- " -left-> ==IF" ifn "M2==\n"
- "else\n"
- "end if\n"
- "--> ==IF" ifn "M2==")
-
-(define-abbrev org-mode-abbrev-table "sif" "" 'skel-org-block-plantuml-activity-if)
-
-(define-skeleton skel-org-block-plantuml-activity-for
- "Insert a org plantuml block activity for statement"
- "Loop for each: "
- "--> ==LOOP" (setq loopn (bh/plantuml-loop)) "==\n"
- "note left: Loop" loopn ": For each " str "\n"
- "--> ==ENDLOOP" loopn "==\n"
- "note left: Loop" loopn ": End for each " str "\n" )
-
-(define-abbrev org-mode-abbrev-table "sfor" "" 'skel-org-block-plantuml-activity-for)
-
-(define-skeleton skel-org-block-plantuml-sequence
- "Insert a org plantuml activity diagram block, querying for filename."
- "File appends (no extension): "
- "#+begin_src plantuml :file " str "-seq.png :cache yes :tangle " str "-seq.txt\n"
- "@startuml\n"
- "title " str " - \n"
- "actor CSR as \"Customer Service Representative\"\n"
- "participant CSMO as \"CSM Online\"\n"
- "participant CSMU as \"CSM Unix\"\n"
- "participant NRIS\n"
- "actor Customer"
- _ - \n
- "@enduml\n"
- "#+end_src\n")
-
-(define-abbrev org-mode-abbrev-table "sseq" "" 'skel-org-block-plantuml-sequence)
-
-;; sdot - Graphviz DOT block
-(define-skeleton skel-org-block-dot
- "Insert a org graphviz dot block, querying for filename."
- "File (no extension): "
- "#+begin_src dot :file " str ".png :cache yes :cmdline -Kdot -Tpng\n"
- "graph G {\n"
- _ - \n
- "}\n"
- "#+end_src\n")
-
-(define-abbrev org-mode-abbrev-table "sdot" "" 'skel-org-block-dot)
-
-;; sditaa - Ditaa source block
-(define-skeleton skel-org-block-ditaa
- "Insert a org ditaa block, querying for filename."
- "File (no extension): "
- "#+begin_src ditaa :file " str ".png :cache yes\n"
- _ - \n
- "#+end_src\n")
-
-(define-abbrev org-mode-abbrev-table "sditaa" "" 'skel-org-block-ditaa)
-
-;; selisp - Emacs Lisp source block
-(define-skeleton skel-org-block-elisp
- "Insert a org emacs-lisp block"
- ""
- "#+begin_src emacs-lisp\n"
- _ - \n
- "#+end_src\n")
-
-(define-abbrev org-mode-abbrev-table "selisp" "" 'skel-org-block-elisp)
-
-(defun bh/org-todo (arg)
- (interactive "p")
- (if (equal arg 4)
- (save-restriction
- (bh/narrow-to-org-subtree)
- (org-show-todo-tree nil))
- (bh/narrow-to-org-subtree)
- (org-show-todo-tree nil)))
-
-(global-set-key (kbd "<S-f5>") 'bh/widen)
-
-(defun bh/widen ()
- (interactive)
- (if (equal major-mode 'org-agenda-mode)
- (progn
- (org-agenda-remove-restriction-lock)
- (when org-agenda-sticky
- (org-agenda-redo)))
- (widen)))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "W" (lambda () (interactive) (setq bh/hide-scheduled-and-waiting-next-tasks t) (bh/widen))))
- 'append)
-
-(defun bh/restrict-to-file-or-follow (arg)
- "Set agenda restriction to 'file or with argument invoke follow mode.
-I don't use follow mode very often but I restrict to file all the time
-so change the default 'F' binding in the agenda to allow both"
- (interactive "p")
- (if (equal arg 4)
- (org-agenda-follow-mode)
- (widen)
- (bh/set-agenda-restriction-lock 4)
- (org-agenda-redo)
- (beginning-of-buffer)))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "F" 'bh/restrict-to-file-or-follow))
- 'append)
-
-(defun bh/narrow-to-org-subtree ()
- (widen)
- (org-narrow-to-subtree)
- (save-restriction
- (org-agenda-set-restriction-lock)))
-
-(defun bh/narrow-to-subtree ()
- (interactive)
- (if (equal major-mode 'org-agenda-mode)
- (progn
- (org-with-point-at (org-get-at-bol 'org-hd-marker)
- (bh/narrow-to-org-subtree))
- (when org-agenda-sticky
- (org-agenda-redo)))
- (bh/narrow-to-org-subtree)))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "N" 'bh/narrow-to-subtree))
- 'append)
-
-(defun bh/narrow-up-one-org-level ()
- (widen)
- (save-excursion
- (outline-up-heading 1 'invisible-ok)
- (bh/narrow-to-org-subtree)))
-
-(defun bh/get-pom-from-agenda-restriction-or-point ()
- (or (and (marker-position org-agenda-restrict-begin) org-agenda-restrict-begin)
- (org-get-at-bol 'org-hd-marker)
- (and (equal major-mode 'org-mode) (point))
- org-clock-marker))
-
-(defun bh/narrow-up-one-level ()
- (interactive)
- (if (equal major-mode 'org-agenda-mode)
- (progn
- (org-with-point-at (bh/get-pom-from-agenda-restriction-or-point)
- (bh/narrow-up-one-org-level))
- (org-agenda-redo))
- (bh/narrow-up-one-org-level)))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "U" 'bh/narrow-up-one-level))
- 'append)
-
-(defun bh/narrow-to-org-project ()
- (widen)
- (save-excursion
- (bh/find-project-task)
- (bh/narrow-to-org-subtree)))
-
-(defun bh/narrow-to-project ()
- (interactive)
- (if (equal major-mode 'org-agenda-mode)
- (progn
- (org-with-point-at (bh/get-pom-from-agenda-restriction-or-point)
- (bh/narrow-to-org-project)
- (save-excursion
- (bh/find-project-task)
- (org-agenda-set-restriction-lock)))
- (org-agenda-redo)
- (beginning-of-buffer))
- (bh/narrow-to-org-project)
- (save-restriction
- (org-agenda-set-restriction-lock))))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "P" 'bh/narrow-to-project))
- 'append)
-
-(defvar bh/project-list nil)
-
-(defun bh/view-next-project ()
- (interactive)
- (let (num-project-left current-project)
- (unless (marker-position org-agenda-restrict-begin)
- (goto-char (point-min))
- ; Clear all of the existing markers on the list
- (while bh/project-list
- (set-marker (pop bh/project-list) nil))
- (re-search-forward "Tasks to Refile")
- (forward-visible-line 1))
-
- ; Build a new project marker list
- (unless bh/project-list
- (while (< (point) (point-max))
- (while (and (< (point) (point-max))
- (or (not (org-get-at-bol 'org-hd-marker))
- (org-with-point-at (org-get-at-bol 'org-hd-marker)
- (or (not (bh/is-project-p))
- (bh/is-project-subtree-p)))))
- (forward-visible-line 1))
- (when (< (point) (point-max))
- (add-to-list 'bh/project-list (copy-marker (org-get-at-bol 'org-hd-marker)) 'append))
- (forward-visible-line 1)))
-
- ; Pop off the first marker on the list and display
- (setq current-project (pop bh/project-list))
- (when current-project
- (org-with-point-at current-project
- (setq bh/hide-scheduled-and-waiting-next-tasks nil)
- (bh/narrow-to-project))
- ; Remove the marker
- (setq current-project nil)
- (org-agenda-redo)
- (beginning-of-buffer)
- (setq num-projects-left (length bh/project-list))
- (if (> num-projects-left 0)
- (message "%s projects left to view" num-projects-left)
- (beginning-of-buffer)
- (setq bh/hide-scheduled-and-waiting-next-tasks t)
- (error "All projects viewed.")))))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "V" 'bh/view-next-project))
- 'append)
-
-(setq org-show-entry-below (quote ((default))))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "\C-c\C-x<" 'bh/set-agenda-restriction-lock))
- 'append)
-
-(defun bh/set-agenda-restriction-lock (arg)
- "Set restriction lock to current task subtree or file if prefix is specified"
- (interactive "p")
- (let* ((pom (bh/get-pom-from-agenda-restriction-or-point))
- (tags (org-with-point-at pom (org-get-tags-at))))
- (let ((restriction-type (if (equal arg 4) 'file 'subtree)))
- (save-restriction
- (cond
- ((and (equal major-mode 'org-agenda-mode) pom)
- (org-with-point-at pom
- (org-agenda-set-restriction-lock restriction-type))
- (org-agenda-redo))
- ((and (equal major-mode 'org-mode) (org-before-first-heading-p))
- (org-agenda-set-restriction-lock 'file))
- (pom
- (org-with-point-at pom
- (org-agenda-set-restriction-lock restriction-type))))))))
-
-;; Limit restriction lock highlighting to the headline only
-(setq org-agenda-restriction-lock-highlight-subtree nil)
-
-;; Always hilight the current agenda line
-(add-hook 'org-agenda-mode-hook
- '(lambda () (hl-line-mode 1))
- 'append)
-
-;; Keep tasks with dates on the global todo lists
-(setq org-agenda-todo-ignore-with-date nil)
-
-;; Keep tasks with deadlines on the global todo lists
-(setq org-agenda-todo-ignore-deadlines nil)
-
-;; Keep tasks with scheduled dates on the global todo lists
-(setq org-agenda-todo-ignore-scheduled nil)
-
-;; Keep tasks with timestamps on the global todo lists
-(setq org-agenda-todo-ignore-timestamp nil)
-
-;; Remove completed deadline tasks from the agenda view
-(setq org-agenda-skip-deadline-if-done t)
-
-;; Remove completed scheduled tasks from the agenda view
-(setq org-agenda-skip-scheduled-if-done t)
-
-;; Remove completed items from search results
-(setq org-agenda-skip-timestamp-if-done t)
-
-(setq org-agenda-include-diary nil)
-(setq org-agenda-diary-file "~/git/org/diary.org")
-
-(setq org-agenda-insert-diary-extract-time t)
-
-;; Include agenda archive files when searching for things
-(setq org-agenda-text-search-extra-files (quote (agenda-archives)))
-
-;; Show all future entries for repeating tasks
-(setq org-agenda-repeating-timestamp-show-all t)
-
-;; Show all agenda dates - even if they are empty
-(setq org-agenda-show-all-dates t)
-
-;; Sorting order for tasks on the agenda
-(setq org-agenda-sorting-strategy
- (quote ((agenda habit-down time-up user-defined-up effort-up category-keep)
- (todo category-up effort-up)
- (tags category-up effort-up)
- (search category-up))))
-
-;; Start the weekly agenda on Monday
-(setq org-agenda-start-on-weekday 1)
-
-;; Enable display of the time grid so we can see the marker for the current time
-;; modified like in
-;; https://stackoverflow.com/questions/47778775/wrong-type-argument-when-using-org-agenda
-(setq org-agenda-time-grid (quote
- ((daily today remove-match)
- (0900 1100 1300 1500 1700)
- "......" "----------------")))
-
-;; Display tags farther right
-(setq org-agenda-tags-column -102)
-
-;;
-;; Agenda sorting functions
-;;
-(setq org-agenda-cmp-user-defined 'bh/agenda-sort)
-
-(defun bh/agenda-sort (a b)
- "Sorting strategy for agenda items.
-Late deadlines first, then scheduled, then non-late deadlines"
- (let (result num-a num-b)
- (cond
- ; time specific items are already sorted first by org-agenda-sorting-strategy
-
- ; non-deadline and non-scheduled items next
- ((bh/agenda-sort-test 'bh/is-not-scheduled-or-deadline a b))
-
- ; deadlines for today next
- ((bh/agenda-sort-test 'bh/is-due-deadline a b))
-
- ; late deadlines next
- ((bh/agenda-sort-test-num 'bh/is-late-deadline '> a b))
-
- ; scheduled items for today next
- ((bh/agenda-sort-test 'bh/is-scheduled-today a b))
-
- ; late scheduled items next
- ((bh/agenda-sort-test-num 'bh/is-scheduled-late '> a b))
-
- ; pending deadlines last
- ((bh/agenda-sort-test-num 'bh/is-pending-deadline '< a b))
-
- ; finally default to unsorted
- (t (setq result nil)))
- result))
-
-(defmacro bh/agenda-sort-test (fn a b)
- "Test for agenda sort"
- `(cond
- ; if both match leave them unsorted
- ((and (apply ,fn (list ,a))
- (apply ,fn (list ,b)))
- (setq result nil))
- ; if a matches put a first
- ((apply ,fn (list ,a))
- (setq result -1))
- ; otherwise if b matches put b first
- ((apply ,fn (list ,b))
- (setq result 1))
- ; if none match leave them unsorted
- (t nil)))
-
-(defmacro bh/agenda-sort-test-num (fn compfn a b)
- `(cond
- ((apply ,fn (list ,a))
- (setq num-a (string-to-number (match-string 1 ,a)))
- (if (apply ,fn (list ,b))
- (progn
- (setq num-b (string-to-number (match-string 1 ,b)))
- (setq result (if (apply ,compfn (list num-a num-b))
- -1
- 1)))
- (setq result -1)))
- ((apply ,fn (list ,b))
- (setq result 1))
- (t nil)))
-
-(defun bh/is-not-scheduled-or-deadline (date-str)
- (and (not (bh/is-deadline date-str))
- (not (bh/is-scheduled date-str))))
-
-(defun bh/is-due-deadline (date-str)
- (string-match "Deadline:" date-str))
-
-(defun bh/is-late-deadline (date-str)
- (string-match "\\([0-9]*\\) d\. ago:" date-str))
-
-(defun bh/is-pending-deadline (date-str)
- (string-match "In \\([^-]*\\)d\.:" date-str))
-
-(defun bh/is-deadline (date-str)
- (or (bh/is-due-deadline date-str)
- (bh/is-late-deadline date-str)
- (bh/is-pending-deadline date-str)))
-
-(defun bh/is-scheduled (date-str)
- (or (bh/is-scheduled-today date-str)
- (bh/is-scheduled-late date-str)))
-
-(defun bh/is-scheduled-today (date-str)
- (string-match "Scheduled:" date-str))
-
-(defun bh/is-scheduled-late (date-str)
- (string-match "Sched\.\\(.*\\)x:" date-str))
-
-;; Use sticky agenda's so they persist
-(setq org-agenda-sticky t)
-
-;; The following setting is different from the document so that you
-;; can override the document path by setting your path in the variable
-;; org-mode-user-contrib-lisp-path
-;;
-(if (boundp 'org-mode-user-contrib-lisp-path)
- (add-to-list 'load-path org-mode-user-contrib-lisp-path)
- (add-to-list 'load-path (expand-file-name "~/git/org-mode/contrib/lisp")))
-
-(require 'org-checklist)
-
-(setq org-enforce-todo-dependencies t)
-
-(setq org-hide-leading-stars nil)
-
-(setq org-startup-indented t)
-
-(setq org-cycle-separator-lines 0)
-
-(setq org-blank-before-new-entry (quote ((heading)
- (plain-list-item . auto))))
-
-(setq org-insert-heading-respect-content nil)
-
-(setq org-reverse-note-order nil)
-
-(setq org-show-following-heading t)
-(setq org-show-hierarchy-above t)
-(setq org-show-siblings (quote ((default))))
-
-(setq org-special-ctrl-a/e t)
-(setq org-special-ctrl-k t)
-(setq org-yank-adjusted-subtrees t)
-
-(setq org-id-method (quote uuidgen))
-
-(setq org-deadline-warning-days 30)
-
-(setq org-table-export-default-format "orgtbl-to-csv")
-
-(setq org-link-frame-setup (quote ((vm . vm-visit-folder)
- (gnus . org-gnus-no-new-news)
- (file . find-file))))
-
-; Use the current window for C-c ' source editing
-(setq org-src-window-setup 'current-window)
-
-(setq org-log-done (quote time))
-(setq org-log-into-drawer t)
-(setq org-log-state-notes-insert-after-drawers nil)
-
-(setq org-clock-sound "/usr/local/lib/tngchime.wav")
-
-; Enable habit tracking (and a bunch of other modules)
-(setq org-modules (quote (org-bbdb
- org-bibtex
- org-crypt
- org-gnus
- org-id
- org-info
- org-jsinfo
- org-habit
- org-inlinetask
- org-irc
- org-mew
- org-mhe
- org-protocol
- org-rmail
- org-vm
- org-wl
- org-w3m)))
-
-; position the habit graph on the agenda to the right of the default
-(setq org-habit-graph-column 50)
-
-(run-at-time "06:00" 86400 '(lambda () (setq org-habit-show-habits t)))
-
-(global-auto-revert-mode t)
-
-(require 'org-crypt)
-; Encrypt all entries before saving
-(org-crypt-use-before-save-magic)
-(setq org-tags-exclude-from-inheritance (quote ("crypt")))
-; GPG key to use for encryption
-(setq org-crypt-key "F0B66B40")
-
-(setq org-crypt-disable-auto-save nil)
-
-(setq org-use-speed-commands t)
-(setq org-speed-commands-user (quote (("0" . ignore)
- ("1" . ignore)
- ("2" . ignore)
- ("3" . ignore)
- ("4" . ignore)
- ("5" . ignore)
- ("6" . ignore)
- ("7" . ignore)
- ("8" . ignore)
- ("9" . ignore)
-
- ("a" . ignore)
- ("d" . ignore)
- ("h" . bh/hide-other)
- ("i" progn
- (forward-char 1)
- (call-interactively 'org-insert-heading-respect-content))
- ("k" . org-kill-note-or-show-branches)
- ("l" . ignore)
- ("m" . ignore)
- ("q" . bh/show-org-agenda)
- ("r" . ignore)
- ("s" . org-save-all-org-buffers)
- ("w" . org-refile)
- ("x" . ignore)
- ("y" . ignore)
- ("z" . org-add-note)
-
- ("A" . ignore)
- ("B" . ignore)
- ("E" . ignore)
- ("F" . bh/restrict-to-file-or-follow)
- ("G" . ignore)
- ("H" . ignore)
- ("J" . org-clock-goto)
- ("K" . ignore)
- ("L" . ignore)
- ("M" . ignore)
- ("N" . bh/narrow-to-org-subtree)
- ("P" . bh/narrow-to-org-project)
- ("Q" . ignore)
- ("R" . ignore)
- ("S" . ignore)
- ("T" . bh/org-todo)
- ("U" . bh/narrow-up-one-org-level)
- ("V" . ignore)
- ("W" . bh/widen)
- ("X" . ignore)
- ("Y" . ignore)
- ("Z" . ignore))))
-
-(defun bh/show-org-agenda ()
- (interactive)
- (if org-agenda-sticky
- (switch-to-buffer "*Org Agenda( )*")
- (switch-to-buffer "*Org Agenda*"))
- (delete-other-windows))
-
-(require 'org-protocol)
-
-(setq require-final-newline t)
-
-(defvar bh/insert-inactive-timestamp t)
-
-(defun bh/toggle-insert-inactive-timestamp ()
- (interactive)
- (setq bh/insert-inactive-timestamp (not bh/insert-inactive-timestamp))
- (message "Heading timestamps are %s" (if bh/insert-inactive-timestamp "ON" "OFF")))
-
-(defun bh/insert-inactive-timestamp ()
- (interactive)
- (org-insert-time-stamp nil t t nil nil nil))
-
-(defun bh/insert-heading-inactive-timestamp ()
- (save-excursion
- (when bh/insert-inactive-timestamp
- (org-return)
- (org-cycle)
- (bh/insert-inactive-timestamp))))
-
-(add-hook 'org-insert-heading-hook 'bh/insert-heading-inactive-timestamp 'append)
-
-(setq org-export-with-timestamps nil)
-
-(setq org-return-follows-link t)
-
-(custom-set-faces
- ;; custom-set-faces was added by Custom.
- ;; If you edit it by hand, you could mess it up, so be careful.
- ;; Your init file should contain only one such instance.
- ;; If there is more than one, they won't work right.
- '(org-mode-line-clock ((t (:foreground "red" :box (:line-width -1 :style released-button)))) t))
-
-(defun bh/prepare-meeting-notes ()
- "Prepare meeting notes for email
- Take selected region and convert tabs to spaces, mark TODOs with leading >>>, and copy to kill ring for pasting"
- (interactive)
- (let (prefix)
- (save-excursion
- (save-restriction
- (narrow-to-region (region-beginning) (region-end))
- (untabify (point-min) (point-max))
- (goto-char (point-min))
- (while (re-search-forward "^\\( *-\\\) \\(TODO\\|DONE\\): " (point-max) t)
- (replace-match (concat (make-string (length (match-string 1)) ?>) " " (match-string 2) ": ")))
- (goto-char (point-min))
- (kill-ring-save (point-min) (point-max))))))
-
-(setq org-remove-highlights-with-change t)
-
-(add-to-list 'Info-default-directory-list "~/git/org-mode/doc")
-
-(setq org-read-date-prefer-future 'time)
-
-(setq org-list-demote-modify-bullet (quote (("+" . "-")
- ("*" . "-")
- ("1." . "-")
- ("1)" . "-")
- ("A)" . "-")
- ("B)" . "-")
- ("a)" . "-")
- ("b)" . "-")
- ("A." . "-")
- ("B." . "-")
- ("a." . "-")
- ("b." . "-"))))
-
-(setq org-tags-match-list-sublevels t)
-
-(setq org-agenda-persistent-filter t)
-
-(setq org-link-mailto-program (quote (compose-mail "%a" "%s")))
-
-(add-to-list 'load-path (expand-file-name "~/.emacs.d"))
-(require 'smex)
-(smex-initialize)
-
-(global-set-key (kbd "M-x") 'smex)
-(global-set-key (kbd "C-x x") 'smex)
-(global-set-key (kbd "M-X") 'smex-major-mode-commands)
-
-;; Bookmark handling
-;;
-(global-set-key (kbd "<C-f6>") '(lambda () (interactive) (bookmark-set "SAVED")))
-
-(require 'org-mime)
-
-(setq org-agenda-skip-additional-timestamps-same-entry t)
-
-(setq org-table-use-standard-references (quote from))
-
-(setq org-file-apps (quote ((auto-mode . emacs)
- ("\\.mm\\'" . system)
- ("\\.x?html?\\'" . system)
- ("\\.pdf\\'" . system))))
-
-; Overwrite the current window with the agenda
-(setq org-agenda-window-setup 'current-window)
-
-(setq org-clone-delete-id t)
-
-(setq org-cycle-include-plain-lists t)
-
-(setq org-src-fontify-natively t)
-
-(setq org-structure-template-alist
- (quote (("s" "#+begin_src ?\n\n#+end_src" "<src lang=\"?\">\n\n</src>")
- ("e" "#+begin_example\n?\n#+end_example" "<example>\n?\n</example>")
- ("q" "#+begin_quote\n?\n#+end_quote" "<quote>\n?\n</quote>")
- ("v" "#+begin_verse\n?\n#+end_verse" "<verse>\n?\n</verse>")
- ("c" "#+begin_center\n?\n#+end_center" "<center>\n?\n</center>")
- ("l" "#+begin_latex\n?\n#+end_latex" "<literal style=\"latex\">\n?\n</literal>")
- ("L" "#+latex: " "<literal style=\"latex\">?</literal>")
- ("h" "#+begin_html\n?\n#+end_html" "<literal style=\"html\">\n?\n</literal>")
- ("H" "#+html: " "<literal style=\"html\">?</literal>")
- ("a" "#+begin_ascii\n?\n#+end_ascii")
- ("A" "#+ascii: ")
- ("i" "#+index: ?" "#+index: ?")
- ("I" "#+include %file ?" "<include file=%file markup=\"?\">"))))
-
-(defun bh/mark-next-parent-tasks-todo ()
- "Visit each parent task and change NEXT states to TODO"
- (let ((mystate (or (and (fboundp 'org-state)
- state)
- (nth 2 (org-heading-components)))))
- (when mystate
- (save-excursion
- (while (org-up-heading-safe)
- (when (member (nth 2 (org-heading-components)) (list "NEXT"))
- (org-todo "TODO")))))))
-
-(add-hook 'org-after-todo-state-change-hook 'bh/mark-next-parent-tasks-todo 'append)
-(add-hook 'org-clock-in-hook 'bh/mark-next-parent-tasks-todo 'append)
-
-(setq org-startup-folded t)
-
-(add-hook 'message-mode-hook 'orgstruct++-mode 'append)
-(add-hook 'message-mode-hook 'turn-on-auto-fill 'append)
-(add-hook 'message-mode-hook 'bbdb-define-all-aliases 'append)
-(add-hook 'message-mode-hook 'orgtbl-mode 'append)
-; (add-hook 'message-mode-hook 'turn-on-flyspell 'append) ; aspell needs nix fix
-(add-hook 'message-mode-hook
- '(lambda () (setq fill-column 72))
- 'append)
-
-;; flyspell mode for spell checking everywhere
-; (add-hook 'org-mode-hook 'turn-on-flyspell 'append) ; aspell needs nix fix
-
-;; Disable keys in org-mode
-;; C-c [
-;; C-c ]
-;; C-c ;
-;; C-c C-x C-q cancelling the clock (we never want this)
-(add-hook 'org-mode-hook
- '(lambda ()
- ;; Undefine C-c [ and C-c ] since this breaks my
- ;; org-agenda files when directories are include It
- ;; expands the files in the directories individually
- (org-defkey org-mode-map "\C-c[" 'undefined)
- (org-defkey org-mode-map "\C-c]" 'undefined)
- (org-defkey org-mode-map "\C-c;" 'undefined)
- (org-defkey org-mode-map "\C-c\C-x\C-q" 'undefined))
- 'append)
-
-(add-hook 'org-mode-hook
- (lambda ()
- (local-set-key (kbd "C-c M-o") 'bh/mail-subtree))
- 'append)
-
-(defun bh/mail-subtree ()
- (interactive)
- (org-mark-subtree)
- (org-mime-subtree))
-
-(setq org-src-preserve-indentation nil)
-(setq org-edit-src-content-indentation 0)
-
-(setq org-catch-invisible-edits 'error)
-
-(setq org-export-coding-system 'utf-8)
-(prefer-coding-system 'utf-8)
-(set-charset-priority 'unicode)
-(setq default-process-coding-system '(utf-8-unix . utf-8-unix))
-
-(setq org-time-clocksum-format
- '(:hours "%d" :require-hours t :minutes ":%02d" :require-minutes t))
-
-(setq org-id-link-to-org-use-id 'create-if-interactive-and-no-custom-id)
-
-(setq org-emphasis-alist (quote (("*" bold "<b>" "</b>")
- ("/" italic "<i>" "</i>")
- ("_" underline "<span style=\"text-decoration:underline;\">" "</span>")
- ("=" org-code "<code>" "</code>" verbatim)
- ("~" org-verbatim "<code>" "</code>" verbatim))))
-
-(setq org-use-sub-superscripts nil)
-
-(setq org-odd-levels-only nil)
-
-(run-at-time "00:59" 3600 'org-save-all-org-buffers)
-
-;; --- ombi's extension
-
-;; found on https://www.reddit.com/r/emacs/comments/8yrklz/using_outlinemode_with_org_agenda/
-(add-hook
- 'org-agenda-mode-hook
- (lambda ()
- (setq-local outline-regexp "^[A-Z]")
- (setq-local outline-heading-end-regexp ".$")
- ;; Any prefix you'd like, though C-' is usually unoccupied.
- (setq-local outline-minor-mode-prefix (kbd "C-'"))
- (local-set-key "a" 'outline-toggle-children)
- (outline-minor-mode +1)
- (local-set-key outline-minor-mode-prefix outline-mode-prefix-map)))
-'';
-in
- modifiedBerndHansen
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
deleted file mode 100644
index 5c35bc280..000000000
--- a/jeschli/2configs/emacs.nix
+++ /dev/null
@@ -1,119 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- pkgsWithOverlay = import <nixpkgs-unstable> {
- overlays = [
- (import (builtins.fetchTarball {
- url = https://github.com/nix-community/emacs-overlay/archive/403c14c23be188b58c0b1bc197b428041d8a0cea.tar.gz;
- }))
- ];
- };
-
- # The emacs packages that I use
- # I differ between
- # - stable (Packages that I use for some time - happy with it)
- # - unstable (Packages that I use for some time - but may drop)
- # - testing (Packages that I try out - the new stuff)
- emacsPkgs = epkgs:
- (with epkgs.melpaPackages ;
-
- ## windows-purpose (testing)
- [ window-purpose ] ++
-
- ## helm (stable)
- # emacs completion engine
- [ helm helm-ag ] ++
-
- ## deft (testing)
- # text search for a directory
- [ deft ] ++
-
- ## lsp mode (unstable)
- # Language Server Protocol mode
- # Used for rust
- [ company-lsp dap-mode helm-lsp lsp-mode lsp-treemacs lsp-ui ] ++
-
- ## emacs convenience (stable)
- # Mixed and general purpose
- [ ag company direnv evil google-this spacemacs-theme ] ++
-
- ## common lisp (testing)
- [ slime ] ++
-
- ## magit (stable)
- [ magit ] ++
-
- ## bunch of programming languages (unstable)
- [ go-mode haskell-mode nix-mode ] ++
-
- ## rust (unstable)
- [ racer rust-mode ] ++
-
- ## python (stable)
- # Python IDE for emacs
- [ elpy ]) ++
-
- ## org-mode
- # Org-Mode has several extensions
- # and can be seen as an application of its own.
- (with epkgs.melpaPackages ;
- # testing
- [ org-super-agenda org-bullets org-ql ] ++
- # unstable
- [ smex org-mime orgit ]
- ) ++
-
- # stable
- (with epkgs.orgPackages ;
- [ org-plus-contrib ]) ++
-
- # stable
- (with epkgs.elpaPackages ;
- [ bbdb which-key ]);
-
-# ## EXWM related (unstable)
-# epkgs.exwm
-# epkgs.melpaPackages.desktop-environment
-# epkgs.melpaPackages.helm-exwm
-# ];
-
- emacsWithOverlay = pkgsWithOverlay.emacsWithPackagesFromUsePackage {
- config = builtins.readFile ./elisp/init.el;
- # Package is optional, defaults to pkgs.emacs
- package = pkgsWithOverlay.emacsGit;
- # Optionally provide extra packages not in the configuration file
- extraEmacsPackages = emacsPkgs;
- };
-
- myEmacs = pkgs.writeDashBin "my-emacs" ''
- exec ${emacsWithOverlay}/bin/emacs -q "$@"
- '';
-
- myEmacsWithDaemon = pkgs.writeDashBin "my-emacs-daemon" ''
- exec ${emacsWithOverlay}/bin/emacs -q --daemon -l ${./elisp/init.el}
- '';
-
- myEmacsClient = pkgs.writeDashBin "meclient" ''
- exec ${emacsWithOverlay}/bin/emacsclient --create-frame "$@"
- '';
-in {
- environment.systemPackages = [
- myEmacs myEmacsWithDaemon myEmacsClient emacsWithOverlay
- ];
-
-## EXWM Config
-# services.xserver = {
-# enable = true;
-# xkbOptions = "caps:super";
-# exportConfiguration = true;
-#
-# displayManager.slim.enable = true;
-# windowManager.default = "exwm";
-#
-# # Set up the login session
-# windowManager.session = [{
-# name = "exwm";
-# start = "${emacsWithOverlay}/bin/emacs -q -l " + builtins.toString ./elisp/init.el;
-# }];
-# };
-}
diff --git a/jeschli/2configs/firefox.nix b/jeschli/2configs/firefox.nix
deleted file mode 100644
index 1e1e16918..000000000
--- a/jeschli/2configs/firefox.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-
- wrapper = pkgs.callPackage ../5pkgs/firefox/firefox-with-config.nix { };
- myFirefox = wrapper pkgs.firefox-unwrapped {
-
- # these plugins are defined in 5pkgs/firefox
- extraExtensions = with pkgs ; [
- dark-reader
- https-everywhere
- ublock-origin
- audio-fingerprint-defender
- canvas-fingerprint-defender
- webgl-fingerprint-defender
- font-fingerprint-defender
- user-agent-switcher
- ];
-
- extraPolicies = {
- CaptivePortal = false;
- };
-
- disablePocket = true;
- disableFirefoxSync = true;
- allowNonSigned = true;
- clearDataOnShutdown = true;
- disableDrmPlugin = true;
-
-};
-
-in {
-
-
-environment.variables = {
- BROWSER = ["firefox"];
-};
-
-
-environment.systemPackages = with pkgs; [
- myFirefox
-];
-
-}
diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix
deleted file mode 100644
index faa8ccf5b..000000000
--- a/jeschli/2configs/git.nix
+++ /dev/null
@@ -1,78 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
-
- out = {
- services.nginx.enable = true;
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "keep calm and engage";
- };
- enable = true;
- };
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
- rules = rules;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
-
- repos = public-repos;
-
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
- stockholm = {
- cgit.desc = "Bonbon aus Git - die ganze Nacht";
- };
- krebs-page = {
- cgit.desc = "Die Krebs Page";
- };
- xmonad-stockholm = {
- cgit.desc = "XMonad Stockholm";
- };
- };
-
- make-public-repo = name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = true;
- hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- channel = "#xxx";
- nick = config.krebs.build.host.name;
- refs = [
- "refs/heads/master"
- ];
- server = "irc.r";
- verbose = true;
- };
- };
- };
-
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = [ jeschli jeschli-brauerei jeschli-bolide];
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional repo.public {
- user = attrValues config.krebs.users;
- repo = [ repo ];
- perm = fetch;
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- };
-
-in out
diff --git a/jeschli/2configs/haskell.nix b/jeschli/2configs/haskell.nix
deleted file mode 100644
index 46ae24fb0..000000000
--- a/jeschli/2configs/haskell.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, pkgs, ... }:
-let
- all-hies = import (fetchTarball "https://github.com/infinisil/all-hies/tarball/master") {};
-in
-{
- environment.systemPackages = with pkgs; [
- cabal2nix
- gcc
- ghc
- haskellPackages.cabal-install
- haskellPackages.ghcid
- haskellPackages.hindent
- haskellPackages.hlint
- haskellPackages.hoogle
- haskellPackages.stack
- (all-hies.selection { selector = p: {inherit (p) ghc864; }; })
- ];
-}
diff --git a/jeschli/2configs/home-manager/default.nix b/jeschli/2configs/home-manager/default.nix
deleted file mode 100644
index ad8663d58..000000000
--- a/jeschli/2configs/home-manager/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- imports = [
- <home-manager/nixos>
- ];
- home-manager.useUserPackages = true;
- home-manager.users.jeschli = {
- home.stateVersion = "19.03";
- };
-}
diff --git a/jeschli/2configs/i3.nix b/jeschli/2configs/i3.nix
deleted file mode 100644
index 1a6c4927a..000000000
--- a/jeschli/2configs/i3.nix
+++ /dev/null
@@ -1,247 +0,0 @@
-{pkgs, environment, config, lib, ... }:
-
-with pkgs;
-
-let
-
- i3_conf_file = pkgs.writeText "config" ''
-
- # i3 config file (v4)
- # doc: https://i3wm.org/docs/userguide.html
-
- set $mod Mod4
-
- # Font for window titles. Will also be used by the bar unless a different font
- # is used in the bar {} block below.
- font pango:monospace 8
-
- # Use Mouse+$mod to drag floating windows to their wanted position
- floating_modifier $mod
-
- # start a terminal
- bindsym $mod+Return exec i3-sensible-terminal
-
- # kill focused window
- bindsym $mod+Shift+q kill
-
- # start rofi program launcher
- bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run
- # Switch windows with rofi
- bindsym $mod+x exec ${pkgs.rofi}/bin/rofi -modi window -show window -auto-select
-
- # There also is the (new) i3-dmenu-desktop which only displays applications
- # shipping a .desktop file. It is a wrapper around dmenu, so you need that
- # installed.
- # bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
-
- # change focus
- bindsym $mod+j focus left
- bindsym $mod+k focus down
- bindsym $mod+l focus up
- bindsym $mod+semicolon focus right
-
- # alternatively, you can use the cursor keys:
- bindsym $mod+Left focus left
- bindsym $mod+Down focus down
- bindsym $mod+Up focus up
- bindsym $mod+Right focus right
-
- # move focused window
- bindsym $mod+Shift+j move left
- bindsym $mod+Shift+k move down
- bindsym $mod+Shift+l move up
- bindsym $mod+Shift+semicolon move right
-
- # alternatively, you can use the cursor keys:
- bindsym $mod+Shift+Left move left
- bindsym $mod+Shift+Down move down
- bindsym $mod+Shift+Up move up
- bindsym $mod+Shift+Right move right
-
- # split in horizontal orientation
- bindsym $mod+h split h
-
- # split in vertical orientation
- bindsym $mod+v split v
-
- # enter fullscreen mode for the focused container
- bindsym $mod+f fullscreen toggle
-
- # change container layout (stacked, tabbed, toggle split)
- bindsym $mod+s layout stacking
- bindsym $mod+w layout tabbed
- bindsym $mod+e layout toggle split
-
- # toggle tiling / floating
- bindsym $mod+Shift+space floating toggle
-
- # change focus between tiling / floating windows
- bindsym $mod+space focus mode_toggle
-
- # focus the parent container
- bindsym $mod+a focus parent
-
- # focus the child container
- #bindsym $mod+d focus child
-
- # Define names for default workspaces for which we configure key bindings later on.
- # We use variables to avoid repeating the names in multiple places.
- set $ws1 "1"
- set $ws2 "2"
- set $ws3 "3: Emacs"
- set $ws4 "4"
- set $ws5 "5"
- set $ws6 "6"
- set $ws7 "7"
- set $ws8 "8"
- set $ws9 "9"
- set $ws10 "10"
-
- assign [class="emacs"] $ws3
-
- # switch to workspace
- bindsym $mod+1 workspace $ws1
- bindsym $mod+2 workspace $ws2
- bindsym $mod+3 workspace $ws3
- bindsym $mod+4 workspace $ws4
- bindsym $mod+5 workspace $ws5
- bindsym $mod+6 workspace $ws6
- bindsym $mod+7 workspace $ws7
- bindsym $mod+8 workspace $ws8
- bindsym $mod+9 workspace $ws9
- bindsym $mod+0 workspace $ws10
-
- # move focused container to workspace
- bindsym $mod+Shift+1 move container to workspace $ws1
- bindsym $mod+Shift+2 move container to workspace $ws2
- bindsym $mod+Shift+3 move container to workspace $ws3
- bindsym $mod+Shift+4 move container to workspace $ws4
- bindsym $mod+Shift+5 move container to workspace $ws5
- bindsym $mod+Shift+6 move container to workspace $ws6
- bindsym $mod+Shift+7 move container to workspace $ws7
- bindsym $mod+Shift+8 move container to workspace $ws8
- bindsym $mod+Shift+9 move container to workspace $ws9
- bindsym $mod+Shift+0 move container to workspace $ws10
-
- # reload the configuration file
- bindsym $mod+Shift+c reload
- # restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
- bindsym $mod+Shift+r restart
- # exit i3 (logs you out of your X session)
- bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"
-
- # resize window (you can also use the mouse for that)
- mode "resize" {
- # These bindings trigger as soon as you enter the resize mode
-
- # Pressing left will shrink the window’s width.
- # Pressing right will grow the window’s width.
- # Pressing up will shrink the window’s height.
- # Pressing down will grow the window’s height.
- bindsym j resize shrink width 10 px or 10 ppt
- bindsym k resize grow height 10 px or 10 ppt
- bindsym l resize shrink height 10 px or 10 ppt
- bindsym semicolon resize grow width 10 px or 10 ppt
-
- # same bindings, but for the arrow keys
- bindsym Left resize shrink width 10 px or 10 ppt
- bindsym Down resize grow height 10 px or 10 ppt
- bindsym Up resize shrink height 10 px or 10 ppt
- bindsym Right resize grow width 10 px or 10 ppt
-
- # back to normal: Enter or Escape or $mod+r
- bindsym Return mode "default"
- bindsym Escape mode "default"
- bindsym $mod+r mode "default"
- }
-
- bindsym $mod+r mode "resize"
-
- bar {
- status_command i3status
- position top
- }
-
- #######################
- # #
- # AUTORUNS #
- # #
- #######################
- # Start firefox
- exec --no-startup-id ${pkgs.firefox}/bin/firefox --new-instance --setDefaultBrowser
-
- # Start my-emacs server
- exec --no-startup-id my-emacs-daemon
- '';
-
-in {
-
- #######################
- # #
- # AUTORANDR #
- # #
- #######################
-
- # Start autorandr on display change
- services.autorandr = {
- enable = true;
- defaultTarget = "mobile";
- };
-
- # What to execute after resolution has been changed
- environment.etc."xdg/autorandr/postswitch" = {
- text = '' sleep 4 && i3-msg "restart" '';
-
- };
-
- # Start autorandr once on startup
- systemd.user.services.boot-autorandr = {
- description = "Autorandr service";
- partOf = [ "graphical-session.target" ];
- wantedBy = [ "graphical-session.target" ];
- serviceConfig = {
- ExecStart = "${pkgs.autorandr}/bin/autorandr -c";
- Type = "oneshot";
- };
- };
-
-
-
- #######################
- # #
- # XSERVER #
- # #
- #######################
-services.xserver.enable = true;
-
- # Enable i3 Window Manager
- services.xserver.windowManager.i3 = {
- enable = true;
- package = pkgs.i3;
- configFile = i3_conf_file;
- };
-
-
- # ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name}
- # ${pkgs.xorg.xhost}/bin/xhost -LOCAL:
- services.xserver.windowManager.default = "i3";
- services.xserver.desktopManager.xterm.enable = false;
-
-
- # Enable the X11 windowing system.
