summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitmodules5
-rw-r--r--jeschli/1systems/bolide/config.nix125
-rw-r--r--jeschli/1systems/bolide/hardware-configuration.nix33
-rw-r--r--jeschli/1systems/brauerei/config.nix200
-rw-r--r--jeschli/1systems/brauerei/hardware-configuration.nix34
-rw-r--r--jeschli/1systems/enklave/config.nix57
-rw-r--r--jeschli/1systems/enklave/taskserver.nix10
-rw-r--r--jeschli/1systems/reagenzglas/config.nix91
-rw-r--r--jeschli/1systems/reagenzglas/desktop.nix25
-rw-r--r--jeschli/1systems/reagenzglas/hardware-configuration.nix37
-rw-r--r--jeschli/1systems/reagenzglas/i3-configuration.nix181
-rw-r--r--jeschli/2configs/IM.nix57
-rw-r--r--jeschli/2configs/default.nix72
m---------jeschli/2configs/elisp0
-rw-r--r--jeschli/2configs/emacs-org-agenda.nix2025
-rw-r--r--jeschli/2configs/emacs.nix119
-rw-r--r--jeschli/2configs/firefox.nix44
-rw-r--r--jeschli/2configs/git.nix78
-rw-r--r--jeschli/2configs/haskell.nix18
-rw-r--r--jeschli/2configs/home-manager/default.nix9
-rw-r--r--jeschli/2configs/i3.nix247
-rw-r--r--jeschli/2configs/officevpn.nix19
-rw-r--r--jeschli/2configs/os-templates/CentOS-7-64bit.nix16
-rw-r--r--jeschli/2configs/python.nix9
-rw-r--r--jeschli/2configs/retiolum.nix26
-rw-r--r--jeschli/2configs/rust.nix8
-rw-r--r--jeschli/2configs/steam.nix12
-rw-r--r--jeschli/2configs/tests/dummy-secrets/empty0
-rw-r--r--jeschli/2configs/urxvt.nix39
-rw-r--r--jeschli/2configs/vim.nix151
-rw-r--r--jeschli/2configs/virtualbox.nix23
-rw-r--r--jeschli/2configs/xdg.nix14
-rw-r--r--jeschli/2configs/xserver/Xmodmap.nix27
-rw-r--r--jeschli/2configs/xserver/Xresources.nix56
-rw-r--r--jeschli/2configs/xserver/default.nix130
-rw-r--r--jeschli/2configs/xserver/xserver.conf.nix40
-rw-r--r--jeschli/2configs/zsh.nix138
-rw-r--r--jeschli/5pkgs/default.nix11
-rw-r--r--jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix40
-rw-r--r--jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix40
-rw-r--r--jeschli/5pkgs/firefox/dark-reader/default.nix28
-rw-r--r--jeschli/5pkgs/firefox/default.nix18
-rw-r--r--jeschli/5pkgs/firefox/firefox-with-config.nix487
-rw-r--r--jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix40
-rw-r--r--jeschli/5pkgs/firefox/hopper/default.nix45
-rw-r--r--jeschli/5pkgs/firefox/https-everywhere/default.nix29
-rw-r--r--jeschli/5pkgs/firefox/pyocclient/default.nix26
-rw-r--r--jeschli/5pkgs/firefox/rmount/default.nix34
-rw-r--r--jeschli/5pkgs/firefox/ublock-origin/default.nix28
-rw-r--r--jeschli/5pkgs/firefox/user-agent-switcher/default.nix40
-rw-r--r--jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix40
-rw-r--r--jeschli/5pkgs/firefox/wl-clipboard/default.nix25
-rw-r--r--jeschli/5pkgs/simple/default.nix18
-rw-r--r--jeschli/default.nix9
-rw-r--r--jeschli/krops.nix43
-rw-r--r--kartei/dbalan/default.nix (renamed from krebs/3modules/external/dbalan.nix)2
-rw-r--r--kartei/default.nix18
-rw-r--r--kartei/jeschli/default.nix (renamed from krebs/3modules/jeschli/default.nix)2
-rw-r--r--kartei/kmein/default.nix (renamed from krebs/3modules/external/kmein.nix)26
-rw-r--r--kartei/kmein/kmein.gpg (renamed from krebs/3modules/external/gpg/kmein.gpg)0
-rw-r--r--kartei/kmein/ssh/kmein.kabsa.pub (renamed from krebs/3modules/external/ssh/kmein.kabsa.pub)0
-rw-r--r--kartei/kmein/ssh/kmein.manakish.pub (renamed from krebs/3modules/external/ssh/kmein.manakish.pub)0
-rw-r--r--kartei/krebs/default.nix (renamed from krebs/3modules/krebs/default.nix)15
-rw-r--r--kartei/lass/default.nix (renamed from krebs/3modules/lass/default.nix)73
-rw-r--r--kartei/lass/pgp/mors.pgp (renamed from krebs/3modules/lass/pgp/mors.pgp)0
-rw-r--r--kartei/lass/pgp/yubikey.pgp157
-rw-r--r--kartei/lass/ssh/android.ed25519 (renamed from krebs/3modules/lass/ssh/android.ed25519)0
-rw-r--r--kartei/lass/ssh/blue.rsa (renamed from krebs/3modules/lass/ssh/blue.rsa)0
-rw-r--r--kartei/lass/ssh/green.ed25519 (renamed from krebs/3modules/lass/ssh/green.ed25519)0
-rw-r--r--kartei/lass/ssh/mors.rsa (renamed from krebs/3modules/lass/ssh/mors.rsa)0
-rw-r--r--kartei/lass/ssh/tablet.ed25519 (renamed from krebs/3modules/lass/ssh/tablet.ed25519)0
-rw-r--r--kartei/lass/ssh/yubikey.rsa (renamed from krebs/3modules/lass/ssh/yubikey.rsa)0
-rw-r--r--kartei/makefu/default.nix (renamed from krebs/3modules/makefu/default.nix)2
-rw-r--r--kartei/makefu/pgp/brain.asc (renamed from krebs/3modules/makefu/pgp/brain.asc)0
-rw-r--r--kartei/makefu/pgp/default.asc (renamed from krebs/3modules/makefu/pgp/default.asc)0
-rw-r--r--kartei/makefu/retiolum/cake.pub (renamed from krebs/3modules/makefu/retiolum/cake.pub)0
-rw-r--r--kartei/makefu/retiolum/cake_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/cake_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/crapi.pub (renamed from krebs/3modules/makefu/retiolum/crapi.pub)0
-rw-r--r--kartei/makefu/retiolum/crapi_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/crapi_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/fileleech.pub (renamed from krebs/3modules/makefu/retiolum/fileleech.pub)0
-rw-r--r--kartei/makefu/retiolum/fileleech_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/fileleech_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/filepimp.pub (renamed from krebs/3modules/makefu/retiolum/filepimp.pub)0
-rw-r--r--kartei/makefu/retiolum/filepimp_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/filepimp_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/firecracker.pub (renamed from krebs/3modules/makefu/retiolum/firecracker.pub)0
-rw-r--r--kartei/makefu/retiolum/firecracker_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/firecracker_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/flap.pub (renamed from krebs/3modules/makefu/retiolum/flap.pub)0
-rw-r--r--kartei/makefu/retiolum/flap_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/flap_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/gum.pub (renamed from krebs/3modules/makefu/retiolum/gum.pub)0
-rw-r--r--kartei/makefu/retiolum/gum_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/gum_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/latte.pub (renamed from krebs/3modules/makefu/retiolum/latte.pub)0
-rw-r--r--kartei/makefu/retiolum/latte_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/latte_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/nukular.pub (renamed from krebs/3modules/makefu/retiolum/nukular.pub)0
-rw-r--r--kartei/makefu/retiolum/nukular_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/nukular_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/omo.pub (renamed from krebs/3modules/makefu/retiolum/omo.pub)0
-rw-r--r--kartei/makefu/retiolum/omo_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/omo_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/sdev.pub (renamed from krebs/3modules/makefu/retiolum/sdev.pub)0
-rw-r--r--kartei/makefu/retiolum/sdev_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/sdev_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/senderechner.pub (renamed from krebs/3modules/makefu/retiolum/senderechner.pub)0
-rw-r--r--kartei/makefu/retiolum/senderechner_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/senderechner_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/studio.pub (renamed from krebs/3modules/makefu/retiolum/studio.pub)0
-rw-r--r--kartei/makefu/retiolum/studio_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/studio_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/tsp.pub (renamed from krebs/3modules/makefu/retiolum/tsp.pub)0
-rw-r--r--kartei/makefu/retiolum/tsp_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/tsp_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/vbob.pub (renamed from krebs/3modules/makefu/retiolum/vbob.pub)0
-rw-r--r--kartei/makefu/retiolum/vbob_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/vbob_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/wbob.pub (renamed from krebs/3modules/makefu/retiolum/wbob.pub)0
-rw-r--r--kartei/makefu/retiolum/wbob_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/wbob_ed25519.pub)0
-rw-r--r--kartei/makefu/retiolum/x.pub (renamed from krebs/3modules/makefu/retiolum/x.pub)0
-rw-r--r--kartei/makefu/retiolum/x_ed25519.pub (renamed from krebs/3modules/makefu/retiolum/x_ed25519.pub)0
-rw-r--r--kartei/makefu/ssh/makefu.android.pub (renamed from krebs/3modules/makefu/ssh/makefu.android.pub)0
-rw-r--r--kartei/makefu/ssh/makefu.bob.pub (renamed from krebs/3modules/makefu/ssh/makefu.bob.pub)0
-rw-r--r--kartei/makefu/ssh/makefu.omo.pub (renamed from krebs/3modules/makefu/ssh/makefu.omo.pub)0
-rw-r--r--kartei/makefu/ssh/makefu.remote-builder.pub (renamed from krebs/3modules/makefu/ssh/makefu.remote-builder.pub)0
-rw-r--r--kartei/makefu/ssh/makefu.tempx.pub (renamed from krebs/3modules/makefu/ssh/makefu.tempx.pub)0
-rw-r--r--kartei/makefu/ssh/makefu.tsp.pub (renamed from krebs/3modules/makefu/ssh/makefu.tsp.pub)0
-rw-r--r--kartei/makefu/ssh/makefu.vbob.pub (renamed from krebs/3modules/makefu/ssh/makefu.vbob.pub)0
-rw-r--r--kartei/makefu/ssh/makefu.x.pub (renamed from krebs/3modules/makefu/ssh/makefu.x.pub)0
-rw-r--r--kartei/makefu/sshd/cake.pub (renamed from krebs/3modules/makefu/sshd/cake.pub)0
-rw-r--r--kartei/makefu/sshd/crapi.pub (renamed from krebs/3modules/makefu/sshd/crapi.pub)0
-rw-r--r--kartei/makefu/sshd/fileleech.pub (renamed from krebs/3modules/makefu/sshd/fileleech.pub)0
-rw-r--r--kartei/makefu/sshd/firecracker.pub (renamed from krebs/3modules/makefu/sshd/firecracker.pub)0
-rw-r--r--kartei/makefu/sshd/gum.pub (renamed from krebs/3modules/makefu/sshd/gum.pub)0
-rw-r--r--kartei/makefu/sshd/omo.pub (renamed from krebs/3modules/makefu/sshd/omo.pub)0
-rw-r--r--kartei/makefu/sshd/sdev.pub (renamed from krebs/3modules/makefu/sshd/sdev.pub)0
-rw-r--r--kartei/makefu/sshd/studio.pub (renamed from krebs/3modules/makefu/sshd/studio.pub)0
-rw-r--r--kartei/makefu/sshd/wbob.pub (renamed from krebs/3modules/makefu/sshd/wbob.pub)0
-rw-r--r--kartei/makefu/sshd/x.pub (renamed from krebs/3modules/makefu/sshd/x.pub)0
-rw-r--r--kartei/makefu/wiregrill/gum.pub (renamed from krebs/3modules/makefu/wiregrill/gum.pub)0
-rw-r--r--kartei/makefu/wiregrill/rockit.pub (renamed from krebs/3modules/makefu/wiregrill/rockit.pub)0
-rw-r--r--kartei/makefu/wiregrill/shackdev.pub (renamed from krebs/3modules/makefu/wiregrill/shackdev.pub)0
-rw-r--r--kartei/makefu/wiregrill/telex.pub (renamed from krebs/3modules/makefu/wiregrill/telex.pub)0
-rw-r--r--kartei/makefu/wiregrill/x.pub (renamed from krebs/3modules/makefu/wiregrill/x.pub)0
-rw-r--r--kartei/mic92/default.nix (renamed from krebs/3modules/external/mic92.nix)41
-rw-r--r--kartei/mic92/ssh/mic92.pub (renamed from krebs/3modules/external/ssh/mic92.pub)0
-rw-r--r--kartei/others/default.nix (renamed from krebs/3modules/external/default.nix)137
-rw-r--r--kartei/others/ssh/0x4A6F.pub (renamed from krebs/3modules/external/ssh/0x4A6F.pub)0
-rw-r--r--kartei/others/ssh/exco.pub (renamed from krebs/3modules/external/ssh/exco.pub)0
-rw-r--r--kartei/others/ssh/hase.pub (renamed from krebs/3modules/external/ssh/hase.pub)0
-rw-r--r--kartei/others/ssh/neos.pub (renamed from krebs/3modules/external/ssh/neos.pub)0
-rw-r--r--kartei/others/ssh/qubasa.pub (renamed from krebs/3modules/external/ssh/qubasa.pub)0
-rw-r--r--kartei/others/ssh/raute.pub (renamed from krebs/3modules/external/ssh/raute.pub)0
-rw-r--r--kartei/others/ssh/rtjure.pub (renamed from krebs/3modules/external/ssh/rtjure.pub)0
-rw-r--r--kartei/others/ssh/shannan.pub (renamed from krebs/3modules/external/ssh/shannan.pub)0
-rw-r--r--kartei/others/ssh/ulrich.pub (renamed from krebs/3modules/external/ssh/ulrich.pub)0
-rw-r--r--kartei/others/ssh/xkey.pub1
-rw-r--r--kartei/others/ssh/xq.pub (renamed from krebs/3modules/external/ssh/xq.pub)0
-rw-r--r--kartei/others/tinc/hasegateway.pub (renamed from krebs/3modules/external/tinc/hasegateway.pub)0
-rw-r--r--kartei/others/tinc/horisa.pub (renamed from krebs/3modules/external/tinc/horisa.pub)0
-rw-r--r--kartei/others/tinc/justraute.pub (renamed from krebs/3modules/external/tinc/justraute.pub)0
-rw-r--r--kartei/others/tinc/tpsw.pub (renamed from krebs/3modules/external/tinc/tpsw.pub)0
-rw-r--r--kartei/oxzi/default.nix62
-rw-r--r--kartei/palo/default.nix (renamed from krebs/3modules/external/palo.nix)14
-rw-r--r--kartei/palo/retiolum.pub (renamed from krebs/3modules/external/tinc/palo.pub)0
-rw-r--r--kartei/rtunreal/default.nix51
-rw-r--r--kartei/template/default.nix20
-rw-r--r--kartei/tv/default.nix (renamed from krebs/3modules/tv/default.nix)11
-rw-r--r--kartei/tv/pgp/CBF89B0B.asc (renamed from krebs/3modules/tv/pgp/CBF89B0B.asc)0
-rw-r--r--kartei/tv/wiregrill/alnus.pub (renamed from krebs/3modules/tv/wiregrill/alnus.pub)0
-rw-r--r--kartei/tv/wiregrill/mu.pub (renamed from krebs/3modules/tv/wiregrill/mu.pub)0
-rw-r--r--kartei/tv/wiregrill/ni.pub (renamed from krebs/3modules/tv/wiregrill/ni.pub)0
-rw-r--r--kartei/tv/wiregrill/nomic.pub (renamed from krebs/3modules/tv/wiregrill/nomic.pub)0
-rw-r--r--kartei/tv/wiregrill/querel.pub (renamed from krebs/3modules/tv/wiregrill/querel.pub)0
-rw-r--r--kartei/tv/wiregrill/umz.pub (renamed from krebs/3modules/tv/wiregrill/umz.pub)0
-rw-r--r--kartei/tv/wiregrill/wu.pub (renamed from krebs/3modules/tv/wiregrill/wu.pub)0
-rw-r--r--kartei/tv/wiregrill/xu.pub (renamed from krebs/3modules/tv/wiregrill/xu.pub)0
-rw-r--r--kartei/tv/wiregrill/zu.pub (renamed from krebs/3modules/tv/wiregrill/zu.pub)0
-rw-r--r--kartei/xkey/default.nix126
-rw-r--r--kartei/xkey/ssh/xkey.pub1
-rw-r--r--krebs/1systems/hotdog/config.nix4
-rw-r--r--krebs/1systems/ponte/config.nix26
-rw-r--r--krebs/2configs/cal.nix33
-rw-r--r--krebs/2configs/default.nix6
-rw-r--r--krebs/2configs/exim-smarthost.nix9
-rw-r--r--krebs/2configs/ircd.nix4
-rw-r--r--krebs/2configs/mastodon-proxy.nix24
-rw-r--r--krebs/2configs/mastodon.nix46
-rw-r--r--krebs/2configs/matterbridge.nix10
-rw-r--r--krebs/2configs/news-host.nix3
-rw-r--r--krebs/2configs/news.nix4
-rw-r--r--krebs/2configs/reaktor2.nix139
-rw-r--r--krebs/2configs/security-workarounds.nix11
-rwxr-xr-xkrebs/2configs/shack/doorstatus.sh3
-rw-r--r--krebs/3modules/ci/default.nix1
-rw-r--r--krebs/3modules/default.nix50
-rw-r--r--krebs/3modules/dns.nix13
-rw-r--r--krebs/3modules/ergo.nix133
-rw-r--r--krebs/3modules/exim-smarthost.nix43
-rw-r--r--krebs/3modules/external/ssh/xkey.pub1
-rw-r--r--krebs/3modules/hosts.nix2
-rw-r--r--krebs/3modules/htgen.nix21
-rw-r--r--krebs/3modules/krebs-pages.nix44
-rw-r--r--krebs/3modules/lass/pgp/yubikey.pgp109
-rw-r--r--krebs/3modules/sitemap.nix8
-rw-r--r--krebs/3modules/ssl.nix21
-rw-r--r--krebs/3modules/sync-containers.nix140
-rw-r--r--krebs/3modules/users.nix20
-rw-r--r--krebs/5pkgs/simple/ergo/default.nix23
-rw-r--r--krebs/5pkgs/simple/hashPassword/default.nix2
-rw-r--r--krebs/5pkgs/simple/htgen/default.nix7
-rw-r--r--krebs/5pkgs/simple/krebs-pages/fixtures/index.html21
-rw-r--r--krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html133
-rw-r--r--krebs/5pkgs/simple/nix-prefetch-github.nix25
-rw-r--r--krebs/5pkgs/simple/stable-generate/default.nix64
-rw-r--r--krebs/5pkgs/simple/weechat-declarative/default.nix5
-rw-r--r--krebs/6assets/krebsAcmeCA.crt22
-rw-r--r--krebs/6assets/krebsRootCA.crt18
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rwxr-xr-xkrebs/update-nixpkgs.sh2
-rw-r--r--lass/1systems/daedalus/config.nix1
-rw-r--r--lass/1systems/green/config.nix97
-rw-r--r--lass/1systems/green/physical.nix2
-rw-r--r--lass/1systems/green/source.nix6
-rw-r--r--lass/1systems/prism/config.nix20
-rw-r--r--lass/1systems/prism/physical.nix18
-rw-r--r--lass/1systems/shodan/config.nix10
-rw-r--r--lass/1systems/shodan/physical.nix6
-rw-r--r--lass/1systems/yellow/config.nix32
-rw-r--r--lass/2configs/IM.nix2
-rw-r--r--lass/2configs/alacritty.nix13
-rw-r--r--lass/2configs/atuin-server.nix38
-rw-r--r--lass/2configs/baseX.nix69
-rw-r--r--lass/2configs/blue-host.nix2
-rw-r--r--lass/2configs/consul.nix43
-rw-r--r--lass/2configs/default.nix2
-rw-r--r--lass/2configs/et-server.nix7
-rw-r--r--lass/2configs/green-host.nix27
-rw-r--r--lass/2configs/libvirt.nix2
-rw-r--r--lass/2configs/mumble-reminder.nix107
-rw-r--r--lass/2configs/pipewire.nix2
-rw-r--r--lass/2configs/radio/default.nix250
-rw-r--r--lass/2configs/radio/news.nix3
-rw-r--r--lass/2configs/radio/radio.liq112
-rw-r--r--lass/2configs/radio/shell.nix7
-rw-r--r--lass/2configs/radio/weather.nix6
-rw-r--r--lass/2configs/radio/weather_for_ips.py5
-rw-r--r--lass/2configs/red-host.nix167
-rw-r--r--lass/2configs/websites/util.nix2
-rw-r--r--lass/2configs/weechat.nix221
-rw-r--r--lass/2configs/xmonad.nix14
-rw-r--r--lass/2configs/zsh.nix52
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/drbd.nix35
-rw-r--r--lass/3modules/sync-containers3.nix313
-rw-r--r--lass/5pkgs/drbd9/default.nix35
-rw-r--r--lass/5pkgs/sxiv/default.nix27
-rw-r--r--lass/5pkgs/weechat-matrix/default.nix80
-rw-r--r--lib/default.nix10
-rw-r--r--lib/types.nix24
m---------submodules/nix-writers0
-rw-r--r--tv/1systems/alnus/config.nix3
l---------tv/1systems/alnus/lib1
l---------tv/1systems/au/lib1
-rw-r--r--tv/1systems/bu/config.nix6
l---------tv/1systems/bu/lib1
l---------tv/1systems/lib1
-rw-r--r--tv/1systems/mu/config.nix3
l---------tv/1systems/mu/lib1
-rw-r--r--tv/1systems/nomic/config.nix3
l---------tv/1systems/nomic/lib1
-rw-r--r--tv/1systems/querel/config.nix3
l---------tv/1systems/querel/lib1
-rw-r--r--tv/1systems/wu/config.nix3
l---------tv/1systems/wu/lib1
-rw-r--r--tv/1systems/xu/config.nix4
l---------tv/1systems/xu/lib1
-rw-r--r--tv/1systems/zu/config.nix3
-rw-r--r--tv/2configs/backup.nix5
-rw-r--r--tv/2configs/bash/default.nix23
l---------tv/2configs/bash/lib1
-rw-r--r--tv/2configs/binary-cache/default.nix2
l---------tv/2configs/binary-cache/lib1
-rw-r--r--tv/2configs/br.nix2
-rw-r--r--tv/2configs/default.nix20
-rw-r--r--tv/2configs/exim-retiolum.nix7
-rw-r--r--tv/2configs/exim-smarthost.nix7
-rw-r--r--tv/2configs/gitconfig.nix7
-rw-r--r--tv/2configs/gitrepos.nix9
-rw-r--r--tv/2configs/htop.nix7
-rw-r--r--tv/2configs/hw/AO753.nix7
l---------tv/2configs/hw/lib1
-rw-r--r--tv/2configs/hw/w110er.nix5
-rw-r--r--tv/2configs/hw/x220.nix13
-rw-r--r--tv/2configs/imgur.nix7
l---------tv/2configs/lib1
-rw-r--r--tv/2configs/nginx/default.nix7
-rw-r--r--tv/2configs/nginx/krebs-pages.nix13
l---------tv/2configs/nginx/lib1
-rw-r--r--tv/2configs/nginx/public_html.nix7
-rw-r--r--tv/2configs/pki/default.nix2
l---------tv/2configs/pki/lib1
-rw-r--r--tv/2configs/ppp.nix2
-rw-r--r--tv/2configs/pulse.nix6
l---------tv/2configs/repo-sync/lib1
-rw-r--r--tv/2configs/repo-sync/wiki.nix5
-rw-r--r--tv/2configs/retiolum.nix7
-rw-r--r--tv/2configs/ssh.nix7
-rw-r--r--tv/2configs/sshd.nix2
-rw-r--r--tv/2configs/urlwatch.nix2
-rw-r--r--tv/2configs/vim.nix9
-rw-r--r--tv/2configs/xdg.nix7
-rw-r--r--tv/2configs/xp-332.nix2
-rw-r--r--tv/2configs/xserver/Xmodmap.nix2
-rw-r--r--tv/2configs/xserver/default.nix5
l---------tv/2configs/xserver/lib1
-rw-r--r--tv/2configs/xserver/sxiv.nix2
-rw-r--r--tv/2configs/xserver/urxvt.nix2
-rw-r--r--tv/2configs/xserver/xserver.conf.nix5
-rw-r--r--tv/3modules/Xresources.nix2
-rw-r--r--tv/3modules/charybdis/config.nix2
-rw-r--r--tv/3modules/charybdis/default.nix3
l---------tv/3modules/charybdis/lib1
-rw-r--r--tv/3modules/dnsmasq.nix2
-rw-r--r--tv/3modules/ejabberd/default.nix4
l---------tv/3modules/ejabberd/lib1
-rw-r--r--tv/3modules/focus.nix2
-rw-r--r--tv/3modules/hosts.nix7
-rw-r--r--tv/3modules/hw.nix2
-rw-r--r--tv/3modules/im.nix2
-rw-r--r--tv/3modules/iptables.nix6
l---------tv/3modules/lib1
-rw-r--r--tv/3modules/org.freedesktop.machine1.host-shell.nix3
-rw-r--r--tv/3modules/slock.nix2
-rw-r--r--tv/3modules/x0vncserver.nix4
-rw-r--r--tv/5pkgs/default.nix9
-rw-r--r--tv/5pkgs/haskell/default.nix2
l---------tv/5pkgs/haskell/lib1
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/default.nix8
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/Build.hs24
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs113
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/main.hs53
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal5
l---------tv/5pkgs/lib1
-rw-r--r--tv/5pkgs/override/default.nix2
-rw-r--r--tv/5pkgs/override/fzf/complete1.patch90
-rw-r--r--tv/5pkgs/override/fzf/default.nix8
l---------tv/5pkgs/override/lib1
-rw-r--r--tv/5pkgs/rpi/default.nix4
l---------tv/5pkgs/rpi/lib1
-rw-r--r--tv/5pkgs/simple/alacritty-font-size.nix67
-rw-r--r--tv/5pkgs/simple/alacritty-tv.nix93
-rw-r--r--tv/5pkgs/simple/bash-fzf-history.nix2
-rw-r--r--tv/5pkgs/simple/default.nix2
-rw-r--r--tv/5pkgs/simple/imagescan-plugin-networkscan.nix2
l---------tv/5pkgs/simple/lib1
-rw-r--r--tv/5pkgs/simple/pinentry-urxvt/default.nix78
l---------tv/5pkgs/simple/pinentry-urxvt/lib1
-rw-r--r--tv/5pkgs/simple/q/default.nix4
l---------tv/5pkgs/simple/q/lib1
-rw-r--r--tv/5pkgs/vim/default.nix6
-rw-r--r--tv/5pkgs/vim/hack.nix4
l---------tv/5pkgs/vim/lib1
-rw-r--r--tv/5pkgs/vim/nix.nix4
-rw-r--r--tv/5pkgs/vim/showsyntax.nix2
-rw-r--r--tv/5pkgs/vim/tv.nix2
-rw-r--r--tv/5pkgs/vim/vim.nix4
l---------tv/lib1
357 files changed, 3334 insertions, 6638 deletions
diff --git a/.gitmodules b/.gitmodules
index 7ecb497ea..5825f86da 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,12 +1,9 @@
[submodule "submodules/nix-writers"]
path = submodules/nix-writers
- url = http://cgit.krebsco.de/nix-writers
+ url = https://cgit.krebsco.de/nix-writers
[submodule "submodules/krops"]
path = submodules/krops
url = https://cgit.krebsco.de/krops
[submodule "lass/5pkgs/autowifi"]
path = lass/5pkgs/autowifi
url = https://github.com/Lassulus/autowifi
-[submodule "jeschli/2configs/elisp"]
- path = jeschli/2configs/elisp
- url = https://github.com/Jeschli/misc-elisp-scripts.git
diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix
deleted file mode 100644
index 49b814793..000000000
--- a/jeschli/1systems/bolide/config.nix
+++ /dev/null
@@ -1,125 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, lib, ... }:
-let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in
-{
- imports =
- [
- ./hardware-configuration.nix
- <stockholm/jeschli>
- <stockholm/jeschli/2configs/urxvt.nix>
- <stockholm/jeschli/2configs/i3.nix>
- <stockholm/jeschli/2configs/emacs.nix>
- <stockholm/jeschli/2configs/rust.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.bolide;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # boot.loader.grub.efiSupport = true;
- # boot.loader.grub.efiInstallAsRemovable = true;
- # boot.loader.efi.efiSysMountPoint = "/boot/efi";
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only
- boot.initrd.luks.devices = [ {
- name = "bla";
- device = "/dev/disk/by-uuid/53f1eeaf-a7ac-456c-a2af-778dd8b8d5b0";
- preLVM = true;
- allowDiscards = true;
- } ];
-# networking.hostName = "bolide"; # Define your hostname.
-# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
- networking.networkmanager.enable = true;
- networking.enableB43Firmware = true; #new
-
- # Select internationalisation properties.
- # i18n = {
- # consoleFont = "Lat2-Terminus16";
- # consoleKeyMap = "us";
- # defaultLocale = "en_US.UTF-8";
- # };
-
- # Set your time zone.
- # time.timeZone = "Europe/Amsterdam";
-
- # List packages installed in system profile. To search by name, run:
- # $ nix-env -qaP | grep wget
- environment.shellAliases = {
- n = "nix-shell";
- stocki = pkgs.writeDash "deploy" ''
- cd ~/stockholm
- exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bolide"'
- '';
- };
- nixpkgs.config.allowUnfree = true;
- environment.systemPackages = with pkgs; [
- rofi
- wget vim
- # system helper
- ag
- curl
- copyq
- dmenu
- git
- i3lock
- keepass
- networkmanagerapplet
- rsync
- terminator
- tmux
- wget
- # rxvt_unicode
- # editors
- emacs
- # internet
- thunderbird
- chromium
- google-chrome
- # programming languages
- vscode
- go
- gcc9
- ccls
- unstable.clang_8
- ghc
- python37
- python37Packages.pip
- # go tools
- golint
- gotools
- # dev tools
- elmPackages.elm
- gnumake
- jetbrains.pycharm-professional
- jetbrains.webstorm
- jetbrains.goland
- # document viewer
- zathura
- ];
-
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- services.xserver.videoDrivers = [ "nvidia" ];
-
-users.extraUsers.jeschli = {
- isNormalUser = true;
- extraGroups = ["docker" "vboxusers" "audio"];
- uid = 1000;
- };
-
- hardware.pulseaudio.enable = true;
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "17.09"; # Did you read the comment?
-
-}
-
diff --git a/jeschli/1systems/bolide/hardware-configuration.nix b/jeschli/1systems/bolide/hardware-configuration.nix
deleted file mode 100644
index 042b746ef..000000000
--- a/jeschli/1systems/bolide/hardware-configuration.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
- boot.kernelModules = [ "kvm-intel" "wl" ];
- boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
-
- fileSystems."/" =
- { device = "/dev/bolide-pool/bolide-root";
- fsType = "ext4";
- };
-
- fileSystems."/home" =
- { device = "/dev/bolide-pool/bolide-home";
- fsType = "ext4";
- };
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/3aeb67c4-5b6e-4df2-8013-607fe0fb8525";
- fsType = "ext4";
- };
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 8;
- powerManagement.cpuFreqGovernor = "powersave";
- hardware.pulseaudio.enable = true;
-}
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
deleted file mode 100644
index 860c5d11c..000000000
--- a/jeschli/1systems/brauerei/config.nix
+++ /dev/null
@@ -1,200 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
- mainUser = config.krebs.build.user.name;
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in
-{
- imports = [
- <stockholm/jeschli>
- ./hardware-configuration.nix
- <home-manager/nixos>
- <stockholm/jeschli/2configs/emacs.nix>
- <stockholm/jeschli/2configs/urxvt.nix>
- <stockholm/jeschli/2configs/steam.nix>
- <stockholm/jeschli/2configs/virtualbox.nix>
- ];
- krebs.build.host = config.krebs.hosts.brauerei;
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
- # or "nodev" for efi only
- boot.initrd.luks.devices = [ {
- name = "root";
- device = "/dev/sda2";
- preLVM = true;
- allowDiscards = true;
- } ];
- networking.networkmanager.enable = true;
- time.timeZone = "Europe/Amsterdam";
-
- nixpkgs.config.allowUnfree = true;
-
- environment.shellAliases = {
- # emacs aliases
- ed = "emacsclient";
- edc = "emacsclient --create-frame";
- # nix aliases
- ns = "nix-shell";
- # krops
- deploy = pkgs.writeDash "deploy" ''
- set -eu
- export SYSTEM="$1"
- $(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
- '';
- };
-
- environment.systemPackages = with pkgs; [
- # system helper
- acpi
- ag
- copyq
- curl
- dmenu
- aspell
- ispell
- rofi
- xdotool
- git
- gnupg
- i3lock
- keepass
- networkmanagerapplet
- pavucontrol
- rsync
- terminator
- tmux
- wget
- # editors
- emacs
- # internet
- chromium
- firefox
- google-chrome
- thunderbird
- # programming languages
- elixir
- elmPackages.elm
- exercism
- gcc9
- ccls
- unstable.clang_8
- ghc
- go
- python37
- python37Packages.pip
- pipenv
- # dev tools
- gnumake
- jetbrains.clion
- jetbrains.goland
- jetbrains.pycharm-professional
- jetbrains.webstorm
- vscode
- # document viewer
- evince
- zathura
- # go tools
- golint
- gotools
- # rust
- cargo
- rustracer
- rustup
- # orga tools
- taskwarrior
- # xorg
- xorg.xbacklight
- # tokei
- tokei
- ];
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.bash.enableCompletion = true;
- # programs.mtr.enable = true;
- programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
-
-# home-manager.useUserPackages = true;
-# home-manager.users.jeschli = {
-# home.stateVersion = "19.03";
-# };
-# home-manager.enable = true;
-
-# home-manager.users.jeschli.home.file = {
-# ".emacs.d" = {
-# source = pkgs.fetchFromGitHub {
-# owner = "jeschli";
-# repo = "emacs.d";
-# rev = "8ed6c40";
-# sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0";
-# };
-# recursive = true;
-# };
-# };
-
- # List services that you want to enable:
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-# services.emacs.enable = true;
-
- virtualisation.docker.enable = true;
-
- services.xserver = {
- enable = true;
-
- desktopManager = {
- xfce.enable = true;
- gnome3.enable = true;
- };
-
- };
-
- services.xserver.windowManager.i3.enable = true;
-
- users.extraUsers.jeschli = { # TODO: define as krebs.users
- isNormalUser = true;
- extraGroups = ["docker" "vboxusers" "audio"];
- uid = 1000;
- };
- users.extraUsers.blafoo = {
- isNormalUser = true;
- extraGroups = ["audio"];
- uid = 1002;
- };
- users.extraUsers.jamie = {
- isNormalUser = true;
- uid = 1001; # TODO genid
- };
- users.users.dev = {
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
- "ssh-rsa AAAAB4NzaC1yc2EAAAADAQABAAACAQC1x9+OtNfwv6LxblnLHeBElxoxLfaYUyvqMrBgnrlkaPjylPv711bvPslnt+YgdPsZQLCoQ2t5f0x0j7ZOMYE9eyRrnr67ITO+Od05u3eCypWOZulekkDL0ZDeYdvoZKOWnbKWnQVRfYuLOEL/g5/9E7MLtIdID8e98b/qHzs/+wmuuDR3zHCNic0BKixgET/EgFvLWezWxJ6D/TTv/5sDAfrC+RUN8ad14sxjKIkS3nkAlm8bhrCxQKaHLUcCJWiweW0gPWYSlp64VHS5lchvqCJlPYQdx0XbwolvlLYru0w74ljLbi3eL35GFFyHSeEjQ73EtVwo53uVKTy7SAORU7JNg6xL9H3ChOLOknN9oHs1K7t/maMsATle0HAFcTuaOhELUmHM8dCJh3nPVWIkzHQ4o3fyaogrpt7/V5j6R1/Ozn7P9n4OdqrjiaWqHlz/XHeYNNWte+a0EW+NubC83yS0Cu3uhZ36C3RET2vNM25CyYOBn4ccClAozayQIb6Cif0tCafMRPgkSlogQd8+SqNZpTnmtllIT3VnT5smgrufy6HETDkrHjApDrsqLtMCFY83RFwt4QLv/L93O7IsGifzmEfD9qD7YBSMNs8ihBIUXPk9doHXvYS506YroxWOxe/C0rzzbaogxQT6JMd1ozfXitRD9v7iBIFAT4Kzjw== christopher.kilian@dcso.de"
- ];
- };
-
-
- users.users.root.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
- ];
-
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "17.09"; # Did you read the comment?
-
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
-}
diff --git a/jeschli/1systems/brauerei/hardware-configuration.nix b/jeschli/1systems/brauerei/hardware-configuration.nix
deleted file mode 100644
index 2cb3e6661..000000000
--- a/jeschli/1systems/brauerei/hardware-configuration.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/e264fc21-45bb-4224-93fc-b0e19c2c3478";
- fsType = "ext4";
- };
-
- fileSystems."/home" =
- { device = "/dev/disk/by-uuid/bd0846ce-7d39-4329-bcb4-7c76becd6ab1";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/42BF-0795";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- hardware.pulseaudio.enable = true;
- nix.maxJobs = lib.mkDefault 4;
-}
diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix
deleted file mode 100644
index 86d21f7d3..000000000
--- a/jeschli/1systems/enklave/config.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/jeschli>
- <stockholm/jeschli/2configs/retiolum.nix>
- <stockholm/jeschli/2configs/IM.nix>
- <stockholm/jeschli/2configs/git.nix>
- <stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix>
- {
- networking.dhcpcd.allowInterfaces = [
- "enp*"
- "eth*"
- "ens*"
- ];
- }
- {
- services.openssh.enable = true;
- }
- {
- sound.enable = false;
- }
- {
- users.extraUsers = {
- root.initialPassword = "pfeife123";
- root.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
- ];
- jeschli = {
- name = "jeschli";
- uid = 1000;
- home = "/home/jeschli";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- ];
- openssh.authorizedKeys.keys = [
-"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
- ];
- };
- };
- }
- {
- services.taskserver = {
- enable = true;
- fqdn = "enklave.r";
- listenHost = "::";
- listenPort = 53589;
- organisations.lass.users = [ "jeschli" ];
- };
- networking.firewall.allowedTCPPorts = [ 53589 8001 ];
- }
- ];
-
- krebs.build.host = config.krebs.hosts.enklave;
-}
diff --git a/jeschli/1systems/enklave/taskserver.nix b/jeschli/1systems/enklave/taskserver.nix
deleted file mode 100644
index 23b235d70..000000000
--- a/jeschli/1systems/enklave/taskserver.nix
+++ /dev/null
@@ -1,10 +0,0 @@
- {
- services.taskserver = {
- enable = true;
- fqdn = "enklave.r";
- listenHost = "::";
- listenPort = 53589;
- organisations.lass.users = [ "jeschli" ];
- };
- networking.firewall.allowedTCPPorts = [ 53589 ];
- }
diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix
deleted file mode 100644
index dec69563f..000000000
--- a/jeschli/1systems/reagenzglas/config.nix
+++ /dev/null
@@ -1,91 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports =
- [
- <stockholm/jeschli>
- <stockholm/jeschli/2configs/emacs.nix>
- <stockholm/jeschli/2configs/firefox.nix>
- <stockholm/jeschli/2configs/rust.nix>
- <stockholm/jeschli/2configs/steam.nix>
- <stockholm/jeschli/2configs/python.nix>
- ./desktop.nix
- ./i3-configuration.nix
- ./hardware-configuration.nix
- ];
-
- # EFI systemd boot loader
- boot.loader.systemd-boot.enable = true;
-
- # Wireless network with network manager
- krebs.build.host = config.krebs.hosts.reagenzglas;
- # networking.hostName = "nixos"; # Define your hostname.
- networking.networkmanager.enable = true;
-
- # Allow unfree
- nixpkgs.config.allowUnfree = true;
-
- # Select internationalisation properties.
- i18n = {
- consoleKeyMap = "us";
- defaultLocale = "en_US.UTF-8";
- };
-
- # Set your time zone.
- time.timeZone = "Europe/Berlin";
-
- # List packages installed in system profile. To search, run:
- # $ nix search wget
- environment.systemPackages = with pkgs; [
- ag
- alacritty
- google-chrome
- chromium
- copyq
- direnv
- go
- git
- gitAndTools.hub
- sbcl
- rofi
- vim
- wget
- ];
-
- users.users.ombi = {
- isNormalUser = true;
- extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
- };
-
- users.users.jeschli = {
- isNormalUser = true;
- extraGroups = [ "audio" ];
- };
-
-# services.xserver.synaptics.enable = true;
- services.xserver.libinput.enable = true;
- services.xserver.libinput.disableWhileTyping = true;
-
- hardware.pulseaudio.enable = true;
-
- #Enable ssh daemon
- services.openssh.enable = true;
-
- #Enable clight
- services.clight.enable = true;
- services.geoclue2.enable = true;
- location.provider = "geoclue2";
-
- users.users.root.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM1xtX/SF2IzfAIzrXvH4HsW05eTBX8U8MYlEPadq0DS/nHC45hW2PSEUOVsH0UhBRAB+yClVLyN+JAYsuOoQacQqAVq9R7HAoFITdYTMJCxVs4urSRv0pWwTopRIh1rlI+Q0QfdMoeVtO2ZKG3KoRM+APDy2dsX8LTtWjXmh/ZCtpGl1O8TZtz2ZyXyv9OVDPnQiFwPU3Jqs2Z036c+kwxWlxYc55FRuqwRtQ48c/ilPMu+ZvQ22j1Ch8lNuliyAg1b8pZdOkMJF3R8b46IQ8FEqkr3L1YQygYw2M50B629FPgHgeGPMz3mVd+5lzP+okbhPJjMrUqZAUwbMGwGzZ ombi@nixos"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFXgtbgeivxlMKkoEJ4ANhtR+LRMSPrsmL4U5grFUME jeschli@nixos"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG7C3bgoL9VeVl8pgu8sp3PCOs6TXk4R9y7JKJAHGsfm root@baeckerei"
- ];
-
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "19.03"; # Did you read the comment?
-
-}
diff --git a/jeschli/1systems/reagenzglas/desktop.nix b/jeschli/1systems/reagenzglas/desktop.nix
deleted file mode 100644
index 88eae086f..000000000
--- a/jeschli/1systems/reagenzglas/desktop.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-# Configuration for the desktop environment
-
-{ config, lib, pkgs, ... }:
-{
- # Configure basic X-server stuff:
- services.xserver = {
- enable = true;
- xkbOptions = "caps:super";
- exportConfiguration = true;
-
- displayManager.lightdm.enable = true;
- };
-
- # Configure fonts
- fonts = {
- fonts = with pkgs; [
- corefonts
- font-awesome-ttf
- noto-fonts-cjk
- noto-fonts-emoji
- powerline-fonts
- helvetica-neue-lt-std
- ];
- };
-}
diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix
deleted file mode 100644
index 55f5532d6..000000000
--- a/jeschli/1systems/reagenzglas/hardware-configuration.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/nvme0n1p8";
- preLVM = true;
- }
- ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/4d01936e-c876-42c3-962a-d4a20ad0e2e0";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/D455-E4CC";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 8;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/jeschli/1systems/reagenzglas/i3-configuration.nix b/jeschli/1systems/reagenzglas/i3-configuration.nix
deleted file mode 100644
index 88f63426d..000000000
--- a/jeschli/1systems/reagenzglas/i3-configuration.nix
+++ /dev/null
@@ -1,181 +0,0 @@
-{pkgs, environment, config, lib, ... }:
-
-with pkgs;
-
-let
- i3_config_file = pkgs.writeText "config" ''
- set $mod Mod4
-
- font pango:monospace 8
-
- #font pango:DejaVu Sans Mono 8
-
- # Before i3 v4.8, we used to recommend this one as the default:
- # font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
- # The font above is very space-efficient, that is, it looks good, sharp and
- # clear in small sizes. However, its unicode glyph coverage is limited, the old
- # X core fonts rendering does not support right-to-left and this being a bitmap
- # font, it doesn’t scale on retina/hidpi displays.
-
- # Use Mouse+$mod to drag floating windows to their wanted position
- floating_modifier $mod
-
- # start a terminal
- bindsym $mod+Return exec alacritty
-
- # kill focused window
- bindsym $mod+Shift+q kill
-
- # start dmenu (a program launcher)
- # bindsym $mod+d exec dmenu_run
-
- # start dmenu (a program launcher)
- bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run
-
- bindsym $mod+x exec ${pkgs.rofi}/bin/rofi -modi window -show window -auto-select
-
- bindsym $mod+F1 exec xinput --list | grep Touchpad | sed 's/.*id=\([0-9][0-9]\).*/\1/' | xargs xinput disable
- bindsym $mod+F2 exec xinput --list | grep Touchpad | sed 's/.*id=\([0-9][0-9]\).*/\1/' | xargs xinput enable
-
- # There also is the (new) i3-dmenu-desktop which only displays applications
- # shipping a .desktop file. It is a wrapper around dmenu, so you need that
- # installed.
- # bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
-
- # change focus
- bindsym $mod+j focus left
- bindsym $mod+k focus down
- bindsym $mod+l focus up
- bindsym $mod+semicolon focus right
-
- # alternatively, you can use the cursor keys:
- bindsym $mod+Left focus left
- bindsym $mod+Down focus down
- bindsym $mod+Up focus up
- bindsym $mod+Right focus right
-
- # move focused window
- bindsym $mod+Shift+j move left
- bindsym $mod+Shift+k move down
- bindsym $mod+Shift+l move up
- bindsym $mod+Shift+colon move right
-
- # alternatively, you can use the cursor keys:
- bindsym $mod+Shift+Left move left
- bindsym $mod+Shift+Down move down
- bindsym $mod+Shift+Up move up
- bindsym $mod+Shift+Right move right
-
- # split in horizontal orientation
- bindsym $mod+h split h
-
- # split in vertical orientation
- bindsym $mod+v split v
-
- # enter fullscreen mode for the focused container
- bindsym $mod+f fullscreen toggle
-
- # change container layout (stacked, tabbed, toggle split)
- bindsym $mod+s layout stacking
- bindsym $mod+w layout tabbed
- bindsym $mod+e layout toggle split
-
- # toggle tiling / floating
- bindsym $mod+Shift+space floating toggle
-
- # change focus between tiling / floating windows
- bindsym $mod+space focus mode_toggle
-
- # focus the parent container
- bindsym $mod+a focus parent
-
- # focus the child container
- #bindsym $mod+d focus child
-
- # Define names for default workspaces for which we configure key bindings later on.
- # We use variables to avoid repeating the names in multiple places.
- set $ws1 "1"
- set $ws2 "2"
- set $ws3 "3"
- set $ws4 "4"
- set $ws5 "5"
- set $ws6 "6"
- set $ws7 "7"
- set $ws8 "8"
- set $ws9 "9"
- set $ws10 "10"
-
- # switch to workspace
- bindsym $mod+1 workspace $ws1
- bindsym $mod+2 workspace $ws2
- bindsym $mod+3 workspace $ws3
- bindsym $mod+4 workspace $ws4
- bindsym $mod+5 workspace $ws5
- bindsym $mod+6 workspace $ws6
- bindsym $mod+7 workspace $ws7
- bindsym $mod+8 workspace $ws8
- bindsym $mod+9 workspace $ws9
- bindsym $mod+0 workspace $ws10
-
- # move focused container to workspace
- bindsym $mod+Shift+1 move container to workspace $ws1
- bindsym $mod+Shift+2 move container to workspace $ws2
- bindsym $mod+Shift+3 move container to workspace $ws3
- bindsym $mod+Shift+4 move container to workspace $ws4
- bindsym $mod+Shift+5 move container to workspace $ws5
- bindsym $mod+Shift+6 move container to workspace $ws6
- bindsym $mod+Shift+7 move container to workspace $ws7
- bindsym $mod+Shift+8 move container to workspace $ws8
- bindsym $mod+Shift+9 move container to workspace $ws9
- bindsym $mod+Shift+0 move container to workspace $ws10
-
- # reload the configuration file
- bindsym $mod+Shift+c reload
- # restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
- bindsym $mod+Shift+r restart
- # exit i3 (logs you out of your X session)
- bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"
-
- # resize window (you can also use the mouse for that)
- mode "resize" {
- # These bindings trigger as soon as you enter the resize mode
-
- # Pressing left will shrink the window’s width.
- # Pressing right will grow the window’s width.
- # Pressing up will shrink the window’s height.
- # Pressing down will grow the window’s height.
- bindsym j resize shrink width 10 px or 10 ppt
- bindsym k resize grow height 10 px or 10 ppt
- bindsym l resize shrink height 10 px or 10 ppt
- bindsym semicolon resize grow width 10 px or 10 ppt
-
- # same bindings, but for the arrow keys
- bindsym Left resize shrink width 10 px or 10 ppt
- bindsym Down resize grow height 10 px or 10 ppt
- bindsym Up resize shrink height 10 px or 10 ppt
- bindsym Right resize grow width 10 px or 10 ppt
-
- # back to normal: Enter or Escape or $mod+r
- bindsym Return mode "default"
- bindsym Escape mode "default"
- bindsym $mod+r mode "default"
- }
-
- bindsym $mod+r mode "resize"
-
- # Start i3bar to display a workspace bar (plus the system information i3status
- # finds out, if available)
- bar {
- status_command i3status
- }
- '';
-
-in {
-
- services.xserver.windowManager.i3 = {
- enable = true;
- package = pkgs.i3;
- configFile = i3_config_file;
- };
-
-}
diff --git a/jeschli/2configs/IM.nix b/jeschli/2configs/IM.nix
deleted file mode 100644
index 2366726fb..000000000
--- a/jeschli/2configs/IM.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-with (import <stockholm/lib>);
-{ config, lib, pkgs, ... }:
-let
- tmux = pkgs.writeDashBin "tmux" ''
- export TERM=xterm-256color
- exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
- set-option -g default-terminal screen-256color
- ''} "$@"
- '';
-in {
-
- services.bitlbee = {
- enable = true;
- portNumber = 6666;
- plugins = [
- pkgs.bitlbee-facebook
- pkgs.bitlbee-steam
- pkgs.bitlbee-discord
- ];
- libpurple_plugins = [ pkgs.telegram-purple ];
- };
-
- users.extraUsers.chat = {
- home = "/home/chat";
- uid = genid "chat";
- useDefaultShell = true;
- createHome = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- jeschli.pubkey
- jeschli-bln.pubkey
- jeschli-brauerei.pubkey
- jeschli-bolide.pubkey
- ];
- packages = [ tmux ];
- };
-
-
- systemd.services.chat = {
- description = "chat environment setup";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- restartIfChanged = false;
-
- path = [
- pkgs.rxvt_unicode.terminfo
- ];
-
- serviceConfig = {
- User = "chat";
- RemainAfterExit = true;
- Type = "oneshot";
- ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
- ExecStop = "${tmux}/bin/tmux kill-session -t IM";
- };
- };
-}
diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix
deleted file mode 100644
index 8b61fa29c..000000000
--- a/jeschli/2configs/default.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
- imports = [
-# ./vim.nix
- ./retiolum.nix
- ./zsh.nix
- <stockholm/lass/2configs/security-workarounds.nix>
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- ];
-
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- gnumake
- jq
- parallel
- proot
- populate
-
- # aliases
- (writeDashBin "irc" "ssh chat@enklave -t tmux a")
-
- #style
- most
- rxvt_unicode.terminfo
-
- #monitoring tools
- htop
- iotop
-
- #network
- iptables
- iftop
-
- #stuff for dl
- aria2
-
- #neat utils
- file
- kpaste
- krebspaste
- mosh
- pciutils
- psmisc
- # q
- # rs
- tmux
- untilport
- usbutils
- # logify
- goify
- vim
- #unpack stuff
- p7zip
- unzip
- unrar
-
- (pkgs.writeDashBin "sshn" ''
- ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
- '')
- ];
-
- krebs.enable = true;
- networking.hostName = config.krebs.build.host.name;
-}
diff --git a/jeschli/2configs/elisp b/jeschli/2configs/elisp
deleted file mode 160000
-Subproject 279d6a01f5abbab5d28d3a57549b7fec800a510
diff --git a/jeschli/2configs/emacs-org-agenda.nix b/jeschli/2configs/emacs-org-agenda.nix
deleted file mode 100644
index 0420dc43d..000000000
--- a/jeschli/2configs/emacs-org-agenda.nix
+++ /dev/null
@@ -1,2025 +0,0 @@
-let
- modifiedBerndHansen = ''
-;; Based on http://doc.norang.ca/org-mode.html
-;; Organize your life in plain text
-;; TODO: minimize this section
-(if (boundp 'org-mode-user-lisp-path)
- (add-to-list 'load-path org-mode-user-lisp-path)
- (add-to-list 'load-path (expand-file-name "~/git/org-mode/lisp")))
-
-(add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode))
-(require 'org)
-
-(add-to-list 'org-modules 'org-habit)
-
-;;
-;; Standard key bindings
-(global-set-key "\C-cl" 'org-store-link)
-(global-set-key "\C-ca" 'org-agenda)
-(global-set-key "\C-cb" 'org-iswitchb)
-
-;; The following setting is different from the document so that you
-;; can override the document org-agenda-files by setting your
-;; org-agenda-files in the variable org-user-agenda-files
-;;
-;; (if (boundp 'org-user-agenda-files)
-;; (setq org-agenda-files org-user-agenda-files)
-;; (setq org-agenda-files (quote ("~/git/org"))))
-
-;; Custom Key Bindings
-(global-set-key (kbd "<f12>") 'org-agenda)
-(global-set-key (kbd "<S-f5>") 'bh/widen)
-(global-set-key (kbd "<f9> <f9>") 'bh/show-org-agenda)
-(global-set-key (kbd "<f9> b") 'bbdb)
-(global-set-key (kbd "<f9> c") 'calendar)
-(global-set-key (kbd "<f9> f") 'boxquote-insert-file)
-(global-set-key (kbd "<f9> g") 'gnus)
-(global-set-key (kbd "<f9> h") 'bh/hide-other)
-(global-set-key (kbd "<f9> n") 'bh/toggle-next-task-display)
-
-(global-set-key (kbd "<f9> I") 'bh/punch-in)
-(global-set-key (kbd "<f9> O") 'bh/punch-out)
-
-(global-set-key (kbd "<f9> o") 'bh/make-org-scratch)
-
-(global-set-key (kbd "<f9> r") 'boxquote-region)
-(global-set-key (kbd "<f9> s") 'bh/switch-to-scratch)
-
-(global-set-key (kbd "<f9> t") 'bh/insert-inactive-timestamp)
-(global-set-key (kbd "<f9> T") 'bh/toggle-insert-inactive-timestamp)
-
-(global-set-key (kbd "<f9> v") 'visible-mode)
-(global-set-key (kbd "<f9> l") 'org-toggle-link-display)
-(global-set-key (kbd "<f9> SPC") 'bh/clock-in-last-task)
-(global-set-key (kbd "C-<f9>") 'previous-buffer)
-(global-set-key (kbd "M-<f9>") 'org-toggle-inline-images)
-(global-set-key (kbd "C-x n r") 'narrow-to-region)
-(global-set-key (kbd "C-<f10>") 'next-buffer)
-(global-set-key (kbd "<f11>") 'org-clock-goto)
-(global-set-key (kbd "C-<f11>") 'org-clock-in)
-(global-set-key (kbd "C-s-<f12>") 'bh/save-then-publish)
-(global-set-key (kbd "C-c c") 'org-capture)
-
-(defun bh/hide-other ()
- (interactive)
- (save-excursion
- (org-back-to-heading 'invisible-ok)
- (hide-other)
- (org-cycle)
- (org-cycle)
- (org-cycle)))
-
-(defun bh/set-truncate-lines ()
- "Toggle value of truncate-lines and refresh window display."
- (interactive)
- (setq truncate-lines (not truncate-lines))
- ;; now refresh window display (an idiom from simple.el):
- (save-excursion
- (set-window-start (selected-window)
- (window-start (selected-window)))))
-
-(defun bh/make-org-scratch ()
- (interactive)
- (find-file "/tmp/publish/scratch.org")
- (gnus-make-directory "/tmp/publish"))
-
-(defun bh/switch-to-scratch ()
- (interactive)
- (switch-to-buffer "*scratch*"))
-
-(setq org-todo-keywords
- (quote ((sequence "TODO(t)" "NEXT(n)" "|" "DONE(d)")
- (sequence "WAITING(w@/!)" "HOLD(h@/!)" "|" "CANCELLED(c@/!)" "PHONE" "MEETING"))))
-
-(setq org-todo-keyword-faces
- (quote (("TODO" :foreground "red" :weight bold)
- ("NEXT" :foreground "blue" :weight bold)
- ("DONE" :foreground "forest green" :weight bold)
- ("WAITING" :foreground "orange" :weight bold)
- ("HOLD" :foreground "magenta" :weight bold)
- ("CANCELLED" :foreground "forest green" :weight bold)
- ("MEETING" :foreground "forest green" :weight bold)
- ("PHONE" :foreground "forest green" :weight bold))))
-
-(setq org-use-fast-todo-selection t)
-
-(setq org-treat-S-cursor-todo-selection-as-state-change nil)
-
-(setq org-todo-state-tags-triggers
- (quote (("CANCELLED" ("CANCELLED" . t))
- ("WAITING" ("WAITING" . t))
- ("HOLD" ("WAITING") ("HOLD" . t))
- (done ("WAITING") ("HOLD"))
- ("TODO" ("WAITING") ("CANCELLED") ("HOLD"))
- ("NEXT" ("WAITING") ("CANCELLED") ("HOLD"))
- ("DONE" ("WAITING") ("CANCELLED") ("HOLD")))))
-
-(setq org-directory "~/projects/notes_privat")
-(setq org-default-notes-file "~/projects/notes_privat/refile.org")
-
-;; I use C-c c to start capture mode
-(global-set-key (kbd "C-c c") 'org-capture)
-
-;; Capture templates for: TODO tasks, Notes, appointments, phone calls, meetings, and org-protocol
-(setq org-capture-templates
- (quote (("t" "todo" entry (file org-default-notes-file)
- "* TODO %?\n%U\n%a\n" :clock-in t :clock-resume t)
- ("r" "respond" entry (file org-default-notes-file)
- "* NEXT Respond to %:from on %:subject\nSCHEDULED: %t\n%U\n%a\n" :clock-in t :clock-resume t :immediate-finish t)
- ("n" "note" entry (file org-default-notes-file)
- "* %? :NOTE:\n%U\n%a\n" :clock-in t :clock-resume t)
- ("j" "Journal" entry (file+datetree "~/git/org/diary.org")
- "* %?\n%U\n" :clock-in t :clock-resume t)
- ("w" "org-protocol" entry (file org-default-notes-file)
- "* TODO Review %c\n%U\n" :immediate-finish t)
- ("m" "Meeting" entry (file org-default-notes-file)
- "* MEETING with %? :MEETING:\n%U" :clock-in t :clock-resume t)
- ("p" "Phone call" entry (file org-default-notes-file)
- "* PHONE %? :PHONE:\n%U" :clock-in t :clock-resume t)
- ("h" "Habit" entry (file org-default-notes-file)
- "* NEXT %?\n%U\n%a\nSCHEDULED: %(format-time-string \"%<<%Y-%m-%d %a .+1d/3d>>\")\n:PROPERTIES:\n:STYLE: habit\n:REPEAT_TO_STATE: NEXT\n:END:\n"))))
-
-;; Remove empty LOGBOOK drawers on clock out
-(defun bh/remove-empty-drawer-on-clock-out ()
- (interactive)
- (save-excursion
- (beginning-of-line 0)
- (org-remove-empty-drawer-at (point))))
-
-(add-hook 'org-clock-out-hook 'bh/remove-empty-drawer-on-clock-out 'append)
-
-; Targets include this file and any file contributing to the agenda - up to 9 levels deep
-(setq org-refile-targets (quote ((nil :maxlevel . 9)
- (org-agenda-files :maxlevel . 9))))
-
-; Use full outline paths for refile targets - we file directly with IDO
-(setq org-refile-use-outline-path t)
-
-; Targets complete directly with IDO
-(setq org-outline-path-complete-in-steps nil)
-
-; Allow refile to create parent tasks with confirmation
-(setq org-refile-allow-creating-parent-nodes (quote confirm))
-
-; Use IDO for both buffer and file completion and ido-everywhere to t
-; (setq org-completion-use-ido t)
-; (setq ido-everywhere t)
-; (setq ido-max-directory-size 100000)
-; (ido-mode (quote both))
-; ; Use the current window when visiting files and buffers with ido
-; (setq ido-default-file-method 'selected-window)
-; (setq ido-default-buffer-method 'selected-window)
-; ; Use the current window for indirect buffer display
-(setq org-indirect-buffer-display 'current-window)
-
-;;;; Refile settings
-; Exclude DONE state tasks from refile targets
-(defun bh/verify-refile-target ()
- "Exclude todo keywords with a done state from refile targets"
- (not (member (nth 2 (org-heading-components)) org-done-keywords)))
-
-(setq org-refile-target-verify-function 'bh/verify-refile-target)
-
-;; Do not dim blocked tasks
-(setq org-agenda-dim-blocked-tasks nil)
-
-;; Compact the block agenda view
-(setq org-agenda-compact-blocks t)
-
-;; Custom agenda command definitions
-(setq org-agenda-custom-commands
- (quote (("N" "Notes" tags "NOTE"
- ((org-agenda-overriding-header "Notes")
- (org-tags-match-list-sublevels t)))
- ("h" "Habits" tags-todo "STYLE=\"habit\""
- ((org-agenda-overriding-header "Habits")
- (org-agenda-sorting-strategy
- '(todo-state-down effort-up category-keep))))
- (" " "Agenda"
- ((agenda "" nil)
- (tags "REFILE"
- ((org-agenda-overriding-header "Tasks to Refile")
- (org-tags-match-list-sublevels nil)))
- (tags-todo "-CANCELLED/!"
