diff options
53 files changed, 882 insertions, 567 deletions
@@ -16,6 +16,6 @@ let ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts; build = host: owner: - ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";}); + ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";}); in mapAttrs (n: h: build n h.owner.name) ci-systems diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 914b38051..ec8830711 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -161,6 +161,7 @@ in users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.ulrich.pubkey + config.krebs.users.raute.pubkey config.krebs.users.makefu-omo.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix index dc2838cae..862c9b991 100644 --- a/krebs/2configs/reaktor-krebs.nix +++ b/krebs/2configs/reaktor-krebs.nix @@ -14,12 +14,8 @@ with import <stockholm/lib>; }; plugins = with pkgs.ReaktorPlugins; [ sed-plugin - task-add - task-delete - task-done - task-list ] ++ - (attrValues (todo "agenda")) + (attrValues (task "agenda")) ; }; krebs.secret.files.nix-serve-key = { diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix index 824f59d09..69fc4b202 100644 --- a/krebs/2configs/reaktor-retiolum.nix +++ b/krebs/2configs/reaktor-retiolum.nix @@ -10,12 +10,8 @@ with import <stockholm/lib>; }; plugins = with pkgs.ReaktorPlugins; [ sed-plugin - task-add - task-delete - task-done - task-list ] ++ - (attrValues (todo "agenda")) + (attrValues (task "agenda")) ; }; } diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 39922e2ee..a7ec0e158 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -8,31 +8,151 @@ with import <stockholm/lib>; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill.ip6.addr = + (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }); + ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); + tinc-for = name: builtins.readFile (./tinc + "/${name}.pub"); in { hosts = mapAttrs hostDefaults { - sokrateslaptop = { - owner = config.krebs.users.sokratess; - nets = { + dpdkm = { + owner = config.krebs.users.Mic92; + nets = rec { retiolum = { - ip4.addr = "10.243.142.104"; - aliases = [ - "sokrateslaptop.r" + ip4.addr = "10.243.29.173"; + aliases = [ "dpdkm.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj + NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp + qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP + X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn + f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa + bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL + Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T + B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w + tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n + dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls + mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eddie = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eddie.thalheim.io + ip4.addr = "129.215.197.11"; + aliases = [ "eddie.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.eddie.nets.retiolum.ip4.addr + config.krebs.hosts.eddie.nets.retiolum.ip6.addr ]; + ip4.addr = "10.243.29.170"; + aliases = [ "eddie.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 - t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ - rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW - egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 - aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V - VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.subnets = [ + # edinburgh university + "129.215.0.0/16" + ]; + }; + }; + }; + eve = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eve.thalheim.io + ip4.addr = "188.68.39.17"; + ip6.addr = "2a03:4000:13:31e::1"; + aliases = [ "eve.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.eve.nets.retiolum.ip4.addr + config.krebs.hosts.eve.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.174"; + aliases = [ "eve.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH + XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 + 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk + 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI + +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 + dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW + pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP + c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi + YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI + 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 + Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== -----END RSA PUBLIC KEY----- ''; }; }; }; + homeros = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.1"; + aliases = [ + "homeros.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd + ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc + 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v + RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd + vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 + +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc + QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm + fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh + VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 + k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX + gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N + mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + justraute = { + owner = config.krebs.users.raute; # laptop + nets = { + retiolum = { + ip4.addr = "10.243.183.231"; + aliases = [ + "justraute.r" + ]; + tinc.pubkey = tinc-for "justraute"; + }; + }; + }; kruck = { owner = config.krebs.users.palo; nets = { @@ -59,6 +179,55 @@ in { }; }; }; + qubasa = { + owner = config.krebs.users.qubasa; + nets = { + retiolum = { + ip4.addr = "10.243.29.175"; + aliases = [ "qubasa.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ioASTOx6Vndp316u89Z + f+9WgfyVGw9deP2pQjoHnsPjBqRrsDCQGFO/U1ILQn0AWskQpHWHRir7Q6cI90jm + 8MqqGVymVFbeYbrOLHLjp+2fle9iU9DfST4O76TQwF/3elLf3tpGFS8EB+qF3Ig7 + aVOf5TuHPWWj6VtGTuWW9I8MsPnNykyRstlWXEztIs2zQrc0cO1IGd1QVarDGqTs + KR4Zm7PvF7U193NzPLaH6jcdjF37FETLrNxAu88M+YnvXBp4oRHeJmvBloazpH0v + aSb3+vNRlViMSlf9ImpAHlFRyvYYDAWlIY0nyeNUJna1ImGloSStLtBAhFAwc65j + kmrXeK3TVAoGZQOvSbjFmI/nBgfHEOnz/9aRVHGUNoQ/nAM6UhALFEZV6sdjX6W4 + 3p670DEO5fiI3fqqErkscbv8zSEjfmxV4YGMXVMw8Ub87fGwQEF17uDLeqD0k9AB + 7umwrWP53YffauAqinma0I6RcLRVRfJ2vhyBH1mKwAAW55WU6DpBTydy46kxy/Oz + k9Cnxw7oMydUAAdnf5Axgs+dcx43lnXvGsoHi4lZycYhqtPe2YI152HAbGfmrixV + Slzh8aiinBkLYW2VzJNTRmHvB3njjeua4/guXwe00G7MIs3UDMIieJNcVxb+E07v + vF2rqhqU9b+1MQRhIPsBf4cCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + rock = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + aliases = [ "rock.