diff options
357 files changed, 3334 insertions, 6638 deletions
diff --git a/.gitmodules b/.gitmodules index 7ecb497ea..5825f86da 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,12 +1,9 @@ [submodule "submodules/nix-writers"] path = submodules/nix-writers - url = http://cgit.krebsco.de/nix-writers + url = https://cgit.krebsco.de/nix-writers [submodule "submodules/krops"] path = submodules/krops url = https://cgit.krebsco.de/krops [submodule "lass/5pkgs/autowifi"] path = lass/5pkgs/autowifi url = https://github.com/Lassulus/autowifi -[submodule "jeschli/2configs/elisp"] - path = jeschli/2configs/elisp - url = https://github.com/Jeschli/misc-elisp-scripts.git diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix deleted file mode 100644 index 49b814793..000000000 --- a/jeschli/1systems/bolide/config.nix +++ /dev/null @@ -1,125 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, lib, ... }: -let - unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; -in -{ - imports = - [ - ./hardware-configuration.nix - <stockholm/jeschli> - <stockholm/jeschli/2configs/urxvt.nix> - <stockholm/jeschli/2configs/i3.nix> - <stockholm/jeschli/2configs/emacs.nix> - <stockholm/jeschli/2configs/rust.nix> - ]; - - krebs.build.host = config.krebs.hosts.bolide; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only - boot.initrd.luks.devices = [ { - name = "bla"; - device = "/dev/disk/by-uuid/53f1eeaf-a7ac-456c-a2af-778dd8b8d5b0"; - preLVM = true; - allowDiscards = true; - } ]; -# networking.hostName = "bolide"; # Define your hostname. -# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; - networking.enableB43Firmware = true; #new - - # Select internationalisation properties. - # i18n = { - # consoleFont = "Lat2-Terminus16"; - # consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - # }; - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget - environment.shellAliases = { - n = "nix-shell"; - stocki = pkgs.writeDash "deploy" '' - cd ~/stockholm - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bolide"' - ''; - }; - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - rofi - wget vim - # system helper - ag - curl - copyq - dmenu - git - i3lock - keepass - networkmanagerapplet - rsync - terminator - tmux - wget - # rxvt_unicode - # editors - emacs - # internet - thunderbird - chromium - google-chrome - # programming languages - vscode - go - gcc9 - ccls - unstable.clang_8 - ghc - python37 - python37Packages.pip - # go tools - golint - gotools - # dev tools - elmPackages.elm - gnumake - jetbrains.pycharm-professional - jetbrains.webstorm - jetbrains.goland - # document viewer - zathura - ]; - - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - services.xserver.videoDrivers = [ "nvidia" ]; - -users.extraUsers.jeschli = { - isNormalUser = true; - extraGroups = ["docker" "vboxusers" "audio"]; - uid = 1000; - }; - - hardware.pulseaudio.enable = true; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? - -} - diff --git a/jeschli/1systems/bolide/hardware-configuration.nix b/jeschli/1systems/bolide/hardware-configuration.nix deleted file mode 100644 index 042b746ef..000000000 --- a/jeschli/1systems/bolide/hardware-configuration.nix +++ /dev/null @@ -1,33 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" "wl" ]; - boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; - - fileSystems."/" = - { device = "/dev/bolide-pool/bolide-root"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/bolide-pool/bolide-home"; - fsType = "ext4"; - }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3aeb67c4-5b6e-4df2-8013-607fe0fb8525"; - fsType = "ext4"; - }; - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = "powersave"; - hardware.pulseaudio.enable = true; -} diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix deleted file mode 100644 index 860c5d11c..000000000 --- a/jeschli/1systems/brauerei/config.nix +++ /dev/null @@ -1,200 +0,0 @@ -{ config, pkgs, lib, ... }: -let - mainUser = config.krebs.build.user.name; - unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; -in -{ - imports = [ - <stockholm/jeschli> - ./hardware-configuration.nix - <home-manager/nixos> - <stockholm/jeschli/2configs/emacs.nix> - <stockholm/jeschli/2configs/urxvt.nix> - <stockholm/jeschli/2configs/steam.nix> - <stockholm/jeschli/2configs/virtualbox.nix> - ]; - krebs.build.host = config.krebs.hosts.brauerei; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - # or "nodev" for efi only - boot.initrd.luks.devices = [ { - name = "root"; - device = "/dev/sda2"; - preLVM = true; - allowDiscards = true; - } ]; - networking.networkmanager.enable = true; - time.timeZone = "Europe/Amsterdam"; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - # emacs aliases - ed = "emacsclient"; - edc = "emacsclient --create-frame"; - # nix aliases - ns = "nix-shell"; - # krops - deploy = pkgs.writeDash "deploy" '' - set -eu - export SYSTEM="$1" - $(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - }; - - environment.systemPackages = with pkgs; [ - # system helper - acpi - ag - copyq - curl - dmenu - aspell - ispell - rofi - xdotool - git - gnupg - i3lock - keepass - networkmanagerapplet - pavucontrol - rsync - terminator - tmux - wget - # editors - emacs - # internet - chromium - firefox - google-chrome - thunderbird - # programming languages - elixir - elmPackages.elm - exercism - gcc9 - ccls - unstable.clang_8 - ghc - go - python37 - python37Packages.pip - pipenv - # dev tools - gnumake - jetbrains.clion - jetbrains.goland - jetbrains.pycharm-professional - jetbrains.webstorm - vscode - # document viewer - evince - zathura - # go tools - golint - gotools - # rust - cargo - rustracer - rustup - # orga tools - taskwarrior - # xorg - xorg.xbacklight - # tokei - tokei - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.bash.enableCompletion = true; - # programs.mtr.enable = true; - programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - -# home-manager.useUserPackages = true; -# home-manager.users.jeschli = { -# home.stateVersion = "19.03"; -# }; -# home-manager.enable = true; - -# home-manager.users.jeschli.home.file = { -# ".emacs.d" = { -# source = pkgs.fetchFromGitHub { -# owner = "jeschli"; -# repo = "emacs.d"; -# rev = "8ed6c40"; -# sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0"; -# }; -# recursive = true; -# }; -# }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; -# services.emacs.enable = true; - - virtualisation.docker.enable = true; - - services.xserver = { - enable = true; - - desktopManager = { - xfce.enable = true; - gnome3.enable = true; - }; - - }; - - services.xserver.windowManager.i3.enable = true; - - users.extraUsers.jeschli = { # TODO: define as krebs.users - isNormalUser = true; - extraGroups = ["docker" "vboxusers" "audio"]; - uid = 1000; - }; - users.extraUsers.blafoo = { - isNormalUser = true; - extraGroups = ["audio"]; - uid = 1002; - }; - users.extraUsers.jamie = { - isNormalUser = true; - uid = 1001; # TODO genid - }; - users.users.dev = { - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" - "ssh-rsa AAAAB4NzaC1yc2EAAAADAQABAAACAQC1x9+OtNfwv6LxblnLHeBElxoxLfaYUyvqMrBgnrlkaPjylPv711bvPslnt+YgdPsZQLCoQ2t5f0x0j7ZOMYE9eyRrnr67ITO+Od05u3eCypWOZulekkDL0ZDeYdvoZKOWnbKWnQVRfYuLOEL/g5/9E7MLtIdID8e98b/qHzs/+wmuuDR3zHCNic0BKixgET/EgFvLWezWxJ6D/TTv/5sDAfrC+RUN8ad14sxjKIkS3nkAlm8bhrCxQKaHLUcCJWiweW0gPWYSlp64VHS5lchvqCJlPYQdx0XbwolvlLYru0w74ljLbi3eL35GFFyHSeEjQ73EtVwo53uVKTy7SAORU7JNg6xL9H3ChOLOknN9oHs1K7t/maMsATle0HAFcTuaOhELUmHM8dCJh3nPVWIkzHQ4o3fyaogrpt7/V5j6R1/Ozn7P9n4OdqrjiaWqHlz/XHeYNNWte+a0EW+NubC83yS0Cu3uhZ36C3RET2vNM25CyYOBn4ccClAozayQIb6Cif0tCafMRPgkSlogQd8+SqNZpTnmtllIT3VnT5smgrufy6HETDkrHjApDrsqLtMCFY83RFwt4QLv/L93O7IsGifzmEfD9qD7YBSMNs8ihBIUXPk9doHXvYS506YroxWOxe/C0rzzbaogxQT6JMd1ozfXitRD9v7iBIFAT4Kzjw== christopher.kilian@dcso.de" - ]; - }; - - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" - ]; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - -} diff --git a/jeschli/1systems/brauerei/hardware-configuration.nix b/jeschli/1systems/brauerei/hardware-configuration.nix deleted file mode 100644 index 2cb3e6661..000000000 --- a/jeschli/1systems/brauerei/hardware-configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/e264fc21-45bb-4224-93fc-b0e19c2c3478"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/bd0846ce-7d39-4329-bcb4-7c76becd6ab1"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/42BF-0795"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - hardware.pulseaudio.enable = true; - nix.maxJobs = lib.mkDefault 4; -} diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix deleted file mode 100644 index 86d21f7d3..000000000 --- a/jeschli/1systems/enklave/config.