- ((org-agenda-overriding-header "Stuck Projects")
- (org-agenda-skip-function 'bh/skip-non-stuck-projects)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "-HOLD-CANCELLED/!"
- ((org-agenda-overriding-header "Projects")
- (org-agenda-skip-function 'bh/skip-non-projects)
- (org-tags-match-list-sublevels 'indented)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "-CANCELLED/!NEXT"
- ((org-agenda-overriding-header (concat "Project Next Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks)
- (org-tags-match-list-sublevels t)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(todo-state-down effort-up category-keep))))
- (tags-todo "-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Project Subtasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Standalone Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "-CANCELLED+WAITING|HOLD/!"
- ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-tasks)
- (org-tags-match-list-sublevels nil)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)))
- (tags "-REFILE/"
- ((org-agenda-overriding-header "Tasks to Archive")
- (org-agenda-skip-function 'bh/skip-non-archivable-tasks)
- (org-tags-match-list-sublevels nil))))
- nil)
- ("1" "Agenda (@buero|@vpn|WORK)"
- ((agenda "" nil)
- (tags "REFILE"
- ((org-agenda-overriding-header "Tasks to Refile")
- (org-tags-match-list-sublevels nil)))
- (tags-todo "@buero|@vpn|WORK-CANCELLED/!"
- ((org-agenda-overriding-header "Stuck Projects")
- (org-agenda-skip-function 'bh/skip-non-stuck-projects)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@buero|@vpn|WORK-HOLD-CANCELLED/!"
- ((org-agenda-overriding-header "Projects")
- (org-agenda-skip-function 'bh/skip-non-projects)
- (org-tags-match-list-sublevels 'indented)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@buero|@vpn|WORK-CANCELLED/!NEXT"
- ((org-agenda-overriding-header (concat "Project Next Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks)
- (org-tags-match-list-sublevels t)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(todo-state-down effort-up category-keep))))
- (tags-todo "@buero|@vpn|WORK-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Project Subtasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@buero|@vpn|WORK-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Standalone Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@buero|@vpn|WORK-CANCELLED+WAITING|HOLD/!"
- ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-tasks)
- (org-tags-match-list-sublevels nil)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)))
- (tags "@buero|@vpn|WORK-REFILE/"
- ((org-agenda-overriding-header "Tasks to Archive")
- (org-agenda-skip-function 'bh/skip-non-archivable-tasks)
- (org-tags-match-list-sublevels nil))))
- nil)
- ("2" "Agenda (@inet|@home))"
- ((agenda "" nil)
- (tags "REFILE"
- ((org-agenda-overriding-header "Tasks to Refile")
- (org-tags-match-list-sublevels nil)))
- (tags-todo "@inet|@home-CANCELLED/!"
- ((org-agenda-overriding-header "Stuck Projects")
- (org-agenda-skip-function 'bh/skip-non-stuck-projects)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@inet|@home-HOLD-CANCELLED/!"
- ((org-agenda-overriding-header "Projects")
- (org-agenda-skip-function 'bh/skip-non-projects)
- (org-tags-match-list-sublevels 'indented)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@inet|@home-CANCELLED/!NEXT"
- ((org-agenda-overriding-header (concat "Project Next Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks)
- (org-tags-match-list-sublevels t)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(todo-state-down effort-up category-keep))))
- (tags-todo "@inet|@home-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Project Subtasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@inet|@home-REFILE-CANCELLED-WAITING-HOLD/!"
- ((org-agenda-overriding-header (concat "Standalone Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-project-tasks)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-sorting-strategy
- '(category-keep))))
- (tags-todo "@inet|@home-CANCELLED+WAITING|HOLD/!"
- ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks"
- (if bh/hide-scheduled-and-waiting-next-tasks
- ""
- " (including WAITING and SCHEDULED tasks)")))
- (org-agenda-skip-function 'bh/skip-non-tasks)
- (org-tags-match-list-sublevels nil)
- (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks)
- (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks)))
- (tags "@inet|@home-REFILE/"
- ((org-agenda-overriding-header "Tasks to Archive")
- (org-agenda-skip-function 'bh/skip-non-archivable-tasks)
- (org-tags-match-list-sublevels nil))))
- nil)
- )))
-
-(defun bh/org-auto-exclude-function (tag)
- "Automatic task exclusion in the agenda with / RET"
- (and (cond
- ((string= tag "hold")
- t)
- ((string= tag "farm")
- t))
- (concat "-" tag)))
-
-(setq org-agenda-auto-exclude-function 'bh/org-auto-exclude-function)
-
-;;
-;; Resume clocking task when emacs is restarted
-(org-clock-persistence-insinuate)
-;;
-;; Show lot of clocking history so it's easy to pick items off the C-F11 list
-(setq org-clock-history-length 23)
-;; Resume clocking task on clock-in if the clock is open
-(setq org-clock-in-resume t)
-;; Change tasks to NEXT when clocking in
-(setq org-clock-in-switch-to-state 'bh/clock-in-to-next)
-;; Separate drawers for clocking and logs
-(setq org-drawers (quote ("PROPERTIES" "LOGBOOK")))
-;; Save clock data and state changes and notes in the LOGBOOK drawer
-(setq org-clock-into-drawer t)
-;; Sometimes I change tasks I'm clocking quickly - this removes clocked tasks with 0:00 duration
-(setq org-clock-out-remove-zero-time-clocks t)
-;; Clock out when moving task to a done state
-(setq org-clock-out-when-done t)
-;; Save the running clock and all clock history when exiting Emacs, load it on startup
-(setq org-clock-persist t)
-;; Do not prompt to resume an active clock
-(setq org-clock-persist-query-resume nil)
-;; Enable auto clock resolution for finding open clocks
-(setq org-clock-auto-clock-resolution (quote when-no-clock-is-running))
-;; Include current clocking task in clock reports
-(setq org-clock-report-include-clocking-task t)
-
-(setq bh/keep-clock-running nil)
-
-(defun bh/clock-in-to-next (kw)
- "Switch a task from TODO to NEXT when clocking in.
-Skips capture tasks, projects, and subprojects.
-Switch projects and subprojects from NEXT back to TODO"
- (when (not (and (boundp 'org-capture-mode) org-capture-mode))
- (cond
- ((and (member (org-get-todo-state) (list "TODO"))
- (bh/is-task-p))
- "NEXT")
- ((and (member (org-get-todo-state) (list "NEXT"))
- (bh/is-project-p))
- "TODO"))))
-
-(defun bh/find-project-task ()
- "Move point to the parent (project) task if any"
- (save-restriction
- (widen)
- (let ((parent-task (save-excursion (org-back-to-heading 'invisible-ok) (point))))
- (while (org-up-heading-safe)
- (when (member (nth 2 (org-heading-components)) org-todo-keywords-1)
- (setq parent-task (point))))
- (goto-char parent-task)
- parent-task)))
-
-(defun bh/punch-in (arg)
- "Start continuous clocking and set the default task to the
-selected task. If no task is selected set the Organization task
-as the default task."
- (interactive "p")
- (setq bh/keep-clock-running t)
- (if (equal major-mode 'org-agenda-mode)
- ;;
- ;; We're in the agenda
- ;;
- (let* ((marker (org-get-at-bol 'org-hd-marker))
- (tags (org-with-point-at marker (org-get-tags-at))))
- (if (and (eq arg 4) tags)
- (org-agenda-clock-in '(16))
- (bh/clock-in-organization-task-as-default)))
- ;;
- ;; We are not in the agenda
- ;;
- (save-restriction
- (widen)
- ; Find the tags on the current task
- (if (and (equal major-mode 'org-mode) (not (org-before-first-heading-p)) (eq arg 4))
- (org-clock-in '(16))
- (bh/clock-in-organization-task-as-default)))))
-
-(defun bh/punch-out ()
- (interactive)
- (setq bh/keep-clock-running nil)
- (when (org-clock-is-active)
- (org-clock-out))
- (org-agenda-remove-restriction-lock))
-
-(defun bh/clock-in-default-task ()
- (save-excursion
- (org-with-point-at org-clock-default-task
- (org-clock-in))))
-
-(defun bh/clock-in-parent-task ()
- "Move point to the parent (project) task if any and clock in"
- (let ((parent-task))
- (save-excursion
- (save-restriction
- (widen)
- (while (and (not parent-task) (org-up-heading-safe))
- (when (member (nth 2 (org-heading-components)) org-todo-keywords-1)
- (setq parent-task (point))))
- (if parent-task
- (org-with-point-at parent-task
- (org-clock-in))
- (when bh/keep-clock-running
- (bh/clock-in-default-task)))))))
-
-(defvar bh/organization-task-id "eb155a82-92b2-4f25-a3c6-0304591af2f9")
-
-(defun bh/clock-in-organization-task-as-default ()
- (interactive)
- (org-with-point-at (org-id-find bh/organization-task-id 'marker)
- (org-clock-in '(16))))
-
-(defun bh/clock-out-maybe ()
- (when (and bh/keep-clock-running
- (not org-clock-clocking-in)
- (marker-buffer org-clock-default-task)
- (not org-clock-resolving-clocks-due-to-idleness))
- (bh/clock-in-parent-task)))
-
-(add-hook 'org-clock-out-hook 'bh/clock-out-maybe 'append)
-
-(require 'org-id)
-(defun bh/clock-in-task-by-id (id)
- "Clock in a task by id"
- (org-with-point-at (org-id-find id 'marker)
- (org-clock-in nil)))
-
-(defun bh/clock-in-last-task (arg)
- "Clock in the interrupted task if there is one
-Skip the default task and get the next one.
-A prefix arg forces clock in of the default task."
- (interactive "p")
- (let ((clock-in-to-task
- (cond
- ((eq arg 4) org-clock-default-task)
- ((and (org-clock-is-active)
- (equal org-clock-default-task (cadr org-clock-history)))
- (caddr org-clock-history))
- ((org-clock-is-active) (cadr org-clock-history))
- ((equal org-clock-default-task (car org-clock-history)) (cadr org-clock-history))
- (t (car org-clock-history)))))
- (widen)
- (org-with-point-at clock-in-to-task
- (org-clock-in nil))))
-
-(setq org-time-stamp-rounding-minutes (quote (1 1)))
-
-(setq org-agenda-clock-consistency-checks
- (quote (:max-duration "4:00"
- :min-duration 0
- :max-gap 0
- :gap-ok-around ("4:00"))))
-
-;; Sometimes I change tasks I'm clocking quickly - this removes clocked tasks with 0:00 duration
-(setq org-clock-out-remove-zero-time-clocks t)
-
-;; Agenda clock report parameters
-(setq org-agenda-clockreport-parameter-plist
- (quote (:link t :maxlevel 5 :fileskip0 t :compact t :narrow 80)))
-
-; Set default column view headings: Task Effort Clock_Summary
-(setq org-columns-default-format "%80ITEM(Task) %10Effort(Effort){:} %10CLOCKSUM")
-
-; global Effort estimate values
-; global STYLE property values for completion
-(setq org-global-properties (quote (("Effort_ALL" . "0:15 0:30 0:45 1:00 2:00 3:00 4:00 5:00 6:00 0:00")
- ("STYLE_ALL" . "habit"))))
-
-;; Agenda log mode items to display (closed and state changes by default)
-(setq org-agenda-log-mode-items (quote (closed state)))
-
-; Tags with fast selection keys
-(setq org-tag-alist (quote ((:startgroup)
- ("@errand" . ?E)
- ("@buero" . ?B)
- ("@omw" . ?O)
- ("@vpn" . ?V)
- ("@inet" . ?I)
- ("@home" . ?H)
- (:endgroup)
- ("WAITING" . ?w)
- ("HOLD" . ?h)
- ("PERSONAL" . ?p)
- ("WORK" . ?w)
- ("ORG" . ?o)
- ("crypt" . ?e)
- ("NOTE" . ?n)
- ("CANCELLED" . ?c)
- ("FLAGGED" . ??))))
-
-; Allow setting single tags without the menu
-(setq org-fast-tag-selection-single-key (quote expert))
-
-; For tag searches ignore tasks with scheduled and deadline dates
-(setq org-agenda-tags-todo-honor-ignore-options t)
-
-(require 'bbdb)
-(require 'bbdb-com)
-
-(global-set-key (kbd "<f9> p") 'bh/phone-call)
-
-;;
-;; Phone capture template handling with BBDB lookup
-;; Adapted from code by Gregory J. Grubbs
-(defun bh/phone-call ()
- "Return name and company info for caller from bbdb lookup"
- (interactive)
- (let* (name rec caller)
- (setq name (completing-read "Who is calling? "
- (bbdb-hashtable)
- 'bbdb-completion-predicate
- 'confirm))
- (when (> (length name) 0)
- ; Something was supplied - look it up in bbdb
- (setq rec
- (or (first
- (or (bbdb-search (bbdb-records) name nil nil)
- (bbdb-search (bbdb-records) nil name nil)))
- name)))
-
- ; Build the bbdb link if we have a bbdb record, otherwise just return the name
- (setq caller (cond ((and rec (vectorp rec))
- (let ((name (bbdb-record-name rec))
- (company (bbdb-record-company rec)))
- (concat "[[bbdb:"
- name "]["
- name "]]"
- (when company
- (concat " - " company)))))
- (rec)
- (t "NameOfCaller")))
- (insert caller)))
-
-(setq org-agenda-span 'day)
-
-(setq org-stuck-projects (quote ("" nil nil "")))
-
-(defun bh/is-project-p ()
- "Any task with a todo keyword subtask"
- (save-restriction
- (widen)
- (let ((has-subtask)
- (subtree-end (save-excursion (org-end-of-subtree t)))
- (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1)))
- (save-excursion
- (forward-line 1)
- (while (and (not has-subtask)
- (< (point) subtree-end)
- (re-search-forward "^\*+ " subtree-end t))
- (when (member (org-get-todo-state) org-todo-keywords-1)
- (setq has-subtask t))))
- (and is-a-task has-subtask))))
-
-(defun bh/is-project-subtree-p ()
- "Any task with a todo keyword that is in a project subtree.
-Callers of this function already widen the buffer view."
- (let ((task (save-excursion (org-back-to-heading 'invisible-ok)
- (point))))
- (save-excursion
- (bh/find-project-task)
- (if (equal (point) task)
- nil
- t))))
-
-(defun bh/is-task-p ()
- "Any task with a todo keyword and no subtask"
- (save-restriction
- (widen)
- (let ((has-subtask)
- (subtree-end (save-excursion (org-end-of-subtree t)))
- (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1)))
- (save-excursion
- (forward-line 1)
- (while (and (not has-subtask)
- (< (point) subtree-end)
- (re-search-forward "^\*+ " subtree-end t))
- (when (member (org-get-todo-state) org-todo-keywords-1)
- (setq has-subtask t))))
- (and is-a-task (not has-subtask)))))
-
-(defun bh/is-subproject-p ()
- "Any task which is a subtask of another project"
- (let ((is-subproject)
- (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1)))
- (save-excursion
- (while (and (not is-subproject) (org-up-heading-safe))
- (when (member (nth 2 (org-heading-components)) org-todo-keywords-1)
- (setq is-subproject t))))
- (and is-a-task is-subproject)))
-
-(defun bh/list-sublevels-for-projects-indented ()
- "Set org-tags-match-list-sublevels so when restricted to a subtree we list all subtasks.
- This is normally used by skipping functions where this variable is already local to the agenda."
- (if (marker-buffer org-agenda-restrict-begin)
- (setq org-tags-match-list-sublevels 'indented)
- (setq org-tags-match-list-sublevels nil))
- nil)
-
-(defun bh/list-sublevels-for-projects ()
- "Set org-tags-match-list-sublevels so when restricted to a subtree we list all subtasks.
- This is normally used by skipping functions where this variable is already local to the agenda."
- (if (marker-buffer org-agenda-restrict-begin)
- (setq org-tags-match-list-sublevels t)
- (setq org-tags-match-list-sublevels nil))
- nil)
-
-(defvar bh/hide-scheduled-and-waiting-next-tasks t)
-
-(defun bh/toggle-next-task-display ()
- (interactive)
- (setq bh/hide-scheduled-and-waiting-next-tasks (not bh/hide-scheduled-and-waiting-next-tasks))
- (when (equal major-mode 'org-agenda-mode)
- (org-agenda-redo))
- (message "%s WAITING and SCHEDULED NEXT Tasks" (if bh/hide-scheduled-and-waiting-next-tasks "Hide" "Show")))
-
-(defun bh/skip-stuck-projects ()
- "Skip trees that are not stuck projects"
- (save-restriction
- (widen)
- (let ((next-headline (save-excursion (or (outline-next-heading) (point-max)))))
- (if (bh/is-project-p)
- (let* ((subtree-end (save-excursion (org-end-of-subtree t)))
- (has-next ))
- (save-excursion
- (forward-line 1)
- (while (and (not has-next) (< (point) subtree-end) (re-search-forward "^\\*+ NEXT " subtree-end t))
- (unless (member "WAITING" (org-get-tags-at))
- (setq has-next t))))
- (if has-next
- nil
- next-headline)) ; a stuck project, has subtasks but no next task
- nil))))
-
-(defun bh/skip-non-stuck-projects ()
- "Skip trees that are not stuck projects"
- ;; (bh/list-sublevels-for-projects-indented)
- (save-restriction
- (widen)
- (let ((next-headline (save-excursion (or (outline-next-heading) (point-max)))))
- (if (bh/is-project-p)
- (let* ((subtree-end (save-excursion (org-end-of-subtree t)))
- (has-next ))
- (save-excursion
- (forward-line 1)
- (while (and (not has-next) (< (point) subtree-end) (re-search-forward "^\\*+ NEXT " subtree-end t))
- (unless (member "WAITING" (org-get-tags-at))
- (setq has-next t))))
- (if has-next
- next-headline
- nil)) ; a stuck project, has subtasks but no next task
- next-headline))))
-
-(defun bh/skip-non-projects ()
- "Skip trees that are not projects"
- ;; (bh/list-sublevels-for-projects-indented)
- (if (save-excursion (bh/skip-non-stuck-projects))
- (save-restriction
- (widen)
- (let ((subtree-end (save-excursion (org-end-of-subtree t))))
- (cond
- ((bh/is-project-p)
- nil)
- ((and (bh/is-project-subtree-p) (not (bh/is-task-p)))
- nil)
- (t
- subtree-end))))
- (save-excursion (org-end-of-subtree t))))
-
-(defun bh/skip-non-tasks ()
- "Show non-project tasks.
-Skip project and sub-project tasks, habits, and project related tasks."
- (save-restriction
- (widen)
- (let ((next-headline (save-excursion (or (outline-next-heading) (point-max)))))
- (cond
- ((bh/is-task-p)
- nil)
- (t
- next-headline)))))
-
-(defun bh/skip-project-trees-and-habits ()
- "Skip trees that are projects"
- (save-restriction
- (widen)
- (let ((subtree-end (save-excursion (org-end-of-subtree t))))
- (cond
- ((bh/is-project-p)
- subtree-end)
- ((org-is-habit-p)
- subtree-end)
- (t
- nil)))))
-
-(defun bh/skip-projects-and-habits-and-single-tasks ()
- "Skip trees that are projects, tasks that are habits, single non-project tasks"
- (save-restriction
- (widen)
- (let ((next-headline (save-excursion (or (outline-next-heading) (point-max)))))
- (cond
- ((org-is-habit-p)
- next-headline)
- ((and bh/hide-scheduled-and-waiting-next-tasks
- (member "WAITING" (org-get-tags-at)))
- next-headline)
- ((bh/is-project-p)
- next-headline)
- ((and (bh/is-task-p) (not (bh/is-project-subtree-p)))
- next-headline)
- (t
- nil)))))
-
-(defun bh/skip-project-tasks-maybe ()
- "Show tasks related to the current restriction.
-When restricted to a project, skip project and sub project tasks, habits, NEXT tasks, and loose tasks.
-When not restricted, skip project and sub-project tasks, habits, and project related tasks."
- (save-restriction
- (widen)
- (let* ((subtree-end (save-excursion (org-end-of-subtree t)))
- (next-headline (save-excursion (or (outline-next-heading) (point-max))))
- (limit-to-project (marker-buffer org-agenda-restrict-begin)))
- (cond
- ((bh/is-project-p)
- next-headline)
- ((org-is-habit-p)
- subtree-end)
- ((and (not limit-to-project)
- (bh/is-project-subtree-p))
- subtree-end)
- ((and limit-to-project
- (bh/is-project-subtree-p)
- (member (org-get-todo-state) (list "NEXT")))
- subtree-end)
- (t
- nil)))))
-
-(defun bh/skip-project-tasks ()
- "Show non-project tasks.
-Skip project and sub-project tasks, habits, and project related tasks."
- (save-restriction
- (widen)
- (let* ((subtree-end (save-excursion (org-end-of-subtree t))))
- (cond
- ((bh/is-project-p)
- subtree-end)
- ((org-is-habit-p)
- subtree-end)
- ((bh/is-project-subtree-p)
- subtree-end)
- (t
- nil)))))
-
-(defun bh/skip-non-project-tasks ()
- "Show project tasks.
-Skip project and sub-project tasks, habits, and loose non-project tasks."
- (save-restriction
- (widen)
- (let* ((subtree-end (save-excursion (org-end-of-subtree t)))
- (next-headline (save-excursion (or (outline-next-heading) (point-max)))))
- (cond
- ((bh/is-project-p)
- next-headline)
- ((org-is-habit-p)
- subtree-end)
- ((and (bh/is-project-subtree-p)
- (member (org-get-todo-state) (list "NEXT")))
- subtree-end)
- ((not (bh/is-project-subtree-p))
- subtree-end)
- (t
- nil)))))
-
-(defun bh/skip-projects-and-habits ()
- "Skip trees that are projects and tasks that are habits"
- (save-restriction
- (widen)
- (let ((subtree-end (save-excursion (org-end-of-subtree t))))
- (cond
- ((bh/is-project-p)
- subtree-end)
- ((org-is-habit-p)
- subtree-end)
- (t
- nil)))))
-
-(defun bh/skip-non-subprojects ()
- "Skip trees that are not projects"
- (let ((next-headline (save-excursion (outline-next-heading))))
- (if (bh/is-subproject-p)
- nil
- next-headline)))
-
-(setq org-archive-mark-done nil)
-(setq org-archive-location "%s_archive::* Archived Tasks")
-
-(defun bh/skip-non-archivable-tasks ()
- "Skip trees that are not available for archiving"
- (save-restriction
- (widen)
- ;; Consider only tasks with done todo headings as archivable candidates
- (let ((next-headline (save-excursion (or (outline-next-heading) (point-max))))
- (subtree-end (save-excursion (org-end-of-subtree t))))
- (if (member (org-get-todo-state) org-todo-keywords-1)
- (if (member (org-get-todo-state) org-done-keywords)
- (let* ((daynr (string-to-number (format-time-string "%d" (current-time))))
- (a-month-ago (* 60 60 24 (+ daynr 1)))
- (last-month (format-time-string "%Y-%m-" (time-subtract (current-time) (seconds-to-time a-month-ago))))
- (this-month (format-time-string "%Y-%m-" (current-time)))
- (subtree-is-current (save-excursion
- (forward-line 1)
- (and (< (point) subtree-end)
- (re-search-forward (concat last-month "\\|" this-month) subtree-end t)))))
- (if subtree-is-current
- subtree-end ; Has a date in this month or last month, skip it
- nil)) ; available to archive
- (or subtree-end (point-max)))
- next-headline))))
-(setq org-alphabetical-lists t)
-
-;; Explicitly load required exporters
-(require 'ox-html)
-(require 'ox-latex)
-(require 'ox-ascii)
-
-(setq org-ditaa-jar-path "~/git/org-mode/contrib/scripts/ditaa.jar")
-(setq org-plantuml-jar-path "~/java/plantuml.jar")
-
-(add-hook 'org-babel-after-execute-hook 'bh/display-inline-images 'append)
-
-; Make babel results blocks lowercase
-(setq org-babel-results-keyword "results")
-
-(defun bh/display-inline-images ()
- (condition-case nil
- (org-display-inline-images)
- (error nil)))
-
-(org-babel-do-load-languages
- (quote org-babel-load-languages)
- (quote ((emacs-lisp . t)
- (dot . t)
- (ditaa . t)
- (R . t)
- (python . t)
- (ruby . t)
- (gnuplot . t)
- (clojure . t)
- (shell . t)
- (ledger . t)
- (org . t)
- (plantuml . t)
- (latex . t))))
-
-; Do not prompt to confirm evaluation
-; This may be dangerous - make sure you understand the consequences
-; of setting this -- see the docstring for details
-(setq org-confirm-babel-evaluate nil)
-
-; Use fundamental mode when editing plantuml blocks with C-c '
-(add-to-list 'org-src-lang-modes (quote ("plantuml" . fundamental)))
-
-;; Don't enable this because it breaks access to emacs from my Android phone
-(setq org-startup-with-inline-images nil)
-
-; experimenting with docbook exports - not finished
-(setq org-export-docbook-xsl-fo-proc-command "fop %s %s")
-(setq org-export-docbook-xslt-proc-command "xsltproc --output %s /usr/share/xml/docbook/stylesheet/nwalsh/fo/docbook.xsl %s")
-;
-; Inline images in HTML instead of producting links to the image
-(setq org-html-inline-images t)
-; Do not use sub or superscripts - I currently don't need this functionality in my documents
-(setq org-export-with-sub-superscripts nil)
-; Use org.css from the norang website for export document stylesheets
-(setq org-html-head-extra "<link rel=\"stylesheet\" href=\"http://doc.norang.ca/org.css\" type=\"text/css\" />")
-(setq org-html-head-include-default-style nil)
-; Do not generate internal css formatting for HTML exports
-(setq org-export-htmlize-output-type (quote css))
-; Export with LaTeX fragments
-(setq org-export-with-LaTeX-fragments t)
-; Increase default number of headings to export
-(setq org-export-headline-levels 6)
-
-; List of projects
-; norang - http://www.norang.ca/
-; doc - http://doc.norang.ca/
-; org-mode-doc - http://doc.norang.ca/org-mode.html and associated files
-; org - miscellaneous todo lists for publishing
-(setq org-publish-project-alist
- ;
- ; http://www.norang.ca/ (norang website)
- ; norang-org are the org-files that generate the content
- ; norang-extra are images and css files that need to be included
- ; norang is the top-level project that gets published
- (quote (("norang-org"
- :base-directory "~/git/www.norang.ca"
- :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs"
- :recursive t
- :table-of-contents nil
- :base-extension "org"
- :publishing-function org-html-publish-to-html
- :style-include-default nil
- :section-numbers nil
- :table-of-contents nil
- :html-head "<link rel=\"stylesheet\" href=\"norang.css\" type=\"text/css\" />"
- :author-info nil
- :creator-info nil)
- ("norang-extra"
- :base-directory "~/git/www.norang.ca/"
- :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs"
- :base-extension "css\\|pdf\\|png\\|jpg\\|gif"
- :publishing-function org-publish-attachment
- :recursive t
- :author nil)
- ("norang"
- :components ("norang-org" "norang-extra"))
- ;
- ; http://doc.norang.ca/ (norang website)
- ; doc-org are the org-files that generate the content
- ; doc-extra are images and css files that need to be included
- ; doc is the top-level project that gets published
- ("doc-org"
- :base-directory "~/git/doc.norang.ca/"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs"
- :recursive nil
- :section-numbers nil
- :table-of-contents nil
- :base-extension "org"
- :publishing-function (org-html-publish-to-html org-org-publish-to-org)
- :style-include-default nil
- :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />"
- :author-info nil
- :creator-info nil)
- ("doc-extra"
- :base-directory "~/git/doc.norang.ca/"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs"
- :base-extension "css\\|pdf\\|png\\|jpg\\|gif"
- :publishing-function org-publish-attachment
- :recursive nil
- :author nil)
- ("doc"
- :components ("doc-org" "doc-extra"))
- ("doc-private-org"
- :base-directory "~/git/doc.norang.ca/private"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs/private"
- :recursive nil
- :section-numbers nil
- :table-of-contents nil
- :base-extension "org"
- :publishing-function (org-html-publish-to-html org-org-publish-to-org)
- :style-include-default nil
- :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />"
- :auto-sitemap t
- :sitemap-filename "index.html"
- :sitemap-title "Norang Private Documents"
- :sitemap-style "tree"
- :author-info nil
- :creator-info nil)
- ("doc-private-extra"
- :base-directory "~/git/doc.norang.ca/private"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs/private"
- :base-extension "css\\|pdf\\|png\\|jpg\\|gif"
- :publishing-function org-publish-attachment
- :recursive nil
- :author nil)
- ("doc-private"
- :components ("doc-private-org" "doc-private-extra"))
- ;
- ; Miscellaneous pages for other websites
- ; org are the org-files that generate the content
- ("org-org"
- :base-directory "~/git/org/"
- :publishing-directory "/ssh:www-data@www:~/org"
- :recursive t
- :section-numbers nil
- :table-of-contents nil
- :base-extension "org"
- :publishing-function org-html-publish-to-html
- :style-include-default nil
- :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />"
- :author-info nil
- :creator-info nil)
- ;
- ; http://doc.norang.ca/ (norang website)
- ; org-mode-doc-org this document
- ; org-mode-doc-extra are images and css files that need to be included
- ; org-mode-doc is the top-level project that gets published
- ; This uses the same target directory as the 'doc' project
- ("org-mode-doc-org"
- :base-directory "~/git/org-mode-doc/"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs"
- :recursive t
- :section-numbers nil
- :table-of-contents nil
- :base-extension "org"
- :publishing-function (org-html-publish-to-html)
- :plain-source t
- :htmlized-source t
- :style-include-default nil
- :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />"
- :author-info nil
- :creator-info nil)
- ("org-mode-doc-extra"
- :base-directory "~/git/org-mode-doc/"
- :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs"
- :base-extension "css\\|pdf\\|png\\|jpg\\|gif\\|org"
- :publishing-function org-publish-attachment
- :recursive t
- :author nil)
- ("org-mode-doc"
- :components ("org-mode-doc-org" "org-mode-doc-extra"))
- ;
- ; http://doc.norang.ca/ (norang website)
- ; org-mode-doc-org this document
- ; org-mode-doc-extra are images and css files that need to be included
- ; org-mode-doc is the top-level project that gets published
- ; This uses the same target directory as the 'doc' project
- ("tmp-org"
- :base-directory "/tmp/publish/"
- :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs/tmp"
- :recursive t
- :section-numbers nil
- :table-of-contents nil
- :base-extension "org"
- :publishing-function (org-html-publish-to-html org-org-publish-to-org)
- :html-head "<link rel=\"stylesheet\" href=\"http://doc.norang.ca/org.css\" type=\"text/css\" />"
- :plain-source t
- :htmlized-source t
- :style-include-default nil
- :auto-sitemap t
- :sitemap-filename "index.html"
- :sitemap-title "Test Publishing Area"
- :sitemap-style "tree"
- :author-info t
- :creator-info t)
- ("tmp-extra"
- :base-directory "/tmp/publish/"
- :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs/tmp"
- :base-extension "css\\|pdf\\|png\\|jpg\\|gif"
- :publishing-function org-publish-attachment
- :recursive t
- :author nil)
- ("tmp"
- :components ("tmp-org" "tmp-extra")))))
-
-; I'm lazy and don't want to remember the name of the project to publish when I modify
-; a file that is part of a project. So this function saves the file, and publishes
-; the project that includes this file
-;
-; It's bound to C-S-F12 so I just edit and hit C-S-F12 when I'm done and move on to the next thing
-(defun bh/save-then-publish (&optional force)
- (interactive "P")
- (save-buffer)
- (org-save-all-org-buffers)
- (let ((org-html-head-extra)
- (org-html-validation-link "<a href=\"http://validator.w3.org/check?uri=referer\">Validate XHTML 1.0</a>"))
- (org-publish-current-project force)))
-
-(global-set-key (kbd "C-s-<f12>") 'bh/save-then-publish)
-
-(setq org-latex-listings t)
-
-(setq org-html-xml-declaration (quote (("html" . "")
- ("was-html" . "<?xml version=\"1.0\" encoding=\"%s\"?>")
- ("php" . "<?php echo \"<?xml version=\\\"1.0\\\" encoding=\\\"%s\\\" ?>\"; ?>"))))
-
-(setq org-export-allow-BIND t)
-
-; Erase all reminders and rebuilt reminders for today from the agenda
-(defun bh/org-agenda-to-appt ()
- (interactive)
- (setq appt-time-msg-list nil)
- (org-agenda-to-appt))
-
-; Rebuild the reminders everytime the agenda is displayed
-(add-hook 'org-finalize-agenda-hook 'bh/org-agenda-to-appt 'append)
-
-; This is at the end of my .emacs - so appointments are set up when Emacs starts
-(bh/org-agenda-to-appt)
-
-; Activate appointments so we get notifications
-(appt-activate t)
-
-; If we leave Emacs running overnight - reset the appointments one minute after midnight
-(run-at-time "24:01" nil 'bh/org-agenda-to-appt)
-
-;; Enable abbrev-mode
-(add-hook 'org-mode-hook (lambda () (abbrev-mode 1)))
-
-;; Skeletons
-;;
-;; sblk - Generic block #+begin_FOO .. #+end_FOO
-(define-skeleton skel-org-block
- "Insert an org block, querying for type."
- "Type: "
- "#+begin_" str "\n"
- _ - \n
- "#+end_" str "\n")
-
-(define-abbrev org-mode-abbrev-table "sblk" "" 'skel-org-block)
-
-;; splantuml - PlantUML Source block
-(define-skeleton skel-org-block-plantuml
- "Insert a org plantuml block, querying for filename."
- "File (no extension): "
- "#+begin_src plantuml :file " str ".png :cache yes\n"
- _ - \n
- "#+end_src\n")
-
-(define-abbrev org-mode-abbrev-table "splantuml" "" 'skel-org-block-plantuml)
-
-(define-skeleton skel-org-block-plantuml-activity
- "Insert a org plantuml block, querying for filename."
- "File (no extension): "
- "#+begin_src plantuml :file " str "-act.png :cache yes :tangle " str "-act.txt\n"
- (bh/plantuml-reset-counters)
- "@startuml\n"
- "skinparam activity {\n"
- "BackgroundColor<<New>> Cyan\n"
- "}\n\n"
- "title " str " - \n"
- "note left: " str "\n"
- "(*) --> \"" str "\"\n"
- "--> (*)\n"
- _ - \n
- "@enduml\n"
- "#+end_src\n")
-
-(defvar bh/plantuml-if-count 0)
-
-(defun bh/plantuml-if ()
- (incf bh/plantuml-if-count)
- (number-to-string bh/plantuml-if-count))
-
-(defvar bh/plantuml-loop-count 0)
-
-(defun bh/plantuml-loop ()
- (incf bh/plantuml-loop-count)
- (number-to-string bh/plantuml-loop-count))
-
-(defun bh/plantuml-reset-counters ()
- (setq bh/plantuml-if-count 0
- bh/plantuml-loop-count 0)
- "")
-
-(define-abbrev org-mode-abbrev-table "sact" "" 'skel-org-block-plantuml-activity)
-
-(define-skeleton skel-org-block-plantuml-activity-if
- "Insert a org plantuml block activity if statement"
- ""
- "if \"\" then\n"
- " -> [condition] ==IF" (setq ifn (bh/plantuml-if)) "==\n"
- " --> ==IF" ifn "M1==\n"
- " -left-> ==IF" ifn "M2==\n"
- "else\n"
- "end if\n"
- "--> ==IF" ifn "M2==")
-
-(define-abbrev org-mode-abbrev-table "sif" "" 'skel-org-block-plantuml-activity-if)
-
-(define-skeleton skel-org-block-plantuml-activity-for
- "Insert a org plantuml block activity for statement"
- "Loop for each: "
- "--> ==LOOP" (setq loopn (bh/plantuml-loop)) "==\n"
- "note left: Loop" loopn ": For each " str "\n"
- "--> ==ENDLOOP" loopn "==\n"
- "note left: Loop" loopn ": End for each " str "\n" )
-
-(define-abbrev org-mode-abbrev-table "sfor" "" 'skel-org-block-plantuml-activity-for)
-
-(define-skeleton skel-org-block-plantuml-sequence
- "Insert a org plantuml activity diagram block, querying for filename."
- "File appends (no extension): "
- "#+begin_src plantuml :file " str "-seq.png :cache yes :tangle " str "-seq.txt\n"
- "@startuml\n"
- "title " str " - \n"
- "actor CSR as \"Customer Service Representative\"\n"
- "participant CSMO as \"CSM Online\"\n"
- "participant CSMU as \"CSM Unix\"\n"
- "participant NRIS\n"
- "actor Customer"
- _ - \n
- "@enduml\n"
- "#+end_src\n")
-
-(define-abbrev org-mode-abbrev-table "sseq" "" 'skel-org-block-plantuml-sequence)
-
-;; sdot - Graphviz DOT block
-(define-skeleton skel-org-block-dot
- "Insert a org graphviz dot block, querying for filename."
- "File (no extension): "
- "#+begin_src dot :file " str ".png :cache yes :cmdline -Kdot -Tpng\n"
- "graph G {\n"
- _ - \n
- "}\n"
- "#+end_src\n")
-
-(define-abbrev org-mode-abbrev-table "sdot" "" 'skel-org-block-dot)
-
-;; sditaa - Ditaa source block
-(define-skeleton skel-org-block-ditaa
- "Insert a org ditaa block, querying for filename."
- "File (no extension): "
- "#+begin_src ditaa :file " str ".png :cache yes\n"
- _ - \n
- "#+end_src\n")
-
-(define-abbrev org-mode-abbrev-table "sditaa" "" 'skel-org-block-ditaa)
-
-;; selisp - Emacs Lisp source block
-(define-skeleton skel-org-block-elisp
- "Insert a org emacs-lisp block"
- ""
- "#+begin_src emacs-lisp\n"
- _ - \n
- "#+end_src\n")
-
-(define-abbrev org-mode-abbrev-table "selisp" "" 'skel-org-block-elisp)
-
-(defun bh/org-todo (arg)
- (interactive "p")
- (if (equal arg 4)
- (save-restriction
- (bh/narrow-to-org-subtree)
- (org-show-todo-tree nil))
- (bh/narrow-to-org-subtree)
- (org-show-todo-tree nil)))
-
-(global-set-key (kbd "<S-f5>") 'bh/widen)
-
-(defun bh/widen ()
- (interactive)
- (if (equal major-mode 'org-agenda-mode)
- (progn
- (org-agenda-remove-restriction-lock)
- (when org-agenda-sticky
- (org-agenda-redo)))
- (widen)))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "W" (lambda () (interactive) (setq bh/hide-scheduled-and-waiting-next-tasks t) (bh/widen))))
- 'append)
-
-(defun bh/restrict-to-file-or-follow (arg)
- "Set agenda restriction to 'file or with argument invoke follow mode.
-I don't use follow mode very often but I restrict to file all the time
-so change the default 'F' binding in the agenda to allow both"
- (interactive "p")
- (if (equal arg 4)
- (org-agenda-follow-mode)
- (widen)
- (bh/set-agenda-restriction-lock 4)
- (org-agenda-redo)
- (beginning-of-buffer)))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "F" 'bh/restrict-to-file-or-follow))
- 'append)
-
-(defun bh/narrow-to-org-subtree ()
- (widen)
- (org-narrow-to-subtree)
- (save-restriction
- (org-agenda-set-restriction-lock)))
-
-(defun bh/narrow-to-subtree ()
- (interactive)
- (if (equal major-mode 'org-agenda-mode)
- (progn
- (org-with-point-at (org-get-at-bol 'org-hd-marker)
- (bh/narrow-to-org-subtree))
- (when org-agenda-sticky
- (org-agenda-redo)))
- (bh/narrow-to-org-subtree)))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "N" 'bh/narrow-to-subtree))
- 'append)
-
-(defun bh/narrow-up-one-org-level ()
- (widen)
- (save-excursion
- (outline-up-heading 1 'invisible-ok)
- (bh/narrow-to-org-subtree)))
-
-(defun bh/get-pom-from-agenda-restriction-or-point ()
- (or (and (marker-position org-agenda-restrict-begin) org-agenda-restrict-begin)
- (org-get-at-bol 'org-hd-marker)
- (and (equal major-mode 'org-mode) (point))
- org-clock-marker))
-
-(defun bh/narrow-up-one-level ()
- (interactive)
- (if (equal major-mode 'org-agenda-mode)
- (progn
- (org-with-point-at (bh/get-pom-from-agenda-restriction-or-point)
- (bh/narrow-up-one-org-level))
- (org-agenda-redo))
- (bh/narrow-up-one-org-level)))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "U" 'bh/narrow-up-one-level))
- 'append)
-
-(defun bh/narrow-to-org-project ()
- (widen)
- (save-excursion
- (bh/find-project-task)
- (bh/narrow-to-org-subtree)))
-
-(defun bh/narrow-to-project ()
- (interactive)
- (if (equal major-mode 'org-agenda-mode)
- (progn
- (org-with-point-at (bh/get-pom-from-agenda-restriction-or-point)
- (bh/narrow-to-org-project)
- (save-excursion
- (bh/find-project-task)
- (org-agenda-set-restriction-lock)))
- (org-agenda-redo)
- (beginning-of-buffer))
- (bh/narrow-to-org-project)
- (save-restriction
- (org-agenda-set-restriction-lock))))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "P" 'bh/narrow-to-project))
- 'append)
-
-(defvar bh/project-list nil)
-
-(defun bh/view-next-project ()
- (interactive)
- (let (num-project-left current-project)
- (unless (marker-position org-agenda-restrict-begin)
- (goto-char (point-min))
- ; Clear all of the existing markers on the list
- (while bh/project-list
- (set-marker (pop bh/project-list) nil))
- (re-search-forward "Tasks to Refile")
- (forward-visible-line 1))
-
- ; Build a new project marker list
- (unless bh/project-list
- (while (< (point) (point-max))
- (while (and (< (point) (point-max))
- (or (not (org-get-at-bol 'org-hd-marker))
- (org-with-point-at (org-get-at-bol 'org-hd-marker)
- (or (not (bh/is-project-p))
- (bh/is-project-subtree-p)))))
- (forward-visible-line 1))
- (when (< (point) (point-max))
- (add-to-list 'bh/project-list (copy-marker (org-get-at-bol 'org-hd-marker)) 'append))
- (forward-visible-line 1)))
-
- ; Pop off the first marker on the list and display
- (setq current-project (pop bh/project-list))
- (when current-project
- (org-with-point-at current-project
- (setq bh/hide-scheduled-and-waiting-next-tasks nil)
- (bh/narrow-to-project))
- ; Remove the marker
- (setq current-project nil)
- (org-agenda-redo)
- (beginning-of-buffer)
- (setq num-projects-left (length bh/project-list))
- (if (> num-projects-left 0)
- (message "%s projects left to view" num-projects-left)
- (beginning-of-buffer)
- (setq bh/hide-scheduled-and-waiting-next-tasks t)
- (error "All projects viewed.")))))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "V" 'bh/view-next-project))
- 'append)
-
-(setq org-show-entry-below (quote ((default))))
-
-(add-hook 'org-agenda-mode-hook
- '(lambda () (org-defkey org-agenda-mode-map "\C-c\C-x<" 'bh/set-agenda-restriction-lock))
- 'append)
-
-(defun bh/set-agenda-restriction-lock (arg)
- "Set restriction lock to current task subtree or file if prefix is specified"
- (interactive "p")
- (let* ((pom (bh/get-pom-from-agenda-restriction-or-point))
- (tags (org-with-point-at pom (org-get-tags-at))))
- (let ((restriction-type (if (equal arg 4) 'file 'subtree)))
- (save-restriction
- (cond
- ((and (equal major-mode 'org-agenda-mode) pom)
- (org-with-point-at pom
- (org-agenda-set-restriction-lock restriction-type))
- (org-agenda-redo))
- ((and (equal major-mode 'org-mode) (org-before-first-heading-p))
- (org-agenda-set-restriction-lock 'file))
- (pom
- (org-with-point-at pom
- (org-agenda-set-restriction-lock restriction-type))))))))
-
-;; Limit restriction lock highlighting to the headline only
-(setq org-agenda-restriction-lock-highlight-subtree nil)
-
-;; Always hilight the current agenda line
-(add-hook 'org-agenda-mode-hook
- '(lambda () (hl-line-mode 1))
- 'append)
-
-;; Keep tasks with dates on the global todo lists
-(setq org-agenda-todo-ignore-with-date nil)
-
-;; Keep tasks with deadlines on the global todo lists
-(setq org-agenda-todo-ignore-deadlines nil)
-
-;; Keep tasks with scheduled dates on the global todo lists
-(setq org-agenda-todo-ignore-scheduled nil)
-
-;; Keep tasks with timestamps on the global todo lists
-(setq org-agenda-todo-ignore-timestamp nil)
-
-;; Remove completed deadline tasks from the agenda view
-(setq org-agenda-skip-deadline-if-done t)
-
-;; Remove completed scheduled tasks from the agenda view
-(setq org-agenda-skip-scheduled-if-done t)
-
-;; Remove completed items from search results
-(setq org-agenda-skip-timestamp-if-done t)
-
-(setq org-agenda-include-diary nil)
-(setq org-agenda-diary-file "~/git/org/diary.org")
-
-(setq org-agenda-insert-diary-extract-time t)
-
-;; Include agenda archive files when searching for things
-(setq org-agenda-text-search-extra-files (quote (agenda-archives)))
-
-;; Show all future entries for repeating tasks
-(setq org-agenda-repeating-timestamp-show-all t)
-
-;; Show all agenda dates - even if they are empty
-(setq org-agenda-show-all-dates t)
-
-;; Sorting order for tasks on the agenda
-(setq org-agenda-sorting-strategy
- (quote ((agenda habit-down time-up user-defined-up effort-up category-keep)
- (todo category-up effort-up)
- (tags category-up effort-up)
- (search category-up))))
-
-;; Start the weekly agenda on Monday
-(setq org-agenda-start-on-weekday 1)
-
-;; Enable display of the time grid so we can see the marker for the current time
-;; modified like in
-;; https://stackoverflow.com/questions/47778775/wrong-type-argument-when-using-org-agenda
-(setq org-agenda-time-grid (quote
- ((daily today remove-match)
- (0900 1100 1300 1500 1700)
- "......" "----------------")))
-
-;; Display tags farther right
-(setq org-agenda-tags-column -102)
-
-;;
-;; Agenda sorting functions
-;;
-(setq org-agenda-cmp-user-defined 'bh/agenda-sort)
-
-(defun bh/agenda-sort (a b)
- "Sorting strategy for agenda items.
-Late deadlines first, then scheduled, then non-late deadlines"
- (let (result num-a num-b)
- (cond
- ; time specific items are already sorted first by org-agenda-sorting-strategy
-
- ; non-deadline and non-scheduled items next
- ((bh/agenda-sort-test 'bh/is-not-scheduled-or-deadline a b))
-
- ; deadlines for today next
- ((bh/agenda-sort-test 'bh/is-due-deadline a b))
-
- ; late deadlines next
- ((bh/agenda-sort-test-num 'bh/is-late-deadline '> a b))
-
- ; scheduled items for today next
- ((bh/agenda-sort-test 'bh/is-scheduled-today a b))
-
- ; late scheduled items next
- ((bh/agenda-sort-test-num 'bh/is-scheduled-late '> a b))
-
- ; pending deadlines last
- ((bh/agenda-sort-test-num 'bh/is-pending-deadline '< a b))
-
- ; finally default to unsorted
- (t (setq result nil)))
- result))
-
-(defmacro bh/agenda-sort-test (fn a b)
- "Test for agenda sort"
- `(cond
- ; if both match leave them unsorted
- ((and (apply ,fn (list ,a))
- (apply ,fn (list ,b)))
- (setq result nil))
- ; if a matches put a first
- ((apply ,fn (list ,a))
- (setq result -1))
- ; otherwise if b matches put b first
- ((apply ,fn (list ,b))
- (setq result 1))
- ; if none match leave them unsorted
- (t nil)))
-
-(defmacro bh/agenda-sort-test-num (fn compfn a b)
- `(cond
- ((apply ,fn (list ,a))
- (setq num-a (string-to-number (match-string 1 ,a)))
- (if (apply ,fn (list ,b))
- (progn
- (setq num-b (string-to-number (match-string 1 ,b)))
- (setq result (if (apply ,compfn (list num-a num-b))
- -1
- 1)))
- (setq result -1)))
- ((apply ,fn (list ,b))
- (setq result 1))
- (t nil)))
-
-(defun bh/is-not-scheduled-or-deadline (date-str)
- (and (not (bh/is-deadline date-str))
- (not (bh/is-scheduled date-str))))
-
-(defun bh/is-due-deadline (date-str)
- (string-match "Deadline:" date-str))
-
-(defun bh/is-late-deadline (date-str)
- (string-match "\\([0-9]*\\) d\. ago:" date-str))
-
-(defun bh/is-pending-deadline (date-str)
- (string-match "In \\([^-]*\\)d\.:" date-str))
-
-(defun bh/is-deadline (date-str)
- (or (bh/is-due-deadline date-str)
- (bh/is-late-deadline date-str)
- (bh/is-pending-deadline date-str)))
-
-(defun bh/is-scheduled (date-str)
- (or (bh/is-scheduled-today date-str)
- (bh/is-scheduled-late date-str)))
-
-(defun bh/is-scheduled-today (date-str)
- (string-match "Scheduled:" date-str))
-
-(defun bh/is-scheduled-late (date-str)
- (string-match "Sched\.\\(.*\\)x:" date-str))
-
-;; Use sticky agenda's so they persist
-(setq org-agenda-sticky t)
-
-;; The following setting is different from the document so that you
-;; can override the document path by setting your path in the variable
-;; org-mode-user-contrib-lisp-path
-;;
-(if (boundp 'org-mode-user-contrib-lisp-path)
- (add-to-list 'load-path org-mode-user-contrib-lisp-path)
- (add-to-list 'load-path (expand-file-name "~/git/org-mode/contrib/lisp")))
-
-(require 'org-checklist)
-
-(setq org-enforce-todo-dependencies t)
-
-(setq org-hide-leading-stars nil)
-
-(setq org-startup-indented t)
-
-(setq org-cycle-separator-lines 0)
-
-(setq org-blank-before-new-entry (quote ((heading)
- (plain-list-item . auto))))
-
-(setq org-insert-heading-respect-content nil)
-
-(setq org-reverse-note-order nil)
-
-(setq org-show-following-heading t)
-(setq org-show-hierarchy-above t)
-(setq org-show-siblings (quote ((default))))
-
-(setq org-special-ctrl-a/e t)
-(setq org-special-ctrl-k t)
-(setq org-yank-adjusted-subtrees t)
-
-(setq org-id-method (quote uuidgen))
-
-(setq org-deadline-warning-days 30)
-
-(setq org-table-export-default-format "orgtbl-to-csv")
-
-(setq org-link-frame-setup (quote ((vm . vm-visit-folder)
- (gnus . org-gnus-no-new-news)
- (file . find-file))))
-
-; Use the current window for C-c ' source editing
-(setq org-src-window-setup 'current-window)
-
-(setq org-log-done (quote time))
-(setq org-log-into-drawer t)
-(setq org-log-state-notes-insert-after-drawers nil)
-
-(setq org-clock-sound "/usr/local/lib/tngchime.wav")
-
-; Enable habit tracking (and a bunch of other modules)
-(setq org-modules (quote (org-bbdb
- org-bibtex
- org-crypt
- org-gnus
- org-id
- org-info
- org-jsinfo
- org-habit
- org-inlinetask
- org-irc
- org-mew
- org-mhe
- org-protocol
- org-rmail
- org-vm
- org-wl
- org-w3m)))
-
-; position the habit graph on the agenda to the right of the default
-(setq org-habit-graph-column 50)
-
-(run-at-time "06:00" 86400 '(lambda () (setq org-habit-show-habits t)))
-
-(global-auto-revert-mode t)
-
-(require 'org-crypt)
-; Encrypt all entries before saving
-(org-crypt-use-before-save-magic)
-(setq org-tags-exclude-from-inheritance (quote ("crypt")))
-; GPG key to use for encryption
-(setq org-crypt-key "F0B66B40")
-
-(setq org-crypt-disable-auto-save nil)
-
-(setq org-use-speed-commands t)
-(setq org-speed-commands-user (quote (("0" . ignore)
- ("1" . ignore)
- ("2" . ignore)
- ("3" . ignore)
- ("4" . ignore)
- ("5" . ignore)
- ("6" . ignore)
- ("7" . ignore)
- ("8" . ignore)
- ("9" . ignore)
-
- ("a" . ignore)
- ("d" . ignore)
- ("h" . bh/hide-other)
- ("i" progn
- (forward-char 1)
- (call-interactively 'org-insert-heading-respect-content))
- ("k" . org-kill-note-or-show-branches)
- ("l" . ignore)
- ("m" . ignore)
- ("q" . bh/show-org-agenda)
- ("r" . ignore)
- ("s" . org-save-all-org-buffers)
- ("w" . org-refile)
- ("x" . ignore)
- ("y" . ignore)
- ("z" . org-add-note)
-
- ("A" . ignore)
- ("B" . ignore)
- ("E" . ignore)
- ("F" . bh/restrict-to-file-or-follow)
- ("G" . ignore)
- ("H" . ignore)
- ("J" . org-clock-goto)
- ("K" . ignore)
- ("L" . ignore)
- ("M" . ignore)
- ("N" . bh/narrow-to-org-subtree)
- ("P" . bh/narrow-to-org-project)
- ("Q" . ignore)
- ("R" . ignore)
- ("S" . ignore)
- ("T" . bh/org-todo)
- ("U" . bh/narrow-up-one-org-level)
- ("V" . ignore)
- ("W" . bh/widen)
- ("X" . ignore)
- ("Y" . ignore)
- ("Z" . ignore))))
-
-(defun bh/show-org-agenda ()
- (interactive)
- (if org-agenda-sticky
- (switch-to-buffer "*Org Agenda( )*")
- (switch-to-buffer "*Org Agenda*"))
- (delete-other-windows))
-
-(require 'org-protocol)
-
-(setq require-final-newline t)
-
-(defvar bh/insert-inactive-timestamp t)
-
-(defun bh/toggle-insert-inactive-timestamp ()
- (interactive)
- (setq bh/insert-inactive-timestamp (not bh/insert-inactive-timestamp))
- (message "Heading timestamps are %s" (if bh/insert-inactive-timestamp "ON" "OFF")))
-
-(defun bh/insert-inactive-timestamp ()
- (interactive)
- (org-insert-time-stamp nil t t nil nil nil))
-
-(defun bh/insert-heading-inactive-timestamp ()
- (save-excursion
- (when bh/insert-inactive-timestamp
- (org-return)
- (org-cycle)
- (bh/insert-inactive-timestamp))))
-
-(add-hook 'org-insert-heading-hook 'bh/insert-heading-inactive-timestamp 'append)
-
-(setq org-export-with-timestamps nil)
-
-(setq org-return-follows-link t)
-
-(custom-set-faces
- ;; custom-set-faces was added by Custom.
- ;; If you edit it by hand, you could mess it up, so be careful.
- ;; Your init file should contain only one such instance.
- ;; If there is more than one, they won't work right.
- '(org-mode-line-clock ((t (:foreground "red" :box (:line-width -1 :style released-button)))) t))
-
-(defun bh/prepare-meeting-notes ()
- "Prepare meeting notes for email
- Take selected region and convert tabs to spaces, mark TODOs with leading >>>, and copy to kill ring for pasting"
- (interactive)
- (let (prefix)
- (save-excursion
- (save-restriction
- (narrow-to-region (region-beginning) (region-end))
- (untabify (point-min) (point-max))
- (goto-char (point-min))
- (while (re-search-forward "^\\( *-\\\) \\(TODO\\|DONE\\): " (point-max) t)
- (replace-match (concat (make-string (length (match-string 1)) ?>) " " (match-string 2) ": ")))
- (goto-char (point-min))
- (kill-ring-save (point-min) (point-max))))))
-
-(setq org-remove-highlights-with-change t)
-
-(add-to-list 'Info-default-directory-list "~/git/org-mode/doc")
-
-(setq org-read-date-prefer-future 'time)
-
-(setq org-list-demote-modify-bullet (quote (("+" . "-")
- ("*" . "-")
- ("1." . "-")
- ("1)" . "-")
- ("A)" . "-")
- ("B)" . "-")
- ("a)" . "-")
- ("b)" . "-")
- ("A." . "-")
- ("B." . "-")
- ("a." . "-")
- ("b." . "-"))))
-
-(setq org-tags-match-list-sublevels t)
-
-(setq org-agenda-persistent-filter t)
-
-(setq org-link-mailto-program (quote (compose-mail "%a" "%s")))
-
-(add-to-list 'load-path (expand-file-name "~/.emacs.d"))
-(require 'smex)
-(smex-initialize)
-
-(global-set-key (kbd "M-x") 'smex)
-(global-set-key (kbd "C-x x") 'smex)
-(global-set-key (kbd "M-X") 'smex-major-mode-commands)
-
-;; Bookmark handling
-;;
-(global-set-key (kbd "<C-f6>") '(lambda () (interactive) (bookmark-set "SAVED")))
-
-(require 'org-mime)
-
-(setq org-agenda-skip-additional-timestamps-same-entry t)
-
-(setq org-table-use-standard-references (quote from))
-
-(setq org-file-apps (quote ((auto-mode . emacs)
- ("\\.mm\\'" . system)
- ("\\.x?html?\\'" . system)
- ("\\.pdf\\'" . system))))
-
-; Overwrite the current window with the agenda
-(setq org-agenda-window-setup 'current-window)
-
-(setq org-clone-delete-id t)
-
-(setq org-cycle-include-plain-lists t)
-
-(setq org-src-fontify-natively t)
-
-(setq org-structure-template-alist
- (quote (("s" "#+begin_src ?\n\n#+end_src" "<src lang=\"?\">\n\n</src>")
- ("e" "#+begin_example\n?\n#+end_example" "<example>\n?\n</example>")
- ("q" "#+begin_quote\n?\n#+end_quote" "<quote>\n?\n</quote>")
- ("v" "#+begin_verse\n?\n#+end_verse" "<verse>\n?\n</verse>")
- ("c" "#+begin_center\n?\n#+end_center" "<center>\n?\n</center>")
- ("l" "#+begin_latex\n?\n#+end_latex" "<literal style=\"latex\">\n?\n</literal>")
- ("L" "#+latex: " "<literal style=\"latex\">?</literal>")
- ("h" "#+begin_html\n?\n#+end_html" "<literal style=\"html\">\n?\n</literal>")
- ("H" "#+html: " "<literal style=\"html\">?</literal>")
- ("a" "#+begin_ascii\n?\n#+end_ascii")
- ("A" "#+ascii: ")
- ("i" "#+index: ?" "#+index: ?")