- services.xserver.displayManager.lightdm.enable = true;
-
- # Allow users in video group to change brightness
- environment.systemPackages = with pkgs; [
- rofi # Dmenu replacement
- acpilight # Replacement for xbacklight
- brightnessctl
- arandr # Xrandr gui
- feh
- wirelesstools # To get wireless statistics
- acpi
- xorg.xhost
- xorg.xauth
- ];
-
-}
diff --git a/jeschli/2configs/officevpn.nix b/jeschli/2configs/officevpn.nix
deleted file mode 100644
index eb0477d51..000000000
--- a/jeschli/2configs/officevpn.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- nixpkgs.config.packageOverrides = pkgs: {
- openvpn = pkgs.openvpn.override { pkcs11Support = true; useSystemd = false;};
- };
-
- environment.systemPackages = with pkgs; [
- opensc
- openvpn
- yubikey-manager
- ];
-
- services.pcscd.enable = true;
-
- # To start the vpn manually execute
- # $ openvpn --config clien.ovpn
-}
-
diff --git a/jeschli/2configs/os-templates/CentOS-7-64bit.nix b/jeschli/2configs/os-templates/CentOS-7-64bit.nix
deleted file mode 100644
index fb34e94e2..000000000
--- a/jeschli/2configs/os-templates/CentOS-7-64bit.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-_:
-
-{
- imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
-
- boot.loader.grub = {
- device = "/dev/sda";
- splashImage = null;
- };
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
-
- fileSystems."/" = {
- device = "/dev/sda1";
- fsType = "ext4";
- };
-}
diff --git a/jeschli/2configs/python.nix b/jeschli/2configs/python.nix
deleted file mode 100644
index 0c32e1fc8..000000000
--- a/jeschli/2configs/python.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = with pkgs; [
- python37
- python37Packages.pip
- pipenv
- ];
-}
diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix
deleted file mode 100644
index f22609655..000000000
--- a/jeschli/2configs/retiolum.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
- krebs.tinc.retiolum = {
- enable = true;
- connectTo = [
- "prism"
- "gum"
- "ni"
- "dishfire"
- "enklave"
- ];
- };
-
- nixpkgs.config.packageOverrides = pkgs: {
- tinc = pkgs.tinc_pre;
- };
-
- networking.firewall.allowedTCPPorts = [ 80 655 ];
- networking.firewall.allowedUDPPorts = [ 655 ];
-
- environment.systemPackages = [
- pkgs.tinc
- ];
-}
diff --git a/jeschli/2configs/rust.nix b/jeschli/2configs/rust.nix
deleted file mode 100644
index 46addb15c..000000000
--- a/jeschli/2configs/rust.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = with pkgs; [
- rustup
- gcc
- ];
-}
diff --git a/jeschli/2configs/steam.nix b/jeschli/2configs/steam.nix
deleted file mode 100644
index 06a068a3f..000000000
--- a/jeschli/2configs/steam.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
- nixpkgs.config.steam.java = true;
- environment.systemPackages = with pkgs; [
- steam
- ];
- hardware.opengl.driSupport32Bit = true;
-
- #ports for inhome streaming
-}
diff --git a/jeschli/2configs/tests/dummy-secrets/empty b/jeschli/2configs/tests/dummy-secrets/empty
deleted file mode 100644
index e69de29bb..000000000
--- a/jeschli/2configs/tests/dummy-secrets/empty
+++ /dev/null
diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix
deleted file mode 100644
index 4049a47a3..000000000
--- a/jeschli/2configs/urxvt.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
- options.jeschliFontSize = mkOption {
- type = types.int;
- default = 12;
- };
- config = {
- services.urxvtd.enable = true;
- krebs.xresources.enable = true;
- krebs.xresources.resources.urxvt = ''
- *foreground: rgb:a8/a8/a8
- *background: rgb:00/00/00
- *faceName: DejaVu Sans Mono
- *faceSize: ${toString config.jeschliFontSize}
- *color0: rgb:00/00/00
- *color1: rgb:a8/00/00
- *color2: rgb:00/a8/00
- *color3: rgb:a8/54/00
- *color4: rgb:26/8b/d2
- *color5: rgb:a8/00/a8
- *color6: rgb:00/a8/a8
- *color7: rgb:a8/a8/a8
- *color8: rgb:54/54/54
- *color9: rgb:fc/54/54
- *color10: rgb:54/fc/54
- *color11: rgb:fc/fc/54
- *color12: rgb:54/54/fc
- *color13: rgb:fc/54/fc
- *color14: rgb:54/fc/fc
- *color15: rgb:fc/fc/fc
-
- URxvt*scrollBar: false
- URxvt*urgentOnBell: true
- URxvt*font: xft:DejaVu Sans Mono:pixelsize=${toString config.jeschliFontSize}
- URXvt*faceSize: ${toString config.jeschliFontSize}
- '';
- };
-}
diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix
deleted file mode 100644
index 586016f60..000000000
--- a/jeschli/2configs/vim.nix
+++ /dev/null
@@ -1,151 +0,0 @@
-{ config, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin {
- name = "vim-javascript";
- src = pkgs.fetchFromGitHub {
- owner = "pangloss";
- repo = "vim-javascript";
- rev = "1.2.5.1";
- sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7";
- };
- };
- customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin {
- name = "vim-jsx";
- src = pkgs.fetchFromGitHub {
- owner = "mxw";
- repo = "vim-jsx";
- rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a";
- sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a";
- };
- };
- customPlugins.vim-fileline = pkgs.vimUtils.buildVimPlugin {
- name = "file-line-1.0";
- src = pkgs.fetchFromGitHub {
- owner = "bogado";
- repo = "file-line";
- rev = "1.0";
- sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
- };
- };
-in {
- environment.systemPackages = [
- (pkgs.vim_configurable.customize {
- name = "vim";
- vimrcConfig.customRC = let
- colorscheme = ''colorscheme molokai'';
- highlightTrailingWhiteSpaces = ''
- au Syntax * syn match Garbage containedin=ALL /\s\+$/
- '';
- setStatements = ''
- set autowrite
- set clipboard=unnamedplus
- set listchars=trail:¶
- set mouse=a
- set nocompatible
- set path+=**
- set ruler
- set undodir=$HOME/.vim/undo "directory where the undo files will be stored
- set undofile "turn on the feature
- set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
- set wildmenu
- '';
- remapStatements = ''
- imap jk <Esc>
- map gr :GoRun<Enter> " Map gr to execute go run
- map tt :GoTest<Enter> " Map tt to execute go test
- map nf :NERDTreeToggle<CR>
- nnoremap <C-TAB> <c-w><c-w>
- nnoremap <S-TAB> :bnext<CR>
- noremap x "_x
- vmap v v
- '';
- settingsForGo = ''
- let g:go_decls_includes = "func,type"
- let g:go_def_mode = 'godef'
- let g:go_fmt_command = "goimports"
- let g:go_highlight_extra_types = 1
- let g:go_highlight_fields = 1
- let g:go_highlight_functions = 1
- let g:go_highlight_methods = 1
- let g:go_highlight_types = 1
- let g:go_list_type = "quickfix"
- let g:go_metalinter_autosave = 1
- let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
- let g:go_snippet_case_type = "camelcase"
- let g:go_test_timeout = '10s'
- let g:jsx_ext_required = 0
- let g:molokai_original = 1
- let g:rehash256 = 1
- '';
- settingsForElm = ''
- let g:polyglot_disabled = ['elm']
- let g:elm_detailed_complete = 1
- let g:elm_format_autosave = 1
- let g:elm_syntastic_show_warnings = 1
- '';
- in ''
- ${colorscheme}
- ${highlightTrailingWhiteSpaces}
- ${remapStatements}
- ${setStatements}
- ${settingsForElm}
- ${settingsForGo}
- " dont expand tabs in go files and show it with four whitespaces.
- autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
- '';
- vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
- vimrcConfig.vam.pluginDictionaries = [
- { names = [
- "ctrlp"
- "easymotion"
- "elm-vim"
- "vim-fileline"
- "molokai"
- "nerdtree"
- "snipmate"
- "surround"
- "Syntastic"
- "undotree"
- ];
- }
- { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
- { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode
- { names = [ "vim-javascript" ]; ft_regex = "^js\$"; }
- { names = [ "vim-jsx" ]; ft_regex = "^js\$"; }
- ];
- })
- ];
-
- # set up the directories up if they are not there.
-# Needs to be changed.
-# vim = let
-# dirs = {
-# backupdir = "$HOME/.cache/vim/backup";
-# swapdir = "$HOME/.cache/vim/swap";
-# undodir = "$HOME/.cache/vim/undo";
-# };
-# files = {
-# viminfo = "$HOME/.cache/vim/info";
-# };
-#
-# mkdirs = let
-# dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
-# in assert out != ""; out;
-# alldirs = attrValues dirs ++ map dirOf (attrValues files);
-# in unique (sort lessThan alldirs);
-# in
-# pkgs.symlinkJoin {
-# name = "vim";
-# paths = [
-# (pkgs.writeDashBin "vim" ''
-# set -efu
-# (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
-# exec ${pkgs.vim}/bin/vim "$@"
-# '')
-# pkgs.vim
-# ];
-# };
-
-}
diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix
deleted file mode 100644
index c9bb8c41f..000000000
--- a/jeschli/2configs/virtualbox.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.jeschli;
-
-in {
- #services.virtualboxHost.enable = true;
- virtualisation.virtualbox.host.enable = true;
-
- users.extraUsers = {
- virtual = {
- name = "virtual";
- description = "user for running VirtualBox";
- home = "/home/virtual";
- useDefaultShell = true;
- extraGroups = [ "vboxusers" "audio" ];
- createHome = true;
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(virtual) NOPASSWD: ALL
- '';
-}
diff --git a/jeschli/2configs/xdg.nix b/jeschli/2configs/xdg.nix
deleted file mode 100644
index 18bac9b38..000000000
--- a/jeschli/2configs/xdg.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
- environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
-
- systemd.tmpfiles.rules = let
- forUsers = flip map users;
- isUser = { name, group, ... }:
- name == "root" || hasSuffix "users" group;
- users = filter isUser (mapAttrsToList (_: id) config.users.users);
- in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -");
-}
diff --git a/jeschli/2configs/xserver/Xmodmap.nix b/jeschli/2configs/xserver/Xmodmap.nix
deleted file mode 100644
index d2b1b2604..000000000
--- a/jeschli/2configs/xserver/Xmodmap.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-pkgs.writeText "Xmodmap" ''
- !keycode 66 = Caps_Lock
- !remove Lock = Caps_Lock
- clear Lock
-
- ! caps lock
- keycode 66 = Mode_switch
-
- keycode 13 = 4 dollar EuroSign cent
- keycode 30 = u U udiaeresis Udiaeresis
- keycode 32 = o O odiaeresis Odiaeresis
- keycode 38 = a A adiaeresis Adiaeresis
- keycode 39 = s S ssharp
-
- keycode 33 = p P Greek_pi Greek_PI
- keycode 46 = l L Greek_lambda Greek_LAMBDA
-
- keycode 54 = c C cacute Cacute
-
- ! BULLET OPERATOR
- keycode 17 = 8 asterisk U2219
- keycode 27 = r R r U211D
-''
diff --git a/jeschli/2configs/xserver/Xresources.nix b/jeschli/2configs/xserver/Xresources.nix
deleted file mode 100644
index ebe7159ff..000000000
--- a/jeschli/2configs/xserver/Xresources.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-pkgs.writeText "Xresources" /* xdefaults */ ''
- Xcursor.theme: aero-large-drop
- Xcursor.size: 128
-
- URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}‘’"
- URxvt*eightBitInput: false
- URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
- URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
- URxvt*scrollBar: false
- URxvt*background: #050505
- URxvt*foreground: #d0d7d0
- URxvt*cursorColor: #f042b0
- URxvt*cursorColor2: #f0b000
- URxvt*cursorBlink: off
- URxvt*jumpScroll: true
- URxvt*allowSendEvents: false
- URxvt*charClass: 33:48,37:48,45-47:48,64:48,38:48,61:48,63:48
- URxvt*cutNewline: False
- URxvt*cutToBeginningOfLine: False
- URxvt*font: xft:Monospace:size=12
- URxvt*font: xft:Monospace:size=12:bold
- URxvt*color0: #232342
- URxvt*color3: #c07000
- URxvt*color4: #4040c0
- URxvt*color7: #c0c0c0
- URxvt*color8: #707070
- URxvt*color9: #ff6060
- URxvt*color10: #70ff70
- URxvt*color11: #ffff70
- URxvt*color12: #7070ff
- URxvt*color13: #ff50ff
- URxvt*color14: #70ffff
- URxvt*color15: #ffffff
-
- URxvt*iso14755: False
-
- URxvt*urgentOnBell: True
- URxvt*visualBell: True
-
- ! ref https://github.com/muennich/urxvt-perls
- URxvt*perl-ext: default,url-select
- URxvt*keysym.M-u: perl:url-select:select_next
- URxvt*url-select.underline: true
- URxvt*colorUL: #4682B4
- URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
- URxvt*saveLines: 10000
-
- root-urxvt*background: #230000
- root-urxvt*foreground: #e0c0c0
- root-urxvt*BorderColor: #400000
- root-urxvt*color0: #800000
-''
diff --git a/jeschli/2configs/xserver/default.nix b/jeschli/2configs/xserver/default.nix
deleted file mode 100644
index 44c35ca37..000000000
--- a/jeschli/2configs/xserver/default.nix
+++ /dev/null
@@ -1,130 +0,0 @@
-{ config, pkgs, ... }@args:
-with import <stockholm/lib>;
-let
- cfg = {
- cacheDir = cfg.dataDir;
- configDir = "/var/empty";
- dataDir = "/run/xdg/${cfg.user.name}/xmonad";
- user = config.krebs.users.jeschli;
- };
-in {
-
- environment.systemPackages = [
- pkgs.font-size
- pkgs.gitAndTools.qgit
- pkgs.mpv
- pkgs.sxiv
- pkgs.xdotool
- pkgs.xsel
- pkgs.zathura
- ];
-
- fonts.fonts = [
- pkgs.xlibs.fontschumachermisc
- ];
-
- # TODO dedicated group, i.e. with a single user [per-user-setuid]
- # TODO krebs.setuid.slock.path vs /run/wrappers/bin
- krebs.setuid.slock = {
- filename = "${pkgs.slock}/bin/slock";
- group = "wheel";
- envp = {
- DISPLAY = ":${toString config.services.xserver.display}";
- USER = cfg.user.name;
- };
- };
-
- systemd.services.display-manager.enable = false;
-
- systemd.services.xmonad = {
- wantedBy = [ "multi-user.target" ];
- requires = [ "xserver.service" ];
- environment = {
- DISPLAY = ":${toString config.services.xserver.display}";
-
- XMONAD_CACHE_DIR = cfg.cacheDir;
- XMONAD_CONFIG_DIR = cfg.configDir;
- XMONAD_DATA_DIR = cfg.dataDir;
-
- XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
- ${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
- ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
- ${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} &
- ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
- ${config.services.xserver.displayManager.sessionCommands}
- if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
- exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
- fi
- export DBUS_SESSION_BUS_ADDRESS
- ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
- wait
- '';
-
- # XXX JSON is close enough :)
- XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
- "dashboard" # we start here
- "stockholm"
- "pycharm"
- "chromium"
- "iRC"
- "git"
- "hipbird"
- ]);
- };
- serviceConfig = {
- SyslogIdentifier = "xmonad";
- ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [
- "\${XMONAD_CACHE_DIR}"
- "\${XMONAD_CONFIG_DIR}"
- "\${XMONAD_DATA_DIR}"
- ]}";
- ExecStart = "${pkgs.xmonad-jeschli}/bin/xmonad";
- ExecStop = "${pkgs.xmonad-jeschli}/bin/xmonad --shutdown";
- User = cfg.user.name;
- WorkingDirectory = cfg.user.home;
- };
- };
-
- systemd.services.xserver = {
- after = [
- "systemd-udev-settle.service"
- "local-fs.target"
- "acpid.service"
- ];
- reloadIfChanged = true;
- environment = {
- XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
- XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
- LD_LIBRARY_PATH = concatStringsSep ":" (
- [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
- ++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
- };
- serviceConfig = {
- SyslogIdentifier = "xserver";
- ExecReload = "${pkgs.coreutils}/bin/echo NOP";
- ExecStart = toString [
- "${pkgs.xorg.xorgserver}/bin/X"
- ":${toString config.services.xserver.display}"
- "vt${toString config.services.xserver.tty}"
- "-config ${import ./xserver.conf.nix args}"
- "-logfile /dev/null -logverbose 0 -verbose 3"
- "-nolisten tcp"
- "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
- ];
- };
- };
-
- systemd.services.urxvtd = {
- wantedBy = [ "multi-user.target" ];
- reloadIfChanged = true;
- serviceConfig = {
- SyslogIdentifier = "urxvtd";
- ExecReload = "${pkgs.coreutils}/bin/echo NOP";
- ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
- Restart = "always";
- RestartSec = "2s";
- StartLimitBurst = 0;
- User = cfg.user.name;
- };
- };
-}
diff --git a/jeschli/2configs/xserver/xserver.conf.nix b/jeschli/2configs/xserver/xserver.conf.nix
deleted file mode 100644
index 6f34e0150..000000000
--- a/jeschli/2configs/xserver/xserver.conf.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
- cfg = config.services.xserver;
-in
-
-pkgs.stdenv.mkDerivation {
- name = "xserver.conf";
-
- xfs = optionalString (cfg.useXFS != false)
- ''FontPath "${toString cfg.useXFS}"'';
-
- inherit (cfg) config;
-
- buildCommand =
- ''
- echo 'Section "Files"' >> $out
- echo $xfs >> $out
-
- for i in ${toString config.fonts.fonts}; do
- if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
- for j in $(find $i -name fonts.dir); do
- echo " FontPath \"$(dirname $j)\"" >> $out
- done
- fi
- done
-
- for i in $(find ${toString cfg.modules} -type d); do
- if test $(echo $i/*.so* | wc -w) -ne 0; then
- echo " ModulePath \"$i\"" >> $out
- fi
- done
-
- echo 'EndSection' >> $out
-
- echo "$config" >> $out
- '';
-}
diff --git a/jeschli/2configs/zsh.nix b/jeschli/2configs/zsh.nix
deleted file mode 100644
index 0f6775efb..000000000
--- a/jeschli/2configs/zsh.nix
+++ /dev/null
@@ -1,138 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- environment.systemPackages = [ pkgs.fzf ];
- programs.zsh = {
- enable = true;
- shellInit = ''
- #disable config wizard
- zsh-newuser-install() { :; }
- '';
- interactiveShellInit = ''
- setopt autocd extendedglob
- bindkey -e
-
- #history magic
- bindkey "" up-line-or-local-history
- bindkey "" down-line-or-local-history
-
- up-line-or-local-history() {
- zle set-local-history 1
- zle up-line-or-history
- zle set-local-history 0
- }
- zle -N up-line-or-local-history
- down-line-or-local-history() {
- zle set-local-history 1
- zle down-line-or-history
- zle set-local-history 0
- }
- zle -N down-line-or-local-history
-
- setopt share_history
- setopt hist_ignore_dups
- # setopt inc_append_history
- bindkey '^R' history-incremental-search-backward
-
- #C-x C-e open line in editor
- autoload -z edit-command-line
- zle -N edit-command-line
- bindkey "^X^E" edit-command-line
-
- #fzf inclusion
- source ${pkgs.fzf}/share/fzf/completion.zsh
- source ${pkgs.fzf}/share/fzf/key-bindings.zsh
-
- #completion magic
- autoload -Uz compinit
- compinit
- zstyle ':completion:*' menu select
-
- #enable automatic rehashing of $PATH
- zstyle ':completion:*' rehash true
-
- eval $(dircolors -b ${pkgs.fetchFromGitHub {
- owner = "trapd00r";
- repo = "LS_COLORS";
- rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
- sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
- }}/LS_COLORS)
-
- #beautiful colors
- alias ls='ls --color'
- # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
-
- #emacs bindings
- bindkey "[7~" beginning-of-line
- bindkey "[8~" end-of-line
- bindkey "Oc" emacs-forward-word
- bindkey "Od" emacs-backward-word
-
- #aliases
- alias ll='ls -l'
- alias la='ls -la'
-
- #fancy window title magic
- '';
- promptInit = ''
- # TODO: figure out why we need to set this here
- HISTSIZE=900001
- HISTFILESIZE=$HISTSIZE
- SAVEHIST=$HISTSIZE
-
- autoload -U promptinit
- promptinit
-
- p_error='%(?..%F{red}%?%f )'
- t_error='%(?..%? )'
-
- case $UID in
- 0)
- p_username='%F{red}root%f'
- t_username='root'
- ;;
- 1337)
- p_username=""
- t_username=""
- ;;
- *)
- p_username='%F{blue}%n%f'
- t_username='%n'
- ;;
- esac
-
- if test -n "$SSH_CLIENT"; then
- p_hostname='@%F{magenta}%M%f '
- t_hostname='@%M '
- else
- p_hostname=""
- t_hostname=""
- fi
-
- #check if in nix shell
- if test -n "$buildInputs"; then
- p_nixshell='%F{green}[s]%f '
- t_nixshell='[s] '
- else
- p_nixshell=""
- t_nixshell=""
- fi
-
- PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ "
- TITLE="$t_error$t_username$t_hostname$t_nixshell%~"
- case $TERM in
- (*xterm* | *rxvt*)
- function precmd {
- PROMPT_EVALED="$(print -P $TITLE)"
- echo -ne "\033]0;$$ $PROMPT_EVALED\007"
- }
- # This is seen while the shell waits for a command to complete.
- function preexec {
- PROMPT_EVALED="$(print -P $TITLE)"
- echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
- }
- ;;
- esac
- '';
- };
- users.defaultUserShell = "/run/current-system/sw/bin/zsh";
-}
diff --git a/jeschli/5pkgs/default.nix b/jeschli/5pkgs/default.nix
deleted file mode 100644
index 3fa5b5e85..000000000
--- a/jeschli/5pkgs/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-with import <stockholm/lib>;
-
-self: super:
-
-# Import files and subdirectories like they are overlays.
-foldl' mergeAttrs {}
- (map
- (name: import (./. + "/${name}") self super)
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (attrNames (readDir ./.))))
diff --git a/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix
deleted file mode 100644
index 05815e132..000000000
--- a/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ stdenv, fetchurl, unzip, jq, zip }:
-
-stdenv.mkDerivation rec {
- pname = "audio-fingerprint-defender-${version}";
- version = "0.1.3";
-
- extid = "@audio-fingerprint-defender";
- signed = false;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3363623/audiocontext_fingerprint_defender-${version}-an+fx.xpi";
- sha256 = "0yfk5vqwjg4g25c98psj56sw3kv8imxav3nss4hbibflgla1h5pb";
- };
-
- phases = [ "buildPhase" ];
-
- buildInputs = [ zip unzip jq ];
-
- buildPhase = ''
- mkdir -p $out/${extid}
- unzip ${src} -d $out/${extid}
- NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
- echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
- cd $out/${extid}
- zip -r -FS $out/${extid}.xpi *
- rm -r $out/${extid}
- '';
-
- meta = with stdenv.lib; {
- description = "Audio context fingerprint defender firefox browser addon";
- homepage = https://mybrowseraddon.com/audiocontext-defender.html;
- license = {
- fullName = "Mozilla Public License Version 2.0";
- shortName = "moz2";
- spdxId = "mozilla-2.0";
- url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix
deleted file mode 100644
index 21b4b3f97..000000000
--- a/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ stdenv, fetchurl, unzip, jq, zip }:
-
-stdenv.mkDerivation rec {
- pname = "canvas-fingerprint-defender-${version}";
- version = "0.1.5";
-
- extid = "@canvas-fingerprint-defender";
- signed = false;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3362272/canvas_fingerprint_defender-${version}-an+fx.xpi?src=recommended";
- sha256 = "1hg00zsrw7ij7bc222j83g2wm3ml1aj34zg5im1802cjq4qqvbld";
- };
-
- phases = [ "buildPhase" ];
-
- buildInputs = [ zip unzip jq ];
-
- buildPhase = ''
- mkdir -p $out/${extid}
- unzip ${src} -d $out/${extid}
- NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
- echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
- cd $out/${extid}
- zip -r -FS $out/${extid}.xpi *
- rm -r $out/${extid}
- '';
-
- meta = with stdenv.lib; {
- description = "Canvas fingerprint defender firefox browser addon";
- homepage = https://mybrowseraddon.com/webgl-defender.html;
- license = {
- fullName = "Mozilla Public License Version 2.0";
- shortName = "moz2";
- spdxId = "mozilla-2.0";
- url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/dark-reader/default.nix b/jeschli/5pkgs/firefox/dark-reader/default.nix
deleted file mode 100644
index 44f4f9054..000000000
--- a/jeschli/5pkgs/firefox/dark-reader/default.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ stdenv, fetchurl }:
-
-stdenv.mkDerivation rec {
- pname = "dark-reader-${version}";
- version = "4.8.1";
-
- extid = "addon@darkreader.org";
- signed = true;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3404143/dark_reader-${version}-an+fx.xpi";
- sha256 = "0ic0i56jhmxymvy68bs5hqcjvdvw3vks5r58i2ygmpsm190rlldb";
- };
-
- phases = [ "installPhase" ];
-
- installPhase = ''
- install -D ${src} "$out/${extid}.xpi"
- '';
-
- meta = with stdenv.lib; {
- description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing.";
- homepage = https://github.com/darkreader/darkreader;
- license = licenses.mit;
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/default.nix b/jeschli/5pkgs/firefox/default.nix
deleted file mode 100644
index 6ba4fec83..000000000
--- a/jeschli/5pkgs/firefox/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-with import <stockholm/lib>;
-
-self: super:
-
-let
- # This callPackage will try to detect obsolete overrides.
- callPackage = path: args: let
- override = self.callPackage path args;
- upstream = optionalAttrs (override ? "name")
- (super.${(parseDrvName override.name).name} or {});
- in if upstream ? "name" &&
- override ? "name" &&
- compareVersions upstream.name override.name != -1
- then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
- else override;
-in
-
- mapNixDir (path: callPackage path {}) ./.
diff --git a/jeschli/5pkgs/firefox/firefox-with-config.nix b/jeschli/5pkgs/firefox/firefox-with-config.nix
deleted file mode 100644
index fc22c434e..000000000
--- a/jeschli/5pkgs/firefox/firefox-with-config.nix
+++ /dev/null
@@ -1,487 +0,0 @@
-{ stdenv, lib, pkgs, makeDesktopItem, makeWrapper, lndir, replace, config
-
-## various stuff that can be plugged in
-, flashplayer, hal-flash
-, MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2
-, jrePlugin, icedtea_web
-, bluejeans, djview4, adobe-reader
-, fribid, gnome3/*.gnome-shell*/
-, esteidfirefoxplugin ? ""
-, browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow
-, udev
-, kerberos
-
-}:
-
-## configurability of the wrapper itself
-
-browser:
-
-let
- wrapper =
- { browserName ? browser.browserName or (builtins.parseDrvName browser.name).name
- , name ? (browserName + "-" + (builtins.parseDrvName browser.name).version)
- , desktopName ? # browserName with first letter capitalized
- (lib.toUpper (lib.substring 0 1 browserName) + lib.substring 1 (-1) browserName)
- , nameSuffix ? ""
- , icon ? browserName
- , extraPlugins ? []
- , extraPrefs ? ""
- , extraExtensions ? [ ]
- , allowNonSigned ? false
- , disablePocket ? false
- , disableTelemetry ? true
- , disableDrmPlugin ? false
- , showPunycodeUrls ? true
- , disableFirefoxStudies ? true
- , disableFirefoxSync ? false
- , useSystemCertificates ? true
- , dontCheckDefaultBrowser ? false
- # For more information about anti tracking
- # vist https://wiki.kairaven.de/open/app/firefox
- , activateAntiTracking ? true
- , disableFeedbackCommands ? true
- , disableDNSOverHTTPS ? true
- , disableGoogleSafebrowsing ? false
- , clearDataOnShutdown ? false
- , homepage ? "about:blank"
- # For more information about policies visit
- # https://github.com/mozilla/policy-templates#enterprisepoliciesenabled
- , extraPolicies ? {}
- , extraNativeMessagingHosts ? []
- , gdkWayland ? false
- }:
-
- assert gdkWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used
-
- let
-
- # If extraExtensions has been set disable manual extensions
- disableManualExtensions = if lib.count (x: true) extraExtensions > 0 then true else false;
-
- cfg = config.${browserName} or {};
- enableAdobeFlash = cfg.enableAdobeFlash or false;
- ffmpegSupport = browser.ffmpegSupport or false;
- gssSupport = browser.gssSupport or false;
- jre = cfg.jre or false;
- icedtea = cfg.icedtea or false;
- supportsJDK =
- stdenv.hostPlatform.system == "i686-linux" ||
- stdenv.hostPlatform.system == "x86_64-linux" ||
- stdenv.hostPlatform.system == "armv7l-linux" ||
- stdenv.hostPlatform.system == "aarch64-linux";
-
- plugins =
- assert !(jre && icedtea);
- if builtins.hasAttr "enableVLC" cfg
- then throw "The option \"${browserName}.enableVLC\" has been removed since Firefox no longer supports npapi plugins"
- else
- ([ ]
- ++ lib.optional enableAdobeFlash flashplayer
- ++ lib.optional (cfg.enableDjvu or false) (djview4)
- ++ lib.optional (cfg.enableMPlayer or false) (MPlayerPlugin browser)
- ++ lib.optional (supportsJDK && jre && jrePlugin ? mozillaPlugin) jrePlugin
- ++ lib.optional icedtea icedtea_web
- ++ lib.optional (cfg.enableFriBIDPlugin or false) fribid
- ++ lib.optional (cfg.enableGnomeExtensions or false) gnome3.gnome-shell
- ++ lib.optional (cfg.enableBluejeans or false) bluejeans
- ++ lib.optional (cfg.enableAdobeReader or false) adobe-reader
- ++ lib.optional (cfg.enableEsteid or false) esteidfirefoxplugin
- ++ extraPlugins
- );
- nativeMessagingHosts =
- ([ ]
- ++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass)
- ++ lib.optional (cfg.enableBukubrow or false) bukubrow
- ++ lib.optional (cfg.enableGnomeExtensions or false) chrome-gnome-shell
- ++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator
- ++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma-browser-integration
- ++ extraNativeMessagingHosts
- );
- libs = lib.optional stdenv.isLinux udev
- ++ lib.optional ffmpegSupport ffmpeg
- ++ lib.optional gssSupport kerberos
- ++ lib.optionals (cfg.enableQuakeLive or false)
- (with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsaLib zlib ])
- ++ lib.optional (enableAdobeFlash && (cfg.enableAdobeFlashDRM or false)) hal-flash
- ++ lib.optional (config.pulseaudio or true) libpulseaudio;
- gtk_modules = [ libcanberra-gtk2 ];
-
- enterprisePolicies =
- {
- policies = {
- DisableAppUpdate = true;
- } // lib.optionalAttrs disableManualExtensions (
- {
- ExtensionSettings = {
- "*" = {
- blocked_install_message = "You can't have manual extension mixed with nix extensions";
- installation_mode = "blocked";
- };
-
- } // lib.foldr (e: ret:
- ret // {
- "${e.extid}" = {
- installation_mode = "allowed";
- };
- }
- ) {} extraExtensions;
- }
- ) // lib.optionalAttrs disablePocket (
- {
- DisablePocket = true;
- }
- ) // lib.optionalAttrs disableTelemetry (
- {
- DisableTelemetry = true;
- }
- ) // lib.optionalAttrs disableFirefoxStudies (
- {
- DisableFirefoxStudies = true;
- }
- ) // lib.optionalAttrs disableFirefoxSync (
- {
- DisableFirefoxAccounts = true;
- }
- ) // lib.optionalAttrs useSystemCertificates (
- {
- # Disable useless firefox certificate store
- Certificates = {
- ImportEnterpriseRoots = true;
- };
- }
- ) // lib.optionalAttrs (
- if lib.count (x: true) extraExtensions > 0 then true else false) (
- {
- # Don't try to update nix installed addons
- DisableSystemAddonUpdate = true;
-
- # But update manually installed addons
- ExtensionUpdate = false;
- }
- ) // lib.optionalAttrs dontCheckDefaultBrowser (
- {
- DontCheckDefaultBrowser = true;
- }
- )// lib.optionalAttrs disableDNSOverHTTPS (
- {
- DNSOverHTTPS = {
- Enabled = false;
- };
- }
- ) // lib.optionalAttrs clearDataOnShutdown (
- {
- SanitizeOnShutdown = true;
- }
- ) // lib.optionalAttrs disableFeedbackCommands (
- {
- DisableFeedbackCommands = true;
- }
- ) // lib.optionalAttrs ( if homepage == "" then false else true) (
- {
- Homepage = {
- URL = homepage;
- Locked = true;
- };
- }
- ) // extraPolicies ;} ;
-
-
- extensions = builtins.map (a:
- if ! (builtins.hasAttr "signed" a) || ! (builtins.isBool a.signed) then
- throw "Addon ${a.pname} needs boolean attribute 'signed' "
- else if ! (builtins.hasAttr "extid" a) || ! (builtins.isString a.extid) then
- throw "Addon ${a.pname} needs a string attribute 'extid'"
- else if a.signed == false && !allowNonSigned then
- throw "Disable signature checking in firefox if you want ${a.pname} addon"
- else a
- ) extraExtensions;
-
- policiesJson = builtins.toFile "policies.json"
- (builtins.toJSON enterprisePolicies);
-
- mozillaCfg = builtins.toFile "mozilla.cfg" ''
- // First line must be a comment
-
- // Remove default top sites
- lockPref("browser.newtabpage.pinned", "");
- lockPref("browser.newtabpage.activity-stream.default.sites", "");
-
- // Deactivate first run homepage
- lockPref("browser.startup.firstrunSkipsHomepage", false);
-
- // If true, don't show the privacy policy tab on first run
- lockPref("datareporting.policy.dataSubmissionPolicyBypassNotification", true);
-
- ${
- if allowNonSigned == true then
- ''lockPref("xpinstall.signatures.required", false)''
- else
- ""
- }
-
- ${
- if showPunycodeUrls == true then
- ''
- lockPref("network.IDN_show_punycode", true);
- ''
- else
- ""
- }
-
- ${
- if disableManualExtensions == true then
- ''
- lockPref("extensions.getAddons.showPane", false);
- lockPref("extensions.htmlaboutaddons.recommendations.enabled", false);
- lockPref("app.update.auto", false);
- ''
- else
- ""
- }
-
- ${
- if disableDrmPlugin == true then
- ''
- lockPref("media.gmp-gmpopenh264.enabled", false);
- lockPref("media.gmp-widevinecdm.enabled", false);
- ''
- else
- ""
- }
-
- ${
- if activateAntiTracking == true then
- ''
- // Tracking
- lockPref("browser.send_pings", false);
- lockPref("browser.send_pings.require_same_host", true);
- lockPref("network.dns.disablePrefetch", true);
- lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false);
- lockPref("browser.search.geoip.url", "");
- lockPref("privacy.firstparty.isolate", true);
- lockPref("privacy.userContext.enabled", true);
- lockPref("privacy.userContext.ui.enabled", true);
- lockPref("privacy.firstparty.isolate.restrict_opener_access", false);
- lockPref("network.http.referer.XOriginPolicy", 1);
- lockPref("network.http.referer.hideOnionSource", true);
- lockPref(" privacy.spoof_english", true);
-
- // This option is currently not usable because of bug:
- // https://bugzilla.mozilla.org/show_bug.cgi?id=1557620
- // lockPref("privacy.resistFingerprinting", true);
- ''
- else ""
- }
- ${
- if disableTelemetry == true then
- ''
- // Telemetry
- lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false);
- lockPref("browser.ping-centre.telemetry", false);
- lockPref("devtools.onboarding.telemetry.logged", false);
- lockPref("toolkit.telemetry.archive.enabled", false);
- lockPref("toolkit.telemetry.bhrPing.enabled", false);
- lockPref("toolkit.telemetry.enabled", false);
- lockPref("toolkit.telemetry.firstShutdownPing.enabled", false);
- lockPref("toolkit.telemetry.hybridContent.enabled", false);
- lockPref("toolkit.telemetry.newProfilePing.enabled", false);
- lockPref("toolkit.telemetry.shutdownPingSender.enabled", false);
- lockPref("toolkit.telemetry.reportingpolicy.firstRun", false);
- lockPref("dom.push.enabled", false);
- lockPref("browser.newtabpage.activity-stream.feeds.snippets", false);
- lockPref("security.ssl.errorReporting.enabled", false);
- ''
- else ""
- }
-
- ${
- if disableGoogleSafebrowsing == true then
- ''
- // Google data sharing
- lockPref("browser.safebrowsing.blockedURIs.enabled", false);
- lockPref("browser.safebrowsing.downloads.enabled", false);
- lockPref("browser.safebrowsing.malware.enabled", false);
- lockPref("browser.safebrowsing.passwords.enabled", false);
- lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
- lockPref("browser.safebrowsing.malware.enabled", false);
- lockPref("browser.safebrowsing.phishing.enabled", false);
- lockPref("browser.safebrowsing.provider.mozilla.gethashURL", "");
- lockPref("browser.safebrowsing.provider.mozilla.updateURL", "");
- ''
- else ""
- }
-
- // User customization
- ${extraPrefs}
- '';
- in stdenv.mkDerivation {
- inherit name;
-
- desktopItem = makeDesktopItem {
- name = browserName;
- exec = "${browserName}${nameSuffix} %U";
- inherit icon;
- comment = "";
- desktopName = "${desktopName}${nameSuffix}${lib.optionalString gdkWayland " (Wayland)"}";
- genericName = "Web Browser";
- categories = "Application;Network;WebBrowser;";
- mimeType = stdenv.lib.concatStringsSep ";" [
- "text/html"
- "text/xml"
- "application/xhtml+xml"
- "application/vnd.mozilla.xul+xml"
- "x-scheme-handler/http"
- "x-scheme-handler/https"
- "x-scheme-handler/ftp"
- ];
- };
-
- nativeBuildInputs = [ makeWrapper lndir ];
- buildInputs = lib.optional (browser ? gtk3) browser.gtk3;
-
- buildCommand = lib.optionalString stdenv.isDarwin ''
- mkdir -p $out/Applications
- cp -R --no-preserve=mode,ownership ${browser}/Applications/${browserName}.app $out/Applications
- rm -f $out${browser.execdir or "/bin"}/${browserName}
- '' + ''
-
- # Link the runtime. The executable itself has to be copied,
- # because it will resolve paths relative to its true location.
- # Any symbolic links have to be replicated as well.
- cd "${browser}"
- find . -type d -exec mkdir -p "$out"/{} \;
-
- find . -type f \( -not -name "${browserName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \;
-
- find . -type f -name "${browserName}" -print0 | while read -d $'\0' f; do
- cp -P --no-preserve=mode,ownership "${browser}/$f" "$out/$f"
- chmod a+rwx "$out/$f"
- done
-
- # fix links and absolute references
- cd "${browser}"
-
- find . -type l -print0 | while read -d $'\0' l; do
- target="$(readlink "$l" | ${replace}/bin/replace-literal -es -- "${browser}" "$out")"
- ln -sfT "$target" "$out/$l"
- done
-
- # This will not patch binaries, only "text" files.
- # Its there for the wrapper mostly.
- cd "$out"
- ${replace}/bin/replace-literal -esfR -- "${browser}" "$out"
-
- # create the wrapper
-
- executablePrefix="$out${browser.execdir or "/bin"}"
- executablePath="$executablePrefix/${browserName}"
-
- if [ ! -x "$executablePath" ]
- then
- echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'"
- exit 1
- fi
-
- if [ ! -L "$executablePath" ]
- then
- # Careful here, the file at executablePath may already be
- # a wrapper. That is why we postfix it with -old instead
- # of -wrapped.
- oldExe="$executablePrefix"/".${browserName}"-old
- mv "$executablePath" "$oldExe"
- else
- oldExe="$(readlink -v --canonicalize-existing "$executablePath")"
- fi
-
-
- makeWrapper "$oldExe" "$out${browser.execdir or "/bin"}/${browserName}${nameSuffix}" \
- --suffix-each MOZ_PLUGIN_PATH ':' "$plugins" \
- --suffix LD_LIBRARY_PATH ':' "$libs" \
- --suffix-each GTK_PATH ':' "$gtk_modules" \
- --suffix-each LD_PRELOAD ':' "$(cat $(filterExisting $(addSuffix /extra-ld-preload $plugins)))" \
- --prefix-contents PATH ':' "$(filterExisting $(addSuffix /extra-bin-path $plugins))" \
- --suffix PATH ':' "$out${browser.execdir or "/bin"}" \
- --set MOZ_APP_LAUNCHER "${browserName}${nameSuffix}" \
- --set MOZ_SYSTEM_DIR "$out/lib/mozilla" \
- ${lib.optionalString gdkWayland ''
- --set GDK_BACKEND "wayland" \
- ''}${lib.optionalString (browser ? gtk3)
- ''--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
- --suffix XDG_DATA_DIRS : '${gnome3.adwaita-icon-theme}/share'
- ''
- }
-
- if [ -e "${browser}/share/icons" ]; then
- mkdir -p "$out/share"
- ln -s "${browser}/share/icons" "$out/share/icons"
- else
- for res in 16 32 48 64 128; do
- mkdir -p "$out/share/icons/hicolor/''${res}x''${res}/apps"
- icon=( "${browser}/lib/"*"/browser/chrome/icons/default/default''${res}.png" )
- if [ -e "$icon" ]; then ln -s "$icon" \
- "$out/share/icons/hicolor/''${res}x''${res}/apps/${browserName}.png"
- fi
- done
- fi
-
- install -D -t $out/share/applications $desktopItem/share/applications/*
-
- mkdir -p $out/lib/mozilla
- for ext in ${toString nativeMessagingHosts}; do
- lndir -silent $ext/lib/mozilla $out/lib/mozilla
- done
-
- # For manpages, in case the program supplies them
- mkdir -p $out/nix-support
- echo ${browser} > $out/nix-support/propagated-user-env-packages
-
- # user customization
- mkdir -p $out/lib/firefox
-
- # creating policies.json
- mkdir -p "$out/lib/firefox/distribution"
-
- cat > "$out/lib/firefox/distribution/policies.json" < ${policiesJson}
-
- # preparing for autoconfig
- mkdir -p "$out/lib/firefox/defaults/pref"
-
- cat > "$out/lib/firefox/defaults/pref/autoconfig.js" <<EOF
- pref("general.config.filename", "mozilla.cfg");
- pref("general.config.obscure_value", 0);
- EOF
-
- cat > "$out/lib/firefox/mozilla.cfg" < ${mozillaCfg}
-
- mkdir -p $out/lib/firefox/distribution/extensions
-
- for i in ${toString extensions}; do
- ln -s -t $out/lib/firefox/distribution/extensions $i/*
- done
- '';
-
- preferLocalBuild = true;
-
- # Let each plugin tell us (through its `mozillaPlugin') attribute
- # where to find the plugin in its tree.