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM + DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 + HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh + mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf + Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M + Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD + 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 + fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv + 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav + ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q + cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; scardanelli = { owner = config.krebs.users.kmein; nets = { @@ -86,33 +255,40 @@ in { }; }; }; - homeros = { - owner = config.krebs.users.kmein; + sokrateslaptop = { + owner = config.krebs.users.sokratess; nets = { retiolum = { - ip4.addr = "10.243.2.1"; + ip4.addr = "10.243.142.104"; aliases = [ - "homeros.r" + "sokrateslaptop.r" ]; tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd - ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc - 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v - RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd - vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 - +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc - QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm - fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh - VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 - k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX - gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N - mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== - -----END PUBLIC KEY----- + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 + t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ + rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW + egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 + aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V + VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB + -----END RSA PUBLIC KEY----- ''; }; }; }; + tpsw = { + cores = 2; + owner = config.krebs.users.ciko; # main laptop + nets = { + retiolum = { + ip4.addr = "10.243.183.236"; + aliases = [ + "tpsw.r" + ]; + tinc.pubkey = tinc-for "tpsw"; + }; + }; + }; turingmachine = { owner = config.krebs.users.Mic92; nets = { @@ -139,68 +315,6 @@ in { }; }; }; - eddie = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - # eddie.thalheim.io - ip4.addr = "129.215.197.11"; - aliases = [ "eddie.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.eddie.nets.retiolum.ip4.addr - config.krebs.hosts.eddie.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.170"; - aliases = [ "eddie.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d - j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm - 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF - 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua - KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq - iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t - 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD - kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u - hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay - pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ - lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.subnets = [ - # edinburgh university - "129.215.0.0/16" - ]; - }; - }; - }; - rock = { - owner = config.krebs.users.Mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.171"; - aliases = [ "rock.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM - DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 - HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh - mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf - Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M - Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD - 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 - fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv - 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav - ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q - cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; inspector = { owner = config.krebs.users.Mic92; nets = rec { @@ -230,105 +344,75 @@ in { }; }; }; - dpdkm = { + matchbox = { owner = config.krebs.users.Mic92; - nets = rec { + nets = { retiolum = { - ip4.addr = "10.243.29.173"; - aliases = [ "dpdkm.r" ]; + ip4.addr = "10.243.29.176"; + aliases = [ "matchbox.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj - NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp - qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP - X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn - f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa - bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL - Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T - B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w - tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n - dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls - mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== + MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m + VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w + nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u + TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE + TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 + yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO + 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 + Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ + bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 + nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR + /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== -----END RSA PUBLIC KEY----- ''; }; }; }; - eve = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - # eve.thalheim.io - ip4.addr = "188.68.39.17"; - ip6.addr = "2a03:4000:13:31e::1"; - aliases = [ "eve.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.eve.nets.retiolum.ip4.addr - config.krebs.hosts.eve.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.174"; - aliases = [ "eve.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH - XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 - 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk - 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI - +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 - dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW - pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP - c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi - YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI - 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 - Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - qubasa = { - owner = config.krebs.users.qubasa; + miaoski = { + owner = config.krebs.users.miaoski; nets = { - retiolum = { - ip4.addr = "10.243.29.175"; - aliases = [ "qubasa.r" ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ioASTOx6Vndp316u89Z - f+9WgfyVGw9deP2pQjoHnsPjBqRrsDCQGFO/U1ILQn0AWskQpHWHRir7Q6cI90jm - 8MqqGVymVFbeYbrOLHLjp+2fle9iU9DfST4O76TQwF/3elLf3tpGFS8EB+qF3Ig7 - aVOf5TuHPWWj6VtGTuWW9I8MsPnNykyRstlWXEztIs2zQrc0cO1IGd1QVarDGqTs - KR4Zm7PvF7U193NzPLaH6jcdjF37FETLrNxAu88M+YnvXBp4oRHeJmvBloazpH0v - aSb3+vNRlViMSlf9ImpAHlFRyvYYDAWlIY0nyeNUJna1ImGloSStLtBAhFAwc65j - kmrXeK3TVAoGZQOvSbjFmI/nBgfHEOnz/9aRVHGUNoQ/nAM6UhALFEZV6sdjX6W4 - 3p670DEO5fiI3fqqErkscbv8zSEjfmxV4YGMXVMw8Ub87fGwQEF17uDLeqD0k9AB - 7umwrWP53YffauAqinma0I6RcLRVRfJ2vhyBH1mKwAAW55WU6DpBTydy46kxy/Oz - k9Cnxw7oMydUAAdnf5Axgs+dcx43lnXvGsoHi4lZycYhqtPe2YI152HAbGfmrixV - Slzh8aiinBkLYW2VzJNTRmHvB3njjeua4/guXwe00G7MIs3UDMIieJNcVxb+E07v - vF2rqhqU9b+1MQRhIPsBf4cCAwEAAQ== - -----END PUBLIC KEY----- - ''; + wiregrill = { + aliases = [ "miaoski.w" ]; + wireguard = { + pubkey = "8haz9JX5nAMORzNy89VdHC1Z9XA94ogaZsY3d2Rfkl4="; + }; }; }; }; }; users = { - Mic92 = { - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; - mail = "joerg@higgsboson.tk"; + ciko = { + mail = "wieczorek.stefan@googlemail.com"; + }; + exco = { + mail = "dickbutt@excogitation.de"; + pubkey = ssh-for "exco"; }; kmein = { + mail = "kieran.meinhardt@gmail.com"; + pubkey = ssh-for "kmein"; }; - palo = { + Mic92 = { + mail = "joerg@higgsboson.tk"; + pubkey = ssh-for "Mic92"; }; - sokratess = { + palo = { }; qubasa = { mail = "luis.nixos@gmail.com"; }; + raute = { + mail = "macxylo@gmail.com"; + pubkey = ssh-for "raute"; + }; + sokratess = { + }; + ulrich = { + mail = "shackspace.de@myvdr.de"; + pubkey = ssh-for "ulrich"; + }; + miaoski = { + }; }; } diff --git a/krebs/3modules/external/ssh/Mic92.pub b/krebs/3modules/external/ssh/Mic92.pub new file mode 100644 index 000000000..600709c78 --- /dev/null +++ b/krebs/3modules/external/ssh/Mic92.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE diff --git a/krebs/3modules/makefu/ssh/exco.pub b/krebs/3modules/external/ssh/exco.pub index cab884c0c..cab884c0c 100644 --- a/krebs/3modules/makefu/ssh/exco.pub +++ b/krebs/3modules/external/ssh/exco.pub diff --git a/krebs/3modules/external/ssh/kmein.pub b/krebs/3modules/external/ssh/kmein.pub new file mode 100644 index 000000000..5711a2c1c --- /dev/null +++ b/krebs/3modules/external/ssh/kmein.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com diff --git a/krebs/3modules/external/ssh/raute.pub b/krebs/3modules/external/ssh/raute.pub new file mode 100644 index 000000000..69b4d3d10 --- /dev/null +++ b/krebs/3modules/external/ssh/raute.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH385gr3BAKJ92k1FaOLx2wFMgDFTmupOcww5g/bEAsO raute@wolf diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/external/ssh/ulrich.pub index 8ac69004c..8ac69004c 100644 --- a/krebs/3modules/makefu/ssh/ulrich.pub +++ b/krebs/3modules/external/ssh/ulrich.pub diff --git a/krebs/3modules/external/tinc/justraute.pub b/krebs/3modules/external/tinc/justraute.pub new file mode 100644 index 000000000..b4af349b7 --- /dev/null +++ b/krebs/3modules/external/tinc/justraute.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0FJ2Wh7y8lgXOLXR2VQh +BsERf4uoWQ2UZexxv5bo6H9aYmyc+pA7q9ScP+ljKIXHLG3RbskIDFJLfs2HHS2u +rCD3Pv71Ihx8fgmP7VdJktvFV8uBbDk2YF28Kd198ggEPL9ki1+LKzauTv0CCBcK +O78VgN8v+l42v+oQSFk30FBYCpvld39dv74etb4/T4zmn7H3RNH+gPU1T0dge4yu +xdlCk4TmNXWcw3cDvcCDDJFblH100IWRZ8enH4wHC5LvSKcYCqiiILsKAPuS8/J0 +cUePfRln1ZJDvR8AlO8ejRU7PC7550JbyqRbu0oAro2fLz7BOAJi6v8SbPU4GUaT +uFDwJsIqcRnnC8a7N4DouDyUUnTWdTtuDtl0R/I9SYY/u4MhgmFI8bribhwDMmdC +V7UM+023cC/mM9TqCPP0xdy3oiTXRyWk9aNEWep4box/VXmNsJ0hjeIi/W06eXBZ +0j5T3wKnuxSzktyhq8Jt4zJEuarBfwGBcxNf+3CHuKjfN7SAxmQZCRwS/2cPcNDS +HkApVsqTdOuLaXnoCJQyxvMQt70OCXmOs/bk0ZAcqNRJ+gYot1duplB+15+ro07j +3sLbwUMsfpC40CnHd3s1w74/5l1DAc9Mo4I5xX0QH7PCgVzJ9wEctonaItWzT/q4 +vElG9ULoGQb0prlJC35i738CAwEAAQ== +-----END PUBLIC KEY----- diff --git a/krebs/3modules/external/tinc/tpsw.pub b/krebs/3modules/external/tinc/tpsw.pub new file mode 100644 index 000000000..38b0cb293 --- /dev/null +++ b/krebs/3modules/external/tinc/tpsw.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ +Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML +WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl +OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM +0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd +pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 9d1d56ad3..630c14f18 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -91,7 +91,6 @@ in { }; wiregrill = { via = internet; - ip4.addr = "10.244.1.1"; ip6.addr = w6 "1"; aliases = [ "prism.w" @@ -99,7 +98,6 @@ in { wireguard = { pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; subnets = [ - "10.244.1.0/24" (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR ]; @@ -278,7 +276,7 @@ in { nets = rec { retiolum = { ip4.addr = "10.243.133.115"; - ip6.addr = r6 "dead"; + ip6.addr = r6 "daed"; aliases = [ "daedalus.r" "cgit.daedalus.r" @@ -294,8 +292,14 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "daed"; + aliases = [ + "daedalus.w" + ]; + wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI="; + }; }; - secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g"; }; @@ -474,7 +478,6 @@ in { phone = { nets = { wiregrill = { - ip4.addr = "10.244.1.2"; ip6.addr = w6 "a"; aliases = [ "phone.w" diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index befec2156..e60bbee70 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -992,57 +992,6 @@ in { }; }; }; - } // { # hosts only maintained in stockholm, not owned by me - muhbaasu = rec { - owner = config.krebs.users.root; - cores = 1; - nets = { - internet = { - ip4.addr = "217.160.206.154"; - aliases = [ - "muhbaasu.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.139.184"; - aliases = [ - "muhbaasu.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0f4C4xKXpnyV1ig03O2Kef8ag+/5WGkW90uxEBb/h5NY9barex+Z - KqVbkPdHhwoCIINuCVcOnJXzeo0FZtSEq3zVhscVm0PVdNfjct8a9KMsK0iUmuul - 5WD9Glh5/1wkEmbRfVxDErhssz1b8YmFOAGQn+ujO/Znn3BLv36uKQvpqU2y5bzb - +rVnq3eE1bCSeuj41bgEve8+vxpforjLO6gbE91mwp3Ol6nkkp6CjpG+aFTuLCAj - YR0MIl2gGwskOGSI38QxlLouOlIGwus5f+KfC94ZP0pMwu5pT45UOUkVnlBXuZ9E - igNHG2Vtm76nB3yYHndOvuDTOufatX61dQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - tpsw = { - cores = 2; - owner = config.krebs.users.ciko; # main laptop - nets = { - retiolum = { - ip4.addr = "10.243.183.236"; - aliases = [ - "tpsw.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ - Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML - WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl - OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM - 0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd - pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; }; users = rec { makefu = { @@ -1079,16 +1028,5 @@ in { inherit (makefu) mail pgp; pubkey = pub-for "makefu.bob"; }; - ciko = { - mail = "wieczorek.stefan@googlemail.com"; - }; - ulrich = { - pubkey = pub-for "ulrich"; - mail = "shackspace.de@myvdr.de"; - }; - exco = { - mail = "dickbutt@excogitation.de"; - pubkey = pub-for "exco"; - }; }; } diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index 6f59ad1de..1b19a1178 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -146,58 +146,36 @@ rec { ''; }); - taskrcFile = builtins.toFile "taskrc" '' - confirmation=no - ''; - - task-add = buildSimpleReaktorPlugin "task-add" { - pattern = "^task-add: (?P<args>.*)$$"; - script = pkgs.writeDash "task-add" '' - ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} add "$*" - ''; - }; - - task-list = buildSimpleReaktorPlugin "task-list" { - pattern = "^task-list"; - script = pkgs.writeDash "task-list" '' - ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"' - ''; - }; - - task-delete = buildSimpleReaktorPlugin "task-delete" { - pattern = "^task-delete: (?P<args>.