- ("I" "#+include %file ?" "<include file=%file markup=\"?\">"))))
-
-(defun bh/mark-next-parent-tasks-todo ()
- "Visit each parent task and change NEXT states to TODO"
- (let ((mystate (or (and (fboundp 'org-state)
- state)
- (nth 2 (org-heading-components)))))
- (when mystate
- (save-excursion
- (while (org-up-heading-safe)
- (when (member (nth 2 (org-heading-components)) (list "NEXT"))
- (org-todo "TODO")))))))
-
-(add-hook 'org-after-todo-state-change-hook 'bh/mark-next-parent-tasks-todo 'append)
-(add-hook 'org-clock-in-hook 'bh/mark-next-parent-tasks-todo 'append)
-
-(setq org-startup-folded t)
-
-(add-hook 'message-mode-hook 'orgstruct++-mode 'append)
-(add-hook 'message-mode-hook 'turn-on-auto-fill 'append)
-(add-hook 'message-mode-hook 'bbdb-define-all-aliases 'append)
-(add-hook 'message-mode-hook 'orgtbl-mode 'append)
-; (add-hook 'message-mode-hook 'turn-on-flyspell 'append) ; aspell needs nix fix
-(add-hook 'message-mode-hook
- '(lambda () (setq fill-column 72))
- 'append)
-
-;; flyspell mode for spell checking everywhere
-; (add-hook 'org-mode-hook 'turn-on-flyspell 'append) ; aspell needs nix fix
-
-;; Disable keys in org-mode
-;; C-c [
-;; C-c ]
-;; C-c ;
-;; C-c C-x C-q cancelling the clock (we never want this)
-(add-hook 'org-mode-hook
- '(lambda ()
- ;; Undefine C-c [ and C-c ] since this breaks my
- ;; org-agenda files when directories are include It
- ;; expands the files in the directories individually
- (org-defkey org-mode-map "\C-c[" 'undefined)
- (org-defkey org-mode-map "\C-c]" 'undefined)
- (org-defkey org-mode-map "\C-c;" 'undefined)
- (org-defkey org-mode-map "\C-c\C-x\C-q" 'undefined))
- 'append)
-
-(add-hook 'org-mode-hook
- (lambda ()
- (local-set-key (kbd "C-c M-o") 'bh/mail-subtree))
- 'append)
-
-(defun bh/mail-subtree ()
- (interactive)
- (org-mark-subtree)
- (org-mime-subtree))
-
-(setq org-src-preserve-indentation nil)
-(setq org-edit-src-content-indentation 0)
-
-(setq org-catch-invisible-edits 'error)
-
-(setq org-export-coding-system 'utf-8)
-(prefer-coding-system 'utf-8)
-(set-charset-priority 'unicode)
-(setq default-process-coding-system '(utf-8-unix . utf-8-unix))
-
-(setq org-time-clocksum-format
- '(:hours "%d" :require-hours t :minutes ":%02d" :require-minutes t))
-
-(setq org-id-link-to-org-use-id 'create-if-interactive-and-no-custom-id)
-
-(setq org-emphasis-alist (quote (("*" bold "<b>" "</b>")
- ("/" italic "<i>" "</i>")
- ("_" underline "<span style=\"text-decoration:underline;\">" "</span>")
- ("=" org-code "<code>" "</code>" verbatim)
- ("~" org-verbatim "<code>" "</code>" verbatim))))
-
-(setq org-use-sub-superscripts nil)
-
-(setq org-odd-levels-only nil)
-
-(run-at-time "00:59" 3600 'org-save-all-org-buffers)
-
-;; --- ombi's extension
-
-;; found on https://www.reddit.com/r/emacs/comments/8yrklz/using_outlinemode_with_org_agenda/
-(add-hook
- 'org-agenda-mode-hook
- (lambda ()
- (setq-local outline-regexp "^[A-Z]")
- (setq-local outline-heading-end-regexp ".$")
- ;; Any prefix you'd like, though C-' is usually unoccupied.
- (setq-local outline-minor-mode-prefix (kbd "C-'"))
- (local-set-key "a" 'outline-toggle-children)
- (outline-minor-mode +1)
- (local-set-key outline-minor-mode-prefix outline-mode-prefix-map)))
-'';
-in
- modifiedBerndHansen
diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
deleted file mode 100644
index 5c35bc280..000000000
--- a/jeschli/2configs/emacs.nix
+++ /dev/null
@@ -1,119 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- pkgsWithOverlay = import <nixpkgs-unstable> {
- overlays = [
- (import (builtins.fetchTarball {
- url = https://github.com/nix-community/emacs-overlay/archive/403c14c23be188b58c0b1bc197b428041d8a0cea.tar.gz;
- }))
- ];
- };
-
- # The emacs packages that I use
- # I differ between
- # - stable (Packages that I use for some time - happy with it)
- # - unstable (Packages that I use for some time - but may drop)
- # - testing (Packages that I try out - the new stuff)
- emacsPkgs = epkgs:
- (with epkgs.melpaPackages ;
-
- ## windows-purpose (testing)
- [ window-purpose ] ++
-
- ## helm (stable)
- # emacs completion engine
- [ helm helm-ag ] ++
-
- ## deft (testing)
- # text search for a directory
- [ deft ] ++
-
- ## lsp mode (unstable)
- # Language Server Protocol mode
- # Used for rust
- [ company-lsp dap-mode helm-lsp lsp-mode lsp-treemacs lsp-ui ] ++
-
- ## emacs convenience (stable)
- # Mixed and general purpose
- [ ag company direnv evil google-this spacemacs-theme ] ++
-
- ## common lisp (testing)
- [ slime ] ++
-
- ## magit (stable)
- [ magit ] ++
-
- ## bunch of programming languages (unstable)
- [ go-mode haskell-mode nix-mode ] ++
-
- ## rust (unstable)
- [ racer rust-mode ] ++
-
- ## python (stable)
- # Python IDE for emacs
- [ elpy ]) ++
-
- ## org-mode
- # Org-Mode has several extensions
- # and can be seen as an application of its own.
- (with epkgs.melpaPackages ;
- # testing
- [ org-super-agenda org-bullets org-ql ] ++
- # unstable
- [ smex org-mime orgit ]
- ) ++
-
- # stable
- (with epkgs.orgPackages ;
- [ org-plus-contrib ]) ++
-
- # stable
- (with epkgs.elpaPackages ;
- [ bbdb which-key ]);
-
-# ## EXWM related (unstable)
-# epkgs.exwm
-# epkgs.melpaPackages.desktop-environment
-# epkgs.melpaPackages.helm-exwm
-# ];
-
- emacsWithOverlay = pkgsWithOverlay.emacsWithPackagesFromUsePackage {
- config = builtins.readFile ./elisp/init.el;
- # Package is optional, defaults to pkgs.emacs
- package = pkgsWithOverlay.emacsGit;
- # Optionally provide extra packages not in the configuration file
- extraEmacsPackages = emacsPkgs;
- };
-
- myEmacs = pkgs.writeDashBin "my-emacs" ''
- exec ${emacsWithOverlay}/bin/emacs -q "$@"
- '';
-
- myEmacsWithDaemon = pkgs.writeDashBin "my-emacs-daemon" ''
- exec ${emacsWithOverlay}/bin/emacs -q --daemon -l ${./elisp/init.el}
- '';
-
- myEmacsClient = pkgs.writeDashBin "meclient" ''
- exec ${emacsWithOverlay}/bin/emacsclient --create-frame "$@"
- '';
-in {
- environment.systemPackages = [
- myEmacs myEmacsWithDaemon myEmacsClient emacsWithOverlay
- ];
-
-## EXWM Config
-# services.xserver = {
-# enable = true;
-# xkbOptions = "caps:super";
-# exportConfiguration = true;
-#
-# displayManager.slim.enable = true;
-# windowManager.default = "exwm";
-#
-# # Set up the login session
-# windowManager.session = [{
-# name = "exwm";
-# start = "${emacsWithOverlay}/bin/emacs -q -l " + builtins.toString ./elisp/init.el;
-# }];
-# };
-}
diff --git a/jeschli/2configs/firefox.nix b/jeschli/2configs/firefox.nix
deleted file mode 100644
index 1e1e16918..000000000
--- a/jeschli/2configs/firefox.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-
- wrapper = pkgs.callPackage ../5pkgs/firefox/firefox-with-config.nix { };
- myFirefox = wrapper pkgs.firefox-unwrapped {
-
- # these plugins are defined in 5pkgs/firefox
- extraExtensions = with pkgs ; [
- dark-reader
- https-everywhere
- ublock-origin
- audio-fingerprint-defender
- canvas-fingerprint-defender
- webgl-fingerprint-defender
- font-fingerprint-defender
- user-agent-switcher
- ];
-
- extraPolicies = {
- CaptivePortal = false;
- };
-
- disablePocket = true;
- disableFirefoxSync = true;
- allowNonSigned = true;
- clearDataOnShutdown = true;
- disableDrmPlugin = true;
-
-};
-
-in {
-
-
-environment.variables = {
- BROWSER = ["firefox"];
-};
-
-
-environment.systemPackages = with pkgs; [
- myFirefox
-];
-
-}
diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix
deleted file mode 100644
index faa8ccf5b..000000000
--- a/jeschli/2configs/git.nix
+++ /dev/null
@@ -1,78 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
-
- out = {
- services.nginx.enable = true;
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "keep calm and engage";
- };
- enable = true;
- };
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
- rules = rules;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
-
- repos = public-repos;
-
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
- stockholm = {
- cgit.desc = "Bonbon aus Git - die ganze Nacht";
- };
- krebs-page = {
- cgit.desc = "Die Krebs Page";
- };
- xmonad-stockholm = {
- cgit.desc = "XMonad Stockholm";
- };
- };
-
- make-public-repo = name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = true;
- hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- channel = "#xxx";
- nick = config.krebs.build.host.name;
- refs = [
- "refs/heads/master"
- ];
- server = "irc.r";
- verbose = true;
- };
- };
- };
-
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = [ jeschli jeschli-brauerei jeschli-bolide];
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional repo.public {
- user = attrValues config.krebs.users;
- repo = [ repo ];
- perm = fetch;
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- };
-
-in out
diff --git a/jeschli/2configs/haskell.nix b/jeschli/2configs/haskell.nix
deleted file mode 100644
index 46ae24fb0..000000000
--- a/jeschli/2configs/haskell.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, pkgs, ... }:
-let
- all-hies = import (fetchTarball "https://github.com/infinisil/all-hies/tarball/master") {};
-in
-{
- environment.systemPackages = with pkgs; [
- cabal2nix
- gcc
- ghc
- haskellPackages.cabal-install
- haskellPackages.ghcid
- haskellPackages.hindent
- haskellPackages.hlint
- haskellPackages.hoogle
- haskellPackages.stack
- (all-hies.selection { selector = p: {inherit (p) ghc864; }; })
- ];
-}
diff --git a/jeschli/2configs/home-manager/default.nix b/jeschli/2configs/home-manager/default.nix
deleted file mode 100644
index ad8663d58..000000000
--- a/jeschli/2configs/home-manager/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- imports = [
- <home-manager/nixos>
- ];
- home-manager.useUserPackages = true;
- home-manager.users.jeschli = {
- home.stateVersion = "19.03";
- };
-}
diff --git a/jeschli/2configs/i3.nix b/jeschli/2configs/i3.nix
deleted file mode 100644
index 1a6c4927a..000000000
--- a/jeschli/2configs/i3.nix
+++ /dev/null
@@ -1,247 +0,0 @@
-{pkgs, environment, config, lib, ... }:
-
-with pkgs;
-
-let
-
- i3_conf_file = pkgs.writeText "config" ''
-
- # i3 config file (v4)
- # doc: https://i3wm.org/docs/userguide.html
-
- set $mod Mod4
-
- # Font for window titles. Will also be used by the bar unless a different font
- # is used in the bar {} block below.
- font pango:monospace 8
-
- # Use Mouse+$mod to drag floating windows to their wanted position
- floating_modifier $mod
-
- # start a terminal
- bindsym $mod+Return exec i3-sensible-terminal
-
- # kill focused window
- bindsym $mod+Shift+q kill
-
- # start rofi program launcher
- bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run
- # Switch windows with rofi
- bindsym $mod+x exec ${pkgs.rofi}/bin/rofi -modi window -show window -auto-select
-
- # There also is the (new) i3-dmenu-desktop which only displays applications
- # shipping a .desktop file. It is a wrapper around dmenu, so you need that
- # installed.
- # bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
-
- # change focus
- bindsym $mod+j focus left
- bindsym $mod+k focus down
- bindsym $mod+l focus up
- bindsym $mod+semicolon focus right
-
- # alternatively, you can use the cursor keys:
- bindsym $mod+Left focus left
- bindsym $mod+Down focus down
- bindsym $mod+Up focus up
- bindsym $mod+Right focus right
-
- # move focused window
- bindsym $mod+Shift+j move left
- bindsym $mod+Shift+k move down
- bindsym $mod+Shift+l move up
- bindsym $mod+Shift+semicolon move right
-
- # alternatively, you can use the cursor keys:
- bindsym $mod+Shift+Left move left
- bindsym $mod+Shift+Down move down
- bindsym $mod+Shift+Up move up
- bindsym $mod+Shift+Right move right
-
- # split in horizontal orientation
- bindsym $mod+h split h
-
- # split in vertical orientation
- bindsym $mod+v split v
-
- # enter fullscreen mode for the focused container
- bindsym $mod+f fullscreen toggle
-
- # change container layout (stacked, tabbed, toggle split)
- bindsym $mod+s layout stacking
- bindsym $mod+w layout tabbed
- bindsym $mod+e layout toggle split
-
- # toggle tiling / floating
- bindsym $mod+Shift+space floating toggle
-
- # change focus between tiling / floating windows
- bindsym $mod+space focus mode_toggle
-
- # focus the parent container
- bindsym $mod+a focus parent
-
- # focus the child container
- #bindsym $mod+d focus child
-
- # Define names for default workspaces for which we configure key bindings later on.
- # We use variables to avoid repeating the names in multiple places.
- set $ws1 "1"
- set $ws2 "2"
- set $ws3 "3: Emacs"
- set $ws4 "4"
- set $ws5 "5"
- set $ws6 "6"
- set $ws7 "7"
- set $ws8 "8"
- set $ws9 "9"
- set $ws10 "10"
-
- assign [class="emacs"] $ws3
-
- # switch to workspace
- bindsym $mod+1 workspace $ws1
- bindsym $mod+2 workspace $ws2
- bindsym $mod+3 workspace $ws3
- bindsym $mod+4 workspace $ws4
- bindsym $mod+5 workspace $ws5
- bindsym $mod+6 workspace $ws6
- bindsym $mod+7 workspace $ws7
- bindsym $mod+8 workspace $ws8
- bindsym $mod+9 workspace $ws9
- bindsym $mod+0 workspace $ws10
-
- # move focused container to workspace
- bindsym $mod+Shift+1 move container to workspace $ws1
- bindsym $mod+Shift+2 move container to workspace $ws2
- bindsym $mod+Shift+3 move container to workspace $ws3
- bindsym $mod+Shift+4 move container to workspace $ws4
- bindsym $mod+Shift+5 move container to workspace $ws5
- bindsym $mod+Shift+6 move container to workspace $ws6
- bindsym $mod+Shift+7 move container to workspace $ws7
- bindsym $mod+Shift+8 move container to workspace $ws8
- bindsym $mod+Shift+9 move container to workspace $ws9
- bindsym $mod+Shift+0 move container to workspace $ws10
-
- # reload the configuration file
- bindsym $mod+Shift+c reload
- # restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
- bindsym $mod+Shift+r restart
- # exit i3 (logs you out of your X session)
- bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"
-
- # resize window (you can also use the mouse for that)
- mode "resize" {
- # These bindings trigger as soon as you enter the resize mode
-
- # Pressing left will shrink the window’s width.
- # Pressing right will grow the window’s width.
- # Pressing up will shrink the window’s height.
- # Pressing down will grow the window’s height.
- bindsym j resize shrink width 10 px or 10 ppt
- bindsym k resize grow height 10 px or 10 ppt
- bindsym l resize shrink height 10 px or 10 ppt
- bindsym semicolon resize grow width 10 px or 10 ppt
-
- # same bindings, but for the arrow keys
- bindsym Left resize shrink width 10 px or 10 ppt
- bindsym Down resize grow height 10 px or 10 ppt
- bindsym Up resize shrink height 10 px or 10 ppt
- bindsym Right resize grow width 10 px or 10 ppt
-
- # back to normal: Enter or Escape or $mod+r
- bindsym Return mode "default"
- bindsym Escape mode "default"
- bindsym $mod+r mode "default"
- }
-
- bindsym $mod+r mode "resize"
-
- bar {
- status_command i3status
- position top
- }
-
- #######################
- # #
- # AUTORUNS #
- # #
- #######################
- # Start firefox
- exec --no-startup-id ${pkgs.firefox}/bin/firefox --new-instance --setDefaultBrowser
-
- # Start my-emacs server
- exec --no-startup-id my-emacs-daemon
- '';
-
-in {
-
- #######################
- # #
- # AUTORANDR #
- # #
- #######################
-
- # Start autorandr on display change
- services.autorandr = {
- enable = true;
- defaultTarget = "mobile";
- };
-
- # What to execute after resolution has been changed
- environment.etc."xdg/autorandr/postswitch" = {
- text = '' sleep 4 && i3-msg "restart" '';
-
- };
-
- # Start autorandr once on startup
- systemd.user.services.boot-autorandr = {
- description = "Autorandr service";
- partOf = [ "graphical-session.target" ];
- wantedBy = [ "graphical-session.target" ];
- serviceConfig = {
- ExecStart = "${pkgs.autorandr}/bin/autorandr -c";
- Type = "oneshot";
- };
- };
-
-
-
- #######################
- # #
- # XSERVER #
- # #
- #######################
-services.xserver.enable = true;
-
- # Enable i3 Window Manager
- services.xserver.windowManager.i3 = {
- enable = true;
- package = pkgs.i3;
- configFile = i3_conf_file;
- };
-
-
- # ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name}
- # ${pkgs.xorg.xhost}/bin/xhost -LOCAL:
- services.xserver.windowManager.default = "i3";
- services.xserver.desktopManager.xterm.enable = false;
-
-
- # Enable the X11 windowing system.
- services.xserver.displayManager.lightdm.enable = true;
-
- # Allow users in video group to change brightness
- environment.systemPackages = with pkgs; [
- rofi # Dmenu replacement
- acpilight # Replacement for xbacklight
- brightnessctl
- arandr # Xrandr gui
- feh
- wirelesstools # To get wireless statistics
- acpi
- xorg.xhost
- xorg.xauth
- ];
-
-}
diff --git a/jeschli/2configs/officevpn.nix b/jeschli/2configs/officevpn.nix
deleted file mode 100644
index eb0477d51..000000000
--- a/jeschli/2configs/officevpn.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- nixpkgs.config.packageOverrides = pkgs: {
- openvpn = pkgs.openvpn.override { pkcs11Support = true; useSystemd = false;};
- };
-
- environment.systemPackages = with pkgs; [
- opensc
- openvpn
- yubikey-manager
- ];
-
- services.pcscd.enable = true;
-
- # To start the vpn manually execute
- # $ openvpn --config clien.ovpn
-}
-
diff --git a/jeschli/2configs/os-templates/CentOS-7-64bit.nix b/jeschli/2configs/os-templates/CentOS-7-64bit.nix
deleted file mode 100644
index fb34e94e2..000000000
--- a/jeschli/2configs/os-templates/CentOS-7-64bit.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-_:
-
-{
- imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
-
- boot.loader.grub = {
- device = "/dev/sda";
- splashImage = null;
- };
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
-
- fileSystems."/" = {
- device = "/dev/sda1";
- fsType = "ext4";
- };
-}
diff --git a/jeschli/2configs/python.nix b/jeschli/2configs/python.nix
deleted file mode 100644
index 0c32e1fc8..000000000
--- a/jeschli/2configs/python.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = with pkgs; [
- python37
- python37Packages.pip
- pipenv
- ];
-}
diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix
deleted file mode 100644
index f22609655..000000000
--- a/jeschli/2configs/retiolum.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
- krebs.tinc.retiolum = {
- enable = true;
- connectTo = [
- "prism"
- "gum"
- "ni"
- "dishfire"
- "enklave"
- ];
- };
-
- nixpkgs.config.packageOverrides = pkgs: {
- tinc = pkgs.tinc_pre;
- };
-
- networking.firewall.allowedTCPPorts = [ 80 655 ];
- networking.firewall.allowedUDPPorts = [ 655 ];
-
- environment.systemPackages = [
- pkgs.tinc
- ];
-}
diff --git a/jeschli/2configs/rust.nix b/jeschli/2configs/rust.nix
deleted file mode 100644
index 46addb15c..000000000
--- a/jeschli/2configs/rust.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = with pkgs; [
- rustup
- gcc
- ];
-}
diff --git a/jeschli/2configs/steam.nix b/jeschli/2configs/steam.nix
deleted file mode 100644
index 06a068a3f..000000000
--- a/jeschli/2configs/steam.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
- nixpkgs.config.steam.java = true;
- environment.systemPackages = with pkgs; [
- steam
- ];
- hardware.opengl.driSupport32Bit = true;
-
- #ports for inhome streaming
-}
diff --git a/jeschli/2configs/tests/dummy-secrets/empty b/jeschli/2configs/tests/dummy-secrets/empty
deleted file mode 100644
index e69de29bb..000000000
--- a/jeschli/2configs/tests/dummy-secrets/empty
+++ /dev/null
diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix
deleted file mode 100644
index 4049a47a3..000000000
--- a/jeschli/2configs/urxvt.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
- options.jeschliFontSize = mkOption {
- type = types.int;
- default = 12;
- };
- config = {
- services.urxvtd.enable = true;
- krebs.xresources.enable = true;
- krebs.xresources.resources.urxvt = ''
- *foreground: rgb:a8/a8/a8
- *background: rgb:00/00/00
- *faceName: DejaVu Sans Mono
- *faceSize: ${toString config.jeschliFontSize}
- *color0: rgb:00/00/00
- *color1: rgb:a8/00/00
- *color2: rgb:00/a8/00
- *color3: rgb:a8/54/00
- *color4: rgb:26/8b/d2
- *color5: rgb:a8/00/a8
- *color6: rgb:00/a8/a8
- *color7: rgb:a8/a8/a8
- *color8: rgb:54/54/54
- *color9: rgb:fc/54/54
- *color10: rgb:54/fc/54
- *color11: rgb:fc/fc/54
- *color12: rgb:54/54/fc
- *color13: rgb:fc/54/fc
- *color14: rgb:54/fc/fc
- *color15: rgb:fc/fc/fc
-
- URxvt*scrollBar: false
- URxvt*urgentOnBell: true
- URxvt*font: xft:DejaVu Sans Mono:pixelsize=${toString config.jeschliFontSize}
- URXvt*faceSize: ${toString config.jeschliFontSize}
- '';
- };
-}
diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix
deleted file mode 100644
index 586016f60..000000000
--- a/jeschli/2configs/vim.nix
+++ /dev/null
@@ -1,151 +0,0 @@
-{ config, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin {
- name = "vim-javascript";
- src = pkgs.fetchFromGitHub {
- owner = "pangloss";
- repo = "vim-javascript";
- rev = "1.2.5.1";
- sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7";
- };
- };
- customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin {
- name = "vim-jsx";
- src = pkgs.fetchFromGitHub {
- owner = "mxw";
- repo = "vim-jsx";
- rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a";
- sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a";
- };
- };
- customPlugins.vim-fileline = pkgs.vimUtils.buildVimPlugin {
- name = "file-line-1.0";
- src = pkgs.fetchFromGitHub {
- owner = "bogado";
- repo = "file-line";
- rev = "1.0";
- sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
- };
- };
-in {
- environment.systemPackages = [
- (pkgs.vim_configurable.customize {
- name = "vim";
- vimrcConfig.customRC = let
- colorscheme = ''colorscheme molokai'';
- highlightTrailingWhiteSpaces = ''
- au Syntax * syn match Garbage containedin=ALL /\s\+$/
- '';
- setStatements = ''
- set autowrite
- set clipboard=unnamedplus
- set listchars=trail:¶
- set mouse=a
- set nocompatible
- set path+=**
- set ruler
- set undodir=$HOME/.vim/undo "directory where the undo files will be stored
- set undofile "turn on the feature
- set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
- set wildmenu
- '';
- remapStatements = ''
- imap jk <Esc>
- map gr :GoRun<Enter> " Map gr to execute go run
- map tt :GoTest<Enter> " Map tt to execute go test
- map nf :NERDTreeToggle<CR>
- nnoremap <C-TAB> <c-w><c-w>
- nnoremap <S-TAB> :bnext<CR>
- noremap x "_x
- vmap v v
- '';
- settingsForGo = ''
- let g:go_decls_includes = "func,type"
- let g:go_def_mode = 'godef'
- let g:go_fmt_command = "goimports"
- let g:go_highlight_extra_types = 1
- let g:go_highlight_fields = 1
- let g:go_highlight_functions = 1
- let g:go_highlight_methods = 1
- let g:go_highlight_types = 1
- let g:go_list_type = "quickfix"
- let g:go_metalinter_autosave = 1
- let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
- let g:go_snippet_case_type = "camelcase"
- let g:go_test_timeout = '10s'
- let g:jsx_ext_required = 0
- let g:molokai_original = 1
- let g:rehash256 = 1
- '';
- settingsForElm = ''
- let g:polyglot_disabled = ['elm']
- let g:elm_detailed_complete = 1
- let g:elm_format_autosave = 1
- let g:elm_syntastic_show_warnings = 1
- '';
- in ''
- ${colorscheme}
- ${highlightTrailingWhiteSpaces}
- ${remapStatements}
- ${setStatements}
- ${settingsForElm}
- ${settingsForGo}
- " dont expand tabs in go files and show it with four whitespaces.
- autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
- '';
- vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
- vimrcConfig.vam.pluginDictionaries = [
- { names = [
- "ctrlp"
- "easymotion"
- "elm-vim"
- "vim-fileline"
- "molokai"
- "nerdtree"
- "snipmate"
- "surround"
- "Syntastic"
- "undotree"
- ];
- }
- { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
- { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode
- { names = [ "vim-javascript" ]; ft_regex = "^js\$"; }
- { names = [ "vim-jsx" ]; ft_regex = "^js\$"; }
- ];
- })
- ];
-
- # set up the directories up if they are not there.
-# Needs to be changed.
-# vim = let
-# dirs = {
-# backupdir = "$HOME/.cache/vim/backup";
-# swapdir = "$HOME/.cache/vim/swap";
-# undodir = "$HOME/.cache/vim/undo";
-# };
-# files = {
-# viminfo = "$HOME/.cache/vim/info";
-# };
-#
-# mkdirs = let
-# dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
-# in assert out != ""; out;
-# alldirs = attrValues dirs ++ map dirOf (attrValues files);
-# in unique (sort lessThan alldirs);
-# in
-# pkgs.symlinkJoin {
-# name = "vim";
-# paths = [
-# (pkgs.writeDashBin "vim" ''
-# set -efu
-# (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
-# exec ${pkgs.vim}/bin/vim "$@"
-# '')
-# pkgs.vim
-# ];
-# };
-
-}
diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix
deleted file mode 100644
index c9bb8c41f..000000000
--- a/jeschli/2configs/virtualbox.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- mainUser = config.users.extraUsers.jeschli;
-
-in {
- #services.virtualboxHost.enable = true;
- virtualisation.virtualbox.host.enable = true;
-
- users.extraUsers = {
- virtual = {
- name = "virtual";
- description = "user for running VirtualBox";
- home = "/home/virtual";
- useDefaultShell = true;
- extraGroups = [ "vboxusers" "audio" ];
- createHome = true;
- };
- };
- security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(virtual) NOPASSWD: ALL
- '';
-}
diff --git a/jeschli/2configs/xdg.nix b/jeschli/2configs/xdg.nix
deleted file mode 100644
index 18bac9b38..000000000
--- a/jeschli/2configs/xdg.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
- environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
-
- systemd.tmpfiles.rules = let
- forUsers = flip map users;
- isUser = { name, group, ... }:
- name == "root" || hasSuffix "users" group;
- users = filter isUser (mapAttrsToList (_: id) config.users.users);
- in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -");
-}
diff --git a/jeschli/2configs/xserver/Xmodmap.nix b/jeschli/2configs/xserver/Xmodmap.nix
deleted file mode 100644
index d2b1b2604..000000000
--- a/jeschli/2configs/xserver/Xmodmap.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-pkgs.writeText "Xmodmap" ''
- !keycode 66 = Caps_Lock
- !remove Lock = Caps_Lock
- clear Lock
-
- ! caps lock
- keycode 66 = Mode_switch
-
- keycode 13 = 4 dollar EuroSign cent
- keycode 30 = u U udiaeresis Udiaeresis
- keycode 32 = o O odiaeresis Odiaeresis
- keycode 38 = a A adiaeresis Adiaeresis
- keycode 39 = s S ssharp
-
- keycode 33 = p P Greek_pi Greek_PI
- keycode 46 = l L Greek_lambda Greek_LAMBDA
-
- keycode 54 = c C cacute Cacute
-
- ! BULLET OPERATOR
- keycode 17 = 8 asterisk U2219
- keycode 27 = r R r U211D
-''
diff --git a/jeschli/2configs/xserver/Xresources.nix b/jeschli/2configs/xserver/Xresources.nix
deleted file mode 100644
index ebe7159ff..000000000
--- a/jeschli/2configs/xserver/Xresources.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-pkgs.writeText "Xresources" /* xdefaults */ ''
- Xcursor.theme: aero-large-drop
- Xcursor.size: 128
-
- URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}‘’"
- URxvt*eightBitInput: false
- URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
- URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
- URxvt*scrollBar: false
- URxvt*background: #050505
- URxvt*foreground: #d0d7d0
- URxvt*cursorColor: #f042b0
- URxvt*cursorColor2: #f0b000
- URxvt*cursorBlink: off
- URxvt*jumpScroll: true
- URxvt*allowSendEvents: false
- URxvt*charClass: 33:48,37:48,45-47:48,64:48,38:48,61:48,63:48
- URxvt*cutNewline: False
- URxvt*cutToBeginningOfLine: False
- URxvt*font: xft:Monospace:size=12
- URxvt*font: xft:Monospace:size=12:bold
- URxvt*color0: #232342
- URxvt*color3: #c07000
- URxvt*color4: #4040c0
- URxvt*color7: #c0c0c0
- URxvt*color8: #707070
- URxvt*color9: #ff6060
- URxvt*color10: #70ff70
- URxvt*color11: #ffff70
- URxvt*color12: #7070ff
- URxvt*color13: #ff50ff
- URxvt*color14: #70ffff
- URxvt*color15: #ffffff
-
- URxvt*iso14755: False
-
- URxvt*urgentOnBell: True
- URxvt*visualBell: True
-
- ! ref https://github.com/muennich/urxvt-perls
- URxvt*perl-ext: default,url-select
- URxvt*keysym.M-u: perl:url-select:select_next
- URxvt*url-select.underline: true
- URxvt*colorUL: #4682B4
- URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
- URxvt*saveLines: 10000
-
- root-urxvt*background: #230000
- root-urxvt*foreground: #e0c0c0
- root-urxvt*BorderColor: #400000
- root-urxvt*color0: #800000
-''
diff --git a/jeschli/2configs/xserver/default.nix b/jeschli/2configs/xserver/default.nix
deleted file mode 100644
index 44c35ca37..000000000
--- a/jeschli/2configs/xserver/default.nix
+++ /dev/null
@@ -1,130 +0,0 @@
-{ config, pkgs, ... }@args:
-with import <stockholm/lib>;
-let
- cfg = {
- cacheDir = cfg.dataDir;
- configDir = "/var/empty";
- dataDir = "/run/xdg/${cfg.user.name}/xmonad";
- user = config.krebs.users.jeschli;
- };
-in {
-
- environment.systemPackages = [
- pkgs.font-size
- pkgs.gitAndTools.qgit
- pkgs.mpv
- pkgs.sxiv
- pkgs.xdotool
- pkgs.xsel
- pkgs.zathura
- ];
-
- fonts.fonts = [
- pkgs.xlibs.fontschumachermisc
- ];
-
- # TODO dedicated group, i.e. with a single user [per-user-setuid]
- # TODO krebs.setuid.slock.path vs /run/wrappers/bin
- krebs.setuid.slock = {
- filename = "${pkgs.slock}/bin/slock";
- group = "wheel";
- envp = {
- DISPLAY = ":${toString config.services.xserver.display}";
- USER = cfg.user.name;
- };
- };
-
- systemd.services.display-manager.enable = false;
-
- systemd.services.xmonad = {
- wantedBy = [ "multi-user.target" ];
- requires = [ "xserver.service" ];
- environment = {
- DISPLAY = ":${toString config.services.xserver.display}";
-
- XMONAD_CACHE_DIR = cfg.cacheDir;
- XMONAD_CONFIG_DIR = cfg.configDir;
- XMONAD_DATA_DIR = cfg.dataDir;
-
- XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
- ${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
- ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
- ${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} &
- ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
- ${config.services.xserver.displayManager.sessionCommands}
- if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
- exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
- fi
- export DBUS_SESSION_BUS_ADDRESS
- ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
- wait
- '';
-
- # XXX JSON is close enough :)
- XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
- "dashboard" # we start here
- "stockholm"
- "pycharm"
- "chromium"
- "iRC"
- "git"
- "hipbird"
- ]);
- };
- serviceConfig = {
- SyslogIdentifier = "xmonad";
- ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [
- "\${XMONAD_CACHE_DIR}"
- "\${XMONAD_CONFIG_DIR}"
- "\${XMONAD_DATA_DIR}"
- ]}";
- ExecStart = "${pkgs.xmonad-jeschli}/bin/xmonad";
- ExecStop = "${pkgs.xmonad-jeschli}/bin/xmonad --shutdown";
- User = cfg.user.name;
- WorkingDirectory = cfg.user.home;
- };
- };
-
- systemd.services.xserver = {
- after = [
- "systemd-udev-settle.service"
- "local-fs.target"
- "acpid.service"
- ];
- reloadIfChanged = true;
- environment = {
- XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
- XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
- LD_LIBRARY_PATH = concatStringsSep ":" (
- [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
- ++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
- };
- serviceConfig = {
- SyslogIdentifier = "xserver";
- ExecReload = "${pkgs.coreutils}/bin/echo NOP";
- ExecStart = toString [
- "${pkgs.xorg.xorgserver}/bin/X"
- ":${toString config.services.xserver.display}"
- "vt${toString config.services.xserver.tty}"
- "-config ${import ./xserver.conf.nix args}"
- "-logfile /dev/null -logverbose 0 -verbose 3"
- "-nolisten tcp"
- "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
- ];
- };
- };
-
- systemd.services.urxvtd = {
- wantedBy = [ "multi-user.target" ];
- reloadIfChanged = true;
- serviceConfig = {
- SyslogIdentifier = "urxvtd";
- ExecReload = "${pkgs.coreutils}/bin/echo NOP";
- ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
- Restart = "always";
- RestartSec = "2s";
- StartLimitBurst = 0;
- User = cfg.user.name;
- };
- };
-}
diff --git a/jeschli/2configs/xserver/xserver.conf.nix b/jeschli/2configs/xserver/xserver.conf.nix
deleted file mode 100644
index 6f34e0150..000000000
--- a/jeschli/2configs/xserver/xserver.conf.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
- cfg = config.services.xserver;
-in
-
-pkgs.stdenv.mkDerivation {
- name = "xserver.conf";
-
- xfs = optionalString (cfg.useXFS != false)
- ''FontPath "${toString cfg.useXFS}"'';
-
- inherit (cfg) config;
-
- buildCommand =
- ''
- echo 'Section "Files"' >> $out
- echo $xfs >> $out
-
- for i in ${toString config.fonts.fonts}; do
- if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
- for j in $(find $i -name fonts.dir); do
- echo " FontPath \"$(dirname $j)\"" >> $out
- done
- fi
- done
-
- for i in $(find ${toString cfg.modules} -type d); do
- if test $(echo $i/*.so* | wc -w) -ne 0; then
- echo " ModulePath \"$i\"" >> $out
- fi
- done
-
- echo 'EndSection' >> $out
-
- echo "$config" >> $out
- '';
-}
diff --git a/jeschli/2configs/zsh.nix b/jeschli/2configs/zsh.nix
deleted file mode 100644
index 0f6775efb..000000000
--- a/jeschli/2configs/zsh.nix
+++ /dev/null
@@ -1,138 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- environment.systemPackages = [ pkgs.fzf ];
- programs.zsh = {
- enable = true;
- shellInit = ''
- #disable config wizard
- zsh-newuser-install() { :; }
- '';
- interactiveShellInit = ''
- setopt autocd extendedglob
- bindkey -e
-
- #history magic
- bindkey "" up-line-or-local-history
- bindkey "" down-line-or-local-history
-
- up-line-or-local-history() {
- zle set-local-history 1
- zle up-line-or-history
- zle set-local-history 0
- }
- zle -N up-line-or-local-history
- down-line-or-local-history() {
- zle set-local-history 1
- zle down-line-or-history
- zle set-local-history 0
- }
- zle -N down-line-or-local-history
-
- setopt share_history
- setopt hist_ignore_dups
- # setopt inc_append_history
- bindkey '^R' history-incremental-search-backward
-
- #C-x C-e open line in editor
- autoload -z edit-command-line
- zle -N edit-command-line
- bindkey "^X^E" edit-command-line
-
- #fzf inclusion
- source ${pkgs.fzf}/share/fzf/completion.zsh
- source ${pkgs.fzf}/share/fzf/key-bindings.zsh
-
- #completion magic
- autoload -Uz compinit
- compinit
- zstyle ':completion:*' menu select
-
- #enable automatic rehashing of $PATH
- zstyle ':completion:*' rehash true
-
- eval $(dircolors -b ${pkgs.fetchFromGitHub {
- owner = "trapd00r";
- repo = "LS_COLORS";
- rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
- sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
- }}/LS_COLORS)
-
- #beautiful colors
- alias ls='ls --color'
- # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
-
- #emacs bindings
- bindkey "[7~" beginning-of-line
- bindkey "[8~" end-of-line
- bindkey "Oc" emacs-forward-word
- bindkey "Od" emacs-backward-word
-
- #aliases
- alias ll='ls -l'
- alias la='ls -la'
-
- #fancy window title magic
- '';
- promptInit = ''
- # TODO: figure out why we need to set this here
- HISTSIZE=900001
- HISTFILESIZE=$HISTSIZE
- SAVEHIST=$HISTSIZE
-
- autoload -U promptinit
- promptinit
-
- p_error='%(?..%F{red}%?%f )'
- t_error='%(?..%? )'
-
- case $UID in
- 0)
- p_username='%F{red}root%f'
- t_username='root'
- ;;
- 1337)
- p_username=""
- t_username=""
- ;;
- *)
- p_username='%F{blue}%n%f'
- t_username='%n'
- ;;
- esac
-
- if test -n "$SSH_CLIENT"; then
- p_hostname='@%F{magenta}%M%f '
- t_hostname='@%M '
- else
- p_hostname=""
- t_hostname=""
- fi
-
- #check if in nix shell
- if test -n "$buildInputs"; then
- p_nixshell='%F{green}[s]%f '
- t_nixshell='[s] '
- else
- p_nixshell=""
- t_nixshell=""
- fi
-
- PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ "
- TITLE="$t_error$t_username$t_hostname$t_nixshell%~"
- case $TERM in
- (*xterm* | *rxvt*)
- function precmd {
- PROMPT_EVALED="$(print -P $TITLE)"
- echo -ne "\033]0;$$ $PROMPT_EVALED\007"
- }
- # This is seen while the shell waits for a command to complete.
- function preexec {
- PROMPT_EVALED="$(print -P $TITLE)"
- echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
- }
- ;;
- esac
- '';
- };
- users.defaultUserShell = "/run/current-system/sw/bin/zsh";
-}
diff --git a/jeschli/5pkgs/default.nix b/jeschli/5pkgs/default.nix
deleted file mode 100644
index 3fa5b5e85..000000000
--- a/jeschli/5pkgs/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-with import <stockholm/lib>;
-
-self: super:
-
-# Import files and subdirectories like they are overlays.
-foldl' mergeAttrs {}
- (map
- (name: import (./. + "/${name}") self super)
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (attrNames (readDir ./.))))
diff --git a/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix
deleted file mode 100644
index 05815e132..000000000
--- a/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ stdenv, fetchurl, unzip, jq, zip }:
-
-stdenv.mkDerivation rec {
- pname = "audio-fingerprint-defender-${version}";
- version = "0.1.3";
-
- extid = "@audio-fingerprint-defender";
- signed = false;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3363623/audiocontext_fingerprint_defender-${version}-an+fx.xpi";
- sha256 = "0yfk5vqwjg4g25c98psj56sw3kv8imxav3nss4hbibflgla1h5pb";
- };
-
- phases = [ "buildPhase" ];
-
- buildInputs = [ zip unzip jq ];
-
- buildPhase = ''
- mkdir -p $out/${extid}
- unzip ${src} -d $out/${extid}
- NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
- echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
- cd $out/${extid}
- zip -r -FS $out/${extid}.xpi *
- rm -r $out/${extid}
- '';
-
- meta = with stdenv.lib; {
- description = "Audio context fingerprint defender firefox browser addon";
- homepage = https://mybrowseraddon.com/audiocontext-defender.html;
- license = {
- fullName = "Mozilla Public License Version 2.0";
- shortName = "moz2";
- spdxId = "mozilla-2.0";
- url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix
deleted file mode 100644
index 21b4b3f97..000000000
--- a/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ stdenv, fetchurl, unzip, jq, zip }:
-
-stdenv.mkDerivation rec {
- pname = "canvas-fingerprint-defender-${version}";
- version = "0.1.5";
-
- extid = "@canvas-fingerprint-defender";
- signed = false;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3362272/canvas_fingerprint_defender-${version}-an+fx.xpi?src=recommended";
- sha256 = "1hg00zsrw7ij7bc222j83g2wm3ml1aj34zg5im1802cjq4qqvbld";
- };
-
- phases = [ "buildPhase" ];
-
- buildInputs = [ zip unzip jq ];
-
- buildPhase = ''
- mkdir -p $out/${extid}
- unzip ${src} -d $out/${extid}
- NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
- echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
- cd $out/${extid}
- zip -r -FS $out/${extid}.xpi *
- rm -r $out/${extid}
- '';
-
- meta = with stdenv.lib; {
- description = "Canvas fingerprint defender firefox browser addon";
- homepage = https://mybrowseraddon.com/webgl-defender.html;
- license = {
- fullName = "Mozilla Public License Version 2.0";
- shortName = "moz2";
- spdxId = "mozilla-2.0";
- url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/dark-reader/default.nix b/jeschli/5pkgs/firefox/dark-reader/default.nix
deleted file mode 100644
index 44f4f9054..000000000
--- a/jeschli/5pkgs/firefox/dark-reader/default.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ stdenv, fetchurl }:
-
-stdenv.mkDerivation rec {
- pname = "dark-reader-${version}";
- version = "4.8.1";
-
- extid = "addon@darkreader.org";
- signed = true;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3404143/dark_reader-${version}-an+fx.xpi";
- sha256 = "0ic0i56jhmxymvy68bs5hqcjvdvw3vks5r58i2ygmpsm190rlldb";
- };
-
- phases = [ "installPhase" ];
-
- installPhase = ''
- install -D ${src} "$out/${extid}.xpi"
- '';
-
- meta = with stdenv.lib; {
- description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing.";
- homepage = https://github.com/darkreader/darkreader;
- license = licenses.mit;
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/default.nix b/jeschli/5pkgs/firefox/default.nix
deleted file mode 100644
index 6ba4fec83..000000000
--- a/jeschli/5pkgs/firefox/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-with import <stockholm/lib>;
-
-self: super:
-
-let
- # This callPackage will try to detect obsolete overrides.
- callPackage = path: args: let
- override = self.callPackage path args;
- upstream = optionalAttrs (override ? "name")
- (super.${(parseDrvName override.name).name} or {});
- in if upstream ? "name" &&
- override ? "name" &&
- compareVersions upstream.name override.name != -1
- then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
- else override;
-in
-
- mapNixDir (path: callPackage path {}) ./.
diff --git a/jeschli/5pkgs/firefox/firefox-with-config.nix b/jeschli/5pkgs/firefox/firefox-with-config.nix
deleted file mode 100644
index fc22c434e..000000000
--- a/jeschli/5pkgs/firefox/firefox-with-config.nix
+++ /dev/null
@@ -1,487 +0,0 @@
-{ stdenv, lib, pkgs, makeDesktopItem, makeWrapper, lndir, replace, config
-
-## various stuff that can be plugged in
-, flashplayer, hal-flash
-, MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2
-, jrePlugin, icedtea_web
-, bluejeans, djview4, adobe-reader
-, fribid, gnome3/*.gnome-shell*/
-, esteidfirefoxplugin ? ""
-, browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow
-, udev
-, kerberos
-
-}:
-
-## configurability of the wrapper itself
-
-browser:
-
-let
- wrapper =
- { browserName ? browser.browserName or (builtins.parseDrvName browser.name).name
- , name ? (browserName + "-" + (builtins.parseDrvName browser.name).version)
- , desktopName ? # browserName with first letter capitalized
- (lib.toUpper (lib.substring 0 1 browserName) + lib.substring 1 (-1) browserName)
- , nameSuffix ? ""
- , icon ? browserName
- , extraPlugins ? []
- , extraPrefs ? ""
- , extraExtensions ? [ ]
- , allowNonSigned ? false
- , disablePocket ? false
- , disableTelemetry ? true
- , disableDrmPlugin ? false
- , showPunycodeUrls ? true
- , disableFirefoxStudies ? true
- , disableFirefoxSync ? false
- , useSystemCertificates ? true
- , dontCheckDefaultBrowser ? false
- # For more information about anti tracking
- # vist https://wiki.kairaven.de/open/app/firefox
- , activateAntiTracking ? true
- , disableFeedbackCommands ? true
- , disableDNSOverHTTPS ? true
- , disableGoogleSafebrowsing ? false
- , clearDataOnShutdown ? false
- , homepage ? "about:blank"
- # For more information about policies visit
- # https://github.com/mozilla/policy-templates#enterprisepoliciesenabled
- , extraPolicies ? {}
- , extraNativeMessagingHosts ? []
- , gdkWayland ? false
- }:
-
- assert gdkWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used
-
- let
-
- # If extraExtensions has been set disable manual extensions
- disableManualExtensions = if lib.count (x: true) extraExtensions > 0 then true else false;
-
- cfg = config.${browserName} or {};
- enableAdobeFlash = cfg.enableAdobeFlash or false;
- ffmpegSupport = browser.ffmpegSupport or false;
- gssSupport = browser.gssSupport or false;
- jre = cfg.jre or false;
- icedtea = cfg.icedtea or false;
- supportsJDK =
- stdenv.hostPlatform.system == "i686-linux" ||
- stdenv.hostPlatform.system == "x86_64-linux" ||
- stdenv.hostPlatform.system == "armv7l-linux" ||
- stdenv.hostPlatform.system == "aarch64-linux";
-
- plugins =
- assert !(jre && icedtea);
- if builtins.hasAttr "enableVLC" cfg
- then throw "The option \"${browserName}.enableVLC\" has been removed since Firefox no longer supports npapi plugins"
- else
- ([ ]
- ++ lib.optional enableAdobeFlash flashplayer
- ++ lib.optional (cfg.enableDjvu or false) (djview4)
- ++ lib.optional (cfg.enableMPlayer or false) (MPlayerPlugin browser)
- ++ lib.optional (supportsJDK && jre && jrePlugin ? mozillaPlugin) jrePlugin
- ++ lib.optional icedtea icedtea_web
- ++ lib.optional (cfg.enableFriBIDPlugin or false) fribid
- ++ lib.optional (cfg.enableGnomeExtensions or false) gnome3.gnome-shell
- ++ lib.optional (cfg.enableBluejeans or false) bluejeans
- ++ lib.optional (cfg.enableAdobeReader or false) adobe-reader
- ++ lib.optional (cfg.enableEsteid or false) esteidfirefoxplugin
- ++ extraPlugins
- );
- nativeMessagingHosts =
- ([ ]
- ++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass)
- ++ lib.optional (cfg.enableBukubrow or false) bukubrow
- ++ lib.optional (cfg.enableGnomeExtensions or false) chrome-gnome-shell
- ++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator
- ++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma-browser-integration
- ++ extraNativeMessagingHosts
- );
- libs = lib.optional stdenv.isLinux udev
- ++ lib.optional ffmpegSupport ffmpeg
- ++ lib.optional gssSupport kerberos
- ++ lib.optionals (cfg.enableQuakeLive or false)
- (with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsaLib zlib ])
- ++ lib.optional (enableAdobeFlash && (cfg.enableAdobeFlashDRM or false)) hal-flash
- ++ lib.optional (config.pulseaudio or true) libpulseaudio;
- gtk_modules = [ libcanberra-gtk2 ];
-
- enterprisePolicies =
- {
- policies = {
- DisableAppUpdate = true;
- } // lib.optionalAttrs disableManualExtensions (
- {
- ExtensionSettings = {
- "*" = {
- blocked_install_message = "You can't have manual extension mixed with nix extensions";
- installation_mode = "blocked";
- };
-
- } // lib.foldr (e: ret:
- ret // {
- "${e.extid}" = {
- installation_mode = "allowed";
- };
- }
- ) {} extraExtensions;
- }
- ) // lib.optionalAttrs disablePocket (
- {
- DisablePocket = true;
- }
- ) // lib.optionalAttrs disableTelemetry (
- {
- DisableTelemetry = true;
- }
- ) // lib.optionalAttrs disableFirefoxStudies (
- {
- DisableFirefoxStudies = true;
- }
- ) // lib.optionalAttrs disableFirefoxSync (
- {
- DisableFirefoxAccounts = true;
- }
- ) // lib.optionalAttrs useSystemCertificates (
- {
- # Disable useless firefox certificate store
- Certificates = {
- ImportEnterpriseRoots = true;
- };
- }
- ) // lib.optionalAttrs (
- if lib.count (x: true) extraExtensions > 0 then true else false) (
- {
- # Don't try to update nix installed addons
- DisableSystemAddonUpdate = true;
-
- # But update manually installed addons
- ExtensionUpdate = false;
- }
- ) // lib.optionalAttrs dontCheckDefaultBrowser (
- {
- DontCheckDefaultBrowser = true;
- }
- )// lib.optionalAttrs disableDNSOverHTTPS (
- {
- DNSOverHTTPS = {
- Enabled = false;
- };
- }
- ) // lib.optionalAttrs clearDataOnShutdown (
- {
- SanitizeOnShutdown = true;
- }
- ) // lib.optionalAttrs disableFeedbackCommands (
- {
- DisableFeedbackCommands = true;
- }
- ) // lib.optionalAttrs ( if homepage == "" then false else true) (
- {
- Homepage = {
- URL = homepage;
- Locked = true;
- };
- }
- ) // extraPolicies ;} ;
-
-
- extensions = builtins.map (a:
- if ! (builtins.hasAttr "signed" a) || ! (builtins.isBool a.signed) then
- throw "Addon ${a.pname} needs boolean attribute 'signed' "
- else if ! (builtins.hasAttr "extid" a) || ! (builtins.isString a.extid) then
- throw "Addon ${a.pname} needs a string attribute 'extid'"
- else if a.signed == false && !allowNonSigned then
- throw "Disable signature checking in firefox if you want ${a.pname} addon"
- else a
- ) extraExtensions;
-
- policiesJson = builtins.toFile "policies.json"
- (builtins.toJSON enterprisePolicies);
-
- mozillaCfg = builtins.toFile "mozilla.cfg" ''
- // First line must be a comment
-
- // Remove default top sites
- lockPref("browser.newtabpage.pinned", "");
- lockPref("browser.newtabpage.activity-stream.default.sites", "");
-
- // Deactivate first run homepage
- lockPref("browser.startup.firstrunSkipsHomepage", false);
-
- // If true, don't show the privacy policy tab on first run
- lockPref("datareporting.policy.dataSubmissionPolicyBypassNotification", true);
-
- ${
- if allowNonSigned == true then
- ''lockPref("xpinstall.signatures.required", false)''
- else
- ""
- }
-
- ${
- if showPunycodeUrls == true then
- ''
- lockPref("network.IDN_show_punycode", true);
- ''
- else
- ""
- }
-
- ${
- if disableManualExtensions == true then
- ''
- lockPref("extensions.getAddons.showPane", false);
- lockPref("extensions.htmlaboutaddons.recommendations.enabled", false);
- lockPref("app.update.auto", false);
- ''
- else
- ""
- }
-
- ${
- if disableDrmPlugin == true then
- ''
- lockPref("media.gmp-gmpopenh264.enabled", false);
- lockPref("media.gmp-widevinecdm.enabled", false);
- ''
- else
- ""
- }
-
- ${
- if activateAntiTracking == true then
- ''
- // Tracking
- lockPref("browser.send_pings", false);
- lockPref("browser.send_pings.require_same_host", true);
- lockPref("network.dns.disablePrefetch", true);
- lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false);
- lockPref("browser.search.geoip.url", "");
- lockPref("privacy.firstparty.isolate", true);
- lockPref("privacy.userContext.enabled", true);
- lockPref("privacy.userContext.ui.enabled", true);
- lockPref("privacy.firstparty.isolate.restrict_opener_access", false);
- lockPref("network.http.referer.XOriginPolicy", 1);
- lockPref("network.http.referer.hideOnionSource", true);
- lockPref(" privacy.spoof_english", true);
-
- // This option is currently not usable because of bug:
- // https://bugzilla.mozilla.org/show_bug.cgi?id=1557620
- // lockPref("privacy.resistFingerprinting", true);
- ''
- else ""
- }
- ${
- if disableTelemetry == true then
- ''
- // Telemetry
- lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false);
- lockPref("browser.ping-centre.telemetry", false);
- lockPref("devtools.onboarding.telemetry.logged", false);
- lockPref("toolkit.telemetry.archive.enabled", false);
- lockPref("toolkit.telemetry.bhrPing.enabled", false);
- lockPref("toolkit.telemetry.enabled", false);
- lockPref("toolkit.telemetry.firstShutdownPing.enabled", false);
- lockPref("toolkit.telemetry.hybridContent.enabled", false);
- lockPref("toolkit.telemetry.newProfilePing.enabled", false);
- lockPref("toolkit.telemetry.shutdownPingSender.enabled", false);
- lockPref("toolkit.telemetry.reportingpolicy.firstRun", false);
- lockPref("dom.push.enabled", false);
- lockPref("browser.newtabpage.activity-stream.feeds.snippets", false);
- lockPref("security.ssl.errorReporting.enabled", false);
- ''
- else ""
- }
-
- ${
- if disableGoogleSafebrowsing == true then
- ''
- // Google data sharing
- lockPref("browser.safebrowsing.blockedURIs.enabled", false);
- lockPref("browser.safebrowsing.downloads.enabled", false);
- lockPref("browser.safebrowsing.malware.enabled", false);
- lockPref("browser.safebrowsing.passwords.enabled", false);
- lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
- lockPref("browser.safebrowsing.malware.enabled", false);
- lockPref("browser.safebrowsing.phishing.enabled", false);
- lockPref("browser.safebrowsing.provider.mozilla.gethashURL", "");
- lockPref("browser.safebrowsing.provider.mozilla.updateURL", "");
- ''
- else ""
- }
-
- // User customization
- ${extraPrefs}
- '';
- in stdenv.mkDerivation {
- inherit name;
-
- desktopItem = makeDesktopItem {
- name = browserName;
- exec = "${browserName}${nameSuffix} %U";
- inherit icon;
- comment = "";
- desktopName = "${desktopName}${nameSuffix}${lib.optionalString gdkWayland " (Wayland)"}";
- genericName = "Web Browser";
- categories = "Application;Network;WebBrowser;";
- mimeType = stdenv.lib.concatStringsSep ";" [
- "text/html"
- "text/xml"
- "application/xhtml+xml"
- "application/vnd.mozilla.xul+xml"
- "x-scheme-handler/http"
- "x-scheme-handler/https"
- "x-scheme-handler/ftp"
- ];
- };
-
- nativeBuildInputs = [ makeWrapper lndir ];
- buildInputs = lib.optional (browser ? gtk3) browser.gtk3;
-
- buildCommand = lib.optionalString stdenv.isDarwin ''
- mkdir -p $out/Applications
- cp -R --no-preserve=mode,ownership ${browser}/Applications/${browserName}.app $out/Applications
- rm -f $out${browser.execdir or "/bin"}/${browserName}
- '' + ''
-
- # Link the runtime. The executable itself has to be copied,
- # because it will resolve paths relative to its true location.
- # Any symbolic links have to be replicated as well.
- cd "${browser}"
- find . -type d -exec mkdir -p "$out"/{} \;
-
- find . -type f \( -not -name "${browserName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \;
-
- find . -type f -name "${browserName}" -print0 | while read -d $'\0' f; do
- cp -P --no-preserve=mode,ownership "${browser}/$f" "$out/$f"
- chmod a+rwx "$out/$f"
- done
-
- # fix links and absolute references
- cd "${browser}"
-
- find . -type l -print0 | while read -d $'\0' l; do
- target="$(readlink "$l" | ${replace}/bin/replace-literal -es -- "${browser}" "$out")"
- ln -sfT "$target" "$out/$l"
- done
-
- # This will not patch binaries, only "text" files.
- # Its there for the wrapper mostly.
- cd "$out"
- ${replace}/bin/replace-literal -esfR -- "${browser}" "$out"
-
- # create the wrapper
-
- executablePrefix="$out${browser.execdir or "/bin"}"
- executablePath="$executablePrefix/${browserName}"
-
- if [ ! -x "$executablePath" ]
- then
- echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'"
- exit 1
- fi
-
- if [ ! -L "$executablePath" ]
- then
- # Careful here, the file at executablePath may already be
- # a wrapper. That is why we postfix it with -old instead
- # of -wrapped.