- plugins = map (x: x + x.mozillaPlugin) plugins;
- libs = lib.makeLibraryPath libs + ":" + lib.makeSearchPathOutput "lib" "lib64" libs;
- gtk_modules = map (x: x + x.gtkModule) gtk_modules;
-
- passthru = { unwrapped = browser; };
-
- disallowedRequisites = [ stdenv.cc ];
-
- meta = browser.meta // {
- description =
- browser.meta.description
- + " (with plugins: "
- + lib.concatStrings (lib.intersperse ", " (map (x: x.name) plugins))
- + ")";
- hydraPlatforms = [];
- priority = (browser.meta.priority or 0) - 1; # prefer wrapper over the package
- };
- };
-in
- lib.makeOverridable wrapper
diff --git a/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix
deleted file mode 100644
index 26751beef..000000000
--- a/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ stdenv, fetchurl, unzip, jq, zip }:
-
-stdenv.mkDerivation rec {
- pname = "font-fingerprint-defender-${version}";
- version = "0.1.0";
-
- extid = "@font-fingerprint-defender";
- signed = false;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3387637/font_fingerprint_defender-${version}-an+fx.xpi";
- sha256 = "1aidkvisnx6qd7hn2x756rvzmbnaz6laqbwq0j5yd86g1kc56dr0";
- };
-
- phases = [ "buildPhase" ];
-
- buildInputs = [ zip unzip jq ];
-
- buildPhase = ''
- mkdir -p $out/${extid}
- unzip ${src} -d $out/${extid}
- NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
- echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
- cd $out/${extid}
- zip -r -FS $out/${extid}.xpi *
- rm -r $out/${extid}
- '';
-
- meta = with stdenv.lib; {
- description = "Font fingerprint defender firefox browser addon";
- homepage = https://mybrowseraddon.com/font-defender.html;
- license = {
- fullName = "Mozilla Public License Version 2.0";
- shortName = "moz2";
- spdxId = "mozilla-2.0";
- url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/hopper/default.nix b/jeschli/5pkgs/firefox/hopper/default.nix
deleted file mode 100644
index 569fc6aaf..000000000
--- a/jeschli/5pkgs/firefox/hopper/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ stdenv, fetchurl, pkgs, makeWrapper, lib }:
-
-stdenv.mkDerivation rec {
- name = "${pname}-${version}";
- pname = "hopper";
- version = "4.5.16";
- rev = "v${lib.versions.major version}";
-
- src = fetchurl {
- url = "https://d2ap6ypl1xbe4k.cloudfront.net/Hopper-${rev}-${version}-Linux.pkg.tar.xz";
- sha256 = "0gjnn7f6ibfx46k4bbj8ra7k04s0mrpq7316brgzks6x5yd1m584";
- };
-
- sourceRoot = ".";
-
- ldLibraryPath = with pkgs; stdenv.lib.makeLibraryPath [
-libbsd.out libffi.out gmpxx.out python27Full.out python27Packages.libxml2.out qt5.qtbase zlib xlibs.libX11.out xorg_sys_opengl.out xlibs.libXrender.out gcc-unwrapped.lib
- ];
-
- nativeBuildInputs = [ makeWrapper ];
-
- installPhase = ''
- mkdir -p $out/bin
- mkdir -p $out/lib
- mkdir -p $out/share
- cp $sourceRoot/opt/hopper-${rev}/bin/Hopper $out/bin/hopper
- cp -r $sourceRoot/opt/hopper-${rev}/lib $out
- cp -r $sourceRoot/usr/share $out/share
- patchelf \
- --set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \
- $out/bin/hopper
- # Details: https://nixos.wiki/wiki/Qt
- wrapProgram $out/bin/hopper \
- --suffix LD_LIBRARY_PATH : ${ldLibraryPath} \
- --suffix QT_PLUGIN_PATH : ${pkgs.qt5.qtbase}/lib/qt-${pkgs.qt5.qtbase.qtCompatVersion}/plugins
- '';
-
- meta = {
- homepage = "https://www.hopperapp.com/index.html";
- description = "A macOS and Linux Disassembler";
- license = stdenv.lib.licenses.unfree;
- maintainers = [ stdenv.lib.maintainers.luis ];
- platforms = stdenv.lib.platforms.linux;
- };
-}
diff --git a/jeschli/5pkgs/firefox/https-everywhere/default.nix b/jeschli/5pkgs/firefox/https-everywhere/default.nix
deleted file mode 100644
index 66fede43c..000000000
--- a/jeschli/5pkgs/firefox/https-everywhere/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ stdenv, fetchurl }:
-
-stdenv.mkDerivation rec {
- pname = "https-everywhere-${version}";
- version = "2019.6.27";
-
- extid = "https-everywhere@eff.org";
- signed = true;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3060290/https_everywhere-${version}-an+fx.xpi";
- sha256 = "0743lhn9phn7n6c0886h9ddn1n8vhzbl0vrw177zs43995aj3frp";
- };
-
- phases = [ "installPhase" ];
-
- installPhase = ''
- install -D ${src} "$out/${extid}.xpi"
-
- '';
-
- meta = {
- description = "Https everywhere browser addon";
- homepage = https://www.eff.org/https-everywhere;
- license = stdenv.lib.licenses.gpl2Plus;
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/pyocclient/default.nix b/jeschli/5pkgs/firefox/pyocclient/default.nix
deleted file mode 100644
index cd91f6171..000000000
--- a/jeschli/5pkgs/firefox/pyocclient/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ lib, python37Packages }:
-
-python37Packages.buildPythonPackage rec {
- pname = "pyocclient";
- version = "0.4";
-
- src = python37Packages.fetchPypi {
- inherit pname version;
- sha256 = "19k3slrk2idixsdw61in9a3jxglvkigkn5kvwl37lj8hrwr4yq6q";
- };
-
- doCheck = false;
-
- propagatedBuildInputs = with python37Packages; [
- requests
- six
- ];
-
- meta = with lib; {
- homepage = https://github.com/owncloud/pyocclient/;
- description = "Nextcloud / Owncloud library for python";
- license = licenses.mit;
- maintainers = with maintainers; [ ];
- };
-
-}
diff --git a/jeschli/5pkgs/firefox/rmount/default.nix b/jeschli/5pkgs/firefox/rmount/default.nix
deleted file mode 100644
index 22631f420..000000000
--- a/jeschli/5pkgs/firefox/rmount/default.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ stdenv, fetchgit, makeWrapper, lib, pkgs ? import <nixpkgs> {} }:
-with pkgs;
-
-stdenv.mkDerivation rec {
- name = "rmount-${version}";
- version = "1.0.1";
- rev = "v${version}";
-
- src = fetchgit {
- rev = "9df124780d2e66f01c70afaecf92090669c5ffb6";
- url = "https://github.com/Luis-Hebendanz/rmount";
- sha256 = "0ydb6sspfnfa3y6gg1r8sk4r58il6636lpqwb2rw7dzmb4b8hpd2";
- };
-
- buildInputs = [ stdenv makeWrapper ];
-
- installPhase = ''
- mkdir -p $out/bin
- mkdir -p $out/share/man/man1
- cp ${src}/rmount.man $out/share/man/man1/rmount.1
- cp ${src}/rmount.bash $out/bin/rmount-noenv
- cp ${src}/config.json $out/share/config.json
- chmod +x $out/bin/rmount-noenv
-
- makeWrapper $out/bin/rmount-noenv $out/bin/rmount \
- --prefix PATH : ${lib.makeBinPath [ nmap jq cifs-utils sshfs ]}
- '';
-
- meta = {
- homepage = "https://github.com/Luis-Hebendanz/rmount";
- description = "Remote mount utility which parses a json file";
- license = stdenv.lib.licenses.mit;
- };
-}
diff --git a/jeschli/5pkgs/firefox/ublock-origin/default.nix b/jeschli/5pkgs/firefox/ublock-origin/default.nix
deleted file mode 100644
index 002fa3efc..000000000
--- a/jeschli/5pkgs/firefox/ublock-origin/default.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ stdenv, fetchurl }:
-
-stdenv.mkDerivation rec {
- pname = "ublock-origin-${version}";
- version = "1.21.2";
-
- extid = "uBlock0@raymondhill.net";
- signed = true;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3361355/ublock_origin-${version}-an+fx.xpi";
- sha256 = "0ypdq3z61mrymknl37qlq6379bx9f2fsgbgr0czbhqs9f2vwszkc";
- };
-
- phases = [ "installPhase" ];
-
- installPhase = ''
- install -D ${src} "$out/${extid}.xpi"
- '';
-
- meta = with stdenv.lib; {
- description = "ublock origin firefox browser addon";
- homepage = https://github.com/gorhill/uBlock;
- license = licenses.gpl3;
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/user-agent-switcher/default.nix b/jeschli/5pkgs/firefox/user-agent-switcher/default.nix
deleted file mode 100644
index c96f11129..000000000
--- a/jeschli/5pkgs/firefox/user-agent-switcher/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ stdenv, fetchurl, unzip, jq, zip }:
-
-stdenv.mkDerivation rec {
- pname = "user-agent-switcher-${version}";
- version = "0.3.2";
-
- extid = "@user-agent-switcher";
- signed = false;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3370255/user_agent_switcher_and_manager-${version}-an+fx.xpi";
- sha256 = "0lrw1xf6fsxr47bifkayfxpysv8s2p9ghmbmw2s7ymhrgy42i6v5";
- };
-
- phases = [ "buildPhase" ];
-
- buildInputs = [ zip unzip jq ];
-
- buildPhase = ''
- mkdir -p $out/${extid}
- unzip ${src} -d $out/${extid}
- NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
- echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
- cd $out/${extid}
- zip -r -FS $out/${extid}.xpi *
- rm -r $out/${extid}
- '';
-
- meta = with stdenv.lib; {
- description = "User agent switcher";
- homepage = https://add0n.com/useragent-switcher.html;
- license = {
- fullName = "Mozilla Public License Version 2.0";
- shortName = "moz2";
- spdxId = "mozilla-2.0";
- url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix
deleted file mode 100644
index 4e608d182..000000000
--- a/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ stdenv, fetchurl, unzip, jq, zip }:
-
-stdenv.mkDerivation rec {
- pname = "webgl-fingerprint-defender-${version}";
- version = "0.1.2";
-
- extid = "@webgl-fingerprint-defender";
- signed = false;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3362869/webgl_fingerprint_defender-${version}-an+fx.xpi";
- sha256 = "06hfr5hxr4qw0jx6i9fi9gdk5211z08brnvqj2jlmpyc3dwl4pif";
- };
-
- phases = [ "buildPhase" ];
-
- buildInputs = [ zip unzip jq ];
-
- buildPhase = ''
- mkdir -p $out/${extid}
- unzip ${src} -d $out/${extid}
- NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
- echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
- cd $out/${extid}
- zip -r -FS $out/${extid}.xpi *
- rm -r $out/${extid}
- '';
-
- meta = with stdenv.lib; {
- description = "Canvas defender firefox browser addon";
- homepage = https://mybrowseraddon.com/webgl-defender.html;
- license = {
- fullName = "Mozilla Public License Version 2.0";
- shortName = "moz2";
- spdxId = "mozilla-2.0";
- url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/wl-clipboard/default.nix b/jeschli/5pkgs/firefox/wl-clipboard/default.nix
deleted file mode 100644
index 349d910da..000000000
--- a/jeschli/5pkgs/firefox/wl-clipboard/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig
-, wayland, wayland-protocols }:
-
-stdenv.mkDerivation rec {
- pname = "wl-clipboard";
- version = "2.0.0";
-
- src = fetchFromGitHub {
- owner = "bugaevc";
- repo = "wl-clipboard";
- rev = "v${version}";
- sha256 = "0c4w87ipsw09aii34szj9p0xfy0m00wyjpll0gb0aqmwa60p0c5d";
- };
-
- nativeBuildInputs = [ meson ninja pkgconfig wayland-protocols ];
- buildInputs = [ wayland ];
-
- meta = with stdenv.lib; {
- description = "Command-line copy/paste utilities for Wayland";
- homepage = https://github.com/bugaevc/wl-clipboard;
- license = licenses.gpl3;
- maintainers = with maintainers; [ dywedir ];
- platforms = platforms.linux;
- };
-}
diff --git a/jeschli/5pkgs/simple/default.nix b/jeschli/5pkgs/simple/default.nix
deleted file mode 100644
index 6ba4fec83..000000000
--- a/jeschli/5pkgs/simple/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-with import <stockholm/lib>;
-
-self: super:
-
-let
- # This callPackage will try to detect obsolete overrides.
- callPackage = path: args: let
- override = self.callPackage path args;
- upstream = optionalAttrs (override ? "name")
- (super.${(parseDrvName override.name).name} or {});
- in if upstream ? "name" &&
- override ? "name" &&
- compareVersions upstream.name override.name != -1
- then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
- else override;
-in
-
- mapNixDir (path: callPackage path {}) ./.
diff --git a/jeschli/default.nix b/jeschli/default.nix
deleted file mode 100644
index b57932719..000000000
--- a/jeschli/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-{
- imports = [
- ../krebs
- ./2configs
- ];
-
- nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
-}
diff --git a/jeschli/krops.nix b/jeschli/krops.nix
deleted file mode 100644
index 242f1f7bb..000000000
--- a/jeschli/krops.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ name }: let
- inherit (import ../krebs/krops.nix { inherit name; })
- krebs-source
- lib
- pkgs
- ;
-
- source = { test }: lib.evalSource [
- (krebs-source { test = test; })
- {
- nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
- nixpkgs-unstable.git = {
- url = "https://github.com/nixos/nixpkgs";
- ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
- };
- secrets = if test then {
- file = toString ./2configs/tests/dummy-secrets;
- } else {
- file = "${lib.getEnv "HOME"}/secrets/${name}";
- };
- }
- {
- home-manager.git = {
- url = https://github.com/rycee/home-manager;
- ref = "2ccbf43";
- };
- }
- ];
-
-in {
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
- deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
- source = source { test = false; };
- inherit target;
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
- test = { target }: pkgs.krops.writeTest "${name}-test" {
- force = true;
- inherit target;
- source = source { test = true; };
- };
-}
diff --git a/kartei/default.nix b/kartei/default.nix
index 1b11f0fd5..6024e2351 100644
--- a/kartei/default.nix
+++ b/kartei/default.nix
@@ -1,15 +1,18 @@
-{ config, lib, ... }: {
- config = lib.mkMerge (map (path: { krebs = import path { inherit config; }; }) [
- ./dbalan
- ./jeschli
- ./kmein
- ./krebs
- ./lass
- ./makefu
- ./mic92
- ./others
- ./palo
- ./rtunreal
- ./tv
- ]);
+{ config, lib, ... }: let
+ removeTemplate =
+ # TODO don't remove during CI
+ lib.flip builtins.removeAttrs ["template"];
+in {
+ config =
+ lib.mkMerge
+ (lib.mapAttrsToList
+ (name: _type: let
+ path = ./. + "/${name}";
+ in {
+ krebs = import path { inherit config; };
+ })
+ (removeTemplate
+ (lib.filterAttrs
+ (_name: type: type == "directory")
+ (builtins.readDir ./.))));
}
diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix
index 6da73ff83..7419ba13f 100644
--- a/kartei/krebs/default.nix
+++ b/kartei/krebs/default.nix
@@ -15,7 +15,6 @@ with import ../../lib;
"test-all-krebs-modules"
] (name: {
inherit name;
- cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.73.57";
@@ -36,7 +35,6 @@ in {
hosts = mapAttrs hostDefaults ({
filebitch = {
ci = true;
- cores = 4;
nets = {
shack = {
ip4 = {
@@ -134,7 +132,6 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo ";
};
onebutton = {
- cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.0.101";
@@ -163,14 +160,21 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
};
ponte = {
- cores = 1;
owner = config.krebs.users.krebs;
+ extraZones = {
+ "krebsco.de" = /* bindzone */ ''
+ krebsco.de. 60 IN A ${config.krebs.hosts.ponte.nets.internet.ip4.addr}
+ '';
+ };
nets = rec {
internet = {
- ip4 = {
+ ip4 = rec {
addr = "141.147.36.79";
- prefix = "0.0.0.0/0";
+ prefix = "${addr}/32";
};
+ aliases = [
+ "ponte.i"
+ ];
};
retiolum = {
via = internet;
@@ -204,7 +208,6 @@ in {
};
puyak = {
ci = true;
- cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.77.2";
diff --git a/kartei/lass/blue.nix b/kartei/lass/blue.nix
new file mode 100644
index 000000000..ddec9553d
--- /dev/null
+++ b/kartei/lass/blue.nix
@@ -0,0 +1,40 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.77";
+ ip6.addr = r6 "b1ce";
+ aliases = [
+ "blue.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd
+ QwyX4PvVm9WItPmmNy+RE2y0Mf04LxZ7RLm5+e0wPuhXXQyhZ06CNd6tjeaKfXUc
+ sNeC1Vjuh1hsyYJLR5Xf/YRNJQKoaHjbkXGt+rSK7PPuCcsUPOSZSEAgHYVvcFzM
+ wWE4kTDcBZeISB4+yLmPIZXhnDImRRMEurFNRiocoMmEIu/zyYVq8rnlTl972Agu
+ PMGo1HqVxCouEWstRvtX5tJmV8yruRbH4tADAruLXErLLwUAx/AYDNRjY1TYYetJ
+ RoaxejmZVVIvR+hWaDLkHZO89+to6wS5IVChs1anFxMNN6Chq2v8Bb2Nyy1oG/H/
+ HzXxj1Rn7CN9es5Wl0UX4h9Zg+hfspoI75lQ509GLusYOyFwgmFF02eMpxgHBiWm
+ khSJzPkFdYJKUKaZI0nQEGGsFJOe/Se5jj70x3Q5XEuUoQqyahAqwQIYh6uwhbuP
+ 49RBPHpE+ry6smhUPLTitrRsqeBU4RZRNsUAYyCbwyAH1i+K3Q5PSovgPtlHVr2N
+ w+VZCzsrtOY2fxXw0e+mncrx/Qga62s4m6a/dyukA5RytA9f6bBsvSTqr7/EQTs6
+ ZEBoPudk7ULNEbfjmJtBkeG7wKIlpgzVg/JaCAwMuSgVjrpIHrZmjOVvmOwB8W6J
+ Ch/o7chVljAwW4JmyRnhZbMCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "vf3JzuLpEkjcwZtuJ/0M9Zjfp5ChKXvkORMXsZ4nJKL";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "b1ce";
+ aliases = [
+ "blue.w"
+ ];
+ wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U=";
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
+ syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
+}
diff --git a/kartei/lass/coaxmetal.nix b/kartei/lass/coaxmetal.nix
new file mode 100644
index 000000000..d32f279fe
--- /dev/null
+++ b/kartei/lass/coaxmetal.nix
@@ -0,0 +1,42 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.17";
+ ip6.addr = r6 "17";
+ aliases = [
+ "coaxmetal.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
+ xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK
+ gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU
+ WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek
+ ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32
+ G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F
+ G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO
+ IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX
+ K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE
+ 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly
+ bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo
+ l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "bEGgA5Wupw+Dgh6Ub7V21Y3wOmyspW1rKGrZsVhi3cO";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "17";
+ aliases = [
+ "coaxmetal.w"
+ ];
+ wireguard.pubkey = ''
+ lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38=
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET ";
+ syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ";
+}
diff --git a/kartei/lass/daedalus.nix b/kartei/lass/daedalus.nix
new file mode 100644
index 000000000..891cbd293
--- /dev/null
+++ b/kartei/lass/daedalus.nix
@@ -0,0 +1,33 @@
+{ r6, w6, ... }:
+{
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.133.115";
+ ip6.addr = r6 "daed";
+ aliases = [
+ "daedalus.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8
+ 5hz7go+l3Z7IhTc/HbpGFJ5QJJNFSuSpLfZVyi+cKAUVheTivIniHFIRw37JbJ4+
+ qWTlVe3uvOiZ0cA9S6LrbzqAUTLbH0JlWj36mvGIPICDr9YSEkIUKbenxjJlIpX8
+ ECEBm8RU1aq3PUo/cVjmpqircynVJBbRCXZiHoxyLXNmh23d0fCPCabEYWhJhgaR
+ arkYRls5A14HGMI52F3ehnhED3k0mU8/lb4OzYgk34FjuZGmyRWIfrEKnqL4Uu2w
+ 3pmEvswG1WYG/3+YE80C5OpCE4BUKAzYSwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "ybmNcRLtZ0NxlxIRE3bdc2G4lLXtTGXu+iRaXMTKCNG";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "daed";
+ aliases = [
+ "daedalus.w"
+ ];
+ wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI=";
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
+}
diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix
index 0c314e9ec..de776fca0 100644
--- a/kartei/lass/default.nix
+++ b/kartei/lass/default.nix
@@ -3,6 +3,12 @@ with import ../../lib;
r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address;
w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address;
+ hostFiles =
+ builtins.map (lib.removeSuffix ".nix") (
+ builtins.filter
+ (x: lib.hasSuffix ".nix" x && x != "default.nix")
+ (lib.attrNames (builtins.readDir ./.))
+ );
in {
dns.providers = {
@@ -13,894 +19,10 @@ in {
consul = true;
ci = true;
monitoring = true;
- }) {
- dishfire = {
- cores = 4;
- nets = rec {
- internet = {
- ip4 = rec {
- addr = "157.90.232.92";
- prefix = "${addr}/32";
- };
- aliases = [
- "dishfire.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.133.99";
- ip6.addr = r6 "d15f:1233";
- aliases = [
- "dishfire.r"
- "grafana.lass.r"
- "prometheus.lass.r"
- "alert.lass.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
- Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
- uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
- R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
- vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
- HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- pubkey_ed25519 = "P+bhzhgTNdohWdec//t/e+8cI7zUOsS+Kq/AOtineAO";
- };
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
- };
- prism = rec {
- cores = 4;
- extraZones = {
- "krebsco.de" = ''
- cache IN A ${nets.internet.ip4.addr}
- p IN A ${nets.internet.ip4.addr}
- c IN A ${nets.internet.ip4.addr}
- paste IN A ${nets.internet.ip4.addr}
- prism IN A ${nets.internet.ip4.addr}
- '';
- "lassul.us" = ''
- $TTL 3600
- @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
- 60 IN NS ns16.ovh.net.
- 60 IN NS dns16.ovh.net.
- 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
- IN MX 5 mail.lassul.us.
- 60 IN TXT v=spf1 mx a:lassul.us -all
- 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
- default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
- cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- io 60 IN NS ions.lassul.us.
- ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- confusion 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- '';
- };
- nets = rec {
- internet = {
- ip4 = {
- addr = "95.216.1.150";
- prefix = "0.0.0.0/0";
- };
- ip6 = {
- addr = "2a01:4f9:2a:1e9::1";
- prefix = "2a01:4f9:2a:1e9::/64";
- };
- aliases = [
- "prism.i"
- "paste.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.0.103";
- ip6.addr = r6 "1";
- aliases = [
- "prism.r"
- "cache.prism.r"
- "cgit.prism.r"
- "bota.r"
- "flix.r"
- "jelly.r"
- "paste.r"
- "c.r"
- "p.r"
- "search.r"
- "radio-news.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje
- fxrKn67JbDb0cTAiDkI88alHBd8xeq2I6+CY90NT6PNVfsQBFx2v5YXafELXJWlo
- rBvPFrR7nt1VzmG/hzkY8RwgC8hC6jRn7cvWWPCkvm2ZnNtYqAjiYMcUcWv6Vn9Z
- ytPgkebDF9KpD8bL4vQu9iPZGNZpwncCw/Ix66oyTM6e24j/fTYgp7xn28wVUzUB
- wWDH0uMQOxyBGFutEvAQ48XZ+QQxZv+2ZGqWJ+MeXreUPNP5wTxFCQOrkR1EXNio
- /jgdHXtU5wVvqPwziukwwnfGJYUUHw7mjdo6ps5rch/aDxs0lahNc2TMbhr3rqgA
- BkXVfwDTt8W/PB6Z0Y/djXOlUmQKO39OgZuhsYzqM4Uj17up7CDY77SiQYrV901C
- 9CR5oFsAvV+WIMFUBc7ZZGPotJ9nZ2yyLQh+fT3sXuqFpGlyaI2SAm2edZUXKWQ5
- Q6AIyQRPkTNRCDuvXxIMdmOE++tBnyCI/Psn/Qet5gFcSsUMPhto8Yaka4SgJfyu
- 3iIojFUzskowLWt6dBOGm5brI/OaKz0gyw5K3Hb4T7Jz+EwoeJfhbdZYA6NIY+qH
- TGGl+47ffT+8e+1hvcAnO+bN5Br8WPN3+VD4FQD5yTb6pCFdZuL3QEyoKc9eugDb
- g/+rFOsI8bfVeH5zZrl6B6XJBLGeKEECf3zwE2JObO3IuwxATSkahx1jAEy+hFyZ
- kPwooGj03tkgVGc2AxgdHbfmNUbSVkO+m+ouBojikSrnFNKRTS/wZ69RVg3tl4qg
- 7F4Vs/aMQ9bSWycvRBZQXITPQ1Y6mCEUj2mSKVHmgy/5rqwz2va/Yc1zhUptcINo
- 7ztGiEzFMPGagkTs/Ntuqh2VbC/MwTao0BKl+gyCNwrACnNW87X4og2gtG3ukduz
- cnSupO84hdTrclthsSEH/rLUauBsuIch58S/F7KCz9hwK45+Btky7Kz4mf/pE451
- k88QfDHw/cTSzlESPnEnthrRnhxn0fW7FRwJpieKm2AmyEEjSiiYt8mUdD3teKj0
- dgYrcGQkCnhmKDawgcw46wstBG/sAKT8qnZPRmlzKpcCS186ffuobQvj42LSmuMu
- ToANi5pw2yEfzwLxNG/3whozB9rqwbqV/YAR/mthMxD0IXpLDKXlV1IeD7MfpV8i
- jx6SghnkX/s2F7UTOlwJYe/Gl1biLRB8EPnOZKadHR0BRWFd+Qz6pJDp0B13jT3/
- AEPNGXLwVjmdhy2TVec3OGL/CukPEdiW1Urw5lfOc9dacTXjTNTXzod7Ub6s7ZOE
- T7Y4dsVeW4OM7NmE/riqS3cG9obGWO7gIQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- pubkey_ed25519 = "XbBBPg+dtZM1LRN46VAujVKIC6VSo6nFoHo/1unbggO";
- };
- };
- wiregrill = {
- via = internet;
- ip4.addr = "10.244.1.103";
- ip6.addr = w6 "1";
- aliases = [
- "prism.w"
- ];
- wireguard = {
- pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
- subnets = [
- (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
- (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
- "10.244.1.0/24"
- ];
- };
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
- syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
- };
- mors = {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.2";
- ip6.addr = r6 "dea7";
- aliases = [
- "mors.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE
- H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R
- +P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+
- 1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa
- 9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU
- O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- pubkey_ed25519 = "kuh0cP/HjGOQ+NafR3zjmqp+RAnA59F4CgtzENj9/MM";
- };
- };
- wiregrill = {
- ip6.addr = w6 "dea7";
- aliases = [
- "mors.w"
- ];
- wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za3J3SQ=";
- };
- };
- secure = true;
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
- syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
- };
- shodan = {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.4";
- ip6.addr = r6 "50da";
- aliases = [
- "shodan.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT
- YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7
- ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF
- 7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4
- xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ
- V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- pubkey_ed25519 = "Ptc5VuYkRd5+zHibZwNe3DEgGHHvAk0Ul00dW1YXsrC";
- };
- };
- wiregrill = {
- ip6.addr = w6 "50da";
- ip4.addr = "10.244.1.4";
- aliases = [
- "shodan.w"
- ];
- wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30=";
- };
- };
- secure = true;
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
- syncthing.id = "AU5RTWC-HXNMDRT-TN4ZHXY-JMQ6EQB-4ZPOZL7-AICZMCZ-LNS2XXQ-DGTI2Q6";
- };
- icarus = {
- cores = 2;
- nets = rec {
- retiolum = {
- ip4.addr = "10.243.133.114";
- ip6.addr = r6 "1205";
- aliases = [
- "icarus.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr
- Q4CeN+pi2SZHEOiRm3jO8sOkGlv4I1WGs/nOu5Beb4/8wFH6wbm4cqXTqH/qFwCK
- 7+9Bke8TUaoDj9E4ol9eyOx6u8Cto3ZRAUi6m1ilrfs1szFGS5ZX7mxI73uhki6t
- k6Zb5sa9G8WLcLPIN7tk3Nd0kofd/smwxSN0mXoTgbAf1DZ3Fnkgox/M5VnwpPW7
- zLzbWNFyLIgDGbQ5vZBlJW7c4O0KrMlftvEQ80GeZXaKNt6UK7LSAQ4Njn+8sXTt
- gl0Dx29bSPU3L8udj0Vu6ul7CiQ5bZzUCQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- pubkey_ed25519 = "vUc/ynOlNqB7a+sr0BmfdRv0dATtGZTjsU2qL2yGInK";
- };
- };
- wiregrill = {
- ip6.addr = w6 "1205";
- aliases = [
- "icarus.w"
- ];
- wireguard.pubkey = "mVe3YdlWOlVF5+YD5vgNha3s03dv6elmNVsARtPLXQQ=";
- };
- };
- secure = true;
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
- syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4";
- };
- daedalus = {
- cores = 2;
- nets = rec {
- retiolum = {
- ip4.addr = "10.243.133.115";
- ip6.addr = r6 "daed";
- aliases = [
- "daedalus.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8
- 5hz7go+l3Z7IhTc/HbpGFJ5QJJNFSuSpLfZVyi+cKAUVheTivIniHFIRw37JbJ4+
- qWTlVe3uvOiZ0cA9S6LrbzqAUTLbH0JlWj36mvGIPICDr9YSEkIUKbenxjJlIpX8
- ECEBm8RU1aq3PUo/cVjmpqircynVJBbRCXZiHoxyLXNmh23d0fCPCabEYWhJhgaR
- arkYRls5A14HGMI52F3ehnhED3k0mU8/lb4OzYgk34FjuZGmyRWIfrEKnqL4Uu2w
- 3pmEvswG1WYG/3+YE80C5OpCE4BUKAzYSwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- pubkey_ed25519 = "ybmNcRLtZ0NxlxIRE3bdc2G4lLXtTGXu+iRaXMTKCNG";
- };
- };
- wiregrill = {
- ip6.addr = w6 "daed";
- aliases = [
- "daedalus.w"
- ];
- wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI=";
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
- };
- skynet = {
- cores = 2;
- nets = rec {
- retiolum = {
- ip4.addr = "10.243.133.116";
- ip6.addr = r6 "5ce7";
- aliases = [
- "skynet.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX
- Ic457utOSGxTE+90yXXez2DD9llJMMyd+O06lHJ7CxtbJGBNr3jwoUZVCdBuuo5B
- p9XfhXU9l9fUsbc1+a/cDjPBhQv8Uqmc6tOX+52H1aqZsa4W50c9Dv5vjsHgxCB0
- yiUd2MrKptCQTdmMM9Mf0XWKPPOuwpHpxaomlrpUz07LisFVGGHCflOvj5PAy8Da
- NC+AfNgR/76yfuYWcv4NPo9acjD9AIftS2c0tD3szyHBCGaYK/atKzIoBbFbOtMb
- mwG3B0X3UdphkqGDGsvT+66Kcv2jnKwL0wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- pubkey_ed25519 = "9s7eB16k7eAtHyneffTCmYR7s3mRpJqpVVjSPGaVKKN";
- };
- };
- wiregrill = {
- ip6.addr = w6 "5ce7";
- aliases = [
- "skynet.w"
- ];
- wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU=";
- };
- };
- secure = true;
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
- syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3";
- };
- littleT = {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.133.77";
- ip6.addr = r6 "771e";
- aliases = [
- "littleT.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF
- /m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY
- 1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO
- ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G
- sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR
- M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/
- Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT
- +cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY
- xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c
- aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm
- 7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v
- k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B
- idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ
- y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D
- SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i
- mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH
- PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB
- ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5
- Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS
- 8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt
- NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW
- 5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- pubkey_ed25519 = "rDnc4Ha+M6fyN5JU4lkV9NKfMBtIHOcG4/AUB9KodiP";
- };
- };
- wiregrill = {
- ip6.addr = w6 "771e";
- aliases = [
- "littleT.w"
- ];
- wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg=";
- };
- };
- secure = true;
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
- syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
- };
- xerxes = {
- cores = 2;
- consul = false;
- nets = rec {
- retiolum = {
- ip4.addr = "10.243.1.3";
- ip6.addr = r6 "3";
- aliases = [
- "xerxes.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
- MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
- gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
- /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
- mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
- X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
- +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
- hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
- 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
- H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
- JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
- hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
- SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
- 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
- vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
- Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
- scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
- jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
- Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
- /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
- bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
- sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- pubkey_ed25519 = "PRtxFg/zw8dmwEGEM+u28N5GWuGNiHSNlaieplVSqQK";
- };
- };
- wiregrill = {
- ip6.addr = w6 "3";
- aliases = [
- "xerxes.w"
- ];
- wireguard.pubkey = "UTm8B8YUVvBGqwwxAUMVFsVQFQGQ6jbcXAavZ8LxYT8=";
- };
- };
- secure = true;
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
- syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
- };
- yellow = {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.14";
- ip6.addr = r6 "3110";
- aliases = [
- "yellow.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
- MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY
- b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU
- Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd
- OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP
- vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6
- C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp
- Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU
- 52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg
- zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p
- DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ
- Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- pubkey_ed25519 = "qZBhDSW6ir1/w6lOngg2feCZj9W9AfifEMlKXcOb5QE";
- };
- };
- wiregrill = {
- ip6.addr = w6 "3110";
- aliases = [
- "yellow.w"
- ];
- wireguard.pubkey = "YeWbR3mW+nOVBE7bcNSzF5fjj9ppd8OGHBJqERAUVxU=";
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
- };
- blue = {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.77";
- ip6.addr = r6 "b1ce";
- aliases = [
- "blue.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd
- QwyX4PvVm9WItPmmNy+RE2y0Mf04LxZ7RLm5+e0wPuhXXQyhZ06CNd6tjeaKfXUc
- sNeC1Vjuh1hsyYJLR5Xf/YRNJQKoaHjbkXGt+rSK7PPuCcsUPOSZSEAgHYVvcFzM
- wWE4kTDcBZeISB4+yLmPIZXhnDImRRMEurFNRiocoMmEIu/zyYVq8rnlTl972Agu
- PMGo1HqVxCouEWstRvtX5tJmV8yruRbH4tADAruLXErLLwUAx/AYDNRjY1TYYetJ
- RoaxejmZVVIvR+hWaDLkHZO89+to6wS5IVChs1anFxMNN6Chq2v8Bb2Nyy1oG/H/
- HzXxj1Rn7CN9es5Wl0UX4h9Zg+hfspoI75lQ509GLusYOyFwgmFF02eMpxgHBiWm
- khSJzPkFdYJKUKaZI0nQEGGsFJOe/Se5jj70x3Q5XEuUoQqyahAqwQIYh6uwhbuP
- 49RBPHpE+ry6smhUPLTitrRsqeBU4RZRNsUAYyCbwyAH1i+K3Q5PSovgPtlHVr2N
- w+VZCzsrtOY2fxXw0e+mncrx/Qga62s4m6a/dyukA5RytA9f6bBsvSTqr7/EQTs6
- ZEBoPudk7ULNEbfjmJtBkeG7wKIlpgzVg/JaCAwMuSgVjrpIHrZmjOVvmOwB8W6J
- Ch/o7chVljAwW4JmyRnhZbMCAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- pubkey_ed25519 = "vf3JzuLpEkjcwZtuJ/0M9Zjfp5ChKXvkORMXsZ4nJKL";
- };
- };
- wiregrill = {
- ip6.addr = w6 "b1ce";
- aliases = [
- "blue.w"
- ];
- wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U=";
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
- syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
- };
-
- green = {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.66";
- ip6.addr = r6 "12ee";
- aliases = [
- "green.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk
- uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx
- ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477
- n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI
- hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6
- m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6
- BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1
- pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy
- 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk
- UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA
- udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT
- 3MVh92sFyMVYkJcL7SISk80CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- pubkey_ed25519 = "WfH8ULtWklOFK6htphdSSL46vHn6TkJIhsvK9fK+4+C";
- };
- };
- wiregrill = {
- ip6.addr = w6 "12ee";
- aliases = [
- "green.w"
- ];
- wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk=";
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 ";
- syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
- };
-
- massulus = {
- cores = 1;
- ci = false;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.113";
- ip6.addr = r6 "113";
- aliases = [
- "massulus.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt
- ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN
- ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K
- zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3
- F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e
- v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd
- kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF
- LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW
- EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb
- KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl
- oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00
- yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM";
- port = 1655;
- };
- };
- wiregrill = {
- ip6.addr = w6 "113";
- aliases = [
- "massulus.w"
- ];
- wireguard.pubkey = ''
- 4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ=
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 ";
- };
-
- phone = {
- consul = false;
- nets = {
- wiregrill = {
- ip4.addr = "10.244.1.13";
- ip6.addr = w6 "a";
- aliases = [
- "phone.w"
- ];
- wireguard.pubkey = "FY4PB8E/RC2JvtLgq/IDyMmZ9Ln6pz6eGyoytmUFMgk=";
- };
- };
- external = true;
- ci = false;
- syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
- };
- tablet = {
- consul = false;
- nets = {
- wiregrill = {
- ip4.addr = "10.244.1.14";
- ip6.addr = w6 "b";
- aliases = [
- "tablet.w"
- ];
- wireguard.pubkey = "eIafsxYEFCqmWNFon6ZsYXeDrK4X1UJ9KD0zmNZjgEI=";
- };
- };
- external = true;
- ci = false;
- };
- hilum = {
- consul = false;
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.20.123";
- ip6.addr = r6 "005b";
- aliases = [
- "hilum.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb
- pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi
- V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c
- SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh
- 4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE
- saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz
- vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY
- 8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ
- wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3
- RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh
- Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl
- 87b8jfJNXlKFW+EBxBxN2uECAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- pubkey_ed25519 = "9D50r3DmftSe2L++jPktQRbcCrE4sEazMewgbQbodRH";
- };
- };
- wiregrill = {
- ip6.addr = w6 "005b";
- aliases = [
- "hilum.w"
- ];
- wireguard.pubkey = ''
- 0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw=
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w";
- syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC";
- };
- styx = {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.11.1";
- ip6.addr = r6 "111";
- aliases = [
- "styx.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn
- ETYrLu/TJjq5iSQx/JbbonJriMS3X/0+m8JREzeol67svQDuZEXTEg5EfEldxrrU
- aZpNmTSmFbj2NLLCIfNBL/oLOvg9ElzhN+f+4jvakfEKi7Y7LekV25VVGrHbOEVE
- 3G6XWfHx5qO5Vd6kqNWQKD3LG38aZ/Lx9XYDMbujYxPGCtOsabtAz8BKo/RgOZzi
- 6A/54RFhdecJm0VoQk3iKpp2YqyCN6dLfJVLil4cREs4sW6nDyF4Y4l3dtZdfskq
- m/MoZt6fwOjNIKuI9DGdU4/X1hQelnemstzxY5x1XwG52cz+ww0h7pMF2aggsHqn
- Vmaq3b0fXrbn066Ybkbhz3UEIU9zKQGYaANGCnXxbvkd5lWbIN60GEXGE3zYJSAt
- EH3FLDTGa27fTNgAnbdnSV40KWKN4FM0iY/xrt3aOXfneTP9S2fqzTVEL9vd04C/
- 7RWvRjvZ7mlAi+kVKSHkOibFVjeo+Z4Pvw5YxCAavrjXCiWj8zP8o3MNWcq/bMao
- Uk9zBMXymm8zX43w5LNnhf59oitBjiY/mzZ3NDI9N3szMvJsaUEnhO4Kq1CWtMs2
- 6/TpEyRSmen1UmNwgKKFx3rELuctwMmNbOLL8cGLotEBhIk7vnZKD7NvLVX7xtOF
- wzhy2N6a3ypB4XqM7dBzzAUCAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- pubkey_ed25519 = "yVT5nQstw+o5P0ZoBK81G7sL6nQEBwg42wyBn6ogZgK";
- };
- };
- wiregrill = {
- ip6.addr = w6 "111";
- aliases = [
- "styx.w"
- ];
- wireguard.pubkey = ''
- 0BZfd8f0pZMRfyoHrdYZY0cR5zfFvJcS8gQLn6xGuFs=
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
- syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN";
- };
-
- coaxmetal = {
- cores = 16;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.17";
- ip6.addr = r6 "17";
- aliases = [
- "coaxmetal.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
- xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK
- gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU
- WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek
- ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32
- G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F
- G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO
- IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX
- K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE
- 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly
- bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo
- l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- pubkey_ed25519 = "bEGgA5Wupw+Dgh6Ub7V21Y3wOmyspW1rKGrZsVhi3cO";
- };
- };
- wiregrill = {
- ip6.addr = w6 "17";
- aliases = [
- "coaxmetal.w"
- ];
- wireguard.pubkey = ''
- lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38=
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET ";
- syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ";
- };
-
- echelon = {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.3";
- ip6.addr = r6 "4";
- aliases = [
- "echelon.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxTpl0YvJWiF9cAYeAdp
- 1gG18vrSeYDpmVCsZmxi2qyeWNM4JGSVPYoagyKHSDGH60xvktRh/1Zat+1hHR0A
- MAjDIENn9hAICQ8lafnm2v3+xzLNoTMJTYG3eba2MlJpAH0rYP0E5xBhQj9DCSAe
- UpEZWAwCKDCOmg/9h0gvs3kh0HopwjOE1IEzApgg05Yuhna96IATVdBAC7uF768V
- rJZNkQRvhetGxB459C58uMdcRK3degU6HMpZIXjJk6bqkzKBMm7C3lsAfaWulfez
- gavFSHC15NbHkz+fcVZNZReJhfTHP7k05xo5vYpDhszdUSjc3MtWBmk5v9zdS1pO
- c+20a1eurr1EPoYBqjQL0tLBwuQc2tN5XqJKVY5LGAnojAI6ktPKPLR6qZHC4Kna
- dgJ/S1BzHVxniYh3/rEzhXioneZ6oZgO+65WtsS42WAvh/53U/Q3chgI074Jssze
- ev09+zU8Xj0vX/7KpRKy5Vln6RGkQbKAIt7TZL5cJALswQDzcCO4WTv1X5KoG3+D
- KfTMfl9HzFsv59uHKlUqUguN5e8CLdmjgU1v2WvHBCw1PArIE8ZC0Tu2bMi5i9Vq
- GHxVn9O4Et5yPocyQtE4zOfGfqwR/yNa//Zs1b6DxQ73tq7rbBQaAzq7lxW6Ndbr
- 43jjLL40ONdFxX7qW/DhT9MCAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- pubkey_ed25519 = "LgJ7+/sq7t+Ym/DjJrWesIpUw1Lw7bxPi0XFHtsVWLB";
- };
- };
- wiregrill = {
- ip6.addr = w6 "3";
- aliases = [
- "echelon.w"
- ];
- wireguard.pubkey = ''
- SLdk0lph2rSFU+3dyrWDU1CT/oU+HPcOVYeGVIgDpEc=
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd ";
- syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ";
- };
-
- lasspi = {
- consul = false;
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.1.89";
- ip6.addr = r6 "189";
- aliases = [
- "lasspi.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3zUXIiw8/9okrGaxlAR1
- JvoXNxAzLj5wwE2B0A+9ppev7Vl52HJarNoM6+0RN4aZDGMhDWg8J5ZQSdGUNm5F
- CIdxE1TwLXxzW5nd7BIb+MVsjtw0pxId7Gxq6Wgtx1QljUdsp8OVrJActqsmXYMl
- oYEWdENHRONYTCyhs+Kd18MERyxQCqOXOnD170iaFuCcHiIa2nSOtlk+aIPNIE/P
- Qsp7Q0RCRvqd5LszsI7bp3gZL9mgGquQEW+3ZxSaIYHGTdK/zI4PHYpEa7IvdJFS
- BJjJj+PbilnSxy7iL826O8ckxBqA0rNS0EynCKCI0DoVimCeklk20vLagDyXiDyC
- VW2774j1rF35eIowPTBVJNfquEptNDl9MLV3MC2P8gnCZp5x+7dEwpqsvecBQ7Z8
- +Ry9JZ/zlWi5qT86SrwKKqJqRhWHjZZSRzWdo4ypaNOy0cKHb2DcVfgn38Kf16xs
- QM11XLCRE8VLIVl5UFgrF6q/0f8JP1BG8RO90NDsLwIW/EwKiJ9OGFtayvxkmgHP
- zgmzgws8cn50762OPkp4OVzVexN77d9N8GU9QXAlsFyn2FJlO26DvFON4fHIf0bP
- 6lqI1Up2jAy0eSl2txlxxKbKRlkIaebHulhxIxQ1djA+xPb/5cfasom9Qqwf6/Lc
- 287nChBcbY+HlshTe0lZdrkCAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- pubkey_ed25519 = "vSCHU+/BkoCo6lL5OmikALKBWgkRY8JRo4q8ZZRd5EG";
- };
- };
- wiregrill = {
- ip6.addr = w6 "189";
- aliases = [
- "lasspi.w"
- ];
- wireguard.pubkey = ''
- IIBAiG7jZEliQJJsNUQswLsB5FQFkAfq5IwyHAp71Vw=
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjYOaTQE9OvvIaWWjO+3/uSy7rvnhnJA48rWYeB2DfB";
- };
-
- domsen-pixel = {
- consul = false;
- nets = {
- wiregrill = {
- ip4.addr = "10.244.1.17";
- ip6.addr = w6 "d0";
- aliases = [
- "domsen-pixel.w"
- ];
- wireguard.pubkey = "cGuBSB1DftIsanbxrSG/i4FiC+TmQrs+Z0uE6SPscHY=";
- };
- };
- external = true;
- ci = false;
- };
-
- };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ }) (
+ lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") { inherit config krebs lib r6 w6; })
+ );
users = rec {
lass = lass-yubikey;
lass-yubikey = {
@@ -916,6 +38,10 @@ in {
mail = "lass@green.r";
pubkey = builtins.readFile ./ssh/green.ed25519;
};
+ lass-red = {
+ mail = "lass@red.r";
+ pubkey = builtins.readFile ./ssh/red.ed25519;
+ };
lass-mors = {
mail = "lass@mors.r";
pubkey = builtins.readFile ./ssh/mors.rsa;
diff --git a/kartei/lass/dishfire.nix b/kartei/lass/dishfire.nix
new file mode 100644
index 000000000..548320584
--- /dev/null
+++ b/kartei/lass/dishfire.nix
@@ -0,0 +1,40 @@
+{ r6, w6, ... }:
+{
+ nets = rec {
+ internet = {
+ ip4 = rec {
+ addr = "157.90.232.92";
+ prefix = "${addr}/32";
+ };
+ aliases = [
+ "dishfire.i"
+ ];
+ ssh.port = 45621;
+ };
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.133.99";
+ ip6.addr = r6 "d15f:1233";
+ aliases = [
+ "dishfire.r"
+ "grafana.lass.r"
+ "prometheus.lass.r"
+ "alert.lass.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
+ Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
+ uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
+ R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
+ vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
+ HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "P+bhzhgTNdohWdec//t/e+8cI7zUOsS+Kq/AOtineAO";
+ };
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
+}
diff --git a/kartei/lass/domsen-pixel.nix b/kartei/lass/domsen-pixel.nix
new file mode 100644
index 000000000..66785f8bd
--- /dev/null
+++ b/kartei/lass/domsen-pixel.nix
@@ -0,0 +1,16 @@
+{ r6, w6, ... }:
+{
+ consul = false;
+ nets = {
+ wiregrill = {
+ ip4.addr = "10.244.1.17";
+ ip6.addr = w6 "d0";
+ aliases = [
+ "domsen-pixel.w"
+ ];
+ wireguard.pubkey = "cGuBSB1DftIsanbxrSG/i4FiC+TmQrs+Z0uE6SPscHY=";
+ };
+ };
+ external = true;
+ ci = false;
+}
diff --git a/kartei/lass/echelon.nix b/kartei/lass/echelon.nix
new file mode 100644
index 000000000..d66033ba4
--- /dev/null
+++ b/kartei/lass/echelon.nix
@@ -0,0 +1,42 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.3";
+ ip6.addr = r6 "4";
+ aliases = [
+ "echelon.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxTpl0YvJWiF9cAYeAdp
+ 1gG18vrSeYDpmVCsZmxi2qyeWNM4JGSVPYoagyKHSDGH60xvktRh/1Zat+1hHR0A
+ MAjDIENn9hAICQ8lafnm2v3+xzLNoTMJTYG3eba2MlJpAH0rYP0E5xBhQj9DCSAe
+ UpEZWAwCKDCOmg/9h0gvs3kh0HopwjOE1IEzApgg05Yuhna96IATVdBAC7uF768V
+ rJZNkQRvhetGxB459C58uMdcRK3degU6HMpZIXjJk6bqkzKBMm7C3lsAfaWulfez
+ gavFSHC15NbHkz+fcVZNZReJhfTHP7k05xo5vYpDhszdUSjc3MtWBmk5v9zdS1pO
+ c+20a1eurr1EPoYBqjQL0tLBwuQc2tN5XqJKVY5LGAnojAI6ktPKPLR6qZHC4Kna
+ dgJ/S1BzHVxniYh3/rEzhXioneZ6oZgO+65WtsS42WAvh/53U/Q3chgI074Jssze
+ ev09+zU8Xj0vX/7KpRKy5Vln6RGkQbKAIt7TZL5cJALswQDzcCO4WTv1X5KoG3+D
+ KfTMfl9HzFsv59uHKlUqUguN5e8CLdmjgU1v2WvHBCw1PArIE8ZC0Tu2bMi5i9Vq
+ GHxVn9O4Et5yPocyQtE4zOfGfqwR/yNa//Zs1b6DxQ73tq7rbBQaAzq7lxW6Ndbr
+ 43jjLL40ONdFxX7qW/DhT9MCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "LgJ7+/sq7t+Ym/DjJrWesIpUw1Lw7bxPi0XFHtsVWLB";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "3";
+ aliases = [
+ "echelon.w"
+ ];
+ wireguard.pubkey = ''
+ SLdk0lph2rSFU+3dyrWDU1CT/oU+HPcOVYeGVIgDpEc=
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd ";
+ syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ";
+}
diff --git a/kartei/lass/green.nix b/kartei/lass/green.nix
new file mode 100644
index 000000000..1c5d0aead
--- /dev/null
+++ b/kartei/lass/green.nix
@@ -0,0 +1,40 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.66";
+ ip6.addr = r6 "12ee";
+ aliases = [
+ "green.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk
+ uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx
+ ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477
+ n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI
+ hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6
+ m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6
+ BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1
+ pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy
+ 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk
+ UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA
+ udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT
+ 3MVh92sFyMVYkJcL7SISk80CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "WfH8ULtWklOFK6htphdSSL46vHn6TkJIhsvK9fK+4+C";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "12ee";
+ aliases = [
+ "green.w"
+ ];
+ wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk=";
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 ";
+ syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
+}
diff --git a/kartei/lass/hilum.nix b/kartei/lass/hilum.nix
new file mode 100644
index 000000000..27fd0620a
--- /dev/null
+++ b/kartei/lass/hilum.nix
@@ -0,0 +1,43 @@
+{ r6, w6, ... }:
+{
+ consul = false;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.20.123";
+ ip6.addr = r6 "005b";
+ aliases = [
+ "hilum.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb
+ pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi
+ V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c
+ SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh
+ 4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE
+ saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz
+ vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY
+ 8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ
+ wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3
+ RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh
+ Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl
+ 87b8jfJNXlKFW+EBxBxN2uECAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "9D50r3DmftSe2L++jPktQRbcCrE4sEazMewgbQbodRH";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "005b";
+ aliases = [
+ "hilum.w"
+ ];
+ wireguard.pubkey = ''
+ 0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw=
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w";
+ syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC";
+}
diff --git a/kartei/lass/icarus.nix b/kartei/lass/icarus.nix
new file mode 100644
index 000000000..c19d4e15c
--- /dev/null
+++ b/kartei/lass/icarus.nix
@@ -0,0 +1,35 @@
+{ r6, w6, ... }:
+{
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.133.114";
+ ip6.addr = r6 "1205";
+ aliases = [
+ "icarus.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr
+ Q4CeN+pi2SZHEOiRm3jO8sOkGlv4I1WGs/nOu5Beb4/8wFH6wbm4cqXTqH/qFwCK
+ 7+9Bke8TUaoDj9E4ol9eyOx6u8Cto3ZRAUi6m1ilrfs1szFGS5ZX7mxI73uhki6t
+ k6Zb5sa9G8WLcLPIN7tk3Nd0kofd/smwxSN0mXoTgbAf1DZ3Fnkgox/M5VnwpPW7
+ zLzbWNFyLIgDGbQ5vZBlJW7c4O0KrMlftvEQ80GeZXaKNt6UK7LSAQ4Njn+8sXTt
+ gl0Dx29bSPU3L8udj0Vu6ul7CiQ5bZzUCQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "vUc/ynOlNqB7a+sr0BmfdRv0dATtGZTjsU2qL2yGInK";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "1205";
+ aliases = [
+ "icarus.w"
+ ];
+ wireguard.pubkey = "mVe3YdlWOlVF5+YD5vgNha3s03dv6elmNVsARtPLXQQ=";
+ };
+ };
+ secure = true;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
+ syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4";
+}
diff --git a/kartei/lass/lasspi.nix b/kartei/lass/lasspi.nix
new file mode 100644
index 000000000..aab44bc5e
--- /dev/null
+++ b/kartei/lass/lasspi.nix
@@ -0,0 +1,42 @@
+{ r6, w6, ... }:
+{
+ consul = false;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.1.89";
+ ip6.addr = r6 "189";
+ aliases = [
+ "lasspi.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3zUXIiw8/9okrGaxlAR1
+ JvoXNxAzLj5wwE2B0A+9ppev7Vl52HJarNoM6+0RN4aZDGMhDWg8J5ZQSdGUNm5F
+ CIdxE1TwLXxzW5nd7BIb+MVsjtw0pxId7Gxq6Wgtx1QljUdsp8OVrJActqsmXYMl
+ oYEWdENHRONYTCyhs+Kd18MERyxQCqOXOnD170iaFuCcHiIa2nSOtlk+aIPNIE/P
+ Qsp7Q0RCRvqd5LszsI7bp3gZL9mgGquQEW+3ZxSaIYHGTdK/zI4PHYpEa7IvdJFS
+ BJjJj+PbilnSxy7iL826O8ckxBqA0rNS0EynCKCI0DoVimCeklk20vLagDyXiDyC
+ VW2774j1rF35eIowPTBVJNfquEptNDl9MLV3MC2P8gnCZp5x+7dEwpqsvecBQ7Z8
+ +Ry9JZ/zlWi5qT86SrwKKqJqRhWHjZZSRzWdo4ypaNOy0cKHb2DcVfgn38Kf16xs
+ QM11XLCRE8VLIVl5UFgrF6q/0f8JP1BG8RO90NDsLwIW/EwKiJ9OGFtayvxkmgHP
+ zgmzgws8cn50762OPkp4OVzVexN77d9N8GU9QXAlsFyn2FJlO26DvFON4fHIf0bP
+ 6lqI1Up2jAy0eSl2txlxxKbKRlkIaebHulhxIxQ1djA+xPb/5cfasom9Qqwf6/Lc
+ 287nChBcbY+HlshTe0lZdrkCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "vSCHU+/BkoCo6lL5OmikALKBWgkRY8JRo4q8ZZRd5EG";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "189";
+ aliases = [
+ "lasspi.w"
+ ];
+ wireguard.pubkey = ''
+ IIBAiG7jZEliQJJsNUQswLsB5FQFkAfq5IwyHAp71Vw=
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjYOaTQE9OvvIaWWjO+3/uSy7rvnhnJA48rWYeB2DfB";
+}
diff --git a/kartei/lass/littleT.nix b/kartei/lass/littleT.nix
new file mode 100644
index 000000000..297d2dc62
--- /dev/null
+++ b/kartei/lass/littleT.nix
@@ -0,0 +1,51 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.133.77";
+ ip6.addr = r6 "771e";
+ aliases = [
+ "littleT.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF
+ /m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY
+ 1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO
+ ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G
+ sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR
+ M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/
+ Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT
+ +cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY
+ xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c
+ aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm
+ 7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v
+ k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B
+ idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ
+ y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D
+ SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i
+ mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH
+ PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB
+ ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5
+ Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS
+ 8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt
+ NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW
+ 5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "rDnc4Ha+M6fyN5JU4lkV9NKfMBtIHOcG4/AUB9KodiP";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "771e";
+ aliases = [
+ "littleT.w"
+ ];
+ wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg=";
+ };
+ };
+ secure = true;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
+ syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
+}
diff --git a/kartei/lass/massulus.nix b/kartei/lass/massulus.nix
new file mode 100644
index 000000000..6876e02b9
--- /dev/null
+++ b/kartei/lass/massulus.nix
@@ -0,0 +1,44 @@
+{ r6, w6, ... }:
+{
+ ci = false;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.113";
+ ip6.addr = r6 "113";
+ aliases = [
+ "massulus.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt
+ ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN
+ ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K
+ zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3
+ F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e
+ v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd
+ kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF
+ LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW
+ EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb
+ KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl
+ oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00
+ yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM";
+ port = 1655;
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "113";
+ aliases = [
+ "massulus.w"
+ ];
+ wireguard.pubkey = ''
+ 4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ=
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 ";
+ syncthing.id = "R2EGJ5S-PQMETUP-C2UGXQG-A6VP7TB-NGSN3MV-C7OGSWT-SZ34L3X-H6IF6AQ";
+}
diff --git a/kartei/lass/mors.nix b/kartei/lass/mors.nix
new file mode 100644
index 000000000..c483fe5a3
--- /dev/null
+++ b/kartei/lass/mors.nix
@@ -0,0 +1,35 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.2";
+ ip6.addr = r6 "dea7";
+ aliases = [
+ "mors.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE
+ H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R
+ +P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+
+ 1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa
+ 9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU
+ O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "kuh0cP/HjGOQ+NafR3zjmqp+RAnA59F4CgtzENj9/MM";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "dea7";
+ aliases = [
+ "mors.w"
+ ];
+ wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za3J3SQ=";
+ };
+ };
+ secure = true;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
+ syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
+}
diff --git a/kartei/lass/neoprism.nix b/kartei/lass/neoprism.nix
new file mode 100644
index 000000000..74b8aca3c
--- /dev/null
+++ b/kartei/lass/neoprism.nix
@@ -0,0 +1,38 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.99";
+ ip6.addr = r6 "99";
+ aliases = [
+ "neoprism.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwQiPQT9XQkeAIMohNhIVH1Er73LS36JQu/bokNSAlgRjiHfmWVQw
+ hpmI0hO5ewI/HSxVH8MqITTjj8fp5+TOY5rxb3qj9SKGmoDpENw7g7BJsrpydu8+
+ hdvC4btCibAeTeaNqubPMoJLnwuh7NJ9ucYAcRU24FI6qR/Q973a3rzWYBfPd4w9
+ +Lq3ltFE4m6eLiL4ruQGR9Fc4HOJshJlUDUovGIC/98Fu468OuCaka4fR/IXD13O
+ khc5LfAzm2PLuD25YZRjw27Pv3txYOWzb9ZfI8BS+7WUg1nKPDVZErvj97OouqVH
+ binDgKLdLsamJgi+BrZs9uoxmXK9b459B3J6z4/d8dXTAW/cczqsODzsJnvw8IEE
+ u45Pm3sY49vmnNsVhDEIPad3ZDitgeWW6UVBR+EJHp+r1TZ8eLaeUTdV6x3zIrHv
+ dkobgI/0ynujSeMVzXA8cRDuLLVz0CwvNQ9FWzciZw4prOPjUDeSaOlIISOD4q8O
+ u/jRfaIzPuQNyQN/0B9gUacHOGkQ3sZ33gFt1j6YdfjWnHn2Ddxm99nXfYUo82oC
+ tEMui/7Vtj5G9dqDCzEacECvKqNVY2MRq5gpX+X5IwSbNc/vmykqhuDB5fzZWXRD
+ AmRfNCsuFCw3EehPWkdH9JJxysBa52sAB387CL44bJ2rfRglTAKZYNUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "/k2/hpq3XdSKfPPSAolfIx/AUgtKNF6kgv+WRTKtMqG";
+ };
+ wiregrill = {
+ ip6.addr = w6 "99";
+ aliases = [
+ "neoprism.w"
+ ];
+ wireguard.pubkey = ''
+ lhMJvEZOREjCSS3BbBxel0dJ3Mxjj0m82sUXqyYlUx0=
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEljpF/rqA2o9CcZny8Kdg1Ij9JmHsmuS/ii+HS5T7rW ";
+}
diff --git a/kartei/lass/phone.nix b/kartei/lass/phone.nix
new file mode 100644
index 000000000..e4e0f58c1
--- /dev/null
+++ b/kartei/lass/phone.nix
@@ -0,0 +1,17 @@
+{ r6, w6, ... }:
+{
+ consul = false;
+ nets = {
+ wiregrill = {
+ ip4.addr = "10.244.1.13";
+ ip6.addr = w6 "a";
+ aliases = [
+ "phone.w"
+ ];
+ wireguard.pubkey = "FY4PB8E/RC2JvtLgq/IDyMmZ9Ln6pz6eGyoytmUFMgk=";
+ };
+ };
+ external = true;
+ ci = false;
+ syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
+}
diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix
new file mode 100644
index 000000000..c7965debf
--- /dev/null
+++ b/kartei/lass/prism.nix
@@ -0,0 +1,125 @@
+{ config, krebs, r6, w6, ... }:
+rec {
+ extraZones = {
+ "krebsco.de" = ''
+ cache 60 IN A ${nets.internet.ip4.addr}
+ p 60 IN A ${nets.internet.ip4.addr}
+ c 60 IN A ${nets.internet.ip4.addr}
+ paste 60 IN A ${nets.internet.ip4.addr}
+ prism 60 IN A ${nets.internet.ip4.addr}
+ social 60 IN A ${nets.internet.ip4.addr}
+ '';
+ "lassul.us" = ''
+ $TTL 3600
+ @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
+ 60 IN NS ns16.ovh.net.
+ 60 IN NS dns16.ovh.net.
+ 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
+ IN MX 5 mail.lassul.us.
+ 60 IN TXT "v=spf1 mx -all"
+ 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
+ default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
+ cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ cgit CNAME ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ io 60 IN NS ions.lassul.us.
+ ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ mail 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
+ flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ '';
+ };
+ nets = rec {
+ internet = {
+ ip4 = {
+ addr = "95.216.1.150";
+ prefix = "0.0.0.0/0";
+ };
+ ip6 = {
+ addr = "2a01:4f9:2a:1e9::1";
+ prefix = "2a01:4f9:2a:1e9::/64";
+ };
+ aliases = [
+ "prism.i"
+ "paste.i"
+ ];
+ ssh.port = 45621;
+ };
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.0.103";
+ ip6.addr = r6 "1";
+ aliases = [
+ "prism.r"
+ "cache.prism.r"
+ "cgit.prism.r"
+ "bota.r"
+ "flix.r"
+ "jelly.r"
+ "paste.r"
+ "c.r"
+ "p.r"
+ "search.r"
+ "radio-news.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje
+ fxrKn67JbDb0cTAiDkI88alHBd8xeq2I6+CY90NT6PNVfsQBFx2v5YXafELXJWlo
+ rBvPFrR7nt1VzmG/hzkY8RwgC8hC6jRn7cvWWPCkvm2ZnNtYqAjiYMcUcWv6Vn9Z
+ ytPgkebDF9KpD8bL4vQu9iPZGNZpwncCw/Ix66oyTM6e24j/fTYgp7xn28wVUzUB
+ wWDH0uMQOxyBGFutEvAQ48XZ+QQxZv+2ZGqWJ+MeXreUPNP5wTxFCQOrkR1EXNio
+ /jgdHXtU5wVvqPwziukwwnfGJYUUHw7mjdo6ps5rch/aDxs0lahNc2TMbhr3rqgA
+ BkXVfwDTt8W/PB6Z0Y/djXOlUmQKO39OgZuhsYzqM4Uj17up7CDY77SiQYrV901C
+ 9CR5oFsAvV+WIMFUBc7ZZGPotJ9nZ2yyLQh+fT3sXuqFpGlyaI2SAm2edZUXKWQ5
+ Q6AIyQRPkTNRCDuvXxIMdmOE++tBnyCI/Psn/Qet5gFcSsUMPhto8Yaka4SgJfyu
+ 3iIojFUzskowLWt6dBOGm5brI/OaKz0gyw5K3Hb4T7Jz+EwoeJfhbdZYA6NIY+qH
+ TGGl+47ffT+8e+1hvcAnO+bN5Br8WPN3+VD4FQD5yTb6pCFdZuL3QEyoKc9eugDb
+ g/+rFOsI8bfVeH5zZrl6B6XJBLGeKEECf3zwE2JObO3IuwxATSkahx1jAEy+hFyZ
+ kPwooGj03tkgVGc2AxgdHbfmNUbSVkO+m+ouBojikSrnFNKRTS/wZ69RVg3tl4qg
+ 7F4Vs/aMQ9bSWycvRBZQXITPQ1Y6mCEUj2mSKVHmgy/5rqwz2va/Yc1zhUptcINo
+ 7ztGiEzFMPGagkTs/Ntuqh2VbC/MwTao0BKl+gyCNwrACnNW87X4og2gtG3ukduz
+ cnSupO84hdTrclthsSEH/rLUauBsuIch58S/F7KCz9hwK45+Btky7Kz4mf/pE451
+ k88QfDHw/cTSzlESPnEnthrRnhxn0fW7FRwJpieKm2AmyEEjSiiYt8mUdD3teKj0
+ dgYrcGQkCnhmKDawgcw46wstBG/sAKT8qnZPRmlzKpcCS186ffuobQvj42LSmuMu
+ ToANi5pw2yEfzwLxNG/3whozB9rqwbqV/YAR/mthMxD0IXpLDKXlV1IeD7MfpV8i
+ jx6SghnkX/s2F7UTOlwJYe/Gl1biLRB8EPnOZKadHR0BRWFd+Qz6pJDp0B13jT3/
+ AEPNGXLwVjmdhy2TVec3OGL/CukPEdiW1Urw5lfOc9dacTXjTNTXzod7Ub6s7ZOE
+ T7Y4dsVeW4OM7NmE/riqS3cG9obGWO7gIQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "XbBBPg+dtZM1LRN46VAujVKIC6VSo6nFoHo/1unbggO";
+ };
+ };
+ wiregrill = {
+ via = internet;
+ ip4.addr = "10.244.1.103";
+ ip6.addr = w6 "1";
+ aliases = [
+ "prism.w"
+ ];
+ wireguard = {
+ pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
+ subnets = [
+ (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
+ (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
+ "10.244.1.0/24"
+ ];
+ };
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
+ syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
+}
diff --git a/kartei/lass/shodan.nix b/kartei/lass/shodan.nix
new file mode 100644
index 000000000..50ab86e6e
--- /dev/null
+++ b/kartei/lass/shodan.nix
@@ -0,0 +1,36 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.4";
+ ip6.addr = r6 "50da";
+ aliases = [
+ "shodan.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT
+ YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7
+ ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF
+ 7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4
+ xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ
+ V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "Ptc5VuYkRd5+zHibZwNe3DEgGHHvAk0Ul00dW1YXsrC";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "50da";
+ ip4.addr = "10.244.1.4";
+ aliases = [
+ "shodan.w"
+ ];
+ wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30=";
+ };
+ };
+ secure = true;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
+ syncthing.id = "AU5RTWC-HXNMDRT-TN4ZHXY-JMQ6EQB-4ZPOZL7-AICZMCZ-LNS2XXQ-DGTI2Q6";
+}
diff --git a/kartei/lass/skynet.nix b/kartei/lass/skynet.nix
new file mode 100644
index 000000000..2109d2e35
--- /dev/null
+++ b/kartei/lass/skynet.nix
@@ -0,0 +1,35 @@
+{ r6, w6, ... }:
+{
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.133.116";
+ ip6.addr = r6 "5ce7";
+ aliases = [
+ "skynet.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX
+ Ic457utOSGxTE+90yXXez2DD9llJMMyd+O06lHJ7CxtbJGBNr3jwoUZVCdBuuo5B
+ p9XfhXU9l9fUsbc1+a/cDjPBhQv8Uqmc6tOX+52H1aqZsa4W50c9Dv5vjsHgxCB0
+ yiUd2MrKptCQTdmMM9Mf0XWKPPOuwpHpxaomlrpUz07LisFVGGHCflOvj5PAy8Da
+ NC+AfNgR/76yfuYWcv4NPo9acjD9AIftS2c0tD3szyHBCGaYK/atKzIoBbFbOtMb
+ mwG3B0X3UdphkqGDGsvT+66Kcv2jnKwL0wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "9s7eB16k7eAtHyneffTCmYR7s3mRpJqpVVjSPGaVKKN";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "5ce7";
+ aliases = [
+ "skynet.w"
+ ];
+ wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU=";
+ };
+ };
+ secure = true;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
+ syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3";
+}
diff --git a/kartei/lass/ssh/red.ed25519 b/kartei/lass/ssh/red.ed25519
new file mode 100644
index 000000000..ee5d3e20e
--- /dev/null
+++ b/kartei/lass/ssh/red.ed25519
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp
diff --git a/kartei/lass/styx.nix b/kartei/lass/styx.nix
new file mode 100644
index 000000000..0b13c1184
--- /dev/null
+++ b/kartei/lass/styx.nix
@@ -0,0 +1,43 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.11.1";
+ ip6.addr = r6 "111";
+ aliases = [
+ "styx.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn
+ ETYrLu/TJjq5iSQx/JbbonJriMS3X/0+m8JREzeol67svQDuZEXTEg5EfEldxrrU
+ aZpNmTSmFbj2NLLCIfNBL/oLOvg9ElzhN+f+4jvakfEKi7Y7LekV25VVGrHbOEVE
+ 3G6XWfHx5qO5Vd6kqNWQKD3LG38aZ/Lx9XYDMbujYxPGCtOsabtAz8BKo/RgOZzi
+ 6A/54RFhdecJm0VoQk3iKpp2YqyCN6dLfJVLil4cREs4sW6nDyF4Y4l3dtZdfskq
+ m/MoZt6fwOjNIKuI9DGdU4/X1hQelnemstzxY5x1XwG52cz+ww0h7pMF2aggsHqn
+ Vmaq3b0fXrbn066Ybkbhz3UEIU9zKQGYaANGCnXxbvkd5lWbIN60GEXGE3zYJSAt
+ EH3FLDTGa27fTNgAnbdnSV40KWKN4FM0iY/xrt3aOXfneTP9S2fqzTVEL9vd04C/
+ 7RWvRjvZ7mlAi+kVKSHkOibFVjeo+Z4Pvw5YxCAavrjXCiWj8zP8o3MNWcq/bMao
+ Uk9zBMXymm8zX43w5LNnhf59oitBjiY/mzZ3NDI9N3szMvJsaUEnhO4Kq1CWtMs2
+ 6/TpEyRSmen1UmNwgKKFx3rELuctwMmNbOLL8cGLotEBhIk7vnZKD7NvLVX7xtOF
+ wzhy2N6a3ypB4XqM7dBzzAUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "yVT5nQstw+o5P0ZoBK81G7sL6nQEBwg42wyBn6ogZgK";
+ weight = null;
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "111";
+ aliases = [
+ "styx.w"
+ ];
+ wireguard.pubkey = ''
+ 0BZfd8f0pZMRfyoHrdYZY0cR5zfFvJcS8gQLn6xGuFs=
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
+ syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN";
+}
diff --git a/kartei/lass/tablet.nix b/kartei/lass/tablet.nix
new file mode 100644
index 000000000..ea7e5d007
--- /dev/null
+++ b/kartei/lass/tablet.nix
@@ -0,0 +1,16 @@
+{ r6, w6, ... }:
+{
+ consul = false;
+ nets = {
+ wiregrill = {
+ ip4.addr = "10.244.1.14";
+ ip6.addr = w6 "b";
+ aliases = [
+ "tablet.w"
+ ];
+ wireguard.pubkey = "eIafsxYEFCqmWNFon6ZsYXeDrK4X1UJ9KD0zmNZjgEI=";
+ };
+ };
+ external = true;
+ ci = false;
+}
diff --git a/kartei/lass/xerxes.nix b/kartei/lass/xerxes.nix
new file mode 100644
index 000000000..96f619a70
--- /dev/null
+++ b/kartei/lass/xerxes.nix
@@ -0,0 +1,52 @@
+{ r6, w6, ... }:
+{
+ consul = false;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.1.3";
+ ip6.addr = r6 "3";
+ aliases = [
+ "xerxes.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
+ MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
+ gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
+ /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
+ mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
+ X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
+ +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
+ hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
+ 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
+ H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
+ JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
+ hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
+ SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
+ 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
+ vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
+ Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
+ scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
+ jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
+ Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
+ /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
+ bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
+ sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "PRtxFg/zw8dmwEGEM+u28N5GWuGNiHSNlaieplVSqQK";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "3";
+ aliases = [
+ "xerxes.w"
+ ];
+ wireguard.pubkey = "UTm8B8YUVvBGqwwxAUMVFsVQFQGQ6jbcXAavZ8LxYT8=";
+ };
+ };
+ secure = true;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
+ syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
+}
diff --git a/kartei/lass/yellow.nix b/kartei/lass/yellow.nix
new file mode 100644
index 000000000..ebf824950
--- /dev/null
+++ b/kartei/lass/yellow.nix
@@ -0,0 +1,39 @@
+{ r6, w6, ... }:
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.14";
+ ip6.addr = r6 "3110";
+ aliases = [
+ "yellow.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
+ MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY
+ b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU
+ Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd
+ OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP
+ vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6
+ C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp
+ Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU
+ 52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg
+ zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p
+ DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ
+ Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "qZBhDSW6ir1/w6lOngg2feCZj9W9AfifEMlKXcOb5QE";
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "3110";
+ aliases = [
+ "yellow.w"
+ ];
+ wireguard.pubkey = "YeWbR3mW+nOVBE7bcNSzF5fjj9ppd8OGHBJqERAUVxU=";
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
+}
diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix
index f9997b2d2..bf49a1766 100644
--- a/kartei/makefu/default.nix
+++ b/kartei/makefu/default.nix
@@ -58,21 +58,18 @@ with import ../../lib;
in {
hosts = mapAttrs hostDefaults {
cake = rec {
- cores = 4;
ci = false;
nets = {
retiolum.ip4.addr = "10.243.136.236";
};
};
crapi = rec { # raspi1
- cores = 1;
ci = false;
nets = {
retiolum.ip4.addr = "10.243.136.237";
};
};
firecracker = {
- cores = 4;
nets = {
retiolum.ip4.addr = "10.243.12.12";
};
@@ -80,28 +77,24 @@ in {
studio = rec {
ci = false;
- cores = 4;
nets = {
retiolum.ip4.addr = "10.243.227.163";
};
};
fileleech = rec {
ci = false;
- cores = 4;
nets = {
retiolum.ip4.addr = "10.243.113.98";
};
};
tsp = {
ci = true;
- cores = 1;
nets = {
retiolum.ip4.addr = "10.243.0.212";
};
};
x = {
ci = true;
- cores = 4;
syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
nets = {
retiolum.ip4.addr = "10.243.0.91";
@@ -113,7 +106,6 @@ in {
};
filepimp = rec {
ci = false;
- cores = 1;
nets = {
retiolum.ip4.addr = "10.243.153.102";
};
@@ -121,7 +113,6 @@ in {
omo = rec {
ci = true;
- cores = 2;
syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
nets = {
retiolum = {
@@ -139,7 +130,6 @@ in {
};
wbob = rec {
ci = true;
- cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.214.15";
@@ -151,6 +141,12 @@ in {
};
};
};
+ # pixel3a
+ telex.nets.wiregrill = {
+ aliases = ["telex.w"];
+ ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address;
+ };
+
latte = rec {
ci = true;
extraZones = {
@@ -158,7 +154,6 @@ in {
latte.euer IN A ${nets.internet.ip4.addr}
'';
};
- cores = 4;
nets = rec {
internet = {
ip4.addr = "178.254.30.202";
@@ -240,7 +235,6 @@ in {
music.euer IN A ${nets.internet.ip4.addr}
'';
};
- cores = 8;
nets = rec {
internet = {
ip4.addr = "142.132.189.140";
@@ -296,7 +290,6 @@ in {
sdev = rec {
ci = true;
- cores = 1;
nets = {
retiolum.ip4.addr = "10.243.83.237";
};
@@ -306,7 +299,6 @@ in {
# non-stockholm
flap = rec {
- cores = 1;
extraZones = {
"krebsco.de" = ''
flap IN A ${nets.internet.ip4.addr}
@@ -326,7 +318,6 @@ in {
};
nukular = rec {
- cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.231.219";
@@ -336,17 +327,14 @@ in {
shackdev = rec { # router@shack
- cores = 1;
nets.wiregrill.ip4.addr = "10.244.245.2";
};
rockit = rec { # router@home
- cores = 1;
nets.wiregrill.ip4.addr = "10.244.245.3";
};
senderechner = rec {
- cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.0.163";
diff --git a/kartei/makefu/wiregrill/telex.pub b/kartei/makefu/wiregrill/telex.pub
new file mode 100644
index 000000000..12a42177e
--- /dev/null
+++ b/kartei/makefu/wiregrill/telex.pub
@@ -0,0 +1 @@
+T7Cr80dBbtPFCPdz4OS7whDlQJzn2Orclq5rLVtD+Ds=
diff --git a/kartei/others/default.nix b/kartei/others/default.nix
index 214880cb3..de0bd2f7f 100644
--- a/kartei/others/default.nix
+++ b/kartei/others/default.nix
@@ -43,7 +43,6 @@ in {
};
};
horisa = {
- cores = 2;
owner = config.krebs.users.ulrich; # main laptop
nets = {
retiolum = {
@@ -57,7 +56,6 @@ in {
};
};
hasegateway = {
- cores = 1;
owner = config.krebs.users.hase;
nets = {
#internet = {
@@ -343,7 +341,6 @@ in {
};
};
tpsw = {
- cores = 2;
owner = config.krebs.users.ciko; # main laptop
nets = {
retiolum = {
@@ -592,106 +589,6 @@ in {
syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC";
nets = {};
};
- catalonia = {
- owner = config.krebs.users.xkey;
- nets = {
- retiolum = {
- ip4.addr = "10.243.13.12";
- aliases = [ "catalonia.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
- gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA
- VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE
- Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e
- FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ
- HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3
- mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3
- zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6
- sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3
- ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf
- vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL";
- };
- };
- };
- sicily = {
- owner = config.krebs.users.xkey;
- nets = {
- retiolum = {
- ip4.addr = "10.243.161.1";
- aliases = [ "sicily.r" "mukke.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
- aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam
- xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod
- 1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/
- IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7
- KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC
- 7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L
- LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp
- T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB
- w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO
- 8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN";
- };
- };
- };
- rojava = {
- owner = config.krebs.users.xkey;
- nets = {
- retiolum = {
- ip4.addr = "10.243.23.42";
- aliases = [ "rojava.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
- B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
- HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
- Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
- lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
- +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
- 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
- vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
- HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
- XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
- yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
- };
- };
- };
- aland = {
- owner = config.krebs.users.xkey;
- nets = {
- retiolum = {
- ip4.addr = "10.243.12.34";
- aliases = [ "aland.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY
- CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU
- plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb
- DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx
- aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+
- OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1
- ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X
- TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa
- aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX
- zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf
- VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A";
- };
- };
- };
papawhakaaro = {
owner = config.krebs.users.feliks;
nets = {
@@ -857,10 +754,6 @@ in {
mail = "xq@shackspace.de";
pubkey = ssh-for "xq";
};
- xkey = {
- mail = "xkey@krebsco.de";
- pubkey = ssh-for "xkey";
- };
miaoski = {
};
filly = {
diff --git a/kartei/oxzi/default.nix b/kartei/oxzi/default.nix
new file mode 100644
index 000000000..a4d23b01a
--- /dev/null
+++ b/kartei/oxzi/default.nix
@@ -0,0 +1,62 @@
+{ config, ... }: let
+ lib = import ../../lib;
+in {
+ users.oxzi = {
+ mail = "post@0x21.biz";
+ };
+ hosts = {
+ ancha = {
+ owner = config.krebs.users.oxzi;
+ nets.retiolum = {
+ aliases = [
+ "ancha.oxzi.r"
+ "gosh.r"
+ ];
+ ip4.addr = "10.243.32.1";
+ ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "ancha"; }).address;
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA5RSP7nWZ1c04kvQBxoHqcdRKpJuRDzD3f0Nl2KhS7QsAqHJGdK7T
+ RrsoZcvJaKIFnlohJ4T1YpGGcXqShhTmKt3sm/0awLhD+zTE8lAlvEj+lnCkHls8
+ eXO+VDB5FelibW/wEnvdImxKBaSVt4RLmMyTuzS9xklEq8Q+wMvzJktnV3pWJjYX
+ /JBYQEUHlrqXldBlKGHkU1KhFZHD/wzV5Ybkku4w1BHrMUHJNwHpTshD/QBDiJFj
+ iRA3e3Jfpp3qj2uWetGuP7NlFpZCh/fSrTqkAE8uShcFlplbgJIEGz2pp644maqw
+ XxRWPH1Iy5NHwVz/GSzQ67vsEunRJjueFQk8gxnhjh/CAlmE9VdxfGQOkejBAq+X
+ zCbqyflLPPz3Qx56TVpmAOY4gma7sfsaYAv+zv2paUxFKBfZrEL5UNoIevV9kZDn
+ nDixTQ6cDxHt3yCVzvwqTTBktZ0mYom43lvKSUnihDrQL1u338labFPtsZTOK4bo
+ 687ToSUC6u80VcnMTZxPFYOgTMjdCZPo+j1bhzmCQQCzcStRSeKRta+LOYb73Tjz
+ M6CwC9uaHDxhtmysXpZ4Qp83tfU6h/AsBJJpBdpkyLYXTq+E32pIq6RtKFFQL00O
+ /e0DzUzSB30oKLW1i2ZxWRQMVqvNdKsyq4glI4eRjnRmrnXOwTb7Y2MCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "oLvC/Y3jfGH4a8mBbv9eCCWKsx32gDGW/iCyia/fuBD";
+ };
+ };
+ marohu = {
+ owner = config.krebs.users.oxzi;
+ nets.retiolum = {
+ aliases = [
+ "marohu.oxzi.r"
+ ];
+ ip4.addr = "10.243.32.2";
+ ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "marohu"; }).address;
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAxHLkvuH9JMXay/fEmoWTEqLHg9A50EzkxPVBn4nyezgp5vxsUqJz
+ Ys0VnO6jjgz9T6N8u0CaavsqFy+X48A/+uB5nd/nGDZNaeTg+HUdznT4OFAJEaDi
+ uQREDsR5ZwmpI534eESHMdn5LSb/+5CUgj2xsoOBxnukALm1YccPxR0PPibCm+Z1
+ P8r+1+nBgIPv+cknTXzhWMF/L7UOXuyV3Jmk1BIhwYmzWVes6idtIyJwoCbssoQT
+ cl21Czvhwx63o/QEa81qKeCK3AAAnMbp1tAxnzl7Wr/cSoBYRgSIZkOQPEUNHvpF
+ fT9UzZ3DZyAOMWNjqiK1M93VruFYer05qO3jGgumDey/9gLjP6GMjBw9jVDNY9yn
+ 8mOKz9dkrP3v/A96Uqp+w/lYO87YrxA+h9BYY4jyPngGh0DoXddHLHAKco39vbq8
+ 4vQRsK5QNgquF7O9aBDMSrFosk1VFedpZQwC2LaXcjtI3aMq3vIURTbuWkutAjAd
+ p9a5dRa62pWk41n6yLmalCkqnHoqVUaft9wZIxbcrDLUso7QxY6kFhjADSijnr5B
+ HrBXJhNLGVjBD/W++l2CJ+L4njmy4eGrOTBvIzosCMbtgMtfuu7WSQhsjxTwclbD
+ utT3hmgxDPZydsvzRMsLNvNQwUoiLAL4mz27V9hYcJTKPAbUL3y8h48CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "q/DIqHkb/8Qu7OrCXaBeuxkT9XNPmxo8uF3GkFFC6rJ";
+ };
+ };
+ };
+}
diff --git a/kartei/rtunreal/default.nix b/kartei/rtunreal/default.nix
index 5f00e3d45..faa593c63 100644
--- a/kartei/rtunreal/default.nix
+++ b/kartei/rtunreal/default.nix
@@ -15,13 +15,18 @@ let
ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
};
});
+ ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
in
{
users = rec {
- rtunreal = {
- # Mail is temporary as it will change in the future and I
- # don't want it to be semi permanent
- # mail: krebscotemp(a)user-sites[point]de
+ rtunreal = rtunreal-spinner;
+ rtunreal-spinner = {
+ mail = "unreal@rtinf.net";
+ pubkey = ssh-for "rtunreal.spinner";
+ };
+ rtunreal-runner = {
+ inherit (rtunreal-spinner) mail;
+ pubkey = ssh-for "rtunreal.runner";
};
};
hosts = mapAttrs hostDefaults {
@@ -47,5 +52,27 @@ in
tinc.pubkey_ed25519 = "eHWJxlhbUQY0rT2PLqbqb9W4hf7zHh3+gEIRaGrxAdB";
};
};
+ rtrunner = {
+ nets.retiolum = {
+ aliases = [ "runner.rtunreal.r" ];
+ ip4.addr = "10.243.20.22";
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwWSzslk21TbghFsEWk+A0FobqgxrYyyimzSw772OhIpDmCLd63Vr
+ x1A/ytEObngMgv/YDTZrp23uFo9uFipAIZPBFBPDPi3fa8OuaGY6MFP6961Ui30l
+ 4cHBfhuokfdDZxaARwsUtk3RgvFjQvF//Wgj6MIMg3lBMxr00/U3bhegkhP2NyT6
+ NCB9xbM6iJQyzOum49u0NHXUEkDzpHWm85CcyV4UTv+MQEnXU4l2irYFu+ArTPEn
+ dHqbKBd8lPuLTH1ehiOTh85qC/KV36jHWwmguR96aVEplrFMgV43VnpJj5jLa1NQ
+ n00JiCkCVf89LkAz4ZXtQ+5cvDRSWQGYql+J3KJ28YynLPOIlVlEJ+HjhaSQT/3O
+ qiREOjp2KPpnSoY5561J2LfmL+shpsVzyFxO+2P0K2bE5K66LfTfmoLUiHKq4/SR
+ 8EPBZfwvMyWbL3vxngFhZKI01LMsf0YJxu9FWCOPa2X6B7JAxr1jMn0Uzw3ZvNnq
+ q6QK/sJhuM1/ddmCMofKYeOtfdunnboniFzI2QValuIdmlOi7nYNqy+gSrxRSWnJ
+ PTzGoJB9R4/PufSGJxUr7FCRxSY/TN7fJF74YVG9iVz2ttEuwdUI3ORQVrORbpEI
+ wEtM64cb0Dt2WyB3Sit8UGtK59BPYJcU7PB+tMnNLynPzFdkj8gDZtsCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "YJE4KD9PhDjxucDAGrbec5Yqqf3A8/VU0J0NV8EPXuN";
+ };
+ };
};
}
diff --git a/kartei/rtunreal/ssh/rtunreal.runner.pub b/kartei/rtunreal/ssh/rtunreal.runner.pub
new file mode 100644
index 000000000..401941d8d
--- /dev/null
+++ b/kartei/rtunreal/ssh/rtunreal.runner.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOQJOT6cBwg5xXHR+zpS7+VMcx4F73Qm+X4cWaFqRp+g5ru0M/xb+T2icX189j0qWe3BwpftupzaHy7h4sZRTIcRGwlu8LRGFY1WpL8ftgvWCG45ZD3Lp1nX3XpOfBTZD+XYoNOWVM4kuL/+wWYGQYKzo4Ui3kKFEPo0hrShN7GEMim76Xm3m7sldGW0vBzSk8DpLykDLt+RxrLeY2xGI112fjAVvaWn82KE+kflaQIF5XZNVPFqNTMvhRL+ZHTal1SeN3i2TdcbxV9DMLQ/s5bcSLatae/SMlYqNipTpX+lodBqc0d7e0LfwYJERkAHB0NX3TfQPB5tB8EReGMoOm2m0TPdIRGhaEAM5abB5cQr3KV/r2BAVTrcA6ij2f2GszVNNllhHQHvpv5RZUw8+htvFbaTv0Ww+3X1CY/B+hQQ9st4DIfC0o2or38BE1cn90mqfqvl1s/uplkX3ToYo8PU8j0SqVtBWNq/E7lHecTIZqUL5NX32xUnXvjmhZgtU= trr@runner
diff --git a/kartei/rtunreal/ssh/rtunreal.spinner.pub b/kartei/rtunreal/ssh/rtunreal.spinner.pub
new file mode 100644
index 000000000..79c83ea19
--- /dev/null
+++ b/kartei/rtunreal/ssh/rtunreal.spinner.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAWBFNy2N6Exx7tHlbUDXERJjT7PhIs+vZIWPmhh3qLieeC1tAOf9XcbgVGL3bAryyaCEr1s2bZ6rs2L1JgFFJEGE9TCbfl2dfJIslCPP4OmKxwciIo+T4eXbanGDV0hzW+/vvMyQeWcVT27BrANYR7R28nURmXa1aQ9nWdnHy1Evuv4fI/e+6o3AKEji6Spl5FHs3T9+5vrEwsdq7Mewbfel6gAb3xmp9DIR0Kz0QnitwwErcZYgA2o64C6DLNgsG2l1PrZxE3/MaB6FyzCyOfU8C0FovWlvmmOXkwFPZz1HN1KkKZKV50H4ffiN0cVSLBt6NW6s0v7TWhJyrbIEr trr@spinner
diff --git a/kartei/template/default.nix b/kartei/template/default.nix
new file mode 100644
index 000000000..2acf78d38
--- /dev/null
+++ b/kartei/template/default.nix
@@ -0,0 +1,20 @@
+{ config, ... }: let
+ lib = import ../../lib;
+in {
+ users.DUMMYUSER = {
+ mail = "DUMMYUSER@example.ork";
+ };
+ hosts.DUMMYHOST = {
+ owner = config.krebs.users.DUMMYUSER;
+ nets.retiolum = {
+ aliases = [ "DUMMYHOST.DUMMYUSER.r" ];
+ ip6.addr = (lib.krebs.genipv6 "retiolum" "DUMMYUSER" { hostName = "DUMMYHOST"; }).address;
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ DUMMYTINCPUBKEYRSA
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "DUMMYTINCPUBKEYED25519";
+ };
+ };
+}
diff --git a/kartei/tv/default.nix b/kartei/tv/default.nix
index e6cfedb02..005c26e88 100644
--- a/kartei/tv/default.nix
+++ b/kartei/tv/default.nix
@@ -40,7 +40,6 @@ in {
hosts = mapAttrs evalHost {
alnus = {
ci = true;
- cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.21.1";
@@ -64,7 +63,6 @@ in {
};
au = {
ci = true;
- cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.13.39";
@@ -89,7 +87,6 @@ in {
};
bu = {
ci = true;
- cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.13.36";
@@ -138,7 +135,6 @@ in {
};
mu = {
ci = true;
- cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.20.1";
@@ -169,8 +165,10 @@ in {
cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
+ search.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
+ search.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
krebsco.de. 60 IN MX 5 ni
- krebsco.de. 60 IN TXT v=spf1 mx -all
+ krebsco.de. 60 IN TXT "v=spf1 mx -all"
tv 300 IN NS ni
'';
};
@@ -196,6 +194,8 @@ in {
aliases = [
"ni.r"
"cgit.ni.r"
+ "krebs.ni.r"
+ "search.ni.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -226,7 +226,6 @@ in {
};
nomic = {
ci = true;
- cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.0.110";
@@ -252,7 +251,6 @@ in {
};
wu = {
ci = true;
- cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.13.37";
@@ -278,7 +276,6 @@ in {
};
querel = {
ci = true;
- cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.22.22";
@@ -309,14 +306,12 @@ in {
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
};
ci = true;
- cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.13.38";
aliases = [
"xu.r"
"cgit.xu.r"
- "krebs.xu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -336,7 +331,6 @@ in {
};
zu = {
ci = true;
- cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.13.40";
@@ -366,7 +360,7 @@ in {
"http://cgit.krebsco.de" = {
desc = "Git repositories";
};
- "http://krebs.xu.r" = {
+ "http://krebs.ni.r" = {
desc = "krebs-pages mirror";
};
};
diff --git a/kartei/xkey/default.nix b/kartei/xkey/default.nix
new file mode 100644
index 000000000..a8a6648ce
--- /dev/null
+++ b/kartei/xkey/default.nix
@@ -0,0 +1,126 @@
+with import ../../lib;
+{ config, ... }:
+let
+ maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else [];
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
+ ci = false;
+ external = true;
+ monitoring = false;
+ owner = config.krebs.users.kmein;
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum = {
+ ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ };
+ } // optionalAttrs (host.nets?wiregrill) {
+ nets.wiregrill = {
+ ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
+ };
+ });
+ ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
+in
+{
+ users = rec {
+ xkey = {
+ mail = "xkey@krebsco.de";
+ pubkey = ssh-for "xkey";
+ };
+ };
+ hosts = mapAttrs hostDefaults {
+ aland = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.12.34";
+ aliases = [ "aland.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY
+ CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU
+ plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb
+ DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx
+ aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+
+ OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1
+ ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X
+ TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa
+ aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX
+ zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf
+ VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A";
+ };
+ };
+ };
+ catalonia = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.13.12";
+ aliases = [ "catalonia.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
+ gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA
+ VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE
+ Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e
+ FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ
+ HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3
+ mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3
+ zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6
+ sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3
+ ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf
+ vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL";
+ };
+ };
+ };
+ rojava = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.23.42";
+ aliases = [ "rojava.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
+ B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
+ HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
+ Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
+ lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
+ +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
+ 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
+ vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
+ HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
+ XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
+ yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
+ };
+ };
+ };
+ sicily = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.161.1";
+ aliases = [ "sicily.r" "mukke.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
+ aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam
+ xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod
+ 1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/
+ IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7
+ KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC
+ 7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L
+ LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp
+ T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB
+ w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO
+ 8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN";
+ };
+ };
+ };
+ };
+}
diff --git a/kartei/xkey/ssh/xkey.pub b/kartei/xkey/ssh/xkey.pub
new file mode 100644
index 000000000..a50522fce
--- /dev/null
+++ b/kartei/xkey/ssh/xkey.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwyWKyTjg00x1M1PCDBXbixmdZObZiMLAW0f9KGFvC
diff --git a/krebs/0tests/data/test-config.nix b/krebs/0tests/data/test-config.nix
index f0927ddd9..33cb01245 100644
--- a/krebs/0tests/data/test-config.nix
+++ b/krebs/0tests/data/test-config.nix
@@ -8,7 +8,6 @@
];
krebs.hosts.minimal = {
- cores = 1;
secure = false;
};
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 02749dafe..9849937d5 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -14,6 +14,7 @@
<stockholm/krebs/2configs/mud.nix>
<stockholm/krebs/2configs/cal.nix>
+ <stockholm/krebs/2configs/mastodon.nix>
## shackie irc bot
<stockholm/krebs/2configs/shack/reaktor.nix>
@@ -21,6 +22,7 @@
krebs.build.host = config.krebs.hosts.hotdog;
krebs.github-hosts-sync.enable = true;
+ krebs.pages.enable = true;
boot.isContainer = true;
networking.useDHCP = false;
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix
index 8250ebad9..2f55995cf 100644
--- a/krebs/1systems/ponte/config.nix
+++ b/krebs/1systems/ponte/config.nix
@@ -7,5 +7,31 @@
<stockholm/krebs/2configs/matterbridge.nix>
];
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+ networking.firewall.logRefusedConnections = false;
+ networking.firewall.logRefusedUnicastsOnly = false;
+
+ # Move Internet-facing SSH port to reduce logspam.