*)$$"; - script = pkgs.writeDash "task-delete" '' - ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} delete "$*" - ''; - }; - - task-done = buildSimpleReaktorPlugin "task-done" { - pattern = "^task-done: (?P<args>.*)$$"; - script = pkgs.writeDash "task-done" '' - ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} done "$*" - ''; - }; - - todo = name: { - add = buildSimpleReaktorPlugin "${name}-add" { + task = name: let + rcFile = builtins.toFile "taskrc" '' + confirmation=no + ''; + in { + add = buildSimpleReaktorPlugin "${name}-task-add" { pattern = "^${name}-add: (?P<args>.*)$$"; script = pkgs.writeDash "${name}-add" '' - echo "$*" >> ${name}-todo - echo "added ${name} todo" + TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$*" ''; }; - delete = buildSimpleReaktorPlugin "${name}-delete" { + + list = buildSimpleReaktorPlugin "task-list" { + pattern = "^${name}-list"; + script = pkgs.writeDash "task-list" '' + TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"' + ''; + }; + + delete = buildSimpleReaktorPlugin "task-delete" { pattern = "^${name}-delete: (?P<args>.*)$$"; - script = pkgs.writeDash "${name}-delete" '' - ${pkgs.gnugrep}/bin/grep -Fvxe "$*" ${name}-todo > ${name}-todo.tmp - ${pkgs.coreutils}/bin/mv ${name}-todo.tmp ${name}-todo - echo "removed ${name} todo: $*" + script = pkgs.writeDash "task-delete" '' + TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$*" ''; }; - show = buildSimpleReaktorPlugin "${name}-show" { - pattern = "^${name}-show$"; - script = pkgs.writeDash "${name}-show" '' - ${pkgs.coreutils}/bin/cat ${name}-todo + + done = buildSimpleReaktorPlugin "task-done" { + pattern = "^${name}-done: (?P<args>.*)$$"; + script = pkgs.writeDash "task-done" '' + TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$*" ''; }; }; diff --git a/krebs/krops.nix b/krebs/krops.nix index ab7524941..76bca026d 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -9,15 +9,15 @@ krebs-source = { test ? false }: rec { nixpkgs = if test then { - file = { - path = toString (pkgs.fetchFromGitHub { + derivation = '' + with import <nixpkgs> {}; + pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs"; - rev = (lib.importJSON ./nixpkgs.json).rev; - sha256 = (lib.importJSON ./nixpkgs.json).sha256; - }); - useChecksum = true; - }; + rev = "${(lib.importJSON ./nixpkgs.json).rev}"; + sha256 = "${(lib.importJSON ./nixpkgs.json).sha256}"; + } + ''; } else { git = { ref = (lib.importJSON ./nixpkgs.json).rev; diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 61fd085be..d3f681a65 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c", - "date": "2018-11-24T00:40:22-05:00", - "sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq", + "rev": "0396345b79436f54920f7eb651ab42acf2eb7973", + "date": "2018-12-30T21:22:33-05:00", + "sha256": "10wd0wsair6dlilgaviqw2p9spgcf8qg736bzs08jha0f4zfqjs4", "fetchSubmodules": false } diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 8f748ab8f..a32c3a829 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,11 +1,14 @@ { lib, pkgs, ... }: { nixpkgs = lib.mkForce { - file = toString (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; - sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - }); + derivation = '' + with import <nixpkgs> {}; + pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}"; + sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}"; + } + ''; }; } diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 305b3f70e..e28fbf2f8 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -6,9 +6,8 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/games.nix> - <stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/backup.nix> + <stockholm/lass/2configs/nfs-dl.nix> { # bubsy config users.users.bubsy = { @@ -72,6 +71,7 @@ with import <stockholm/lib>; #remote control environment.systemPackages = with pkgs; [ x11vnc + torbrowser ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 46cdbbb66..b6565dc6a 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -35,6 +35,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/print.nix> <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/network-manager.nix> + <stockholm/lass/2configs/nfs-dl.nix> { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain @@ -147,6 +148,7 @@ with import <stockholm/lib>; OnCalendar = "00:37"; }; + nixpkgs.config.android_sdk.accept_license = true; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6c454b4ac..df2778bef 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -82,6 +82,13 @@ with import <stockholm/lib>; ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; }; + users.users.kmein = { + uid = genid_uint31 "kmein"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.kmein.pubkey + ]; + }; } { #hotdog @@ -309,7 +316,7 @@ with import <stockholm/lib>; { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; } + { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; } { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } ]; services.dnsmasq = { @@ -390,6 +397,28 @@ with import <stockholm/lib>; ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : chown download: /var/download/finished ''; + + fileSystems."/export/download" = { + device = "/var/lib/containers/yellow/var/download"; + options = [ "bind" ]; + }; + services.nfs.server = { + enable = true; + exports = '' + /export 42::/16(insecure,ro,crossmnt) + ''; + lockdPort = 4001; + mountdPort = 4002; + statdPort = 4000; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } + ]; } ]; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 116bdb92f..a2b5efb29 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -40,6 +40,16 @@ fsType = "zfs"; }; + fileSystems."/var/lib/nextcloud" = { + device = "tank/nextcloud"; + fsType = "zfs"; + }; + + fileSystems."/var/lib/libvirt" = { + device = "tank/libvirt"; + fsType = "zfs"; + }; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1b6a1d593..b8a0a9f2a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,7 +79,6 @@ in { taskwarrior termite xclip - xephyrify xorg.xbacklight xorg.xhost xsel diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 1acfe5056..f487a9910 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -95,6 +95,7 @@ with import <stockholm/lib>; { from = "lesswrong@lassul.us"; to = lass.mail; } { from = "nordvpn@lassul.us"; to = lass.mail; } { from = "csv-direct@lassul.us"; to = lass.mail; } + { from = "nintendo@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index c5073e384..a1bb26049 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import <stockholm/lib>; { nix.gc = { - automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer); + automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer); }; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 21b9d7b49..3c19fe061 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -51,7 +51,7 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; - india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ]; + india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; meetup = [ "to:meetup@lassul.us" ]; diff --git a/lass/2configs/nfs-dl.nix b/lass/2configs/nfs-dl.nix new file mode 100644 index 000000000..abbcc1d42 --- /dev/null +++ b/lass/2configs/nfs-dl.nix @@ -0,0 +1,7 @@ +{ + fileSystems."