- oldExe="$executablePrefix"/".${browserName}"-old
- mv "$executablePath" "$oldExe"
- else
- oldExe="$(readlink -v --canonicalize-existing "$executablePath")"
- fi
-
-
- makeWrapper "$oldExe" "$out${browser.execdir or "/bin"}/${browserName}${nameSuffix}" \
- --suffix-each MOZ_PLUGIN_PATH ':' "$plugins" \
- --suffix LD_LIBRARY_PATH ':' "$libs" \
- --suffix-each GTK_PATH ':' "$gtk_modules" \
- --suffix-each LD_PRELOAD ':' "$(cat $(filterExisting $(addSuffix /extra-ld-preload $plugins)))" \
- --prefix-contents PATH ':' "$(filterExisting $(addSuffix /extra-bin-path $plugins))" \
- --suffix PATH ':' "$out${browser.execdir or "/bin"}" \
- --set MOZ_APP_LAUNCHER "${browserName}${nameSuffix}" \
- --set MOZ_SYSTEM_DIR "$out/lib/mozilla" \
- ${lib.optionalString gdkWayland ''
- --set GDK_BACKEND "wayland" \
- ''}${lib.optionalString (browser ? gtk3)
- ''--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
- --suffix XDG_DATA_DIRS : '${gnome3.adwaita-icon-theme}/share'
- ''
- }
-
- if [ -e "${browser}/share/icons" ]; then
- mkdir -p "$out/share"
- ln -s "${browser}/share/icons" "$out/share/icons"
- else
- for res in 16 32 48 64 128; do
- mkdir -p "$out/share/icons/hicolor/''${res}x''${res}/apps"
- icon=( "${browser}/lib/"*"/browser/chrome/icons/default/default''${res}.png" )
- if [ -e "$icon" ]; then ln -s "$icon" \
- "$out/share/icons/hicolor/''${res}x''${res}/apps/${browserName}.png"
- fi
- done
- fi
-
- install -D -t $out/share/applications $desktopItem/share/applications/*
-
- mkdir -p $out/lib/mozilla
- for ext in ${toString nativeMessagingHosts}; do
- lndir -silent $ext/lib/mozilla $out/lib/mozilla
- done
-
- # For manpages, in case the program supplies them
- mkdir -p $out/nix-support
- echo ${browser} > $out/nix-support/propagated-user-env-packages
-
- # user customization
- mkdir -p $out/lib/firefox
-
- # creating policies.json
- mkdir -p "$out/lib/firefox/distribution"
-
- cat > "$out/lib/firefox/distribution/policies.json" < ${policiesJson}
-
- # preparing for autoconfig
- mkdir -p "$out/lib/firefox/defaults/pref"
-
- cat > "$out/lib/firefox/defaults/pref/autoconfig.js" <<EOF
- pref("general.config.filename", "mozilla.cfg");
- pref("general.config.obscure_value", 0);
- EOF
-
- cat > "$out/lib/firefox/mozilla.cfg" < ${mozillaCfg}
-
- mkdir -p $out/lib/firefox/distribution/extensions
-
- for i in ${toString extensions}; do
- ln -s -t $out/lib/firefox/distribution/extensions $i/*
- done
- '';
-
- preferLocalBuild = true;
-
- # Let each plugin tell us (through its `mozillaPlugin') attribute
- # where to find the plugin in its tree.
- plugins = map (x: x + x.mozillaPlugin) plugins;
- libs = lib.makeLibraryPath libs + ":" + lib.makeSearchPathOutput "lib" "lib64" libs;
- gtk_modules = map (x: x + x.gtkModule) gtk_modules;
-
- passthru = { unwrapped = browser; };
-
- disallowedRequisites = [ stdenv.cc ];
-
- meta = browser.meta // {
- description =
- browser.meta.description
- + " (with plugins: "
- + lib.concatStrings (lib.intersperse ", " (map (x: x.name) plugins))
- + ")";
- hydraPlatforms = [];
- priority = (browser.meta.priority or 0) - 1; # prefer wrapper over the package
- };
- };
-in
- lib.makeOverridable wrapper
diff --git a/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix
deleted file mode 100644
index 26751beef..000000000
--- a/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ stdenv, fetchurl, unzip, jq, zip }:
-
-stdenv.mkDerivation rec {
- pname = "font-fingerprint-defender-${version}";
- version = "0.1.0";
-
- extid = "@font-fingerprint-defender";
- signed = false;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3387637/font_fingerprint_defender-${version}-an+fx.xpi";
- sha256 = "1aidkvisnx6qd7hn2x756rvzmbnaz6laqbwq0j5yd86g1kc56dr0";
- };
-
- phases = [ "buildPhase" ];
-
- buildInputs = [ zip unzip jq ];
-
- buildPhase = ''
- mkdir -p $out/${extid}
- unzip ${src} -d $out/${extid}
- NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
- echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
- cd $out/${extid}
- zip -r -FS $out/${extid}.xpi *
- rm -r $out/${extid}
- '';
-
- meta = with stdenv.lib; {
- description = "Font fingerprint defender firefox browser addon";
- homepage = https://mybrowseraddon.com/font-defender.html;
- license = {
- fullName = "Mozilla Public License Version 2.0";
- shortName = "moz2";
- spdxId = "mozilla-2.0";
- url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/hopper/default.nix b/jeschli/5pkgs/firefox/hopper/default.nix
deleted file mode 100644
index 569fc6aaf..000000000
--- a/jeschli/5pkgs/firefox/hopper/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ stdenv, fetchurl, pkgs, makeWrapper, lib }:
-
-stdenv.mkDerivation rec {
- name = "${pname}-${version}";
- pname = "hopper";
- version = "4.5.16";
- rev = "v${lib.versions.major version}";
-
- src = fetchurl {
- url = "https://d2ap6ypl1xbe4k.cloudfront.net/Hopper-${rev}-${version}-Linux.pkg.tar.xz";
- sha256 = "0gjnn7f6ibfx46k4bbj8ra7k04s0mrpq7316brgzks6x5yd1m584";
- };
-
- sourceRoot = ".";
-
- ldLibraryPath = with pkgs; stdenv.lib.makeLibraryPath [
-libbsd.out libffi.out gmpxx.out python27Full.out python27Packages.libxml2.out qt5.qtbase zlib xlibs.libX11.out xorg_sys_opengl.out xlibs.libXrender.out gcc-unwrapped.lib
- ];
-
- nativeBuildInputs = [ makeWrapper ];
-
- installPhase = ''
- mkdir -p $out/bin
- mkdir -p $out/lib
- mkdir -p $out/share
- cp $sourceRoot/opt/hopper-${rev}/bin/Hopper $out/bin/hopper
- cp -r $sourceRoot/opt/hopper-${rev}/lib $out
- cp -r $sourceRoot/usr/share $out/share
- patchelf \
- --set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \
- $out/bin/hopper
- # Details: https://nixos.wiki/wiki/Qt
- wrapProgram $out/bin/hopper \
- --suffix LD_LIBRARY_PATH : ${ldLibraryPath} \
- --suffix QT_PLUGIN_PATH : ${pkgs.qt5.qtbase}/lib/qt-${pkgs.qt5.qtbase.qtCompatVersion}/plugins
- '';
-
- meta = {
- homepage = "https://www.hopperapp.com/index.html";
- description = "A macOS and Linux Disassembler";
- license = stdenv.lib.licenses.unfree;
- maintainers = [ stdenv.lib.maintainers.luis ];
- platforms = stdenv.lib.platforms.linux;
- };
-}
diff --git a/jeschli/5pkgs/firefox/https-everywhere/default.nix b/jeschli/5pkgs/firefox/https-everywhere/default.nix
deleted file mode 100644
index 66fede43c..000000000
--- a/jeschli/5pkgs/firefox/https-everywhere/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ stdenv, fetchurl }:
-
-stdenv.mkDerivation rec {
- pname = "https-everywhere-${version}";
- version = "2019.6.27";
-
- extid = "https-everywhere@eff.org";
- signed = true;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3060290/https_everywhere-${version}-an+fx.xpi";
- sha256 = "0743lhn9phn7n6c0886h9ddn1n8vhzbl0vrw177zs43995aj3frp";
- };
-
- phases = [ "installPhase" ];
-
- installPhase = ''
- install -D ${src} "$out/${extid}.xpi"
-
- '';
-
- meta = {
- description = "Https everywhere browser addon";
- homepage = https://www.eff.org/https-everywhere;
- license = stdenv.lib.licenses.gpl2Plus;
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/pyocclient/default.nix b/jeschli/5pkgs/firefox/pyocclient/default.nix
deleted file mode 100644
index cd91f6171..000000000
--- a/jeschli/5pkgs/firefox/pyocclient/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ lib, python37Packages }:
-
-python37Packages.buildPythonPackage rec {
- pname = "pyocclient";
- version = "0.4";
-
- src = python37Packages.fetchPypi {
- inherit pname version;
- sha256 = "19k3slrk2idixsdw61in9a3jxglvkigkn5kvwl37lj8hrwr4yq6q";
- };
-
- doCheck = false;
-
- propagatedBuildInputs = with python37Packages; [
- requests
- six
- ];
-
- meta = with lib; {
- homepage = https://github.com/owncloud/pyocclient/;
- description = "Nextcloud / Owncloud library for python";
- license = licenses.mit;
- maintainers = with maintainers; [ ];
- };
-
-}
diff --git a/jeschli/5pkgs/firefox/rmount/default.nix b/jeschli/5pkgs/firefox/rmount/default.nix
deleted file mode 100644
index 22631f420..000000000
--- a/jeschli/5pkgs/firefox/rmount/default.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ stdenv, fetchgit, makeWrapper, lib, pkgs ? import <nixpkgs> {} }:
-with pkgs;
-
-stdenv.mkDerivation rec {
- name = "rmount-${version}";
- version = "1.0.1";
- rev = "v${version}";
-
- src = fetchgit {
- rev = "9df124780d2e66f01c70afaecf92090669c5ffb6";
- url = "https://github.com/Luis-Hebendanz/rmount";
- sha256 = "0ydb6sspfnfa3y6gg1r8sk4r58il6636lpqwb2rw7dzmb4b8hpd2";
- };
-
- buildInputs = [ stdenv makeWrapper ];
-
- installPhase = ''
- mkdir -p $out/bin
- mkdir -p $out/share/man/man1
- cp ${src}/rmount.man $out/share/man/man1/rmount.1
- cp ${src}/rmount.bash $out/bin/rmount-noenv
- cp ${src}/config.json $out/share/config.json
- chmod +x $out/bin/rmount-noenv
-
- makeWrapper $out/bin/rmount-noenv $out/bin/rmount \
- --prefix PATH : ${lib.makeBinPath [ nmap jq cifs-utils sshfs ]}
- '';
-
- meta = {
- homepage = "https://github.com/Luis-Hebendanz/rmount";
- description = "Remote mount utility which parses a json file";
- license = stdenv.lib.licenses.mit;
- };
-}
diff --git a/jeschli/5pkgs/firefox/ublock-origin/default.nix b/jeschli/5pkgs/firefox/ublock-origin/default.nix
deleted file mode 100644
index 002fa3efc..000000000
--- a/jeschli/5pkgs/firefox/ublock-origin/default.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ stdenv, fetchurl }:
-
-stdenv.mkDerivation rec {
- pname = "ublock-origin-${version}";
- version = "1.21.2";
-
- extid = "uBlock0@raymondhill.net";
- signed = true;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3361355/ublock_origin-${version}-an+fx.xpi";
- sha256 = "0ypdq3z61mrymknl37qlq6379bx9f2fsgbgr0czbhqs9f2vwszkc";
- };
-
- phases = [ "installPhase" ];
-
- installPhase = ''
- install -D ${src} "$out/${extid}.xpi"
- '';
-
- meta = with stdenv.lib; {
- description = "ublock origin firefox browser addon";
- homepage = https://github.com/gorhill/uBlock;
- license = licenses.gpl3;
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/user-agent-switcher/default.nix b/jeschli/5pkgs/firefox/user-agent-switcher/default.nix
deleted file mode 100644
index c96f11129..000000000
--- a/jeschli/5pkgs/firefox/user-agent-switcher/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ stdenv, fetchurl, unzip, jq, zip }:
-
-stdenv.mkDerivation rec {
- pname = "user-agent-switcher-${version}";
- version = "0.3.2";
-
- extid = "@user-agent-switcher";
- signed = false;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3370255/user_agent_switcher_and_manager-${version}-an+fx.xpi";
- sha256 = "0lrw1xf6fsxr47bifkayfxpysv8s2p9ghmbmw2s7ymhrgy42i6v5";
- };
-
- phases = [ "buildPhase" ];
-
- buildInputs = [ zip unzip jq ];
-
- buildPhase = ''
- mkdir -p $out/${extid}
- unzip ${src} -d $out/${extid}
- NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
- echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
- cd $out/${extid}
- zip -r -FS $out/${extid}.xpi *
- rm -r $out/${extid}
- '';
-
- meta = with stdenv.lib; {
- description = "User agent switcher";
- homepage = https://add0n.com/useragent-switcher.html;
- license = {
- fullName = "Mozilla Public License Version 2.0";
- shortName = "moz2";
- spdxId = "mozilla-2.0";
- url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix
deleted file mode 100644
index 4e608d182..000000000
--- a/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ stdenv, fetchurl, unzip, jq, zip }:
-
-stdenv.mkDerivation rec {
- pname = "webgl-fingerprint-defender-${version}";
- version = "0.1.2";
-
- extid = "@webgl-fingerprint-defender";
- signed = false;
-
- src = fetchurl {
- url = "https://addons.mozilla.org/firefox/downloads/file/3362869/webgl_fingerprint_defender-${version}-an+fx.xpi";
- sha256 = "06hfr5hxr4qw0jx6i9fi9gdk5211z08brnvqj2jlmpyc3dwl4pif";
- };
-
- phases = [ "buildPhase" ];
-
- buildInputs = [ zip unzip jq ];
-
- buildPhase = ''
- mkdir -p $out/${extid}
- unzip ${src} -d $out/${extid}
- NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
- echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
- cd $out/${extid}
- zip -r -FS $out/${extid}.xpi *
- rm -r $out/${extid}
- '';
-
- meta = with stdenv.lib; {
- description = "Canvas defender firefox browser addon";
- homepage = https://mybrowseraddon.com/webgl-defender.html;
- license = {
- fullName = "Mozilla Public License Version 2.0";
- shortName = "moz2";
- spdxId = "mozilla-2.0";
- url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
- maintainers = [];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/jeschli/5pkgs/firefox/wl-clipboard/default.nix b/jeschli/5pkgs/firefox/wl-clipboard/default.nix
deleted file mode 100644
index 349d910da..000000000
--- a/jeschli/5pkgs/firefox/wl-clipboard/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig
-, wayland, wayland-protocols }:
-
-stdenv.mkDerivation rec {
- pname = "wl-clipboard";
- version = "2.0.0";
-
- src = fetchFromGitHub {
- owner = "bugaevc";
- repo = "wl-clipboard";
- rev = "v${version}";
- sha256 = "0c4w87ipsw09aii34szj9p0xfy0m00wyjpll0gb0aqmwa60p0c5d";
- };
-
- nativeBuildInputs = [ meson ninja pkgconfig wayland-protocols ];
- buildInputs = [ wayland ];
-
- meta = with stdenv.lib; {
- description = "Command-line copy/paste utilities for Wayland";
- homepage = https://github.com/bugaevc/wl-clipboard;
- license = licenses.gpl3;
- maintainers = with maintainers; [ dywedir ];
- platforms = platforms.linux;
- };
-}
diff --git a/jeschli/5pkgs/simple/default.nix b/jeschli/5pkgs/simple/default.nix
deleted file mode 100644
index 6ba4fec83..000000000
--- a/jeschli/5pkgs/simple/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-with import <stockholm/lib>;
-
-self: super:
-
-let
- # This callPackage will try to detect obsolete overrides.
- callPackage = path: args: let
- override = self.callPackage path args;
- upstream = optionalAttrs (override ? "name")
- (super.${(parseDrvName override.name).name} or {});
- in if upstream ? "name" &&
- override ? "name" &&
- compareVersions upstream.name override.name != -1
- then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
- else override;
-in
-
- mapNixDir (path: callPackage path {}) ./.
diff --git a/jeschli/default.nix b/jeschli/default.nix
deleted file mode 100644
index b57932719..000000000
--- a/jeschli/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-{
- imports = [
- ../krebs
- ./2configs
- ];
-
- nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
-}
diff --git a/jeschli/krops.nix b/jeschli/krops.nix
deleted file mode 100644
index 242f1f7bb..000000000
--- a/jeschli/krops.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ name }: let
- inherit (import ../krebs/krops.nix { inherit name; })
- krebs-source
- lib
- pkgs
- ;
-
- source = { test }: lib.evalSource [
- (krebs-source { test = test; })
- {
- nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
- nixpkgs-unstable.git = {
- url = "https://github.com/nixos/nixpkgs";
- ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
- };
- secrets = if test then {
- file = toString ./2configs/tests/dummy-secrets;
- } else {
- file = "${lib.getEnv "HOME"}/secrets/${name}";
- };
- }
- {
- home-manager.git = {
- url = https://github.com/rycee/home-manager;
- ref = "2ccbf43";
- };
- }
- ];
-
-in {
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
- deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
- source = source { test = false; };
- inherit target;
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
- test = { target }: pkgs.krops.writeTest "${name}-test" {
- force = true;
- inherit target;
- source = source { test = true; };
- };
-}
diff --git a/krebs/3modules/external/dbalan.nix b/kartei/dbalan/default.nix
index 301f010d3..fadf187db 100644
--- a/krebs/3modules/external/dbalan.nix
+++ b/kartei/dbalan/default.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ../../lib;
{ config, ... }:
let
hostDefaults = hostName: host: flip recursiveUpdate host ({
diff --git a/kartei/default.nix b/kartei/default.nix
new file mode 100644
index 000000000..6024e2351
--- /dev/null
+++ b/kartei/default.nix
@@ -0,0 +1,18 @@
+{ config, lib, ... }: let
+ removeTemplate =
+ # TODO don't remove during CI
+ lib.flip builtins.removeAttrs ["template"];
+in {
+ config =
+ lib.mkMerge
+ (lib.mapAttrsToList
+ (name: _type: let
+ path = ./. + "/${name}";
+ in {
+ krebs = import path { inherit config; };
+ })
+ (removeTemplate
+ (lib.filterAttrs
+ (_name: type: type == "directory")
+ (builtins.readDir ./.))));
+}
diff --git a/krebs/3modules/jeschli/default.nix b/kartei/jeschli/default.nix
index 41743612a..fe12c16a4 100644
--- a/krebs/3modules/jeschli/default.nix
+++ b/kartei/jeschli/default.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ../../lib;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
diff --git a/krebs/3modules/external/kmein.nix b/kartei/kmein/default.nix
index 09a95f02e..1a5a57d1a 100644
--- a/krebs/3modules/external/kmein.nix
+++ b/kartei/kmein/default.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ../../lib;
{ config, ... }:
let
maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else [];
@@ -82,6 +82,8 @@ in
"makanek.r"
"makanek.kmein.r"
"grafana.kmein.r"
+ "alertmanager.kmein.r"
+ "prometheus.kmein.r"
"names.kmein.r"
"graph.r"
"rrm.r"
@@ -138,6 +140,28 @@ in
wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ=";
};
};
+ tabula = {
+ nets.retiolum = {
+ ip4.addr = "10.243.2.78";
+ aliases = [ "tabula.r" "tabula.kmein.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA4cdFDoKRA9t+r686w6gH1u4UjEQJBmhsf3tkPEkv7nyVr4ahcZQk
+ rQwlhNRJwv0wekwO0qG19VoAmBkVMzYu5JWn9WeYfIEUtP3ndPa7tqWQ4qIkYh8q
+ 4KQ03Y3CZav5ClK9rLO7gj+dsP+BhVdqhte4pJANs4CyglYkyu6p0P4+R2P0tfcq
+ LTl8RB+SXuafqzhoQD+yhhA1HR8O1o9gHJjKiEVrSLwSFfD8WWH55yeWzIYAbuv8
+ 8a5VzhS5zvDYUFTP1WUPTeGlKsJdslSZqsrZmBDpkh1iEpRzQUnwQNMJ/uGXIldE
+ 3FKKoL9LKlvr1Iz9IcuxO4QLk+DoC8+Jc7yQrwIiQQCwAfwdyY6KcRDAqna1WZRd
+ MFRvPd6y1BmLVJMG43VpWm5POE9Gw5nj5IzSNAFshoNljf246y2+wf8EtULqtrJD
+ DMckquiYRnzQPco9PgjLfH/6SnlB/oXhvT4+rB4KceSoFKOLWq1pFogDGDy0xyB0
+ ufkPsXiYE2KRnkozDJWlKSqrkM3GSR2lTM5cAmLh8VzxkI6LeJu8/6qxFa6J6tn4
+ +kH8yjbcLqjmuUykfOZ2eL4GniaFexDvZcGgLD1I5f1ylEmSuU6boyx83WkCH7NH
+ 1cmaBDQsy4x0gMUYlLDVDW7X2PECoq5mQ61FHBNkdNOujOM/JPnYf4UCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "eZsnMScJdH5k/W3Y5fILnz5Kc01R+dRzjjE/cnu96VF";
+ };
+ };
tahina = {
nets.retiolum = {
ip4.addr = "10.243.2.74";
diff --git a/krebs/3modules/external/gpg/kmein.gpg b/kartei/kmein/kmein.gpg
index 1fa694326..1fa694326 100644
--- a/krebs/3modules/external/gpg/kmein.gpg
+++ b/kartei/kmein/kmein.gpg
diff --git a/krebs/3modules/external/ssh/kmein.kabsa.pub b/kartei/kmein/ssh/kmein.kabsa.pub
index a3cec5f8f..a3cec5f8f 100644
--- a/krebs/3modules/external/ssh/kmein.kabsa.pub
+++ b/kartei/kmein/ssh/kmein.kabsa.pub
diff --git a/krebs/3modules/external/ssh/kmein.manakish.pub b/kartei/kmein/ssh/kmein.manakish.pub
index 8be09d407..8be09d407 100644
--- a/krebs/3modules/external/ssh/kmein.manakish.pub
+++ b/kartei/kmein/ssh/kmein.manakish.pub
diff --git a/krebs/3modules/krebs/default.nix b/kartei/krebs/default.nix
index 854176f0b..e5626d923 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/kartei/krebs/default.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ../../lib;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
@@ -78,6 +78,7 @@ in {
"build.r"
"build.hotdog.r"
"ca.r"
+ "calendar.r"
"cgit.hotdog.r"
"irc.r"
"wiki.r"
@@ -164,12 +165,20 @@ in {
ponte = {
cores = 1;
owner = config.krebs.users.krebs;
+ extraZones = {
+ "krebsco.de" = /* bindzone */ ''
+ krebsco.de. 60 IN A ${config.krebs.hosts.ponte.nets.internet.ip4.addr}
+ '';
+ };
nets = rec {
internet = {
- ip4 = {
+ ip4 = rec {
addr = "141.147.36.79";
- prefix = "0.0.0.0/0";
+ prefix = "${addr}/32";
};
+ aliases = [
+ "ponte.i"
+ ];
};
retiolum = {
via = internet;
diff --git a/krebs/3modules/lass/default.nix b/kartei/lass/default.nix
index 3e58fee1d..e17e000dd 100644
--- a/krebs/3modules/lass/default.nix
+++ b/kartei/lass/default.nix
@@ -1,12 +1,6 @@
-with import <stockholm/lib>;
+with import ../../lib;
{ config, ... }: let
- hostDefaults = hostName: host: flip recursiveUpdate host {
- ci = true;
- monitoring = true;
- owner = config.krebs.users.lass;
- };
-
r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address;
w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address;
@@ -16,6 +10,7 @@ in {
};
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass;
+ consul = true;
ci = true;
monitoring = true;
}) {
@@ -64,11 +59,12 @@ in {
cores = 4;
extraZones = {
"krebsco.de" = ''
- cache IN A ${nets.internet.ip4.addr}
- p IN A ${nets.internet.ip4.addr}
- c IN A ${nets.internet.ip4.addr}
- paste IN A ${nets.internet.ip4.addr}
- prism IN A ${nets.internet.ip4.addr}
+ cache 60 IN A ${nets.internet.ip4.addr}
+ p 60 IN A ${nets.internet.ip4.addr}
+ c 60 IN A ${nets.internet.ip4.addr}
+ paste 60 IN A ${nets.internet.ip4.addr}
+ prism 60 IN A ${nets.internet.ip4.addr}
+ social 60 IN A ${nets.internet.ip4.addr}
'';
"lassul.us" = ''
$TTL 3600
@@ -78,7 +74,7 @@ in {
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
IN MX 5 mail.lassul.us.
- 60 IN TXT v=spf1 mx a:lassul.us -all
+ 60 IN TXT "v=spf1 mx -all"
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
@@ -418,6 +414,7 @@ in {
};
xerxes = {
cores = 2;
+ consul = false;
nets = rec {
retiolum = {
ip4.addr = "10.243.1.3";
@@ -592,7 +589,53 @@ in {
syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
};
+ massulus = {
+ cores = 1;
+ ci = false;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.113";
+ ip6.addr = r6 "113";
+ aliases = [
+ "massulus.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt
+ ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN
+ ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K
+ zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3
+ F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e
+ v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd
+ kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF
+ LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW
+ EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb
+ KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl
+ oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00
+ yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM";
+ port = 1655;
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "113";
+ aliases = [
+ "massulus.w"
+ ];
+ wireguard.pubkey = ''
+ 4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ=
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 ";
+ };
+
phone = {
+ consul = false;
nets = {
wiregrill = {
ip4.addr = "10.244.1.13";
@@ -608,6 +651,7 @@ in {
syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
};
tablet = {
+ consul = false;
nets = {
wiregrill = {
ip4.addr = "10.244.1.14";
@@ -622,6 +666,7 @@ in {
ci = false;
};
hilum = {
+ consul = false;
cores = 1;
nets = {
retiolum = {
@@ -797,6 +842,7 @@ in {
};
lasspi = {
+ consul = false;
cores = 1;
nets = {
retiolum = {
@@ -840,6 +886,7 @@ in {
};
domsen-pixel = {
+ consul = false;
nets = {
wiregrill = {
ip4.addr = "10.244.1.17";
diff --git a/krebs/3modules/lass/pgp/mors.pgp b/kartei/lass/pgp/mors.pgp
index 6d985f0e2..6d985f0e2 100644
--- a/krebs/3modules/lass/pgp/mors.pgp
+++ b/kartei/lass/pgp/mors.pgp
diff --git a/kartei/lass/pgp/yubikey.pgp b/kartei/lass/pgp/yubikey.pgp
new file mode 100644
index 000000000..be1054048
--- /dev/null
+++ b/kartei/lass/pgp/yubikey.pgp
@@ -0,0 +1,157 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF2iTTQBEAChyVXMTAd7NWUHV1iepW+ZjvCedpr5AQR7kT6btSYPJCjiCNEy
+aCesw0OFyodQDhEZhKldBdvCnvTxKF/GtBuSKrvFhm7uxJgtT7/VS82IB57Ezmog
+3AaX95D7tRHKf0I0coWKk+5Yaq2SpNyjTYmG65y93/Hf1PMt4v+oySGfEz/f+R4P
+rsyIJBfpXOyVKwd7zy4Hj0mqzbsNy9aP7Fk3zMUv+M3A0D33XCd+dm/ogzQpI4vw
+xlzd5my5R+b7uGwrCHZg9Egp4gbeSChgQc/5ZIcYrUncVVP6OMAjlHfdJFQEOmru
+eLtuoXwSSSlU8c85O2PV/1/ClkrGGn2zT+UmKnOz1RK405MCOB35wkyboZ4efk2m
+28LVoYRaoN1yTW7c3CsHpOAIXLsP91LmcHmRI59UHAkNmtlZKS95titv6Dwe3yZj
+iyOE7McfxpxR0K9P3vUSr42XRYHLJFQuZDCDeReMomGzy8X9EQhUi0cH1BcfZfSD
+dvcXC9IWpdWickU2wFkDkTECSyJTbC4JPpTQQtj/LAP+zya3tdobnpPn9Msj99WX
+yLFkKUGWy9yxmDRYst6ErAZMY84J+dqZkm+mLQw9x1jKWIVZDNlwP+Jrz7VMqc1g
+S2gg1BVl6Nts8Z7foZV6w5IYLr7g3noUm7+NhD83jKTJw8AsHU5RIaJnwwARAQAB
+tB1sYXNzdWx1cyA8bGFzc3VsdXNAbGFzc3VsLnVzPokCTAQTAQoANhYhBNvNdXhG
+Bps5LqlAHWZXvoqNHugHBQJdok00AhsBBAsJCAcEFQoJCAUWAgMBAAIeAQIXgAAK
+CRBmV76KjR7oB3AdD/0TaW3wUWaUhNr5B3clDrTOHL94Ztzsg/Xjr1b/KT1sygad
+WAanuwGvdmFr4x+eshrTijIXmh5giBwi+QnG7+VX2hlOKuJ+j+0zR2n7i4KVwAuQ
+SRcQ8TGnBCrWLl80NjnGOky5Nmq4qCzpxhtuFcWixaqlBa3GnXDfecDfBDrcD1T9
+z63gPJ2Ghovoub1UGp01A+4ZBXD4yc1ZEGmhLFA8Aih4BPdsD6cfXWsAi5Nx8FmC
+KvNEg4FeMGV13ZEAF8cxaIS/xq9R2xdgYt+lImaDson/ODIoeg+k5B9ntSGs2H9N
+YoFDlSiB4/a6mBkZm6BA649aL2FjbfOaIB3V07ynzkrSDeUvES9ybnyqbkvd2Slf
+4us4me9zroOo2UQn1fJVWfPFRFb7aAoBIAIHNVmf1vtMYe9tQQ5o1Mcxb0sixaqO
+To4fBaaz1WOtrH6NdEWD3OHUkJrFJb/2dVfvR4bHxdWxtF+WdKkbRfdRmYPVAwVf
+PhasEaaTOZ5r0QghOnjF0YL0YAqvJLx/roz54mNTgavH5BzXjYd9koW0csbWghXd
+p7BfBwGjfaJfPq6MK+Ifk0WH2Dr5mbSFUw1QdEx9dYZJUDuwu7np5ctd62sjZkwY
+ppZlgf+gp+OVjGz+yiTAlQ3PB3wCs23qKtdypxsA7G056TNNkwMcBLN16ngLD7kC
+DQRdok2SARAA/FdD3ji4pAe3C8ziLQfxq2LJX2QPmySoqr0nZWZ2XmZu58w9fVZh
+SSaKpdmqXfR1qSxIw8Pz+7i5Hh2dcG6dJleAMNYYTc7sm4EUDqLtUaQSNVtXrmCE
+SwWcsOPybgHwQNIBd6CTgtQON+iNe6xA/b6nLw5/4ITalkTe43Kv3yVZbvo7X8x+
+c+eIyhYx1UZjbndagH26FXB+WJ22QsNgQrPAYdltn57eQ2m8u9LBCtQl00DLUbv4
++1SDvVAlal3Es62m0u97tKx2FOoJBehMBc+Czle5/6hS6xKgKgArdKfUcfLch7Au
+FtOd2n+HpCCUskApEgH9s7pcMFmioL9V366x1sgTZoRE+qhs81255hjnK8oWQ6+E
+F+D3YHPKb8b9wDLMfvwXZLPQPyNpAuDczDBrbAZ7s2CvQ4icOYJLBGzQo0bHAHTs
+N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs
+8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4
+bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr
+s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE
+cgQYAQoAJgIbAhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY99AkDB
+dCAEGQEKAB0WIQRUCi2fioiGp7ze92x+F4aKnXyczwUCXaJNkgAKCRB+F4aKnXyc
+z0NXEAC6pfuLO111u22Qh83rlHlck+PPs1GDQAjwb7WqeS8Xdza582Mv74ElK+Vu
+L/ai/3ZL7QI8XTwTiQOweMD8kzvzYPqUN9JmW1bhgEGqQll22I8SVwioiEzoRft+
+zcCD9GNRU9vi1iQfbTFw2HKX7RF0G5K9HT4o5dcF+g2azJAzj+FQqJZbe8Y5k4GZ
+g81y8BBwyz6ngPkkdBw7LGC1fKJdT9XG9RYjtwfojt1pENMVHcvjNegitHCoSDEi
+qh/ZmbiyagcMt9fEZCtyOPp4qSf+C39PupjGeFwbmC5LYPAhrLlzvFXXG4HukOAz
+U6fnqF4PbUMji+1dedOSOjv/qGzDZ7pMFyfb3l8R6S8G6lhXBrN58FKWvZ/fHGUO
+93fkPm1ZlFUaynPE7XkNxNpOCU5421GdgZHAfAT+2InQbS7AZ+9ojTF57G6GdN+8
+SSknhIn+IyX4Wk7DsjfkfubPwytE0yO1H4SzyDO7DuE0SuZuHRItm912g+eq32QX
+xrIDWLPVf0qIGSSPcRu8j32NiN0MObmWzEJkotJfiv0ynbforoMwaWJ9E3YB91fO
+JeE8AFCQoTmbuRyfWAAuf0xyDkeB5dN3FqfpA/fnKAO2Y2V0kYQ/4BYBnhHBoUrw
+/f+ipD/xeGeTAfmfZI93xZCqeV2+u1qNTNR6C8lSy0tLkHVMVAkQZle+io0e6Afj
+AQ/+Lzh1018ILwq/IvV57GrjsYp2lBlcp2n/jZ5KlCVpVPsYjkGT+e2XYvcloPBK
+IXzkHr88/U4iyJGJeIC+a/pYJ6RpR6EzPb1kDB2i0kGbZinoxZwix0b4wvkMoSbT
+KDMkZYEIe0/v6CEU3mCbE9gnNWhPSF+XwXYxNyFNfMqaSqx4mjC6LAuFZA4AgqHB
+uGudBgeIQ+sP8zJTSHKtePgK1JgAMYPGUHgfJHE3tcMDxMgKr2x3PN1Z6/YH/ifZ
+wq1oUFPbB0LGZhkwrSDzgIya5FBoBfnawAwbh562LRuphHdqk+wBYigfFBztbmQx
+MqtA6pmH+k8vNUq6QY/CbZfvcpkRAAR1ib2QaZYXTlq7jqb+nLM9EbACxj9651SQ
+D7u4ShvPtxqFf+mv/4eHYx2akBIIUQYAf5OYGnE3E0kqiuK4qHKgt1NI5z1mSd9D
+duWIuoRbBUrApTKsHgwtMxNrNVioGIE1dTRuu56drhwY2ZPyzVtSb7q/hRU/a3UZ
+5S6EsrmDGIIlAHrgKfKfuerESE5VzN1Nn3QHpfjwX+gq51cosTqlRiu4oMesPk31
+ZmPcuG6H/m7nGagX9+l00sDsqISqMG4lZCJAFa020OS/g6V3q6LCqggky6+4sQTG
+5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLiJBGwEGAEKACACGwIW
+IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCY1E8SAJAwXQgBBkBCgAdFiEEVAotn4qI
+hqe83vdsfheGip18nM8FAl2iTZIACgkQfheGip18nM9DVxAAuqX7iztddbttkIfN
+65R5XJPjz7NRg0AI8G+1qnkvF3c2ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA
+/JM782D6lDfSZltW4YBBqkJZdtiPElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhy
+l+0RdBuSvR0+KOXXBfoNmsyQM4/hUKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxg
+tXyiXU/VxvUWI7cH6I7daRDTFR3L4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6
+eKkn/gt/T7qYxnhcG5guS2DwIay5c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7
+/6hsw2e6TBcn295fEekvBupYVwazefBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTa
+TglOeNtRnYGRwHwE/tiJ0G0uwGfvaI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7m
+z8MrRNMjtR+Es8gzuw7hNErmbh0SLZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99
+jYjdDDm5lsxCZKLSX4r9Mp236K6DMGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9M
+cg5HgeXTdxan6QP35ygDtmNldJGEP+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQ
+qnldvrtajUzUegvJUstLS5B1TFQJEGZXvoqNHugHrtcP+waicH+WhpbvPoHJW//U
+c7IwcrsOpWNuh0gKV1+LvBV9dGzGZDlhwsncMeNzT8tnxDwhD1CiJ1uzO2H1m+yX
+CeljVnYFlP0sl9IT/AiV8NNiuaIpOc5RjRY1yvOZ017/J7Hyhnaw0iap1vNDNOwH
+t7tzB1PvM3p6an4Jh0AJZF5adReQTbi9Zw7MW2Yf0XHTT4rFX+Mn5gcuvsV9n39d
+6U3k5G6Hf1bSROsXNVwOwF6VbO8NvBm6ehgNyRcGsino/f82HRwvnQPhJgEakZ1h
+WWUUnakK14mRRMUns8CMNfFh+50ciK1Q8kAVgYLVA1H1NXM0+68YZMl5CiiaD3pM
+17flwcWUdkIu3uWAvc3hSCNw6i9F4Kx1yD/ZdiT0vBapa3ehUXIo5g79NcFl9xnQ
+fnYG+nnl2bLZSHP8b+LZsGivOEZuBHoR2ComeTqqJxeT8ZsEdtLcloaSaf2Em2xf
+b9OfhGOC7hKfS4HAlLFbEydWuZuA8EpTXd6eqINCFbOb9BjpKvSCCLs5S3s7T4WE
+FQB7yHXQQgB1EzYaJxFZstkiD8exu/hiWfwVLaho09QbtPmt2u1lvbxiSxtCdphi
+hoKc6wjhD8F9YM5xxitcF7iAV7oEDZ/1JVkvi/1gWFgW0UmEKuy2KN/Eb/mr41NJ
+bMauCCfjnCbAzoW6dhHpbO45uQINBF2iTdYBEADTC8saHpJxpU7ZBuuNFD+WZFBK
+I8F8ZZ4t79naVhGhCTvcqr5BCwlrpuaUc/og86AxUpVD5z92ClRZC2wJZOemmyAE
+OlSu8JDkhwsNRey5QmPN9G0ZIBifP2/LrPSqRE+gJnouzhmFbajQVKHRCYul5B+a
+vUS0HlUfu8p7dC0wMTv5jBWHN54XHK4Wnbm4Yea03Xv1HMQS/82MfLQgctheHqeg
+J8dNhzmrk8GqpOCi4QfSHHUvLCUBxWO4hFVjXKL8BfJbhhBjyTnTj0zGc+Iw+Glh
+am0+q2oFmhvLYrCxHvVIRE9iy96/+AyIACWOG8IOU2civ9Y/jY9SMmJEPQOmBfem
+OVwovQxdDGKvTcrVjZzAk/BeEAgg0VoYKpe9ePxK/6n8J09jOpvD+DktbAB7+bww
+2F3swdFqyTbLWL4bR4YuHLbqJQbsDm+58iAZWaL4ZOf+iABZqFKa3xhzrrbRHD00
+Qxr+9+3EdXGGs+UDLs9rLzVN4ryP7WHyEMDAI7/OAGTdsJet0JIIWKP3ZvWuRMe/
+AjcGQ/8+xzhN8w/kXdAvf4Vy6VVYTdJipg84CRz1KFQ5P/z92IMzPnbVFljydRX2
+k89ueN1fTMFVlCUI9AyIJeJ6Cx198JHf3eIGBgIZVpAcZG0DyeDU+xCgRZOOH2ug
+1bhjhmrQQMSkKtRn7QARAQABiQI8BBgBCgAmAhsMFiEE2811eEYGmzkuqUAdZle+
+io0e6AcFAl+Jdg8FCQWpjzkACgkQZle+io0e6Afw7A//ekxnx2ugVtb9pFMh1Cpq
+XZOtlIWc+PZ07DrtSXjCNnAzC5Cmj8nii7Eac1dqnDqBtXWpe3YI7cyrFnc9B8a6
+2xLNKwSTuMTpoNdkr/X7bU6HE7dm0DHt3dtFYoW4vjQxMdj3sp3GLpQ3fDzXw5If
+L1lCUKE4aopl6FQEcCjbh9qA8rRnHiKfgWSzh/B0c9BEh/ZwgBsN4FV+r0D7Y2zI
+KCFxwJwCZCHtm6MslB7tmZg+gho8RkkiAjM0oXA7zZHMjyhuQWzhkaW3oWjHDjoh
+h9DbLnVDzrMsULfdGz/1Plhz4bzkxpND6hmjn/EAxLGhpQoXd8FSvrghpetLM3MU
+LG4M5REFVBt7U1uEBn8y91yuWx77ho9N1W+OdNOWOOlAlD+GZBGA7MNR65+W5Dzj
+/z3PEs9TELfp8NVN0F2xy8S2/HwfNgeqAzGpBz4GsO9x8WMG2lw7MAW+gVU3POkZ
+l0R9fkrTmw4iafodehKnbEsqdebUjPNBkX9SmjSsXDAODe/4u4/TP89nylk+70wB
+nXIPL4WR9DA0Pb0ZmLLkGbaDYnmVV58kPyCwID4Yi6Xcj330FdAaVinevAvJBIaD
+D9A94elI/PGTrmqcjgr7Kwb0e0kDlYfi/ijI4dV4MVrzybqFOCaMeKIPOfxs9FIv
+BETmMh4Ocqj6rAQZs+ofBe6JAjYEGAEKACACGwwWIQTbzXV4RgabOS6pQB1mV76K
+jR7oBwUCY1E8SAAKCRBmV76KjR7oBwM+D/0evufvIWftzdge63hol1k4LdZSiSD9
+bh+h8fb/Mm+2HIS8RweHr1+CS8CW/Om9MJoW0ZDsCmC0vU44/vLL3JzbP4+BDuVF
+dky1XX/9Z73Fn/LpakITyXd6YJMsknzAA4ZEzhe4uModNSH5IU818I+/Vyvbe1nX
+Hfg2FYva4zVn9E5Gd4vpHBF7D99dGg0vUINtux06WKfdsDB59MiZxCSWfqty+yTM
+XWwh5fuFIxwjlkKVdrb45101MnUtzJDmxwPxjOpF+z2tJ0qIvs6Zu6FDEh7fcaJM
+mKAPtVXKRxTYaS6j7fpNk5ACFgiHDb+0mI60fH0eiQSqp9Q7cyYbt1yiW2bKY4Pg
+qDOtcLT+uIYYVmxBHTLx38gT3Gp83O7WqNZ9ouctIXAXHWwTNsKzMhwgaEmmPbkP
+7VO8oZZ9hVphirmijgNO1Oz7Qqh5ORYwsGdvYtbPXD4ZUSpqFT5bTMHS5TKPHf70
+5alkwYuwYfLs4m2zYsKadQ+vq12ZX7Z6+DbjfzWAEhzqLP2Y8yGnFSBSmULsALnj
+Zg3RN5sxJe3fhTze09Fm8OTopTLoDH5fR91VPhRLGHahvV1Sm/H4ZdtAXTPsHP20
+phAc8mK2DgEM0k7vDO5RtV4xTLjBopiciXIBL+TzCKGmDRX2+9nTyF3Kx9qjN52H
+EFFJ1mTed/J7VrkCDQRdok4KARAAyG97rjKhP8Uie1i/16SekDo+GkpodBmvhrZi
+Zdwg75YxriHhgioe2AKKmQItOdZOY+mVqMA63FmByDlPodHmQnrIAn/gr7p5V3lM
++l0oVTI8maPO39iT7Nh6W/rv4ni8eMBkL6P2cPPaTpcv76qWl/WcMiEflPNSAFax
+yIapq04rafthcIILWmOBbQ+liMn9YT7a6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAc
+eQQYAqIrlu8F5y1AQVWHjtyCPee1z/8lPNnPg40lSbXozg5kQDP965Pge6XReUoU
+VVRcgeiSUfkHdYPIkh/tkFy1MtzTNizebuadqE41Ds6BD1maO5cpGc5iFnf+YY01
+vWIhwvgPMbAsUKrPOw/RyvYSwOrnWeghpKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm
+64rKyYS8RIilqTCmIHnpoSIq3n1wOlMVX4sB4N4CfAZRAbI9LZfx1QEYn0dst9+m
+CDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1
+MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BP
+g6qZH7JeMnlOZXXOg8K5VcLkiGuL1brOHlg94Axha8ffMmqjsde6XOAgvSl5P9k4
+7SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJf
+iXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP+gJ01mSEs3+0jriWqg7V+Q59rulMVrUd
+V2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOicz
+GClK+yWSm/CM02+HATFws66umAl4GQ4XqAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCA
+dn55u4pf+B1rmkA3cWhN51SvAriA/YcGqmyJZgXO+qZOPWNHxNUdgq9lVEO132dh
+DzH1b9ufnvQMDxF2V681fQ7E3zWEJZZbYLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU1
+61jSawblBTcIRXK9c4hv178xQWAInMjtHst4YCpvclG26ypZLCzvw6swfnXf3A6Q
+4A8pZQVvogWZ01dlgofwHm8qlYxT7wSqeicOu3FkSHD8vNwkXnMLqxwkFr4BcSef
+zCiXulyMcb3h67ZfXAYAFGrrR581vGEtXy+xfXK5PqBX7CWEl3Vs2an9whEncZuv
+1I9iyXDUmGP7Y373JjqNtpS2GMMPA73knB7eI/zpVS5qoxUlqw35Pldvt+L4E3hv
+rvE7iZE3w4lB9WUyY1OnSRDU10l2rqWtPtyk3LE2ed5hz5I+gy8/RsXrAooMBXIG
+V/GJrhye45wf5F/XQqPulnj38sKhmrQCQTubPgJwG/kTpNdrA3YukE3E7T5ejaGT
+T2n5nKat6bj7iQI2BBgBCgAgAhsgFiEE2811eEYGmzkuqUAdZle+io0e6AcFAmNR
+PEgACgkQZle+io0e6AfQpg/+K0gD0WVyXYLOEM6jCvtz5/f9nDQnqj90ck9VfpuN
+QG+cMSK/u3T4ya0k3UDWxEyRih0BzChOlmwnaupBwN7ZbYAzxM0sglwseSdAPpCE
+s63RTnaAxpSWFocsUxtJngSoPnnmD1fVbWL3/j9j6jZkT4NB/l2ekDngMyRqt104
+BmabaLdz44X1VDgg0tXyACkZ8c/8ISBOoPSFg2n9FuCmhI9Atu6hjCFQZOA/youA
+fXzeUxU3iFw5UhyNP084jZ9AK2xwp+rB3JzvzMdiqO3OBFemuiU4/ZKQKFg5a/n4
+UAZtO8V2DGe76o1N9uFUvQ41RSAXolPUOTXiZvP4GfiGIhJUXV96QaPHhKWybKlr
+4MWG5PpwfuWnGoP8vXtLmz2TDRUfEBOQBzYRBRvXmzekq8nFQCM7dGofLLEchMRv
+lYHab2fquGmXiY3LfzyQX+vS3FO9/m2POJcdXcQvSq4MXIzOEzXnJKw5HemfZ3ae
+/AlTTfE4og/AYLwacECY6CZqUFOYtQeVx9hSXV97XnoKotde66D4RyFgzFbsIBM/
+bA5qyvdpKb60hqjpj/rhXjlnhH8KwAwOlaPVgI1cgnW8uJTElJEtqHPhuRkU6y9f
+au4EZ+tsmaxJ0whuziG1/3LJ62AIM9ZpixDEj4GQYaRdkFrx/1IKiUOlw5GQC3y2
+zxs=
+=MmP2
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/3modules/lass/ssh/android.ed25519 b/kartei/lass/ssh/android.ed25519
index 44f424809..44f424809 100644
--- a/krebs/3modules/lass/ssh/android.ed25519
+++ b/kartei/lass/ssh/android.ed25519
diff --git a/krebs/3modules/lass/ssh/blue.rsa b/kartei/lass/ssh/blue.rsa
index c0bf9b817..c0bf9b817 100644
--- a/krebs/3modules/lass/ssh/blue.rsa
+++ b/kartei/lass/ssh/blue.rsa
diff --git a/krebs/3modules/lass/ssh/green.ed25519 b/kartei/lass/ssh/green.ed25519
index 1aa7b1801..1aa7b1801 100644
--- a/krebs/3modules/lass/ssh/green.ed25519
+++ b/kartei/lass/ssh/green.ed25519
diff --git a/krebs/3modules/lass/ssh/mors.rsa b/kartei/lass/ssh/mors.rsa
index 3aa18bcf9..3aa18bcf9 100644
--- a/krebs/3modules/lass/ssh/mors.rsa
+++ b/kartei/lass/ssh/mors.rsa
diff --git a/krebs/3modules/lass/ssh/tablet.ed25519 b/kartei/lass/ssh/tablet.ed25519
index 250be53f7..250be53f7 100644
--- a/krebs/3modules/lass/ssh/tablet.ed25519
+++ b/kartei/lass/ssh/tablet.ed25519
diff --git a/krebs/3modules/lass/ssh/yubikey.rsa b/kartei/lass/ssh/yubikey.rsa
index 349bb4aab..349bb4aab 100644
--- a/krebs/3modules/lass/ssh/yubikey.rsa
+++ b/kartei/lass/ssh/yubikey.rsa
diff --git a/krebs/3modules/makefu/default.nix b/kartei/makefu/default.nix
index c1aeffe4a..ecb834bbf 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/kartei/makefu/default.nix
@@ -2,7 +2,7 @@
# tinc generate-keys
# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
-with import <stockholm/lib>;
+with import ../../lib;
{ config, ... }: let
hostDefaults = hostName: host: foldl' recursiveUpdate {} [
diff --git a/krebs/3modules/makefu/pgp/brain.asc b/kartei/makefu/pgp/brain.asc
index 739385a38..739385a38 100644
--- a/krebs/3modules/makefu/pgp/brain.asc
+++ b/kartei/makefu/pgp/brain.asc
diff --git a/krebs/3modules/makefu/pgp/default.asc b/kartei/makefu/pgp/default.asc
index bc5c50b76..bc5c50b76 100644
--- a/krebs/3modules/makefu/pgp/default.asc
+++ b/kartei/makefu/pgp/default.asc
diff --git a/krebs/3modules/makefu/retiolum/cake.pub b/kartei/makefu/retiolum/cake.pub
index 8a1e4b933..8a1e4b933 100644
--- a/krebs/3modules/makefu/retiolum/cake.pub
+++ b/kartei/makefu/retiolum/cake.pub
diff --git a/krebs/3modules/makefu/retiolum/cake_ed25519.pub b/kartei/makefu/retiolum/cake_ed25519.pub
index 6c6bf2b33..6c6bf2b33 100644
--- a/krebs/3modules/makefu/retiolum/cake_ed25519.pub
+++ b/kartei/makefu/retiolum/cake_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/crapi.pub b/kartei/makefu/retiolum/crapi.pub
index c66f24882..c66f24882 100644
--- a/krebs/3modules/makefu/retiolum/crapi.pub
+++ b/kartei/makefu/retiolum/crapi.pub
diff --git a/krebs/3modules/makefu/retiolum/crapi_ed25519.pub b/kartei/makefu/retiolum/crapi_ed25519.pub
index ce5a6f05a..ce5a6f05a 100644
--- a/krebs/3modules/makefu/retiolum/crapi_ed25519.pub
+++ b/kartei/makefu/retiolum/crapi_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/fileleech.pub b/kartei/makefu/retiolum/fileleech.pub
index 1dc6a5b1f..1dc6a5b1f 100644
--- a/krebs/3modules/makefu/retiolum/fileleech.pub
+++ b/kartei/makefu/retiolum/fileleech.pub
diff --git a/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub b/kartei/makefu/retiolum/fileleech_ed25519.pub
index ea93cfddb..ea93cfddb 100644
--- a/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub
+++ b/kartei/makefu/retiolum/fileleech_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/filepimp.pub b/kartei/makefu/retiolum/filepimp.pub
index 007806230..007806230 100644
--- a/krebs/3modules/makefu/retiolum/filepimp.pub
+++ b/kartei/makefu/retiolum/filepimp.pub
diff --git a/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub b/kartei/makefu/retiolum/filepimp_ed25519.pub
index 7a62ff46f..7a62ff46f 100644
--- a/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub
+++ b/kartei/makefu/retiolum/filepimp_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/firecracker.pub b/kartei/makefu/retiolum/firecracker.pub
index 6f7907829..6f7907829 100644
--- a/krebs/3modules/makefu/retiolum/firecracker.pub
+++ b/kartei/makefu/retiolum/firecracker.pub
diff --git a/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub b/kartei/makefu/retiolum/firecracker_ed25519.pub
index 76e6def7c..76e6def7c 100644
--- a/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub
+++ b/kartei/makefu/retiolum/firecracker_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/flap.pub b/kartei/makefu/retiolum/flap.pub
index 8906e659b..8906e659b 100644
--- a/krebs/3modules/makefu/retiolum/flap.pub
+++ b/kartei/makefu/retiolum/flap.pub
diff --git a/krebs/3modules/makefu/retiolum/flap_ed25519.pub b/kartei/makefu/retiolum/flap_ed25519.pub
index 47da38477..47da38477 100644
--- a/krebs/3modules/makefu/retiolum/flap_ed25519.pub
+++ b/kartei/makefu/retiolum/flap_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/gum.pub b/kartei/makefu/retiolum/gum.pub
index 73f8563d0..73f8563d0 100644
--- a/krebs/3modules/makefu/retiolum/gum.pub
+++ b/kartei/makefu/retiolum/gum.pub
diff --git a/krebs/3modules/makefu/retiolum/gum_ed25519.pub b/kartei/makefu/retiolum/gum_ed25519.pub
index 5b6f2426e..5b6f2426e 100644
--- a/krebs/3modules/makefu/retiolum/gum_ed25519.pub
+++ b/kartei/makefu/retiolum/gum_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/latte.pub b/kartei/makefu/retiolum/latte.pub
index 17fca2b40..17fca2b40 100644
--- a/krebs/3modules/makefu/retiolum/latte.pub
+++ b/kartei/makefu/retiolum/latte.pub
diff --git a/krebs/3modules/makefu/retiolum/latte_ed25519.pub b/kartei/makefu/retiolum/latte_ed25519.pub
index 7974bb6e5..7974bb6e5 100644
--- a/krebs/3modules/makefu/retiolum/latte_ed25519.pub
+++ b/kartei/makefu/retiolum/latte_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/nukular.pub b/kartei/makefu/retiolum/nukular.pub
index eb5891b1b..eb5891b1b 100644
--- a/krebs/3modules/makefu/retiolum/nukular.pub
+++ b/kartei/makefu/retiolum/nukular.pub
diff --git a/krebs/3modules/makefu/retiolum/nukular_ed25519.pub b/kartei/makefu/retiolum/nukular_ed25519.pub
index 0cae03b83..0cae03b83 100644
--- a/krebs/3modules/makefu/retiolum/nukular_ed25519.pub
+++ b/kartei/makefu/retiolum/nukular_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/omo.pub b/kartei/makefu/retiolum/omo.pub
index ce558d10a..ce558d10a 100644
--- a/krebs/3modules/makefu/retiolum/omo.pub
+++ b/kartei/makefu/retiolum/omo.pub
diff --git a/krebs/3modules/makefu/retiolum/omo_ed25519.pub b/kartei/makefu/retiolum/omo_ed25519.pub
index dd11ab7dd..dd11ab7dd 100644
--- a/krebs/3modules/makefu/retiolum/omo_ed25519.pub
+++ b/kartei/makefu/retiolum/omo_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/sdev.pub b/kartei/makefu/retiolum/sdev.pub
index be500bbab..be500bbab 100644
--- a/krebs/3modules/makefu/retiolum/sdev.pub
+++ b/kartei/makefu/retiolum/sdev.pub
diff --git a/krebs/3modules/makefu/retiolum/sdev_ed25519.pub b/kartei/makefu/retiolum/sdev_ed25519.pub
index fef79aa68..fef79aa68 100644
--- a/krebs/3modules/makefu/retiolum/sdev_ed25519.pub
+++ b/kartei/makefu/retiolum/sdev_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/senderechner.pub b/kartei/makefu/retiolum/senderechner.pub
index a6cbabc28..a6cbabc28 100644
--- a/krebs/3modules/makefu/retiolum/senderechner.pub
+++ b/kartei/makefu/retiolum/senderechner.pub
diff --git a/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub b/kartei/makefu/retiolum/senderechner_ed25519.pub
index f0968aa12..f0968aa12 100644
--- a/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub
+++ b/kartei/makefu/retiolum/senderechner_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/studio.pub b/kartei/makefu/retiolum/studio.pub
index b8fe8ee23..b8fe8ee23 100644
--- a/krebs/3modules/makefu/retiolum/studio.pub
+++ b/kartei/makefu/retiolum/studio.pub
diff --git a/krebs/3modules/makefu/retiolum/studio_ed25519.pub b/kartei/makefu/retiolum/studio_ed25519.pub
index 13a09ad1b..13a09ad1b 100644
--- a/krebs/3modules/makefu/retiolum/studio_ed25519.pub
+++ b/kartei/makefu/retiolum/studio_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/tsp.pub b/kartei/makefu/retiolum/tsp.pub
index 48533da58..48533da58 100644
--- a/krebs/3modules/makefu/retiolum/tsp.pub
+++ b/kartei/makefu/retiolum/tsp.pub
diff --git a/krebs/3modules/makefu/retiolum/tsp_ed25519.pub b/kartei/makefu/retiolum/tsp_ed25519.pub
index c7baf9067..c7baf9067 100644
--- a/krebs/3modules/makefu/retiolum/tsp_ed25519.pub
+++ b/kartei/makefu/retiolum/tsp_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/vbob.pub b/kartei/makefu/retiolum/vbob.pub
index 168437e78..168437e78 100644
--- a/krebs/3modules/makefu/retiolum/vbob.pub
+++ b/kartei/makefu/retiolum/vbob.pub
diff --git a/krebs/3modules/makefu/retiolum/vbob_ed25519.pub b/kartei/makefu/retiolum/vbob_ed25519.pub
index 5e287f36b..5e287f36b 100644
--- a/krebs/3modules/makefu/retiolum/vbob_ed25519.pub
+++ b/kartei/makefu/retiolum/vbob_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/wbob.pub b/kartei/makefu/retiolum/wbob.pub
index 8abfa34d4..8abfa34d4 100644
--- a/krebs/3modules/makefu/retiolum/wbob.pub
+++ b/kartei/makefu/retiolum/wbob.pub
diff --git a/krebs/3modules/makefu/retiolum/wbob_ed25519.pub b/kartei/makefu/retiolum/wbob_ed25519.pub
index eeef652e2..eeef652e2 100644
--- a/krebs/3modules/makefu/retiolum/wbob_ed25519.pub
+++ b/kartei/makefu/retiolum/wbob_ed25519.pub
diff --git a/krebs/3modules/makefu/retiolum/x.pub b/kartei/makefu/retiolum/x.pub
index da6482eed..da6482eed 100644
--- a/krebs/3modules/makefu/retiolum/x.pub
+++ b/kartei/makefu/retiolum/x.pub
diff --git a/krebs/3modules/makefu/retiolum/x_ed25519.pub b/kartei/makefu/retiolum/x_ed25519.pub
index fbf63d08e..fbf63d08e 100644
--- a/krebs/3modules/makefu/retiolum/x_ed25519.pub
+++ b/kartei/makefu/retiolum/x_ed25519.pub
diff --git a/krebs/3modules/makefu/ssh/makefu.android.pub b/kartei/makefu/ssh/makefu.android.pub
index 2bef2442a..2bef2442a 100644
--- a/krebs/3modules/makefu/ssh/makefu.android.pub
+++ b/kartei/makefu/ssh/makefu.android.pub
diff --git a/krebs/3modules/makefu/ssh/makefu.bob.pub b/kartei/makefu/ssh/makefu.bob.pub
index bc8718978..bc8718978 100644
--- a/krebs/3modules/makefu/ssh/makefu.bob.pub
+++ b/kartei/makefu/ssh/makefu.bob.pub
diff --git a/krebs/3modules/makefu/ssh/makefu.omo.pub b/kartei/makefu/ssh/makefu.omo.pub
index 5567040fb..5567040fb 100644
--- a/krebs/3modules/makefu/ssh/makefu.omo.pub
+++ b/kartei/makefu/ssh/makefu.omo.pub
diff --git a/krebs/3modules/makefu/ssh/makefu.remote-builder.pub b/kartei/makefu/ssh/makefu.remote-builder.pub
index ad49f380a..ad49f380a 100644
--- a/krebs/3modules/makefu/ssh/makefu.remote-builder.pub
+++ b/kartei/makefu/ssh/makefu.remote-builder.pub
diff --git a/krebs/3modules/makefu/ssh/makefu.tempx.pub b/kartei/makefu/ssh/makefu.tempx.pub
index 48d90040f..48d90040f 100644
--- a/krebs/3modules/makefu/ssh/makefu.tempx.pub
+++ b/kartei/makefu/ssh/makefu.tempx.pub
diff --git a/krebs/3modules/makefu/ssh/makefu.tsp.pub b/kartei/makefu/ssh/makefu.tsp.pub
index 9a9c9b6f8..9a9c9b6f8 100644
--- a/krebs/3modules/makefu/ssh/makefu.tsp.pub
+++ b/kartei/makefu/ssh/makefu.tsp.pub
diff --git a/krebs/3modules/makefu/ssh/makefu.vbob.pub b/kartei/makefu/ssh/makefu.vbob.pub
index c49714e24..c49714e24 100644
--- a/krebs/3modules/makefu/ssh/makefu.vbob.pub
+++ b/kartei/makefu/ssh/makefu.vbob.pub
diff --git a/krebs/3modules/makefu/ssh/makefu.x.pub b/kartei/makefu/ssh/makefu.x.pub
index 74b130f56..74b130f56 100644
--- a/krebs/3modules/makefu/ssh/makefu.x.pub
+++ b/kartei/makefu/ssh/makefu.x.pub
diff --git a/krebs/3modules/makefu/sshd/cake.pub b/kartei/makefu/sshd/cake.pub
index 8eab57ab7..8eab57ab7 100644
--- a/krebs/3modules/makefu/sshd/cake.pub
+++ b/kartei/makefu/sshd/cake.pub
diff --git a/krebs/3modules/makefu/sshd/crapi.pub b/kartei/makefu/sshd/crapi.pub
index 5361111a5..5361111a5 100644
--- a/krebs/3modules/makefu/sshd/crapi.pub
+++ b/kartei/makefu/sshd/crapi.pub
diff --git a/krebs/3modules/makefu/sshd/fileleech.pub b/kartei/makefu/sshd/fileleech.pub
index 22a3c7534..22a3c7534 100644
--- a/krebs/3modules/makefu/sshd/fileleech.pub
+++ b/kartei/makefu/sshd/fileleech.pub
diff --git a/krebs/3modules/makefu/sshd/firecracker.pub b/kartei/makefu/sshd/firecracker.pub
index 8e9ef5a37..8e9ef5a37 100644
--- a/krebs/3modules/makefu/sshd/firecracker.pub
+++ b/kartei/makefu/sshd/firecracker.pub
diff --git a/krebs/3modules/makefu/sshd/gum.pub b/kartei/makefu/sshd/gum.pub
index c79e3cbee..c79e3cbee 100644
--- a/krebs/3modules/makefu/sshd/gum.pub
+++ b/kartei/makefu/sshd/gum.pub
diff --git a/krebs/3modules/makefu/sshd/omo.pub b/kartei/makefu/sshd/omo.pub
index 5b9435414..5b9435414 100644
--- a/krebs/3modules/makefu/sshd/omo.pub
+++ b/kartei/makefu/sshd/omo.pub
diff --git a/krebs/3modules/makefu/sshd/sdev.pub b/kartei/makefu/sshd/sdev.pub
index 972e9b6d4..972e9b6d4 100644
--- a/krebs/3modules/makefu/sshd/sdev.pub
+++ b/kartei/makefu/sshd/sdev.pub
diff --git a/krebs/3modules/makefu/sshd/studio.pub b/kartei/makefu/sshd/studio.pub
index be5a4e6d3..be5a4e6d3 100644
--- a/krebs/3modules/makefu/sshd/studio.pub
+++ b/kartei/makefu/sshd/studio.pub
diff --git a/krebs/3modules/makefu/sshd/wbob.pub b/kartei/makefu/sshd/wbob.pub
index 8b1789f21..8b1789f21 100644
--- a/krebs/3modules/makefu/sshd/wbob.pub
+++ b/kartei/makefu/sshd/wbob.pub
diff --git a/krebs/3modules/makefu/sshd/x.pub b/kartei/makefu/sshd/x.pub
index 085f7f490..085f7f490 100644
--- a/krebs/3modules/makefu/sshd/x.pub
+++ b/kartei/makefu/sshd/x.pub
diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/kartei/makefu/wiregrill/gum.pub
index 67d6c7216..67d6c7216 100644
--- a/krebs/3modules/makefu/wiregrill/gum.pub
+++ b/kartei/makefu/wiregrill/gum.pub
diff --git a/krebs/3modules/makefu/wiregrill/rockit.pub b/kartei/makefu/wiregrill/rockit.pub
index ace109450..ace109450 100644
--- a/krebs/3modules/makefu/wiregrill/rockit.pub
+++ b/kartei/makefu/wiregrill/rockit.pub
diff --git a/krebs/3modules/makefu/wiregrill/shackdev.pub b/kartei/makefu/wiregrill/shackdev.pub
index 6cb0d960d..6cb0d960d 100644
--- a/krebs/3modules/makefu/wiregrill/shackdev.pub
+++ b/kartei/makefu/wiregrill/shackdev.pub
diff --git a/krebs/3modules/makefu/wiregrill/telex.pub b/kartei/makefu/wiregrill/telex.pub
index 12a42177e..12a42177e 100644
--- a/krebs/3modules/makefu/wiregrill/telex.pub