+ networking.firewall.extraCommands = let
+ host = config.krebs.build.host;
+ in /* sh */ ''
+ iptables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22
+ iptables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22
+ iptables -t nat -A PREROUTING -d ${host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT
+ iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0
+
+ ip6tables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22
+ ip6tables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22
+ ip6tables -t nat -A PREROUTING -d ${host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT
+ ip6tables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0
+ '';
+
krebs.build.host = config.krebs.hosts.ponte;
+
+ krebs.pages.enable = true;
+ krebs.pages.nginx.addSSL = true;
+ krebs.pages.nginx.enableACME = true;
+
+ security.acme.acceptTerms = true;
+ security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de";
}
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index f4bd472a4..033cb94d1 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -110,7 +110,8 @@
<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/blackbox.nix>
#<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
- <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
+ # TODO: alertmanager 0.24+ supports telegram
+ # <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
];
krebs.build.host = config.krebs.hosts.puyak;
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 38d770316..fffe128e6 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -27,9 +27,6 @@ with import <stockholm/lib>;
];
console.keyMap = "us";
- i18n = {
- defaultLocale = lib.mkForce "C";
- };
programs.ssh.startAgent = false;
@@ -60,4 +57,7 @@ with import <stockholm/lib>;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
+
+ # maybe fix Error: unsupported locales detected:
+ i18n.defaultLocale = mkDefault "C.UTF-8";
}
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index c6c91e074..5435ea166 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,9 +5,10 @@
6667
];
- krebs.ergo = {
+ services.ergochat = {
enable = true;
- config = {
+ settings = {
+ server.name = "irc.r";
server.secure-nets = [
"42::0/16"
"10.240.0.0/12"
diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix
new file mode 100644
index 000000000..4d359c3fe
--- /dev/null
+++ b/krebs/2configs/mastodon-proxy.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+{
+ services.nginx = {
+ enable = true;
+ virtualHosts."social.krebsco.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ # TODO use this in 22.11
+ # recommendedProxySettings = true;
+ proxyPass = "http://hotdog.r";
+ proxyWebsockets = true;
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ '';
+ };
+ };
+ };
+}
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
new file mode 100644
index 000000000..145b383ed
--- /dev/null
+++ b/krebs/2configs/mastodon.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+{
+ services.postgresql = {
+ enable = true;
+ dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+ package = pkgs.postgresql_11;
+ };
+ systemd.tmpfiles.rules = [
+ "d /var/state/postgresql 0700 postgres postgres -"
+ ];
+
+ services.mastodon = {
+ enable = true;
+ localDomain = "social.krebsco.de";
+ configureNginx = true;
+ trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
+ smtp.createLocally = false;
+ smtp.fromAddress = "derp";
+ };
+
+ services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
+ forceSSL = lib.mkForce false;
+ enableACME = lib.mkForce false;
+ locations."@proxy".extraConfig = ''
+ proxy_redirect off;
+ proxy_pass_header Server;
+ proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+ '';
+ };
+
+ networking.firewall.allowedTCPPorts = [
+ 80
+ ];
+
+ environment.systemPackages = [
+ (pkgs.writers.writeDashBin "tootctl" ''
+ sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+ '')
+ (pkgs.writers.writeDashBin "create-mastodon-user" ''
+ set -efu
+ nick=$1
+ /run/current-system/sw/bin/tootctl accounts create "$nick" --email "$nick"@krebsco.de --confirmed
+ /run/current-system/sw/bin/tootctl accounts approve "$nick"
+ '')
+ ];
+}
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 3649aeeea..d6c6371da 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -68,8 +68,8 @@
wantedBy = [ "multi-user.target" ];
};
- krebs.ergo.openFilesLimit = 16384;
- krebs.ergo.config = {
+ services.ergochat.openFilesLimit = 16384;
+ services.ergochat.settings = {
limits.nicklen = 100;
limits.identlen = 100;
history.enabled = false;
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 13b59fa82..11aaf876a 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -64,8 +64,7 @@ let
pkgs.curl
pkgs.stable-generate
]}
- stable_url=$(stable-generate "$@")
- paste_url=$(curl -Ss "$stable_url" |
+ paste_url=$(stable-generate "$@" |
curl -Ss http://p.r --data-binary @- |
tail -1
)
@@ -73,6 +72,22 @@ let
'';
};
};
+ interrogate = {
+ pattern = "^!interrogate (.*)$";
+ activate = "match";
+ arguments = [1];
+ command = {
+ filename = pkgs.writeDash "interrogate" ''
+ set -efux
+
+ export PATH=${makeBinPath [
+ pkgs.stable-interrogate
+ ]}
+ caption=$(stable-interrogate "$@")
+ echo "$_from: $caption"
+ '';
+ };
+ };
confuse_hackint = {
pattern = "^!confuse (.*)$";
@@ -87,8 +102,7 @@ let
pkgs.stable-generate
]}
case $_msgtarget in \#*)
- stable_url=$(stable-generate "$@")
- paste_url=$(curl -Ss "$stable_url" |
+ paste_url=$(stable-generate "$@" |
curl -Ss https://p.krebsco.de --data-binary @- |
tail -1
)
@@ -132,7 +146,7 @@ let
command = 1;
arguments = [2];
env.TASKDATA = "${stateDir}/${name}";
- commands = {
+ commands = rec {
add.filename = pkgs.writeDash "${name}-task-add" ''
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1"
'';
@@ -145,6 +159,7 @@ let
delete.filename = pkgs.writeDash "${name}-task-delete" ''
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1"
'';
+ del = delete;
done.filename = pkgs.writeDash "${name}-task-done" ''
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1"
'';
@@ -289,7 +304,18 @@ let
longitude=$(echo "$poi" | jq -r .longitude)
fi
- restaurant=$(osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude")
+ for api_endpoint in \
+ https://lz4.overpass-api.de/api/interpreter \
+ https://z.overpass-api.de/api/interpreter \
+ https://maps.mail.ru/osm/tools/overpass/api/interpreter \
+ https://overpass.openstreetmap.ru/api/interpreter \
+ https://overpass.kumi.systems/api/interpreter
+ do
+ restaurant=$(osm-restaurants --endpoint "$api_endpoint" --radius "$2" --latitude "$latitude" --longitude "$longitude")
+ if [ "$?" -eq 0 ]; then
+ break
+ fi
+ done
printf '%s' "$restaurant" | tail -1 | jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"'
'';
};
@@ -297,6 +323,7 @@ let
bedger-add
bedger-balance
hooks.sed
+ interrogate
say
(generators.command_hook {
inherit (commands) dance random-emoji nixos-version;
diff --git a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix b/krebs/2configs/shack/prometheus/alertmanager-telegram.nix
deleted file mode 100644
index 8527001cb..000000000
--- a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ pkgs, ...}:
-{
- systemd.services.alertmanager-bot-telegram = {
- wantedBy = [ "multi-user.target" ];
- after = [ "ip-up.target" ];
- serviceConfig = {
- EnvironmentFile = toString <secrets/shack/telegram_bot.env>;
- DynamicUser = true;
- StateDirectory = "alertbot";
- ExecStart = ''${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \
- --alertmanager.url=http://alert.prometheus.shack --log.level=info \
- --store=bolt --bolt.path=/var/lib/alertbot/bot.db \
- --listen.addr="0.0.0.0:16320" \
- --template.paths=${./templates}/shack.tmpl'';
- };
- };
-}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 70fc05813..bff7e135f 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -7,6 +7,7 @@ let
out = {
imports = [
../../kartei
+ ../../submodules/disko/module.nix
./acl.nix
./airdcpp.nix
./announce-activation.nix
@@ -20,7 +21,6 @@ let
./ci
./current.nix
./dns.nix
- ./ergo.nix
./exim-retiolum.nix
./exim-smarthost.nix
./exim.nix
@@ -35,6 +35,7 @@ let
./iptables.nix
./kapacitor.nix
./konsens.nix
+ ./krebs-pages.nix
./monit.nix
./nixpkgs.nix
./on-failure.nix
@@ -49,6 +50,7 @@ let
./secret.nix
./setuid.nix
./shadow.nix
+ ./sitemap.nix
./ssl.nix
./sync-containers.nix
./systemd.nix
@@ -56,6 +58,7 @@ let
./tinc_graphs.nix
./upstream
./urlwatch.nix
+ ./users.nix
./xresources.nix
./zones.nix
];
@@ -66,15 +69,6 @@ let
api = {
enable = mkEnableOption "krebs";
- users = mkOption {
- type = with types; attrsOf user;
- };
-
- sitemap = mkOption {
- default = {};
- type = types.attrsOf types.sitemap.entry;
- };
-
zone-head-config = mkOption {
type = with types; attrsOf str;
description = ''
@@ -91,10 +85,6 @@ let
@ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
IN NS ns19.ovh.net.
IN NS dns19.ovh.net.
- IN A 185.199.108.153
- IN A 185.199.109.153
- IN A 185.199.110.153
- IN A 185.199.111.153
'';
};
};
@@ -102,28 +92,6 @@ let
imp = lib.mkMerge [
{
- krebs.dns.providers = {
- "krebsco.de" = "zones";
- shack = "hosts";
- i = "hosts";
- r = "hosts";
- w = "hosts";
- };
-
- krebs.dns.search-domain = mkDefault "r";
-
- krebs.users = {
- krebs = {
- home = "/krebs";
- mail = "spam@krebsco.de";
- };
- root = {
- home = "/root";
- pubkey = config.krebs.build.host.ssh.pubkey;
- uid = 0;
- };
- };
-
services.openssh.hostKeys =
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) [privkey];
diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix
index 8acc4ccd8..8a74d3067 100644
--- a/krebs/3modules/dns.nix
+++ b/krebs/3modules/dns.nix
@@ -1,12 +1,21 @@
with import <stockholm/lib>;
-{
+{ config, ... }: {
options = {
krebs.dns.providers = mkOption {
type = types.attrsOf types.str;
};
-
krebs.dns.search-domain = mkOption {
type = types.nullOr types.hostname;
};
};
+ config = mkIf config.krebs.enable {
+ krebs.dns.providers = {
+ "krebsco.de" = "zones";
+ shack = "hosts";
+ i = "hosts";
+ r = "hosts";
+ w = "hosts";
+ };
+ krebs.dns.search-domain = mkDefault "r";
+ };
}
diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix
deleted file mode 100644
index d5f167e79..000000000
--- a/krebs/3modules/ergo.nix
+++ /dev/null
@@ -1,133 +0,0 @@
-{ config, lib, options, pkgs, ... }: {
- options = {
- krebs.ergo = {
- enable = lib.mkEnableOption "Ergo IRC daemon";
- openFilesLimit = lib.mkOption {
- type = lib.types.int;
- default = 1024;
- description = ''
- Maximum number of open files. Limits the clients and server connections.
- '';
- };
- config = lib.mkOption {
- type = (pkgs.formats.json {}).type;
- description = ''
- Ergo IRC daemon configuration file.
- https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml
- '';
- default = {
- network = {
- name = "krebstest";
- };
- server = {
- name = "${config.networking.hostName}.r";
- listeners = {
- ":6667" = {};
- };
- casemapping = "permissive";
- enforce-utf = true;
- lookup-hostnames = false;
- ip-cloaking = {
- enabled = false;
- };
- forward-confirm-hostnames = false;
- check-ident = false;
- relaymsg = {
- enabled = false;
- };
- max-sendq = "1M";
- ip-limits = {
- count = false;
- throttle = false;
- };
- };
- datastore = {
- autoupgrade = true;
- path = "/var/lib/ergo/ircd.db";
- };
- accounts = {
- authentication-enabled = true;
- registration = {
- enabled = true;
- allow-before-connect = true;
- throttling = {
- enabled = true;
- duration = "10m";
- max-attempts = 30;
- };
- bcrypt-cost = 4;
- email-verification.enabled = false;
- };
- multiclient = {
- enabled = true;
- allowed-by-default = true;
- always-on = "opt-out";
- auto-away = "opt-out";
- };
- };
- channels = {
- default-modes = "+ntC";
- registration = {
- enabled = true;
- };
- };
- limits = {
- nicklen = 32;
- identlen = 20;
- channellen = 64;
- awaylen = 390;
- kicklen = 390;
- topiclen = 390;
- };
- history = {
- enabled = true;
- channel-length = 2048;
- client-length = 256;
- autoresize-window = "3d";
- autoreplay-on-join = 0;
- chathistory-maxmessages = 100;
- znc-maxmessages = 2048;
- restrictions = {
- expire-time = "1w";
- query-cutoff = "none";
- grace-period = "1h";
- };
- retention = {
- allow-individual-delete = false;
- enable-account-indexing = false;
- };
- tagmsg-storage = {
- default = false;
- whitelist = [
- "+draft/react"
- "+react"
- ];
- };
- };
- };
- };
- };
- };
- config = let
- cfg = config.krebs.ergo;
- configFile = pkgs.writeJSON "ergo.conf" cfg.config;
- in lib.mkIf cfg.enable ({
- environment.etc."ergo.yaml".source = configFile;
- krebs.ergo.config =
- lib.mapAttrsRecursive (_: lib.mkDefault) options.krebs.ergo.config.default;
- systemd.services.ergo = {
- description = "Ergo IRC daemon";
- wantedBy = [ "multi-user.target" ];
- # reload currently not working as expected
- # reloadIfChanged = true;
- restartTriggers = [ configFile ];
- serviceConfig = {
- ExecStart = "${pkgs.ergochat}/bin/ergo run --conf /etc/ergo.yaml";
- ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
- DynamicUser = true;
- StateDirectory = "ergo";
- LimitNOFILE = "${toString cfg.openFilesLimit}";
- };
- };
- });
-}
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index fe149448b..7c176d224 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -12,6 +12,8 @@ let
api = {
enable = mkEnableOption "krebs.exim-smarthost";
+ enableSPFVerification = mkEnableOption "SPF verification";
+
authenticators = mkOption {
type = types.attrsOf types.str;
default = {};
@@ -123,10 +125,12 @@ let
# XXX We abuse local_domains to mean "domains, we're the gateway for".
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
+ domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains}
hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts}
- acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
+ acl_smtp_mail = acl_check_mail
+ acl_smtp_rcpt = acl_check_rcpt
never_users = root
@@ -173,11 +177,46 @@ let
acl_check_data:
warn
- sender_domains = ${concatStringsSep ":" cfg.sender_domains}
+ sender_domains = +sender_domains
set acl_m_special_dom = $sender_address_domain
accept
+ acl_check_mail:
+ ${if cfg.enableSPFVerification then indent /* exim */ ''
+ accept
+ authenticated = *
+ accept
+ hosts = +relay_from_hosts
+ deny
+ spf = fail : softfail
+ log_message = spf=$spf_result
+ message = SPF validation failed: \
+ $sender_host_address is not allowed to send mail from \
+ ''${if def:sender_address_domain\
+ {$sender_address_domain}\
+ {$sender_helo_name}}
+ deny
+ spf = permerror
+ log_message = spf=$spf_result
+ message = SPF validation failed: \
+ syntax error in SPF record(s) for \
+ ''${if def:sender_address_domain\
+ {$sender_address_domain}\
+ {$sender_helo_name}}
+ defer
+ spf = temperror
+ log_message = spf=$spf_result; deferred
+ message = temporary error during SPF validation; \
+ please try again later
+ warn
+ spf = none : neutral
+ log_message = spf=$spf_result
+ accept
+ add_header = $spf_received
+ '' else indent /* exim */ ''
+ accept
+ ''}
begin routers
diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix
index ae0136303..bd1bb1652 100644
--- a/krebs/3modules/hosts.nix
+++ b/krebs/3modules/hosts.nix
@@ -11,7 +11,7 @@ in {
};
};
- config = {
+ config = mkIf config.krebs.enable {
networking.hosts =
filterAttrs
(_name: value: value != [])
diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix
index 375e26974..b760ea671 100644
--- a/krebs/3modules/htgen.nix
+++ b/krebs/3modules/htgen.nix
@@ -2,6 +2,12 @@
with import <stockholm/lib>;
let
+ optionalAttr = name: value:
+ if name != null then
+ { ${name} = value; }
+ else
+ {};
+
cfg = config.krebs.htgen;
out = {
@@ -30,8 +36,15 @@ let
};
script = mkOption {
- type = types.str;
+ type = types.nullOr types.str;
+ default = null;
+ };
+
+ scriptFile = mkOption {
+ type = types.nullOr (types.either types.package types.pathname);
+ default = null;
};
+
user = mkOption {
type = types.user;
default = {
@@ -54,8 +67,10 @@ let
after = [ "network.target" ];
environment = {
HTGEN_PORT = toString htgen.port;
- HTGEN_SCRIPT = htgen.script;
- };
+ }
+ // optionalAttr "HTGEN_SCRIPT" htgen.script
+ // optionalAttr "HTGEN_SCRIPT_FILE" htgen.scriptFile
+ ;
serviceConfig = {
SyslogIdentifier = "htgen";
User = htgen.user.name;
diff --git a/krebs/3modules/krebs-pages.nix b/krebs/3modules/krebs-pages.nix
new file mode 100644
index 000000000..6dd046a8b
--- /dev/null
+++ b/krebs/3modules/krebs-pages.nix
@@ -0,0 +1,46 @@
+{ config, modulesPath, pkgs, ... }: let
+ cfg = config.krebs.pages;
+ lib = import ../../lib;
+ extraTypes.nginx-vhost = lib.types.submodule (
+ lib.recursiveUpdate
+ (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix")
+ { inherit config lib; })
+ {}
+ );
+in {
+ options.krebs.pages = {
+ enable = lib.mkEnableOption "krebs-pages";
+ domain = lib.mkOption {
+ type = lib.types.hostname;
+ default = "krebsco.de";
+ };
+ nginx = lib.mkOption {
+ type = extraTypes.nginx-vhost;
+ default = {};
+ example = lib.literalExpression /* nix */ ''
+ {
+ # To enable encryption and let let's encrypt take care of certificate
+ enableACME = true;
+ forceSSL = true;
+ }
+ '';
+ description = lib.mkDoc ''
+ With this option, you can customize the nginx virtualHost settings.
+ '';
+ };
+ package = lib.mkOption {
+ type = lib.types.package;
+ default = pkgs.krebs-pages;
+ };
+ };
+ config = lib.mkIf cfg.enable {
+ services.nginx = {
+ enable = lib.mkDefault true;
+ virtualHosts.${cfg.domain} = lib.mkMerge [ cfg.nginx {
+ root = lib.mkForce cfg.package;
+ locations."= /ip".return = "200 $remote_addr";
+ locations."= /redirect".return = "301 /redirect";
+ }];
+ };
+ };
+}
diff --git a/krebs/3modules/sitemap.nix b/krebs/3modules/sitemap.nix
new file mode 100644
index 000000000..ec2179db1
--- /dev/null
+++ b/krebs/3modules/sitemap.nix
@@ -0,0 +1,8 @@
+let
+ lib = import ../../lib;
+in {
+ options.krebs.sitemap = lib.mkOption {
+ type = with lib.types; attrsOf sitemap.entry;
+ default = {};
+ };
+}
diff --git a/krebs/3modules/ssl.nix b/krebs/3modules/ssl.nix
index 3a9b5d329..8cbd8dcce 100644
--- a/krebs/3modules/ssl.nix
+++ b/krebs/3modules/ssl.nix
@@ -5,26 +5,7 @@ in {
rootCA = lib.mkOption {
type = lib.types.str;
readOnly = true;
- default = ''
- -----BEGIN CERTIFICATE-----
- MIIC0jCCAjugAwIBAgIJAKeARo6lDD0YMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD
- VQQGEwJaWjESMBAGA1UECAwJc3RhdGVsZXNzMRAwDgYDVQQKDAdLcmVic2NvMQsw
- CQYDVQQLDAJLTTEWMBQGA1UEAwwNS3JlYnMgUm9vdCBDQTEnMCUGCSqGSIb3DQEJ
- ARYYcm9vdC1jYUBzeW50YXgtZmVobGVyLmRlMB4XDTE0MDYxMTA4NTMwNloXDTM5
- MDIwMTA4NTMwNlowgYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3Mx
- EDAOBgNVBAoMB0tyZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBS
- b290IENBMScwJQYJKoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUw
- gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMs/WNyeQziccllLqom7bfCjlh6/
- /qx9p6UOqpw96YOOT3sh/mNSBLyNxIUJbWsU7dN5hT7HkR7GwzpfKDtudd9qiZeU
- QNYQ+OL0HdOnApjdPqdspZfKxKTXyC1T1vJlaODsM1RBrjLK9RUcQZeNhgg3iM9B
- HptOCrMI2fjCdZuVAgMBAAGjUDBOMB0GA1UdDgQWBBSKeq01+rAwp7yAXwzlwZBo
- 3EGVLzAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGVLzAMBgNVHRMEBTAD
- AQH/MA0GCSqGSIb3DQEBBQUAA4GBAIWIffZuQ43ddY2/ZnjAxPCRpM3AjoKIwEj9
- GZuLJJ1sB9+/PAPmRrpmUniRkPLD4gtmolDVuoLDNAT9os7/v90yg5dOuga33Ese
- 725musUbhEoQE1A1oVHrexBs2sQOplxHKsVXoYJp2/trQdqvaNaEKc3EeVnzFC63
- 80WiO952
- -----END CERTIFICATE-----
- '';
+ default = builtins.readFile ../6assets/krebsRootCA.crt;
};
intermediateCA = lib.mkOption {
type = lib.types.str;
diff --git a/krebs/3modules/users.nix b/krebs/3modules/users.nix
new file mode 100644
index 000000000..c1ad4b44b
--- /dev/null
+++ b/krebs/3modules/users.nix
@@ -0,0 +1,20 @@
+{ config, ... }: let
+ lib = import ../../lib;
+in {
+ options.krebs.users = lib.mkOption {
+ type = with lib.types; attrsOf user;
+ };
+ config = lib.mkIf config.krebs.enable {
+ krebs.users = {
+ krebs = {
+ home = "/krebs";
+ mail = "spam@krebsco.de";
+ };
+ root = {
+ home = "/root";
+ pubkey = config.krebs.build.host.ssh.pubkey;
+ uid = 0;
+ };
+ };
+ };
+}
diff --git a/krebs/5pkgs/simple/generate-secrets/default.nix b/krebs/5pkgs/simple/generate-secrets/default.nix
index f9a7450f7..a3c9f67c5 100644
--- a/krebs/5pkgs/simple/generate-secrets/default.nix
+++ b/krebs/5pkgs/simple/generate-secrets/default.nix
@@ -23,7 +23,6 @@ pkgs.writers.writeDashBin "generate-secrets" ''
cat <<EOF
$HOSTNAME = {
- cores = 1;
owner = config.krebs.users.krebs;
nets = {
retiolum = {
diff --git a/krebs/5pkgs/simple/git-assembler.nix b/krebs/5pkgs/simple/git-assembler.nix
new file mode 100644
index 000000000..095dddf0f
--- /dev/null
+++ b/krebs/5pkgs/simple/git-assembler.nix
@@ -0,0 +1,24 @@
+{ pkgs, stdenv }:
+
+stdenv.mkDerivation rec {
+ pname = "git-assembler";
+ version = "1.3";
+
+ src = pkgs.fetchFromGitLab {
+ owner = "wavexx";
+ repo = "git-assembler";
+ rev = "v${version}";
+ hash = "sha256-A+ygt6Fxiu6EkVoQU5L1rhxu2e1HU0nbqJFzLzXzHBo=";
+ };
+
+ buildInputs = [
+ pkgs.python3
+ ];
+
+ buildPhase = ":";
+
+ installPhase = ''
+ mkdir -p $out/bin
+ cp git-assembler $out/bin
+ '';
+}
diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix
index 14b6f4c58..1ee13783b 100644
--- a/krebs/5pkgs/simple/htgen/default.nix
+++ b/krebs/5pkgs/simple/htgen/default.nix
@@ -1,13 +1,12 @@
{ fetchgit, lib, pkgs, stdenv }:
stdenv.mkDerivation rec {
pname = "htgen";
- version = "1.3.1";
+ version = "1.4.0";
- #src = <htgen>;
src = fetchgit {
- url = "http://cgit.krebsco.de/htgen";
+ url = "https://cgit.krebsco.de/htgen";
rev = "refs/tags/${version}";
- sha256 = "0ml8kp89bwkrwy6iqclzyhxgv2qn9dcpwaafbmsr4mgcl70zx22r";
+ sha256 = "1k6xdr4g1p2wjiyizwh33ihw3azbar7kmhyxywcq0whpip9inpmj";
};
installPhase = ''
diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html
index e6b7034b3..68b2cbad6 100644
--- a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html
+++ b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html
@@ -24,19 +24,10 @@
}
</script>
<body>
- <p>
- <a href="http://krebscode.github.io/minikrebs/linuxtag">
- Linuxtag Heckenkrebs Presentation
- </a>
- </p>
- <p>
- <a href="http://krebscode.github.io/writeups">
- CTF Writeups
- </a>
- </p>
- <p>
- <a href="thesauron.html">
- Thesauron
- </a>
- </p>
+ <p><a href='https://cgit.krebsco.de/krops/about/'>krops</a></p>
+ <p><a href='https://github.com/krebs/cholerab/blob/master/thesauron.adoc'>Thesauron</a></p>
+ <p><a href='https://nixos.wiki/'>Project: The new NixOS wiki</a></p>
+ <p><a target="_blank" href="https://www.amazon.de/?&_encoding=UTF8&tag=krebscode06-21&linkCode=ur2&linkId=d4430b368b8aceeca92101cd4a4cdd1d&camp=1638&creative=6742">Go through this amazon affiliate link and generate krebsgold</a><img src="//ir-de.amazon-adsystem.com/e/ir?t=krebscode06-21&l=ur2&o=3" width="1" height="1" border="0" alt="" style="border:none !important; margin:0px !important;" /></p>
+ <p> <a href="https://s.click.aliexpress.com/e/_A5luNt" target="_parent">Go through this aliexpress affiliate link and generate krebsgold</a></p>
+
</body>
diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html
deleted file mode 100644
index bcf1c5d48..000000000
--- a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html
+++ /dev/null
@@ -1,133 +0,0 @@
-<p>Cholerab n.
-[de]
-- Kunstwort aus Kollaboration und Cholera. Beschreibt den Zustand, dass
- Zusammenarbeit niemals gut, einfach und ohne Schmerzen funktioniert.
-- Teamwork-Plattform für Krebscode.</p>
-
-<p>eigentlich adv.
-[de]
-- Hinweis darauf, dass der Inhalt eines Satzes eine Soll-Realität beschreibt,
- die nicht der Fall ist.
-Antonym: tatsaechlich</p>
-
-<p>ghost n.
-[de]
-- Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen
- Festplatten) aber wohl nie wieder kommen wird.
-Siehe: Wiederbelebung</p>
-
-<p>KD;RP abbr. (pronounciation: kah-derp)
-[en]
-- Short for Krebs Darknet / Retiolum Prefix.</p>
-
-<p>krebs
-[de]
-- krebs ist ein soziales Experiment, eine Organisation, das zweit aelteste
- Softwareprojekt im Shack und viel verteilte infrastruktur.</p>
-
-<p>kremium
-[en]
-- coinage derived from the words premium and krebs
-see: broken
-usage: Reaktor ircbot has unfixed broken behavior since ever-&gt;&#8220;Kremium Software&#8221;</p>
-
-<p>KRI abbr. (pronounciation: [en] cry)
-[en]
-- Short for Krebs Request for Implementation.
- Derived from Scheme Requests for Implementation (SRFI).</p>
-
-<p>litterate programming n.
-[en]
-- any code that has not been proved mathematically.</p>
-
-<p>Nahziel n.
-[de]
-- Ziel mit höchst möglicher Priorität.</p>
-
-<p>Nahzielerfahrung n.
-[de]
-- das Erlebnis der (endgültigen) Nichterreichung eines Nahziels (obwohl
- nur noch wenig ((quasi-) infinitesimal viel) nötig gewesen wäre).</p>
-
-<p>parentheses of fear
-[en]
-- unnecessary parentheses, usually used when order of precedence is unknown.
- - Examples: 1 + (2 * 3)</p>
-
-<p>Protip n.
-[en]
-- (Probably vague) description how a task can be solved.
- - Antonym: Spoiler
- - Example:
- - To defeat the Cyberdaemon, shoot at it until it dies.
- - RTFM</p>
-
-<p>Punching Lemma n.
-[de]
-- Sozialer Druck zur Aufrechterhaltung der Ordnung in dem sozialen Geflaecht
- von Krebs</p>
-
-<p>ref, n.
-[en]
-- A reference like an URI, ISBN, name of a person, etc.</p>
-
-<p>reftrace, n.
-[en]
-- A stacktrace-like representation of refs that lead to some (any kind of)
- conclusion. Usually generated by a human. The conclusion can be either on
- the top or on the bottom of the stack. If the order is ambiguous, then it
- should be communicated explicitly.
- - Example: (conclusion first)
- - http://en.wikipedia.org/wiki/Stack_trace
- - google &#8220;stacktrace&#8221; (first entry / 2014&#8211;12&#8211;05T12:13:58Z)
- - think about some example [this could be omitted, as it&#8217;s obvious&#8230;]</p>
-
-<p>Retiolum n.
-[en]
-- The official darknet of Krebs which utilizes the Retiolum Prefix to
- address individual nodes.</p>
-
-<p>Retiolum Prefix n.
-[en]
-- The universally accepted IPv6-prefix, 42::/16. Anyone can has a
- /128-subnet and, if require, anything larger.</p>
-
-<p>Retiolum Realtime Map n.
-[en]
-- The network map of the public visible part of Retiolum.</p>
-
-<p>RRM [abbr.][en]
-- Short for Retiolum Retiolum Map.</p>
-
-<p>Sanatorium n.
-[en]
-- The Krebs Control and Command Center.
-- An Retiolum-based IRC-channel where all Reaktor-enabled nodes gather
- and lurk for relevant input.</p>
-
-<p>Spoiler n.
-[en]
-- A subset of walkthrough, i.e. any individual steps may be omitted.
- - Antonym: Protip</p>
-
-<p>tatsaechlich, adv.
-[de]
-- Hinweis darauf, dass der Inhalt eines Satzes exakt der Realität entspricht.
-Antonym: eigentlich</p>
-
-<p>Verkrebsung n.
-[de]
-- Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs
- Komponente) auf einem beliebigem System.</p>
-
-<p>Walkthrough n.
-[en]
-- Description of the individual steps to complete a task.
- - Examples:
- - program code
- - small-step semantics</p>
-
-<p>Wiederbelebung n.