/mnt/prism" = { + device = "prism.w:/export"; + fsType = "nfs"; + }; +} + diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 25dac0ac4..223fc73ba 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -88,6 +88,20 @@ in { file_uploads = on ''; + services.nextcloud = { + enable = true; + hostName = "o.xanf.org"; + config = { + adminpassFile = toString <secrets> + "/nextcloud_pw"; + }; + #https = true; + nginx.enable = true; + }; + services.nginx.virtualHosts."o.xanf.org" = { + enableACME = true; + forceSSL = true; + }; + # MAIL STUFF # TODO: make into its own module services.dovecot2 = { diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 17af0d00d..27cadd100 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -63,6 +63,9 @@ in { locations."= /retiolum.hosts".extraConfig = '' alias ${pkgs.retiolum-hosts}; ''; + locations."= /wireguard-key".extraConfig = '' + alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey}; + ''; locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; @@ -98,6 +101,9 @@ in { locations."/pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; ''; + locations."/pub1".extraConfig = '' + alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; + ''; }; security.acme.certs."cgit.lassul.us" = { diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix index 897e35e61..10a6e4643 100644 --- a/lass/2configs/websites/sqlBackup.nix +++ b/lass/2configs/websites/sqlBackup.nix @@ -20,9 +20,7 @@ lass.mysqlBackup = { enable = true; - config.all = { - password = toString (<secrets/mysql_rootPassword>); - }; + config.all = {}; }; } diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 2cf6a66b9..613c7c8ac 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -14,6 +14,5 @@ _: ./umts.nix ./usershadow.nix ./xjail.nix - ./xserver ]; } diff --git a/lass/3modules/mysql-backup.nix b/lass/3modules/mysql-backup.nix index d2ae67171..516f96c34 100644 --- a/lass/3modules/mysql-backup.nix +++ b/lass/3modules/mysql-backup.nix @@ -41,7 +41,7 @@ let }; location = mkOption { type = str; - default = "/bku/sql_dumps"; + default = "/backups/sql_dumps"; }; }; })); @@ -51,11 +51,9 @@ let imp = { - #systemd.timers = - # mapAttrs (_: plan: { - # wantedBy = [ "timers.target" ]; - # timerConfig = plan.timerConfig; - #}) cfg.config; + services.mysql.ensureUsers = [ + { ensurePermissions = { "*.*" = "ALL"; }; name = "root"; } + ]; systemd.services = mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" { @@ -75,8 +73,10 @@ let start = plan: let - backupScript = plan: db: - "mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz"; + backupScript = plan: db: '' + mkdir -p ${plan.location} + mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz + ''; in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" '' ${concatMapStringsSep "\n" (backupScript plan) plan.databases} diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix deleted file mode 100644 index cdd80857a..000000000 --- a/lass/3modules/xserver/default.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ config, pkgs, ... }@args: -with import <stockholm/lib>; -let - - out = { - options.lass.xserver = api; - config = mkIf cfg.enable imp; - }; - - user = config.krebs.build.user; - - cfg = config.lass.xserver; - xcfg = config.services.xserver; - api = { - enable = mkEnableOption "lass xserver"; - }; - imp = { - - services.xserver = { - enable = true; - display = 11; - tty = 11; - }; - - systemd.services.display-manager.enable = false; - - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = { - DISPLAY = ":${toString xcfg.display}"; - - XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & - ${xcfg.displayManager.sessionCommands} - if test -z "$DBUS_SESSION_BUS_ADDRESS"; then - exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" "" - fi - export DBUS_SESSION_BUS_ADDRESS - ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS - wait - ''; - - XMONAD_DATA_DIR = "/tmp"; - }; - serviceConfig = { - SyslogIdentifier = "xmonad"; - ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; - ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; - User = user.name; - WorkingDirectory = user.home; - }; - }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" - ]; - reloadIfChanged = true; - environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" xcfg.drivers)); - }; - serviceConfig = { - SyslogIdentifier = "xserver"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = toString [ - "${pkgs.xorg.xorgserver}/bin/X" - ":${toString xcfg.display}" - "vt${toString xcfg.tty}" - "-config ${import ./xserver.conf.nix args}" - "-logfile /dev/null -logverbose 0 -verbose 3" - "-nolisten tcp" - "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" - (optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}") - ]; - User = user.name; - }; - }; - krebs.xresources.resources.dpi = '' - ${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"} - ''; - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - SyslogIdentifier = "urxvtd"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; - }; - }; - -in out diff --git a/lass/3modules/xserver/xserver.conf.nix b/lass/3modules/xserver/xserver.conf.nix deleted file mode 100644 index 6f34e0150..000000000 --- a/lass/3modules/xserver/xserver.conf.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - cfg = config.services.xserver; -in - -pkgs.stdenv.mkDerivation { - name = "xserver.conf"; - - xfs = optionalString (cfg.useXFS != false) - ''FontPath "${toString cfg.useXFS}"''; - - inherit (cfg) config; - - buildCommand = - '' - echo 'Section "Files"' >> $out - echo $xfs >> $out - - for i in ${toString config.fonts.fonts}; do - if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then - for j in $(find $i -name fonts.dir); do - echo " FontPath \"$(dirname $j)\"" >> $out - done - fi - done - - for i in $(find ${toString cfg.modules} -type d); do - if test $(echo $i/*.so* | wc -w) -ne 0; then - echo " ModulePath \"$i\"" >> $out - fi - done - - echo 'EndSection' >> $out - - echo "$config" >> $out - ''; -} diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 79e6416e1..483e37bc8 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -11,10 +11,7 @@ pkgs.writeHaskellPackage "xmonad-lass" { "xmonad-stockholm" ]; text = /* haskell */ '' -{-# LANGUAGE DeriveDataTypeable #-} -- for XS -{-# LANGUAGE FlexibleContexts #-} -- for xmonad' {-# LANGUAGE LambdaCase #-} -{-# LANGUAGE ScopedTypeVariables #-} module Main where @@ -28,7 +25,7 @@ import System.Environment (getArgs, lookupEnv) import System.Exit (exitFailure) import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) -import XMonad.Actions.CopyWindow (copy, kill1) +import XMonad.Actions.CopyWindow (copy, copyToAll, kill1) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) @@ -149,6 +146,8 @@ myKeyMap = , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") + , ("M4-<F2>", windows copyToAll) + , ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" '' export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index 1a617e52d..2491352eb 