+++ b/kartei/makefu/wiregrill/telex.pub
diff --git a/krebs/3modules/makefu/wiregrill/x.pub b/kartei/makefu/wiregrill/x.pub
index cfa9eb254..cfa9eb254 100644
--- a/krebs/3modules/makefu/wiregrill/x.pub
+++ b/kartei/makefu/wiregrill/x.pub
diff --git a/krebs/3modules/external/mic92.nix b/kartei/mic92/default.nix
index 58757b0b3..7c5c09c81 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/kartei/mic92/default.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ../../lib;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
@@ -930,34 +930,35 @@ in {
};
};
- dev1 = {
+ ruby = {
owner = config.krebs.users.mic92;
nets = rec {
- internet = {
- ip4.addr = "65.108.192.175";
- ip6.addr = "2a01:4f9:1a:94a4::1";
- aliases = [ "dev1.i" ];
- };
retiolum = {
- aliases = [ "dev1.r" ];
+ aliases = [ "ruby.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAwx2l5llCtEdoTRT9UJKHqa/GTqd5f9mUWX/n3HKQHdeEVao6cH9J
- LteQ2rJY+Gh2zt3FZYzRBykvArjGmu1qKKnouldFJis0DygUI1jZVbeeNKbA2lZx
- 7+jCUIz4kgpA0ggJt/9Nb0xHMGPpgXSMADPHLKODT2FPxA4026pI6xLAZWY1o1SY
- oypaIxaOUbqi9M+eR5KRCngUGHBOQm3rGtgw5wYxHsfJqHvqCmFIicxHVifpbzOf
- Hf0hDvk6E54PijcrDUfDBkXrEoa1hFezCMnzv0h+1Y4qfueFtCtPbJdYKUo87X04
- PWT/P+x78VY9e7fJswi4bYflXmE6jVg/0gXPNpWNV1iBmbrFMJMduGNiuyBcSAxp
- S1ubP/+5D2hgOLCuflLfnPOozPtvV6F/XYKatQGPmgo4d7+z7g4frFKv6Uu9ZMT0
- p2CN/bnVNAEErPbTVLyk8zX6J3ruCBQxucr3dsqyw7pk74tTQlFwH9BY8tWfRrAP
- v7rDLHzv/1KA9GRDkbVPJmCkwIlPd9PcqSeHL9pnV9IkFr0UTVJE5qBLDSRW9XAb
- QY6wVgsMocMeAxwrx6q+pdX/NAPbBzrmr0IB+DwYfMhZdGWoWEw+NV1wOsQjBzjw
- SA63+XAgJ30QR5Z87d5g2Y7560+6oQavMPdt+5kfPTGa48UR7WwYyzsCAwEAAQ==
+ MIICCgKCAgEAzqrguDMHqYyidLxbz3jsQS3JVNCy0HaN6wprT1Ge1Anf5E8KtuXh
+ M9IjYPShzzJ162rYaJdd2lBmc5o435j+0/Gg5pySILni9bILhuRr7TMWN0sjNbgr
+ x0JRbpMmpW5DOmQx1BSyA+LLNbyVVnCc1XI0P2EaRr1ZrRSU0bpE/7kJ//Zt7ATu
+ GfqJTuL2aqap12VMKAfjRByyXA9V7szJMRom2Ia3cWSXhie1E0OOvCNT+InKXx4c
+ QbEGX71noCgsNgxbD8AVSwMnNV15vdnbgwK/1QzA0Cep1uxFS05TXJZLZTjcGwG0
+ Kp0kEjntq1rCqgdoUHIubNB17efU/oP6aSrdfvtgeYBjn0zSLHSUYdhf3JHd1Fvf
+ Ov2TwHxt/sm8d91UjhrkYwjf2nzSruAklYDnIDJiHgLFoT5WuOoVlnfUjRpQEw44
+ kp8KXsd24Y0UT5XJO5cQA+kZ1vl2ktHbQGTqYuYDB2FKEnBR/JIwJzJfugcGiyRx
+ OukQ2/rjnS60JA2pHUEfoezIAMhYAF+EPgOgMcNSSRYUVBpPVKD26oGTrNn0AtnO
+ ALW1vqUDwxb0cpv877vN1VfqvLE8n8Zgtt7itdT0+vxNPxICvF6//LNYUeDoQ3pj
+ w+1ZSdYZsvIQ7tDcilnL0hU5/nfsSIbHV+ceuLde1xDt5c7Tnl4v/U0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
- tinc.pubkey_ed25519 = "nu1d0uwAE1Lg16SfXkCgGz2blir402mlucwJMfHivrJ";
+ tinc.pubkey_ed25519 = "TV9byzSblknvqdUjQCwjgLmA8qCB4Tnl/DSd2mbsZTJ";
};
};
};
};
+ users = {
+ mic92 = {
+ mail = "joerg@thalheim.io";
+ pubkey = builtins.readFile ./ssh/mic92.pub;
+ };
+ };
}
diff --git a/krebs/3modules/external/ssh/mic92.pub b/kartei/mic92/ssh/mic92.pub
index 600709c78..600709c78 100644
--- a/krebs/3modules/external/ssh/mic92.pub
+++ b/kartei/mic92/ssh/mic92.pub
diff --git a/krebs/3modules/external/default.nix b/kartei/others/default.nix
index 5cb40cfbb..f3ea8b80c 100644
--- a/krebs/3modules/external/default.nix
+++ b/kartei/others/default.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ../../lib;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
@@ -592,106 +592,6 @@ in {
syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC";
nets = {};
};
- catalonia = {
- owner = config.krebs.users.xkey;
- nets = {
- retiolum = {
- ip4.addr = "10.243.13.12";
- aliases = [ "catalonia.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
- gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA
- VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE
- Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e
- FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ
- HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3
- mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3
- zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6
- sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3
- ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf
- vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL";
- };
- };
- };
- sicily = {
- owner = config.krebs.users.xkey;
- nets = {
- retiolum = {
- ip4.addr = "10.243.161.1";
- aliases = [ "sicily.r" "mukke.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
- aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam
- xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod
- 1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/
- IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7
- KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC
- 7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L
- LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp
- T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB
- w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO
- 8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN";
- };
- };
- };
- rojava = {
- owner = config.krebs.users.xkey;
- nets = {
- retiolum = {
- ip4.addr = "10.243.23.42";
- aliases = [ "rojava.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
- B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
- HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
- Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
- lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
- +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
- 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
- vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
- HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
- XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
- yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
- };
- };
- };
- aland = {
- owner = config.krebs.users.xkey;
- nets = {
- retiolum = {
- ip4.addr = "10.243.12.34";
- aliases = [ "aland.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY
- CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU
- plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb
- DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx
- aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+
- OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1
- ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X
- TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa
- aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX
- zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf
- VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A";
- };
- };
- };
papawhakaaro = {
owner = config.krebs.users.feliks;
nets = {
@@ -769,6 +669,31 @@ in {
};
};
};
+ verex = {
+ owner = config.krebs.users.lc4r;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.232.232";
+ aliases = [ "verex.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA7RCGaxVcTK3cPIs5NkbDdKEg/ASLRyKN2tBklvs43fD2lq/t77YK
+ vtLkZhJokcxzDWNAyUZXgTsmVblYTzbyg+DFhygNwhMSI0vdrG5AoYhWa+eIe8mf
+ Hxi7TWNTbDx/p66kw2NFDlw6Wbs5enPlMzfZPZj+aI7Dx7GrZRz8TrsKAauSSBKc
+ Vtl7Aqs2FLk8suiMAOE4JD4Lt/pvR7YSISBo1N6/eBbFEosY1XqYkv+l9a0d948a
+ k3jfJYRllsBRQzUyseMewwgVEz8Ny+rwk2J4ukSogAlMXXkPD/pYQgdTZwbGWOyY
+ FMLgb7qULn60aUO6mE/mW9JP90/9cX3CD9McdEFRXV4oM0P9EUq49kN+vinD6JDm
+ bL9fP+yx3sdzl34dFWDRPwrzn13kTDlRbble8jATRcisxMT1zYiADuRwIx8AeKs7
+ O4uc7r/hz8ANO3zksuPhkTUoObTvZyW4mXbac2p6DGv/2aC6jzMRFJsJbWQK1TSr
+ 9WjeAOknhSP9UGxQWz6AgHNjq04dR3lQk34xMfKfWxRAaMD+T6frWKz++Z07WpUo
+ OkPlz57jPZ7yeJGwwPM/CMcNNmA6YCqgE2kJo5rVQqlUb90nVRbuiQYYldl1YCIc
+ Z4X36TKEXPBTiiKf6rFL6dJ64vaVxmOPr3+jdvLSufa/L7uXq3g66ZECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "9ifWNFwaXe6qLVTW0UrOl2jg7erwTUC7f50Th4Vv2iE";
+ };
+ };
+ };
};
users = {
@@ -791,10 +716,6 @@ in {
jonge = {
mail = "jacek.galowicz@gmail.com";
};
- mic92 = {
- mail = "joerg@thalheim.io";
- pubkey = ssh-for "mic92";
- };
pinpox = {
mail = "main@pablo.tools";
};
@@ -836,9 +757,6 @@ in {
mail = "xq@shackspace.de";
pubkey = ssh-for "xq";
};
- xkey = {
- pubkey = ssh-for "xkey";
- };
miaoski = {
};
filly = {
@@ -849,5 +767,8 @@ in {
feliks = {
mail = "feliks@flipdot.org";
};
+ lc4r = {
+ mail = "lc4r@riseup.net";
+ };
};
}
diff --git a/krebs/3modules/external/ssh/0x4A6F.pub b/kartei/others/ssh/0x4A6F.pub
index 1ea084bad..1ea084bad 100644
--- a/krebs/3modules/external/ssh/0x4A6F.pub
+++ b/kartei/others/ssh/0x4A6F.pub
diff --git a/krebs/3modules/external/ssh/exco.pub b/kartei/others/ssh/exco.pub
index cab884c0c..cab884c0c 100644
--- a/krebs/3modules/external/ssh/exco.pub
+++ b/kartei/others/ssh/exco.pub
diff --git a/krebs/3modules/external/ssh/hase.pub b/kartei/others/ssh/hase.pub
index 02051a81f..02051a81f 100644
--- a/krebs/3modules/external/ssh/hase.pub
+++ b/kartei/others/ssh/hase.pub
diff --git a/krebs/3modules/external/ssh/neos.pub b/kartei/others/ssh/neos.pub
index 72065dab7..72065dab7 100644
--- a/krebs/3modules/external/ssh/neos.pub
+++ b/kartei/others/ssh/neos.pub
diff --git a/krebs/3modules/external/ssh/qubasa.pub b/kartei/others/ssh/qubasa.pub
index a8ab605d8..a8ab605d8 100644
--- a/krebs/3modules/external/ssh/qubasa.pub
+++ b/kartei/others/ssh/qubasa.pub
diff --git a/krebs/3modules/external/ssh/raute.pub b/kartei/others/ssh/raute.pub
index 69b4d3d10..69b4d3d10 100644
--- a/krebs/3modules/external/ssh/raute.pub
+++ b/kartei/others/ssh/raute.pub
diff --git a/krebs/3modules/external/ssh/rtjure.pub b/kartei/others/ssh/rtjure.pub
index 4c69e1836..4c69e1836 100644
--- a/krebs/3modules/external/ssh/rtjure.pub
+++ b/kartei/others/ssh/rtjure.pub
diff --git a/krebs/3modules/external/ssh/shannan.pub b/kartei/others/ssh/shannan.pub
index ed89d702a..ed89d702a 100644
--- a/krebs/3modules/external/ssh/shannan.pub
+++ b/kartei/others/ssh/shannan.pub
diff --git a/krebs/3modules/external/ssh/ulrich.pub b/kartei/others/ssh/ulrich.pub
index 8ac69004c..8ac69004c 100644
--- a/krebs/3modules/external/ssh/ulrich.pub
+++ b/kartei/others/ssh/ulrich.pub
diff --git a/kartei/others/ssh/xkey.pub b/kartei/others/ssh/xkey.pub
new file mode 100644
index 000000000..a50522fce
--- /dev/null
+++ b/kartei/others/ssh/xkey.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwyWKyTjg00x1M1PCDBXbixmdZObZiMLAW0f9KGFvC
diff --git a/krebs/3modules/external/ssh/xq.pub b/kartei/others/ssh/xq.pub
index 2c23970e3..2c23970e3 100644
--- a/krebs/3modules/external/ssh/xq.pub
+++ b/kartei/others/ssh/xq.pub
diff --git a/krebs/3modules/external/tinc/hasegateway.pub b/kartei/others/tinc/hasegateway.pub
index ef6520e85..ef6520e85 100644
--- a/krebs/3modules/external/tinc/hasegateway.pub
+++ b/kartei/others/tinc/hasegateway.pub
diff --git a/krebs/3modules/external/tinc/horisa.pub b/kartei/others/tinc/horisa.pub
index 06d686ce3..06d686ce3 100644
--- a/krebs/3modules/external/tinc/horisa.pub
+++ b/kartei/others/tinc/horisa.pub
diff --git a/krebs/3modules/external/tinc/justraute.pub b/kartei/others/tinc/justraute.pub
index b4af349b7..b4af349b7 100644
--- a/krebs/3modules/external/tinc/justraute.pub
+++ b/kartei/others/tinc/justraute.pub
diff --git a/krebs/3modules/external/tinc/tpsw.pub b/kartei/others/tinc/tpsw.pub
index 38b0cb293..38b0cb293 100644
--- a/krebs/3modules/external/tinc/tpsw.pub
+++ b/kartei/others/tinc/tpsw.pub
diff --git a/kartei/oxzi/default.nix b/kartei/oxzi/default.nix
new file mode 100644
index 000000000..a4d23b01a
--- /dev/null
+++ b/kartei/oxzi/default.nix
@@ -0,0 +1,62 @@
+{ config, ... }: let
+ lib = import ../../lib;
+in {
+ users.oxzi = {
+ mail = "post@0x21.biz";
+ };
+ hosts = {
+ ancha = {
+ owner = config.krebs.users.oxzi;
+ nets.retiolum = {
+ aliases = [
+ "ancha.oxzi.r"
+ "gosh.r"
+ ];
+ ip4.addr = "10.243.32.1";
+ ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "ancha"; }).address;
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA5RSP7nWZ1c04kvQBxoHqcdRKpJuRDzD3f0Nl2KhS7QsAqHJGdK7T
+ RrsoZcvJaKIFnlohJ4T1YpGGcXqShhTmKt3sm/0awLhD+zTE8lAlvEj+lnCkHls8
+ eXO+VDB5FelibW/wEnvdImxKBaSVt4RLmMyTuzS9xklEq8Q+wMvzJktnV3pWJjYX
+ /JBYQEUHlrqXldBlKGHkU1KhFZHD/wzV5Ybkku4w1BHrMUHJNwHpTshD/QBDiJFj
+ iRA3e3Jfpp3qj2uWetGuP7NlFpZCh/fSrTqkAE8uShcFlplbgJIEGz2pp644maqw
+ XxRWPH1Iy5NHwVz/GSzQ67vsEunRJjueFQk8gxnhjh/CAlmE9VdxfGQOkejBAq+X
+ zCbqyflLPPz3Qx56TVpmAOY4gma7sfsaYAv+zv2paUxFKBfZrEL5UNoIevV9kZDn
+ nDixTQ6cDxHt3yCVzvwqTTBktZ0mYom43lvKSUnihDrQL1u338labFPtsZTOK4bo
+ 687ToSUC6u80VcnMTZxPFYOgTMjdCZPo+j1bhzmCQQCzcStRSeKRta+LOYb73Tjz
+ M6CwC9uaHDxhtmysXpZ4Qp83tfU6h/AsBJJpBdpkyLYXTq+E32pIq6RtKFFQL00O
+ /e0DzUzSB30oKLW1i2ZxWRQMVqvNdKsyq4glI4eRjnRmrnXOwTb7Y2MCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "oLvC/Y3jfGH4a8mBbv9eCCWKsx32gDGW/iCyia/fuBD";
+ };
+ };
+ marohu = {
+ owner = config.krebs.users.oxzi;
+ nets.retiolum = {
+ aliases = [
+ "marohu.oxzi.r"
+ ];
+ ip4.addr = "10.243.32.2";
+ ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "marohu"; }).address;
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAxHLkvuH9JMXay/fEmoWTEqLHg9A50EzkxPVBn4nyezgp5vxsUqJz
+ Ys0VnO6jjgz9T6N8u0CaavsqFy+X48A/+uB5nd/nGDZNaeTg+HUdznT4OFAJEaDi
+ uQREDsR5ZwmpI534eESHMdn5LSb/+5CUgj2xsoOBxnukALm1YccPxR0PPibCm+Z1
+ P8r+1+nBgIPv+cknTXzhWMF/L7UOXuyV3Jmk1BIhwYmzWVes6idtIyJwoCbssoQT
+ cl21Czvhwx63o/QEa81qKeCK3AAAnMbp1tAxnzl7Wr/cSoBYRgSIZkOQPEUNHvpF
+ fT9UzZ3DZyAOMWNjqiK1M93VruFYer05qO3jGgumDey/9gLjP6GMjBw9jVDNY9yn
+ 8mOKz9dkrP3v/A96Uqp+w/lYO87YrxA+h9BYY4jyPngGh0DoXddHLHAKco39vbq8
+ 4vQRsK5QNgquF7O9aBDMSrFosk1VFedpZQwC2LaXcjtI3aMq3vIURTbuWkutAjAd
+ p9a5dRa62pWk41n6yLmalCkqnHoqVUaft9wZIxbcrDLUso7QxY6kFhjADSijnr5B
+ HrBXJhNLGVjBD/W++l2CJ+L4njmy4eGrOTBvIzosCMbtgMtfuu7WSQhsjxTwclbD
+ utT3hmgxDPZydsvzRMsLNvNQwUoiLAL4mz27V9hYcJTKPAbUL3y8h48CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "q/DIqHkb/8Qu7OrCXaBeuxkT9XNPmxo8uF3GkFFC6rJ";
+ };
+ };
+ };
+}
diff --git a/krebs/3modules/external/palo.nix b/kartei/palo/default.nix
index aea1792f4..4caf41f87 100644
--- a/krebs/3modules/external/palo.nix
+++ b/kartei/palo/default.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ../../lib;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
@@ -12,8 +12,6 @@ with import <stockholm/lib>;
nets.wiregrill.ip6.addr =
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
});
- ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
- tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in {
hosts = mapAttrs hostDefaults {
@@ -24,7 +22,7 @@ in {
ip4.addr = "10.243.23.1";
tinc.port = 720;
aliases = [ "pepe.r" ];
- tinc.pubkey = tinc-for "palo";
+ tinc.pubkey = builtins.readFile ./retiolum.pub;
};
};
};
@@ -35,7 +33,7 @@ in {
ip4.addr = "10.243.23.2";
tinc.port = 720;
aliases = [ "schasch.r" ];
- tinc.pubkey = tinc-for "palo";
+ tinc.pubkey = builtins.readFile ./retiolum.pub;
};
};
syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ";
@@ -49,7 +47,7 @@ in {
aliases = [
"sterni.r"
];
- tinc.pubkey = tinc-for "palo";
+ tinc.pubkey = builtins.readFile ./retiolum.pub;
};
};
};
@@ -60,7 +58,7 @@ in {
ip4.addr = "10.243.23.5";
tinc.port = 720;
aliases = [ "workhorse.r" ];
- tinc.pubkey = tinc-for "palo";
+ tinc.pubkey = builtins.readFile ./retiolum.pub;
};
};
};
@@ -71,7 +69,7 @@ in {
ip4.addr = "10.243.23.4";
tinc.port = 720;
aliases = [ "workout.r" ];
- tinc.pubkey = tinc-for "palo";
+ tinc.pubkey = builtins.readFile ./retiolum.pub;
};
};
};
diff --git a/krebs/3modules/external/tinc/palo.pub b/kartei/palo/retiolum.pub
index 65284d51d..65284d51d 100644
--- a/krebs/3modules/external/tinc/palo.pub
+++ b/kartei/palo/retiolum.pub
diff --git a/kartei/rtunreal/default.nix b/kartei/rtunreal/default.nix
new file mode 100644
index 000000000..5f00e3d45
--- /dev/null
+++ b/kartei/rtunreal/default.nix
@@ -0,0 +1,51 @@
+with import ../../lib;
+{ config, ... }:
+let
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
+ ci = false;
+ external = true;
+ monitoring = false;
+ owner = config.krebs.users.rtunreal;
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum = {
+ ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ };
+ } // optionalAttrs (host.nets?wiregrill) {
+ nets.wiregrill = {
+ ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
+ };
+ });
+in
+{
+ users = rec {
+ rtunreal = {
+ # Mail is temporary as it will change in the future and I
+ # don't want it to be semi permanent
+ # mail: krebscotemp(a)user-sites[point]de
+ };
+ };
+ hosts = mapAttrs hostDefaults {
+ rtspinner = {
+ nets.retiolum = {
+ aliases = [ "spinner.rtunreal.r" ];
+ ip4.addr = "10.243.20.18";
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEApgnFW2hCP2Lf+CGMtzgiTyA9sphEKGzVtOTJy+LxZ/WchFU6QiU6
+ Dl5ybz/Bor25dbwvQCRsQo42gPb+xyjsoHGu2q1NVazMQobePjt/8Qzfqw+Ydz3e
+ CC0Lq2J7A5HkzHAevvSHjWh52EfAfu9PGnsszDyWY/oKY+JkBd3wdnE4VsZIhUU6
+ Zrmuq+JU53Wy4TAcd3JNStvTW3z7MK4BXxovTV3zSq9sg4a120dyrG/d/m35abvm
+ V20Qb9VPmG+861f7gBn45M1w9d4X+3Ev8zum60Lk9JDRETfnufbOsSWNFVk2nsc3
+ wpCYd+7FMq5hBf75At/pQ32kbsMkAMpQDJlHwE/xmhxYU2mzlMLY6JW1gspOt00C
+ iny5qqmhMoZ3r1VmGuu1aA00V+My+dj5i+pvZiUQ9DG2eYoKM43Var2XsU6lURpL
+ UhozcYkb+ax9mqlaPjq2BSYLNzmqTJc3FJY6CcyZxIi4aB8EhDeebYD7wIX115tf
+ wwMIJB9FgmvwBhL2K48P5p8lmxU0sNidvv/Gnr3Fgf1p+jEo8BC9hDK3gigD0lqo
+ AGmRrjHQN7AjysTMTllDj8RSoO2LhOYTxVtcMsQnPJ9hfFrgnSpSZok64y0h+QJG
+ q2WZRBwRYORC7JfKNbE6drRtM6DXccMxOM0eQXoDvg3D5Xg4aqWy3ikCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "eHWJxlhbUQY0rT2PLqbqb9W4hf7zHh3+gEIRaGrxAdB";
+ };
+ };
+ };
+}
diff --git a/kartei/template/default.nix b/kartei/template/default.nix
new file mode 100644
index 000000000..2acf78d38
--- /dev/null
+++ b/kartei/template/default.nix
@@ -0,0 +1,20 @@
+{ config, ... }: let
+ lib = import ../../lib;
+in {
+ users.DUMMYUSER = {
+ mail = "DUMMYUSER@example.ork";
+ };
+ hosts.DUMMYHOST = {
+ owner = config.krebs.users.DUMMYUSER;
+ nets.retiolum = {
+ aliases = [ "DUMMYHOST.DUMMYUSER.r" ];
+ ip6.addr = (lib.krebs.genipv6 "retiolum" "DUMMYUSER" { hostName = "DUMMYHOST"; }).address;
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ DUMMYTINCPUBKEYRSA
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "DUMMYTINCPUBKEYED25519";
+ };
+ };
+}
diff --git a/krebs/3modules/tv/default.nix b/kartei/tv/default.nix
index 016d5ca9f..f7e86c598 100644
--- a/krebs/3modules/tv/default.nix
+++ b/kartei/tv/default.nix
@@ -1,4 +1,4 @@
-with import ../../../lib;
+with import ../../lib;
{ config, ... }: let
evalHost = hostName: hostConfig: evalSubmodule types.host [
@@ -169,8 +169,10 @@ in {
cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
+ search.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
+ search.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
krebsco.de. 60 IN MX 5 ni
- krebsco.de. 60 IN TXT v=spf1 mx -all
+ krebsco.de. 60 IN TXT "v=spf1 mx -all"
tv 300 IN NS ni
'';
};
@@ -196,6 +198,8 @@ in {
aliases = [
"ni.r"
"cgit.ni.r"
+ "krebs.ni.r"
+ "search.ni.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -316,7 +320,6 @@ in {
aliases = [
"xu.r"
"cgit.xu.r"
- "krebs.xu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -366,7 +369,7 @@ in {
"http://cgit.krebsco.de" = {
desc = "Git repositories";
};
- "http://krebs.xu.r" = {
+ "http://krebs.ni.r" = {
desc = "krebs-pages mirror";
};
};
diff --git a/krebs/3modules/tv/pgp/CBF89B0B.asc b/kartei/tv/pgp/CBF89B0B.asc
index e059116ae..e059116ae 100644
--- a/krebs/3modules/tv/pgp/CBF89B0B.asc
+++ b/kartei/tv/pgp/CBF89B0B.asc
diff --git a/krebs/3modules/tv/wiregrill/alnus.pub b/kartei/tv/wiregrill/alnus.pub
index de85e54da..de85e54da 100644
--- a/krebs/3modules/tv/wiregrill/alnus.pub
+++ b/kartei/tv/wiregrill/alnus.pub
diff --git a/krebs/3modules/tv/wiregrill/mu.pub b/kartei/tv/wiregrill/mu.pub
index 18edc8986..18edc8986 100644
--- a/krebs/3modules/tv/wiregrill/mu.pub
+++ b/kartei/tv/wiregrill/mu.pub
diff --git a/krebs/3modules/tv/wiregrill/ni.pub b/kartei/tv/wiregrill/ni.pub
index 257b29833..257b29833 100644
--- a/krebs/3modules/tv/wiregrill/ni.pub
+++ b/kartei/tv/wiregrill/ni.pub
diff --git a/krebs/3modules/tv/wiregrill/nomic.pub b/kartei/tv/wiregrill/nomic.pub
index be9c94be6..be9c94be6 100644
--- a/krebs/3modules/tv/wiregrill/nomic.pub
+++ b/kartei/tv/wiregrill/nomic.pub
diff --git a/krebs/3modules/tv/wiregrill/querel.pub b/kartei/tv/wiregrill/querel.pub
index 2273cf99d..2273cf99d 100644
--- a/krebs/3modules/tv/wiregrill/querel.pub
+++ b/kartei/tv/wiregrill/querel.pub
diff --git a/krebs/3modules/tv/wiregrill/umz.pub b/kartei/tv/wiregrill/umz.pub
index c041b5eee..c041b5eee 100644
--- a/krebs/3modules/tv/wiregrill/umz.pub
+++ b/kartei/tv/wiregrill/umz.pub
diff --git a/krebs/3modules/tv/wiregrill/wu.pub b/kartei/tv/wiregrill/wu.pub
index 0d25d9de9..0d25d9de9 100644
--- a/krebs/3modules/tv/wiregrill/wu.pub
+++ b/kartei/tv/wiregrill/wu.pub
diff --git a/krebs/3modules/tv/wiregrill/xu.pub b/kartei/tv/wiregrill/xu.pub
index ba0c7dd04..ba0c7dd04 100644
--- a/krebs/3modules/tv/wiregrill/xu.pub
+++ b/kartei/tv/wiregrill/xu.pub
diff --git a/krebs/3modules/tv/wiregrill/zu.pub b/kartei/tv/wiregrill/zu.pub
index 0238dd653..0238dd653 100644
--- a/krebs/3modules/tv/wiregrill/zu.pub
+++ b/kartei/tv/wiregrill/zu.pub
diff --git a/kartei/xkey/default.nix b/kartei/xkey/default.nix
new file mode 100644
index 000000000..a8a6648ce
--- /dev/null
+++ b/kartei/xkey/default.nix
@@ -0,0 +1,126 @@
+with import ../../lib;
+{ config, ... }:
+let
+ maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else [];
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
+ ci = false;
+ external = true;
+ monitoring = false;
+ owner = config.krebs.users.kmein;
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum = {
+ ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ };
+ } // optionalAttrs (host.nets?wiregrill) {
+ nets.wiregrill = {
+ ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
+ };
+ });
+ ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
+in
+{
+ users = rec {
+ xkey = {
+ mail = "xkey@krebsco.de";
+ pubkey = ssh-for "xkey";
+ };
+ };
+ hosts = mapAttrs hostDefaults {
+ aland = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.12.34";
+ aliases = [ "aland.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY
+ CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU
+ plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb
+ DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx
+ aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+
+ OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1
+ ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X
+ TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa
+ aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX
+ zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf
+ VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A";
+ };
+ };
+ };
+ catalonia = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.13.12";
+ aliases = [ "catalonia.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
+ gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA
+ VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE
+ Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e
+ FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ
+ HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3
+ mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3
+ zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6
+ sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3
+ ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf
+ vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL";
+ };
+ };
+ };
+ rojava = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.23.42";
+ aliases = [ "rojava.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
+ B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
+ HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
+ Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
+ lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
+ +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
+ 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
+ vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
+ HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
+ XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
+ yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
+ };
+ };
+ };
+ sicily = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.161.1";
+ aliases = [ "sicily.r" "mukke.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
+ aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam
+ xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod
+ 1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/
+ IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7
+ KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC
+ 7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L
+ LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp
+ T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB
+ w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO
+ 8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN";
+ };
+ };
+ };
+ };
+}
diff --git a/kartei/xkey/ssh/xkey.pub b/kartei/xkey/ssh/xkey.pub
new file mode 100644
index 000000000..a50522fce
--- /dev/null
+++ b/kartei/xkey/ssh/xkey.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwyWKyTjg00x1M1PCDBXbixmdZObZiMLAW0f9KGFvC
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index cf07d3b4d..9849937d5 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -13,12 +13,16 @@
<stockholm/krebs/2configs/acme.nix>
<stockholm/krebs/2configs/mud.nix>
+ <stockholm/krebs/2configs/cal.nix>
+ <stockholm/krebs/2configs/mastodon.nix>
+
## shackie irc bot
<stockholm/krebs/2configs/shack/reaktor.nix>
];
krebs.build.host = config.krebs.hosts.hotdog;
krebs.github-hosts-sync.enable = true;
+ krebs.pages.enable = true;
boot.isContainer = true;
networking.useDHCP = false;
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix
index 8250ebad9..2f55995cf 100644
--- a/krebs/1systems/ponte/config.nix
+++ b/krebs/1systems/ponte/config.nix
@@ -7,5 +7,31 @@
<stockholm/krebs/2configs/matterbridge.nix>
];
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+ networking.firewall.logRefusedConnections = false;
+ networking.firewall.logRefusedUnicastsOnly = false;
+
+ # Move Internet-facing SSH port to reduce logspam.
+ networking.firewall.extraCommands = let
+ host = config.krebs.build.host;
+ in /* sh */ ''
+ iptables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22
+ iptables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22
+ iptables -t nat -A PREROUTING -d ${host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT
+ iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0
+
+ ip6tables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22
+ ip6tables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22
+ ip6tables -t nat -A PREROUTING -d ${host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT
+ ip6tables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0
+ '';
+
krebs.build.host = config.krebs.hosts.ponte;
+
+ krebs.pages.enable = true;
+ krebs.pages.nginx.addSSL = true;
+ krebs.pages.nginx.enableACME = true;
+
+ security.acme.acceptTerms = true;
+ security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de";
}
diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix
new file mode 100644
index 000000000..90093e8eb
--- /dev/null
+++ b/krebs/2configs/cal.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+{
+ users.users.testing = {
+ uid = pkgs.stockholm.lib.genid_uint31 "testing";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.xkey.pubkey
+ config.krebs.users.lass.pubkey
+ ];
+ packages = [
+ pkgs.calendar-cli
+ pkgs.tmux
+ ];
+ };
+
+ services.xandikos = {
+ enable = true;
+ extraOptions = [
+ "--autocreate"
+ "--defaults"
+ "--current-user-principal /krebs"
+ "--dump-dav-xml"
+ ];
+ };
+
+ services.nginx = {
+ enable = true;
+
+ virtualHosts = {
+ "calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/";
+ };
+ };
+}
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 38d770316..fffe128e6 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -27,9 +27,6 @@ with import <stockholm/lib>;
];
console.keyMap = "us";
- i18n = {
- defaultLocale = lib.mkForce "C";
- };
programs.ssh.startAgent = false;
@@ -60,4 +57,7 @@ with import <stockholm/lib>;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
+
+ # maybe fix Error: unsupported locales detected:
+ i18n.defaultLocale = mkDefault "C.UTF-8";
}
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
index 82f8ec942..01597f49f 100644
--- a/krebs/2configs/exim-smarthost.nix
+++ b/krebs/2configs/exim-smarthost.nix
@@ -16,6 +16,14 @@ in {
tv
];
eloop-ml = spam-ml;
+ krebstel-ml = [
+ config.krebs.users."0x4A6F"
+ { mail = "krebstel-1rxz0mqa95nkmk298s1731ly0ii7vc36kkm36pnjj89hrq52pgn1@ni.r"; }
+ { mail = "krebstel-1difh7483axpiaq92ghi14r5cql822wbhixqb0nn3y3jkcj0b785@ni.r"; }
+ { mail = "lass@green.r"; }
+ tv
+ xkey
+ ];
spam-ml = [
lass
makefu
@@ -28,6 +36,7 @@ in {
"spam@eloop.org" = eloop-ml;
"youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead
"postmaster@krebsco.de" = spam-ml; # RFC 822
+ "krebstel@krebsco.de" = krebstel-ml;
"lass@krebsco.de" = lass;
"makefu@krebsco.de" = makefu;
"spam@krebsco.de" = spam-ml;
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index c6c91e074..a802b8a25 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,9 +5,9 @@
6667
];
- krebs.ergo = {
+ services.ergochat = {
enable = true;
- config = {
+ settings = {
server.secure-nets = [
"42::0/16"
"10.240.0.0/12"
diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix
new file mode 100644
index 000000000..4d359c3fe
--- /dev/null
+++ b/krebs/2configs/mastodon-proxy.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+{
+ services.nginx = {
+ enable = true;
+ virtualHosts."social.krebsco.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ # TODO use this in 22.11
+ # recommendedProxySettings = true;
+ proxyPass = "http://hotdog.r";
+ proxyWebsockets = true;
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ '';
+ };
+ };
+ };
+}
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
new file mode 100644
index 000000000..145b383ed
--- /dev/null
+++ b/krebs/2configs/mastodon.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+{
+ services.postgresql = {
+ enable = true;
+ dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+ package = pkgs.postgresql_11;
+ };
+ systemd.tmpfiles.rules = [
+ "d /var/state/postgresql 0700 postgres postgres -"
+ ];
+
+ services.mastodon = {
+ enable = true;
+ localDomain = "social.krebsco.de";
+ configureNginx = true;
+ trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
+ smtp.createLocally = false;
+ smtp.fromAddress = "derp";
+ };
+
+ services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
+ forceSSL = lib.mkForce false;
+ enableACME = lib.mkForce false;
+ locations."@proxy".extraConfig = ''
+ proxy_redirect off;
+ proxy_pass_header Server;
+ proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+ '';
+ };
+
+ networking.firewall.allowedTCPPorts = [
+ 80
+ ];
+
+ environment.systemPackages = [
+ (pkgs.writers.writeDashBin "tootctl" ''
+ sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+ '')
+ (pkgs.writers.writeDashBin "create-mastodon-user" ''
+ set -efu
+ nick=$1
+ /run/current-system/sw/bin/tootctl accounts create "$nick" --email "$nick"@krebsco.de --confirmed
+ /run/current-system/sw/bin/tootctl accounts approve "$nick"
+ '')
+ ];
+}
diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix
index a68aa292c..b96dea300 100644
--- a/krebs/2configs/matterbridge.nix
+++ b/krebs/2configs/matterbridge.nix
@@ -10,14 +10,10 @@
Charset = "utf-8";
};
telegram.krebs.Token = bridgeBotToken;
- irc = let
+ irc.hackint = {
+ Server = "irc.hackint.org:6697";
+ UseTLS = true;
Nick = "ponte";
- in {
- hackint = {
- Server = "irc.hackint.org:6697";
- UseTLS = true;
- inherit Nick;
- };
};
gateway = [
{
diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix
index b7728986f..07674c86e 100644
--- a/krebs/2configs/news-host.nix
+++ b/krebs/2configs/news-host.nix
@@ -4,10 +4,7 @@
"shodan"
"mors"
"styx"
- "puyak"
];
- hostIp = "10.233.2.101";
- localIp = "10.233.2.102";
format = "plain";
};
}
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 3649aeeea..d6c6371da 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -68,8 +68,8 @@
wantedBy = [ "multi-user.target" ];
};
- krebs.ergo.openFilesLimit = 16384;
- krebs.ergo.config = {
+ services.ergochat.openFilesLimit = 16384;
+ services.ergochat.settings = {
limits.nicklen = 100;
limits.identlen = 100;
history.enabled = false;
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index afaac9dae..13b59fa82 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -51,6 +51,77 @@ let
};
};
+ confuse = {
+ pattern = "^!confuse (.*)$";
+ activate = "match";
+ arguments = [1];
+ command = {
+ filename = pkgs.writeDash "confuse" ''
+ set -efux
+
+ export PATH=${makeBinPath [
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.stable-generate
+ ]}
+ stable_url=$(stable-generate "$@")
+ paste_url=$(curl -Ss "$stable_url" |
+ curl -Ss http://p.r --data-binary @- |
+ tail -1
+ )
+ echo "$_from: $paste_url"
+ '';
+ };
+ };
+
+ confuse_hackint = {
+ pattern = "^!confuse (.*)$";
+ activate = "match";
+ arguments = [1];
+ command = {
+ filename = pkgs.writeDash "confuse" ''
+ set -efu
+ export PATH=${makeBinPath [
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.stable-generate
+ ]}
+ case $_msgtarget in \#*)
+ stable_url=$(stable-generate "$@")
+ paste_url=$(curl -Ss "$stable_url" |
+ curl -Ss https://p.krebsco.de --data-binary @- |
+ tail -1
+ )
+ echo "$_from: $paste_url"
+ esac
+ '';
+ };
+ };
+
+ say = {
+ pattern = "^!say (.*)$";
+ activate = "match";
+ arguments = [1];
+ command = {
+ filename = pkgs.writeDash "say" ''
+ set -efu
+
+ export PATH=${makeBinPath [
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.opusTools
+ ]}
+ paste_url=$(printf '%s' "$1" |
+ curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' |
+ opusenc - - |
+ curl -Ss https://p.krebsco.de --data-binary @- |
+ tail -1
+ )
+ echo "$_from: $paste_url"
+ '';
+ };
+ };
+
taskRcFile = builtins.toFile "taskrc" ''
confirmation=no
'';
@@ -112,7 +183,7 @@ let
}
'';
- systemPlugin = {
+ systemPlugin = { extra_privmsg_hooks ? [] }: {
plugin = "system";
config = {
workdir = stateDir;
@@ -185,8 +256,9 @@ let
};
}
{
- pattern = "18@p";
+ pattern = ''^18@p\s+(\S+)\s+(\d+)m$'';
activate = "match";
+ arguments = [1 2];
command = {
env = {
CACHE_DIR = "${stateDir}/krebsfood";
@@ -196,45 +268,36 @@ let
osm-restaurants-src = pkgs.fetchFromGitHub {
owner = "kmein";
repo = "scripts";
- rev = "66b2068d548d3418c81dd093bba3f80248c68196";
- sha256 = "059sp2lz54iwklswaxv9w703sbm2vv7p0ccig10gsqshriq6v58z";
+ rev = "dda381be26abff73a0cf364c6dfff6e1701f41ee";
+ sha256 = "sha256-J7jGWZeAULDA1EkO50qx+hjl+5IsUj389pUUMreKeNE=";
};
osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {};
in pkgs.writeDash "krebsfood" ''
set -efu
- ecke_lat=52.51252
- ecke_lon=13.41740
- ${osm-restaurants}/bin/osm-restaurants --radius 500 --latitude "$ecke_lat" --longitude "$ecke_lon" \
- | ${pkgs.jq}/bin/jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"'
- '
- '';
- };
- }
- {
- pattern = ''^([\H-]*?):?\s+([+-][1-9][0-9]*)\s+(\S+)$'';
- activate = "match";
- arguments = [1 2 3];
- command = {
- env = {
- # TODO; get state as argument
- state_file = "${stateDir}/ledger";
- };
- filename = pkgs.writeDash "ledger-add" ''
- set -x
- tonick=$1
- amt=$2
- unit=$3
- printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
- ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
- | ${pkgs.coreutils}/bin/tail +2 \
- | ${pkgs.miller}/bin/mlr --icsv --opprint cat \
- | ${pkgs.gnugrep}/bin/grep "$_from"
+ export PATH=${makeBinPath [
+ osm-restaurants
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.jq
+ ]}
+ poi=$(curl -fsS http://c.r/poi.json | jq --arg name "$1" '.[$name]')
+ if [ "$poi" = null ]; then
+ latitude=52.51252
+ longitude=13.41740
+ else
+ latitude=$(echo "$poi" | jq -r .latitude)
+ longitude=$(echo "$poi" | jq -r .longitude)
+ fi
+
+ restaurant=$(osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude")
+ printf '%s' "$restaurant" | tail -1 | jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"'
'';
};
}
bedger-add
bedger-balance
hooks.sed
+ say
(generators.command_hook {
inherit (commands) dance random-emoji nixos-version;
tell = {
@@ -251,7 +314,7 @@ let
};
})
(task "agenda")
- ];
+ ] ++ extra_privmsg_hooks;
};
};
@@ -411,7 +474,11 @@ in {
];
};
}
- systemPlugin
+ (systemPlugin {
+ extra_privmsg_hooks = [
+ confuse_hackint
+ ];
+ })
];
username = "reaktor2";
port = "6697";
@@ -429,7 +496,11 @@ in {
];
};
}
- systemPlugin
+ (systemPlugin {
+ extra_privmsg_hooks = [
+ confuse
+ ];
+ })
];
username = "reaktor2";
};
diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
index 74a77a0ed..cb5d236ac 100644
--- a/krebs/2configs/security-workarounds.nix
+++ b/krebs/2configs/security-workarounds.nix
@@ -4,10 +4,15 @@
nixpkgs.overlays = [
(self: super: {
exim =
- super.exim.overrideAttrs (old: {
+ super.exim.overrideAttrs (old: let
+ key = if builtins.hasAttr "preBuild" old then
+ "preBuild"
+ else
+ "configurePhase";
+ in {
buildInputs = old.buildInputs ++ [ self.gnutls ];
- preBuild = /* sh */ ''
- ${old.preBuild}
+ ${key} = /* sh */ ''
+ ${old.${key}}
sed -Ei '
s:^USE_OPENSSL=.*:# &:
s:^# (USE_GNUTLS)=.*:\1=yes:
diff --git a/krebs/2configs/shack/doorstatus.sh b/krebs/2configs/shack/doorstatus.sh
index 46314cb9c..aa6c1c3d1 100755
--- a/krebs/2configs/shack/doorstatus.sh
+++ b/krebs/2configs/shack/doorstatus.sh
@@ -54,7 +54,8 @@ Herr makefu an Kasse 3 bitte, Kasse 3 bitte Herr makefu. Der API Computer ist ma
EOF
)
-state=$(curl -fSsk https://api.shackspace.de/v1/space | jq .doorState.open)
+payload=$(curl -fSsk https://api.shackspace.de/v1/space)
+state=$(printf '%s' "$payload" | jq .doorState.open)
prevstate=$(cat state ||:)
if test "$state" == "$(cat state)";then
diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix
index 0f85b27c0..022da5884 100644
--- a/krebs/3modules/ci/default.nix
+++ b/krebs/3modules/ci/default.nix
@@ -115,6 +115,7 @@ let
build_name = stage,
build_script = stages[stage],
),
+ timeout = 3600,
command="${pkgs.writeDash "build.sh" ''
set -xefu
profile=${shell.escape profileRoot}/$build_name
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 01436d352..6babac72e 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -6,6 +6,7 @@ let
out = {
imports = [
+ ../../kartei
./acl.nix
./airdcpp.nix
./announce-activation.nix
@@ -19,7 +20,6 @@ let
./ci
./current.nix
./dns.nix
- ./ergo.nix
./exim-retiolum.nix
./exim-smarthost.nix
./exim.nix
@@ -34,6 +34,7 @@ let
./iptables.nix
./kapacitor.nix
./konsens.nix
+ ./krebs-pages.nix
./monit.nix
./nixpkgs.nix
./on-failure.nix
@@ -48,6 +49,7 @@ let
./secret.nix
./setuid.nix
./shadow.nix
+ ./sitemap.nix
./ssl.nix
./sync-containers.nix
./systemd.nix
@@ -55,6 +57,7 @@ let
./tinc_graphs.nix
./upstream
./urlwatch.nix
+ ./users.nix
./xresources.nix
./zones.nix
];
@@ -65,15 +68,6 @@ let
api = {
enable = mkEnableOption "krebs";
- users = mkOption {
- type = with types; attrsOf user;
- };
-
- sitemap = mkOption {
- default = {};
- type = types.attrsOf types.sitemap.entry;
- };
-
zone-head-config = mkOption {
type = with types; attrsOf str;
description = ''
@@ -90,49 +84,13 @@ let
@ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
IN NS ns19.ovh.net.
IN NS dns19.ovh.net.
- IN A 185.199.108.153
- IN A 185.199.109.153
- IN A 185.199.110.153
- IN A 185.199.111.153
'';
};
};
};
imp = lib.mkMerge [
- { krebs = import ./external { inherit config; }; }
- { krebs = import ./external/dbalan.nix { inherit config; }; }
- { krebs = import ./external/kmein.nix { inherit config; }; }
- { krebs = import ./external/mic92.nix { inherit config; }; }
- { krebs = import ./external/palo.nix { inherit config; }; }
- { krebs = import ./jeschli { inherit config; }; }
- { krebs = import ./krebs { inherit config; }; }
- { krebs = import ./lass { inherit config; }; }
- { krebs = import ./makefu { inherit config; }; }
- { krebs = import ./tv { inherit config; }; }
{
- krebs.dns.providers = {
- "krebsco.de" = "zones";
- shack = "hosts";
- i = "hosts";
- r = "hosts";
- w = "hosts";
- };
-
- krebs.dns.search-domain = mkDefault "r";
-
- krebs.users = {
- krebs = {
- home = "/krebs";
- mail = "spam@krebsco.de";
- };
- root = {
- home = "/root";
- pubkey = config.krebs.build.host.ssh.pubkey;
- uid = 0;
- };
- };
-
services.openssh.hostKeys =
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) [privkey];
diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix
index 8acc4ccd8..8a74d3067 100644
--- a/krebs/3modules/dns.nix
+++ b/krebs/3modules/dns.nix
@@ -1,12 +1,21 @@
with import <stockholm/lib>;
-{
+{ config, ... }: {
options = {
krebs.dns.providers = mkOption {
type = types.attrsOf types.str;
};
-
krebs.dns.search-domain = mkOption {
type = types.nullOr types.hostname;
};
};
+ config = mkIf config.krebs.enable {
+ krebs.dns.providers = {
+ "krebsco.de" = "zones";
+ shack = "hosts";
+ i = "hosts";
+ r = "hosts";
+ w = "hosts";
+ };
+ krebs.dns.search-domain = mkDefault "r";
+ };
}
diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix
deleted file mode 100644
index 50c5ab628..000000000
--- a/krebs/3modules/ergo.nix
+++ /dev/null
@@ -1,133 +0,0 @@
-{ config, lib, options, pkgs, ... }: {
- options = {
- krebs.ergo = {
- enable = lib.mkEnableOption "Ergo IRC daemon";
- openFilesLimit = lib.mkOption {
- type = lib.types.int;
- default = 1024;
- description = ''
- Maximum number of open files. Limits the clients and server connections.
- '';
- };
- config = lib.mkOption {
- type = (pkgs.formats.json {}).type;
- description = ''
- Ergo IRC daemon configuration file.
- https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml
- '';
- default = {
- network = {
- name = "krebstest";
- };
- server = {
- name = "${config.networking.hostName}.r";
- listeners = {
- ":6667" = {};
- };
- casemapping = "permissive";
- enforce-utf = true;
- lookup-hostnames = false;
- ip-cloaking = {
- enabled = false;
- };
- forward-confirm-hostnames = false;
- check-ident = false;
- relaymsg = {
- enabled = false;
- };
- max-sendq = "1M";
- ip-limits = {
- count = false;
- throttle = false;
- };
- };
- datastore = {
- autoupgrade = true;
- path = "/var/lib/ergo/ircd.db";
- };
- accounts = {
- authentication-enabled = true;
- registration = {
- enabled = true;
- allow-before-connect = true;
- throttling = {
- enabled = true;
- duration = "10m";
- max-attempts = 30;
- };
- bcrypt-cost = 4;
- email-verification.enabled = false;
- };
- multiclient = {
- enabled = true;
- allowed-by-default = true;
- always-on = "opt-out";
- auto-away = "opt-out";
- };
- };
- channels = {
- default-modes = "+ntC";
- registration = {
- enabled = true;
- };
- };
- limits = {
- nicklen = 32;
- identlen = 20;
- channellen = 64;
- awaylen = 390;
- kicklen = 390;
- topiclen = 390;
- };
- history = {
- enabled = true;
- channel-length = 2048;
- client-length = 256;
- autoresize-window = "3d";
- autoreplay-on-join = 0;
- chathistory-maxmessages = 100;
- znc-maxmessages = 2048;
- restrictions = {
- expire-time = "1w";
- query-cutoff = "none";
- grace-period = "1h";
- };
- retention = {
- allow-individual-delete = false;
- enable-account-indexing = false;
- };
- tagmsg-storage = {
- default = false;
- whitelist = [
- "+draft/react"
- "+react"
- ];
- };
- };
- };
- };
- };
- };
- config = let
- cfg = config.krebs.ergo;
- configFile = pkgs.writeJSON "ergo.conf" cfg.config;
- in lib.mkIf cfg.enable ({
- environment.etc."ergo.yaml".source = configFile;
- krebs.ergo.config =
- lib.mapAttrsRecursive (_: lib.mkDefault) options.krebs.ergo.config.default;
- systemd.services.ergo = {
- description = "Ergo IRC daemon";
- wantedBy = [ "multi-user.target" ];
- # reload currently not working as expected
- # reloadIfChanged = true;
- restartTriggers = [ configFile ];
- serviceConfig = {
- ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml";
- ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
- DynamicUser = true;
- StateDirectory = "ergo";
- LimitNOFILE = "${toString cfg.openFilesLimit}";
- };
- };
- });
-}
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index fe149448b..7c176d224 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -12,6 +12,8 @@ let
api = {
enable = mkEnableOption "krebs.exim-smarthost";
+ enableSPFVerification = mkEnableOption "SPF verification";
+
authenticators = mkOption {
type = types.attrsOf types.str;
default = {};
@@ -123,10 +125,12 @@ let
# XXX We abuse local_domains to mean "domains, we're the gateway for".
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
+ domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains}
hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts}
- acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
+ acl_smtp_mail = acl_check_mail
+ acl_smtp_rcpt = acl_check_rcpt
never_users = root
@@ -173,11 +177,46 @@ let
acl_check_data:
warn
- sender_domains = ${concatStringsSep ":" cfg.sender_domains}
+ sender_domains = +sender_domains
set acl_m_special_dom = $sender_address_domain
accept
+ acl_check_mail:
+ ${if cfg.enableSPFVerification then indent /* exim */ ''
+ accept
+ authenticated = *
+ accept
+ hosts = +relay_from_hosts
+ deny
+ spf = fail : softfail
+ log_message = spf=$spf_result
+ message = SPF validation failed: \
+ $sender_host_address is not allowed to send mail from \
+ ''${if def:sender_address_domain\
+ {$sender_address_domain}\
+ {$sender_helo_name}}
+ deny
+ spf = permerror
+ log_message = spf=$spf_result
+ message = SPF validation failed: \
+ syntax error in SPF record(s) for \
+ ''${if def:sender_address_domain\
+ {$sender_address_domain}\
+ {$sender_helo_name}}
+ defer
+ spf = temperror
+ log_message = spf=$spf_result; deferred
+ message = temporary error during SPF validation; \
+ please try again later
+ warn
+ spf = none : neutral
+ log_message = spf=$spf_result
+ accept
+ add_header = $spf_received
+ '' else indent /* exim */ ''
+ accept
+ ''}
begin routers
diff --git a/krebs/3modules/external/ssh/xkey.pub b/krebs/3modules/external/ssh/xkey.pub
deleted file mode 100644
index cd09f06bb..000000000
--- a/krebs/3modules/external/ssh/xkey.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZFKgFcAEGXcsssJxDeUVvOTKD0U4LlT2Yw85+WmMTj
diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix
index ae0136303..bd1bb1652 100644
--- a/krebs/3modules/hosts.nix
+++ b/krebs/3modules/hosts.nix
@@ -11,7 +11,7 @@ in {
};
};
- config = {
+ config = mkIf config.krebs.enable {
networking.hosts =
filterAttrs
(_name: value: value != [])
diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix
index 375e26974..b760ea671 100644
--- a/krebs/3modules/htgen.nix
+++ b/krebs/3modules/htgen.nix
@@ -2,6 +2,12 @@
with import <stockholm/lib>;
let
+ optionalAttr = name: value:
+ if name != null then
+ { ${name} = value; }
+ else
+ {};
+
cfg = config.krebs.htgen;
out = {
@@ -30,8 +36,15 @@ let
};
script = mkOption {
- type = types.str;
+ type = types.nullOr types.str;
+ default = null;
+ };
+
+ scriptFile = mkOption {
+ type = types.nullOr (types.either types.package types.pathname);
+ default = null;
};
+
user = mkOption {
type = types.user;
default = {
@@ -54,8 +67,10 @@ let
after = [ "network.target" ];
environment = {
HTGEN_PORT = toString htgen.port;
- HTGEN_SCRIPT = htgen.script;
- };
+ }
+ // optionalAttr "HTGEN_SCRIPT" htgen.script
+ // optionalAttr "HTGEN_SCRIPT_FILE" htgen.scriptFile
+ ;
serviceConfig = {
SyslogIdentifier = "htgen";
User = htgen.user.name;
diff --git a/krebs/3modules/krebs-pages.nix b/krebs/3modules/krebs-pages.nix
new file mode 100644
index 000000000..a2a5b723e
--- /dev/null
+++ b/krebs/3modules/krebs-pages.nix
@@ -0,0 +1,44 @@
+{ config, modulesPath, pkgs, ... }: let
+ cfg = config.krebs.pages;
+ lib = import ../../lib;
+ extraTypes.nginx-vhost = lib.types.submodule (
+ lib.recursiveUpdate
+ (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix")
+ { inherit config lib; })
+ {}
+ );
+in {
+ options.krebs.pages = {
+ enable = lib.mkEnableOption "krebs-pages";
+ domain = lib.mkOption {
+ type = lib.types.hostname;
+ default = "krebsco.de";
+ };
+ nginx = lib.mkOption {
+ type = extraTypes.nginx-vhost;
+ default = {};
+ example = lib.literalExpression /* nix */ ''
+ {
+ # To enable encryption and let let's encrypt take care of certificate
+ enableACME = true;
+ forceSSL = true;
+ }
+ '';
+ description = lib.mkDoc ''
+ With this option, you can customize the nginx virtualHost settings.