-[de]
-- Ein ghost wird im Darknet wieder erreichbar
-Siehe: ghost</p>
diff --git a/krebs/5pkgs/simple/passwdqc-utils/default.nix b/krebs/5pkgs/simple/passwdqc-utils/default.nix
index 4cc8d5b21..1def3167c 100644
--- a/krebs/5pkgs/simple/passwdqc-utils/default.nix
+++ b/krebs/5pkgs/simple/passwdqc-utils/default.nix
@@ -1,16 +1,17 @@
{ fetchurl, lib, stdenv
-, pam
+, libxcrypt
+, linux-pam
, wordset-file ? null, # set your own wordset-file
}:
stdenv.mkDerivation rec {
- name = "passwdqc-utils-${version}";
- version = "1.3.0";
- buildInputs = [ pam ];
+ pname = "passwdqc-utils";
+ version = "2.0.2";
+ buildInputs = [ libxcrypt linux-pam ];
src = fetchurl {
url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz";
- sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93";
+ hash = "sha256-/x9QV2TAIPakSEseDMT9vy4/cbUikm2QtHCRBMoGBKs=";
};
buildTargets = "utils";
diff --git a/krebs/5pkgs/simple/stable-generate/default.nix b/krebs/5pkgs/simple/stable-generate/default.nix
index fac261613..dc9c826f9 100644
--- a/krebs/5pkgs/simple/stable-generate/default.nix
+++ b/krebs/5pkgs/simple/stable-generate/default.nix
@@ -1,64 +1,32 @@
{ pkgs, lib, ... }:
-pkgs.writers.writeDashBin "stable-generate" ''
+pkgs.writers.writeBashBin "stable-generate" ''
set -efu
export PATH=${lib.makeBinPath [
+ pkgs.coreutils
pkgs.curl
pkgs.jq
]}
STABLE_URL=''${STABLE_URL:-http://stable-confusion.r}
- PAYLOAD=$(jq -cn --arg query "$*" '{fn_index: 51, data: [
- $query,
- "",
- "None",
- "None",
- 20, # sampling steps
- "Euler a", # sampling method
- false, # restore faces
- false,
- 1,
- 1,
- 7,
- -1,
- -1,
- 0,
- 0,
- 0,
- false,
- 512, #probably resolution
- 512, #probably resolution
- false,
- 0.7,
- 0,
- 0,
- "None",
- "",
- false,
- false,
- false,
- "",
- "Seed",
- "",
- "Nothing",
- "",
- true,
- false,
- false,
- null,
- "",
- ""], session_hash: "hello_this_is_dog"}')
+ PAYLOAD=$(jq -cn --arg prompt "$*" '{
+ prompt: $prompt
+ }')
- data=$(curl -Ssf "$STABLE_URL/run/predict/" \
+ filename=$(mktemp)
+ curl -Ssf "$STABLE_URL/sdapi/v1/txt2img" \
-X POST \
--Header 'Content-Type: application/json' \
- --data "$PAYLOAD"
- )
- export data
+ --data "$PAYLOAD" |
+ jq -r '.images[0]' |
+ base64 --decode > "$filename"
- filename=$(jq -rn 'env.data | fromjson.data[0][0].name')
-
- echo "$STABLE_URL/file=$filename"
+ if test -t 1; then
+ echo "$filename"
+ else
+ cat "$filename"
+ rm "$filename"
+ fi
''
diff --git a/krebs/5pkgs/simple/stable-interrogate/default.nix b/krebs/5pkgs/simple/stable-interrogate/default.nix
new file mode 100644
index 000000000..7cc7509eb
--- /dev/null
+++ b/krebs/5pkgs/simple/stable-interrogate/default.nix
@@ -0,0 +1,30 @@
+{ pkgs, lib, ... }:
+
+pkgs.writers.writeBashBin "stable-interrogate" ''
+ set -xefu
+ set -o pipefail
+
+ export PATH=${lib.makeBinPath [
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.jq
+ ]}
+
+ STABLE_URL=''${STABLE_URL:-http://stable-confusion.r}
+
+ (if test -e "$1"; then
+ cat "$1"
+ elif [[ "$1" =~ ^https?: ]]; then
+ curl -fSs "$1"
+ else
+ echo 'input not recognized' >&2
+ exit 1
+ fi) | base64 |
+ jq -Rsrc '{
+ image: .,
+ model: "deepdanbooru", # clip is broken right now :(
+ }' |
+ curl -Ssf "$STABLE_URL/sdapi/v1/interrogate" \
+ -X POST -H 'Content-Type: application/json' -d @- |
+ jq -r '.caption'
+''
diff --git a/krebs/5pkgs/simple/ukrepl.nix b/krebs/5pkgs/simple/ukrepl.nix
new file mode 100644
index 000000000..bdea4181f
--- /dev/null
+++ b/krebs/5pkgs/simple/ukrepl.nix
@@ -0,0 +1,11 @@
+{ lib, pkgs,stdenv }:
+let
+ src = pkgs.fetchFromGitHub {
+ owner = "makefu";
+ repo = "ukrepl";
+ rev = "0baa5cc4d5c3c17af704b69a800dd1f520ded8e3";
+ hash = "sha256:1lnhkf02f18fvf3l2fcszvs4x115lql17akabd5ph9ff9z33k8rv";
+ };
+in
+ pkgs.writers.writePython3Bin "ukrepl" {} (builtins.readFile (src + "/ukrepl"))
+
diff --git a/krebs/6assets/krebsAcmeCA.crt b/krebs/6assets/krebsAcmeCA.crt
index 1cd5aed0b..bf05b44f4 100644
--- a/krebs/6assets/krebsAcmeCA.crt
+++ b/krebs/6assets/krebsAcmeCA.crt
@@ -1,15 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICWTCCAcKgAwIBAgIQbAfVX2J0VIzhEYSPVAB4SzANBgkqhkiG9w0BAQsFADCB
+MIICWTCCAcKgAwIBAgIQIpBt0MsRpYd8LWNdb9MfITANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl
YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq
-hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMTAwODQ5
-MDZaFw0yMjEyMTAwODQ5MDZaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT
-BgcqhkjOPQIBBggqhkjOPQMBBwNCAATL8dNO7ajNe60Km7wHrG06tCUj5kQKWsrQ
-Ay7KX8zO+RwQpYhd/i4bqpeGkGWh8uHLZ+164FlZaLgHO10DRja5o4GAMH4wDgYD
-VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFMt9yJED
-mPRhXsrNZ0x+GtzjdnTLMB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv
-MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEANo/2
-teIuEsniwxVdqu+ukjqOXHIkBK7F91+G7BuDjBlx2U96v1MwsmT4D9upajERnOOD
-tLx990Sj4t3avRTpytt+qLeIMIxt62YksUXVjDWndqaDcEUat5ZVEQsZ0ZmjOHrA
-BaB65eU0xhJWKAZdk55GqHEFz3Ym4rx7WUaomzk=
+hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMjEyMDYxODI2
+MDhaFw0yMzEyMDYxODI2MDhaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAAT4KuemY4BowAbFjzCvi+PthBTWCtewnAbr
+qDSlA602QcuQVmqa1/3TaYag7KNDgeg5eshMRI9GN/boKTpgcLeZo4GAMH4wDgYD
+VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJYxArnj
+SEArwloaM5blBymFmcL2MB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv
+MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEAekCt
+XrKwanrcy6+k3YfXWGiMJ47Ys7Mfa5UfIs7QiXv74MgtklLsX63D27hKn5rd7wk4
+20wXLMhb8ofrKnO4mt0VFRSGm9/cq9N/c/uuf4hMzhAJmusgkn02GG+cafqZ9ab9
+MjLmveT9WHphmgQTnJPEeYP2U2faHKIp6Gwv5qc=
-----END CERTIFICATE-----
diff --git a/krebs/6assets/krebsRootCA.crt b/krebs/6assets/krebsRootCA.crt
new file mode 100644
index 000000000..3938c58b4
--- /dev/null
+++ b/krebs/6assets/krebsRootCA.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAjugAwIBAgIJAKeARo6lDD0YMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD
+VQQGEwJaWjESMBAGA1UECAwJc3RhdGVsZXNzMRAwDgYDVQQKDAdLcmVic2NvMQsw
+CQYDVQQLDAJLTTEWMBQGA1UEAwwNS3JlYnMgUm9vdCBDQTEnMCUGCSqGSIb3DQEJ
+ARYYcm9vdC1jYUBzeW50YXgtZmVobGVyLmRlMB4XDTE0MDYxMTA4NTMwNloXDTM5
+MDIwMTA4NTMwNlowgYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3Mx
+EDAOBgNVBAoMB0tyZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBS
+b290IENBMScwJQYJKoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMs/WNyeQziccllLqom7bfCjlh6/
+/qx9p6UOqpw96YOOT3sh/mNSBLyNxIUJbWsU7dN5hT7HkR7GwzpfKDtudd9qiZeU
+QNYQ+OL0HdOnApjdPqdspZfKxKTXyC1T1vJlaODsM1RBrjLK9RUcQZeNhgg3iM9B
+HptOCrMI2fjCdZuVAgMBAAGjUDBOMB0GA1UdDgQWBBSKeq01+rAwp7yAXwzlwZBo
+3EGVLzAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGVLzAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBBQUAA4GBAIWIffZuQ43ddY2/ZnjAxPCRpM3AjoKIwEj9
+GZuLJJ1sB9+/PAPmRrpmUniRkPLD4gtmolDVuoLDNAT9os7/v90yg5dOuga33Ese
+725musUbhEoQE1A1oVHrexBs2sQOplxHKsVXoYJp2/trQdqvaNaEKc3EeVnzFC63
+80WiO952
+-----END CERTIFICATE-----
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index a5d67f2fc..644192bbf 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "b457130e8a21608675ddf12c7d85227b22a27112",
- "date": "2022-11-16T11:03:19+00:00",
- "path": "/nix/store/jr123qfmrl53imi48naxh6zs486fqmz2-nixpkgs",
- "sha256": "16cjrr3np3f428lxw8yk6n2dqi7mg08zf6h6gv75zpw865jz44df",
+ "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
+ "date": "2022-12-11T09:33:23+00:00",
+ "path": "/nix/store/lmiwldi32kcc2qgm68swxgb3xzba0ayc-nixpkgs",
+ "sha256": "1hmx7hhjr74fqmxhb49yfyrpqhzwayrq48xwjv3a117czpb0gnjx",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index f836f63f9..17bffe634 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "6474d93e007e4d165bcf48e7f87de2175c93d10b",
- "date": "2022-11-16T11:41:31+01:00",
- "path": "/nix/store/z86f31carhz3sf78kn3lkyq748drgp63-nixpkgs",
- "sha256": "00swm7hz3fjyzps75bjyqviw6dqg2cc126wc7lcc1rjkpdyk5iwg",
+ "rev": "9d692a724e74d2a49f7c985132972f991d144254",
+ "date": "2022-12-16T13:36:40-05:00",
+ "path": "/nix/store/76wc0ymx7rw348hpl0bp0yb77sf40xd6-nixpkgs",
+ "sha256": "1byh49p3kwi6adb1izaalj2ab9disfzq1cx526gwgv20ilmphvnr",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh
index 59dbd91b5..97c069d86 100755
--- a/krebs/update-nixpkgs.sh
+++ b/krebs/update-nixpkgs.sh
@@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \
- --rev refs/heads/nixos-22.05' \
+ --rev refs/heads/nixos-22.11' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index d6943c110..9ef858e28 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -53,6 +53,7 @@ with import <stockholm/lib>;
services.xserver.enable = true;
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
+ services.tlp.enable = lib.mkForce false;
services.xserver.layout = "de";
}
{
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index dd479f267..6d0d177ec 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -41,6 +41,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/ppp/umts-stick.nix>
# <stockholm/lass/2configs/remote-builder/morpheus.nix>
# <stockholm/lass/2configs/remote-builder/prism.nix>
+ <stockholm/lass/2configs/autotether.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix
new file mode 100644
index 000000000..e4f9d2560
--- /dev/null
+++ b/lass/1systems/neoprism/config.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/libvirt.nix>
+ { # TODO make new hfos.nix out of this vv
+ users.users.riot = {
+ uid = pkgs.stockholm.lib.genid_uint31 "riot";
+ isNormalUser = true;
+ extraGroups = [ "libvirtd" ];
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
+ ];
+ };
+ # krebs.iptables.tables.filter.FORWARD.rules = [
+ # { v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; }
+ # { v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; }
+ # ];
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.neoprism;
+}
diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix
new file mode 100644
index 000000000..cf9a8cef4
--- /dev/null
+++ b/lass/1systems/neoprism/disk.nix
@@ -0,0 +1,116 @@
+{ lib, ... }:
+{
+ disk = (lib.genAttrs [ "/dev/nvme0n1" "/dev/nvme1n1" ] (disk: {
+ type = "disk";
+ device = disk;
+ content = {
+ type = "table";
+ format = "gpt";
+ partitions = [
+ {
+ name = "boot";
+ type = "partition";
+ start = "0";
+ end = "1M";
+ part-type = "primary";
+ flags = ["bios_grub"];
+ }
+ {
+ type = "partition";
+ name = "ESP";
+ start = "1M";
+ end = "1GiB";
+ fs-type = "fat32";
+ bootable = true;
+ content = {
+ type = "mdraid";
+ name = "boot";
+ };
+ }
+ {
+ type = "partition";
+ name = "zfs";
+ start = "1GiB";
+ end = "100%";
+ content = {
+ type = "zfs";
+ pool = "zroot";
+ };
+ }
+ ];
+ };
+ })) // {
+ hdd1 = {
+ type = "disk";
+ device = "/dev/sda";
+ content = {
+ type = "zfs";
+ pool = "tank";
+ };
+ };
+ };
+ mdadm = {
+ boot = {
+ type = "mdadm";
+ level = 1;
+ metadata = "1.0";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ };
+ };
+ };
+ zpool = {
+ zroot = {
+ type = "zpool";
+ mode = "mirror";
+ mountpoint = "/";
+ rootFsOptions = {
+ };
+ datasets.reserved = {
+ zfs_type = "filesystem";
+ options.refreservation = "1G";
+ };
+ };
+ tank = {
+ type = "zpool";
+ datasets = {
+ reserved = {
+ zfs_type = "filesystem";
+ options.refreservation = "1G";
+ };
+ containers = {
+ zfs_type = "filesystem";
+ mountpoint = "/var/lib/containers";
+ };
+ home = {
+ zfs_type = "filesystem";
+ mountpoint = "/home";
+ };
+ srv = {
+ zfs_type = "filesystem";
+ mountpoint = "/srv";
+ };
+ libvirt = {
+ zfs_type = "filesystem";
+ mountpoint = "/var/lib/libvirt";
+ };
+ # encrypted = {
+ # zfs_type = "filesystem";
+ # options = {
+ # mountpoint = "none";
+ # encryption = "aes-256-gcm";
+ # keyformat = "passphrase";
+ # keylocation = "prompt";
+ # };
+ # };
+
+ # "encrypted/download" = {
+ # zfs_type = "filesystem";
+ # mountpoint = "/var/download";
+ # };
+ };
+ };
+ };
+}
diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix
new file mode 100644
index 000000000..4ffb749f1
--- /dev/null
+++ b/lass/1systems/neoprism/physical.nix
@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+ imports = [
+ ./config.nix
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ disko.devices = import ./disk.nix;
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.efiSupport = true;
+ boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
+ boot.kernelModules = [ "kvm-amd" ];
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+ # networking config
+ boot.kernelParams = [ "net.ifnames=0" ];
+ networking.bridges."ext-br".interfaces = [ "eth0" ];
+ networking = {
+ hostId = "2283aaae";
+ defaultGateway = "95.217.192.1";
+ defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; };
+ # Use google's public DNS server
+ nameservers = [ "8.8.8.8" ];
+ interfaces.ext-br.ipv4.addresses = [
+ {
+ address = "95.217.192.59";
+ prefixLength = 26;
+ }
+ ];
+ interfaces.ext-br.ipv6.addresses = [
+ {
+ address = "2a01:4f9:4a:4f1a::1";
+ prefixLength = 64;
+ }
+ ];
+ };
+
+}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 7bffc39aa..594a21c02 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -111,6 +111,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/jitsi.nix>
<stockholm/lass/2configs/fysiirc.nix>
<stockholm/lass/2configs/bgt-bot>
+ <stockholm/lass/2configs/mumble-reminder.nix>
+ <stockholm/krebs/2configs/mastodon-proxy.nix>
{
services.tor = {
enable = true;
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 52d7a0f1f..ecf0337ed 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -1,6 +1,6 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
-{
+{ config, lib, pkgs, ... }: let
+ vpnIp = "85.202.81.161";
+in {
imports = [
<stockholm/lass>
<stockholm/lass/2configs>
@@ -11,6 +11,8 @@ with import <stockholm/lib>;
users.groups.download.members = [ "transmission" ];
+ networking.useHostResolvConf = false;
+ networking.useNetworkd = true;
systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ];
systemd.services.transmission.after = [ "openvpn-nordvpn.service" ];
services.transmission = {
@@ -167,13 +169,24 @@ with import <stockholm/lib>;
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
{ predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin
];
+ tables.filter.OUTPUT = {
+ policy = "DROP";
+ rules = [
+ { v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; }
+ { predicate = "-o tun0"; target = "ACCEPT"; }
+ { predicate = "-o retiolum"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; }
+ ];
+ };
};
services.openvpn.servers.nordvpn.config = ''
client
dev tun
proto udp
- remote 194.110.84.106 1194
+ remote ${vpnIp} 1194
resolv-retry infinite
remote-random
nobind
diff --git a/lass/2configs/autotether.nix b/lass/2configs/autotether.nix
new file mode 100644
index 000000000..98712303e
--- /dev/null
+++ b/lass/2configs/autotether.nix
@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+{
+ systemd.services.usb_tether = {
+ script = ''
+ ${pkgs.android-tools}/bin/adb -s QV770FAMEK wait-for-device
+ ${pkgs.android-tools}/bin/adb -s QV770FAMEK shell svc usb setFunctions rndis
+ '';
+ };
+ services.udev.extraRules = ''
+ ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="fce/320d/510", TAG+="systemd", ENV{SYSTEMD_WANTS}="usb_tether.service"
+ '';
+ systemd.network.networks.android = {
+ matchConfig.Name = "enp0s20u1";
+ DHCP = "yes";
+ };
+}
diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix
index 3e533fb74..a8dd3dd1d 100644
--- a/lass/2configs/c-base.nix
+++ b/lass/2configs/c-base.nix
@@ -1,97 +1,115 @@
{ config, lib, pkgs, ... }:
let
- inherit (import <stockholm/lib>) genid;
-
in {
- users.extraUsers = {
- cbasevpn = rec {
- name = "cbasevpn";
- uid = genid "cbasevpn";
- description = "user for running c-base openvpn";
- home = "/home/${name}";
- };
- };
-
- users.extraGroups.cbasevpn.gid = genid "cbasevpn";
-
environment.systemPackages = [
pkgs.cifs-utils
];
- services.openvpn.servers = {
- c-base = {
- config = ''
- client
- dev tap
- proto tcp
- remote vpn.ext.c-base.org 1194
- resolv-retry infinite
- nobind
- user cbasevpn
- group cbasevpn
- persist-key
- persist-tun
-
- auth-nocache
- #auth-user-pass
- auth-user-pass ${toString <secrets/cbase.txt>}
-
- comp-lzo
- verb 3
-
- #script-security 2
- #up /etc/openvpn/update-resolv-conf
- #down /etc/openvpn/update-resolv-conf
-
- <ca>
- -----BEGIN CERTIFICATE-----
- MIIDUjCCArugAwIBAgIJAOOk8EXgjsf5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
- BAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZj
- LWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJ
- ARYQYWRtYXhAYy1iYXNlLm9yZzAeFw0wOTAyMTMwOTE1MzdaFw0xOTAyMTEwOTE1
- MzdaMHoxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGlu
- MQ8wDQYDVQQKEwZjLWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEf
- MB0GCSqGSIb3DQEJARYQYWRtYXhAYy1iYXNlLm9yZzCBnzANBgkqhkiG9w0BAQEF
- AAOBjQAwgYkCgYEAt3wEgXbqFKxs8z/E4rv13hkRi6J+QdshNzntm7rTOmUsXKE7
- IEwoJSglrmsDPv4UqE86A7bjW7YYSFjhzxFRkTEHJanyOCF48ZPItVl7Eq7T81co
- uR+6lAhxnLDrwnPJCC83NzAa6lw8U1DsQRDkayKlrQrtZq6++pFFEvZvt1cCAwEA
- AaOB3zCB3DAdBgNVHQ4EFgQUqkSbdXS90+HtqXDeAI+PcyTSSHEwgawGA1UdIwSB
- pDCBoYAUqkSbdXS90+HtqXDeAI+PcyTSSHGhfqR8MHoxCzAJBgNVBAYTAkRFMQsw
- CQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZjLWJhc2UxGzAZ
- BgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhA
- Yy1iYXNlLm9yZ4IJAOOk8EXgjsf5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
- BQADgYEAOBANG1H4uEEWk3sbeQoSMeA3LFG1+6MgFGk2WAdeHYuV9GKYBq6/PLP5
- ffw+FNkiDjLSeSQO88vHYJr2V1v8n/ZoCIT+1VBcDWXTpGz0YxDI1iBauO3tUPzK
- wGs46RA/S0YwiZw64MaUHd88ZVadjKy9kNoO3w6/vpAS6s/Mh+o=
- -----END CERTIFICATE-----
- </ca>
- key-direction 1
- <tls-auth>
- #
- # 2048 bit OpenVPN static key
- #
- -----BEGIN OpenVPN Static key V1-----
- 5d49aa8c9cec18de7ab6e0b5cd09a368
- d3f1b8b77e055e448804fa0e14f487cb
- 491681742f96b54a23fb8639aa9ed14e
- c40b86a5546b888c4f3873f23c956e87
- 169076ec869127ffc85353fd5928871c
- da19776b79f723abb366fae6cdfe4ad6
- 7ef667b7d05a7b78dfd5ea1d2da276dc
- 5f6c82313fe9c1178c7256b8d1d081b0
- 4c80bc8f21add61fbc52c158579edc1d
- bbde230afb9d0e531624ce289a17098a
- 3261f9144a9a2a6f0da4250c9eed4086
- 187ec6fa757a454de743a349e32af193
- e9f8b49b010014bdfb3240d992f2f234
- 581d0ce05d4e07a2b588ad9b0555b704
- 9d5edc28efde59226ec8942feed690a1
- 2acd0c8bc9424d6074d0d495391023b6
- -----END OpenVPN Static key V1-----
- </tls-auth>
- '';
+ systemd.network.networks.c-base = {
+ matchConfig.Name = "c-base";
+ networkConfig = {
+ IgnoreCarrierLoss = "3s";
+ KeepConfiguration = "static";
+ DNS = "10.0.1.254";
+ Domains = "cbrp3.c-base.org";
};
+ routes = [
+ { routeConfig = {
+ Destination = "10.0.1.0/24";
+ Gateway = "172.31.77.1";
+ };}
+ { routeConfig = {
+ Destination = "91.102.9.99/32"; # vorstand.c-base.org
+ Gateway = "172.31.77.1";
+ };}
+ ];
+ };
+ services.openvpn.servers.c-base = {
+ config = ''
+ remote vpn.ext.c-base.org 1194
+ verify-x509-name vpn.ext.c-base.org name
+ client
+ proto udp
+ dev-type tun
+ dev c-base
+ resolv-retry infinite
+ nobind
+ # user openvpn
+ # group openvpn
+ persist-key
+ persist-tun
+ comp-lzo
+ # register-dns
+ # block-outside-dns
+ script-security 2
+ auth-user-pass ${toString <secrets/cbase.txt>}
+ #auth-user-pass
+ key-direction 1
+ <tls-auth>
+ #
+ # 2048 bit OpenVPN static key
+ #
+ -----BEGIN OpenVPN Static key V1-----
+ 54a66ed1048bed7508703347e89d68d6
+ 5586e6a5d1218cf8675941031d540be6
+ 993e07200a16ad3b770b659932ee71e5
+ f8080b5c9fa2acb3893abd40fad2552c
+ fdaf17565e617ae450efcccf5652dca5
+ a16419509024b075941098731eb25ac0
+ a64f963ece3dca1d2a64a9c5e17839d7
+ 5b5080165a9b2dc90ef111879d7d3173
+ 2d1027ae42d869394aca08da4472a9d0
+ 6b724b4ed43a957feef7d6dfc86da241
+ 74828fa0e1240941586f0d937cac32fc
+ 13cc81e7bed58817353d6afaff7e6a26
+ 4f9cc086af79c1cdca660d86e18cff96
+ 69dd3d392caf09a468894a8504f4cc7c
+ 7ae0072e6d9ad90b166ad13a39c57b3c
+ 3a869e27a1d89deb161c255227551713
+ -----END OpenVPN Static key V1-----
+ </tls-auth>
+ <ca>
+ -----BEGIN CERTIFICATE-----
+ MIIGsDCCBJigAwIBAgIJAPkM1l2zA306MA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD
+ VQQGEwJERTEPMA0GA1UEBxMGQmVybGluMRswGQYDVQQLExJ2cG4uZXh0LmMtYmFz
+ ZS5vcmcxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEbMBkGA1UEKRMSdnBu
+ LmV4dC5jLWJhc2Uub3JnMR8wHQYJKoZIhvcNAQkBFhBhZG1heEBjLWJhc2Uub3Jn
+ MB4XDTE2MDcwOTE4MjkyMFoXDTI2MDcxMDE4MjkyMFowgZYxCzAJBgNVBAYTAkRF
+ MQ8wDQYDVQQHEwZCZXJsaW4xGzAZBgNVBAsTEnZwbi5leHQuYy1iYXNlLm9yZzEb
+ MBkGA1UEAxMSdnBuLmV4dC5jLWJhc2Uub3JnMRswGQYDVQQpExJ2cG4uZXh0LmMt
+ YmFzZS5vcmcxHzAdBgkqhkiG9w0BCQEWEGFkbWF4QGMtYmFzZS5vcmcwggIiMA0G
+ CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXEs+uWCXLNmm+lgP9x7u3FqWa4pPI
+ h64c6EWIULMATrhEw+Ej4fpCXwU9otFaO04fAeJmZGkDcnAYdBDiCeI0luOSdj44
+ Bg9KecSei/TskqjhDVnEBp65hiz0rZE6c1baPdLYmD5xrXWb3i0zrlBYFawuL6C2
+ lwVCEm3cadvkDJ2DleMuu3NblV8ViIDN0HZqzJNP72g1I0MgohkpetACXlf7MzQV
+ PFHfzvb04Rj2lJ8BDhceQ0WmjtVV/Ag6nka5oi954OeHMujRuH+rZYiQZDZpJLHK
+ Kh1KWTVlWPRy+AvCi9lweDWSmLccq7Ug4xMtDF4I5qW3tjCd0xqpZ21Xmo2JyKtY
+ 4h8wEDPqiJvgwvkXsH17GLn5ZxiMcQuRJQYZqJephkzR9uccJeWSS76kwm/vLqG3
+ +eORlYnyjiNXtiMIhmAEFjpWUrGH8v4CijpUNP6E63ynGrRVXK684YQXkqL+xPAt
+ t6dsMBUwf94a2S1o2kgvuRCim1wlHvf1QsHrO/Hwgpzc8no/daWL+Z9Rq9okTHNK
+ nc1G5dv8TkmxIDYnLm07QMzzBoOT36BcGtkEBA+0xhQlX5PyQdM5/jnZVhdSBmoP
+ MbZXPoU/gJAIuuBuwdTlgCzYf44/9/YU/AnW8eLrbhm9KtMtoMpatrWorKqk/GPv
+ /lGNRQuNffrbiQIDAQABo4H+MIH7MB0GA1UdDgQWBBTf5cYbK+KCF9u9aobFlLbu
+ ilwX4jCBywYDVR0jBIHDMIHAgBTf5cYbK+KCF9u9aobFlLbuilwX4qGBnKSBmTCB
+ ljELMAkGA1UEBhMCREUxDzANBgNVBAcTBkJlcmxpbjEbMBkGA1UECxMSdnBuLmV4
+ dC5jLWJhc2Uub3JnMRswGQYDVQQDExJ2cG4uZXh0LmMtYmFzZS5vcmcxGzAZBgNV
+ BCkTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhAYy1i
+ YXNlLm9yZ4IJAPkM1l2zA306MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ ggIBAMs1moiS7UZ4neOivQjqwKrBbm1j3tgmPLhDfNMmXYarGhnBGAlLxLAQWtG+
+ Fnbx8KcsJnrsWcGfZcst1z45S4a5oBdVNKOfgkMOG0glZorIDO8Odrb51rpyzU0v
+ 0wcNumMNWhkFuo2OTBHPnnJIWEAFwwCCSCL0I0hQxxoaV36kphjuIwzrMJhd+XAT
+ 24En58cNp6sPRDd+FzOH08uFINevyzKWYxkMgVj+e3fbuiyOB8RqvndKvtfBBcpB
+ cCO86lGnj/ETMDciTczUShxaMn9wV1zr1KH1xvT3ohUeOcQZGbGTcjG4mxlns8ZO
+ U5J3Yrcd1eMfJq9Bwd3zPsTLnT8LwIS8vfYRav9b34XdqcBG73dhrjsicMK0Qy0z
+ Qz7vKJzcvrEnKuaMyB3mCxz/UvbNc2Bupwm4FmzN5eFjDs+7paYFdfOzqMjoRP+8
+ bcXSqDN5P2eUd7cdsZXaFNcsf1FkWlE3GudVBOmNJqz9zBab/T5J+l4Z90Pd6OUX
+ GNozEvLhcJkvPKA526TegHTGC8hMquxKc9tpOzNRqZJMFa+UG1mgMrMepRmM/B3s
+ QrKI1C11iCVYfb9J0tQUkfENHMx4J7mG2DZAhnKWQDU2awM41qU4A7aBYaJvDPnQ
+ RRcbaT0D794lKUQwH/mZuyKzF22oZNk1o1TV2SaFXqgX5tDt
+ -----END CERTIFICATE-----
+ </ca>
+ '';
};
}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 49a04e9c2..e649c0dea 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -69,7 +69,6 @@ with import <stockholm/lib>;
];
networking.hostName = config.krebs.build.host.name;
- nix.maxJobs = config.krebs.build.host.cores;
krebs = {
enable = true;
diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix
index 78d5ae0e9..d391e0d7b 100644
--- a/lass/2configs/libvirt.nix
+++ b/lass/2configs/libvirt.nix
@@ -1,8 +1,8 @@
{ config, lib, pkgs, ... }:
{
- users.users.mainUser.extraGroups = [ "libvirtd" ];
virtualisation.libvirtd.enable = true;
+ security.polkit.enable = true;
krebs.iptables.tables.filter.INPUT.rules = [
{ v6 = false; predicate = "-i virbr0 -p udp -m udp --dport 53"; target = "ACCEPT"; }
diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix
new file mode 100644
index 000000000..fe75a96a6
--- /dev/null
+++ b/lass/2configs/mumble-reminder.nix
@@ -0,0 +1,107 @@
+{ config, lib, pkgs, ... }: let
+ write_to_irc = chan: pkgs.writeDash "write_to_irc" ''
+ ${pkgs.curl}/bin/curl -fsSv --unix-socket '${lib.removePrefix "unix:" config.krebs.reaktor2.mumble-reminder.API.listen}' http://z/ \
+ -H content-type:application/json \
+ -d "$(${pkgs.jq}/bin/jq -n \
+ --arg text "$1" '{
+ command:"PRIVMSG",
+ params:["${chan}",$text]
+ }'
+ )"
+ '';
+ animals = ''
+ Erdferkel
+ Paviane
+ Raupen
+ Australischen Wildhunde
+ Emus
+ Flundern
+ Gorillas
+ Kolibris
+ Schwarzfersenantilopen
+ Quallen
+ Kois
+ Faulaffen
+ Schraubenziegen
+ Nachtigalle
+ Okapis
+ Stachelschweine
+ Kurzschwanzkängurus
+ Waschbären
+ '';
+ systemPlugin = {
+ plugin = "system";
+ config = {
+ hooks.PRIVMSG = [
+ {
+ pattern = "^erriner mich$";
+ activate = "match";
+ command = {
+ filename = pkgs.writeDash "add_remind" ''
+ echo "$_from" >> /var/lib/reaktor2-mumble-reminder/users
+ sort /var/lib/reaktor2-mumble-reminder/users | uniq > /var/lib/reaktor2-mumble-reminder/users.tmp
+ mv /var/lib/reaktor2-mumble-reminder/users.tmp /var/lib/reaktor2-mumble-reminder/users
+ echo "Ich werde $_from in zukunft an das meetup errinern"
+ '';
+ };
+ }
+ {
+ pattern = "^nerv nicht$";
+ activate = "match";
+ command = {
+ filename = pkgs.writeDash "add_remind" ''
+ ${pkgs.gnused}/bin/sed -i "/$_from/d" /var/lib/reaktor2-mumble-reminder/users
+ echo "okok, Ich werde $_from nich mehr errinern"
+ '';
+ };
+ }
+ ];
+ };
+ };
+
+in {
+ krebs.reaktor2.mumble-reminder = {
+ hostname = "irc.hackint.org";
+ nick = "lassulus__";
+ API.listen = "unix:/var/lib/reaktor2-mumble-reminder/reaktor_hackint.sock";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#krebs"
+ "#nixos"
+ ];
+ };
+ }
+ systemPlugin
+ ];
+ port = "6697";
+ };
+ systemd.services.mumble-reminder-nixos = {
+ description = "weekly reminder for nixos mumble";
+ startAt = "Thu *-*-* 19:00:00 Europe/Berlin";
+ serviceConfig = {
+ ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
+ animals='
+ ${animals}
+ '
+ ${write_to_irc "#nixos"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
+ ${write_to_irc "#nixos"} "kommt auf mumble://lassul.us"
+ '';
+ };
+ };
+ systemd.services.mumble-reminder-krebs = {
+ description = "weekly reminder for nixos mumble";
+ startAt = "Thu *-*-* 19:00:00 Europe/Berlin";
+ serviceConfig = {
+ ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
+ animals='
+ ${animals}
+ '
+ ${write_to_irc "#krebs"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
+ ${write_to_irc "#krebs"} "$(cat /var/lib/reaktor2-mumble-reminder/users | ${pkgs.findutils}/bin/xargs echo) : mumble?"
+ '';
+ };
+ };
+}
diff --git a/lass/2configs/radio/default.nix b/lass/2configs/radio/default.nix
index 2f503eae9..dfb3d7e0b 100644
--- a/lass/2configs/radio/default.nix
+++ b/lass/2configs/radio/default.nix
@@ -1,85 +1,54 @@
-{ config, pkgs, ... }:
-with pkgs.stockholm.lib;
+{ config, pkgs, lib, ... }:
let
name = "radio";
music_dir = "/home/radio/music";
- add_random = pkgs.writeDashBin "add_random" ''
- ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" \
- | grep -Ev '/other/|/.graveyard/' \
- | grep '\.ogg$' \
- | shuf -n1 \
- | sed 's,${music_dir}/,,' \
- )"
- '';
-
- get_current_track_position = pkgs.writeDash "get_current_track_position" ''
- ${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }'
- '';
-
- skip_track = pkgs.writeBashBin "skip_track" ''
+ skip_track = pkgs.writers.writeBashBin "skip_track" ''
set -eu
- ${add_random}/bin/add_random
- music_dir=${escapeShellArg music_dir}
- current_track=$(${pkgs.mpc_cli}/bin/mpc current -f %file%)
- track_infos=$(${print_current}/bin/print_current)
- skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$music_dir"/"$current_track" || echo 0)
- if [[ "$current_track" =~ ^the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then
- skip_count=$((skip_count+1))
- ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$music_dir"/"$current_track"
- echo skipping: "$track_infos" skip_count: "$skip_count"
- else
- mkdir -p "$music_dir"/the_playlist/.graveyard/
- mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/.graveyard/
- echo killing: "$track_infos"
- fi
- ${pkgs.mpc_cli}/bin/mpc -q next
+ # TODO come up with new rating, without moving files
+ # current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename)
+ # track_infos=$(${print_current}/bin/print_current)
+ # skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$current_track" || echo 0)
+ # if [[ "$current_track" =~ .*/the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then
+ # skip_count=$((skip_count+1))
+ # ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$current_track"
+ # echo skipping: "$track_infos" skip_count: "$skip_count"
+ # else
+ # mkdir -p "$music_dir"/the_playlist/.graveyard/
+ # mv "$current_track" "$music_dir"/the_playlist/.graveyard/
+ # echo killing: "$track_infos"
+ # fi
+ ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/skip |
+ ${pkgs.jq}/bin/jq -r '.filename'
'';
good_track = pkgs.writeBashBin "good_track" ''
set -eu
- music_dir=${escapeShellArg music_dir}
- current_track=$(${pkgs.mpc_cli}/bin/mpc current -f %file%)
+ current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename)
track_infos=$(${print_current}/bin/print_current)
- if [[ "$current_track" =~ ^the_playlist/music/.* ]]; then
- ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$music_dir"/"$current_track"
- else
- mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/music/ || :
- fi
+ # TODO come up with new rating, without moving files
+ # if [[ "$current_track" =~ .*/the_playlist/music/.* ]]; then
+ # ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$current_track"
+ # else
+ # mv "$current_track" "$music_dir"/the_playlist/music/ || :
+ # fi
echo good: "$track_infos"
'';
- track_youtube_link = pkgs.writeDash "track_youtube_link" ''
- ${pkgs.mpc_cli}/bin/mpc current -f %file% \
- | ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://www.youtube.com/watch?v=\1@'
- '';
-
print_current = pkgs.writeDashBin "print_current" ''
- echo "$(${pkgs.mpc_cli}/bin/mpc current -f %file%) \
- $(${track_youtube_link})"
- '';
-
- print_current_json = pkgs.writeDashBin "print_current_json" ''
- ${pkgs.jq}/bin/jq -n -c \
- --arg name "$(${pkgs.mpc_cli}/bin/mpc current)" \
- --arg artist "$(${pkgs.mpc_cli}/bin/mpc current -f %artist%)" \
- --arg title "$(${pkgs.mpc_cli}/bin/mpc current -f %title%)" \
- --arg filename "$(${pkgs.mpc_cli}/bin/mpc current -f %file%)" \
- --arg position "$(${get_current_track_position})" \
- --arg length "$(${pkgs.mpc_cli}/bin/mpc current -f %time%)" \
- --arg youtube "$(${track_youtube_link})" '{
- name: $name,
- artist: $artist,
- title: $title,
- filename: $filename,
- position: $position,
- length: $length,
- youtube: $youtube
- }'
+ file=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current |
+ ${pkgs.jq}/bin/jq -r '.filename' |
+ ${pkgs.gnused}/bin/sed 's,^${music_dir},,'
+ )
+ link=$(${pkgs.curl}/bin/curl http://localhost:8002/current |
+ ${pkgs.jq}/bin/jq -r '.filename' |
+ ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://youtu.be/\1@'
+ )
+ echo "$file": "$link"
'';
set_irc_topic = pkgs.writeDash "set_irc_topic" ''
@@ -113,15 +82,14 @@ in {
users.users = {
"${name}" = rec {
inherit name;
- createHome = mkForce false;
+ createHome = lib.mkForce false;
group = name;
- uid = genid_uint31 name;
+ uid = pkgs.stockholm.lib.genid_uint31 name;
description = "radio manager";
home = "/home/${name}";
useDefaultShell = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
- lass-mors.pubkey
];
};
};
@@ -131,50 +99,35 @@ in {
};
krebs.per-user.${name}.packages = with pkgs; [
- add_random
good_track
skip_track
print_current
- print_current_json
- ncmpcpp
- mpc_cli
];
- services.mpd = {
- enable = true;
- user = "radio";
- musicDirectory = "${music_dir}";
- dataDir = "/home/radio/state"; # TODO create this somwhere
- extraConfig = ''
- log_level "default"
- auto_update "yes"
- volume_normalization "yes"
-
- audio_output {
- type "httpd"
- name "raw radio"
- encoder "wave"
- port "7900"
- format "44100:16:2"
- always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
- tags "yes" # httpd supports sending tags to listening streams.