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -38,6 +38,9 @@ }) ]; networking.wireless.enable = true; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users.Mic92.pubkey + ]; # File systems configuration for using the installer's partition layout fileSystems = { diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index dcfa3d0e5..6024260dc 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -21,6 +21,7 @@ in { ]; }; } + <stockholm/makefu/2configs/support-nixos.nix> # <stockholm/makefu/2configs/stats/client.nix> <stockholm/makefu/2configs/stats/netdata-server.nix> @@ -123,7 +124,6 @@ in { <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> # <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> <stockholm/makefu/2configs/nginx/iso.euer.nix> - <stockholm/krebs/2configs/cache.nsupdate.info.nix> <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> <stockholm/makefu/2configs/deployment/graphs.nix> @@ -131,6 +131,7 @@ in { <stockholm/makefu/2configs/deployment/boot-euer.nix> <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix> <stockholm/makefu/2configs/bgt/hidden_service.nix> + <stockholm/makefu/2configs/bgt/backup.nix> # <stockholm/makefu/2configs/logging/client.nix> diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 81b1e0ea1..ac2677b7f 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -11,6 +11,7 @@ in { ./hw/omo.nix #./hw/tsp.nix <stockholm/makefu> + <stockholm/makefu/2configs/support-nixos.nix> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/backup/state.nix> <stockholm/makefu/2configs/exim-retiolum.nix> diff --git a/makefu/2configs/bgt/backup.nix b/makefu/2configs/bgt/backup.nix new file mode 100644 index 000000000..3b9baadef --- /dev/null +++ b/makefu/2configs/bgt/backup.nix @@ -0,0 +1,20 @@ +{ + # Manual steps: + # 1. ssh-copy-id root ssh-key to the remotes you want to back up + # 2. run `rsnapshot hourly` manually as root to check if everything works + services.rsnapshot = { + enable = true; + cronIntervals = { + daily = "50 21 * * *"; + hourly = "0 */4 * * *"; + }; + extraConfig = '' +retain hourly 5 +retain daily 365 +snapshot_root /var/backup +backup root@binaergewitter.jit.computer:/opt/isso jit +backup root@binaergewitter.jit.computer:/etc/systemd/system/isso.service jit +backup root@binaergewitter.jit.computer:/etc/nginx/conf.d/isso.conf jit + ''; + }; +} diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 6d64848f5..f223081e9 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -3,6 +3,8 @@ with import <stockholm/lib>; let ident = (builtins.readFile ./auphonic.pub); + bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log"; + bgterror = "/var/spool/nginx/logs/binaergewitter.error.log"; in { services.openssh = { allowSFTP = true; @@ -21,6 +23,19 @@ in { useDefaultShell = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; }; + services.logrotate = { + enable = true; + config = '' + ${bgtaccess} ${bgterror} { + rotate 5 + weekly + create 600 nginx nginx + postrotate + ${pkgs.systemd}/bin/systemctl reload nginx + endscript + } + ''; + }; services.nginx = { enable = lib.mkDefault true; recommendedGzipSettings = true; @@ -29,10 +44,21 @@ in { serverAliases = [ "dl2.binaergewitter.de" ]; root = "/var/www/binaergewitter"; extraConfig = '' - access_log /var/spool/nginx/logs/binaergewitter.access.log combined; - error_log /var/spool/nginx/logs/binaergewitter.error.log error; + access_log ${bgtaccess} combined; + error_log ${bgterror} error; autoindex on; ''; }; }; + environment.etc."netdata/python.d/web_log.conf".text = '' + nginx_log3: + name: 'nginx' + path: '/var/spool/nginx/logs/access.log' + nginx_log4: + name: 'bgt' + path: '${bgtaccess}' + ''; + + users.users.netdata.extraGroups = [ "nginx" ]; + } diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index cfde0aba8..d7c082662 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -169,6 +169,7 @@ in { ( serveCloud [ "o.euer.krebsco.de" ] ) ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; services.redis.enable = true; services.mysql = { enable = false; diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix index 64aa03bd7..6b5d26111 100644 --- a/makefu/2configs/home-manager/cli.nix +++ b/makefu/2configs/home-manager/cli.nix @@ -1,4 +1,5 @@ {pkgs, ... }: { + imports = [ ./zsh.nix ]; home-manager.users.makefu = { services.gpg-agent = { enable = true; @@ -9,7 +10,34 @@ enableSshSupport = true; enableScDaemon = true; }; - programs.fzf.enable = true; # alt-c + programs.direnv = { + stdlib = '' +use_nix() { + local cache=".direnv.$(nixos-version --hash)" + + if [[ ! -e "$cache" ]] || \ + [[ "$HOME/.direnvrc" -nt "$cache" ]] || \ + [[ ".envrc" -nt "$cache" ]] || \ + [[ "default.nix" -nt "$cache" ]] || \ + [[ "shell.nix" -nt "$cache" ]]; + then + local tmp="$(mktemp "$${cache}.tmp-XXXXXXXX")" + trap "rm -rf '$tmp' >/dev/null" EXIT + nix-shell --show-trace "$@" --run 'direnv dump' > "$tmp" && \ + mv "$tmp" "$cache" + fi + + direnv_load cat "$cache" + + if [[ $# = 0 ]]; then + watch_file default.nix + watch_file shell.nix + rm direnv.* 2>/dev/null + fi +} +''; + enableZshIntegration = true; + }; }; services.udev.packages = [ pkgs.libu2f-host diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix index ce98e651a..40a1c6497 100644 --- a/makefu/2configs/home-manager/desktop.nix +++ b/makefu/2configs/home-manager/desktop.nix @@ -1,11 +1,13 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, ... }: { + users.users.makefu.packages = with pkgs;[ bat direnv ]; home-manager.users.makefu = { programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; programs.firefox.enable = true; + programs.obs-studio.enable = true; + xdg.enable = true; services.network-manager-applet.enable = true; - systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; services.blueman-applet.enable = true; services.pasystray.enable = true; systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) ); @@ -34,7 +36,6 @@ }; Service = { - Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; ExecStart = "${pkgs.clipit}/bin/clipit"; Restart = "on-abort"; }; diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix new file mode 100644 index 000000000..dff6d9337 --- /dev/null +++ b/makefu/2configs/home-manager/zsh.nix @@ -0,0 +1,126 @@ +{ pkgs, ... }: +{ + imports = [ + { #direnv + home-manager.users.makefu.home.packages = [ pkgs.direnv ]; + home-manager.users.makefu.home.file.".direnvrc".text = '' + use_nix() { + local path="$(nix-instantiate --find-file nixpkgs)" + + if [ -f "$${path}/.version-suffix" ]; then + local version="$(< $path/.version-suffix)" + elif [ -f "$path/.version" ]; then + local version="$(< $path/.version)" + else + local version="$(< $(< $path/.git/HEAD))" + fi + + local cache=".direnv/cache-''${version:-unknown}" + + if [[ ! -e "$cache" ]] || \ + [[ "$HOME/.direnvrc" -nt "$cache" ]] || \ + [[ .envrc -nt "$cache" ]] || \ + [[ default.nix -nt "$cache" ]] || \ + [[ shell.nix -nt "$cache" ]]; + then + [ -d .direnv ] || mkdir .direnv + local tmp=$(nix-shell --show-trace "$@" \ + --run "\"$direnv\" dump bash") + echo "$tmp" > "$cache" + fi + + local path_backup=$PATH term_backup=$TERM + direnv_load