+ '';
+ };
+ package = lib.mkOption {
+ type = lib.types.package;
+ default = pkgs.krebs-pages;
+ };
+ };
+ config = lib.mkIf cfg.enable {
+ services.nginx = {
+ enable = lib.mkDefault true;
+ virtualHosts.${cfg.domain} = lib.mkMerge [ cfg.nginx {
+ root = lib.mkForce cfg.package;
+ }];
+ };
+ };
+}
diff --git a/krebs/3modules/lass/pgp/yubikey.pgp b/krebs/3modules/lass/pgp/yubikey.pgp
deleted file mode 100644
index d7b3c29c5..000000000
--- a/krebs/3modules/lass/pgp/yubikey.pgp
+++ /dev/null
@@ -1,109 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBF2iTTQBEAChyVXMTAd7NWUHV1iepW+ZjvCedpr5AQR7kT6btSYPJCjiCNEy
-aCesw0OFyodQDhEZhKldBdvCnvTxKF/GtBuSKrvFhm7uxJgtT7/VS82IB57Ezmog
-3AaX95D7tRHKf0I0coWKk+5Yaq2SpNyjTYmG65y93/Hf1PMt4v+oySGfEz/f+R4P
-rsyIJBfpXOyVKwd7zy4Hj0mqzbsNy9aP7Fk3zMUv+M3A0D33XCd+dm/ogzQpI4vw
-xlzd5my5R+b7uGwrCHZg9Egp4gbeSChgQc/5ZIcYrUncVVP6OMAjlHfdJFQEOmru
-eLtuoXwSSSlU8c85O2PV/1/ClkrGGn2zT+UmKnOz1RK405MCOB35wkyboZ4efk2m
-28LVoYRaoN1yTW7c3CsHpOAIXLsP91LmcHmRI59UHAkNmtlZKS95titv6Dwe3yZj
-iyOE7McfxpxR0K9P3vUSr42XRYHLJFQuZDCDeReMomGzy8X9EQhUi0cH1BcfZfSD
-dvcXC9IWpdWickU2wFkDkTECSyJTbC4JPpTQQtj/LAP+zya3tdobnpPn9Msj99WX
-yLFkKUGWy9yxmDRYst6ErAZMY84J+dqZkm+mLQw9x1jKWIVZDNlwP+Jrz7VMqc1g
-S2gg1BVl6Nts8Z7foZV6w5IYLr7g3noUm7+NhD83jKTJw8AsHU5RIaJnwwARAQAB
-tB1sYXNzdWx1cyA8bGFzc3VsdXNAbGFzc3VsLnVzPokCTAQTAQoANhYhBNvNdXhG
-Bps5LqlAHWZXvoqNHugHBQJdok00AhsBBAsJCAcEFQoJCAUWAgMBAAIeAQIXgAAK
-CRBmV76KjR7oB3AdD/0TaW3wUWaUhNr5B3clDrTOHL94Ztzsg/Xjr1b/KT1sygad
-WAanuwGvdmFr4x+eshrTijIXmh5giBwi+QnG7+VX2hlOKuJ+j+0zR2n7i4KVwAuQ
-SRcQ8TGnBCrWLl80NjnGOky5Nmq4qCzpxhtuFcWixaqlBa3GnXDfecDfBDrcD1T9
-z63gPJ2Ghovoub1UGp01A+4ZBXD4yc1ZEGmhLFA8Aih4BPdsD6cfXWsAi5Nx8FmC
-KvNEg4FeMGV13ZEAF8cxaIS/xq9R2xdgYt+lImaDson/ODIoeg+k5B9ntSGs2H9N
-YoFDlSiB4/a6mBkZm6BA649aL2FjbfOaIB3V07ynzkrSDeUvES9ybnyqbkvd2Slf
-4us4me9zroOo2UQn1fJVWfPFRFb7aAoBIAIHNVmf1vtMYe9tQQ5o1Mcxb0sixaqO
-To4fBaaz1WOtrH6NdEWD3OHUkJrFJb/2dVfvR4bHxdWxtF+WdKkbRfdRmYPVAwVf
-PhasEaaTOZ5r0QghOnjF0YL0YAqvJLx/roz54mNTgavH5BzXjYd9koW0csbWghXd
-p7BfBwGjfaJfPq6MK+Ifk0WH2Dr5mbSFUw1QdEx9dYZJUDuwu7np5ctd62sjZkwY
-ppZlgf+gp+OVjGz+yiTAlQ3PB3wCs23qKtdypxsA7G056TNNkwMcBLN16ngLD7kC
-DQRdok2SARAA/FdD3ji4pAe3C8ziLQfxq2LJX2QPmySoqr0nZWZ2XmZu58w9fVZh
-SSaKpdmqXfR1qSxIw8Pz+7i5Hh2dcG6dJleAMNYYTc7sm4EUDqLtUaQSNVtXrmCE
-SwWcsOPybgHwQNIBd6CTgtQON+iNe6xA/b6nLw5/4ITalkTe43Kv3yVZbvo7X8x+
-c+eIyhYx1UZjbndagH26FXB+WJ22QsNgQrPAYdltn57eQ2m8u9LBCtQl00DLUbv4
-+1SDvVAlal3Es62m0u97tKx2FOoJBehMBc+Czle5/6hS6xKgKgArdKfUcfLch7Au
-FtOd2n+HpCCUskApEgH9s7pcMFmioL9V366x1sgTZoRE+qhs81255hjnK8oWQ6+E
-F+D3YHPKb8b9wDLMfvwXZLPQPyNpAuDczDBrbAZ7s2CvQ4icOYJLBGzQo0bHAHTs
-N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs
-8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4
-bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr
-s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE
-cgQYAQoAJgIbAhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY99AkDB
-dCAEGQEKAB0WIQRUCi2fioiGp7ze92x+F4aKnXyczwUCXaJNkgAKCRB+F4aKnXyc
-z0NXEAC6pfuLO111u22Qh83rlHlck+PPs1GDQAjwb7WqeS8Xdza582Mv74ElK+Vu
-L/ai/3ZL7QI8XTwTiQOweMD8kzvzYPqUN9JmW1bhgEGqQll22I8SVwioiEzoRft+
-zcCD9GNRU9vi1iQfbTFw2HKX7RF0G5K9HT4o5dcF+g2azJAzj+FQqJZbe8Y5k4GZ
-g81y8BBwyz6ngPkkdBw7LGC1fKJdT9XG9RYjtwfojt1pENMVHcvjNegitHCoSDEi
-qh/ZmbiyagcMt9fEZCtyOPp4qSf+C39PupjGeFwbmC5LYPAhrLlzvFXXG4HukOAz
-U6fnqF4PbUMji+1dedOSOjv/qGzDZ7pMFyfb3l8R6S8G6lhXBrN58FKWvZ/fHGUO
-93fkPm1ZlFUaynPE7XkNxNpOCU5421GdgZHAfAT+2InQbS7AZ+9ojTF57G6GdN+8
-SSknhIn+IyX4Wk7DsjfkfubPwytE0yO1H4SzyDO7DuE0SuZuHRItm912g+eq32QX
-xrIDWLPVf0qIGSSPcRu8j32NiN0MObmWzEJkotJfiv0ynbforoMwaWJ9E3YB91fO
-JeE8AFCQoTmbuRyfWAAuf0xyDkeB5dN3FqfpA/fnKAO2Y2V0kYQ/4BYBnhHBoUrw
-/f+ipD/xeGeTAfmfZI93xZCqeV2+u1qNTNR6C8lSy0tLkHVMVAkQZle+io0e6Afj
-AQ/+Lzh1018ILwq/IvV57GrjsYp2lBlcp2n/jZ5KlCVpVPsYjkGT+e2XYvcloPBK
-IXzkHr88/U4iyJGJeIC+a/pYJ6RpR6EzPb1kDB2i0kGbZinoxZwix0b4wvkMoSbT
-KDMkZYEIe0/v6CEU3mCbE9gnNWhPSF+XwXYxNyFNfMqaSqx4mjC6LAuFZA4AgqHB
-uGudBgeIQ+sP8zJTSHKtePgK1JgAMYPGUHgfJHE3tcMDxMgKr2x3PN1Z6/YH/ifZ
-wq1oUFPbB0LGZhkwrSDzgIya5FBoBfnawAwbh562LRuphHdqk+wBYigfFBztbmQx
-MqtA6pmH+k8vNUq6QY/CbZfvcpkRAAR1ib2QaZYXTlq7jqb+nLM9EbACxj9651SQ
-D7u4ShvPtxqFf+mv/4eHYx2akBIIUQYAf5OYGnE3E0kqiuK4qHKgt1NI5z1mSd9D
-duWIuoRbBUrApTKsHgwtMxNrNVioGIE1dTRuu56drhwY2ZPyzVtSb7q/hRU/a3UZ
-5S6EsrmDGIIlAHrgKfKfuerESE5VzN1Nn3QHpfjwX+gq51cosTqlRiu4oMesPk31
-ZmPcuG6H/m7nGagX9+l00sDsqISqMG4lZCJAFa020OS/g6V3q6LCqggky6+4sQTG
-5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLi5Ag0EXaJN1gEQANML
-yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS
-lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am
-ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd
-e/UcxBL/zYx8tCBy2F4ep6Anx02HOauTwaqk4KLhB9IcdS8sJQHFY7iEVWNcovwF
-8luGEGPJOdOPTMZz4jD4aWFqbT6ragWaG8tisLEe9UhET2LL3r/4DIgAJY4bwg5T
-ZyK/1j+Nj1IyYkQ9A6YF96Y5XCi9DF0MYq9NytWNnMCT8F4QCCDRWhgql714/Er/
-qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk
-5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A
-ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo
-VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW
-kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYCGwwW
-IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCX4l2DwUJBamPOQAKCRBmV76KjR7oB/Ds
-D/96TGfHa6BW1v2kUyHUKmpdk62UhZz49nTsOu1JeMI2cDMLkKaPyeKLsRpzV2qc
-OoG1dal7dgjtzKsWdz0HxrrbEs0rBJO4xOmg12Sv9fttTocTt2bQMe3d20Vihbi+
-NDEx2PeyncYulDd8PNfDkh8vWUJQoThqimXoVARwKNuH2oDytGceIp+BZLOH8HRz
-0ESH9nCAGw3gVX6vQPtjbMgoIXHAnAJkIe2boyyUHu2ZmD6CGjxGSSICMzShcDvN
-kcyPKG5BbOGRpbehaMcOOiGH0NsudUPOsyxQt90bP/U+WHPhvOTGk0PqGaOf8QDE
-saGlChd3wVK+uCGl60szcxQsbgzlEQVUG3tTW4QGfzL3XK5bHvuGj03Vb45005Y4
-6UCUP4ZkEYDsw1Hrn5bkPOP/Pc8Sz1MQt+nw1U3QXbHLxLb8fB82B6oDMakHPgaw
-73HxYwbaXDswBb6BVTc86RmXRH1+StObDiJp+h16EqdsSyp15tSM80GRf1KaNKxc
-MA4N7/i7j9M/z2fKWT7vTAGdcg8vhZH0MDQ9vRmYsuQZtoNieZVXnyQ/ILAgPhiL
-pdyPffQV0BpWKd68C8kEhoMP0D3h6Uj88ZOuapyOCvsrBvR7SQOVh+L+KMjh1Xgx
-WvPJuoU4Jox4og85/Gz0Ui8EROYyHg5yqPqsBBmz6h8F7rkCDQRdok4KARAAyG97
-rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV
-qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk
-L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a
-6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAceQQYAqIrlu8F5y1AQVWHjtyCPee1z/8l
-PNnPg40lSbXozg5kQDP965Pge6XReUoUVVRcgeiSUfkHdYPIkh/tkFy1MtzTNize
-buadqE41Ds6BD1maO5cpGc5iFnf+YY01vWIhwvgPMbAsUKrPOw/RyvYSwOrnWegh
-pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV
-X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh
-81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN
-6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO
-Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYh
-BNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP
-+gJ01mSEs3+0jriWqg7V+Q59rulMVrUdV2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/
-Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOiczGClK+yWSm/CM02+HATFws66umAl4GQ4X
-qAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCAdn55u4pf+B1rmkA3cWhN51SvAriA/YcG
-qmyJZgXO+qZOPWNHxNUdgq9lVEO132dhDzH1b9ufnvQMDxF2V681fQ7E3zWEJZZb
-YLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU161jSawblBTcIRXK9c4hv178xQWAInMjt
-Hst4YCpvclG26ypZLCzvw6swfnXf3A6Q4A8pZQVvogWZ01dlgofwHm8qlYxT7wSq
-eicOu3FkSHD8vNwkXnMLqxwkFr4BcSefzCiXulyMcb3h67ZfXAYAFGrrR581vGEt
-Xy+xfXK5PqBX7CWEl3Vs2an9whEncZuv1I9iyXDUmGP7Y373JjqNtpS2GMMPA73k
-nB7eI/zpVS5qoxUlqw35Pldvt+L4E3hvrvE7iZE3w4lB9WUyY1OnSRDU10l2rqWt
-Ptyk3LE2ed5hz5I+gy8/RsXrAooMBXIGV/GJrhye45wf5F/XQqPulnj38sKhmrQC
-QTubPgJwG/kTpNdrA3YukE3E7T5ejaGTT2n5nKat6bj7
-=h9fX
------END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/3modules/sitemap.nix b/krebs/3modules/sitemap.nix
new file mode 100644
index 000000000..ec2179db1
--- /dev/null
+++ b/krebs/3modules/sitemap.nix
@@ -0,0 +1,8 @@
+let
+ lib = import ../../lib;
+in {
+ options.krebs.sitemap = lib.mkOption {
+ type = with lib.types; attrsOf sitemap.entry;
+ default = {};
+ };
+}
diff --git a/krebs/3modules/ssl.nix b/krebs/3modules/ssl.nix
index 3a9b5d329..8cbd8dcce 100644
--- a/krebs/3modules/ssl.nix
+++ b/krebs/3modules/ssl.nix
@@ -5,26 +5,7 @@ in {
rootCA = lib.mkOption {
type = lib.types.str;
readOnly = true;
- default = ''
- -----BEGIN CERTIFICATE-----
- MIIC0jCCAjugAwIBAgIJAKeARo6lDD0YMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD
- VQQGEwJaWjESMBAGA1UECAwJc3RhdGVsZXNzMRAwDgYDVQQKDAdLcmVic2NvMQsw
- CQYDVQQLDAJLTTEWMBQGA1UEAwwNS3JlYnMgUm9vdCBDQTEnMCUGCSqGSIb3DQEJ
- ARYYcm9vdC1jYUBzeW50YXgtZmVobGVyLmRlMB4XDTE0MDYxMTA4NTMwNloXDTM5
- MDIwMTA4NTMwNlowgYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3Mx
- EDAOBgNVBAoMB0tyZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBS
- b290IENBMScwJQYJKoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUw
- gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMs/WNyeQziccllLqom7bfCjlh6/
- /qx9p6UOqpw96YOOT3sh/mNSBLyNxIUJbWsU7dN5hT7HkR7GwzpfKDtudd9qiZeU
- QNYQ+OL0HdOnApjdPqdspZfKxKTXyC1T1vJlaODsM1RBrjLK9RUcQZeNhgg3iM9B
- HptOCrMI2fjCdZuVAgMBAAGjUDBOMB0GA1UdDgQWBBSKeq01+rAwp7yAXwzlwZBo
- 3EGVLzAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGVLzAMBgNVHRMEBTAD
- AQH/MA0GCSqGSIb3DQEBBQUAA4GBAIWIffZuQ43ddY2/ZnjAxPCRpM3AjoKIwEj9
- GZuLJJ1sB9+/PAPmRrpmUniRkPLD4gtmolDVuoLDNAT9os7/v90yg5dOuga33Ese
- 725musUbhEoQE1A1oVHrexBs2sQOplxHKsVXoYJp2/trQdqvaNaEKc3EeVnzFC63
- 80WiO952
- -----END CERTIFICATE-----
- '';
+ default = builtins.readFile ../6assets/krebsRootCA.crt;
};
intermediateCA = lib.mkOption {
type = lib.types.str;
diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix
index e2caa0834..60ca993e6 100644
--- a/krebs/3modules/sync-containers.nix
+++ b/krebs/3modules/sync-containers.nix
@@ -5,27 +5,55 @@ with import <stockholm/lib>;
plain = "/var/lib/containers/${cname}/var/state";
ecryptfs = "${cfg.dataLocation}/${cname}/ecryptfs";
securefs = "${cfg.dataLocation}/${cname}/securefs";
+ luksfile = "${cfg.dataLocation}/${cname}/luksfile";
+ };
+ init = cname: {
+ plain = ''
+ echo 'no need for init'
+ '';
+ ecryptfs = ''
+ ${pkgs.ecrypt}/bin/ecrypt init ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state
+ '';
+ securefs = ''
+ ${pkgs.securefs}/bin/securefs create --format 3 ${cfg.dataLocation}/${cname}/securefs
+ '';
+ luksfile = ''
+ ${pkgs.coreutils}/bin/truncate -s 10G '${(paths cname).luksfile}/fs.luks'
+ ${pkgs.cryptsetup}/bin/cryptsetup luksFormat '${(paths cname).luksfile}/fs.luks'
+ ${pkgs.cryptsetup}/bin/cryptsetup luksOpen '${(paths cname).luksfile}/fs.luks' 'luksfile-${cname}'
+ ${pkgs.xfsprogs}/bin/mkfs.xfs '/dev/mapper/luksfile-${cname}'
+ '';
};
start = cname: {
plain = ''
:
'';
ecryptfs = ''
- if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then
- if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then
+
+ if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then
+ if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then
${pkgs.ecrypt}/bin/ecrypt mount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state
- else
- ${pkgs.ecrypt}/bin/ecrypt init ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state
fi
+ else
+ echo 'please run init-${cname} first'
+ exit 1
fi
'';
securefs = ''
- ## TODO init file systems if it does not exist
- # ${pkgs.securefs}/bin/securefs create --format 3 ${cfg.dataLocation}/${cname}/securefs
+ ## check if FS was initialized first
if ! ${pkgs.mount}/bin/mount | grep -q '^securefs on /var/lib/containers/${cname}/var/state type fuse.securefs'; then
${pkgs.securefs}/bin/securefs mount ${cfg.dataLocation}/${cname}/securefs /var/lib/containers/${cname}/var/state -b -o allow_other -o default_permissions
fi
'';
+ luksfile = ''
+ mkdir -p /var/lib/containers/${cname}/var/state
+ if ! test -e /dev/mapper/luksfile-${cname}; then
+ ${pkgs.cryptsetup}/bin/cryptsetup luksOpen '${(paths cname).luksfile}/fs.luks' 'luksfile-${cname}'
+ fi
+ if ! ${pkgs.mount}/bin/mount | grep -q '^/dev/mapper/luksfile-${cname} on /var/lib/containers/${cname}/var/state'; then
+ mount '/dev/mapper/luksfile-${cname}' '/var/lib/containers/${cname}/var/state'
+ fi
+ '';
};
stop = cname: {
plain = ''
@@ -37,12 +65,16 @@ with import <stockholm/lib>;
securefs = ''
umount /var/lib/containers/${cname}/var/state
'';
+ luksfile = ''
+ umount /var/lib/containers/${cname}/var/state
+ ${pkgs.cryptsetup}/bin/cryptsetup luksClose luksfile-${cname}
+ '';
};
in {
options.krebs.sync-containers = {
dataLocation = mkOption {
description = ''
- location where the encrypted sync-container lie around
+ location where the encrypted sync-containers lie around
'';
default = "/var/lib/sync-containers";
type = types.absolute-pathname;
@@ -64,25 +96,11 @@ in {
default = [];
type = types.listOf types.str;
};
- hostIp = mkOption { # TODO find this automatically
- description = ''
- hostAddress of the privateNetwork
- '';
- example = "10.233.2.15";
- type = types.str;
- };
- localIp = mkOption { # TODO find this automatically
- description = ''
- localAddress of the privateNetwork
- '';
- example = "10.233.2.16";
- type = types.str;
- };
format = mkOption {
description = ''
file system encrption format of the container
'';
- type = types.enum [ "plain" "ecryptfs" "securefs" ];
+ type = types.enum [ "plain" "ecryptfs" "securefs" "luksfile" ];
};
};
}));
@@ -102,12 +120,11 @@ in {
ignorePerms = false;
})) cfg.containers);
- krebs.permown = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({
- file-mode = "u+rw";
- directory-mode = "u+rwx";
- owner = "syncthing";
- keepGoing = false;
- })) cfg.containers);
+ krebs.acl = mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" {
+ "u:syncthing:rX".parents = true;
+ "u:syncthing:rwX" = {};
+ }) cfg.containers;
+
systemd.services = mapAttrs' (n: ctr: nameValuePair "containers@${ctr.name}" ({
reloadIfChanged = mkForce false;
@@ -116,8 +133,11 @@ in {
containers = mapAttrs' (n: ctr: nameValuePair ctr.name ({
config = { ... }: {
environment.systemPackages = [
+ pkgs.dhcpcd
pkgs.git
+ pkgs.jq
];
+ networking.useDHCP = mkForce true;
system.activationScripts.fuse = {
text = ''
${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
@@ -131,11 +151,57 @@ in {
autoStart = false;
enableTun = true;
privateNetwork = true;
- hostAddress = ctr.hostIp;
- localAddress = ctr.localIp;
+ hostBridge = "ctr0";
})) cfg.containers;
- environment.systemPackages = flatten (mapAttrsToList (n: ctr: [
+ networking.networkmanager.unmanaged = [ "ctr0" ];
+ networking.bridges.ctr0.interfaces = [];
+ networking.interfaces.ctr0.ipv4.addresses = [{
+ address = "10.233.0.1";
+ prefixLength = 24;
+ }];
+ # networking.nat = {
+ # enable = true;
+ # externalInterface = lib.mkDefault "et0";
+ # internalInterfaces = [ "ctr0" ];
+ # };
+ services.dhcpd4 = {
+ enable = true;
+ interfaces = [ "ctr0" ];
+ extraConfig = ''
+ option subnet-mask 255.255.255.0;
+ option routers 10.233.0.1;
+ # option domain-name-servers 8.8.8.8; # TODO configure dns server
+ subnet 10.233.0.0 netmask 255.255.255.0 {
+ range 10.233.0.10 10.233.0.250;
+ }
+ '';
+ };
+
+ users.users.root.packages = flatten (mapAttrsToList (n: ctr: [
+ (pkgs.writeDashBin "init-${ctr.name}" ''
+ set -euf
+ set -x
+
+ mkdir -p /var/lib/containers/${ctr.name}/var/state
+ STATE=$(/run/current-system/sw/bin/nixos-container status ${ctr.name})
+ if [ "$STATE" = 'up' ]; then
+ /run/current-system/sw/bin/nixos-container stop ${ctr.name}
+ fi
+ ${(init ctr.name).${ctr.format}}
+ ${(start ctr.name).${ctr.format}}
+ /run/current-system/sw/bin/nixos-container start ${ctr.name}
+ /run/current-system/sw/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" ''
+ set -x
+
+ mkdir -p /var/state/var_src
+ ln -sfTr /var/state/var_src /var/src
+ touch /etc/NIXOS
+ ''}
+ target_ip=$(/run/current-system/sw/bin/nixos-container run ${ctr.name} -- ip -j a s eth0 | jq -r '.[].addr_info[] | select(.family=="inet") | .local')
+
+ echo "deploy to $target_ip"
+ '')
(pkgs.writeDashBin "start-${ctr.name}" ''
set -euf
set -x
@@ -144,12 +210,12 @@ in {
${(start ctr.name).${ctr.format}}
- STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${ctr.name})
+ STATE=$(/run/current-system/sw/bin/nixos-container status ${ctr.name})
if [ "$STATE" = 'down' ]; then
- ${pkgs.nixos-container}/bin/nixos-container start ${ctr.name}
+ /run/current-system/sw/bin/nixos-container start ${ctr.name}
fi
- ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" ''
+ /run/current-system/sw/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" ''
set -x
mkdir -p /var/state/var_src
@@ -158,15 +224,17 @@ in {
''}
if [ -h /var/lib/containers/${ctr.name}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${ctr.name}.r); then
- ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch
+ /run/current-system/sw/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch
else
+ echo 'no nixos config, or target already online, bailing out'
${(stop ctr.name).${ctr.format}}
+ /run/current-system/sw/bin/nixos-container stop ${ctr.name}
fi
'')
(pkgs.writeDashBin "stop-${ctr.name}" ''
set -euf
- ${pkgs.nixos-container}/bin/nixos-container stop ${ctr.name}
+ /run/current-system/sw/bin/nixos-container stop ${ctr.name}
${(stop ctr.name).${ctr.format}}
'')
]) cfg.containers);
diff --git a/krebs/3modules/users.nix b/krebs/3modules/users.nix
new file mode 100644
index 000000000..c1ad4b44b
--- /dev/null
+++ b/krebs/3modules/users.nix
@@ -0,0 +1,20 @@
+{ config, ... }: let
+ lib = import ../../lib;
+in {
+ options.krebs.users = lib.mkOption {
+ type = with lib.types; attrsOf user;
+ };
+ config = lib.mkIf config.krebs.enable {
+ krebs.users = {
+ krebs = {
+ home = "/krebs";
+ mail = "spam@krebsco.de";
+ };
+ root = {
+ home = "/root";
+ pubkey = config.krebs.build.host.ssh.pubkey;
+ uid = 0;
+ };
+ };
+ };
+}
diff --git a/krebs/5pkgs/simple/ergo/default.nix b/krebs/5pkgs/simple/ergo/default.nix
deleted file mode 100644
index 2c9223eed..000000000
--- a/krebs/5pkgs/simple/ergo/default.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ buildGo117Module , fetchFromGitHub, lib }:
-
-buildGo117Module rec {
- pname = "ergo";
- version = "2.9.1";
-
- src = fetchFromGitHub {
- owner = "ergochat";
- repo = "ergo";
- rev = "v${version}";
- sha256 = "sha256-RxsmkTfHymferS/FRW0sLnstKfvGXkW6cEb/JbeS4lc=";
- };
-
- vendorSha256 = null;
-
- meta = {
- description = "A modern IRC server (daemon/ircd) written in Go";
- homepage = "https://github.com/ergochat/ergo";
- license = lib.licenses.mit;
- maintainers = with lib.maintainers; [ lassulus tv ];
- platforms = lib.platforms.linux;
- };
-}
diff --git a/krebs/5pkgs/simple/hashPassword/default.nix b/krebs/5pkgs/simple/hashPassword/default.nix
index 3c604be80..8d3ba2525 100644
--- a/krebs/5pkgs/simple/hashPassword/default.nix
+++ b/krebs/5pkgs/simple/hashPassword/default.nix
@@ -1,6 +1,6 @@
{ lib, pkgs, ... }:
-pkgs.writeDashBin "hashPassword" ''
+pkgs.writers.writeDashBin "hashPassword" ''
# usage: hashPassword [...]
set -euf
diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix
index 14b6f4c58..1ee13783b 100644
--- a/krebs/5pkgs/simple/htgen/default.nix
+++ b/krebs/5pkgs/simple/htgen/default.nix
@@ -1,13 +1,12 @@
{ fetchgit, lib, pkgs, stdenv }:
stdenv.mkDerivation rec {
pname = "htgen";
- version = "1.3.1";
+ version = "1.4.0";
- #src = <htgen>;
src = fetchgit {
- url = "http://cgit.krebsco.de/htgen";
+ url = "https://cgit.krebsco.de/htgen";
rev = "refs/tags/${version}";
- sha256 = "0ml8kp89bwkrwy6iqclzyhxgv2qn9dcpwaafbmsr4mgcl70zx22r";
+ sha256 = "1k6xdr4g1p2wjiyizwh33ihw3azbar7kmhyxywcq0whpip9inpmj";
};
installPhase = ''
diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html
index e6b7034b3..68b2cbad6 100644
--- a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html
+++ b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html
@@ -24,19 +24,10 @@
}
</script>
<body>
- <p>
- <a href="http://krebscode.github.io/minikrebs/linuxtag">
- Linuxtag Heckenkrebs Presentation
- </a>
- </p>
- <p>
- <a href="http://krebscode.github.io/writeups">
- CTF Writeups
- </a>
- </p>
- <p>
- <a href="thesauron.html">
- Thesauron
- </a>
- </p>
+ <p><a href='https://cgit.krebsco.de/krops/about/'>krops</a></p>
+ <p><a href='https://github.com/krebs/cholerab/blob/master/thesauron.adoc'>Thesauron</a></p>
+ <p><a href='https://nixos.wiki/'>Project: The new NixOS wiki</a></p>
+ <p><a target="_blank" href="https://www.amazon.de/?&_encoding=UTF8&tag=krebscode06-21&linkCode=ur2&linkId=d4430b368b8aceeca92101cd4a4cdd1d&camp=1638&creative=6742">Go through this amazon affiliate link and generate krebsgold</a><img src="//ir-de.amazon-adsystem.com/e/ir?t=krebscode06-21&l=ur2&o=3" width="1" height="1" border="0" alt="" style="border:none !important; margin:0px !important;" /></p>
+ <p> <a href="https://s.click.aliexpress.com/e/_A5luNt" target="_parent">Go through this aliexpress affiliate link and generate krebsgold</a></p>
+
</body>
diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html
deleted file mode 100644
index bcf1c5d48..000000000
--- a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html
+++ /dev/null
@@ -1,133 +0,0 @@
-<p>Cholerab n.
-[de]
-- Kunstwort aus Kollaboration und Cholera. Beschreibt den Zustand, dass
- Zusammenarbeit niemals gut, einfach und ohne Schmerzen funktioniert.
-- Teamwork-Plattform für Krebscode.</p>
-
-<p>eigentlich adv.
-[de]
-- Hinweis darauf, dass der Inhalt eines Satzes eine Soll-Realität beschreibt,
- die nicht der Fall ist.
-Antonym: tatsaechlich</p>
-
-<p>ghost n.
-[de]
-- Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen
- Festplatten) aber wohl nie wieder kommen wird.
-Siehe: Wiederbelebung</p>
-
-<p>KD;RP abbr. (pronounciation: kah-derp)
-[en]
-- Short for Krebs Darknet / Retiolum Prefix.</p>
-
-<p>krebs
-[de]
-- krebs ist ein soziales Experiment, eine Organisation, das zweit aelteste
- Softwareprojekt im Shack und viel verteilte infrastruktur.</p>
-
-<p>kremium
-[en]
-- coinage derived from the words premium and krebs
-see: broken
-usage: Reaktor ircbot has unfixed broken behavior since ever-&gt;&#8220;Kremium Software&#8221;</p>
-
-<p>KRI abbr. (pronounciation: [en] cry)
-[en]
-- Short for Krebs Request for Implementation.
- Derived from Scheme Requests for Implementation (SRFI).</p>
-
-<p>litterate programming n.
-[en]
-- any code that has not been proved mathematically.</p>
-
-<p>Nahziel n.
-[de]
-- Ziel mit höchst möglicher Priorität.</p>
-
-<p>Nahzielerfahrung n.
-[de]
-- das Erlebnis der (endgültigen) Nichterreichung eines Nahziels (obwohl
- nur noch wenig ((quasi-) infinitesimal viel) nötig gewesen wäre).</p>
-
-<p>parentheses of fear
-[en]
-- unnecessary parentheses, usually used when order of precedence is unknown.
- - Examples: 1 + (2 * 3)</p>
-
-<p>Protip n.
-[en]
-- (Probably vague) description how a task can be solved.
- - Antonym: Spoiler
- - Example:
- - To defeat the Cyberdaemon, shoot at it until it dies.
- - RTFM</p>
-
-<p>Punching Lemma n.
-[de]
-- Sozialer Druck zur Aufrechterhaltung der Ordnung in dem sozialen Geflaecht
- von Krebs</p>
-
-<p>ref, n.
-[en]
-- A reference like an URI, ISBN, name of a person, etc.</p>
-
-<p>reftrace, n.
-[en]
-- A stacktrace-like representation of refs that lead to some (any kind of)
- conclusion. Usually generated by a human. The conclusion can be either on
- the top or on the bottom of the stack. If the order is ambiguous, then it
- should be communicated explicitly.
- - Example: (conclusion first)
- - http://en.wikipedia.org/wiki/Stack_trace
- - google &#8220;stacktrace&#8221; (first entry / 2014&#8211;12&#8211;05T12:13:58Z)
- - think about some example [this could be omitted, as it&#8217;s obvious&#8230;]</p>
-
-<p>Retiolum n.
-[en]
-- The official darknet of Krebs which utilizes the Retiolum Prefix to
- address individual nodes.</p>
-
-<p>Retiolum Prefix n.
-[en]
-- The universally accepted IPv6-prefix, 42::/16. Anyone can has a
- /128-subnet and, if require, anything larger.</p>
-
-<p>Retiolum Realtime Map n.
-[en]
-- The network map of the public visible part of Retiolum.</p>
-
-<p>RRM [abbr.][en]
-- Short for Retiolum Retiolum Map.</p>
-
-<p>Sanatorium n.
-[en]
-- The Krebs Control and Command Center.
-- An Retiolum-based IRC-channel where all Reaktor-enabled nodes gather
- and lurk for relevant input.</p>
-
-<p>Spoiler n.
-[en]
-- A subset of walkthrough, i.e. any individual steps may be omitted.
- - Antonym: Protip</p>
-
-<p>tatsaechlich, adv.
-[de]
-- Hinweis darauf, dass der Inhalt eines Satzes exakt der Realität entspricht.
-Antonym: eigentlich</p>
-
-<p>Verkrebsung n.
-[de]
-- Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs
- Komponente) auf einem beliebigem System.</p>
-
-<p>Walkthrough n.
-[en]
-- Description of the individual steps to complete a task.
- - Examples:
- - program code
- - small-step semantics</p>
-
-<p>Wiederbelebung n.
-[de]
-- Ein ghost wird im Darknet wieder erreichbar
-Siehe: ghost</p>
diff --git a/krebs/5pkgs/simple/nix-prefetch-github.nix b/krebs/5pkgs/simple/nix-prefetch-github.nix
deleted file mode 100644
index 14096c33f..000000000
--- a/krebs/5pkgs/simple/nix-prefetch-github.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ curl, jq, nix, writeDashBin }:
-
-writeDashBin "nix-prefetch-github" ''
- # usage: nix-prefetch-github OWNER REPO [REF]
- set -efu
-
- owner=$1
- repo=$2
- ref=''${3-master}
-
- info_url=https://api.github.com/repos/$owner/$repo/commits/$ref
- info=$(${curl}/bin/curl -fsS "$info_url")
- rev=$(printf %s "$info" | ${jq}/bin/jq -r .sha)
-
- name=$owner-$repo-$ref
- url=https://github.com/$owner/$repo/tarball/$rev
- sha256=$(${nix}/bin/nix-prefetch-url --name "$name" --unpack "$url")
-
- export owner repo rev sha256
- ${jq}/bin/jq -n '
- env | {
- owner, repo, rev, sha256
- }
- '
-''
diff --git a/krebs/5pkgs/simple/stable-generate/default.nix b/krebs/5pkgs/simple/stable-generate/default.nix
new file mode 100644
index 000000000..fac261613
--- /dev/null
+++ b/krebs/5pkgs/simple/stable-generate/default.nix
@@ -0,0 +1,64 @@
+{ pkgs, lib, ... }:
+
+pkgs.writers.writeDashBin "stable-generate" ''
+ set -efu
+
+ export PATH=${lib.makeBinPath [
+ pkgs.curl
+ pkgs.jq
+ ]}
+
+ STABLE_URL=''${STABLE_URL:-http://stable-confusion.r}
+
+ PAYLOAD=$(jq -cn --arg query "$*" '{fn_index: 51, data: [
+ $query,
+ "",
+ "None",
+ "None",
+ 20, # sampling steps
+ "Euler a", # sampling method
+ false, # restore faces
+ false,
+ 1,
+ 1,
+ 7,
+ -1,
+ -1,
+ 0,
+ 0,
+ 0,
+ false,
+ 512, #probably resolution
+ 512, #probably resolution
+ false,
+ 0.7,
+ 0,
+ 0,
+ "None",
+ "",
+ false,
+ false,
+ false,
+ "",
+ "Seed",
+ "",
+ "Nothing",
+ "",
+ true,
+ false,
+ false,
+ null,
+ "",
+ ""], session_hash: "hello_this_is_dog"}')
+
+ data=$(curl -Ssf "$STABLE_URL/run/predict/" \
+ -X POST \
+ --Header 'Content-Type: application/json' \
+ --data "$PAYLOAD"
+ )
+ export data
+
+ filename=$(jq -rn 'env.data | fromjson.data[0][0].name')
+
+ echo "$STABLE_URL/file=$filename"
+''
diff --git a/krebs/5pkgs/simple/weechat-declarative/default.nix b/krebs/5pkgs/simple/weechat-declarative/default.nix
index 5f9c8635b..93c73761c 100644
--- a/krebs/5pkgs/simple/weechat-declarative/default.nix
+++ b/krebs/5pkgs/simple/weechat-declarative/default.nix
@@ -33,7 +33,7 @@ let
eval = lib.evalModules {
modules = lib.singleton {
- _file = toString ./weechat-declarative.nix;
+ _file = toString ./default.nix;
imports = lib.singleton config;
options = {
scripts = lib.mkOption {
@@ -148,7 +148,8 @@ let
${lib.concatStringsSep "\n"
(lib.mapAttrsToList
(name: target: /* sh */ ''
- ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
+ ${pkgs.coreutils}/bin/cp ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
+ ${pkgs.coreutils}/bin/chmod +w "$CONFDIR"/${lib.escapeShellArg name}
'')
cfg.files
)
diff --git a/krebs/6assets/krebsAcmeCA.crt b/krebs/6assets/krebsAcmeCA.crt
index 1cd5aed0b..bf05b44f4 100644
--- a/krebs/6assets/krebsAcmeCA.crt
+++ b/krebs/6assets/krebsAcmeCA.crt
@@ -1,15 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICWTCCAcKgAwIBAgIQbAfVX2J0VIzhEYSPVAB4SzANBgkqhkiG9w0BAQsFADCB
+MIICWTCCAcKgAwIBAgIQIpBt0MsRpYd8LWNdb9MfITANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl
YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq
-hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMTAwODQ5
-MDZaFw0yMjEyMTAwODQ5MDZaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT
-BgcqhkjOPQIBBggqhkjOPQMBBwNCAATL8dNO7ajNe60Km7wHrG06tCUj5kQKWsrQ
-Ay7KX8zO+RwQpYhd/i4bqpeGkGWh8uHLZ+164FlZaLgHO10DRja5o4GAMH4wDgYD
-VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFMt9yJED
-mPRhXsrNZ0x+GtzjdnTLMB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv
-MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEANo/2
-teIuEsniwxVdqu+ukjqOXHIkBK7F91+G7BuDjBlx2U96v1MwsmT4D9upajERnOOD
-tLx990Sj4t3avRTpytt+qLeIMIxt62YksUXVjDWndqaDcEUat5ZVEQsZ0ZmjOHrA
-BaB65eU0xhJWKAZdk55GqHEFz3Ym4rx7WUaomzk=
+hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMjEyMDYxODI2
+MDhaFw0yMzEyMDYxODI2MDhaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAAT4KuemY4BowAbFjzCvi+PthBTWCtewnAbr
+qDSlA602QcuQVmqa1/3TaYag7KNDgeg5eshMRI9GN/boKTpgcLeZo4GAMH4wDgYD
+VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJYxArnj
+SEArwloaM5blBymFmcL2MB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv
+MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEAekCt
+XrKwanrcy6+k3YfXWGiMJ47Ys7Mfa5UfIs7QiXv74MgtklLsX63D27hKn5rd7wk4
+20wXLMhb8ofrKnO4mt0VFRSGm9/cq9N/c/uuf4hMzhAJmusgkn02GG+cafqZ9ab9
+MjLmveT9WHphmgQTnJPEeYP2U2faHKIp6Gwv5qc=
-----END CERTIFICATE-----
diff --git a/krebs/6assets/krebsRootCA.crt b/krebs/6assets/krebsRootCA.crt
new file mode 100644
index 000000000..3938c58b4
--- /dev/null
+++ b/krebs/6assets/krebsRootCA.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAjugAwIBAgIJAKeARo6lDD0YMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD
+VQQGEwJaWjESMBAGA1UECAwJc3RhdGVsZXNzMRAwDgYDVQQKDAdLcmVic2NvMQsw
+CQYDVQQLDAJLTTEWMBQGA1UEAwwNS3JlYnMgUm9vdCBDQTEnMCUGCSqGSIb3DQEJ
+ARYYcm9vdC1jYUBzeW50YXgtZmVobGVyLmRlMB4XDTE0MDYxMTA4NTMwNloXDTM5
+MDIwMTA4NTMwNlowgYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3Mx
+EDAOBgNVBAoMB0tyZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBS
+b290IENBMScwJQYJKoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMs/WNyeQziccllLqom7bfCjlh6/
+/qx9p6UOqpw96YOOT3sh/mNSBLyNxIUJbWsU7dN5hT7HkR7GwzpfKDtudd9qiZeU
+QNYQ+OL0HdOnApjdPqdspZfKxKTXyC1T1vJlaODsM1RBrjLK9RUcQZeNhgg3iM9B
+HptOCrMI2fjCdZuVAgMBAAGjUDBOMB0GA1UdDgQWBBSKeq01+rAwp7yAXwzlwZBo
+3EGVLzAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGVLzAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBBQUAA4GBAIWIffZuQ43ddY2/ZnjAxPCRpM3AjoKIwEj9
+GZuLJJ1sB9+/PAPmRrpmUniRkPLD4gtmolDVuoLDNAT9os7/v90yg5dOuga33Ese
+725musUbhEoQE1A1oVHrexBs2sQOplxHKsVXoYJp2/trQdqvaNaEKc3EeVnzFC63
+80WiO952
+-----END CERTIFICATE-----
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 465a1a889..644192bbf 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "4428e23312933a196724da2df7ab78eb5e67a88e",
- "date": "2022-10-14T02:36:00-05:00",
- "path": "/nix/store/i516gwjhbmkgalw3zjfn8ahnvmb198hz-nixpkgs",
- "sha256": "1rwr5p7pmi612mc5mwp7hk2l9hyiwrv8lf2cfzpjh5ya46wpw5jq",
+ "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
+ "date": "2022-12-11T09:33:23+00:00",
+ "path": "/nix/store/lmiwldi32kcc2qgm68swxgb3xzba0ayc-nixpkgs",
+ "sha256": "1hmx7hhjr74fqmxhb49yfyrpqhzwayrq48xwjv3a117czpb0gnjx",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 46e03bc6b..fe44c172d 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "78a37aa630faa41944060a966607d4f1128ea94b",
- "date": "2022-10-14T18:11:43+02:00",
- "path": "/nix/store/zmi573bwzr6xg5v6d21gcf14qh9skxy6-nixpkgs",
- "sha256": "1rq4m1g7apvcgjp21xjhm94acpw6wyiddd48vhcwgwvsiiircwff",
+ "rev": "e8ec26f41fd94805d8fbf2552d8e7a449612c08e",
+ "date": "2022-12-09T22:31:53+00:00",
+ "path": "/nix/store/k2c06zy4vq019bb766rqnfszzx4q74zc-nixpkgs",
+ "sha256": "05jsnhb3a72m733qr7dvva71kark5268l77lrvmlylzwaqzq4yyx",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh
index 59dbd91b5..97c069d86 100755
--- a/krebs/update-nixpkgs.sh
+++ b/krebs/update-nixpkgs.sh
@@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \
- --rev refs/heads/nixos-22.05' \
+ --rev refs/heads/nixos-22.11' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index d6943c110..9ef858e28 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -53,6 +53,7 @@ with import <stockholm/lib>;
services.xserver.enable = true;
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
+ services.tlp.enable = lib.mkForce false;
services.xserver.layout = "de";
}
{
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index 5cf7d9242..4c98091f1 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -11,78 +11,50 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/sync/sync.nix>
<stockholm/lass/2configs/sync/decsync.nix>
- <stockholm/lass/2configs/sync/weechat.nix>
+ <stockholm/lass/2configs/weechat.nix>
<stockholm/lass/2configs/bitlbee.nix>
- <stockholm/lass/2configs/IM.nix>
+
<stockholm/lass/2configs/muchsync.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/git-brain.nix>
+ <stockholm/lass/2configs/et-server.nix>
+ <stockholm/lass/2configs/consul.nix>
+
+ <stockholm/lass/2configs/atuin-server.nix>
];
krebs.build.host = config.krebs.hosts.green;
- users.users.mainUser.openssh.authorizedKeys.keys = [
- config.krebs.users.lass-android.pubkey
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel
- ];
-
- krebs.bindfs = {
- "/home/lass/.weechat" = {
- source = "/var/state/lass_weechat";
- options = [
- "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}"
- "--create-for-user=${toString config.users.users.syncthing.uid}"
- ];
- };
- "/home/lass/Maildir" = {
- source = "/var/state/lass_mail";
- options = [
- "-M ${toString config.users.users.mainUser.uid}"
- ];
- };
- "/var/lib/bitlbee" = {
- source = "/var/state/bitlbee";
- options = [
- "-M ${toString config.users.users.bitlbee.uid}"
- ];
- clearTarget = true;
- };
- "/home/lass/.ssh" = {
- source = "/var/state/lass_ssh";
- options = [
- "-M ${toString config.users.users.mainUser.uid}"
- ];
- clearTarget = true;
- };
- "/home/lass/.gnupg" = {
- source = "/var/state/lass_gnupg";
- options = [
- "-M ${toString config.users.users.mainUser.uid}"
- ];
- clearTarget = true;
- };
- "/var/lib/git" = {
- source = "/var/state/git";
- options = [
- "-M ${toString config.users.users.git.uid}"
- ];
- clearTarget = true;
- };
+ lass.sync-containers3.inContainer = {
+ enable = true;
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y";
};
- systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" ''
- sleep 1
- mkdir -p /home/lass/notmuch
- chown lass: /home/lass/notmuch
- ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch
+ systemd.tmpfiles.rules = [
+ "d /home/lass/.local/share 0700 lass users -"
+ "d /home/lass/.local 0700 lass users -"
- mkdir -p /home/lass/notmuch/muchsync
- chown lass: /home/lass/notmuch/muchsync
- mkdir -p /home/lass/Maildir/.muchsync
- ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp
- '';
+ "d /var/state/lass_mail 0700 lass users -"
+ "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail"
+
+ "d /var/state/lass_ssh 0700 lass users -"
+ "L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh"
+ "d /var/state/lass_gpg 0700 lass users -"
+ "L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg"
+ "d /var/state/lass_sync 0700 lass users -"
+ "L+ /home/lass/sync - - - - ../../var/state/lass_sync"
+
+ "d /var/state/git 0700 git nogroup -"
+ "L+ /var/lib/git - - - - ../../var/state/git"
+ ];
+
+ users.users.mainUser.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass-android.pubkey
+ config.krebs.users.lass-tablet.pubkey
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel
+ ];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; }
@@ -93,4 +65,11 @@ with import <stockholm/lib>;
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
'';
+
+ services.dovecot2 = {
+ enable = true;
+ mailLocation = "maildir:~/Maildir";
+ };
+
+ networking.firewall.allowedTCPPorts = [ 143 ];
}
diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix
index b6aa3a894..8577daf34 100644
--- a/lass/1systems/green/physical.nix
+++ b/lass/1systems/green/physical.nix
@@ -3,5 +3,5 @@
./config.nix
];
boot.isContainer = true;
- networking.useDHCP = false;
+ networking.useDHCP = true;
}
diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix
index da137e064..4acdb0c26 100644
--- a/lass/1systems/green/source.nix
+++ b/lass/1systems/green/source.nix
@@ -1,4 +1,6 @@
-{ lib, pkgs, test, ... }:
-if test then {} else {
+{ lib, pkgs, test, ... }: let
+ npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
+in if test then {} else {
+ nixpkgs.git.ref = lib.mkForce npkgs.rev;
nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 62c6f0b71..594a21c02 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -25,7 +25,6 @@ with import <stockholm/lib>;
];
}
{ # TODO make new hfos.nix out of this vv
- boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
uid = genid_uint31 "riot";
isNormalUser = true;
@@ -33,23 +32,10 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
];
- packages = [
- (pkgs.writeDashBin "kick-routing" ''
- /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
- '')
- ];
};
- security.sudo.extraConfig = ''
- riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
- '';
-
- # TODO write function for proxy_pass (ssl/nonssl)
-
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
+ { v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; }
];
}
{
@@ -125,6 +111,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/jitsi.nix>
<stockholm/lass/2configs/fysiirc.nix>
<stockholm/lass/2configs/bgt-bot>
+ <stockholm/lass/2configs/mumble-reminder.nix>
+ <stockholm/krebs/2configs/mastodon-proxy.nix>
{
services.tor = {
enable = true;
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 151cfbf41..027a27b2b 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -78,29 +78,31 @@
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
- boot.kernelParams = [ "net.ifnames=0" ];
+ # we don't pay for power there and this might solve a problem we observed at least once
+ # https://www.thomas-krenn.com/de/wiki/PCIe_Bus_Error_Status_00001100_beheben
+ boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" ];
networking.dhcpcd.enable = false;
+
+ # bridge config
+ networking.bridges."ext-br".interfaces = [ "eth0" ];
networking = {
hostId = "2283aaae";
defaultGateway = "95.216.1.129";
- defaultGateway6 = { address = "fe80::1"; interface = "eth0"; };
+ defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; };
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
- interfaces.eth0.ipv4.addresses = [
+ interfaces.ext-br.ipv4.addresses = [
{
address = "95.216.1.150";
prefixLength = 26;
}
- {
- address = "95.216.1.130";
- prefixLength = 26;
- }
];
- interfaces.eth0.ipv6.addresses = [
+ interfaces.ext-br.ipv6.addresses = [
{
address = "2a01:4f9:2a:1e9::1";
prefixLength = 64;
}
];
};
+
}
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 5d6a440e0..ef538f339 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -1,6 +1,5 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
@@ -17,11 +16,10 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/green-host.nix>
<stockholm/krebs/2configs/news-host.nix>
- <stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/prism-mounts/samba.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/home-media.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/sync/sync.nix>
+ <stockholm/lass/2configs/consul.nix>
+ <stockholm/lass/2configs/red-host.nix>
<stockholm/lass/2configs/snapclient.nix>
];
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
index 55e91b0e4..f94edcf9b 100644
--- a/lass/1systems/shodan/physical.nix
+++ b/lass/1systems/shodan/physical.nix
@@ -11,7 +11,6 @@
loader.grub.device = "/dev/sda";
initrd.luks.devices.lusksroot.device = "/dev/sda2";
- initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
};
fileSystems = {
@@ -28,11 +27,6 @@
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
"/bku" = {
device = "/dev/pool/bku";
fsType = "btrfs";
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 554882bf3..c8077e5ea 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -1,6 +1,6 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
-{
+{ config, lib, pkgs, ... }: let
+ vpnIp = "85.202.81.161";
+in {
imports = [
<stockholm/lass>
<stockholm/lass/2configs>
@@ -11,6 +11,8 @@ with import <stockholm/lib>;
users.groups.download.members = [ "transmission" ];
+ networking.useHostResolvConf = false;
+ networking.useNetworkd = true;
systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ];
systemd.services.transmission.after = [ "openvpn-nordvpn.service" ];
services.transmission = {
@@ -154,17 +156,29 @@ with import <stockholm/lib>;
tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
+ { predicate = "-p tcp --dport 9092"; target = "ACCEPT"; } # magnetico webinterface
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
{ predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin
];
+ tables.filter.OUTPUT = {
+ policy = "DROP";
+ rules = [
+ { v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; }
+ { predicate = "-o tun0"; target = "ACCEPT"; }
+ { predicate = "-o retiolum"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; }
+ ];
+ };
};
services.openvpn.servers.nordvpn.config = ''
client
dev tun
proto udp
- remote 196.240.57.43 1194
+ remote ${vpnIp} 1194
resolv-retry infinite
remote-random
nobind
@@ -174,7 +188,7 @@ with import <stockholm/lib>;
persist-key
persist-tun
ping 15
- ping-restart 0
+ ping-restart 15
ping-timer-rem
reneg-sec 0
comp-lzo no
@@ -250,7 +264,7 @@ with import <stockholm/lib>;
path = [
pkgs.coreutils
pkgs.findutils
- pkgs.inotifyTools
+ pkgs.inotify-tools
];
serviceConfig = {
Restart = "always";
@@ -271,4 +285,10 @@ with import <stockholm/lib>;
enable = true;
group = "download";
};
+
+ services.magnetico = {
+ enable = true;
+ web.address = "0.0.0.0";
+ web.port = 9092;
+ };
}
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
index 8567def02..8db2a05d6 100644
--- a/lass/2configs/IM.nix
+++ b/lass/2configs/IM.nix
@@ -24,7 +24,7 @@ in {
restartIfChanged = false;
path = [
- pkgs.rxvt_unicode.terminfo
+ pkgs.rxvt-unicode-unwrapped.terminfo
];
serviceConfig = {
diff --git a/lass/2configs/alacritty.nix b/lass/2configs/alacritty.nix
index 903ddf6cc..e5e001a4c 100644
--- a/lass/2configs/alacritty.nix
+++ b/lass/2configs/alacritty.nix
@@ -1,21 +1,23 @@
{ config, lib, pkgs, ... }: let
alacritty-cfg = extrVals: builtins.toJSON ({
- font = {
+ font = let
+ family = "Iosevka";
+ in {
normal = {
- family = "Inconsolata";
+ family = family;
style = "Regular";
};
bold = {
- family = "Inconsolata";
+ family = family;
style = "Bold";
};
italic = {
- family = "Inconsolata";
+ family = family;
style = "Italic";
};
bold_italic = {
- family = "Inconsolata";
+ family = family;
style = "Bold Italic";
};
size = 8;
@@ -44,6 +46,7 @@
name = "alacritty";
paths = [
(pkgs.writeDashBin "alacritty" ''
+ ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml msg create-window "$@" ||
${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml "$@"
'')
pkgs.alacritty
diff --git a/lass/2configs/atuin-server.nix b/lass/2configs/atuin-server.nix
new file mode 100644
index 000000000..ad959a311
--- /dev/null
+++ b/lass/2configs/atuin-server.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+{
+ services.postgresql = {
+ enable = true;
+ dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+ ensureDatabases = [ "atuin" ];
+ ensureUsers = [{
+ name = "atuin";
+ ensurePermissions."DATABASE atuin" = "ALL PRIVILEGES";
+ }];
+ };
+ systemd.tmpfiles.rules = [
+ "d /var/state/postgresql 0700 postgres postgres -"
+ ];
+ users.groups.atuin = {};
+ users.users.atuin = {
+ uid = pkgs.stockholm.lib.genid_uint31 "atuin";
+ isSystemUser = true;
+ group = "atuin";
+ home = "/run/atuin";
+ createHome = true;
+ };
+
+ systemd.services.atuin = {
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ ATUIN_HOST = "0.0.0.0";
+ ATUIN_PORT = "8888";
+ ATUIN_OPEN_REGISTRATION = "true";
+ ATUIN_DB_URI = "postgres:///atuin";
+ };
+ serviceConfig = {
+ User = "atuin";
+ ExecStart = "${pkgs.atuin}/bin/atuin server start";
+ };
+ };
+ networking.firewall.allowedTCPPorts = [ 8888 ];
+}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index e94cbbd2c..efd6c8a24 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -7,7 +7,6 @@ in {
./alacritty.nix
./mpv.nix
./power-action.nix
- ./copyq.nix
./urxvt.nix
./xdg-open.nix
./yubikey.nix
@@ -78,9 +77,10 @@ in {
pavucontrol
ponymix
powertop
- rxvt_unicode-with-plugins
+ rxvt-unicode
sshvnc
sxiv
+ nsxiv
taskwarrior
termite
transgui
@@ -105,10 +105,55 @@ in {
enableGhostscriptFonts = true;
fonts = with pkgs; [
- hack-font
xorg.fontschumachermisc
- terminus_font_ttf
inconsolata
+ noto-fonts
+ (iosevka.override {
+ # https://typeof.net/Iosevka/customizer
+ privateBuildPlan = {
+ family = "Iosevka";
+ spacing = "term";
+ serifs = "slab";
+ no-ligation = true;
+
+ variants.design = {
+ capital-j = "serifless";
+ a = "double-storey-tailed";
+ b = "toothless-corner";
+ d = "toothless-corner-serifless";
+ f = "flat-hook-tailed";
+ g = "earless-corner";
+ i = "hooky";
+ j = "serifless";
+ l = "tailed";
+
+ m = "earless-corner-double-arch";
+ n = "earless-corner-straight";
+ p = "earless-corner";
+ q = "earless-corner";
+ r = "earless-corner";
+ u = "toothless-rounded";
+ y = "cursive-flat-hook";
+
+ one = "no-base-long-top-serif";
+ two = "straight-neck";
+ three = "flat-top";
+ four = "open";
+ six = "open-contour";
+ seven = "straight-serifless";
+ eight = "two-circles";
+ nine = "open-contour";
+ tilde = "low";
+ asterisk = "hex-low";
+ number-sign = "upright";
+ at = "short";
+ dollar = "open";
+ percent = "dots";
+ question = "corner-flat-hooked";
+ };
+ };
+ set = "kookiefonts";
+ })
];
};
@@ -174,4 +219,20 @@ in {
'';
};
};
+
+ services.clipmenu.enable = true;
+
+ # synchronize all the clipboards
+ systemd.user.services.autocutsel = {
+ enable = true;
+ wantedBy = [ "graphical-session.target" ];
+ after = [ "graphical-session.target" ];
+ serviceConfig = {
+ Type = "forking";
+ ExecStart = pkgs.writers.writeDash "autocutsel" ''
+ ${pkgs.autocutsel}/bin/autocutsel -fork -selection PRIMARY
+ ${pkgs.autocutsel}/bin/autocutsel -fork -selection CLIPBOARD
+ '';
+ };
+ };
}
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index 7aabf0931..532e55fe5 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -34,7 +34,7 @@ in {
config = { ... }: {
environment.systemPackages = [
pkgs.git
- pkgs.rxvt_unicode.terminfo
+ pkgs.rxvt-unicode-unwrapped.terminfo
];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
diff --git a/lass/2configs/consul.nix b/lass/2configs/consul.nix
new file mode 100644
index 000000000..b8d925de5
--- /dev/null
+++ b/lass/2configs/consul.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+{
+ services.consul = {
+ enable = true;
+ # dropPrivileges = false;
+ webUi = true;
+ # interface.bind = "retiolum";
+ extraConfig = {
+ bind_addr = config.krebs.build.host.nets.retiolum.ip4.addr;
+ bootstrap_expect = 3;
+ server = true;
+ # retry_join = config.services.consul.extraConfig.start_join;
+ retry_join = lib.mapAttrsToList (n: h:
+ lib.head h.nets.retiolum.aliases
+ ) (lib.filterAttrs (n: h: h.consul) config.krebs.hosts);
+ rejoin_after_leave = true;
+
+ # try to fix random lock loss on leader reelection
+ retry_interval = "3s";
+ performance = {
+ raft_multiplier = 8;
+ };
+ };
+ };
+
+ environment.etc."consul.d/testservice.json".text = builtins.toJSON {
+ service = {
+ name = "testing";
+ };
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 8300"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 8301"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 8301"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 8302"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 8302"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 8400"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 8500"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 8600"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 8500"; target = "ACCEPT"; }
+ ];
+}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index e8ac55988..49a04e9c2 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -98,7 +98,7 @@ with import <stockholm/lib>;
jq
#style
- rxvt_unicode.terminfo
+ rxvt-unicode-unwrapped.terminfo
#monitoring tools
htop
diff --git a/lass/2configs/et-server.nix b/lass/2configs/et-server.nix
new file mode 100644
index 000000000..19961fb84
--- /dev/null
+++ b/lass/2configs/et-server.nix
@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+{
+ services.eternal-terminal = {
+ enable = true;
+ };
+ networking.firewall.allowedTCPPorts = [ config.services.eternal-terminal.port ];
+}
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
index a83ed0544..1e41e8e02 100644
--- a/lass/2configs/green-host.nix
+++ b/lass/2configs/green-host.nix
@@ -2,32 +2,9 @@
{
imports = [
<stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/syncthing.nix>
];
- krebs.sync-containers.containers.green = {
- peers = [
- "echelon"
- "icarus"
- "littleT"
- "mors"
- "shodan"
- "skynet"
- "styx"
- ];
- hostIp = "10.233.2.15";
- localIp = "10.233.2.16";
- format = "ecryptfs";
- };
- services.borgbackup.jobs.sync-green = {
- encryption.mode = "none";
- paths = "/var/lib/sync-containers/green/ecryptfs";
- repo = "/var/lib/sync-containers/green/backup";
- compression = "auto,lzma";
- startAt = "daily";
- prune.keep = {
- daily = 7;
- weekly = 4;
- };
+ lass.sync-containers3.containers.green = {
+ sshKey = "${toString <secrets>}/green.sync.key";
};
}
diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix
index 78d5ae0e9..d391e0d7b 100644
--- a/lass/2configs/libvirt.nix
+++ b/lass/2configs/libvirt.nix
@@ -1,8 +1,8 @@
{ config, lib, pkgs, ... }:
{
- users.users.mainUser.extraGroups = [ "libvirtd" ];
virtualisation.libvirtd.enable = true;
+ security.polkit.enable = true;
krebs.iptables.tables.filter.INPUT.rules = [
{ v6 = false; predicate = "-i virbr0 -p udp -m udp --dport 53"; target = "ACCEPT"; }
diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix
new file mode 100644
index 000000000..fe75a96a6
--- /dev/null
+++ b/lass/2configs/mumble-reminder.nix
@@ -0,0 +1,107 @@
+{ config, lib, pkgs, ... }: let
+ write_to_irc = chan: pkgs.writeDash "write_to_irc" ''
+ ${pkgs.curl}/bin/curl -fsSv --unix-socket '${lib.removePrefix "unix:" config.krebs.reaktor2.mumble-reminder.API.listen}' http://z/ \
+ -H content-type:application/json \
+ -d "$(${pkgs.jq}/bin/jq -n \
+ --arg text "$1" '{
+ command:"PRIVMSG",
+ params:["${chan}",$text]
+ }'
+ )"
+ '';
+ animals = ''
+ Erdferkel
+ Paviane
+ Raupen
+ Australischen Wildhunde
+ Emus
+ Flundern
+ Gorillas
+ Kolibris
+ Schwarzfersenantilopen
+ Quallen
+ Kois
+ Faulaffen
+ Schraubenziegen
+ Nachtigalle
+ Okapis
+ Stachelschweine
+ Kurzschwanzkängurus
+ Waschbären
+ '';
+ systemPlugin = {
+ plugin = "system";
+ config = {
+ hooks.PRIVMSG = [
+ {
+ pattern = "^erriner mich$";
+ activate = "match";
+ command = {
+ filename = pkgs.writeDash "add_remind" ''
+ echo "$_from" >> /var/lib/reaktor2-mumble-reminder/users
+ sort /var/lib/reaktor2-mumble-reminder/users | uniq > /var/lib/reaktor2-mumble-reminder/users.tmp
+ mv /var/lib/reaktor2-mumble-reminder/users.tmp /var/lib/reaktor2-mumble-reminder/users
+ echo "Ich werde $_from in zukunft an das meetup errinern"
+ '';
+ };
+ }
+ {
+ pattern = "^nerv nicht$";
+ activate = "match";
+ command = {
+ filename = pkgs.writeDash "add_remind" ''
+ ${pkgs.gnused}/bin/sed -i "/$_from/d" /var/lib/reaktor2-mumble-reminder/users
+ echo "okok, Ich werde $_from nich mehr errinern"
+ '';
+ };
+ }
+ ];
+ };
+ };
+
+in {
+ krebs.reaktor2.mumble-reminder = {
+ hostname = "irc.hackint.org";
+ nick = "lassulus__";
+ API.listen = "unix:/var/lib/reaktor2-mumble-reminder/reaktor_hackint.sock";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#krebs"
+ "#nixos"
+ ];
+ };
+ }
+ systemPlugin
+ ];
+ port = "6697";
+ };
+ systemd.services.mumble-reminder-nixos = {
+ description = "weekly reminder for nixos mumble";
+ startAt = "Thu *-*-* 19:00:00 Europe/Berlin";
+ serviceConfig = {
+ ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
+ animals='
+ ${animals}
+ '
+ ${write_to_irc "#nixos"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
+ ${write_to_irc "#nixos"} "kommt auf mumble://lassul.us"
+ '';
+ };
+ };
+ systemd.services.mumble-reminder-krebs = {
+ description = "weekly reminder for nixos mumble";
+ startAt = "Thu *-*-* 19:00:00 Europe/Berlin";
+ serviceConfig = {
+ ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
+ animals='
+ ${animals}
+ '
+ ${write_to_irc "#krebs"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
+ ${write_to_irc "#krebs"} "$(cat /var/lib/reaktor2-mumble-reminder/users | ${pkgs.findutils}/bin/xargs echo) : mumble?"