- }
- '';
+ services.liquidsoap.streams.radio = ./radio.liq;
+ systemd.services.radio = {
+ environment = {
+ RADIO_PORT = "8002";
+ HOOK_TRACK_CHANGE = pkgs.writers.writeDash "on_change" ''
+ set -xefu
+ LIMIT=1000 #how many tracks to keep in the history
+ HISTORY_FILE=/var/lib/radio/recent
+
+ listeners=$(${pkgs.curl}/bin/curl -fSs lassul.us:8000/status-json.xsl |
+ ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0)
+ echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE"
+ echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
+ ${set_irc_topic} "playing: $filename listeners: $listeners"
+ '';
+ MUSIC = "${music_dir}/the_playlist";
+ ICECAST_HOST = "localhost";
+ };
+ path = [
+ pkgs.yt-dlp
+ ];
+ serviceConfig.User = lib.mkForce "radio";
};
- services.liquidsoap.streams.radio-news = pkgs.writeText "radio-news.liq" ''
- source = mksafe(input.http("http://localhost:7900/raw.wave"))
-
- output.icecast(mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), source)
- output.icecast(mount = '/music.mp3', password = 'hackme', %mp3.vbr(), source)
- output.icecast(mount = '/music.opus', password = 'hackme', %opus(bitrate = 96), source)
-
- extra_input = amplify(1.4, audio_to_stereo(input.harbor("live", port=1338)))
- o = smooth_add(normal = source, special = extra_input)
- output.icecast(mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), o)
- output.icecast(mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), o)
- output.icecast(mount = '/radio.opus', password = 'hackme', %opus(bitrate = 96), o)
- '';
services.icecast = {
enable = true;
hostname = "radio.lassul.us";
@@ -195,73 +148,8 @@ in {
};
};
- systemd.timers.radio = {
- description = "radio autoadder timer";
- wantedBy = [ "timers.target" ];
-
- timerConfig = {
- OnCalendar = "*:0/1";
- };
- };
-
- systemd.services.radio = let
- autoAdd = pkgs.writeDash "autoAdd" ''
- LIMIT=$1 #in seconds
-
- timeLeft () {
- playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
- currentTime=$(${get_current_track_position})
- expr ''${playlistDuration:-0} - ''${currentTime:-0}
- }
-
- if test $(timeLeft) -le $LIMIT; then
- ${add_random}/bin/add_random
- fi
- ${pkgs.mpc_cli}/bin/mpc play > /dev/null
- '';
- in {
- description = "radio playlist autoadder";
- after = [ "network.target" ];
-
- restartIfChanged = true;
-
- serviceConfig = {
- ExecStart = "${autoAdd} 150";
- };
- };
-
- systemd.services.radio-recent = let
- recentlyPlayed = pkgs.writeDash "recentlyPlayed" ''
- set -xefu
- LIMIT=1000 #how many tracks to keep in the history
- HISTORY_FILE=/var/lib/radio/recent
- while :; do
- ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null
- ${pkgs.mpc_cli}/bin/mpc current -f %file%
- done | while read track; do
-
- listeners=$(${pkgs.curl}/bin/curl lassul.us:8000/status-json.xsl |
- ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add')
- echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE"
- echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
- ${set_irc_topic} "playing: $track listeners: $listeners"
- done
- '';
- in {
- description = "radio recently played";
- after = [ "mpd.service" "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- restartIfChanged = true;
-
- serviceConfig = {
- ExecStart = recentlyPlayed;
- User = "radio";
- };
- };
-
# allow reaktor2 to modify files
- systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = mkForce false;
+ systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = lib.mkForce false;
krebs.reaktor2.the_playlist = {
hostname = "irc.hackint.org";
@@ -300,6 +188,12 @@ in {
like.filename = "${good_track}/bin/good_track";
current.filename = "${print_current}/bin/print_current";
+ wish.filename = pkgs.writeDash "wish" ''
+ echo "youtube-dl:$1" | ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish -d @- > /dev/null
+ '';
+ wishlist.filename = pkgs.writeDash "wishlist" ''
+ ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish | ${pkgs.jq}/bin/jq -r '.[]'
+ '';
suggest.filename = pkgs.writeDash "suggest" ''
echo "$@" >> playlist_suggest
'';
@@ -316,15 +210,8 @@ in {
user = {
name = "radio";
};
- script = ''. ${pkgs.writeDash "radio" ''
+ scriptFile = pkgs.writeDash "radio" ''
case "$Method $Request_URI" in
- "GET /current")
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- ${print_current_json}/bin/print_current_json
- exit
- ;;
"POST /skip")
printf 'HTTP/1.1 200 OK\r\n'
printf 'Connection: close\r\n'
@@ -344,7 +231,7 @@ in {
exit
;;
esac
- ''}'';
+ '';
};
services.nginx = {
@@ -365,7 +252,7 @@ in {
alias /var/lib/radio/recent;
'';
locations."= /current".extraConfig = ''
- proxy_pass http://localhost:8001;
+ proxy_pass http://localhost:8002;
'';
locations."= /skip".extraConfig = ''
proxy_pass http://localhost:8001;
@@ -375,10 +262,11 @@ in {
'';
locations."= /radio.sh".alias = pkgs.writeScript "radio.sh" ''
#!/bin/sh
+ trap 'exit 0' EXIT
while sleep 1; do
mpv \
--cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \
- 'http://lassul.us:8000/radio.opus'
+ 'http://lassul.us:8000/radio.ogg'
done
'';
locations."= /controls".extraConfig = ''
diff --git a/lass/2configs/radio/news.nix b/lass/2configs/radio/news.nix
index e5b5405ff..0dc711e6c 100644
--- a/lass/2configs/radio/news.nix
+++ b/lass/2configs/radio/news.nix
@@ -3,7 +3,8 @@ let
send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
${pkgs.vorbis-tools}/bin/oggenc - |
- ${pkgs.libshout}/bin/shout --format ogg --host localhost --port 1338 --mount /live
+ ${pkgs.cyberlocker-tools}/bin/cput news.ogg
+ ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/newsshow
'';
gc_news = pkgs.writers.writeDashBin "gc_news" ''
diff --git a/lass/2configs/radio/radio.liq b/lass/2configs/radio/radio.liq
new file mode 100644
index 000000000..70d316043
--- /dev/null
+++ b/lass/2configs/radio/radio.liq
@@ -0,0 +1,112 @@
+log.stdout.set(true)
+
+# use yt-dlp
+settings.protocol.youtube_dl.path.set("yt-dlp")
+
+## functions
+
+def stringify_attrs(attrs) =
+ let json.stringify out = (attrs : [(string * string)] as json.object)
+ out
+end
+
+def filter_graveyard(req) =
+ filename = request.filename(req)
+ if string.match(pattern = '.*/\\.graveyard/.*', filename) then
+ false
+ else
+ true
+ end
+end
+
+def queue_contents(q) =
+ list.map(fun (req) -> request.uri(req), q)
+end
+## main
+
+env = environment()
+port = string.to_int(env["RADIO_PORT"], default = 8000)
+
+all_music = playlist(env["MUSIC"], check_next = filter_graveyard)
+wishlist = request.queue()
+tracks = fallback(track_sensitive = true, [wishlist, all_music])
+tracks = blank.eat(tracks)
+
+last_metadata = ref([])
+def on_metadata(m) =
+ last_metadata := m
+ print("changing tracks")
+ out = process.read(env["HOOK_TRACK_CHANGE"], env = m)
+ print(out)
+end
+tracks.on_metadata(on_metadata)
+
+# some nice effects
+music = crossfade(tracks)
+music = mksafe(music)
+music = normalize(music)
+
+news = request.queue()
+radio = smooth_add(normal = music, special = amplify(1.5, news))
+
+if string.length(env["ICECAST_HOST"]) > 0 then
+ output.icecast(host = env["ICECAST_HOST"], mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), music)
+ output.icecast(host = env["ICECAST_HOST"], mount = '/music.mp3', password = 'hackme', %mp3.vbr(), music)
+ output.icecast(host = env["ICECAST_HOST"], mount = '/music.opus', password = 'hackme', %opus(bitrate = 128), music)
+
+ output.icecast(host = env["ICECAST_HOST"], mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), radio)
+ output.icecast(host = env["ICECAST_HOST"], mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), radio)
+ output.icecast(host = env["ICECAST_HOST"], mount = '/radio.opus', password = 'hackme', %opus(bitrate = 128), radio)
+else
+ output(fallible = true, buffer(radio))
+end
+
+interactive.harbor(port = port)
+
+def current(~protocol, ~headers, ~data, uri) =
+ http.response(content_type = "application/json", data = stringify_attrs(
+ !last_metadata
+ ))
+end
+harbor.http.register("/current", port = port, current)
+
+def skip(~protocol, ~headers, ~data, uri) =
+ tracks.skip()
+ http.response(content_type = "application/json", data = stringify_attrs(
+ !last_metadata
+ ))
+end
+harbor.http.register("/skip", method = "POST", port = port, skip)
+
+def all_tracks(~protocol, ~headers, ~data, uri) =
+ http.response(content_type = "application/json", data = json.stringify(
+ all_music.remaining_files()
+ ))
+end
+harbor.http.register("/all_tracks", port = port, all_tracks)
+
+def wish_track(~protocol, ~headers, ~data, uri) =
+ # disallow process:
+ if string.match(pattern = '^process:', data) then
+ http.response(code = 400)
+ else
+ # TODO report errors back
+ wish = request.create(data)
+ wishlist.push(wish)
+ http.response(content_type = "application/json", data = "ok")
+ end
+end
+harbor.http.register("/wish", method = "POST", port = port, wish_track)
+
+def wish_tracklist(~protocol, ~headers, ~data, uri) =
+ http.response(content_type = "application/json", data = json.stringify(
+ queue_contents(wishlist.queue())
+ ))
+end
+harbor.http.register("/wish", port = port, wish_tracklist)
+
+def newsshow(~protocol, ~headers, ~data, uri) =
+ news.push(request.create("http://c.r/news.ogg"))
+ http.response(content_type = "application/json", data = "ok")
+end
+harbor.http.register("/newsshow", method = "POST", port = port, newsshow)
diff --git a/lass/2configs/radio/shell.nix b/lass/2configs/radio/shell.nix
new file mode 100644
index 000000000..9d00e3b06
--- /dev/null
+++ b/lass/2configs/radio/shell.nix
@@ -0,0 +1,7 @@
+{ pkgs ? import <nixpkgs> {} }:
+pkgs.mkShell {
+ buildInputs = [
+ pkgs.liquidsoap
+ pkgs.yt-dlp
+ ];
+}
diff --git a/lass/2configs/radio/weather.nix b/lass/2configs/radio/weather.nix
index 3beac6693..704bf7218 100644
--- a/lass/2configs/radio/weather.nix
+++ b/lass/2configs/radio/weather.nix
@@ -6,7 +6,7 @@ let
} ./weather_for_ips.py;
weather_report = pkgs.writers.writeDashBin "weather_report" ''
- set -efu
+ set -efux
export PATH="${lib.makeBinPath [
pkgs.coreutils
pkgs.curl
@@ -14,7 +14,7 @@ let
pkgs.jc
pkgs.jq
]}"
- curl -z /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb
+ curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb
MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB
OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY
ss -no 'sport = :8000' |
@@ -42,7 +42,7 @@ in {
--arg to "$(date -u +'%FT%TZ' -d '+1 hours')" \
--slurp --raw-input --compact-output --ascii-output \
'{text: ., from: $from, to: $to, priority: 100}' |
- retry -t 5 -d 10 -- curl -v -d@- http://radio-news.r
+ retry -t 5 -d 10 -- curl -fSs -d@- http://radio-news.r
'';
startAt = "*:58:00";
serviceConfig = {
diff --git a/lass/2configs/radio/weather_for_ips.py b/lass/2configs/radio/weather_for_ips.py
index 587cc1f28..1f8489bd1 100644
--- a/lass/2configs/radio/weather_for_ips.py
+++ b/lass/2configs/radio/weather_for_ips.py
@@ -24,9 +24,10 @@ for ip in fileinput.input():
weather = json.loads(resp.text)
output.append(
f'Weather report for {location.city.name}, {location.country.name}. '
- f'Currently it is {weather["current"]["weather"][0]["description"]} outside '
+ f'It is {weather["current"]["weather"][0]["description"]} outside '
f'with a temperature of {weather["current"]["temp"]:.1f} degrees, '
- f'and a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second. '
+ f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second '
+ f'and a humidity of {weather["current"]["humidity"]} percent. '
f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. '
)
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index b8c9d4f8d..746bc069d 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -27,6 +27,15 @@
LocalDiscovery = no
''}
'';
+ tincUp = lib.mkIf config.systemd.network.enable "";
+ };
+
+ systemd.network.networks.retiolum = {
+ matchConfig.Name = "retiolum";
+ address = [
+ "${config.krebs.build.host.nets.retiolum.ip4.addr}/16"
+ "${config.krebs.build.host.nets.retiolum.ip6.addr}/16"
+ ];
};
nixpkgs.config.packageOverrides = pkgs: {
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 22b1669b0..bffa1036b 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -174,7 +174,6 @@ rec {
services.phpfpm.pools."${domain}" = {
user = "nginx";
group = "nginx";
- phpPackage = pkgs.php74;
extraConfig = ''
listen = /srv/http/${domain}/phpfpm.pool
pm = dynamic
@@ -228,7 +227,6 @@ rec {
services.phpfpm.pools."${domain}" = {
user = "nginx";
group = "nginx";
- phpPackage = pkgs.php74;
extraConfig = ''
listen = /srv/http/${domain}/phpfpm.pool
pm = dynamic
diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix
index 54257d2c4..ba6358ab7 100644
--- a/lass/2configs/wiregrill.nix
+++ b/lass/2configs/wiregrill.nix
@@ -23,6 +23,13 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
{ precedence = 1000; predicate = "-i wiregrill -o eth0"; target = "ACCEPT"; }
{ precedence = 1000; predicate = "-o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
];
+ systemd.network.networks.wiregrill = {
+ matchConfig.Name = "wiregrill";
+ address =
+ (optional (!isNull self.ip4) "${self.ip4.addr}/16") ++
+ (optional (!isNull self.ip6) "${self.ip6.addr}/48")
+ ;
+ };
networking.wireguard.interfaces.wiregrill = {
ips =
diff --git a/lass/5pkgs/install-system/default.nix b/lass/5pkgs/install-system/default.nix
new file mode 100644
index 000000000..9a392e669
--- /dev/null
+++ b/lass/5pkgs/install-system/default.nix
@@ -0,0 +1,26 @@
+{ pkgs }:
+pkgs.writers.writeDashBin "install-system" ''
+ set -efux
+ SYSTEM=$1
+ TARGET=$2
+ # format
+ if ! (sshn "$TARGET" -- mountpoint /mnt); then
+ nix run github:numtide/nixos-remote -- --stop-after-disko --store-paths "$(nix-build --no-out-link -I stockholm="$HOME"/sync/stockholm -I nixos-config="$HOME"/sync/stockholm/lass/1systems/"$SYSTEM"/physical.nix '<nixpkgs/nixos>' -A config.system.build.diskoNoDeps)" /dev/null "$TARGET"
+ fi
+
+ # install dependencies
+ sshn "$TARGET" << SSH
+ nix-channel --update
+ nix-env -iA nixos.git
+ SSH
+
+ # populate
+ $(nix-build --no-out-link "$HOME"/sync/stockholm/lass/krops.nix -A populate --argstr name "$SYSTEM" --argstr target "$TARGET"/mnt/var/src --arg force true)
+
+ # install
+ sshn "$TARGET" << SSH
+ ln -s /mnt/var/src /var/src
+ NIXOS_CONFIG=/var/src/nixos-config nixos-install --no-root-password -I /var/src
+ zpool export -fa
+ SSH
+''
diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix
index d999a4334..27e59bb96 100644
--- a/lass/5pkgs/l-gen-secrets/default.nix
+++ b/lass/5pkgs/l-gen-secrets/default.nix
@@ -1,57 +1,82 @@
{ pkgs }:
-pkgs.writeDashBin "l-gen-secrets" ''
- HOSTNAME="$1"
+pkgs.writers.writeDashBin "l-gen-secrets" ''
+ set -efu
+ HOSTNAME=$1
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
+ if [ "''${DRYRUN-n}" = "n" ]; then
+ trap 'rm -rf $TMPDIR' EXIT
+ else
+ echo "$TMPDIR"
+ set -x
+ fi
+ mkdir -p $TMPDIR/out
+
PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
+ # ssh
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
- ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
- ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
- ${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/wiregrill.key
- ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub
- cat <<EOF > $TMPDIR/hashedPasswords.nix
+ ${pkgs.coreutils}/bin/mv $TMPDIR/ssh.id_ed25519 $TMPDIR/out/
+
+ # tor
+ ${pkgs.coreutils}/bin/timeout 1 ${pkgs.tor}/bin/tor --HiddenServiceDir $TMPDIR/tor --HiddenServicePort 1 --SocksPort 0 >/dev/null || :
+ ${pkgs.coreutils}/bin/mv $TMPDIR/tor/hs_ed25519_secret_key $TMPDIR/out/ssh-tor.priv
+
+ # tinc
+ ${pkgs.coreutils}/bin/mkdir -p $TMPDIR/tinc
+ ${pkgs.tinc_pre}/bin/tinc --config $TMPDIR/tinc generate-keys 4096 </dev/null
+ ${pkgs.coreutils}/bin/mv $TMPDIR/tinc/ed25519_key.priv $TMPDIR/out/retiolum.ed25519_key.priv
+ ${pkgs.coreutils}/bin/mv $TMPDIR/tinc/rsa_key.priv $TMPDIR/out/retiolum.rsa_key.priv
+
+ # wireguard
+ ${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/out/wiregrill.key
+ ${pkgs.coreutils}/bin/cat $TMPDIR/out/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub
+
+ # system passwords
+ cat <<EOF > $TMPDIR/out/hashedPasswords.nix
{
root = "$HASHED_PASSWORD";
mainUser = "$HASHED_PASSWORD";
}
EOF
- cd $TMPDIR
- for x in *; do
- ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null
- done
- echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null
+ set +f
+ if [ "''${DRYRUN-n}" = "n" ]; then
+ cd $TMPDIR/out
+ for x in *; do
+ ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null
+ done
+ echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null
+ ${pkgs.coreutils}/bin/cat $TMPDIR/tor/hostname | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/torname > /dev/null
+ fi
+ set -f
cat <<EOF
- $HOSTNAME = {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.changeme";
- ip6.addr = r6 "changeme";
- aliases = [
- "$HOSTNAME.r"
- ];
- tinc.pubkey = ${"''"}
- $(cat $TMPDIR/retiolum.rsa_key.pub)
- ${"''"};
- };
- wiregrill = {
- ip6.addr = w6 "changeme";
- aliases = [
- "$HOSTNAME.w"
- ];
- wireguard.pubkey = ${"''"}
- $(cat $TMPDIR/wiregrill.pub)
- ${"''"};
- };
+ { r6, w6, ... }:
+ {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.changeme";
+ ip6.addr = r6 "changeme";
+ aliases = [
+ "$HOSTNAME.r"
+ ];
+ tinc.pubkey = ${"''"}
+ $(cat $TMPDIR/tinc/rsa_key.pub | sed 's/^/ /')
+ ${"''"};
+ tinc.pubkey_ed25519 = "$(cat $TMPDIR/tinc/ed25519_key.pub | ${pkgs.gnused}/bin/sed 's/.* = //')";
+ };
+ wiregrill = {
+ ip6.addr = w6 "changeme";
+ aliases = [
+ "$HOSTNAME.w"
+ ];
+ wireguard.pubkey = ${"''"}
+ $(cat $TMPDIR/wiregrill.pub)
+ ${"''"};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
};
+ ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
+ }
EOF
-
- rm -rf $TMPDIR
''
-
diff --git a/lib/default.nix b/lib/default.nix
index 7c3b0370e..280f04299 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -39,6 +39,8 @@ let
ne = x: y: x != y;
mod = x: y: x - y * (x / y);
+ on = b: u: x: y: b (u x) (u y);
+
genid = lib.genid_uint32; # TODO remove
genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2;
genid_uint32 = import ./genid.nix { inherit lib; };
@@ -95,9 +97,12 @@ let
path = dirPath + "/${relPath}";
in
nameValuePair (toPackageName name) (f path))
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (attrNames (readDir dirPath))));
+ (attrNames
+ (filterAttrs isNixDirEntry (readDir dirPath))));
+
+ isNixDirEntry = name: type:
+ (type == "regular" && hasSuffix ".nix" name && name != "default.nix") ||
+ (type == "directory" && !hasPrefix "." name);
# https://tools.ietf.org/html/rfc5952
normalize-ip6-addr =
@@ -182,6 +187,30 @@ let
in
filter (x: x != []) ([acc.chunk] ++ acc.chunks);
+ # Filter adjacent duplicate elements.
+ uniq = uniqBy eq;
+
+ # Filter adjacent duplicate elements determined via the given function.
+ uniqBy = cmp: let
+ f = a: s:
+ if length s == 0 then
+ []
+ else let
+ b = head s;
+ in
+ if cmp a b then
+ f b (tail s)
+ else
+ [b] ++ f b (tail s);
+ in
+ s:
+ if length s == 0 then
+ []
+ else let
+ b = head s;
+ in
+ [b] ++ f b (tail s);
+
warnOldVersion = oldName: newName:
if compareVersions oldName newName != -1 then
trace "Upstream `${oldName}' gets overridden by `${newName}'." newName
@@ -191,3 +220,4 @@ let
in
lib
+// { inherit lib; }
diff --git a/lib/haskell.nix b/lib/haskell.nix
index 4f0ee05ab..f87cfa761 100644
--- a/lib/haskell.nix
+++ b/lib/haskell.nix
@@ -39,7 +39,12 @@ rec {
in
if parse == null then
(pkgs.writeText name s).overrideAttrs (old: {
- dependencies = old.dependencies or [] ++ dependencies;
+ dependencies =
+ lib.uniq
+ (lib.sort (lib.on lib.lessThan (lib.getAttr "name"))
+ (filter
+ (lib.ne null)
+ (old.dependencies or [] ++ dependencies)));
})
else
diff --git a/lib/types.nix b/lib/types.nix
index 0e0e093fb..9f278c650 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -18,9 +18,6 @@ rec {
type = label;
default = config._module.args.name;
};
- cores = mkOption {
- type = uint;
- };
nets = mkOption {
type = attrsOf net;
default = {};
@@ -136,7 +133,7 @@ rec {
default = null;
};
ip4 = mkOption {
- type = nullOr (submodule {
+ type = nullOr (submodule (ip4: {
options = {
addr = mkOption {
type = addr4;
@@ -146,13 +143,15 @@ rec {
} // {
retiolum.default = "10.243.0.0/16";
wiregrill.default = "10.244.0.0/16";
- }.${config._module.args.name} or {});
+ }.${config._module.args.name} or {
+ default = "${ip4.config.addr}/32";
+ });
};
- });
+ }));
default = null;
};
ip6 = mkOption {
- type = nullOr (submodule {
+ type = nullOr (submodule (ip6: {
options = {
addr = mkOption {
type = addr6;
@@ -163,9 +162,11 @@ rec {
} // {
retiolum.default = "42:0::/32";
wiregrill.default = "42:1::/32";
- }.${config._module.args.name} or {});
+ }.${config._module.args.name} or {
+ default = "${ip6.config.addr}/128";
+ });
};
- });
+ }));
default = null;
};
ssh = mkOption {
diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index d49ad158b..31da31a71 100644
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -43,16 +43,13 @@ in {
services.logrotate = {
enable = true;
- config = ''
- ${bgtaccess} ${bgterror} {
- rotate 5
- weekly
- create 600 nginx nginx
- postrotate
- ${pkgs.systemd}/bin/systemctl reload nginx
- endscript
- }
- '';
+ settings.bgt = {
+ files = [ bgtaccess bgterror ];
+ rotate = 5;
+ frequency = "weekly";
+ create = "600 nginx nginx";
+ postrotate = "${pkgs.systemd}/bin/systemctl reload nginx";
+ };
};
# 20.09 unharden nginx to write logs
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 66c77e1eb..9a08a4497 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -11,7 +11,7 @@ with import <stockholm/lib>;
./editor/vim.nix
./binary-cache/nixos.nix
./minimal.nix
- ./security/hotfix.nix
+ # ./security/hotfix.nix
];
# users are super important
diff --git a/makefu/2configs/gui/look-up.nix b/makefu/2configs/gui/look-up.nix
new file mode 100644
index 000000000..e04098cc2
--- /dev/null
+++ b/makefu/2configs/gui/look-up.nix
@@ -0,0 +1,18 @@
+{pkgs, config, ... }:
+let
+ user = config.krebs.build.user.name;
+ window-manager = "awesome";
+in
+ {
+ systemd.services.look-up = {
+ startAt = "*:30";
+ serviceConfig = {
+ ExecStart= pkgs.writeDash "look-up" ''
+ set -x
+ eval "export '$(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)'"
+ ${pkgs.libnotify}/bin/notify-send -u critical -t 9999999 'look up once in a while'
+ '';
+ User = user;
+ };
+ };
+}
diff --git a/makefu/2configs/home/3dprint.nix b/makefu/2configs/home/3dprint.nix
index 859a18840..09f2ce6fd 100644
--- a/makefu/2configs/home/3dprint.nix
+++ b/makefu/2configs/home/3dprint.nix
@@ -9,7 +9,7 @@
# also ensure that the webcam always comes up under the same name
services.udev.extraRules = ''
SUBSYSTEM=="vchiq",GROUP="video",MODE="0660"
- SUBSYSTEM=="video4linux", ATTR{name}=="UVC Camera (046d:0825)",SYMLINK+="web_cam", MODE="0666", GROUP="video"
+ KERNEL=="video*",ATTRS{vendor}=="0x046d", ATTRS{device}=="0x0825", GROUP="video", SYMLINK+="web_cam"
'';
systemd.services.octoprint = {
path = [ pkgs.libraspberrypi ];
diff --git a/makefu/2configs/home/ham/automation/fenster_auf.nix b/makefu/2configs/home/ham/automation/fenster_auf.nix
index b3682fe0c..698327ff4 100644
--- a/makefu/2configs/home/ham/automation/fenster_auf.nix
+++ b/makefu/2configs/home/ham/automation/fenster_auf.nix
@@ -88,7 +88,7 @@ in {
duschfenster_lang_offen.name = "Duschfenster lange offen";
ist_sommer = {
name = "Es ist Sommer";
- initial = true; # TODO
+ initial = false; # TODO
};
};
diff --git a/makefu/2configs/home/ham/automation/find_phone.nix b/makefu/2configs/home/ham/automation/find_phone.nix
new file mode 100644
index 000000000..d94942c9f
--- /dev/null
+++ b/makefu/2configs/home/ham/automation/find_phone.nix
@@ -0,0 +1,32 @@
+{
+ services.home-assistant.config.script = {
+ find_felix_phone.sequence = [
+ {
+ service = "notify.mobile_app_pixel_3a";
+ data = {
+ title= "Finde Mich!";
+ message= "Such Such Such";
+ data = {
+ ttl = 0;
+ priority = "high";
+ channel = "alarm_stream";
+ };
+ };
+ }
+ ];
+ find_tablet.sequence = [
+ {
+ service = "notify.mobile_app_nova3";
+ data = {
+ title = "Finde Mich!";
+ message = "Such Such Such";
+ data = {
+ ttl = 0;
+ priority = "high";
+ channel = "alarm_stream";
+ };
+ };
+ }
+ ];
+ };
+}
diff --git a/makefu/2configs/home/ham/automation/shutdown_button.nix b/makefu/2configs/home/ham/automation/shutdown_button.nix
index ec1a25567..ec84bbe94 100644
--- a/makefu/2configs/home/ham/automation/shutdown_button.nix
+++ b/makefu/2configs/home/ham/automation/shutdown_button.nix
@@ -47,6 +47,9 @@ in {
{ service = "media_player.media_stop";
target.entity_id = all_media_player;
}
+ { service = "script.turn_on";
+ target.entity_id = "script.alle_heizungen_aus";
+ }
];
}
];
diff --git a/makefu/2configs/home/ham/automation/urlaub.nix b/makefu/2configs/home/ham/automation/urlaub.nix
index 7f47c9da5..019e65d25 100644
--- a/makefu/2configs/home/ham/automation/urlaub.nix
+++ b/makefu/2configs/home/ham/automation/urlaub.nix
@@ -11,18 +11,6 @@ let
weihnachtslicht = "light.wohnzimmer_fenster_lichterkette_licht";
fernsehlicht = "light.wled";
- all_lights = [
- schranklicht weihnachtslicht fernsehlicht
- # extra lights to also turn off
- # wohnzimmer
- "light.wohnzimmer_komode_osram"
- "light.wohnzimmer_stehlampe_osram"
- # arbeitszimmer
- "light.wled_4"
- "light.arbeitszimmer_schrank_dimmer"
- "light.arbeitszimmer_pflanzenlicht"
- ];
-
final_off = "00:37";
turn_on = entity_id: offset:
diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix
index b08152935..ca5fcd17c 100644
--- a/makefu/2configs/home/ham/default.nix
+++ b/makefu/2configs/home/ham/default.nix
@@ -18,6 +18,7 @@ in {
# ./multi/flurlicht.nix
./multi/kurzzeitwecker.nix
./multi/the_playlist.nix
+ ./multi/heizung.nix
# ./multi/fliegen-couter.nix
./device_tracker/openwrt.nix
@@ -43,9 +44,10 @@ in {
./automation/wohnzimmer_rf_fernbedienung.nix
# ./automation/ladestecker_timer.nix
./automation/flurlicht.nix
- ./automation/giesskanne.nix
- ./automation/pflanzen_giessen_erinnerung.nix
- # ./automation/urlaub.nix
+ # ./automation/giesskanne.nix
+ # ./automation/pflanzen_giessen_erinnerung.nix
+ ./automation/find_phone.nix
+ ./automation/urlaub.nix
./automation/moodlight.nix
./automation/shutdown_button.nix
./automation/project_tracker.nix
@@ -192,5 +194,10 @@ in {
configDir = hassdir;
};
+ krebs.secret.files."hass-secrets" = {
+ source-path = toString <secrets> + "/hass/secrets.yaml";
+ path = "/var/lib/hass/secrets.yaml";
+ owner.name = "hass";
+ };
state = [ "/var/lib/hass/known_devices.yaml" ];
}
diff --git a/makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix b/makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix
index 26fec370f..11d13886e 100644
--- a/makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix
+++ b/makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix
@@ -63,6 +63,12 @@ in
(remote_action "b9" [ { service = "rest_command.good_song"; } ])
(remote_action "b10" [ { service = "rest_command.bad_song"; } ])
+ (remote_action "b11" [
+ {
+ service = "script.turn_on";
+ target.entity_id = "script.find_felix_phone";
+ }
+ ])
(remote_action "3"
((say "Starte Lass") ++ [
diff --git a/makefu/2configs/home/ham/multi/heizung.nix b/makefu/2configs/home/ham/multi/heizung.nix
new file mode 100644
index 000000000..73f90dfe0
--- /dev/null
+++ b/makefu/2configs/home/ham/multi/heizung.nix
@@ -0,0 +1,11 @@
+{
+ services.home-assistant.config =
+ {
+ # 18 Grad
+ script.alle_heizungen_aus.sequence = [{
+ service = "climate.set_temperature";
+ target.entity_id = [ "climate.wohnzimmer_heizung" ];
+ data.temperature = "18.0";
+ }];
+ };
+}
diff --git a/makefu/2configs/home/ham/sensor/dwd.nix b/makefu/2configs/home/ham/sensor/dwd.nix
index c1d55d03c..623f099a3 100644
--- a/makefu/2configs/home/ham/sensor/dwd.nix
+++ b/makefu/2configs/home/ham/sensor/dwd.nix
@@ -4,5 +4,7 @@
{ platform = "dwd_weather_warnings";
region_name = "Stadt Stuttgart";
}
+ { platform = "nina";
+ }
];
}
diff --git a/makefu/2configs/home/ham/sensor/outside.nix b/makefu/2configs/home/ham/sensor/outside.nix
index 332746be8..d05e8a1f6 100644
--- a/makefu/2configs/home/ham/sensor/outside.nix
+++ b/makefu/2configs/home/ham/sensor/outside.nix
@@ -4,8 +4,7 @@
services.home-assistant.config.sensor =
[
{ platform = "darksky";
- api_key = lib.removeSuffix "\n"
- (builtins.readFile <secrets/hass/darksky.apikey>);
+ api_key = "!secret darksky";
language = "de";
monitored_conditions = [
"summary" "icon"
@@ -21,5 +20,11 @@
units = "si" ;
scan_interval = "00:30:00";
}
+ {
+ platform = "open_meteo";
+ }
+ {
+ platform = "met";
+ }
];
}
diff --git a/makefu/2configs/home/music.nix b/makefu/2configs/home/music.nix
index 205b47fec..f3b9f50f1 100644
--- a/makefu/2configs/home/music.nix
+++ b/makefu/2configs/home/music.nix
@@ -9,7 +9,8 @@ in
MusicFolder = "/media/cryptX/music/kinder";
Address = "0.0.0.0";
};
- systemd.services.navidrome.after = [ "media-cryptX.mount" ];
+ systemd.services.navidrome.after = [ "media-cryptX.mount" "cryptsetup.target"
+"local-fs.target" "remote-fs.target" ];
state = [ "/var/lib/navidrome" ];
# networking.firewall.allowedTCPPorts = [ 4040 ];
@@ -27,4 +28,11 @@ in
locations."/".proxyWebsockets = true;
};
networking.firewall.allowedTCPPorts = [ port ];
+ # also configure dlna
+ services.minidlna.enable = true;
+ services.minidlna.settings = {
+ inotify = "yes";
+ friendly_name = "omo";
+ media_dir = [ "A,/media/cryptX/music" ];
+ };
}
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index cb78c823f..a7181cfe9 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -12,6 +12,7 @@ let
in {
imports = [
./gui/base.nix
+ ./gui/look-up.nix
./fetchWallpaper.nix
./zsh-user.nix
./tools/core.nix
@@ -72,15 +73,4 @@ in {
location.latitude = 48.7;
location.longitude = 9.1;
- systemd.services.look-up = {
- startAt = "*:30";
- serviceConfig = {
- ExecStart= pkgs.writeDash "look-up" ''
- set -x
- eval "export '$(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)'"
- ${pkgs.libnotify}/bin/notify-send -u critical -t 9999999 'look up once in a while'
- '';
- User = user;
- };
- };
}
diff --git a/makefu/2configs/security/hotfix.nix b/makefu/2configs/security/hotfix.nix
deleted file mode 100644
index fc52f21e6..000000000
--- a/makefu/2configs/security/hotfix.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{ pkgs, lib,... }: {
- # https://github.com/berdav/CVE-2021-4034
- security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
-}
diff --git a/makefu/2configs/stats/telegraf/default.nix b/makefu/2configs/stats/telegraf/default.nix
index 5a81e2749..941685695 100644
--- a/makefu/2configs/stats/telegraf/default.nix
+++ b/makefu/2configs/stats/telegraf/default.nix
@@ -17,13 +17,13 @@ in {
# data_format = "influx";
#}];
- #mqtt = [{
- # servers = [ mqtt_server ];
- # topic_prefix = "/telegraf";
- # data_format = "json";
- # qos = 0;
- # batch = false;
- #}];
+ mqtt = [{
+ servers = [ mqtt_server ];
+ topic_prefix = "/telegraf";
+ data_format = "json";
+ qos = 0;
+ batch = false;
+ }];
};
};
};
diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix
index 37673768a..3086a0bb2 100644
--- a/makefu/2configs/tools/all.nix
+++ b/makefu/2configs/tools/all.nix
@@ -1,6 +1,6 @@
{
imports = [
- ./android-pentest.nix
+ # ./android-pentest.nix
./consoles.nix
./core-gui.nix
./core.nix
diff --git a/makefu/2configs/tools/init-host/default.nix b/makefu/2configs/tools/init-host/default.nix
index d1d3f7195..84f8e7730 100644
--- a/makefu/2configs/tools/init-host/default.nix
+++ b/makefu/2configs/tools/init-host/default.nix
@@ -23,7 +23,6 @@ pkgs.writeDashBin "generate-secrets" ''
cat <<EOF
$HOSTNAME = {
- cores = 1;
owner = config.krebs.users.makefu;
nets = {
retiolum = {
diff --git a/makefu/5pkgs/airsensor-py/default.nix b/makefu/5pkgs/airsensor-py/default.nix
index 4eae26c0d..86ea22d8d 100644
--- a/makefu/5pkgs/airsensor-py/default.nix
+++ b/makefu/5pkgs/airsensor-py/default.nix
@@ -2,7 +2,7 @@
with pkgs.python3Packages;
buildPythonApplication rec {
name = "airsensor-py-${version}";
- version = "2017-12-05";
+ version = "1.0.0";
propagatedBuildInputs = [
pyusb
click
@@ -11,7 +11,7 @@ buildPythonApplication rec {
src = fetchFromGitHub {
owner = "makefu";
repo = "airsensor-py";
- rev = "7ac5f185dc848fca1b556e4c0396dd73f6a93995";
- sha256 = "0387b025y8kb0zml7916p70hmzc3y18kqh46b9xv5qayljxymq2w";
+ rev = "1.0.0";
+ sha256 = "1jpvvl965bg3ymvr58c433jyy0smczn65fnqsskxn7basznii5g8";
};
}
diff --git a/makefu/5pkgs/pkgrename/default.nix b/makefu/5pkgs/pkgrename/default.nix
index 5eeb161e7..1b5ecc486 100644
--- a/makefu/5pkgs/pkgrename/default.nix
+++ b/makefu/5pkgs/pkgrename/default.nix
@@ -2,19 +2,19 @@
}:
stdenv.mkDerivation rec {
name = "pkgrename";
- version = "1.03";
+ version = "1.05";
src = fetchFromGitHub {
owner = "hippie68";
repo = "pkgrename";
- rev = "c3e5c47ed9367273bd09577af46d3d9bf87b2a50";
- sha256 = "0cphxdpj04h1i0qf5mji3xqdsbyilvd5b4gwp4vx914r6k5f0xf3";
+ rev = "c7c95f0ea49324433db4a7df8db8b0905198e62e";
+ sha256 = "komFm9VRdH4DPxcnHzbm/sGVEWMbfcvFPLEFdbU/K5g=";
};
buildInputs = [ curl.dev ];
buildPhase = ''
cd pkgrename.c
- gcc pkgrename.c src/*.c -o pkgrename -lcurl -s -O1 $(curl-config --cflags --libs)
+ $CC pkgrename.c src/*.c -o pkgrename -s -O3 $(curl-config --cflags --libs) -Wl,--allow-multiple-definition
'';
installPhase = ''
install -D pkgrename $out/bin/pkgrename
diff --git a/makefu/5pkgs/ratt/default.nix b/makefu/5pkgs/ratt/default.nix
index 0ad94c55e..575a33f2b 100644
--- a/makefu/5pkgs/ratt/default.nix
+++ b/makefu/5pkgs/ratt/default.nix
@@ -11,7 +11,7 @@ buildGoModule rec {
};
proxyVendor = true;
- vendorSha256 = "sha256-AOtWR7Ew+0I7+TrMZOCxOKGCv+mlvcqy9s+gX2JKwnE=";
+ vendorSha256 = "sha256-tCSwyusVstEkz2pXYGX5JmS+VgqErSPtnh4LomaaFcE=";
# tests try to access the internet to scrape websites
doCheck = false;
diff --git a/makefu/krops.nix b/makefu/krops.nix
index d907c8e36..94677609e 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -75,20 +75,20 @@
(lib.mkIf ( host-src.hw ) {
nixos-hardware.git = {
url = https://github.com/nixos/nixos-hardware.git;
- ref = "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1";
+ ref = "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b";
};
})
(lib.mkIf ( host-src.nix-ld ) {
nix-ld.git = {
url = https://github.com/Mic92/nix-ld.git;
- ref = "c25cc4b";
+ ref = "7d251c0c5adf6b9b003499243be257d0f130b3d6";
};
})
(lib.mkIf ( host-src.home-manager ) {
home-manager.git = {
url = https://github.com/rycee/home-manager;
- ref = "1de492f";
+ ref = "054d9e3187ca00479e8036dc0e92900a384f30fd";
};
})
];
diff --git a/submodules/disko b/submodules/disko
new file mode 160000
+Subproject df3a607ad7ee431f4831a51af2c464aa8a8813f
diff --git a/submodules/nix-writers b/submodules/nix-writers
-Subproject c528cf970e292790b414b4c1c8c8e9d7e73b2a7
+Subproject 0c8de150426476b5287cf2787bbd85263691a80
diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix
index c36fbc4bf..90501d56d 100644
--- a/tv/1systems/alnus/config.nix
+++ b/tv/1systems/alnus/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
imports = [
<stockholm/tv>
<stockholm/tv/2configs/hw/x220.nix>
diff --git a/tv/1systems/alnus/lib b/tv/1systems/alnus/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/alnus/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/au/lib b/tv/1systems/au/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/au/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/bu/config.nix b/tv/1systems/bu/config.nix
index 11cdac398..22e5f1484 100644
--- a/tv/1systems/bu/config.nix
+++ b/tv/1systems/bu/config.nix
@@ -1,7 +1,5 @@
-{ config, pkgs, ... }: let
- lib = import ../../../lib;
-in {
-
+with import ./lib;
+{ config, pkgs, ... }: {
imports = [
./disks.nix
<stockholm/tv>
diff --git a/tv/1systems/bu/lib b/tv/1systems/bu/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/bu/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/lib b/tv/1systems/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index 00bd5da15..00cdf84c1 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
imports = [
<stockholm/tv>
<stockholm/tv/2configs/br.nix>
diff --git a/tv/1systems/mu/lib b/tv/1systems/mu/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/mu/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix
index 4dc0b4e82..fb67814db 100644
--- a/tv/1systems/nomic/config.nix
+++ b/tv/1systems/nomic/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
krebs.build.host = config.krebs.hosts.nomic;
imports = [
diff --git a/tv/1systems/nomic/lib b/tv/1systems/nomic/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/nomic/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix
index 44c7685e8..8df29f75e 100644
--- a/tv/1systems/querel/config.nix
+++ b/tv/1systems/querel/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
imports = [
<stockholm/tv>
<stockholm/tv/2configs/retiolum.nix>
diff --git a/tv/1systems/querel/lib b/tv/1systems/querel/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/querel/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix
index bf250cefa..4d45f6d40 100644
--- a/tv/1systems/wu/config.nix
+++ b/tv/1systems/wu/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ../lib;
{ config, pkgs, ... }: {
-
krebs.build.host = config.krebs.hosts.wu;
imports = [
diff --git a/tv/1systems/wu/lib b/tv/1systems/wu/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/wu/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix
index 8a86e209b..6ca62ac0d 100644
--- a/tv/1systems/xu/config.nix
+++ b/tv/1systems/xu/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
krebs.build.host = config.krebs.hosts.xu;
imports = [
@@ -11,7 +10,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/gitrepos.nix>
<stockholm/tv/2configs/mail-client.nix>
<stockholm/tv/2configs/man.nix>
- <stockholm/tv/2configs/nginx/krebs-pages.nix>
<stockholm/tv/2configs/nginx/public_html.nix>
<stockholm/tv/2configs/ppp.nix>
<stockholm/tv/2configs/pulse.nix>
diff --git a/tv/1systems/xu/lib b/tv/1systems/xu/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/xu/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix
index 8a3040a36..169fa6bd6 100644
--- a/tv/1systems/zu/config.nix
+++ b/tv/1systems/zu/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
krebs.build.host = config.krebs.hosts.zu;
imports = [
diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix
index a5e0cf4c7..c8ab73b50 100644
--- a/tv/2configs/backup.nix
+++ b/tv/2configs/backup.nix
@@ -1,6 +1,5 @@
-{ config, lib, ... }:
-with import <stockholm/lib>;
-{
+with import ./lib;
+{ config, pkgs, ... }: {
krebs.backup.plans = {
} // mapAttrs (_: recursiveUpdate {
snapshots = {
diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix
index 92e2499a9..e38566b78 100644
--- a/tv/2configs/bash/default.nix
+++ b/tv/2configs/bash/default.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
programs.bash = {
interactiveShellInit = /* sh */ ''
HISTCONTROL='erasedups:ignorespace'
@@ -17,8 +14,20 @@ with import <stockholm/lib>;
case $UID in
${shell.escape (toString config.krebs.users.tv.uid)})
- if test ''${SHLVL-1} = 1; then
- case ''${XMONAD_SPAWN_WORKSPACE-} in
+ if test ''${SHLVL-1} = 1 && test -n "''${DISPLAY-}"; then
+ _CURRENT_DESKTOP_NAME=''${_CURRENT_DESKTOP_NAME-$(
+ ${pkgs.xorg.xprop}/bin/xprop -notype -root \
+ 32i _NET_CURRENT_DESKTOP \
+ 8s _NET_DESKTOP_NAMES \
+ |
+ ${pkgs.gnused}/bin/sed -r 's/.* = //;s/"//g;s/, /\a/g' |
+ {
+ read -r _NET_CURRENT_DESKTOP
+ IFS=$'\a' read -ra _NET_DESKTOP_NAMES
+ echo "''${_NET_DESKTOP_NAMES[$_NET_CURRENT_DESKTOP]}"
+ }
+ )}
+ case $_CURRENT_DESKTOP_NAME in
stockholm)
cd ~/stockholm
;;
diff --git a/tv/2configs/bash/lib b/tv/2configs/bash/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/bash/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix
index 58791f4f6..66d740715 100644
--- a/tv/2configs/binary-cache/default.nix
+++ b/tv/2configs/binary-cache/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }: with import <stockholm/lib>;
+{ config, lib, pkgs, ... }: with import ./lib;
{
environment.etc."binary-cache.pubkey".text =
config.krebs.build.host.binary-cache.pubkey;
diff --git a/tv/2configs/binary-cache/lib b/tv/2configs/binary-cache/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/binary-cache/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/br.nix b/tv/2configs/br.nix
index e6a46e903..4a8db2e38 100644
--- a/tv/2configs/br.nix
+++ b/tv/2configs/br.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
imports = [
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index f3ce2da40..9babb92c2 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
boot.tmpOnTmpfs = true;
krebs.enable = true;
@@ -38,7 +37,7 @@ with import <stockholm/lib>;
{
i18n.defaultLocale = mkDefault "C.UTF-8";
security.sudo.extraConfig = ''
- Defaults env_keep+="SSH_CLIENT XMONAD_SPAWN_WORKSPACE"
+ Defaults env_keep+="SSH_CLIENT _CURRENT_DESKTOP_NAME"
Defaults mailto="${config.krebs.users.tv.mail}"
Defaults !lecture
'';
@@ -46,14 +45,15 @@ with import <stockholm/lib>;
}
{
- # TODO check if both are required:
- nix.sandboxPaths = [ "/etc/protocols" pkgs.iana-etc.outPath ];
-
- nix.requireSignedBinaryCaches = true;
-
- nix.binaryCaches = ["https://cache.nixos.org"];
+ nix.extraOptions = ''
+ auto-optimise-store = true
+ '';
- nix.useSandbox = true;
+ # TODO check if both are required:
+ nix.settings.extra-sandbox-paths = [
+ "/etc/protocols"
+ pkgs.iana-etc.outPath
+ ];
}
{
nixpkgs.config.allowUnfree = false;
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index 3d4ada46b..fefc6dd24 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
environment.systemPackages = [
pkgs.eximlog
];
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 4a0dcf616..e905536df 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
environment.systemPackages = [
pkgs.eximlog
];
diff --git a/tv/2configs/gitconfig.nix b/tv/2configs/gitconfig.nix
index 771a4b2a4..fb9b78e6a 100644
--- a/tv/2configs/gitconfig.nix
+++ b/tv/2configs/gitconfig.nix
@@ -1,8 +1,5 @@
-{ config, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
environment.etc.gitconfig.text = ''
[alias]
patch = !${pkgs.git}/bin/git --no-pager diff --no-color
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 50444c1ee..d8e7755fe 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let {
+with import ./lib;
+{ config, pkgs, ... }: let {
body = {
@@ -134,7 +131,6 @@ let {
web-routes-wai-custom = {};
xintmap = {};
xmonad-aeson = {};
- xmonad-stockholm = {};
xmonad-web = {};
} // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) {
cac-api = {
@@ -165,6 +161,7 @@ let {
soundcloud = {
cgit.desc = "SoundCloud command line interface";
};
+ xmonad-stockholm = {};
});
restricted-repos = mapAttrs make-restricted-repo (
diff --git a/tv/2configs/htop.nix b/tv/2configs/htop.nix
index e78caeb5f..09372980f 100644
--- a/tv/2configs/htop.nix
+++ b/tv/2configs/htop.nix
@@ -1,8 +1,5 @@
-{ pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ pkgs, ... }: {
nixpkgs.config.packageOverrides = super: {
htop = pkgs.symlinkJoin {
name = "htop";
diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix
index dd6fcfe67..b998fcf7c 100644
--- a/tv/2configs/hw/AO753.nix
+++ b/tv/2configs/hw/AO753.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
imports = [
../smartd.nix
diff --git a/tv/2configs/hw/lib b/tv/2configs/hw/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/hw/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix
index 09dd9a49d..bf749a98a 100644
--- a/tv/2configs/hw/w110er.nix
+++ b/tv/2configs/hw/w110er.nix
@@ -1,6 +1,5 @@
-{ pkgs, ... }: let
- lib = import <stockholm/lib>;
-in {
+with import ./lib;
+{ pkgs, ... }: {
imports = [
../smartd.nix
{
diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix
index 8c68cdef0..ee3c7dc04 100644
--- a/tv/2configs/hw/x220.nix
+++ b/tv/2configs/hw/x220.nix
@@ -1,7 +1,5 @@
-{ config, pkgs, ... }: let
- lib = import <stockholm/lib>;
-in
-{
+with import ./lib;
+{ config, pkgs, ... }: {
imports = [
../smartd.nix
{
@@ -28,8 +26,8 @@ in
}
{
- nix.buildCores = 2;
- nix.maxJobs = 2;
+ nix.settings.cores = 2;
+ nix.settings.max-jobs = 2;
}
(if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then {
nix.daemonCPUSchedPolicy = "batch";
@@ -61,6 +59,9 @@ in
emulateWheel = true;
};
+ # Conflicts with TLP, but gets enabled by DEs.