cat "$cache" + + export PATH=$PATH:$path_backup TERM=$term_backup + + if [[ $# = 0 ]]; then + watch_file default.nix + watch_file shell.nix + fi + } + ''; + home-manager.users.makefu.programs.zsh.initExtra = '' + nixify() { + if [ ! -e ./.envrc ]; then + echo "use nix" > .envrc + direnv allow + fi + if [ ! -e default.nix ]; then + cat > default.nix <<'EOF' + with import <nixpkgs> {}; + stdenv.mkDerivation { + name = "env"; + buildInputs = [ + bashInteractive + ]; + } + EOF + ${EDITOR:-vim} default.nix + fi + } + eval "$(direnv hook zsh)" + ''; + } + { # bat + home-manager.users.makefu.home.packages = [ pkgs.bat ]; + home-manager.users.makefu.programs.zsh.shellAliases = { + cat = "bat"; + catn = "${pkgs.coreutils}/bin/cat"; + }; + } + ]; + environment.pathsToLink = [ "/share/zsh" ]; + home-manager.users.makefu = { + programs.fzf.enable = false; # alt-c + programs.zsh = { + enable = true; + enableAutosuggestions = false; + enableCompletion = true; + oh-my-zsh.enable = false; + history = { + size = 900001; + save = 900001; + ignoreDups = true; + extended = true; + share = true; + }; + sessionVariables = { + TERM = "rxvt-unicode-256color"; + LANG = "en_US.UTF8"; + LS_COLORS = ":di=1;31:"; + EDITOR = "vim"; + }; + shellAliases = { + lsl = "ls -lAtr"; + t = "task"; + xo = "mimeopen"; + nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; + }; + initExtra = '' + bindkey -e + # shift-tab + bindkey '^[[Z' reverse-menu-complete + bindkey "\e[3~" delete-char + zstyle ':completion:*' menu select + + setopt HIST_IGNORE_ALL_DUPS + setopt HIST_IGNORE_SPACE + setopt HIST_FIND_NO_DUPS + + unset SSH_AGENT_PID + export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + compdef _pass brain + zstyle ':completion::complete:brain::' prefix "$HOME/brain" + compdef _pass secrets + zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" + + # ctrl-x ctrl-e + autoload -U edit-command-line + zle -N edit-command-line + bindkey '^xe' edit-command-line + bindkey '^x^e' edit-command-line + ''; + }; + }; +} diff --git a/makefu/2configs/hw/ssd.nix b/makefu/2configs/hw/ssd.nix new file mode 100644 index 000000000..9615b34d8 --- /dev/null +++ b/makefu/2configs/hw/ssd.nix @@ -0,0 +1,4 @@ +{ + # ssd trimming + services.fstrim.enable = true; +} diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 98fe30daf..42ae309d0 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -4,6 +4,7 @@ with import <stockholm/lib>; { imports = [ ./tpm.nix + ./ssd.nix ]; boot.kernelModules = [ @@ -50,6 +51,7 @@ with import <stockholm/lib>; CPU_MAX_PERF_ON_BAT=30 ''; + powerManagement.resumeCommands = '' ${pkgs.rfkill}/bin/rfkill unblock all ''; diff --git a/makefu/2configs/support-nixos.nix b/makefu/2configs/support-nixos.nix new file mode 100644 index 000000000..d4e5556ff --- /dev/null +++ b/makefu/2configs/support-nixos.nix @@ -0,0 +1 @@ +{ makefu.distrobump.enable = true; } diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 23ae572da..e0ea046cf 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -1,83 +1,11 @@ { config, lib, pkgs, ... }: -## -with import <stockholm/lib>; let mainUser = config.krebs.build.user.name; in { - users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; programs.zsh= { enable = true; - enableCompletion = true ; #manually at the end - interactiveShellInit = '' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - SAVEHIST=$HISTSIZE - HISTFILE=$HOME/.zsh_history - - setopt HIST_IGNORE_ALL_DUPS - setopt HIST_IGNORE_SPACE - setopt HIST_FIND_NO_DUPS - bindkey -e - # shift-tab - bindkey '^[[Z' reverse-menu-complete - bindkey "\e[3~" delete-char - zstyle ':completion:*' menu select - - ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null - GPG_TTY=$(tty) - export GPG_TTY - LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS - - unset SSH_AGENT_PID - export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" - - # fzf - __fsel_fzf() { - local cmd="''${FZF_CTRL_T_COMMAND:-"command find -L . -mindepth 1 \\( -path '*/\\.*' -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' \\) -prune \ - -o -type f -print \ - -o -type d -print \ - -o -type l -print 2> /dev/null | cut -b3-"}" - setopt localoptions pipefail 2> /dev/null - eval "$cmd" | FZF_DEFAULT_OPTS="--height ''${FZF_TMUX_HEIGHT:-40%} --reverse $FZF_DEFAULT_OPTS $FZF_CTRL_T_OPTS" $(__fzfcmd) -m "$@" | while read item; do - echo -n "''${(q)item} " - done - local ret=$? - echo - return $ret - } - - __fzf_use_tmux__() { - [ -n "$TMUX_PANE" ] && [ "''${FZF_TMUX:-0}" != 0 ] && [ ''${LINES:-40} -gt 15 ] - } - - __fzfcmd() { - __fzf_use_tmux__ && - echo "fzf-tmux -d''${FZF_TMUX_HEIGHT:-40%}" || echo "fzf" - } - - fzf-file-widget() { - LBUFFER="''${LBUFFER}$(__fsel_fzf)" - local ret=$? - zle redisplay - typeset -f zle-line-init >/dev/null && zle zle-line-init - return $ret - } - zle -N fzf-file-widget - bindkey '^T' fzf-file-widget - - compdef _pass brain - zstyle ':completion::complete:brain::' prefix "$HOME/brain" - compdef _pass secrets - zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" - - # ctrl-x ctrl-e - autoload -U edit-command-line - zle -N edit-command-line - bindkey '^xe' edit-command-line - bindkey '^x^e' edit-command-line - - ''; + enableCompletion = false; #manually at the end promptInit = '' RPROMPT="" @@ -93,8 +21,8 @@ in ''; }; - users.users.${mainUser}.packages = [ - pkgs.nix-zsh-completions - pkgs.fzf - ]; + users.users.${mainUser} = { + shell = "/run/current-system/sw/bin/zsh"; + packages = [ pkgs.nix-zsh-completions ]; + }; } diff --git a/makefu/3modules/bump-distrowatch.nix b/makefu/3modules/bump-distrowatch.nix new file mode 100644 index 000000000..18426cdcc --- /dev/null +++ b/makefu/3modules/bump-distrowatch.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.makefu.distrobump; + + imp = { + systemd.services.distrobump = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.curl ]; + restartIfChanged = false; + startAt = "daily"; + serviceConfig = { + PrivateTmp = true; + Type = "oneshot"; + ExecStart = pkgs.writeDash "bump-distrowatch" '' + set -euf + UA='Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0' + curl -Lvc /tmp/cookie.jar -A "$UA" 'https://distrowatch.com/' >/dev/null + sleep $(shuf -i 3-15 -n1).