+ '';
+ };
+ };
+}
diff --git a/lass/2configs/pipewire.nix b/lass/2configs/pipewire.nix
index f6ccd48d4..ec5a67b6e 100644
--- a/lass/2configs/pipewire.nix
+++ b/lass/2configs/pipewire.nix
@@ -9,7 +9,7 @@
};
environment.systemPackages = with pkgs; [
- alsaUtils
+ alsa-utils
pulseaudio
ponymix
];
diff --git a/lass/2configs/radio/default.nix b/lass/2configs/radio/default.nix
index 2f503eae9..dfb3d7e0b 100644
--- a/lass/2configs/radio/default.nix
+++ b/lass/2configs/radio/default.nix
@@ -1,85 +1,54 @@
-{ config, pkgs, ... }:
-with pkgs.stockholm.lib;
+{ config, pkgs, lib, ... }:
let
name = "radio";
music_dir = "/home/radio/music";
- add_random = pkgs.writeDashBin "add_random" ''
- ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" \
- | grep -Ev '/other/|/.graveyard/' \
- | grep '\.ogg$' \
- | shuf -n1 \
- | sed 's,${music_dir}/,,' \
- )"
- '';
-
- get_current_track_position = pkgs.writeDash "get_current_track_position" ''
- ${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }'
- '';
-
- skip_track = pkgs.writeBashBin "skip_track" ''
+ skip_track = pkgs.writers.writeBashBin "skip_track" ''
set -eu
- ${add_random}/bin/add_random
- music_dir=${escapeShellArg music_dir}
- current_track=$(${pkgs.mpc_cli}/bin/mpc current -f %file%)
- track_infos=$(${print_current}/bin/print_current)
- skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$music_dir"/"$current_track" || echo 0)
- if [[ "$current_track" =~ ^the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then
- skip_count=$((skip_count+1))
- ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$music_dir"/"$current_track"
- echo skipping: "$track_infos" skip_count: "$skip_count"
- else
- mkdir -p "$music_dir"/the_playlist/.graveyard/
- mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/.graveyard/
- echo killing: "$track_infos"
- fi
- ${pkgs.mpc_cli}/bin/mpc -q next
+ # TODO come up with new rating, without moving files
+ # current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename)
+ # track_infos=$(${print_current}/bin/print_current)
+ # skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$current_track" || echo 0)
+ # if [[ "$current_track" =~ .*/the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then
+ # skip_count=$((skip_count+1))
+ # ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$current_track"
+ # echo skipping: "$track_infos" skip_count: "$skip_count"
+ # else
+ # mkdir -p "$music_dir"/the_playlist/.graveyard/
+ # mv "$current_track" "$music_dir"/the_playlist/.graveyard/
+ # echo killing: "$track_infos"
+ # fi
+ ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/skip |
+ ${pkgs.jq}/bin/jq -r '.filename'
'';
good_track = pkgs.writeBashBin "good_track" ''
set -eu
- music_dir=${escapeShellArg music_dir}
- current_track=$(${pkgs.mpc_cli}/bin/mpc current -f %file%)
+ current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename)
track_infos=$(${print_current}/bin/print_current)
- if [[ "$current_track" =~ ^the_playlist/music/.* ]]; then
- ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$music_dir"/"$current_track"
- else
- mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/music/ || :
- fi
+ # TODO come up with new rating, without moving files
+ # if [[ "$current_track" =~ .*/the_playlist/music/.* ]]; then
+ # ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$current_track"
+ # else
+ # mv "$current_track" "$music_dir"/the_playlist/music/ || :
+ # fi
echo good: "$track_infos"
'';
- track_youtube_link = pkgs.writeDash "track_youtube_link" ''
- ${pkgs.mpc_cli}/bin/mpc current -f %file% \
- | ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://www.youtube.com/watch?v=\1@'
- '';
-
print_current = pkgs.writeDashBin "print_current" ''
- echo "$(${pkgs.mpc_cli}/bin/mpc current -f %file%) \
- $(${track_youtube_link})"
- '';
-
- print_current_json = pkgs.writeDashBin "print_current_json" ''
- ${pkgs.jq}/bin/jq -n -c \
- --arg name "$(${pkgs.mpc_cli}/bin/mpc current)" \
- --arg artist "$(${pkgs.mpc_cli}/bin/mpc current -f %artist%)" \
- --arg title "$(${pkgs.mpc_cli}/bin/mpc current -f %title%)" \
- --arg filename "$(${pkgs.mpc_cli}/bin/mpc current -f %file%)" \
- --arg position "$(${get_current_track_position})" \
- --arg length "$(${pkgs.mpc_cli}/bin/mpc current -f %time%)" \
- --arg youtube "$(${track_youtube_link})" '{
- name: $name,
- artist: $artist,
- title: $title,
- filename: $filename,
- position: $position,
- length: $length,
- youtube: $youtube
- }'
+ file=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current |
+ ${pkgs.jq}/bin/jq -r '.filename' |
+ ${pkgs.gnused}/bin/sed 's,^${music_dir},,'
+ )
+ link=$(${pkgs.curl}/bin/curl http://localhost:8002/current |
+ ${pkgs.jq}/bin/jq -r '.filename' |
+ ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://youtu.be/\1@'
+ )
+ echo "$file": "$link"
'';
set_irc_topic = pkgs.writeDash "set_irc_topic" ''
@@ -113,15 +82,14 @@ in {
users.users = {
"${name}" = rec {
inherit name;
- createHome = mkForce false;
+ createHome = lib.mkForce false;
group = name;
- uid = genid_uint31 name;
+ uid = pkgs.stockholm.lib.genid_uint31 name;
description = "radio manager";
home = "/home/${name}";
useDefaultShell = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
- lass-mors.pubkey
];
};
};
@@ -131,50 +99,35 @@ in {
};
krebs.per-user.${name}.packages = with pkgs; [
- add_random
good_track
skip_track
print_current
- print_current_json
- ncmpcpp
- mpc_cli
];
- services.mpd = {
- enable = true;
- user = "radio";
- musicDirectory = "${music_dir}";
- dataDir = "/home/radio/state"; # TODO create this somwhere
- extraConfig = ''
- log_level "default"
- auto_update "yes"
- volume_normalization "yes"
-
- audio_output {
- type "httpd"
- name "raw radio"
- encoder "wave"
- port "7900"
- format "44100:16:2"
- always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
- tags "yes" # httpd supports sending tags to listening streams.
- }
- '';
+ services.liquidsoap.streams.radio = ./radio.liq;
+ systemd.services.radio = {
+ environment = {
+ RADIO_PORT = "8002";
+ HOOK_TRACK_CHANGE = pkgs.writers.writeDash "on_change" ''
+ set -xefu
+ LIMIT=1000 #how many tracks to keep in the history
+ HISTORY_FILE=/var/lib/radio/recent
+
+ listeners=$(${pkgs.curl}/bin/curl -fSs lassul.us:8000/status-json.xsl |
+ ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0)
+ echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE"
+ echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
+ ${set_irc_topic} "playing: $filename listeners: $listeners"
+ '';
+ MUSIC = "${music_dir}/the_playlist";
+ ICECAST_HOST = "localhost";
+ };
+ path = [
+ pkgs.yt-dlp
+ ];
+ serviceConfig.User = lib.mkForce "radio";
};
- services.liquidsoap.streams.radio-news = pkgs.writeText "radio-news.liq" ''
- source = mksafe(input.http("http://localhost:7900/raw.wave"))
-
- output.icecast(mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), source)
- output.icecast(mount = '/music.mp3', password = 'hackme', %mp3.vbr(), source)
- output.icecast(mount = '/music.opus', password = 'hackme', %opus(bitrate = 96), source)
-
- extra_input = amplify(1.4, audio_to_stereo(input.harbor("live", port=1338)))
- o = smooth_add(normal = source, special = extra_input)
- output.icecast(mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), o)
- output.icecast(mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), o)
- output.icecast(mount = '/radio.opus', password = 'hackme', %opus(bitrate = 96), o)
- '';
services.icecast = {
enable = true;
hostname = "radio.lassul.us";
@@ -195,73 +148,8 @@ in {
};
};
- systemd.timers.radio = {
- description = "radio autoadder timer";
- wantedBy = [ "timers.target" ];
-
- timerConfig = {
- OnCalendar = "*:0/1";
- };
- };
-
- systemd.services.radio = let
- autoAdd = pkgs.writeDash "autoAdd" ''
- LIMIT=$1 #in seconds
-
- timeLeft () {
- playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
- currentTime=$(${get_current_track_position})
- expr ''${playlistDuration:-0} - ''${currentTime:-0}
- }
-
- if test $(timeLeft) -le $LIMIT; then
- ${add_random}/bin/add_random
- fi
- ${pkgs.mpc_cli}/bin/mpc play > /dev/null
- '';
- in {
- description = "radio playlist autoadder";
- after = [ "network.target" ];
-
- restartIfChanged = true;
-
- serviceConfig = {
- ExecStart = "${autoAdd} 150";
- };
- };
-
- systemd.services.radio-recent = let
- recentlyPlayed = pkgs.writeDash "recentlyPlayed" ''
- set -xefu
- LIMIT=1000 #how many tracks to keep in the history
- HISTORY_FILE=/var/lib/radio/recent
- while :; do
- ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null
- ${pkgs.mpc_cli}/bin/mpc current -f %file%
- done | while read track; do
-
- listeners=$(${pkgs.curl}/bin/curl lassul.us:8000/status-json.xsl |
- ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add')
- echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE"
- echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
- ${set_irc_topic} "playing: $track listeners: $listeners"
- done
- '';
- in {
- description = "radio recently played";
- after = [ "mpd.service" "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- restartIfChanged = true;
-
- serviceConfig = {
- ExecStart = recentlyPlayed;
- User = "radio";
- };
- };
-
# allow reaktor2 to modify files
- systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = mkForce false;
+ systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = lib.mkForce false;
krebs.reaktor2.the_playlist = {
hostname = "irc.hackint.org";
@@ -300,6 +188,12 @@ in {
like.filename = "${good_track}/bin/good_track";
current.filename = "${print_current}/bin/print_current";
+ wish.filename = pkgs.writeDash "wish" ''
+ echo "youtube-dl:$1" | ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish -d @- > /dev/null
+ '';
+ wishlist.filename = pkgs.writeDash "wishlist" ''
+ ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish | ${pkgs.jq}/bin/jq -r '.[]'
+ '';
suggest.filename = pkgs.writeDash "suggest" ''
echo "$@" >> playlist_suggest
'';
@@ -316,15 +210,8 @@ in {
user = {
name = "radio";
};
- script = ''. ${pkgs.writeDash "radio" ''
+ scriptFile = pkgs.writeDash "radio" ''
case "$Method $Request_URI" in
- "GET /current")
- printf 'HTTP/1.1 200 OK\r\n'
- printf 'Connection: close\r\n'
- printf '\r\n'
- ${print_current_json}/bin/print_current_json
- exit
- ;;
"POST /skip")
printf 'HTTP/1.1 200 OK\r\n'
printf 'Connection: close\r\n'
@@ -344,7 +231,7 @@ in {
exit
;;
esac
- ''}'';
+ '';
};
services.nginx = {
@@ -365,7 +252,7 @@ in {
alias /var/lib/radio/recent;
'';
locations."= /current".extraConfig = ''
- proxy_pass http://localhost:8001;
+ proxy_pass http://localhost:8002;
'';
locations."= /skip".extraConfig = ''
proxy_pass http://localhost:8001;
@@ -375,10 +262,11 @@ in {
'';
locations."= /radio.sh".alias = pkgs.writeScript "radio.sh" ''
#!/bin/sh
+ trap 'exit 0' EXIT
while sleep 1; do
mpv \
--cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \
- 'http://lassul.us:8000/radio.opus'
+ 'http://lassul.us:8000/radio.ogg'
done
'';
locations."= /controls".extraConfig = ''
diff --git a/lass/2configs/radio/news.nix b/lass/2configs/radio/news.nix
index e5b5405ff..0dc711e6c 100644
--- a/lass/2configs/radio/news.nix
+++ b/lass/2configs/radio/news.nix
@@ -3,7 +3,8 @@ let
send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
${pkgs.vorbis-tools}/bin/oggenc - |
- ${pkgs.libshout}/bin/shout --format ogg --host localhost --port 1338 --mount /live
+ ${pkgs.cyberlocker-tools}/bin/cput news.ogg
+ ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/newsshow
'';
gc_news = pkgs.writers.writeDashBin "gc_news" ''
diff --git a/lass/2configs/radio/radio.liq b/lass/2configs/radio/radio.liq
new file mode 100644
index 000000000..70d316043
--- /dev/null
+++ b/lass/2configs/radio/radio.liq
@@ -0,0 +1,112 @@
+log.stdout.set(true)
+
+# use yt-dlp
+settings.protocol.youtube_dl.path.set("yt-dlp")
+
+## functions
+
+def stringify_attrs(attrs) =
+ let json.stringify out = (attrs : [(string * string)] as json.object)
+ out
+end
+
+def filter_graveyard(req) =
+ filename = request.filename(req)
+ if string.match(pattern = '.*/\\.graveyard/.*', filename) then
+ false
+ else
+ true
+ end
+end
+
+def queue_contents(q) =
+ list.map(fun (req) -> request.uri(req), q)
+end
+## main
+
+env = environment()
+port = string.to_int(env["RADIO_PORT"], default = 8000)
+
+all_music = playlist(env["MUSIC"], check_next = filter_graveyard)
+wishlist = request.queue()
+tracks = fallback(track_sensitive = true, [wishlist, all_music])
+tracks = blank.eat(tracks)
+
+last_metadata = ref([])
+def on_metadata(m) =
+ last_metadata := m
+ print("changing tracks")
+ out = process.read(env["HOOK_TRACK_CHANGE"], env = m)
+ print(out)
+end
+tracks.on_metadata(on_metadata)
+
+# some nice effects
+music = crossfade(tracks)
+music = mksafe(music)
+music = normalize(music)
+
+news = request.queue()
+radio = smooth_add(normal = music, special = amplify(1.5, news))
+
+if string.length(env["ICECAST_HOST"]) > 0 then
+ output.icecast(host = env["ICECAST_HOST"], mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), music)
+ output.icecast(host = env["ICECAST_HOST"], mount = '/music.mp3', password = 'hackme', %mp3.vbr(), music)
+ output.icecast(host = env["ICECAST_HOST"], mount = '/music.opus', password = 'hackme', %opus(bitrate = 128), music)
+
+ output.icecast(host = env["ICECAST_HOST"], mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), radio)
+ output.icecast(host = env["ICECAST_HOST"], mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), radio)
+ output.icecast(host = env["ICECAST_HOST"], mount = '/radio.opus', password = 'hackme', %opus(bitrate = 128), radio)
+else
+ output(fallible = true, buffer(radio))
+end
+
+interactive.harbor(port = port)
+
+def current(~protocol, ~headers, ~data, uri) =
+ http.response(content_type = "application/json", data = stringify_attrs(
+ !last_metadata
+ ))
+end
+harbor.http.register("/current", port = port, current)
+
+def skip(~protocol, ~headers, ~data, uri) =
+ tracks.skip()
+ http.response(content_type = "application/json", data = stringify_attrs(
+ !last_metadata
+ ))
+end
+harbor.http.register("/skip", method = "POST", port = port, skip)
+
+def all_tracks(~protocol, ~headers, ~data, uri) =
+ http.response(content_type = "application/json", data = json.stringify(
+ all_music.remaining_files()
+ ))
+end
+harbor.http.register("/all_tracks", port = port, all_tracks)
+
+def wish_track(~protocol, ~headers, ~data, uri) =
+ # disallow process:
+ if string.match(pattern = '^process:', data) then
+ http.response(code = 400)
+ else
+ # TODO report errors back
+ wish = request.create(data)
+ wishlist.push(wish)
+ http.response(content_type = "application/json", data = "ok")
+ end
+end
+harbor.http.register("/wish", method = "POST", port = port, wish_track)
+
+def wish_tracklist(~protocol, ~headers, ~data, uri) =
+ http.response(content_type = "application/json", data = json.stringify(
+ queue_contents(wishlist.queue())
+ ))
+end
+harbor.http.register("/wish", port = port, wish_tracklist)
+
+def newsshow(~protocol, ~headers, ~data, uri) =
+ news.push(request.create("http://c.r/news.ogg"))
+ http.response(content_type = "application/json", data = "ok")
+end
+harbor.http.register("/newsshow", method = "POST", port = port, newsshow)
diff --git a/lass/2configs/radio/shell.nix b/lass/2configs/radio/shell.nix
new file mode 100644
index 000000000..9d00e3b06
--- /dev/null
+++ b/lass/2configs/radio/shell.nix
@@ -0,0 +1,7 @@
+{ pkgs ? import <nixpkgs> {} }:
+pkgs.mkShell {
+ buildInputs = [
+ pkgs.liquidsoap
+ pkgs.yt-dlp
+ ];
+}
diff --git a/lass/2configs/radio/weather.nix b/lass/2configs/radio/weather.nix
index 3beac6693..704bf7218 100644
--- a/lass/2configs/radio/weather.nix
+++ b/lass/2configs/radio/weather.nix
@@ -6,7 +6,7 @@ let
} ./weather_for_ips.py;
weather_report = pkgs.writers.writeDashBin "weather_report" ''
- set -efu
+ set -efux
export PATH="${lib.makeBinPath [
pkgs.coreutils
pkgs.curl
@@ -14,7 +14,7 @@ let
pkgs.jc
pkgs.jq
]}"
- curl -z /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb
+ curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb
MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB
OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY
ss -no 'sport = :8000' |
@@ -42,7 +42,7 @@ in {
--arg to "$(date -u +'%FT%TZ' -d '+1 hours')" \
--slurp --raw-input --compact-output --ascii-output \
'{text: ., from: $from, to: $to, priority: 100}' |
- retry -t 5 -d 10 -- curl -v -d@- http://radio-news.r
+ retry -t 5 -d 10 -- curl -fSs -d@- http://radio-news.r
'';
startAt = "*:58:00";
serviceConfig = {
diff --git a/lass/2configs/radio/weather_for_ips.py b/lass/2configs/radio/weather_for_ips.py
index 587cc1f28..1f8489bd1 100644
--- a/lass/2configs/radio/weather_for_ips.py
+++ b/lass/2configs/radio/weather_for_ips.py
@@ -24,9 +24,10 @@ for ip in fileinput.input():
weather = json.loads(resp.text)
output.append(
f'Weather report for {location.city.name}, {location.country.name}. '
- f'Currently it is {weather["current"]["weather"][0]["description"]} outside '
+ f'It is {weather["current"]["weather"][0]["description"]} outside '
f'with a temperature of {weather["current"]["temp"]:.1f} degrees, '
- f'and a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second. '
+ f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second '
+ f'and a humidity of {weather["current"]["humidity"]} percent. '
f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. '
)
diff --git a/lass/2configs/red-host.nix b/lass/2configs/red-host.nix
new file mode 100644
index 000000000..cbd9c097e
--- /dev/null
+++ b/lass/2configs/red-host.nix
@@ -0,0 +1,167 @@
+{ config, lib, pkgs, ... }:
+let
+ ctr.name = "red";
+in
+{
+ imports = [
+ <stockholm/lass/2configs/container-networking.nix>
+ ];
+
+
+ lass.sync-containers3.containers.red = {
+ sshKey = "${toString <secrets>}/containers/red/sync.key";
+ ephemeral = true;
+ };
+
+ # containers.${ctr.name} = {
+ # config = {
+ # environment.systemPackages = [
+ # pkgs.dhcpcd
+ # pkgs.git
+ # pkgs.jq
+ # ];
+ # networking.useDHCP = lib.mkForce true;
+ # systemd.services.autoswitch = {
+ # environment = {
+ # NIX_REMOTE = "daemon";
+ # };
+ # wantedBy = [ "multi-user.target" ];
+ # serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ''
+ # if test -e /var/src/nixos-config; then
+ # /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || :
+ # fi
+ # '';
+ # unitConfig.X-StopOnRemoval = false;
+ # };
+ # };
+ # autoStart = false;
+ # enableTun = true;
+ # privateNetwork = true;
+ # hostBridge = "ctr0";
+ # bindMounts = {
+ # "/etc/resolv.conf".hostPath = "/etc/resolv.conf";
+ # "/var/lib/self-state/disk-image" = {
+ # hostPath = "/var/lib/sync-containers3/${ctr.name}";
+ # isReadOnly = true;
+ # };
+ # };
+ # };
+
+ # systemd.services."${ctr.name}_scheduler" = {
+ # wantedBy = [ "multi-user.target" ];
+ # path = with pkgs; [
+ # coreutils
+ # consul
+ # cryptsetup
+ # mount
+ # util-linux
+ # systemd
+ # untilport
+ # ];
+ # serviceConfig = {
+ # Restart = "always";
+ # RestartSec = "15s";
+ # ExecStart = "${pkgs.consul}/bin/consul lock container_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-start" ''
+ # set -efux
+ # trap ${pkgs.writers.writeDash "stop-${ctr.name}" ''
+ # set -efux
+ # /run/current-system/sw/bin/nixos-container stop ${ctr.name} || :
+ # umount /var/lib/nixos-containers/${ctr.name}/var/state || :
+ # cryptsetup luksClose ${ctr.name} || :
+ # ''} INT TERM EXIT
+ # consul kv put containers/${ctr.name}/host ${config.networking.hostName}
+ # cryptsetup luksOpen --key-file /var/src/secrets/containers/${ctr.name}/luks /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name}
+ # mkdir -p /var/lib/nixos-containers/${ctr.name}/var/state
+ # mount /dev/mapper/${ctr.name} /var/lib/nixos-containers/${ctr.name}/var/state
+ # ln -frs /var/lib/nixos-containers/${ctr.name}/var/state/var_src /var/lib/nixos-containers/${ctr.name}/var/src
+ # /run/current-system/sw/bin/nixos-container start ${ctr.name}
+ # set +x
+ # until /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done
+ # while /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done
+ # ''}";
+ # };
+ # };
+
+ # users.groups."container_${ctr.name}" = {};
+ # users.users."container_${ctr.name}" = {
+ # group = "container_${ctr.name}";
+ # isSystemUser = true;
+ # home = "/var/lib/sync-containers3/${ctr.name}";
+ # createHome = true;
+ # homeMode = "705";
+ # openssh.authorizedKeys.keys = [
+ # config.krebs.users.lass.pubkey
+ # ];
+ # };
+
+ # systemd.timers."${ctr.name}_syncer" = {
+ # timerConfig = {
+ # RandomizedDelaySec = 300;
+ # };
+ # };
+ # systemd.services."${ctr.name}_syncer" = {
+ # path = with pkgs; [
+ # coreutils
+ # rsync
+ # openssh
+ # systemd
+ # ];
+ # startAt = "*:0/1";
+ # serviceConfig = {
+ # User = "container_${ctr.name}";
+ # LoadCredential = [
+ # "ssh_key:${toString <secrets>}/containers/${ctr.name}/sync.key"
+ # ];
+ # ExecCondition = pkgs.writers.writeDash "${ctr.name}_checker" ''
+ # set -efu
+ # ! systemctl is-active --quiet container@${ctr.name}.service
+ # '';
+ # ExecStart = pkgs.writers.writeDash "${ctr.name}_syncer" ''
+ # set -efu
+ # rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk-image/disk $HOME/disk
+ # '';
+ # };
+ # };
+
+ # # networking
+ # networking.networkmanager.unmanaged = [ "ctr0" ];
+ # networking.interfaces.dummy0.virtual = true;
+ # networking.bridges.ctr0.interfaces = [ "dummy0" ];
+ # networking.interfaces.ctr0.ipv4.addresses = [{
+ # address = "10.233.0.1";
+ # prefixLength = 24;
+ # }];
+ # systemd.services."dhcpd-ctr0" = {
+ # wantedBy = [ "multi-user.target" ];
+ # after = [ "network.target" ];
+ # serviceConfig = {
+ # Type = "forking";
+ # Restart = "always";
+ # DynamicUser = true;
+ # StateDirectory = "dhcpd-ctr0";
+ # User = "dhcpd-ctr0";
+ # Group = "dhcpd-ctr0";
+ # AmbientCapabilities = [
+ # "CAP_NET_RAW" # to send ICMP messages
+ # "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67)
+ # ];
+ # ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases";
+ # ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" ''
+ # default-lease-time 600;
+ # max-lease-time 7200;
+ # authoritative;
+ # ddns-update-style interim;
+ # log-facility local1; # see dhcpd.nix
+
+ # option subnet-mask 255.255.255.0;
+ # option routers 10.233.0.1;
+ # # option domain-name-servers 8.8.8.8; # TODO configure dns server
+ # subnet 10.233.0.0 netmask 255.255.255.0 {
+ # range 10.233.0.10 10.233.0.250;
+ # }
+ # ''} ctr0";
+ # };
+ # };
+
+}
+
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 22b1669b0..bffa1036b 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -174,7 +174,6 @@ rec {
services.phpfpm.pools."${domain}" = {
user = "nginx";
group = "nginx";
- phpPackage = pkgs.php74;
extraConfig = ''
listen = /srv/http/${domain}/phpfpm.pool
pm = dynamic
@@ -228,7 +227,6 @@ rec {
services.phpfpm.pools."${domain}" = {
user = "nginx";
group = "nginx";
- phpPackage = pkgs.php74;
extraConfig = ''
listen = /srv/http/${domain}/phpfpm.pool
pm = dynamic
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
new file mode 100644
index 000000000..845a7e3b8
--- /dev/null
+++ b/lass/2configs/weechat.nix
@@ -0,0 +1,221 @@
+{ config, lib, pkgs, ... }: let
+
+ weechat-configured = pkgs.weechat-declarative.override {
+ config = {
+ scripts = [
+ pkgs.weechat-matrix
+ pkgs.weechatScripts.wee-slack
+ ];
+ settings = {
+ irc.server_default.nicks = [ "lassulus" "hackulus" ];
+ irc.server.bitlbee = {
+ addresses = "localhost/6666";
+ command = "msg &bitlbee identify \${sec.data.bitlbee}";
+ };
+ irc.server.hackint = {
+ addresses = "irc.hackint.org/6697";
+ autojoin = [
+ "#c3-gsm"
+ "#panthermoderns"
+ "#36c3"
+ "#cccac"
+ "#nixos"
+ "#krebs"
+ "#c-base"
+ "#afra"
+ "#tvl"
+ "#eloop"
+ "#systemdultras"
+ "#rc3"
+ "#krebs-announce"
+ "#the_playlist"
+ "#germany"
+ "#hackint"
+ "#dezentrale"
+ "#hackerfleet \${sec.data.c3-gsm}" # TODO support channel passwords in a cooler way
+ ];
+ ssl = true;
+ sasl_fail = "reconnect";
+ sasl_username = "lassulus";
+ sasl_password = "\${sec.data.hackint_sasl}";
+ };
+ irc.server.r = {
+ addresses = "irc.r";
+ autojoin = [
+ "#xxx"
+ "#autowifi"
+ "#brockman"
+ "#flix"
+ "#kollkoll"
+ "#noise"
+ "#mukke"
+ ];
+ sasl_fail = "reconnect";
+ sasl_username = "lassulus";
+ sasl_password = "\${sec.data.r_sasl}";
+ anti_flood_prio_high = 0;
+ anti_flood_prio_low = 0;
+ };
+ irc.server.libera = {
+ addresses = "irc.libera.chat/6697";
+ autojoin = [
+ "#shackspace"
+ "#nixos"
+ "#krebs"
+ "#dezentrale"
+ "#tinc"
+ "#nixos-de"
+ "#fysi"
+ "#hillhacks"
+ "#nixos-rc3"
+ "#binaergewitter"
+ "#hackerfleet"
+ "#weechat"
+ ];
+ ssl = true;
+ sasl_username = "lassulus";
+ sasl_fail = "reconnect";
+ sasl_password = "\${sec.data.libera_sasl}";
+ };
+ irc.server.news = {
+ addresses = "news.r";
+ autojoin = [
+ "#all"
+ "#aluhut"
+ "#querdenkos"
+ "#news"
+ "#drachengame"
+ ];
+ anti_flood_prio_high = 0;
+ anti_flood_prio_low = 0;
+ };
+ matrix.server.lassulus = {
+ address = "matrix.lassul.us";
+ username = "lassulus";
+ password = "\${sec.data.matrix_lassulus}";
+ device_name = config.networking.hostName;
+ };
+ matrix.server.nixos_dev = {
+ address = "matrix.nixos.dev";
+ username = "@lassulus:nixos.dev";
+ device_name = config.networking.hostName;
+ sso_helper_listening_port = 55123;
+ };
+ plugins.var.python.go.short_name = true;
+ plugins.var.python.go.short_name_server = true;
+ plugins.var.python.go.fuzzy_search = true;
+ relay.network.password = "xxx"; # secret?
+ relay.port.weechat = 9998;
+ relay.weechat.commands = "*,!exec,!quit";
+ weechat.look.buffer_time_format = "%m-%d_%H:%M:%S";
+ weechat.look.item_time_format = "%m-%d_%H:%M:%S";
+ irc.look.color_nicks_in_names = true;
+ irc.look.color_nicks_in_nicklist = true;
+ logger.file.mask = "$plugin.$name/%Y-%m-%d.weechatlog";
+ logger.file.path = "/var/state/weechat_logs";
+ logger.look.backlog = 1000;
+ weechat.notify.python.matrix.nixos_dev."!YLoVsCxScyQODoqIbb:hackint.org" = "none"; #c-base
+ weechat.notify.python.matrix.nixos_dev."!bohcSYPVoePqBDWlvE:hackint.org" = "none"; #krebs
+ weechat.notify.irc.news."#all" = "highlight";
+
+ # setting logger levels for channels is currently not possible declarativly
+ # because of already defined
+ logger.level.core.weechat = 0;
+ logger.level.irc = 3;
+ logger.level.python = 3;
+ weechat.bar.title.color_bg = 0;
+ weechat.bar.status.color_bg = 0;
+ alias.cmd.reload = "exec -oc cat /etc/weechat.set";
+ script.scripts.download_enabled = true;
+ weechat.look.prefix_align = "left";
+ weechat.look.prefix_align_max = 20;
+ irc.look.server_buffer = "independent";
+ matrix.look.server_buffer = "independent";
+ weechat.bar.buflist.size_max = 20;
+ weechat.color.chat_nick_colors = [
+ 1 2 3 4 5 6 9
+ 10 11 12 13 14
+ 28 29
+ 30 31 32 33 34 35 36 37 38 39
+ 70
+ 94
+ 101 102 103 104 105 106 107
+ 130 131 133 134 135 136 137
+ 140 141 142 143
+ 160 161 162 163 165 166 167 168 169
+ 170 171 172 173 174 175
+ 196 197 198 199
+ 200 201 202 203 204 205 206 208 209 209
+ 210 211 212
+ ];
+ };
+ extraCommands = ''
+ /script upgrade
+ /script install go.py
+ /script install nickregain.pl
+ /script install autosort.py
+ /key bind meta-q /go
+ /key bind meta-t /bar toggle nicklist
+ /key bind meta-y /bar toggle buflist
+ /filter addreplace irc_smart * irc_smart_filter *
+ /filter addreplace playlist_topic irc.*.#the_playlist irc_topic *
+ /filter addreplace xxx_joinpart irc.r.#xxx irc_join,irc_part,irc_quit *
+ /set logger.level.irc.news 0
+ /set logger.level.python.server.nixos_dev = 0;
+ /set logger.level.irc.hackint.#the_playlist = 0;
+ /connect bitlbee
+ /connect r
+ /connect news
+ /connect libera
+ /connect hackint
+ /matrix connect nixos_dev
+ /matrix connect lassulus
+ '';
+ files."sec.conf" = toString (pkgs.writeText "sec.conf" ''
+ [crypt]
+ cipher = aes256
+ hash_algo = sha256
+ passphrase_command = "cat $CREDENTIALS_DIRECTORY/WEECHAT_PASSPHRASE"
+ salt = on
+
+ [data]
+ __passphrase__ = on
+ hackint_sasl = "5CA242E92E7A09B180711B50C4AE2E65C42934EB4E584EC82BC1281D8C72CD411D590C16CC435687C0DA13759873CC"
+ libera_sasl = "9500B5AC3B29F9CAA273F1B89DC99550E038AF95C4B47442B1FB4CB9F0D6B86B26015988AD39E642CA9C4A78DED7F42D1F409B268C93E778"
+ r_sasl = "CB6FB1421ED5A9094CD2C05462DB1FA87C4A675628ABD9AEC9928A1A6F3F96C07D9F26472331BAF80B7B73270680EB1BBEFD"
+ c3-gsm = "C49DD845900CFDFA93EEBCE4F1ABF4A963EF6082B7DA6410FA701CC77A04BB6C201FCB864988C4F2B97ED7D44D5A28F162"
+ matrix.server.nixos_dev.access_token = "C40FE41B9B7B73553D51D8FCBD53871E940FE7FCCAB543E7F4720A924B8E1D58E2B1E1F460F5476C954A223F78CCB956337F6529159C0ECD7CB0384C13CB7170FF1270A577B1C4FF744D20FCF5C708259896F8D9"
+ bitlbee = "814ECAC59D9CF6E8340B566563E5D7E92AB92209B49C1EDE4CAAC32DD0DF1EC511D97C75E840C45D69BB9E3D03E79C"
+ matrix_lassulus = "0CA5C0F70A9F893881370F4A665B4CC40FBB1A41E53BC94916CD92B029103528611EC0B390116BE60FA79AE10F486E96E17B0824BE2DE1C97D87B88F5407330DAD70C044147533C36B09B7030CAD97"
+ '');
+ };
+ };
+
+in {
+ users.users.mainUser.packages = [
+ weechat-configured
+ ];
+ environment.etc."weechat.set".source = "${weechat-configured}/weechat.set";
+ systemd.tmpfiles.rules = [
+ "d /var/state/weechat_logs 0700 lass users -"
+ "d /var/state/weechat 0700 lass users -"
+ "d /var/state/weechat_cfg 0700 lass users -"
+ "L+ /home/lass/.local/share/weechat - - - - ../../../../var/state/weechat"
+ "L+ /home/lass/.config/weechat - - - - ../../../../var/state/weechat_cfg"
+ ];
+
+ systemd.services.weechat = {
+ wantedBy = [ "multi-user.target" ];
+ restartIfChanged = false;
+ serviceConfig = {
+ User = "lass";
+ RemainAfterExit = true;
+ Type = "oneshot";
+ LoadCredential = [
+ "WEECHAT_PASSPHRASE:${toString <secrets>}/weechat_passphrase"
+ ];
+ ExecStart = "${pkgs.tmux}/bin/tmux -2 new-session -d -s IM ${weechat-configured}/bin/weechat";
+ ExecStop = "${pkgs.tmux}/bin/tmux kill-session -t IM"; # TODO run save in weechat
+ };
+ };
+}
diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix
index 3b372189c..8784da379 100644
--- a/lass/2configs/xmonad.nix
+++ b/lass/2configs/xmonad.nix
@@ -45,6 +45,7 @@ import XMonad.Layout.Minimize (minimize)
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Layout.MouseResizableTile (mouseResizableTile)
import XMonad.Layout.SimplestFloat (simplestFloat)
+import XMonad.Layout.StateFull
import XMonad.ManageHook (composeAll)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
@@ -63,8 +64,6 @@ instance UrgencyHook LibNotifyUrgencyHook where
safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx]
myTerm :: FilePath
--- myTerm = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtc -e /run/current-system/sw/bin/xonsh"
--- myTerm = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtc"
myTerm = "/run/current-system/sw/bin/alacritty"
myFont :: String
@@ -89,7 +88,7 @@ main = do
myLayoutHook = defLayout
where
- defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid)
+ defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| StateFull ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid)
floatHooks = composeAll
[ className =? "Pinentry" --> doCenterFloat
@@ -152,7 +151,14 @@ myKeyMap =
, ("M4-S-q", return ())
- , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
+ , ("M4-d", floatNext True >> spawn "${pkgs.writers.writeDash "clipmenu" ''
+ PATH=${lib.makeBinPath [
+ pkgs.coreutils
+ pkgs.gawk
+ pkgs.dmenu
+ ]}
+ ${pkgs.clipmenu}/bin/clipmenu
+ ''}")
, ("M4-<F2>", windows copyToAll)
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index 6571461ca..a7b0c372c 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -1,6 +1,17 @@
{ config, lib, pkgs, ... }:
{
- environment.systemPackages = [ pkgs.fzf ];
+ environment.systemPackages = with pkgs; [
+ atuin
+ direnv
+ fzf
+ ];
+ environment.variables.ATUIN_CONFIG_DIR = toString (pkgs.writeTextDir "/config.toml" ''
+ auto_sync = true
+ update_check = false
+ sync_address = "http://green.r:8888"
+ sync_frequency = 0
+ style = "compact"
+ '');
programs.zsh = {
enable = true;
shellInit = ''
@@ -12,27 +23,9 @@
setopt autocd extendedglob
bindkey -e
- #history magic
- bindkey "" up-line-or-local-history
- bindkey "" down-line-or-local-history
-
- up-line-or-local-history() {
- zle set-local-history 1
- zle up-line-or-history
- zle set-local-history 0
- }
- zle -N up-line-or-local-history
- down-line-or-local-history() {
- zle set-local-history 1
- zle down-line-or-history
- zle set-local-history 0
- }
- zle -N down-line-or-local-history
-
- setopt SHARE_HISTORY
- setopt HIST_IGNORE_ALL_DUPS
- # setopt inc_append_history
- bindkey '^R' history-incremental-search-backward
+
+ # # setopt inc_append_history
+ # bindkey '^R' history-incremental-search-backward
#C-x C-e open line in editor
autoload -z edit-command-line
@@ -43,6 +36,13 @@
source ${pkgs.fzf}/share/fzf/completion.zsh
source ${pkgs.fzf}/share/fzf/key-bindings.zsh
+ # atuin distributed shell history
+ export ATUIN_NOBIND="true" # disable all keybdinings of atuin
+ eval "$(atuin init zsh)"
+ bindkey '^r' _atuin_search_widget # bind ctrl+r to atuin
+ # use zsh only session history
+ fc -p
+
#completion magic
autoload -Uz compinit
compinit
@@ -65,13 +65,11 @@
bindkey "[8~" end-of-line
bindkey "Oc" emacs-forward-word
bindkey "Od" emacs-backward-word
+
+ # direnv integration
+ eval "$(${pkgs.direnv}/bin/direnv hook zsh)"
'';
promptInit = ''
- # TODO: figure out why we need to set this here
- HISTSIZE=900001
- HISTFILESIZE=$HISTSIZE
- SAVEHIST=$HISTSIZE
-
autoload -U promptinit
promptinit
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 3a0b1306c..42efa8cd6 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -15,5 +15,6 @@ _:
./xjail.nix
./autowifi.nix
./browsers.nix
+ ./sync-containers3.nix
];
}
diff --git a/lass/3modules/drbd.nix b/lass/3modules/drbd.nix
index 816e58f0a..dbc3db4db 100644
--- a/lass/3modules/drbd.nix
+++ b/lass/3modules/drbd.nix
@@ -64,13 +64,42 @@ in {
services.udev.packages = [ pkgs.drbd ];
boot.kernelModules = [ "drbd" ];
- environment.systemPackages = [ pkgs.drbd ];
+ environment.systemPackages = [
+ pkgs.drbd
+ (pkgs.writers.writeDashBin "drbd-change-nodeid" ''
+ # https://linbit.com/drbd-user-guide/drbd-guide-9_0-en/#s-using-truck-based-replication
+ set -efux
+ if [ "$#" -ne 2 ]; then
+ echo '$1 needs to be drbd volume name'
+ echo '$2 needs to be new node id'
+ exit 1
+ fi
+
+
+ TMPDIR=$(mktemp -d)
+ trap 'rm -rf $TMPDIR' EXIT
+
+ V=$1
+ NODE_TO=$2
+ META_DATA_LOCATION=internal
+
+ ${pkgs.drbd}/bin/drbdadm -- --force dump-md $V > "$TMPDIR"/md_orig.txt
+ NODE_FROM=$(cat "$TMPDIR"/md_orig.txt | ${pkgs.gnused}/bin/sed -n 's/^node-id \(.*\);$/\1/p')
+ ${pkgs.gnused}/bin/sed -e "s/node-id $NODE_FROM/node-id $NODE_TO/" \
+ -e "s/^peer.$NODE_FROM. /peer-NEW /" \
+ -e "s/^peer.$NODE_TO. /peer[$NODE_FROM] /" \
+ -e "s/^peer-NEW /peer[$NODE_TO] /" \
+ < "$TMPDIR"/md_orig.txt > "$TMPDIR"/md.txt
+
+ drbdmeta --force $(drbdadm sh-minor $V) v09 $(drbdadm sh-md-dev $V) $META_DATA_LOCATION restore-md "$TMPDIR"/md.txt
+ '')
+ ];
networking.firewall.allowedTCPPorts = map (device: device.port) (lib.attrValues cfg);
systemd.services = lib.mapAttrs' (_: device:
lib.nameValuePair "drbd-${device.name}" {
- after = [ "systemd-udev.settle.service" "network.target" ];
+ after = [ "systemd-udev.settle.service" "network.target" "retiolum.service" ];
wants = [ "systemd-udev.settle.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
@@ -88,7 +117,7 @@ in {
''}
if ! ${pkgs.drbd}/bin/drbdadm adjust ${device.name}; then
${pkgs.drbd}/bin/drbdadm down ${device.name}
- ${pkgs.drbd}/bin/drbdadm create-md ${device.name}
+ ${pkgs.drbd}/bin/drbdadm create-md ${device.name}/0 --max-peers 31
${pkgs.drbd}/bin/drbdadm up ${device.name}
fi
'';
diff --git a/lass/3modules/sync-containers3.nix b/lass/3modules/sync-containers3.nix
new file mode 100644
index 000000000..1371d5233
--- /dev/null
+++ b/lass/3modules/sync-containers3.nix
@@ -0,0 +1,313 @@
+{ config, lib, pkgs, ... }: let
+ cfg = config.lass.sync-containers3;
+ slib = pkgs.stockholm.lib;
+in {
+ options.lass.sync-containers3 = {
+ inContainer = {
+ enable = lib.mkEnableOption "container config for syncing";
+ pubkey = lib.mkOption {
+ type = lib.types.str; # TODO ssh key
+ };
+ };
+ containers = lib.mkOption {
+ default = {};
+ type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: {
+ options = {
+ name = lib.mkOption {
+ type = lib.types.str;
+ default = config._module.args.name;
+ };
+ sshKey = lib.mkOption {
+ type = slib.types.absolute-pathname;
+ };
+ luksKey = lib.mkOption {
+ type = slib.types.absolute-pathname;
+ default = config.sshKey;
+ };
+ ephemeral = lib.mkOption {
+ type = lib.types.bool;
+ default = false;
+ };
+ };
+ }));
+ };
+ };
+ config = lib.mkMerge [
+ (lib.mkIf (cfg.containers != {}) {
+
+ containers = lib.mapAttrs' (n: ctr: lib.nameValuePair ctr.name {
+ config = {
+ environment.systemPackages = [
+ pkgs.dhcpcd
+ pkgs.git
+ pkgs.jq
+ ];
+ networking.useDHCP = lib.mkForce true;
+ systemd.services.autoswitch = {
+ environment = {
+ NIX_REMOTE = "daemon";
+ };
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ''
+ set -efu
+ ln -frs /var/state/var_src /var/src
+ if test -e /var/src/nixos-config; then
+ /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || :
+ fi
+ '';
+ unitConfig.X-StopOnRemoval = false;
+ };
+ };
+ autoStart = false;
+ enableTun = true;
+ ephemeral = ctr.ephemeral;
+ privateNetwork = true;
+ hostBridge = "ctr0";
+ bindMounts = {
+ "/etc/resolv.conf".hostPath = "/etc/resolv.conf";
+ "/var/lib/self/disk" = {
+ hostPath = "/var/lib/sync-containers3/${ctr.name}/disk";
+ isReadOnly = false;
+ };
+ "/var/state" = {
+ hostPath = "/var/lib/sync-containers3/${ctr.name}/state";
+ isReadOnly = false;
+ };
+ };
+ }) cfg.containers;
+
+ systemd.services = lib.foldr lib.recursiveUpdate {} (lib.flatten (map (ctr: [
+ { "${ctr.name}_syncer" = {
+ path = with pkgs; [
+ coreutils
+ consul
+ rsync
+ openssh
+ systemd
+ ];
+ startAt = "*:0/1";
+ serviceConfig = {
+ User = "${ctr.name}_container";
+ LoadCredential = [
+ "ssh_key:${ctr.sshKey}"
+ ];
+ ExecCondition = pkgs.writers.writeDash "${ctr.name}_checker" ''
+ set -efu
+ ! systemctl is-active --quiet container@${ctr.name}.service
+ '';
+ ExecStart = pkgs.writers.writeDash "${ctr.name}_syncer" ''
+ set -efux
+ consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" ''
+ set -efux
+ if /run/wrappers/bin/ping -c 1 ${ctr.name}.r; then
+ touch "$HOME"/incomplete
+ rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk "$HOME"/disk
+ rm "$HOME"/incomplete
+ fi
+ ''}
+ '';
+ };
+ }; }
+ { "${ctr.name}_watcher" = {
+ path = with pkgs; [
+ coreutils
+ consul
+ cryptsetup
+ curl
+ mount
+ util-linux
+ jq
+ retry
+ ];
+ serviceConfig = {
+ ExecStart = pkgs.writers.writeDash "${ctr.name}_watcher" ''
+ set -efux
+ while sleep 5; do
+ # get the payload
+ # check if the host reacted recently
+ case $(curl -s -o /dev/null --retry 10 --retry-delay 10 -w '%{http_code}' http://127.0.0.1:8500/v1/kv/containers/${ctr.name}) in
+ 404)
+ echo 'got 404 from kv, should kill the container'
+ break
+ ;;
+ 500)
+ echo 'got 500 from kv, will kill container'
+ break
+ ;;
+ 200)
+ # echo 'got 200 from kv, will check payload'
+ export payload=$(consul kv get containers/${ctr.name})
+ if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then
+ # echo 'we are the host, trying to reach container'
+ if $(retry -t 10 -d 10 -- /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null); then
+ # echo 'container is reachable, continueing'
+ continue
+ else
+ # echo 'container seems dead, killing'
+ break
+ fi
+ else
+ echo 'we are not host, killing container'
+ break
+ fi
+ ;;
+ *)
+ echo 'unknown state, continuing'
+ continue
+ ;;
+ esac
+ done
+ /run/current-system/sw/bin/nixos-container stop ${ctr.name} || :
+ umount /var/lib/sync-containers3/${ctr.name}/state || :
+ cryptsetup luksClose ${ctr.name} || :
+ '';
+ };
+ }; }
+ { "${ctr.name}_scheduler" = {
+ wantedBy = [ "multi-user.target" ];
+ path = with pkgs; [
+ coreutils
+ consul
+ cryptsetup
+ mount
+ util-linux
+ curl
+ systemd
+ jq
+ retry
+ bc
+ ];
+ serviceConfig = {
+ Restart = "always";
+ RestartSec = "30s";
+ ExecStart = pkgs.writers.writeDash "${ctr.name}_scheduler" ''
+ set -efux
+ # get the payload
+ # check if the host reacted recently
+ case $(curl -s -o /dev/null --retry 10 -w '%{http_code}' http://127.0.0.1:8500/v1/kv/containers/${ctr.name}) in
+ 404)
+ # echo 'got 404 from kv, will create container'
+ ;;
+ 500)
+ # echo 'got 500 from kv, retrying again'
+ exit 0
+ ;;
+ 200)
+ # echo 'got 200 from kv, will check payload'
+ export payload=$(consul kv get containers/${ctr.name})
+ if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then
+ echo 'we are the host, starting container'
+ else
+ # echo 'we are not host, checking timestamp'
+ # if [ $(echo "$(date +%s) - $(jq -rn 'env.payload | fromjson.time') > 100" | bc) -eq 1 ]; then
+ if [ "$(jq -rn 'env.payload | fromjson.time | now - tonumber > 100')" = 'true' ]; then
+ echo 'last beacon is more than 100s ago, taking over'
+ else
+ # echo 'last beacon was recent. trying again'
+ exit 0
+ fi
+ fi
+ ;;
+ *)
+ echo 'unknown state, bailing out'
+ exit 0
+ ;;
+ esac
+ if test -e /var/lib/sync-containers3/${ctr.name}/incomplete; then
+ echo 'data is inconistent, start aborted'
+ exit 1
+ fi
+ consul kv put containers/${ctr.name} "$(jq -cn '{host: "${config.networking.hostName}", time: now}')" >/dev/null
+ consul lock -verbose -monitor-retry=100 -timeout 30s -name container_${ctr.name} container_${ctr.name} ${pkgs.writers.writeBash "${ctr.name}-start" ''
+ set -efu
+ cryptsetup luksOpen --key-file ${ctr.luksKey} /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name} || :
+ mkdir -p /var/lib/sync-containers3/${ctr.name}/state
+ mountpoint /var/lib/sync-containers3/${ctr.name}/state || mount /dev/mapper/${ctr.name} /var/lib/sync-containers3/${ctr.name}/state
+ /run/current-system/sw/bin/nixos-container start ${ctr.name}
+ # wait for system to become reachable for the first time
+ retry -t 10 -d 10 -- /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null
+ systemctl start ${ctr.name}_watcher.service
+ while systemctl is-active container@${ctr.name}.service >/devnull && /run/wrappers/bin/ping -q -c 3 ${ctr.name}.r >/dev/null; do
+ consul kv put containers/${ctr.name} "$(jq -cn '{host: "${config.networking.hostName}", time: now}')" >/dev/null
+ sleep 10
+ done
+ ''}
+ '';
+ };
+ }; }
+ ]) (lib.attrValues cfg.containers)));
+
+ systemd.timers = lib.mapAttrs' (n: ctr: lib.nameValuePair "${ctr.name}_syncer" {
+ timerConfig = {
+ RandomizedDelaySec = 100;
+ };
+ }) cfg.containers;
+
+ users.groups = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" {
+ }) cfg.containers;
+ users.users = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" ({
+ group = "container_${ctr.name}";
+ isNormalUser = true;
+ uid = slib.genid_uint31 "container_${ctr.name}";
+ home = "/var/lib/sync-containers3/${ctr.name}";
+ createHome = true;
+ homeMode = "705";
+ })) cfg.containers;
+
+ })
+ (lib.mkIf (cfg.containers != {}) {
+ # networking
+ networking.networkmanager.unmanaged = [ "ctr0" ];
+ networking.interfaces.dummy0.virtual = true;
+ networking.bridges.ctr0.interfaces = [ "dummy0" ];
+ networking.interfaces.ctr0.ipv4.addresses = [{
+ address = "10.233.0.1";
+ prefixLength = 24;
+ }];
+ systemd.services."dhcpd-ctr0" = {
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ serviceConfig = {
+ Type = "forking";
+ Restart = "always";
+ DynamicUser = true;
+ StateDirectory = "dhcpd-ctr0";
+ User = "dhcpd-ctr0";
+ Group = "dhcpd-ctr0";
+ AmbientCapabilities = [
+ "CAP_NET_RAW" # to send ICMP messages
+ "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67)
+ ];
+ ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases";
+ ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" ''
+ default-lease-time 600;
+ max-lease-time 7200;
+ authoritative;
+ ddns-update-style interim;
+ log-facility local1; # see dhcpd.nix
+
+ option subnet-mask 255.255.255.0;
+ option routers 10.233.0.1;
+ # option domain-name-servers 8.8.8.8; # TODO configure dns server
+ subnet 10.233.0.0 netmask 255.255.255.0 {
+ range 10.233.0.10 10.233.0.250;
+ }
+ ''} ctr0";
+ };
+ };
+ })
+ (lib.mkIf cfg.inContainer.enable {
+ users.groups.container_sync = {};
+ users.users.container_sync = {
+ group = "container_sync";
+ uid = slib.genid_uint31 "container_sync";
+ isNormalUser = true;
+ home = "/var/lib/self";
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ cfg.inContainer.pubkey
+ ];
+ };
+ })
+ ];
+}
diff --git a/lass/5pkgs/drbd9/default.nix b/lass/5pkgs/drbd9/default.nix
new file mode 100644
index 000000000..34ef0f564
--- /dev/null
+++ b/lass/5pkgs/drbd9/default.nix
@@ -0,0 +1,35 @@
+{ lib, stdenv, git, fetchzip, fetchFromGitHub, kernel }: let
+
+ version = "9.1.7";
+
+in stdenv.mkDerivation {
+ pname = "drbd";
+ version = "${kernel.version}-${version}";
+
+ src = fetchzip {
+ url = "https://pkg.linbit.com//downloads/drbd/9/drbd-9.1.7.tar.gz";
+ sha256 = "sha256-JsbtOrqhZkG7tFEc6tDmj3RlxZggl0HOKfCI8lYtQok=";
+ };
+ # src = fetchFromGitHub {
+ # owner = "LINBIT";
+ # repo = "drbd";
+ # rev = "drbd-${version}";
+ # sha256 = "sha256-8HAt+k0yi6XsZZ9mkVCQkv2pn65o3Zsa0KwTSBJh0yY=";
+ # leaveDotGit = true;
+ # };
+
+ nativeBuildInputs = [ git ] ++ kernel.moduleBuildDependencies;
+
+ # hardeningDisable = [ "pic" ];
+
+ makeFlags = kernel.makeFlags ++ [
+ "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
+ ];
+
+ installPhase = ''
+ install -D drbd/drbd.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/"
+ install -D drbd/drbd_transport_tcp.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/"
+ '';
+
+ enableParallelBuilding = true;
+}
diff --git a/lass/5pkgs/sxiv/default.nix b/lass/5pkgs/sxiv/default.nix
new file mode 100644
index 000000000..04fc1c3f6
--- /dev/null
+++ b/lass/5pkgs/sxiv/default.nix
@@ -0,0 +1,27 @@
+{ nsxiv, writers }:
+
+writers.writeDashBin "sxiv" ''
+ set -efu
+ tmpfile="''${TMPDIR:-/tmp}/nsxiv_pipe_$$"
+ trap 'rm -f -- $tmpfile' EXIT
+
+ if [ "$#" -eq 0 ]; then
+ if [ -t 0 ]; then
+ echo "sxiv: No arguments provided" >&2; exit 1
+ else
+ # Consume stdin and put it in the temporal file
+ cat > "$tmpfile"
+ fi
+ fi
+
+ for arg in "$@"; do
+ # if it's a pipe then drain it to $tmpfile
+ [ -p "$arg" ] && cat "$arg" > "$tmpfile"
+ done
+
+ if [ -s "$tmpfile" ]; then
+ ${nsxiv}/bin/nsxiv -q "$@" "$tmpfile" # -q to silence warnings
+ else
+ ${nsxiv}/bin/nsxiv "$@" # fallback
+ fi
+''
diff --git a/lass/5pkgs/weechat-matrix/default.nix b/lass/5pkgs/weechat-matrix/default.nix
new file mode 100644
index 000000000..40848caaa
--- /dev/null
+++ b/lass/5pkgs/weechat-matrix/default.nix
@@ -0,0 +1,80 @@
+{ python3Packages
+, lib
+, fetchFromGitHub
+}:
+
+with python3Packages;
+
+let
+ scriptPython = python.withPackages (ps: with ps; [
+ aiohttp
+ requests
+ python_magic
+ ]);
+
+ version = "lassulus-fork";
+in python3Packages.buildPythonPackage {
+ pname = "weechat-matrix";
+ inherit version;
+
+ src = fetchFromGitHub {
+ owner = "poljar";
+ repo = "weechat-matrix";
+ rev = version;
+ hash = "sha256-o4kgneszVLENG167nWnk2FxM+PsMzi+PSyMUMIktZcc=";
+ };
+ # src = ./weechat-matrix;
+
+ propagatedBuildInputs = [
+ pyopenssl
+ webcolors
+ future
+ atomicwrites
+ attrs
+ Logbook
+ pygments
+ matrix-nio
+ aiohttp
+ requests
+ ];
+
+ passthru.scripts = [ "matrix.py" ];
+
+ dontBuild = true;
+ doCheck = false;
+
+ format = "other";
+
+ installPhase = ''
+ mkdir -p $out/share $out/bin
+ cp main.py $out/share/matrix.py
+
+ cp contrib/matrix_upload.py $out/bin/matrix_upload
+ cp contrib/matrix_decrypt.py $out/bin/matrix_decrypt
+ cp contrib/matrix_sso_helper.py $out/bin/matrix_sso_helper
+ substituteInPlace $out/bin/matrix_upload \
+ --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python'
+ substituteInPlace $out/bin/matrix_sso_helper \
+ --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python'
+ substituteInPlace $out/bin/matrix_decrypt \
+ --replace '/usr/bin/env python3' '${scriptPython}/bin/python'
+
+ mkdir -p $out/${python.sitePackages}
+ cp -r matrix $out/${python.sitePackages}/matrix
+ '';
+
+ dontPatchShebangs = true;
+ postFixup = ''
+ addToSearchPath program_PYTHONPATH $out/${python.sitePackages}
+ patchPythonScript $out/share/matrix.py
+ substituteInPlace $out/${python.sitePackages}/matrix/server.py --replace \"matrix_sso_helper\" \"$out/bin/matrix_sso_helper\"
+ '';
+
+ meta = with lib; {
+ description = "A Python plugin for Weechat that lets Weechat communicate over the Matrix protocol";
+ homepage = "https://github.com/poljar/weechat-matrix";
+ license = licenses.isc;
+ platforms = platforms.unix;
+ maintainers = with maintainers; [ tilpner emily ];
+ };
+}
diff --git a/lib/default.nix b/lib/default.nix
index 7c3b0370e..149b97a72 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -95,9 +95,12 @@ let
path = dirPath + "/${relPath}";
in
nameValuePair (toPackageName name) (f path))
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (attrNames (readDir dirPath))));
+ (attrNames
+ (filterAttrs isNixDirEntry (readDir dirPath))));
+
+ isNixDirEntry = name: type:
+ (type == "regular" && hasSuffix ".nix" name && name != "default.nix") ||
+ (type == "directory" && !hasPrefix "." name);
# https://tools.ietf.org/html/rfc5952
normalize-ip6-addr =
@@ -191,3 +194,4 @@ let
in
lib
+// { inherit lib; }
diff --git a/lib/types.nix b/lib/types.nix
index f312b734b..67a0c6f1b 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -58,6 +58,14 @@ rec {
default = false;
};
+ consul = mkOption {
+ description = ''
+ Whether the host is a member of the global consul network
+ '';
+ type = bool;
+ default = false;
+ };
+
owner = mkOption {
type = user;
};
@@ -128,7 +136,7 @@ rec {
default = null;
};
ip4 = mkOption {
- type = nullOr (submodule {
+ type = nullOr (submodule (ip4: {
options = {
addr = mkOption {
type = addr4;
@@ -138,13 +146,15 @@ rec {
} // {
retiolum.default = "10.243.0.0/16";
wiregrill.default = "10.244.0.0/16";
- }.${config._module.args.name} or {});
+ }.${config._module.args.name} or {
+ default = "${ip4.config.addr}/32";
+ });
};
- });
+ }));
default = null;
};
ip6 = mkOption {
- type = nullOr (submodule {
+ type = nullOr (submodule (ip6: {
options = {
addr = mkOption {
type = addr6;
@@ -155,9 +165,11 @@ rec {
} // {
retiolum.default = "42:0::/32";
wiregrill.default = "42:1::/32";
- }.${config._module.args.name} or {});
+ }.${config._module.args.name} or {
+ default = "${ip6.config.addr}/128";
+ });
};
- });
+ }));
default = null;
};
ssh = mkOption {
diff --git a/submodules/nix-writers b/submodules/nix-writers
-Subproject c528cf970e292790b414b4c1c8c8e9d7e73b2a7
+Subproject 0c8de150426476b5287cf2787bbd85263691a80
diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix
index c36fbc4bf..90501d56d 100644
--- a/tv/1systems/alnus/config.nix
+++ b/tv/1systems/alnus/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
imports = [
<stockholm/tv>
<stockholm/tv/2configs/hw/x220.nix>
diff --git a/tv/1systems/alnus/lib b/tv/1systems/alnus/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/alnus/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/au/lib b/tv/1systems/au/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/au/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/bu/config.nix b/tv/1systems/bu/config.nix
index 11cdac398..22e5f1484 100644
--- a/tv/1systems/bu/config.nix
+++ b/tv/1systems/bu/config.nix
@@ -1,7 +1,5 @@
-{ config, pkgs, ... }: let
- lib = import ../../../lib;
-in {
-
+with import ./lib;
+{ config, pkgs, ... }: {
imports = [
./disks.nix
<stockholm/tv>
diff --git a/tv/1systems/bu/lib b/tv/1systems/bu/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/bu/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/lib b/tv/1systems/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index 00bd5da15..00cdf84c1 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
imports = [
<stockholm/tv>
<stockholm/tv/2configs/br.nix>
diff --git a/tv/1systems/mu/lib b/tv/1systems/mu/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/mu/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix
index 4dc0b4e82..fb67814db 100644
--- a/tv/1systems/nomic/config.nix
+++ b/tv/1systems/nomic/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
krebs.build.host = config.krebs.hosts.nomic;
imports = [
diff --git a/tv/1systems/nomic/lib b/tv/1systems/nomic/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/nomic/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix
index 44c7685e8..8df29f75e 100644
--- a/tv/1systems/querel/config.nix
+++ b/tv/1systems/querel/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
imports = [
<stockholm/tv>
<stockholm/tv/2configs/retiolum.nix>
diff --git a/tv/1systems/querel/lib b/tv/1systems/querel/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/querel/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix
index bf250cefa..4d45f6d40 100644
--- a/tv/1systems/wu/config.nix
+++ b/tv/1systems/wu/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ../lib;
{ config, pkgs, ... }: {
-
krebs.build.host = config.krebs.hosts.wu;
imports = [
diff --git a/tv/1systems/wu/lib b/tv/1systems/wu/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/wu/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix
index 8a86e209b..6ca62ac0d 100644
--- a/tv/1systems/xu/config.nix
+++ b/tv/1systems/xu/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
krebs.build.host = config.krebs.hosts.xu;
imports = [
@@ -11,7 +10,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/gitrepos.nix>
<stockholm/tv/2configs/mail-client.nix>
<stockholm/tv/2configs/man.nix>
- <stockholm/tv/2configs/nginx/krebs-pages.nix>
<stockholm/tv/2configs/nginx/public_html.nix>
<stockholm/tv/2configs/ppp.nix>
<stockholm/tv/2configs/pulse.nix>
diff --git a/tv/1systems/xu/lib b/tv/1systems/xu/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/1systems/xu/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix
index 8a3040a36..169fa6bd6 100644
--- a/tv/1systems/zu/config.nix
+++ b/tv/1systems/zu/config.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
krebs.build.host = config.krebs.hosts.zu;
imports = [
diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix
index a5e0cf4c7..c8ab73b50 100644
--- a/tv/2configs/backup.nix
+++ b/tv/2configs/backup.nix
@@ -1,6 +1,5 @@
-{ config, lib, ... }:
-with import <stockholm/lib>;
-{
+with import ./lib;
+{ config, pkgs, ... }: {
krebs.backup.plans = {
} // mapAttrs (_: recursiveUpdate {
snapshots = {
diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix
index 92e2499a9..e38566b78 100644
--- a/tv/2configs/bash/default.nix
+++ b/tv/2configs/bash/default.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
programs.bash = {
interactiveShellInit = /* sh */ ''
HISTCONTROL='erasedups:ignorespace'
@@ -17,8 +14,20 @@ with import <stockholm/lib>;
case $UID in
${shell.escape (toString config.krebs.users.tv.uid)})
- if test ''${SHLVL-1} = 1; then
- case ''${XMONAD_SPAWN_WORKSPACE-} in
+ if test ''${SHLVL-1} = 1 && test -n "''${DISPLAY-}"; then
+ _CURRENT_DESKTOP_NAME=''${_CURRENT_DESKTOP_NAME-$(
+ ${pkgs.xorg.xprop}/bin/xprop -notype -root \
+ 32i _NET_CURRENT_DESKTOP \
+ 8s _NET_DESKTOP_NAMES \
+ |
+ ${pkgs.gnused}/bin/sed -r 's/.* = //;s/"//g;s/, /\a/g' |
+ {
+ read -r _NET_CURRENT_DESKTOP
+ IFS=$'\a' read -ra _NET_DESKTOP_NAMES
+ echo "''${_NET_DESKTOP_NAMES[$_NET_CURRENT_DESKTOP]}"
+ }
+ )}
+ case $_CURRENT_DESKTOP_NAME in
stockholm)
cd ~/stockholm
;;
diff --git a/tv/2configs/bash/lib b/tv/2configs/bash/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/bash/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix
index 58791f4f6..66d740715 100644
--- a/tv/2configs/binary-cache/default.nix
+++ b/tv/2configs/binary-cache/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }: with import <stockholm/lib>;
+{ config, lib, pkgs, ... }: with import ./lib;
{
environment.etc."binary-cache.pubkey".text =
config.krebs.build.host.binary-cache.pubkey;
diff --git a/tv/2configs/binary-cache/lib b/tv/2configs/binary-cache/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/binary-cache/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/br.nix b/tv/2configs/br.nix
index e6a46e903..4a8db2e38 100644
--- a/tv/2configs/br.nix
+++ b/tv/2configs/br.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
imports = [
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index f3ce2da40..9babb92c2 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
boot.tmpOnTmpfs = true;
krebs.enable = true;
@@ -38,7 +37,7 @@ with import <stockholm/lib>;
{
i18n.defaultLocale = mkDefault "C.UTF-8";
security.sudo.extraConfig = ''
- Defaults env_keep+="SSH_CLIENT XMONAD_SPAWN_WORKSPACE"
+ Defaults env_keep+="SSH_CLIENT _CURRENT_DESKTOP_NAME"
Defaults mailto="${config.krebs.users.tv.mail}"
Defaults !lecture
'';
@@ -46,14 +45,15 @@ with import <stockholm/lib>;
}
{
- # TODO check if both are required:
- nix.sandboxPaths = [ "/etc/protocols" pkgs.iana-etc.outPath ];
-
- nix.requireSignedBinaryCaches = true;
-
- nix.binaryCaches = ["https://cache.nixos.org"];
+ nix.extraOptions = ''
+ auto-optimise-store = true
+ '';
- nix.useSandbox = true;
+ # TODO check if both are required:
+ nix.settings.extra-sandbox-paths = [
+ "/etc/protocols"
+ pkgs.iana-etc.outPath
+ ];
}
{
nixpkgs.config.allowUnfree = false;
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index 3d4ada46b..fefc6dd24 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
environment.systemPackages = [
pkgs.eximlog
];
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 4a0dcf616..e905536df 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
environment.systemPackages = [
pkgs.eximlog
];
diff --git a/tv/2configs/gitconfig.nix b/tv/2configs/gitconfig.nix
index 771a4b2a4..fb9b78e6a 100644
--- a/tv/2configs/gitconfig.nix
+++ b/tv/2configs/gitconfig.nix
@@ -1,8 +1,5 @@
-{ config, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
environment.etc.gitconfig.text = ''
[alias]
patch = !${pkgs.git}/bin/git --no-pager diff --no-color
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 50444c1ee..d8e7755fe 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let {
+with import ./lib;
+{ config, pkgs, ... }: let {
body = {
@@ -134,7 +131,6 @@ let {
web-routes-wai-custom = {};
xintmap = {};
xmonad-aeson = {};
- xmonad-stockholm = {};
xmonad-web = {};
} // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) {
cac-api = {
@@ -165,6 +161,7 @@ let {
soundcloud = {
cgit.desc = "SoundCloud command line interface";
};
+ xmonad-stockholm = {};
});
restricted-repos = mapAttrs make-restricted-repo (
diff --git a/tv/2configs/htop.nix b/tv/2configs/htop.nix
index e78caeb5f..09372980f 100644
--- a/tv/2configs/htop.nix
+++ b/tv/2configs/htop.nix
@@ -1,8 +1,5 @@
-{ pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ pkgs, ... }: {
nixpkgs.config.packageOverrides = super: {
htop = pkgs.symlinkJoin {
name = "htop";
diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix
index dd6fcfe67..b998fcf7c 100644
--- a/tv/2configs/hw/AO753.nix
+++ b/tv/2configs/hw/AO753.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
imports = [
../smartd.nix
diff --git a/tv/2configs/hw/lib b/tv/2configs/hw/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/hw/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix
index 09dd9a49d..bf749a98a 100644
--- a/tv/2configs/hw/w110er.nix
+++ b/tv/2configs/hw/w110er.nix
@@ -1,6 +1,5 @@
-{ pkgs, ... }: let
- lib = import <stockholm/lib>;
-in {
+with import ./lib;
+{ pkgs, ... }: {
imports = [
../smartd.nix
{
diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix
index 8c68cdef0..ee3c7dc04 100644
--- a/tv/2configs/hw/x220.nix
+++ b/tv/2configs/hw/x220.nix
@@ -1,7 +1,5 @@
-{ config, pkgs, ... }: let
- lib = import <stockholm/lib>;
-in
-{
+with import ./lib;
+{ config, pkgs, ... }: {
imports = [
../smartd.nix
{
@@ -28,8 +26,8 @@ in
}
{
- nix.buildCores = 2;
- nix.maxJobs = 2;
+ nix.settings.cores = 2;
+ nix.settings.max-jobs = 2;
}
(if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then {
nix.daemonCPUSchedPolicy = "batch";
@@ -61,6 +59,9 @@ in
emulateWheel = true;
};
+ # Conflicts with TLP, but gets enabled by DEs.