+ services.power-profiles-daemon.enable = false;
+
services.tlp.enable = true;
services.tlp.settings = {
START_CHARGE_THRESH_BAT0 = 80;
diff --git a/tv/2configs/imgur.nix b/tv/2configs/imgur.nix
index ba84fd2df..e22122761 100644
--- a/tv/2configs/imgur.nix
+++ b/tv/2configs/imgur.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
services.nginx.virtualHosts."ni.r" = {
locations."/image" = {
extraConfig = /* nginx */ ''
@@ -18,8 +17,6 @@ with import <stockholm/lib>;
krebs.htgen.imgur = {
port = 7771;
- script = /* sh */ ''
- (. ${pkgs.htgen-imgur}/bin/htgen-imgur)
- '';
+ scriptFile = "${pkgs.htgen-imgur}/bin/htgen-imgur";
};
}
diff --git a/tv/2configs/lib b/tv/2configs/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix
index efea3a844..6844df99b 100644
--- a/tv/2configs/nginx/default.nix
+++ b/tv/2configs/nginx/default.nix
@@ -1,8 +1,5 @@
-{ config, lib, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, ... }: {
services.nginx = {
enableReload = true;
diff --git a/tv/2configs/nginx/krebs-pages.nix b/tv/2configs/nginx/krebs-pages.nix
deleted file mode 100644
index 4dd643db7..000000000
--- a/tv/2configs/nginx/krebs-pages.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, pkgs, ... }:
-{
- services.nginx = {
- virtualHosts.krebs-pages = {
- serverAliases = [
- "krebs.${config.krebs.build.host.name}.r"
- ];
- extraConfig = ''
- root ${pkgs.krebs-pages};
- '';
- };
- };
-}
diff --git a/tv/2configs/nginx/lib b/tv/2configs/nginx/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/nginx/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix
index 43d7189ef..c2403cd8d 100644
--- a/tv/2configs/nginx/public_html.nix
+++ b/tv/2configs/nginx/public_html.nix
@@ -1,8 +1,5 @@
-{ config, lib, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, ... }: {
services.nginx = {
enable = true;
virtualHosts.default = {
diff --git a/tv/2configs/pki/default.nix b/tv/2configs/pki/default.nix
index 51a5c716f..415755b16 100644
--- a/tv/2configs/pki/default.nix
+++ b/tv/2configs/pki/default.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
certFile = config.environment.etc."ssl/certs/ca-certificates.crt".source;
diff --git a/tv/2configs/pki/lib b/tv/2configs/pki/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/pki/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix
index c801401b2..24d2831c4 100644
--- a/tv/2configs/ppp.nix
+++ b/tv/2configs/ppp.nix
@@ -1,5 +1,5 @@
+with import ./lib;
{ config, pkgs, ... }: let
- lib = import <stockholm/lib>;
cfg = {
pin = "@${toString <secrets/o2.pin>}";
ttys.ppp = "/dev/ttyACM0";
diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix
index 513a0eb17..7a07e8154 100644
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@@ -1,7 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
+with import ./lib;
+{ config, pkgs, ... }: let
pkg = pkgs.pulseaudio;
runDir = "/run/pulse";
diff --git a/tv/2configs/repo-sync/lib b/tv/2configs/repo-sync/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/repo-sync/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/repo-sync/wiki.nix b/tv/2configs/repo-sync/wiki.nix
index 913439906..515e731c4 100644
--- a/tv/2configs/repo-sync/wiki.nix
+++ b/tv/2configs/repo-sync/wiki.nix
@@ -1,6 +1,5 @@
-{ config, pkgs, ... }: let
- lib = import <stockholm/lib>;
-in {
+with import ./lib;
+{ config, pkgs, ... }: {
krebs.repo-sync.enable = true;
krebs.repo-sync.repos.wiki.branches.hotdog = {
origin.url = "http://cgit.hotdog.r/wiki";
diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix
index 3c3b2adf0..de77de381 100644
--- a/tv/2configs/retiolum.nix
+++ b/tv/2configs/retiolum.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
krebs.tinc.retiolum = {
enable = true;
connectTo = filter (ne config.krebs.build.host.name) [
diff --git a/tv/2configs/ssh.nix b/tv/2configs/ssh.nix
index 84d247362..ad828813d 100644
--- a/tv/2configs/ssh.nix
+++ b/tv/2configs/ssh.nix
@@ -1,8 +1,5 @@
-{ config, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
# Override NixOS's "Allow DSA keys for now."
environment.etc."ssh/ssh_config".text = mkForce ''
AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
diff --git a/tv/2configs/sshd.nix b/tv/2configs/sshd.nix
index 79af5b01f..4da8c8216 100644
--- a/tv/2configs/sshd.nix
+++ b/tv/2configs/sshd.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, ... }: let
cfg.host = config.krebs.build.host;
in {
diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index 619b04459..7ba364ff3 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
exec = filename: args: url: {
inherit url;
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index fed74c921..b8819ee36 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -1,7 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let {
+with import ./lib;
+{ config, pkgs, ... }: let {
body = {
environment.systemPackages = [
vim-wrapper
@@ -13,7 +11,7 @@ let {
environment.variables.VIMINIT = ":so /etc/vimrc";
};
- extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
+ extra-runtimepath = pkgs.tv.vim.makeRuntimePath [
pkgs.tv.vimPlugins.elixir
pkgs.tv.vimPlugins.file-line
pkgs.tv.vimPlugins.fzf
@@ -79,6 +77,7 @@ let {
set showmatch
set timeoutlen=0
set ttimeoutlen=0
+ set ttymouse=sgr
set undodir=${dirs.undodir}
set undofile
set undolevels=1000000
diff --git a/tv/2configs/xdg.nix b/tv/2configs/xdg.nix
index 18bac9b38..b7c14af5a 100644
--- a/tv/2configs/xdg.nix
+++ b/tv/2configs/xdg.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
systemd.tmpfiles.rules = let
diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix
index a97fb3679..51fd1ae8c 100644
--- a/tv/2configs/xp-332.nix
+++ b/tv/2configs/xp-332.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
environment.etc."utsushi.conf".text = ''
diff --git a/tv/2configs/xserver/Xmodmap.nix b/tv/2configs/xserver/Xmodmap.nix
index 8e8e3dfdd..8e555e927 100644
--- a/tv/2configs/xserver/Xmodmap.nix
+++ b/tv/2configs/xserver/Xmodmap.nix
@@ -1,6 +1,6 @@
{ config, pkgs, ... }:
-with import <stockholm/lib>;
+with import ./lib;
pkgs.writeText "Xmodmap" ''
!keycode 66 = Caps_Lock
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 8bedb0e81..f534b557e 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -1,6 +1,5 @@
-{ config, pkgs, ... }@args:
-with import <stockholm/lib>;
-let
+with import ./lib;
+{ config, pkgs, ... }@args: let
cfg = {
cacheDir = cfg.dataDir;
configDir = "/var/empty";
diff --git a/tv/2configs/xserver/lib b/tv/2configs/xserver/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/xserver/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/xserver/sxiv.nix b/tv/2configs/xserver/sxiv.nix
index 10e450da4..eb862f887 100644
--- a/tv/2configs/xserver/sxiv.nix
+++ b/tv/2configs/xserver/sxiv.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
cfg.user = config.krebs.build.user;
in {
diff --git a/tv/2configs/xserver/urxvt.nix b/tv/2configs/xserver/urxvt.nix
index 2d504e165..3502c6356 100644
--- a/tv/2configs/xserver/urxvt.nix
+++ b/tv/2configs/xserver/urxvt.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
cfg.user = config.krebs.build.user;
in {
diff --git a/tv/2configs/xserver/xserver.conf.nix b/tv/2configs/xserver/xserver.conf.nix
index 99038e5fc..3fdfebf1b 100644
--- a/tv/2configs/xserver/xserver.conf.nix
+++ b/tv/2configs/xserver/xserver.conf.nix
@@ -1,6 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
+with import ./lib;
+{ config, pkgs, ... }:
let
cfg = config.services.xserver;
diff --git a/tv/3modules/Xresources.nix b/tv/3modules/Xresources.nix
index ab233dd65..266531de9 100644
--- a/tv/3modules/Xresources.nix
+++ b/tv/3modules/Xresources.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
cfg = {
enable = config.services.xserver.enable && config.tv.Xresources != {};
diff --git a/tv/3modules/charybdis/config.nix b/tv/3modules/charybdis/config.nix
index dccbfde67..4669345eb 100644
--- a/tv/3modules/charybdis/config.nix
+++ b/tv/3modules/charybdis/config.nix
@@ -1,4 +1,4 @@
-{ config, ... }: with import <stockholm/lib>; let
+{ config, ... }: with import ./lib; let
cfg = config.tv.charybdis;
in toFile "charybdis.conf" ''
/* doc/example.conf - brief example configuration file
diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix
index 96aae702a..4a0f99503 100644
--- a/tv/3modules/charybdis/default.nix
+++ b/tv/3modules/charybdis/default.nix
@@ -1,4 +1,5 @@
-{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
+with import ./lib;
+{ config, pkgs, ... }@args: let
cfg = config.tv.charybdis;
in {
options.tv.charybdis = {
diff --git a/tv/3modules/charybdis/lib b/tv/3modules/charybdis/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/3modules/charybdis/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/3modules/dnsmasq.nix b/tv/3modules/dnsmasq.nix
index ab24ac089..e1dfdea34 100644
--- a/tv/3modules/dnsmasq.nix
+++ b/tv/3modules/dnsmasq.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, ... }: let
cfg = config.tv.dnsmasq;
in {
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index edc5296b0..e3a41a57b 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -1,5 +1,5 @@
-{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
-
+with import ./lib;
+{ config, pkgs, ... }: let
cfg = config.tv.ejabberd;
gen-dhparam = pkgs.writeDash "gen-dhparam" ''
diff --git a/tv/3modules/ejabberd/lib b/tv/3modules/ejabberd/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/3modules/ejabberd/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/3modules/focus.nix b/tv/3modules/focus.nix
index b1a7b2e52..c16d44243 100644
--- a/tv/3modules/focus.nix
+++ b/tv/3modules/focus.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{
options.tv.focus.enable = mkEnableOption "tv.focus";
}
diff --git a/tv/3modules/hosts.nix b/tv/3modules/hosts.nix
index 118740510..2d382e266 100644
--- a/tv/3modules/hosts.nix
+++ b/tv/3modules/hosts.nix
@@ -1,8 +1,5 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, ... }: {
options.tv.hosts = mkOption {
type = types.attrsOf types.host;
default =
diff --git a/tv/3modules/hw.nix b/tv/3modules/hw.nix
index 6eb722d2f..db1a77c85 100644
--- a/tv/3modules/hw.nix
+++ b/tv/3modules/hw.nix
@@ -1,5 +1,5 @@
+with import ./lib;
let
- lib = import <stockholm/lib>;
local.types.screen = lib.types.submodule {
options.width = lib.mkOption {
type = lib.types.uint;
diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix
index e98a57327..76a61b191 100644
--- a/tv/3modules/im.nix
+++ b/tv/3modules/im.nix
@@ -1,6 +1,6 @@
+with import ./lib;
{ config, pkgs, ... }: let
im = config.tv.im;
- lib = import <stockholm/lib>;
in {
options = {
tv.im.client.enable = lib.mkEnableOption "tv.im.client" // {
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix
index 9cf0bd5a2..c4bf4644d 100644
--- a/tv/3modules/iptables.nix
+++ b/tv/3modules/iptables.nix
@@ -1,7 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let {
+with import ./lib;
+{ config, pkgs, ... }: let {
cfg = config.tv.iptables;
body = {
diff --git a/tv/3modules/lib b/tv/3modules/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/3modules/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/3modules/org.freedesktop.machine1.host-shell.nix b/tv/3modules/org.freedesktop.machine1.host-shell.nix
index e1a5323d6..7d31edf9d 100644
--- a/tv/3modules/org.freedesktop.machine1.host-shell.nix
+++ b/tv/3modules/org.freedesktop.machine1.host-shell.nix
@@ -1,4 +1,5 @@
-{ config, ... }: let lib = import ../../lib; in {
+with import ./lib;
+{ config, ... }: {
options.org.freedesktop.machine1.host-shell.access = lib.mkOption {
default = {};
type =
diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix
index 926adc8e0..a08303215 100644
--- a/tv/3modules/slock.nix
+++ b/tv/3modules/slock.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
cfg = config.tv.slock;
in {
diff --git a/tv/3modules/x0vncserver.nix b/tv/3modules/x0vncserver.nix
index 4dbb34df0..f19bfebcc 100644
--- a/tv/3modules/x0vncserver.nix
+++ b/tv/3modules/x0vncserver.nix
@@ -1,8 +1,6 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
-
cfg = config.tv.x0vncserver;
-
in {
options.tv.x0vncserver = {
display = mkOption {
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index 5a018a166..245d0542b 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -1,4 +1,4 @@
-with import ../../lib;
+with import ./lib;
let
pushBack = x: xs:
if elem x xs then
@@ -14,7 +14,6 @@ fix
(foldl' (flip extends) (_: super)
(map
(name: import (./. + "/${name}"))
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (pushBack "override"
- (attrNames (readDir ./.))))))
+ (pushBack "override"
+ (attrNames
+ (filterAttrs isNixDirEntry (readDir ./.))))))
diff --git a/tv/5pkgs/haskell/default.nix b/tv/5pkgs/haskell/default.nix
index 33fd2506a..f05223d72 100644
--- a/tv/5pkgs/haskell/default.nix
+++ b/tv/5pkgs/haskell/default.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
let
overrides = self: super:
mapNixDir (path: self.callPackage path {}) [
diff --git a/tv/5pkgs/haskell/lib b/tv/5pkgs/haskell/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/haskell/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/haskell/xmonad-tv/default.nix b/tv/5pkgs/haskell/xmonad-tv/default.nix
index edb5f258e..be3eca982 100644
--- a/tv/5pkgs/haskell/xmonad-tv/default.nix
+++ b/tv/5pkgs/haskell/xmonad-tv/default.nix
@@ -1,6 +1,6 @@
{ mkDerivation, aeson, base, bytestring, containers, directory
-, extra, lib, template-haskell, th-env, unix, X11, xmonad
-, xmonad-contrib, xmonad-stockholm
+, extra, filepath, lib, systemd, template-haskell, th-env
+, transformers, unix, X11, xmonad, xmonad-contrib
}:
mkDerivation {
pname = "xmonad-tv";
@@ -9,8 +9,8 @@ mkDerivation {
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
- aeson base bytestring containers directory extra template-haskell
- th-env unix X11 xmonad xmonad-contrib xmonad-stockholm
+ aeson base bytestring containers directory extra filepath systemd
+ template-haskell th-env transformers unix X11 xmonad xmonad-contrib
];
license = lib.licenses.mit;
}
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Build.hs b/tv/5pkgs/haskell/xmonad-tv/src/Build.hs
new file mode 100644
index 000000000..553a129b1
--- /dev/null
+++ b/tv/5pkgs/haskell/xmonad-tv/src/Build.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE TemplateHaskell #-}
+{-# LANGUAGE TypeApplications #-}
+
+module Build where
+
+import XMonad (Dimension)
+import THEnv.JSON (getCompileEnvJSONExp)
+
+
+myFont :: String
+myFont =
+ "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
+
+myScreenWidth :: Dimension
+myScreenWidth =
+ $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_SCREEN_WIDTH")
+
+myTermFontWidth :: Dimension
+myTermFontWidth =
+ $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_TERM_FONT_WIDTH")
+
+myTermPadding :: Dimension
+myTermPadding =
+ 2
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs b/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs
new file mode 100644
index 000000000..d4a4d93cf
--- /dev/null
+++ b/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs
@@ -0,0 +1,113 @@
+{-# LANGUAGE LambdaCase #-}
+
+module Shutdown
+ ( newShutdownEventHandler
+ , shutdown
+ )
+ where
+
+import Control.Applicative ((<|>), empty)
+import Control.Concurrent (threadDelay)
+import Control.Monad (forever, guard, when)
+import Data.Monoid (All(All))
+import System.Directory (XdgDirectory(XdgData), createDirectoryIfMissing, doesFileExist, getAppUserDataDirectory, getXdgDirectory)
+import System.Exit (exitSuccess)
+import System.Environment (lookupEnv)
+import System.FilePath ((</>))
+import System.IO.Error (isDoesNotExistError, tryIOError)
+import System.IO (hPutStrLn, stderr)
+import System.Posix.Process (getProcessID)
+import System.Posix.Signals (nullSignal, signalProcess)
+import System.Posix.Types (ProcessID)
+import XMonad hiding (getXMonadDataDir)
+
+
+-- XXX this is for compatibility with both xmonad<0.17 and xmonad>=0.17
+getXMonadDataDir :: IO String
+getXMonadDataDir = xmEnvDir <|> xmDir <|> xdgDir
+ where
+ -- | Check for xmonad's environment variables first
+ xmEnvDir :: IO String
+ xmEnvDir =
+ maybe empty pure =<< lookupEnv "XMONAD_DATA_DIR"
+
+ -- | Check whether the config file or a build script is in the
+ -- @~\/.xmonad@ directory
+ xmDir :: IO String
+ xmDir = do
+ d <- getAppUserDataDirectory "xmonad"
+ conf <- doesFileExist $ d </> "xmonad.hs"
+ build <- doesFileExist $ d </> "build"
+ pid <- doesFileExist $ d </> "xmonad.pid"
+
+ -- Place *everything* in ~/.xmonad if yes
+ guard $ conf || build || pid
+ pure d
+
+ -- | Use XDG directories as a fallback
+ xdgDir :: IO String
+ xdgDir = do
+ d <- getXdgDirectory XdgData "xmonad"
+ d <$ createDirectoryIfMissing True d
+
+
+newShutdownEventHandler :: IO (Event -> X All)
+newShutdownEventHandler = do
+ writeProcessIDToFile
+ return handleShutdownEvent
+
+handleShutdownEvent :: Event -> X All
+handleShutdownEvent = \case
+ ClientMessageEvent { ev_message_type = mt } -> do
+ isShutdownEvent <- (mt ==) <$> getAtom "XMONAD_SHUTDOWN"
+ when isShutdownEvent $ do
+ broadcastMessage ReleaseResources
+ writeStateToFile
+ io exitSuccess >> return ()
+ return (All (not isShutdownEvent))
+ _ ->
+ return (All True)
+
+sendShutdownEvent :: IO ()
+sendShutdownEvent = do
+ dpy <- openDisplay ""
+ rw <- rootWindow dpy $ defaultScreen dpy
+ a <- internAtom dpy "XMONAD_SHUTDOWN" False
+ allocaXEvent $ \e -> do
+ setEventType e clientMessage
+ setClientMessageEvent e rw a 32 0 currentTime
+ sendEvent dpy rw False structureNotifyMask e
+ sync dpy False
+
+shutdown :: IO ()
+shutdown = do
+ pid <- readProcessIDFromFile
+ sendShutdownEvent
+ hPutStrLn stderr ("waiting for: " <> show pid)
+ result <- tryIOError (waitProcess pid)
+ if isSuccess result
+ then hPutStrLn stderr ("result: " <> show result <> " [AKA success^_^]")
+ else hPutStrLn stderr ("result: " <> show result)
+ where
+ isSuccess = either isDoesNotExistError (const False)
+
+waitProcess :: ProcessID -> IO ()
+waitProcess pid = forever (signalProcess nullSignal pid >> threadDelay 10000)
+
+--
+-- PID file stuff
+--
+
+getProcessIDFileName :: IO FilePath
+getProcessIDFileName = (</> "xmonad.pid") <$> getXMonadDataDir
+
+writeProcessIDToFile :: IO ()
+writeProcessIDToFile = do
+ pidFileName <- getProcessIDFileName
+ pid <- getProcessID
+ writeFile pidFileName (show pid)
+
+readProcessIDFromFile :: IO ProcessID
+readProcessIDFromFile = do
+ pidFileName <- getProcessIDFileName
+ read <$> readFile pidFileName
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs
index 81373f410..c921d428b 100644
--- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs
+++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs
@@ -1,6 +1,4 @@
{-# LANGUAGE LambdaCase #-}
-{-# LANGUAGE TemplateHaskell #-}
-{-# LANGUAGE TypeApplications #-}
module Main (main) where
@@ -32,25 +30,9 @@ import Data.Ratio
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
-import XMonad.Stockholm.Pager
-import XMonad.Stockholm.Shutdown
+import Shutdown (shutdown, newShutdownEventHandler)
-import THEnv.JSON (getCompileEnvJSONExp)
-
-
-myFont :: String
-myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
-
-myScreenWidth :: Dimension
-myScreenWidth =
- $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_SCREEN_WIDTH")
-
-myTermFontWidth :: Dimension
-myTermFontWidth =
- $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_TERM_FONT_WIDTH")
-
-myTermPadding :: Dimension
-myTermPadding = 2
+import Build (myFont, myScreenWidth, myTermFontWidth, myTermPadding)
main :: IO ()
@@ -136,13 +118,6 @@ spawnRootTerm =
Nothing
-spawnTermAt :: String -> X ()
-spawnTermAt ws = do
- env <- io getEnvironment
- let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
- forkFile {-pkg:rxvt_unicode-}"urxvtc" [] (Just env')
-
-
myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
myKeys conf = Map.fromList $
[ ((_4 , xK_Escape ), forkFile {-pkg-}"slock" [] Nothing)
@@ -151,11 +126,9 @@ myKeys conf = Map.fromList $
, ((_4 , xK_o ), forkFile {-pkg:fzmenu-}"otpmenu" [] Nothing)
, ((_4 , xK_p ), forkFile {-pkg:fzmenu-}"passmenu" [] Nothing)
- , ((_4 , xK_x ), chooseAction spawnTermAt)
+ , ((_4 , xK_x ), forkFile {-pkg:rxvt_unicode-}"urxvtc" [] Nothing)
, ((_4C , xK_x ), spawnRootTerm)
- , ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
- , ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
, ((_C , xK_Menu ), toggleWS)
, ((_4 , xK_space ), withFocused $ \w -> ifM (isFloatingX w) xdeny $ sendMessage NextLayout)
@@ -233,23 +206,3 @@ xdeny =
, "-e", "sleep", "0.05"
]
Nothing
-
-
-pagerConfig :: PagerConfig
-pagerConfig = def
- { pc_font = myFont
- , pc_cellwidth = 64
- , pc_matchmethod = MatchPrefix
- , pc_windowColors = windowColors
- }
- where
- windowColors _ _ _ True _ = ("#ef4242","#ff2323")
- windowColors wsf m c u wf = do
- let y = defaultWindowColors wsf m c u wf
- if m == False && wf == True
- then ("#402020", snd y)
- else y
-
-
-allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
-allWorkspaceNames = return . map W.tag . W.workspaces
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
index f3bd2e0ab..a3ddcb039 100644
--- a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
+++ b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
@@ -15,14 +15,15 @@ executable xmonad
containers,
directory,
extra,
+ filepath,
template-haskell,
th-env,
unix,
X11,
xmonad,
- xmonad-contrib,
- xmonad-stockholm
+ xmonad-contrib
other-modules:
+ Shutdown,
THEnv.JSON
default-language: Haskell2010
ghc-options: -O2 -Wall -threaded
diff --git a/tv/5pkgs/lib b/tv/5pkgs/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix
index f719a9f69..87b7ce929 100644
--- a/tv/5pkgs/override/default.nix
+++ b/tv/5pkgs/override/default.nix
@@ -1,4 +1,4 @@
-with import ../../../lib;
+with import ./lib;
self: super:
mapNixDir (path: import path self super) ./.
diff --git a/tv/5pkgs/override/fzf/complete1.patch b/tv/5pkgs/override/fzf/complete1.patch
index 4b2126a2c..3e3f2c4d5 100644
--- a/tv/5pkgs/override/fzf/complete1.patch
+++ b/tv/5pkgs/override/fzf/complete1.patch
@@ -1,50 +1,72 @@
+commit 57cbd76c068121b685399fdb4649e7ba537983d6
+Author: tv <tv@krebsco.de>
+Date: Mon Dec 5 15:24:30 2022 +0100
+
+ Add --complete-1 option
+
+diff --git a/man/man1/fzf.1 b/man/man1/fzf.1
+index 79e7291..3b8a753 100644
+--- a/man/man1/fzf.1
++++ b/man/man1/fzf.1
+@@ -685,6 +685,9 @@ interactive finder and automatically select the only match
+ If there is no match for the initial query (\fB--query\fR), do not start
+ interactive finder and exit immediately
+ .TP
++.B "--complete-1"
++Exit interactive finder when there's exactly one match
++.TP
+ .BI "-f, --filter=" "STR"
+ Filter mode. Do not start interactive finder. When used with \fB--no-sort\fR,
+ fzf becomes a fuzzy-version of grep.
diff --git a/src/core.go b/src/core.go
-index a18c3a1..a3d92a4 100644
+index 2ddddc3..09afff2 100644
--- a/src/core.go
+++ b/src/core.go
-@@ -331,6 +331,13 @@ func Run(opts *Options, version string, revision string) {
+@@ -337,8 +337,14 @@ func Run(opts *Options, version string, revision string) {
+ }
+ determine(val.final)
}
- }
- terminal.UpdateList(val, clearSelection())
-+ if (opts.Complete1) {
-+ count := val.Length()
-+ if count == 1 {
++ } else {
++ if opts.Complete1 && val.Length() == 1 {
+ opts.Printer(val.Get(0).item.AsString(opts.Ansi))
+ terminal.reqBox.Set(reqClose, nil)
++ } else {
++ terminal.UpdateList(val, clearSelection())
+ }
-+ }
+ }
+- terminal.UpdateList(val, clearSelection())
}
}
}
diff --git a/src/options.go b/src/options.go
-index a55dc34..7f121cd 100644
+index 5400311..1e38fe4 100644
--- a/src/options.go
+++ b/src/options.go
-@@ -92,6 +92,7 @@ const usage = `usage: fzf [options]
- -1, --select-1 Automatically select the only match
- -0, --exit-0 Exit immediately when there's no match
- -f, --filter=STR Filter mode. Do not start interactive finder.
-+ --complete-1 Exit interactive finder when there's exactly one match
- --print-query Print query as the first line
- --expect=KEYS Comma-separated list of keys to complete fzf
- --read0 Read input delimited by ASCII NUL characters
-@@ -208,6 +209,7 @@ type Options struct {
- Query string
- Select1 bool
- Exit0 bool
-+ Complete1 bool
- Filter *string
- ToggleSort bool
- Expect map[tui.Event]string
-@@ -269,6 +271,7 @@ func defaultOptions() *Options {
- Query: "",
- Select1: false,
- Exit0: false,
-+ Complete1: false,
- Filter: nil,
- ToggleSort: false,
- Expect: make(map[tui.Event]string),
-@@ -1311,6 +1314,8 @@ func parseOptions(opts *Options, allArgs []string) {
+@@ -108,6 +108,7 @@ const usage = `usage: fzf [options]
+ -1, --select-1 Automatically select the only match
+ -0, --exit-0 Exit immediately when there's no match
+ -f, --filter=STR Filter mode. Do not start interactive finder.
++ --complete-1 Exit interactive finder when there's exactly one match
+ --print-query Print query as the first line
+ --expect=KEYS Comma-separated list of keys to complete fzf
+ --read0 Read input delimited by ASCII NUL characters
+@@ -274,6 +275,7 @@ type Options struct {
+ Query string
+ Select1 bool
+ Exit0 bool
++ Complete1 bool
+ Filter *string
+ ToggleSort bool
+ Expect map[tui.Event]string
+@@ -342,6 +344,7 @@ func defaultOptions() *Options {
+ Query: "",
+ Select1: false,
+ Exit0: false,
++ Complete1: false,
+ Filter: nil,
+ ToggleSort: false,
+ Expect: make(map[tui.Event]string),
+@@ -1546,6 +1549,8 @@ func parseOptions(opts *Options, allArgs []string) {
opts.Exit0 = true
case "+0", "--no-exit-0":
opts.Exit0 = false
diff --git a/tv/5pkgs/override/fzf/default.nix b/tv/5pkgs/override/fzf/default.nix
index 661db0ed5..2254d455a 100644
--- a/tv/5pkgs/override/fzf/default.nix
+++ b/tv/5pkgs/override/fzf/default.nix
@@ -1,9 +1,7 @@
self: super:
super.fzf.overrideAttrs (old: {
- # XXX cannot use `patches` because fzf has a custom patchPhase
- patchPhase = ''
- patch -Np1 < ${./complete1.patch}
- ${old.patchPhase or ""}
- '';
+ patches = old.patches or [] ++ [
+ ./complete1.patch
+ ];
})
diff --git a/tv/5pkgs/override/lib b/tv/5pkgs/override/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/override/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/rpi/default.nix b/tv/5pkgs/rpi/default.nix
index f0ac47f6a..e41d6373f 100644
--- a/tv/5pkgs/rpi/default.nix
+++ b/tv/5pkgs/rpi/default.nix
@@ -1,6 +1,4 @@
-let
- lib = import <stockholm/lib>;
-in
+with import ./lib;
self: super:
diff --git a/tv/5pkgs/rpi/lib b/tv/5pkgs/rpi/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/rpi/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/simple/alacritty-font-size.nix b/tv/5pkgs/simple/alacritty-font-size.nix
new file mode 100644
index 000000000..84bc3f616
--- /dev/null
+++ b/tv/5pkgs/simple/alacritty-font-size.nix
@@ -0,0 +1,67 @@
+{ pkgs }:
+
+pkgs.writeDashBin "font-size-alacritty" ''
+ # usage: font-size-alacritty (+N|-N|=N)
+ # Increase by, decrease by, or set font size to the value N.
+
+ set -efu
+
+ min_size=8
+
+ op=''${1%%[0-9]*}
+ op=''${op:-=}
+
+ value=''${1#[=+-]}
+
+ window_id=$(${pkgs.xdotool}/bin/xdotool getactivewindow)
+
+ current_size=$(
+ ${pkgs.xorg.xprop}/bin/xprop -notype -id $window_id FONT_SIZE |
+ ${pkgs.gnused}/bin/sed -rn 's/.* = ([0-9]+)$/\1/p'
+ )
+
+ # usage: set_font_size WINDOW_ID FONT_SIZE
+ set_font_size() {
+ ${pkgs.alacritty}/bin/alacritty msg config -w $1 font.size=$2
+ ${pkgs.xorg.xprop}/bin/xprop -id $1 -f FONT_SIZE 32c -set FONT_SIZE $2
+ }
+
+ # usage: reset_font_size WINDOW_ID
+ reset_font_size() {
+ ${pkgs.alacritty}/bin/alacritty msg config -w $1 font.size=$min_size
+ ${pkgs.xorg.xprop}/bin/xprop -id $1 -remove FONT_SIZE
+ }
+
+ # usage: make_next_size
+ make_next_size() {
+ case $op in
+ -) next_size=$(expr $current_size - $value) ;;
+ =) next_size=$value ;;
+ +)
+ next_size=$(expr $current_size + $value)
+ test $next_size -ge $min_size || next_size=$min_size
+ ;;
+ esac
+ }
+
+ if test -z "$current_size"; then
+ current_size=0
+ make_next_size
+ if test $next_size -ge $min_size; then
+ ${pkgs.alacritty}/bin/alacritty msg config -w $window_id \
+ font.normal.family='Input Mono' \
+ font.normal.style=Condensed \
+ font.bold.family='Input Mono' \
+ font.bold.style=Bold
+ set_font_size $window_id $next_size
+ fi
+ else
+ make_next_size
+ if test $next_size -ge $min_size; then
+ set_font_size $window_id $next_size
+ else
+ ${pkgs.alacritty}/bin/alacritty msg config -w $window_id -r
+ reset_font_size $window_id
+ fi
+ fi
+''
diff --git a/tv/5pkgs/simple/alacritty-tv.nix b/tv/5pkgs/simple/alacritty-tv.nix
new file mode 100644
index 000000000..d80c46cbb
--- /dev/null
+++ b/tv/5pkgs/simple/alacritty-tv.nix
@@ -0,0 +1,92 @@
+{ pkgs }:
+
+let
+ lib = import ./lib;
+ font-size = arg: {
+ program = "${pkgs.font-size-alacritty}/bin/font-size-alacritty";
+ args = [arg];
+ };
+ config = {
+ bell.animation = "EaseOut";
+ bell.duration = 50;
+ bell.color = "#ff00ff";
+ colors.cursor.cursor = "#f042b0";
+ colors.primary.background = "#202020";
+ colors.primary.foreground = "#d0d7d0";
+ colors.normal.black = "#000000";
+ colors.normal.red = "#cd0000";
+ colors.normal.green = "#00cd00";
+ colors.normal.yellow = "#bc7004";
+ colors.normal.blue = "#4343be";
+ colors.normal.magenta = "#cb06cb";
+ colors.normal.cyan = "#04c9c9";
+ colors.normal.white = "#bebebe";
+ colors.bright.black = "#727272";
+ colors.bright.red = "#fb6262";
+ colors.bright.green = "#72fb72";
+ colors.bright.yellow = "#fbfb72";
+ colors.bright.blue = "#7272fb";
+ colors.bright.magenta = "#fb53fb";
+ colors.bright.cyan = "#72fbfb";
+ colors.bright.white = "#fbfbfb";
+ draw_bold_text_with_bright_colors = true;
+ font.normal.family = "Clean";
+ font.bold.family = "Clean";
+ font.bold.style = "Regular";
+ font.size = 10;
+ hints.enabled = [
+ {
+ regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\\u0000-\\u001F\\u007F-\\u009F<>\"\\s{-}\\^⟨⟩`]+";
+ mouse.enabled = true;
+ post_processing = true;
+ action = "Select";
+ }
+ ];
+ key_bindings = [
+ { key = "Up"; mods = "Shift|Control"; command = font-size "=14"; }
+ { key = "Up"; mods = "Control"; command = font-size "+1"; }
+ { key = "Down"; mods = "Control"; command = font-size "-1"; }
+ { key = "Down"; mods = "Shift|Control"; command = font-size "=0"; }
+ ];
+ scrolling.multiplier = 8;
+ };
+ config-file = pkgs.writeJSON "alacritty-tv.json" config;
+in
+
+pkgs.symlinkJoin {
+ name = "alacritty-tv";
+ paths = [
+ (pkgs.writeDashBin "alacritty" ''
+ # usage:
+ # alacritty [--singleton] [ARGS...]
+
+ set -efu
+
+ # Use home so Alacritty can find the configuration without arguments.
+ # HOME will be reset once in Alacritty.
+ HOME=$TMPDIR/Alacritty
+ export HOME
+
+ # Install stored configuration if it has changed.
+ # This allows for both declarative updates and runtime modifications.
+ ${pkgs.coreutils}/bin/mkdir -p "$HOME"
+ if test "$(${pkgs.coreutils}/bin/cat "$HOME"/ref)" != ${config-file}; then
+ echo ${config-file} > "$HOME"/ref
+ ${pkgs.coreutils}/bin/cp ${config-file} "$HOME"/.alacritty.yml
+ fi
+
+ case ''${1-} in
+ --singleton)
+ shift
+ if ! ${pkgs.alacritty}/bin/alacritty msg create-window "$@"; then
+ ${pkgs.alacritty}/bin/alacritty "$@" &
+ fi
+ ;;
+ *)
+ exec ${pkgs.alacritty}/bin/alacritty "$@"
+ ;;
+ esac
+ '')
+ pkgs.alacritty
+ ];
+}
diff --git a/tv/5pkgs/simple/bash-fzf-history.nix b/tv/5pkgs/simple/bash-fzf-history.nix
index 88a8e9e4a..1166ec7fd 100644
--- a/tv/5pkgs/simple/bash-fzf-history.nix
+++ b/tv/5pkgs/simple/bash-fzf-history.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ pkgs
, edit-key ? "ctrl-e"
diff --git a/tv/5pkgs/simple/default.nix b/tv/5pkgs/simple/default.nix
index 9fb45dd1a..82a19a9b1 100644
--- a/tv/5pkgs/simple/default.nix
+++ b/tv/5pkgs/simple/default.nix
@@ -1,4 +1,4 @@
-with import ../../../lib;
+with import ./lib;
self: super:
diff --git a/tv/5pkgs/simple/imagescan-plugin-networkscan.nix b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix
index c3f2deaca..4f9b84b22 100644
--- a/tv/5pkgs/simple/imagescan-plugin-networkscan.nix
+++ b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix
@@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
preFixup = ''
patchelf --set-interpreter \
- ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \
+ ${pkgs.pkgsi686Linux.glibc}/lib/ld-linux-x86-64.so.2 \
$out/lib/utsushi/networkscan
# libstdc++.so.6
diff --git a/tv/5pkgs/simple/lib b/tv/5pkgs/simple/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/simple/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/simple/pinentry-urxvt/default.nix b/tv/5pkgs/simple/pinentry-urxvt/default.nix
index 65b76c077..ad8039ff2 100644
--- a/tv/5pkgs/simple/pinentry-urxvt/default.nix
+++ b/tv/5pkgs/simple/pinentry-urxvt/default.nix
@@ -1,8 +1,7 @@
+with import ./lib;
{ pkgs, ... }@args:
let
- lib = import <stockholm/lib>;
-
# config cannot be declared in the input attribute set because that would
# cause callPackage to inject the wrong config. Instead, get it from ...
# via args.
@@ -20,7 +19,11 @@ let
type = lib.types.str;
};
display = lib.mkOption {
- default = ":0";
+ default = null;
+ type = lib.types.nullOr lib.types.str;
+ };
+ xwud.className = lib.mkOption {
+ default = "PinentryUrxvtXwudFloat";
type = lib.types.str;
};
};
@@ -30,12 +33,77 @@ let
in
+ # pinentry-urxvt - A mechanism for PIN entry utilizing rxvt-unicode
+ #
+ # This spawns a PIN entry terminal on top of a tinted screenshot of the
+ # current display's root window. The display for spawning the terminal can
+ # be predefined, in which case both the current and the predefined display
+ # will show the screenshot.
+ #
+ # The purpose of the screenshot, aside from looking nice, is to prevent entry
+ # of the PIN into the wrong window, e.g. by accidentally moving the cursor
+ # while typing. If necessary, the screenshot can be closed by sending 'q',
+ # 'Q', or ctrl-c while its focused.
+ #
pkgs.write "pinentry-urxvt" {
"/bin/pinentry".link = pkgs.writeDash "pinentry-urxvt-wrapper" ''
set -efu
+
+ trap cleanup EXIT
+
+ cleanup() {
+ ${pkgs.utillinux}/bin/kill -- $(${pkgs.coreutils}/bin/cat "$displayers")
+ rm "$displayers"
+ rm "$screenshot"
+ }
+
+ displayers=$(${pkgs.coreutils}/bin/mktemp -t pinentry-urxvt.$$.displayers.XXXXXXXX)
+ screenshot=$(${pkgs.coreutils}/bin/mktemp -t pinentry-urxvt.$$.screenshot.XXXXXXXX)
+
+ ${pkgs.xorg.xwd}/bin/xwd -root |
+ ${pkgs.imagemagick}/bin/convert xwd:- -fill \#424242 -colorize 80% xwd:"$screenshot"
+
+ display_screenshot() {
+ ${pkgs.exec "pinentry-urxvt.display_screenshot" {
+ filename = "${pkgs.xorg.xwud}/bin/xwud";
+ argv = [
+ cfg.xwud.className
+ "-noclick"
+ ];
+ }} < "$screenshot" &
+ wait_for_screenshot $! && echo $! >>"$displayers"
+ }
+
+ # Wait for the xwud window by trying to intercept the call to munmap().
+ # If it cannot be intercepted within 0.1s, assume that attaching strace
+ # wasn't fast enough or xwud doesn't call munmap() anymore. In either
+ # case fall back to search the window by class name, assuming there can
+ # be only one per display.
+ wait_for_screenshot() {
+ if ! \
+ ${pkgs.coreutils}/bin/timeout 0.1 \
+ ${pkgs.strace}/bin/strace -p "$1" -e munmap 2>&1 |
+ read -r _
+ then
+ until ${pkgs.xdotool}/bin/xdotool search \
+ --classname ${lib.shell.escape cfg.xwud.className}
+ do
+ ${pkgs.coreutils}/bin/sleep 0.1
+ done
+ fi
+ }
+
+ display_screenshot
+
+ ${lib.optionalString (cfg.display != null) /* sh */ ''
+ if test "$DISPLAY" != ${lib.shell.escape cfg.display}; then
+ export DISPLAY=${lib.shell.escape cfg.display}
+ display_screenshot
+ fi
+ ''}
+
exec 3<&0 4>&1 5>&2
- export DISPLAY=${lib.shell.escape cfg.display}
- exec ${pkgs.rxvt_unicode}/bin/urxvt \
+ ${pkgs.rxvt_unicode}/bin/urxvt \
-name ${lib.shell.escape cfg.appName} \
-e ${pkgs.writeDash "pinentry-urxvt-tty" ''
set -efu
diff --git a/tv/5pkgs/simple/pinentry-urxvt/lib b/tv/5pkgs/simple/pinentry-urxvt/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/simple/pinentry-urxvt/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix
index e17282e17..2ae71db52 100644
--- a/tv/5pkgs/simple/q/default.nix
+++ b/tv/5pkgs/simple/q/default.nix
@@ -1,5 +1,5 @@
-{ pkgs, ... }:
-with import <stockholm/lib>;
+with import ./lib;
+{ pkgs }:
let
q-cal = let
diff --git a/tv/5pkgs/simple/q/lib b/tv/5pkgs/simple/q/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/simple/q/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/vim/default.nix b/tv/5pkgs/vim/default.nix
index 5582be3fd..c143592ad 100644
--- a/tv/5pkgs/vim/default.nix
+++ b/tv/5pkgs/vim/default.nix
@@ -1,7 +1,11 @@
-with import <stockholm/lib>;
+with import ./lib;
self: super: {
tv = super.tv // {
+ vim = {
+ makePlugin = outPath: outPath // { inherit outPath; };
+ makeRuntimePath = concatMapStringsSep "," (getAttr "outPath");
+ };
vimPlugins = mapNixDir (path: self.callPackage path {}) ./.;
};
}
diff --git a/tv/5pkgs/vim/hack.nix b/tv/5pkgs/vim/hack.nix
index 2145cc166..922d85ba2 100644
--- a/tv/5pkgs/vim/hack.nix
+++ b/tv/5pkgs/vim/hack.nix
@@ -1,7 +1,7 @@
-with import <stockholm/lib>;
+with import ./lib;
{ pkgs }:
-(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let
name = "hack";
in {
name = "vim-color-${name}-1.0.2";
diff --git a/tv/5pkgs/vim/lib b/tv/5pkgs/vim/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/vim/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/vim/nix.nix b/tv/5pkgs/vim/nix.nix
index 6715af737..43caf46c2 100644
--- a/tv/5pkgs/vim/nix.nix
+++ b/tv/5pkgs/vim/nix.nix
@@ -1,7 +1,7 @@
-with import <stockholm/lib>;
+with import ./lib;
{ pkgs }:
-(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" {
+pkgs.tv.vim.makePlugin (pkgs.write "vim-syntax-nix-nested" {
"/syntax/haskell.vim".text = ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
diff --git a/tv/5pkgs/vim/showsyntax.nix b/tv/5pkgs/vim/showsyntax.nix
index a5547e46a..c27dd0447 100644
--- a/tv/5pkgs/vim/showsyntax.nix
+++ b/tv/5pkgs/vim/showsyntax.nix
@@ -1,6 +1,6 @@
{ pkgs }:
-(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let
name = "showsyntax";
in {
name = "vim-plugin-${name}-1.0.0";
diff --git a/tv/5pkgs/vim/tv.nix b/tv/5pkgs/vim/tv.nix
index ae6245b87..dee6b2df8 100644
--- a/tv/5pkgs/vim/tv.nix
+++ b/tv/5pkgs/vim/tv.nix
@@ -1,6 +1,6 @@
{ pkgs }:
-(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" {
+pkgs.tv.vim.makePlugin (pkgs.write "vim-tv" {
#
# Haskell
#
diff --git a/tv/5pkgs/vim/vim.nix b/tv/5pkgs/vim/vim.nix
index 216ab6abb..c5693a243 100644
--- a/tv/5pkgs/vim/vim.nix
+++ b/tv/5pkgs/vim/vim.nix
@@ -1,7 +1,7 @@
-with import <stockholm/lib>;
+with import ./lib;
{ pkgs }:
-(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let
name = "vim";
in {
name = "vim-syntax-${name}-1.0.0";
diff --git a/tv/lib b/tv/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 06:57:55 +0000
[cgit] Unable to lock slot /tmp/cgit/71100000.lock: No such file or directory (2)