$(shuf -i 0-9 -n1) + curl -Lvc /tmp/cookie.jar -A "$UA" -e 'https://distrowatch.com/' 'https://distrowatch.com/nixos?frphr' >/dev/null + ''; + RandomizedDelaySec = 28800; + }; + }; + }; +in +{ + options.makefu.distrobump.enable = lib.mkEnableOption "distrobump"; + config = lib.mkIf cfg.enable imp; +} diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 65b5a6afd..c6d8fccc3 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -3,6 +3,7 @@ _: { imports = [ ./awesome-extra.nix + ./bump-distrowatch.nix ./deluge.nix ./forward-journal.nix ./netdata.nix diff --git a/makefu/5pkgs/ns-atmosphere-programmer/default.nix b/makefu/5pkgs/ns-atmosphere-programmer/default.nix index 1e1cb1d86..88a408578 100644 --- a/makefu/5pkgs/ns-atmosphere-programmer/default.nix +++ b/makefu/5pkgs/ns-atmosphere-programmer/default.nix @@ -10,15 +10,16 @@ stdenv.mkDerivation rec { version = "0.1"; src = fetchzip { - url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip"; - sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0"; + url = "https://archive.org/download/ns-atmosphere-programmer/ns-atmosphere-programmer-ubuntu-64bit-v01.zip"; + # original source: http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-ubuntu-64bit-v01.zip + sha256 = "1cnyydsmrcpfwpdiry7qybh179499wpbvlzq5rk442hq9ak416ri"; }; buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ]; nativeBuildInputs = [ autoPatchelfHook makeWrapper ]; installPhase = '' - install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere + install -D -m755 NS-Atmosphere $out/bin/NS-Atmosphere wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ --suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share' ''; @@ -26,7 +27,7 @@ stdenv.mkDerivation rec { dontStrip = true; meta = with stdenv.lib; { - description = "Payload programmer for ns-atmosphere injector"; + description = "Payload programmer for ns-atmosphere injector for nintendo switch"; homepage = http://www.ns-atmosphere.com; maintainers = [ maintainers.makefu ]; platforms = platforms.linux; diff --git a/makefu/5pkgs/xdcc-dl/default.nix b/makefu/5pkgs/xdcc-dl/default.nix new file mode 100644 index 000000000..d9fdc3d2b --- /dev/null +++ b/makefu/5pkgs/xdcc-dl/default.nix @@ -0,0 +1,195 @@ +# generated using pypi2nix tool (version: 1.8.0) +# See more at: https://github.com/garbas/pypi2nix +# +# COMMAND: +# pypi2nix -V 3.6 -r ./lol +# + +{ pkgs ? import <nixpkgs> {} +}: + +let + + inherit (pkgs) makeWrapper; + inherit (pkgs.stdenv.lib) fix' extends inNixShell; + + pythonPackages = + import "${toString pkgs.path}/pkgs/top-level/python-packages.nix" { + inherit pkgs; + inherit (pkgs) stdenv; + python = pkgs.python36; + }; + + commonBuildInputs = []; + commonDoCheck = false; + + withPackages = pkgs': + let + pkgs = builtins.removeAttrs pkgs' ["__unfix__"]; + interpreter = pythonPackages.buildPythonPackage { + name = "python36-interpreter"; + buildInputs = [ makeWrapper ] ++ (builtins.attrValues pkgs); + buildCommand = '' + mkdir -p $out/bin + ln -s ${pythonPackages.python.interpreter} $out/bin/${pythonPackages.python.executable} + for dep in ${builtins.concatStringsSep " " (builtins.attrValues pkgs)}; do + if [ -d "$dep/bin" ]; then + for prog in "$dep/bin/"*; do + if [ -f $prog ]; then + ln -s $prog $out/bin/`basename $prog` + fi + done + fi + done + for prog in "$out/bin/"*; do + wrapProgram "$prog" --prefix PYTHONPATH : "$PYTHONPATH" + done + pushd $out/bin + ln -s ${pythonPackages.python.executable} python + popd + ''; + passthru.interpreter = pythonPackages.python; + }; + in { + __old = pythonPackages; + inherit interpreter; + mkDerivation = pythonPackages.buildPythonPackage; + packages = pkgs; + overrideDerivation = drv: f: + pythonPackages.buildPythonPackage (drv.drvAttrs // f drv.drvAttrs); + withPackages = pkgs'': + withPackages (pkgs // pkgs''); + }; + + python = withPackages {}; + + generated = self: { + inherit (pythonPackages) requests irc beautifulsoup4 six pyqt5; + "PyExecJS" = python.mkDerivation { + name = "PyExecJS-1.5.0"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/1c/a0/359e179605bbf3f6c6ed96c44e056eebed39732b67427f30d56e259934f2/PyExecJS-1.5.0.tar.gz"; sha256 = "99315766f8155eea195a3f4179b35cd8dc64b2360c081ae29d92c603c26aeaaa"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ + self."six" + ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.mit; + description = "Run JavaScript code from Python"; + }; + }; + + + + + "bs4" = python.mkDerivation { + name = "bs4-0.0.1"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/10/ed/7e8b97591f6f456174139ec089c769f89a94a1a4025fe967691de971f314/bs4-0.0.1.tar.gz"; sha256 = "36ecea1fd7cc5c0c6e4a1ff075df26d50da647b75376626cc186e2212886dd3a"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ + self."beautifulsoup4" + ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.mit; + description = "Screen-scraping library"; + }; + }; + + + + "certifi" = python.mkDerivation { + name = "certifi-2017.11.5"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/23/3f/8be01c50ed24a4bd6b8da799839066ce0288f66f5e11f0367323467f0cbc/certifi-2017.11.5.tar.gz"; sha256 = "5ec74291ca1136b40f0379e1128ff80e866597e4e2c1e755739a913bbc3613c0"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = "MPL-2.0"; + description = "Python package for providing Mozilla's CA Bundle."; + }; + }; + + + + "cfscrape" = python.mkDerivation { + name = "cfscrape-1.9.1"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/cf/9a/50d3844d67fe5507217fd47c9e382e769ab5f7d967b41c25ba3712c441c3/cfscrape-1.9.1.tar.gz"; sha256 = "9cee3708c643904eaa010a64dd1715890457bb77010d87405fc1bfeb892508d7"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ + self."PyExecJS" + self."requests" + ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = ""; + description = "A simple Python module to bypass Cloudflare's anti-bot page. See https://github.com/Anorov/cloudflare-scrape for more information."; + }; + }; + + + + "typing" = python.mkDerivation { + name = "typing-3.6.2"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/ca/38/16ba8d542e609997fdcd0214628421c971f8c395084085354b11ff4ac9c3/typing-3.6.2.tar.gz"; sha256 = "d514bd84b284dd3e844f0305ac07511f097e325171f6cc4a20878d11ad771849"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.psfl; + description = "Type Hints for Python"; + }; + }; + + + + + "urwid" = python.mkDerivation { + name = "urwid-1.3.1"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/85/5d/9317d75b7488c335b86bd9559ca03a2a023ed3413d0e8bfe18bea76f24be/urwid-1.3.1.tar.gz"; sha256 = "cfcec03e36de25a1073e2e35c2c7b0cc6969b85745715c3a025a31d9786896a1"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.lgpl2; + description = "A full-featured console (xterm et al.) user interface library"; + }; + }; + + + + "xdcc-dl" = python.mkDerivation { + name = "xdcc-dl-2.1.0"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/52/5a/1f1c8e77c212074d508701f208440bdfac4c6366de3f74fc9772a09369ef/xdcc_dl-2.1.0.tar.gz"; sha256 = "7071fca28de83ab0944b086a6dac0af053225b5663d9cf28a8dac868d81b2fc6"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ + self."bs4" + self."cfscrape" + self."irc" + self."requests" + self."typing" + self."urwid" + ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.gpl3; + description = "An XDCC File Downloader based on the irclib framework"; + }; + }; + + }; + +in python.withPackages + (fix' (pkgs.lib.fold + extends + generated + [] + ) + ) diff --git a/makefu/krops.nix b/makefu/krops.nix index 2a2f70a05..30db07667 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -27,15 +27,15 @@ # TODO: we want to track the unstable channel symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; } else { - file = { - path = toString (pkgs.fetchFromGitHub { + derivation = '' + with import <nixpkgs> {}; + pkgs.fetchFromGitHub { owner = "makefu"; repo = "nixpkgs"; - rev = nixpkgs-src.rev; - sha256 = nixpkgs-src.sha256; - }); - useChecksum = true; - }; + rev = "${nixpkgs-src.rev}"; + sha256 = "${nixpkgs-src.sha256}"; + } + ''; }; nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix"; |