+ services.power-profiles-daemon.enable = false;
+
services.tlp.enable = true;
services.tlp.settings = {
START_CHARGE_THRESH_BAT0 = 80;
diff --git a/tv/2configs/imgur.nix b/tv/2configs/imgur.nix
index ba84fd2df..e22122761 100644
--- a/tv/2configs/imgur.nix
+++ b/tv/2configs/imgur.nix
@@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
-
services.nginx.virtualHosts."ni.r" = {
locations."/image" = {
extraConfig = /* nginx */ ''
@@ -18,8 +17,6 @@ with import <stockholm/lib>;
krebs.htgen.imgur = {
port = 7771;
- script = /* sh */ ''
- (. ${pkgs.htgen-imgur}/bin/htgen-imgur)
- '';
+ scriptFile = "${pkgs.htgen-imgur}/bin/htgen-imgur";
};
}
diff --git a/tv/2configs/lib b/tv/2configs/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix
index efea3a844..6844df99b 100644
--- a/tv/2configs/nginx/default.nix
+++ b/tv/2configs/nginx/default.nix
@@ -1,8 +1,5 @@
-{ config, lib, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, ... }: {
services.nginx = {
enableReload = true;
diff --git a/tv/2configs/nginx/krebs-pages.nix b/tv/2configs/nginx/krebs-pages.nix
deleted file mode 100644
index 4dd643db7..000000000
--- a/tv/2configs/nginx/krebs-pages.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, pkgs, ... }:
-{
- services.nginx = {
- virtualHosts.krebs-pages = {
- serverAliases = [
- "krebs.${config.krebs.build.host.name}.r"
- ];
- extraConfig = ''
- root ${pkgs.krebs-pages};
- '';
- };
- };
-}
diff --git a/tv/2configs/nginx/lib b/tv/2configs/nginx/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/nginx/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix
index 43d7189ef..c2403cd8d 100644
--- a/tv/2configs/nginx/public_html.nix
+++ b/tv/2configs/nginx/public_html.nix
@@ -1,8 +1,5 @@
-{ config, lib, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, ... }: {
services.nginx = {
enable = true;
virtualHosts.default = {
diff --git a/tv/2configs/pki/default.nix b/tv/2configs/pki/default.nix
index 51a5c716f..415755b16 100644
--- a/tv/2configs/pki/default.nix
+++ b/tv/2configs/pki/default.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
certFile = config.environment.etc."ssl/certs/ca-certificates.crt".source;
diff --git a/tv/2configs/pki/lib b/tv/2configs/pki/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/pki/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix
index c801401b2..24d2831c4 100644
--- a/tv/2configs/ppp.nix
+++ b/tv/2configs/ppp.nix
@@ -1,5 +1,5 @@
+with import ./lib;
{ config, pkgs, ... }: let
- lib = import <stockholm/lib>;
cfg = {
pin = "@${toString <secrets/o2.pin>}";
ttys.ppp = "/dev/ttyACM0";
diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix
index 513a0eb17..7a07e8154 100644
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@@ -1,7 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
+with import ./lib;
+{ config, pkgs, ... }: let
pkg = pkgs.pulseaudio;
runDir = "/run/pulse";
diff --git a/tv/2configs/repo-sync/lib b/tv/2configs/repo-sync/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/repo-sync/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/repo-sync/wiki.nix b/tv/2configs/repo-sync/wiki.nix
index 913439906..515e731c4 100644
--- a/tv/2configs/repo-sync/wiki.nix
+++ b/tv/2configs/repo-sync/wiki.nix
@@ -1,6 +1,5 @@
-{ config, pkgs, ... }: let
- lib = import <stockholm/lib>;
-in {
+with import ./lib;
+{ config, pkgs, ... }: {
krebs.repo-sync.enable = true;
krebs.repo-sync.repos.wiki.branches.hotdog = {
origin.url = "http://cgit.hotdog.r/wiki";
diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix
index 3c3b2adf0..de77de381 100644
--- a/tv/2configs/retiolum.nix
+++ b/tv/2configs/retiolum.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
krebs.tinc.retiolum = {
enable = true;
connectTo = filter (ne config.krebs.build.host.name) [
diff --git a/tv/2configs/ssh.nix b/tv/2configs/ssh.nix
index 84d247362..ad828813d 100644
--- a/tv/2configs/ssh.nix
+++ b/tv/2configs/ssh.nix
@@ -1,8 +1,5 @@
-{ config, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
# Override NixOS's "Allow DSA keys for now."
environment.etc."ssh/ssh_config".text = mkForce ''
AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
diff --git a/tv/2configs/sshd.nix b/tv/2configs/sshd.nix
index 79af5b01f..4da8c8216 100644
--- a/tv/2configs/sshd.nix
+++ b/tv/2configs/sshd.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, ... }: let
cfg.host = config.krebs.build.host;
in {
diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index 619b04459..7ba364ff3 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
exec = filename: args: url: {
inherit url;
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index fed74c921..b8819ee36 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -1,7 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let {
+with import ./lib;
+{ config, pkgs, ... }: let {
body = {
environment.systemPackages = [
vim-wrapper
@@ -13,7 +11,7 @@ let {
environment.variables.VIMINIT = ":so /etc/vimrc";
};
- extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
+ extra-runtimepath = pkgs.tv.vim.makeRuntimePath [
pkgs.tv.vimPlugins.elixir
pkgs.tv.vimPlugins.file-line
pkgs.tv.vimPlugins.fzf
@@ -79,6 +77,7 @@ let {
set showmatch
set timeoutlen=0
set ttimeoutlen=0
+ set ttymouse=sgr
set undodir=${dirs.undodir}
set undofile
set undolevels=1000000
diff --git a/tv/2configs/xdg.nix b/tv/2configs/xdg.nix
index 18bac9b38..b7c14af5a 100644
--- a/tv/2configs/xdg.nix
+++ b/tv/2configs/xdg.nix
@@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, pkgs, ... }: {
environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
systemd.tmpfiles.rules = let
diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix
index a97fb3679..51fd1ae8c 100644
--- a/tv/2configs/xp-332.nix
+++ b/tv/2configs/xp-332.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: {
environment.etc."utsushi.conf".text = ''
diff --git a/tv/2configs/xserver/Xmodmap.nix b/tv/2configs/xserver/Xmodmap.nix
index 8e8e3dfdd..8e555e927 100644
--- a/tv/2configs/xserver/Xmodmap.nix
+++ b/tv/2configs/xserver/Xmodmap.nix
@@ -1,6 +1,6 @@
{ config, pkgs, ... }:
-with import <stockholm/lib>;
+with import ./lib;
pkgs.writeText "Xmodmap" ''
!keycode 66 = Caps_Lock
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 8bedb0e81..f534b557e 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -1,6 +1,5 @@
-{ config, pkgs, ... }@args:
-with import <stockholm/lib>;
-let
+with import ./lib;
+{ config, pkgs, ... }@args: let
cfg = {
cacheDir = cfg.dataDir;
configDir = "/var/empty";
diff --git a/tv/2configs/xserver/lib b/tv/2configs/xserver/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/2configs/xserver/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/2configs/xserver/sxiv.nix b/tv/2configs/xserver/sxiv.nix
index 10e450da4..eb862f887 100644
--- a/tv/2configs/xserver/sxiv.nix
+++ b/tv/2configs/xserver/sxiv.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
cfg.user = config.krebs.build.user;
in {
diff --git a/tv/2configs/xserver/urxvt.nix b/tv/2configs/xserver/urxvt.nix
index 2d504e165..3502c6356 100644
--- a/tv/2configs/xserver/urxvt.nix
+++ b/tv/2configs/xserver/urxvt.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
cfg.user = config.krebs.build.user;
in {
diff --git a/tv/2configs/xserver/xserver.conf.nix b/tv/2configs/xserver/xserver.conf.nix
index 99038e5fc..3fdfebf1b 100644
--- a/tv/2configs/xserver/xserver.conf.nix
+++ b/tv/2configs/xserver/xserver.conf.nix
@@ -1,6 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
+with import ./lib;
+{ config, pkgs, ... }:
let
cfg = config.services.xserver;
diff --git a/tv/3modules/Xresources.nix b/tv/3modules/Xresources.nix
index ab233dd65..266531de9 100644
--- a/tv/3modules/Xresources.nix
+++ b/tv/3modules/Xresources.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
cfg = {
enable = config.services.xserver.enable && config.tv.Xresources != {};
diff --git a/tv/3modules/charybdis/config.nix b/tv/3modules/charybdis/config.nix
index dccbfde67..4669345eb 100644
--- a/tv/3modules/charybdis/config.nix
+++ b/tv/3modules/charybdis/config.nix
@@ -1,4 +1,4 @@
-{ config, ... }: with import <stockholm/lib>; let
+{ config, ... }: with import ./lib; let
cfg = config.tv.charybdis;
in toFile "charybdis.conf" ''
/* doc/example.conf - brief example configuration file
diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix
index 96aae702a..4a0f99503 100644
--- a/tv/3modules/charybdis/default.nix
+++ b/tv/3modules/charybdis/default.nix
@@ -1,4 +1,5 @@
-{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
+with import ./lib;
+{ config, pkgs, ... }@args: let
cfg = config.tv.charybdis;
in {
options.tv.charybdis = {
diff --git a/tv/3modules/charybdis/lib b/tv/3modules/charybdis/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/3modules/charybdis/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/3modules/dnsmasq.nix b/tv/3modules/dnsmasq.nix
index ab24ac089..e1dfdea34 100644
--- a/tv/3modules/dnsmasq.nix
+++ b/tv/3modules/dnsmasq.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, ... }: let
cfg = config.tv.dnsmasq;
in {
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index edc5296b0..e3a41a57b 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -1,5 +1,5 @@
-{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
-
+with import ./lib;
+{ config, pkgs, ... }: let
cfg = config.tv.ejabberd;
gen-dhparam = pkgs.writeDash "gen-dhparam" ''
diff --git a/tv/3modules/ejabberd/lib b/tv/3modules/ejabberd/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/3modules/ejabberd/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/3modules/focus.nix b/tv/3modules/focus.nix
index b1a7b2e52..c16d44243 100644
--- a/tv/3modules/focus.nix
+++ b/tv/3modules/focus.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{
options.tv.focus.enable = mkEnableOption "tv.focus";
}
diff --git a/tv/3modules/hosts.nix b/tv/3modules/hosts.nix
index 118740510..2d382e266 100644
--- a/tv/3modules/hosts.nix
+++ b/tv/3modules/hosts.nix
@@ -1,8 +1,5 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
+with import ./lib;
+{ config, ... }: {
options.tv.hosts = mkOption {
type = types.attrsOf types.host;
default =
diff --git a/tv/3modules/hw.nix b/tv/3modules/hw.nix
index 6eb722d2f..db1a77c85 100644
--- a/tv/3modules/hw.nix
+++ b/tv/3modules/hw.nix
@@ -1,5 +1,5 @@
+with import ./lib;
let
- lib = import <stockholm/lib>;
local.types.screen = lib.types.submodule {
options.width = lib.mkOption {
type = lib.types.uint;
diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix
index e98a57327..76a61b191 100644
--- a/tv/3modules/im.nix
+++ b/tv/3modules/im.nix
@@ -1,6 +1,6 @@
+with import ./lib;
{ config, pkgs, ... }: let
im = config.tv.im;
- lib = import <stockholm/lib>;
in {
options = {
tv.im.client.enable = lib.mkEnableOption "tv.im.client" // {
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix
index 9cf0bd5a2..c4bf4644d 100644
--- a/tv/3modules/iptables.nix
+++ b/tv/3modules/iptables.nix
@@ -1,7 +1,5 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let {
+with import ./lib;
+{ config, pkgs, ... }: let {
cfg = config.tv.iptables;
body = {
diff --git a/tv/3modules/lib b/tv/3modules/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/3modules/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/3modules/org.freedesktop.machine1.host-shell.nix b/tv/3modules/org.freedesktop.machine1.host-shell.nix
index e1a5323d6..7d31edf9d 100644
--- a/tv/3modules/org.freedesktop.machine1.host-shell.nix
+++ b/tv/3modules/org.freedesktop.machine1.host-shell.nix
@@ -1,4 +1,5 @@
-{ config, ... }: let lib = import ../../lib; in {
+with import ./lib;
+{ config, ... }: {
options.org.freedesktop.machine1.host-shell.access = lib.mkOption {
default = {};
type =
diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix
index 926adc8e0..a08303215 100644
--- a/tv/3modules/slock.nix
+++ b/tv/3modules/slock.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
cfg = config.tv.slock;
in {
diff --git a/tv/3modules/x0vncserver.nix b/tv/3modules/x0vncserver.nix
index 4dbb34df0..f19bfebcc 100644
--- a/tv/3modules/x0vncserver.nix
+++ b/tv/3modules/x0vncserver.nix
@@ -1,8 +1,6 @@
-with import <stockholm/lib>;
+with import ./lib;
{ config, pkgs, ... }: let
-
cfg = config.tv.x0vncserver;
-
in {
options.tv.x0vncserver = {
display = mkOption {
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index 5a018a166..245d0542b 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -1,4 +1,4 @@
-with import ../../lib;
+with import ./lib;
let
pushBack = x: xs:
if elem x xs then
@@ -14,7 +14,6 @@ fix
(foldl' (flip extends) (_: super)
(map
(name: import (./. + "/${name}"))
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (pushBack "override"
- (attrNames (readDir ./.))))))
+ (pushBack "override"
+ (attrNames
+ (filterAttrs isNixDirEntry (readDir ./.))))))
diff --git a/tv/5pkgs/haskell/default.nix b/tv/5pkgs/haskell/default.nix
index 33fd2506a..f05223d72 100644
--- a/tv/5pkgs/haskell/default.nix
+++ b/tv/5pkgs/haskell/default.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
let
overrides = self: super:
mapNixDir (path: self.callPackage path {}) [
diff --git a/tv/5pkgs/haskell/lib b/tv/5pkgs/haskell/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/haskell/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/haskell/xmonad-tv/default.nix b/tv/5pkgs/haskell/xmonad-tv/default.nix
index edb5f258e..be3eca982 100644
--- a/tv/5pkgs/haskell/xmonad-tv/default.nix
+++ b/tv/5pkgs/haskell/xmonad-tv/default.nix
@@ -1,6 +1,6 @@
{ mkDerivation, aeson, base, bytestring, containers, directory
-, extra, lib, template-haskell, th-env, unix, X11, xmonad
-, xmonad-contrib, xmonad-stockholm
+, extra, filepath, lib, systemd, template-haskell, th-env
+, transformers, unix, X11, xmonad, xmonad-contrib
}:
mkDerivation {
pname = "xmonad-tv";
@@ -9,8 +9,8 @@ mkDerivation {
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
- aeson base bytestring containers directory extra template-haskell
- th-env unix X11 xmonad xmonad-contrib xmonad-stockholm
+ aeson base bytestring containers directory extra filepath systemd
+ template-haskell th-env transformers unix X11 xmonad xmonad-contrib
];
license = lib.licenses.mit;
}
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Build.hs b/tv/5pkgs/haskell/xmonad-tv/src/Build.hs
new file mode 100644
index 000000000..553a129b1
--- /dev/null
+++ b/tv/5pkgs/haskell/xmonad-tv/src/Build.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE TemplateHaskell #-}
+{-# LANGUAGE TypeApplications #-}
+
+module Build where
+
+import XMonad (Dimension)
+import THEnv.JSON (getCompileEnvJSONExp)
+
+
+myFont :: String
+myFont =
+ "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
+
+myScreenWidth :: Dimension
+myScreenWidth =
+ $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_SCREEN_WIDTH")
+
+myTermFontWidth :: Dimension
+myTermFontWidth =
+ $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_TERM_FONT_WIDTH")
+
+myTermPadding :: Dimension
+myTermPadding =
+ 2
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs b/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs
new file mode 100644
index 000000000..d4a4d93cf
--- /dev/null
+++ b/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs
@@ -0,0 +1,113 @@
+{-# LANGUAGE LambdaCase #-}
+
+module Shutdown
+ ( newShutdownEventHandler
+ , shutdown
+ )
+ where
+
+import Control.Applicative ((<|>), empty)
+import Control.Concurrent (threadDelay)
+import Control.Monad (forever, guard, when)
+import Data.Monoid (All(All))
+import System.Directory (XdgDirectory(XdgData), createDirectoryIfMissing, doesFileExist, getAppUserDataDirectory, getXdgDirectory)
+import System.Exit (exitSuccess)
+import System.Environment (lookupEnv)
+import System.FilePath ((</>))
+import System.IO.Error (isDoesNotExistError, tryIOError)
+import System.IO (hPutStrLn, stderr)
+import System.Posix.Process (getProcessID)
+import System.Posix.Signals (nullSignal, signalProcess)
+import System.Posix.Types (ProcessID)
+import XMonad hiding (getXMonadDataDir)
+
+
+-- XXX this is for compatibility with both xmonad<0.17 and xmonad>=0.17
+getXMonadDataDir :: IO String
+getXMonadDataDir = xmEnvDir <|> xmDir <|> xdgDir
+ where
+ -- | Check for xmonad's environment variables first
+ xmEnvDir :: IO String
+ xmEnvDir =
+ maybe empty pure =<< lookupEnv "XMONAD_DATA_DIR"
+
+ -- | Check whether the config file or a build script is in the
+ -- @~\/.xmonad@ directory
+ xmDir :: IO String
+ xmDir = do
+ d <- getAppUserDataDirectory "xmonad"
+ conf <- doesFileExist $ d </> "xmonad.hs"
+ build <- doesFileExist $ d </> "build"
+ pid <- doesFileExist $ d </> "xmonad.pid"
+
+ -- Place *everything* in ~/.xmonad if yes
+ guard $ conf || build || pid
+ pure d
+
+ -- | Use XDG directories as a fallback
+ xdgDir :: IO String
+ xdgDir = do
+ d <- getXdgDirectory XdgData "xmonad"
+ d <$ createDirectoryIfMissing True d
+
+
+newShutdownEventHandler :: IO (Event -> X All)
+newShutdownEventHandler = do
+ writeProcessIDToFile
+ return handleShutdownEvent
+
+handleShutdownEvent :: Event -> X All
+handleShutdownEvent = \case
+ ClientMessageEvent { ev_message_type = mt } -> do
+ isShutdownEvent <- (mt ==) <$> getAtom "XMONAD_SHUTDOWN"
+ when isShutdownEvent $ do
+ broadcastMessage ReleaseResources
+ writeStateToFile
+ io exitSuccess >> return ()
+ return (All (not isShutdownEvent))
+ _ ->
+ return (All True)
+
+sendShutdownEvent :: IO ()
+sendShutdownEvent = do
+ dpy <- openDisplay ""
+ rw <- rootWindow dpy $ defaultScreen dpy
+ a <- internAtom dpy "XMONAD_SHUTDOWN" False
+ allocaXEvent $ \e -> do
+ setEventType e clientMessage
+ setClientMessageEvent e rw a 32 0 currentTime
+ sendEvent dpy rw False structureNotifyMask e
+ sync dpy False
+
+shutdown :: IO ()
+shutdown = do
+ pid <- readProcessIDFromFile
+ sendShutdownEvent
+ hPutStrLn stderr ("waiting for: " <> show pid)
+ result <- tryIOError (waitProcess pid)
+ if isSuccess result
+ then hPutStrLn stderr ("result: " <> show result <> " [AKA success^_^]")
+ else hPutStrLn stderr ("result: " <> show result)
+ where
+ isSuccess = either isDoesNotExistError (const False)
+
+waitProcess :: ProcessID -> IO ()
+waitProcess pid = forever (signalProcess nullSignal pid >> threadDelay 10000)
+
+--
+-- PID file stuff
+--
+
+getProcessIDFileName :: IO FilePath
+getProcessIDFileName = (</> "xmonad.pid") <$> getXMonadDataDir
+
+writeProcessIDToFile :: IO ()
+writeProcessIDToFile = do
+ pidFileName <- getProcessIDFileName
+ pid <- getProcessID
+ writeFile pidFileName (show pid)
+
+readProcessIDFromFile :: IO ProcessID
+readProcessIDFromFile = do
+ pidFileName <- getProcessIDFileName
+ read <$> readFile pidFileName
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs
index 81373f410..c921d428b 100644
--- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs
+++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs
@@ -1,6 +1,4 @@
{-# LANGUAGE LambdaCase #-}
-{-# LANGUAGE TemplateHaskell #-}
-{-# LANGUAGE TypeApplications #-}
module Main (main) where
@@ -32,25 +30,9 @@ import Data.Ratio
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
-import XMonad.Stockholm.Pager
-import XMonad.Stockholm.Shutdown
+import Shutdown (shutdown, newShutdownEventHandler)
-import THEnv.JSON (getCompileEnvJSONExp)
-
-
-myFont :: String
-myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
-
-myScreenWidth :: Dimension
-myScreenWidth =
- $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_SCREEN_WIDTH")
-
-myTermFontWidth :: Dimension
-myTermFontWidth =
- $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_TERM_FONT_WIDTH")
-
-myTermPadding :: Dimension
-myTermPadding = 2
+import Build (myFont, myScreenWidth, myTermFontWidth, myTermPadding)
main :: IO ()
@@ -136,13 +118,6 @@ spawnRootTerm =
Nothing
-spawnTermAt :: String -> X ()
-spawnTermAt ws = do
- env <- io getEnvironment
- let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
- forkFile {-pkg:rxvt_unicode-}"urxvtc" [] (Just env')
-
-
myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
myKeys conf = Map.fromList $
[ ((_4 , xK_Escape ), forkFile {-pkg-}"slock" [] Nothing)
@@ -151,11 +126,9 @@ myKeys conf = Map.fromList $
, ((_4 , xK_o ), forkFile {-pkg:fzmenu-}"otpmenu" [] Nothing)
, ((_4 , xK_p ), forkFile {-pkg:fzmenu-}"passmenu" [] Nothing)
- , ((_4 , xK_x ), chooseAction spawnTermAt)
+ , ((_4 , xK_x ), forkFile {-pkg:rxvt_unicode-}"urxvtc" [] Nothing)
, ((_4C , xK_x ), spawnRootTerm)
- , ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
- , ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
, ((_C , xK_Menu ), toggleWS)
, ((_4 , xK_space ), withFocused $ \w -> ifM (isFloatingX w) xdeny $ sendMessage NextLayout)
@@ -233,23 +206,3 @@ xdeny =
, "-e", "sleep", "0.05"
]
Nothing
-
-
-pagerConfig :: PagerConfig
-pagerConfig = def
- { pc_font = myFont
- , pc_cellwidth = 64
- , pc_matchmethod = MatchPrefix
- , pc_windowColors = windowColors
- }
- where
- windowColors _ _ _ True _ = ("#ef4242","#ff2323")
- windowColors wsf m c u wf = do
- let y = defaultWindowColors wsf m c u wf
- if m == False && wf == True
- then ("#402020", snd y)
- else y
-
-
-allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
-allWorkspaceNames = return . map W.tag . W.workspaces
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
index f3bd2e0ab..a3ddcb039 100644
--- a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
+++ b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
@@ -15,14 +15,15 @@ executable xmonad
containers,
directory,
extra,
+ filepath,
template-haskell,
th-env,
unix,
X11,
xmonad,
- xmonad-contrib,
- xmonad-stockholm
+ xmonad-contrib
other-modules:
+ Shutdown,
THEnv.JSON
default-language: Haskell2010
ghc-options: -O2 -Wall -threaded
diff --git a/tv/5pkgs/lib b/tv/5pkgs/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix
index f719a9f69..87b7ce929 100644
--- a/tv/5pkgs/override/default.nix
+++ b/tv/5pkgs/override/default.nix
@@ -1,4 +1,4 @@
-with import ../../../lib;
+with import ./lib;
self: super:
mapNixDir (path: import path self super) ./.
diff --git a/tv/5pkgs/override/fzf/complete1.patch b/tv/5pkgs/override/fzf/complete1.patch
index 4b2126a2c..3e3f2c4d5 100644
--- a/tv/5pkgs/override/fzf/complete1.patch
+++ b/tv/5pkgs/override/fzf/complete1.patch
@@ -1,50 +1,72 @@
+commit 57cbd76c068121b685399fdb4649e7ba537983d6
+Author: tv <tv@krebsco.de>
+Date: Mon Dec 5 15:24:30 2022 +0100
+
+ Add --complete-1 option
+
+diff --git a/man/man1/fzf.1 b/man/man1/fzf.1
+index 79e7291..3b8a753 100644
+--- a/man/man1/fzf.1
++++ b/man/man1/fzf.1
+@@ -685,6 +685,9 @@ interactive finder and automatically select the only match
+ If there is no match for the initial query (\fB--query\fR), do not start
+ interactive finder and exit immediately
+ .TP
++.B "--complete-1"
++Exit interactive finder when there's exactly one match
++.TP
+ .BI "-f, --filter=" "STR"
+ Filter mode. Do not start interactive finder. When used with \fB--no-sort\fR,
+ fzf becomes a fuzzy-version of grep.
diff --git a/src/core.go b/src/core.go
-index a18c3a1..a3d92a4 100644
+index 2ddddc3..09afff2 100644
--- a/src/core.go
+++ b/src/core.go
-@@ -331,6 +331,13 @@ func Run(opts *Options, version string, revision string) {
+@@ -337,8 +337,14 @@ func Run(opts *Options, version string, revision string) {
+ }
+ determine(val.final)
}
- }
- terminal.UpdateList(val, clearSelection())
-+ if (opts.Complete1) {
-+ count := val.Length()
-+ if count == 1 {
++ } else {
++ if opts.Complete1 && val.Length() == 1 {
+ opts.Printer(val.Get(0).item.AsString(opts.Ansi))
+ terminal.reqBox.Set(reqClose, nil)
++ } else {
++ terminal.UpdateList(val, clearSelection())
+ }
-+ }
+ }
+- terminal.UpdateList(val, clearSelection())
}
}
}
diff --git a/src/options.go b/src/options.go
-index a55dc34..7f121cd 100644
+index 5400311..1e38fe4 100644
--- a/src/options.go
+++ b/src/options.go
-@@ -92,6 +92,7 @@ const usage = `usage: fzf [options]
- -1, --select-1 Automatically select the only match
- -0, --exit-0 Exit immediately when there's no match
- -f, --filter=STR Filter mode. Do not start interactive finder.
-+ --complete-1 Exit interactive finder when there's exactly one match
- --print-query Print query as the first line
- --expect=KEYS Comma-separated list of keys to complete fzf
- --read0 Read input delimited by ASCII NUL characters
-@@ -208,6 +209,7 @@ type Options struct {
- Query string
- Select1 bool
- Exit0 bool
-+ Complete1 bool
- Filter *string
- ToggleSort bool
- Expect map[tui.Event]string
-@@ -269,6 +271,7 @@ func defaultOptions() *Options {
- Query: "",
- Select1: false,
- Exit0: false,
-+ Complete1: false,
- Filter: nil,
- ToggleSort: false,
- Expect: make(map[tui.Event]string),
-@@ -1311,6 +1314,8 @@ func parseOptions(opts *Options, allArgs []string) {
+@@ -108,6 +108,7 @@ const usage = `usage: fzf [options]
+ -1, --select-1 Automatically select the only match
+ -0, --exit-0 Exit immediately when there's no match
+ -f, --filter=STR Filter mode. Do not start interactive finder.
++ --complete-1 Exit interactive finder when there's exactly one match
+ --print-query Print query as the first line
+ --expect=KEYS Comma-separated list of keys to complete fzf
+ --read0 Read input delimited by ASCII NUL characters
+@@ -274,6 +275,7 @@ type Options struct {
+ Query string
+ Select1 bool
+ Exit0 bool
++ Complete1 bool
+ Filter *string
+ ToggleSort bool
+ Expect map[tui.Event]string
+@@ -342,6 +344,7 @@ func defaultOptions() *Options {
+ Query: "",
+ Select1: false,
+ Exit0: false,
++ Complete1: false,
+ Filter: nil,
+ ToggleSort: false,
+ Expect: make(map[tui.Event]string),
+@@ -1546,6 +1549,8 @@ func parseOptions(opts *Options, allArgs []string) {
opts.Exit0 = true
case "+0", "--no-exit-0":
opts.Exit0 = false
diff --git a/tv/5pkgs/override/fzf/default.nix b/tv/5pkgs/override/fzf/default.nix
index 661db0ed5..2254d455a 100644
--- a/tv/5pkgs/override/fzf/default.nix
+++ b/tv/5pkgs/override/fzf/default.nix
@@ -1,9 +1,7 @@
self: super:
super.fzf.overrideAttrs (old: {
- # XXX cannot use `patches` because fzf has a custom patchPhase
- patchPhase = ''
- patch -Np1 < ${./complete1.patch}
- ${old.patchPhase or ""}
- '';
+ patches = old.patches or [] ++ [
+ ./complete1.patch
+ ];
})
diff --git a/tv/5pkgs/override/lib b/tv/5pkgs/override/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/override/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/rpi/default.nix b/tv/5pkgs/rpi/default.nix
index f0ac47f6a..e41d6373f 100644
--- a/tv/5pkgs/rpi/default.nix
+++ b/tv/5pkgs/rpi/default.nix
@@ -1,6 +1,4 @@
-let
- lib = import <stockholm/lib>;
-in
+with import ./lib;
self: super:
diff --git a/tv/5pkgs/rpi/lib b/tv/5pkgs/rpi/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/rpi/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/simple/alacritty-font-size.nix b/tv/5pkgs/simple/alacritty-font-size.nix
new file mode 100644
index 000000000..84bc3f616
--- /dev/null
+++ b/tv/5pkgs/simple/alacritty-font-size.nix
@@ -0,0 +1,67 @@
+{ pkgs }:
+
+pkgs.writeDashBin "font-size-alacritty" ''
+ # usage: font-size-alacritty (+N|-N|=N)
+ # Increase by, decrease by, or set font size to the value N.
+
+ set -efu
+
+ min_size=8
+
+ op=''${1%%[0-9]*}
+ op=''${op:-=}
+
+ value=''${1#[=+-]}
+
+ window_id=$(${pkgs.xdotool}/bin/xdotool getactivewindow)
+
+ current_size=$(
+ ${pkgs.xorg.xprop}/bin/xprop -notype -id $window_id FONT_SIZE |
+ ${pkgs.gnused}/bin/sed -rn 's/.* = ([0-9]+)$/\1/p'
+ )
+
+ # usage: set_font_size WINDOW_ID FONT_SIZE
+ set_font_size() {
+ ${pkgs.alacritty}/bin/alacritty msg config -w $1 font.size=$2
+ ${pkgs.xorg.xprop}/bin/xprop -id $1 -f FONT_SIZE 32c -set FONT_SIZE $2
+ }
+
+ # usage: reset_font_size WINDOW_ID
+ reset_font_size() {
+ ${pkgs.alacritty}/bin/alacritty msg config -w $1 font.size=$min_size
+ ${pkgs.xorg.xprop}/bin/xprop -id $1 -remove FONT_SIZE
+ }
+
+ # usage: make_next_size
+ make_next_size() {
+ case $op in
+ -) next_size=$(expr $current_size - $value) ;;
+ =) next_size=$value ;;
+ +)
+ next_size=$(expr $current_size + $value)
+ test $next_size -ge $min_size || next_size=$min_size
+ ;;
+ esac
+ }
+
+ if test -z "$current_size"; then
+ current_size=0
+ make_next_size
+ if test $next_size -ge $min_size; then
+ ${pkgs.alacritty}/bin/alacritty msg config -w $window_id \
+ font.normal.family='Input Mono' \
+ font.normal.style=Condensed \
+ font.bold.family='Input Mono' \
+ font.bold.style=Bold
+ set_font_size $window_id $next_size
+ fi
+ else
+ make_next_size
+ if test $next_size -ge $min_size; then
+ set_font_size $window_id $next_size
+ else
+ ${pkgs.alacritty}/bin/alacritty msg config -w $window_id -r
+ reset_font_size $window_id
+ fi
+ fi
+''
diff --git a/tv/5pkgs/simple/alacritty-tv.nix b/tv/5pkgs/simple/alacritty-tv.nix
new file mode 100644
index 000000000..466ff27c5
--- /dev/null
+++ b/tv/5pkgs/simple/alacritty-tv.nix
@@ -0,0 +1,93 @@
+{ pkgs }:
+
+let
+ lib = import ./lib;
+ font-size = arg: {
+ program = "${pkgs.font-size-alacritty}/bin/font-size-alacritty";
+ args = [arg];
+ };
+ config = {
+ bell.animation = "EaseOut";
+ bell.duration = 50;
+ bell.color = "#ff00ff";
+ colors.cursor.cursor = "#f042b0";
+ colors.primary.background = "#202020";
+ colors.primary.foreground = "#d0d7d0";
+ colors.normal.black = "#000000";
+ colors.normal.red = "#cd0000";
+ colors.normal.green = "#00cd00";
+ colors.normal.yellow = "#bc7004";
+ colors.normal.blue = "#4343be";
+ colors.normal.magenta = "#cb06cb";
+ colors.normal.cyan = "#04c9c9";
+ colors.normal.white = "#bebebe";
+ colors.bright.black = "#727272";
+ colors.bright.red = "#fb6262";
+ colors.bright.green = "#72fb72";
+ colors.bright.yellow = "#fbfb72";
+ colors.bright.blue = "#7272fb";
+ colors.bright.magenta = "#fb53fb";
+ colors.bright.cyan = "#72fbfb";
+ colors.bright.white = "#fbfbfb";
+ draw_bold_text_with_bright_colors = true;
+ font.normal.family = "Clean";
+ font.bold.family = "Clean";
+ font.bold.style = "Regular";
+ font.size = 10;
+ hints.enabled = [
+ {
+ regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\\u0000-\\u001F\\u007F-\\u009F<>\"\\s{-}\\^⟨⟩`]+";
+ mouse.enabled = true;
+ post_processing = true;
+ action = "Select";
+ }
+ ];
+ key_bindings = [
+ { key = "Up"; mods = "Shift|Control"; command = font-size "=14"; }
+ { key = "Up"; mods = "Control"; command = font-size "+1"; }
+ { key = "Down"; mods = "Control"; command = font-size "-1"; }
+ { key = "Down"; mods = "Shift|Control"; command = font-size "=0"; }
+ ];
+ scrolling.multiplier = 8;
+ };
+ config-file = pkgs.writeJSON "alacritty-tv.json" config;
+in
+
+pkgs.symlinkJoin {
+ name = "alacritty-tv";
+ paths = [
+ (pkgs.writeDashBin "alacritty" ''
+ # usage:
+ # alacritty [--singleton] [ARGS...]
+
+ set -efu
+
+ # Use home so Alacritty can find the configuration without arguments.
+ # HOME will be reset once in Alacritty.
+ HOME=$TMPDIR/Alacritty
+ export HOME
+
+ # Install stored configuration if it has changed.
+ # This allows for both declarative updates and runtime modifications.
+ ${pkgs.coreutils}/bin/mkdir -p "$HOME"
+ ref=$(${pkgs.coreutils}/bin/cat "$HOME"/ref)
+ if test "$ref" != ${config-file}; then
+ echo ${config-file} > "$HOME"/ref
+ ${pkgs.coreutils}/bin/cp ${config-file} "$HOME"/.alacritty.yml
+ fi
+
+ case ''${1-} in
+ --singleton)
+ shift
+ if ! ${pkgs.alacritty}/bin/alacritty msg create-window "$@"; then
+ ${pkgs.alacritty}/bin/alacritty "$@" &
+ fi
+ ;;
+ *)
+ exec ${pkgs.alacritty}/bin/alacritty "$@"
+ ;;
+ esac
+ '')
+ pkgs.alacritty
+ ];
+}
diff --git a/tv/5pkgs/simple/bash-fzf-history.nix b/tv/5pkgs/simple/bash-fzf-history.nix
index 88a8e9e4a..1166ec7fd 100644
--- a/tv/5pkgs/simple/bash-fzf-history.nix
+++ b/tv/5pkgs/simple/bash-fzf-history.nix
@@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
{ pkgs
, edit-key ? "ctrl-e"
diff --git a/tv/5pkgs/simple/default.nix b/tv/5pkgs/simple/default.nix
index 9fb45dd1a..82a19a9b1 100644
--- a/tv/5pkgs/simple/default.nix
+++ b/tv/5pkgs/simple/default.nix
@@ -1,4 +1,4 @@
-with import ../../../lib;
+with import ./lib;
self: super:
diff --git a/tv/5pkgs/simple/imagescan-plugin-networkscan.nix b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix
index c3f2deaca..4f9b84b22 100644
--- a/tv/5pkgs/simple/imagescan-plugin-networkscan.nix
+++ b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix
@@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
preFixup = ''
patchelf --set-interpreter \
- ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \
+ ${pkgs.pkgsi686Linux.glibc}/lib/ld-linux-x86-64.so.2 \
$out/lib/utsushi/networkscan
# libstdc++.so.6
diff --git a/tv/5pkgs/simple/lib b/tv/5pkgs/simple/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/simple/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/simple/pinentry-urxvt/default.nix b/tv/5pkgs/simple/pinentry-urxvt/default.nix
index 65b76c077..ad8039ff2 100644
--- a/tv/5pkgs/simple/pinentry-urxvt/default.nix
+++ b/tv/5pkgs/simple/pinentry-urxvt/default.nix
@@ -1,8 +1,7 @@
+with import ./lib;
{ pkgs, ... }@args:
let
- lib = import <stockholm/lib>;
-
# config cannot be declared in the input attribute set because that would
# cause callPackage to inject the wrong config. Instead, get it from ...
# via args.
@@ -20,7 +19,11 @@ let
type = lib.types.str;
};
display = lib.mkOption {
- default = ":0";
+ default = null;
+ type = lib.types.nullOr lib.types.str;
+ };
+ xwud.className = lib.mkOption {
+ default = "PinentryUrxvtXwudFloat";
type = lib.types.str;
};
};
@@ -30,12 +33,77 @@ let
in
+ # pinentry-urxvt - A mechanism for PIN entry utilizing rxvt-unicode
+ #
+ # This spawns a PIN entry terminal on top of a tinted screenshot of the
+ # current display's root window. The display for spawning the terminal can
+ # be predefined, in which case both the current and the predefined display
+ # will show the screenshot.
+ #
+ # The purpose of the screenshot, aside from looking nice, is to prevent entry
+ # of the PIN into the wrong window, e.g. by accidentally moving the cursor
+ # while typing. If necessary, the screenshot can be closed by sending 'q',
+ # 'Q', or ctrl-c while its focused.
+ #
pkgs.write "pinentry-urxvt" {
"/bin/pinentry".link = pkgs.writeDash "pinentry-urxvt-wrapper" ''
set -efu
+
+ trap cleanup EXIT
+
+ cleanup() {
+ ${pkgs.utillinux}/bin/kill -- $(${pkgs.coreutils}/bin/cat "$displayers")
+ rm "$displayers"
+ rm "$screenshot"
+ }
+
+ displayers=$(${pkgs.coreutils}/bin/mktemp -t pinentry-urxvt.$$.displayers.XXXXXXXX)
+ screenshot=$(${pkgs.coreutils}/bin/mktemp -t pinentry-urxvt.$$.screenshot.XXXXXXXX)
+
+ ${pkgs.xorg.xwd}/bin/xwd -root |
+ ${pkgs.imagemagick}/bin/convert xwd:- -fill \#424242 -colorize 80% xwd:"$screenshot"
+
+ display_screenshot() {
+ ${pkgs.exec "pinentry-urxvt.display_screenshot" {
+ filename = "${pkgs.xorg.xwud}/bin/xwud";
+ argv = [
+ cfg.xwud.className
+ "-noclick"
+ ];
+ }} < "$screenshot" &
+ wait_for_screenshot $! && echo $! >>"$displayers"
+ }
+
+ # Wait for the xwud window by trying to intercept the call to munmap().
+ # If it cannot be intercepted within 0.1s, assume that attaching strace
+ # wasn't fast enough or xwud doesn't call munmap() anymore. In either
+ # case fall back to search the window by class name, assuming there can
+ # be only one per display.
+ wait_for_screenshot() {
+ if ! \
+ ${pkgs.coreutils}/bin/timeout 0.1 \
+ ${pkgs.strace}/bin/strace -p "$1" -e munmap 2>&1 |
+ read -r _
+ then
+ until ${pkgs.xdotool}/bin/xdotool search \
+ --classname ${lib.shell.escape cfg.xwud.className}
+ do
+ ${pkgs.coreutils}/bin/sleep 0.1
+ done
+ fi
+ }
+
+ display_screenshot
+
+ ${lib.optionalString (cfg.display != null) /* sh */ ''
+ if test "$DISPLAY" != ${lib.shell.escape cfg.display}; then
+ export DISPLAY=${lib.shell.escape cfg.display}
+ display_screenshot
+ fi
+ ''}
+
exec 3<&0 4>&1 5>&2
- export DISPLAY=${lib.shell.escape cfg.display}
- exec ${pkgs.rxvt_unicode}/bin/urxvt \
+ ${pkgs.rxvt_unicode}/bin/urxvt \
-name ${lib.shell.escape cfg.appName} \
-e ${pkgs.writeDash "pinentry-urxvt-tty" ''
set -efu
diff --git a/tv/5pkgs/simple/pinentry-urxvt/lib b/tv/5pkgs/simple/pinentry-urxvt/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/simple/pinentry-urxvt/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix
index e17282e17..2ae71db52 100644
--- a/tv/5pkgs/simple/q/default.nix
+++ b/tv/5pkgs/simple/q/default.nix
@@ -1,5 +1,5 @@
-{ pkgs, ... }:
-with import <stockholm/lib>;
+with import ./lib;
+{ pkgs }:
let
q-cal = let
diff --git a/tv/5pkgs/simple/q/lib b/tv/5pkgs/simple/q/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/simple/q/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/vim/default.nix b/tv/5pkgs/vim/default.nix
index 5582be3fd..c143592ad 100644
--- a/tv/5pkgs/vim/default.nix
+++ b/tv/5pkgs/vim/default.nix
@@ -1,7 +1,11 @@
-with import <stockholm/lib>;
+with import ./lib;
self: super: {
tv = super.tv // {
+ vim = {
+ makePlugin = outPath: outPath // { inherit outPath; };
+ makeRuntimePath = concatMapStringsSep "," (getAttr "outPath");
+ };
vimPlugins = mapNixDir (path: self.callPackage path {}) ./.;
};
}
diff --git a/tv/5pkgs/vim/hack.nix b/tv/5pkgs/vim/hack.nix
index 2145cc166..922d85ba2 100644
--- a/tv/5pkgs/vim/hack.nix
+++ b/tv/5pkgs/vim/hack.nix
@@ -1,7 +1,7 @@
-with import <stockholm/lib>;
+with import ./lib;
{ pkgs }:
-(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let
name = "hack";
in {
name = "vim-color-${name}-1.0.2";
diff --git a/tv/5pkgs/vim/lib b/tv/5pkgs/vim/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/5pkgs/vim/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
diff --git a/tv/5pkgs/vim/nix.nix b/tv/5pkgs/vim/nix.nix
index 6715af737..43caf46c2 100644
--- a/tv/5pkgs/vim/nix.nix
+++ b/tv/5pkgs/vim/nix.nix
@@ -1,7 +1,7 @@
-with import <stockholm/lib>;
+with import ./lib;
{ pkgs }:
-(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" {
+pkgs.tv.vim.makePlugin (pkgs.write "vim-syntax-nix-nested" {
"/syntax/haskell.vim".text = ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
diff --git a/tv/5pkgs/vim/showsyntax.nix b/tv/5pkgs/vim/showsyntax.nix
index a5547e46a..c27dd0447 100644
--- a/tv/5pkgs/vim/showsyntax.nix
+++ b/tv/5pkgs/vim/showsyntax.nix
@@ -1,6 +1,6 @@
{ pkgs }:
-(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let
name = "showsyntax";
in {
name = "vim-plugin-${name}-1.0.0";
diff --git a/tv/5pkgs/vim/tv.nix b/tv/5pkgs/vim/tv.nix
index ae6245b87..dee6b2df8 100644
--- a/tv/5pkgs/vim/tv.nix
+++ b/tv/5pkgs/vim/tv.nix
@@ -1,6 +1,6 @@
{ pkgs }:
-(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" {
+pkgs.tv.vim.makePlugin (pkgs.write "vim-tv" {
#
# Haskell
#
diff --git a/tv/5pkgs/vim/vim.nix b/tv/5pkgs/vim/vim.nix
index 216ab6abb..c5693a243 100644
--- a/tv/5pkgs/vim/vim.nix
+++ b/tv/5pkgs/vim/vim.nix
@@ -1,7 +1,7 @@
-with import <stockholm/lib>;
+with import ./lib;
{ pkgs }:
-(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let
name = "vim";
in {
name = "vim-syntax-${name}-1.0.0";
diff --git a/tv/lib b/tv/lib
new file mode 120000
index 000000000..dc598c56d
--- /dev/null
+++ b/tv/lib
@@ -0,0 +1 @@
+../lib \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 01:02:13 +0000
[cgit] Unable to lock slot /tmp/cgit/ba000000.lock: No such file or directory (2)