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - <stockholm/jeschli> - <stockholm/jeschli/2configs/retiolum.nix> - <stockholm/jeschli/2configs/IM.nix> - <stockholm/jeschli/2configs/git.nix> - <stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix> - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - "eth*" - "ens*" - ]; - } - { - services.openssh.enable = true; - } - { - sound.enable = false; - } - { - users.extraUsers = { - root.initialPassword = "pfeife123"; - root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" - ]; - jeschli = { - name = "jeschli"; - uid = 1000; - home = "/home/jeschli"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ -"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" - ]; - }; - }; - } - { - services.taskserver = { - enable = true; - fqdn = "enklave.r"; - listenHost = "::"; - listenPort = 53589; - organisations.lass.users = [ "jeschli" ]; - }; - networking.firewall.allowedTCPPorts = [ 53589 8001 ]; - } - ]; - - krebs.build.host = config.krebs.hosts.enklave; -} diff --git a/jeschli/1systems/enklave/taskserver.nix b/jeschli/1systems/enklave/taskserver.nix deleted file mode 100644 index 23b235d70..000000000 --- a/jeschli/1systems/enklave/taskserver.nix +++ /dev/null @@ -1,10 +0,0 @@ - { - services.taskserver = { - enable = true; - fqdn = "enklave.r"; - listenHost = "::"; - listenPort = 53589; - organisations.lass.users = [ "jeschli" ]; - }; - networking.firewall.allowedTCPPorts = [ 53589 ]; - } diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix deleted file mode 100644 index dec69563f..000000000 --- a/jeschli/1systems/reagenzglas/config.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = - [ - <stockholm/jeschli> - <stockholm/jeschli/2configs/emacs.nix> - <stockholm/jeschli/2configs/firefox.nix> - <stockholm/jeschli/2configs/rust.nix> - <stockholm/jeschli/2configs/steam.nix> - <stockholm/jeschli/2configs/python.nix> - ./desktop.nix - ./i3-configuration.nix - ./hardware-configuration.nix - ]; - - # EFI systemd boot loader - boot.loader.systemd-boot.enable = true; - - # Wireless network with network manager - krebs.build.host = config.krebs.hosts.reagenzglas; - # networking.hostName = "nixos"; # Define your hostname. - networking.networkmanager.enable = true; - - # Allow unfree - nixpkgs.config.allowUnfree = true; - - # Select internationalisation properties. - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - ag - alacritty - google-chrome - chromium - copyq - direnv - go - git - gitAndTools.hub - sbcl - rofi - vim - wget - ]; - - users.users.ombi = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - }; - - users.users.jeschli = { - isNormalUser = true; - extraGroups = [ "audio" ]; - }; - -# services.xserver.synaptics.enable = true; - services.xserver.libinput.enable = true; - services.xserver.libinput.disableWhileTyping = true; - - hardware.pulseaudio.enable = true; - - #Enable ssh daemon - services.openssh.enable = true; - - #Enable clight - services.clight.enable = true; - services.geoclue2.enable = true; - location.provider = "geoclue2"; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM1xtX/SF2IzfAIzrXvH4HsW05eTBX8U8MYlEPadq0DS/nHC45hW2PSEUOVsH0UhBRAB+yClVLyN+JAYsuOoQacQqAVq9R7HAoFITdYTMJCxVs4urSRv0pWwTopRIh1rlI+Q0QfdMoeVtO2ZKG3KoRM+APDy2dsX8LTtWjXmh/ZCtpGl1O8TZtz2ZyXyv9OVDPnQiFwPU3Jqs2Z036c+kwxWlxYc55FRuqwRtQ48c/ilPMu+ZvQ22j1Ch8lNuliyAg1b8pZdOkMJF3R8b46IQ8FEqkr3L1YQygYw2M50B629FPgHgeGPMz3mVd+5lzP+okbhPJjMrUqZAUwbMGwGzZ ombi@nixos" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFXgtbgeivxlMKkoEJ4ANhtR+LRMSPrsmL4U5grFUME jeschli@nixos" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG7C3bgoL9VeVl8pgu8sp3PCOs6TXk4R9y7JKJAHGsfm root@baeckerei" - ]; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "19.03"; # Did you read the comment? - -} diff --git a/jeschli/1systems/reagenzglas/desktop.nix b/jeschli/1systems/reagenzglas/desktop.nix deleted file mode 100644 index 88eae086f..000000000 --- a/jeschli/1systems/reagenzglas/desktop.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Configuration for the desktop environment - -{ config, lib, pkgs, ... }: -{ - # Configure basic X-server stuff: - services.xserver = { - enable = true; - xkbOptions = "caps:super"; - exportConfiguration = true; - - displayManager.lightdm.enable = true; - }; - - # Configure fonts - fonts = { - fonts = with pkgs; [ - corefonts - font-awesome-ttf - noto-fonts-cjk - noto-fonts-emoji - powerline-fonts - helvetica-neue-lt-std - ]; - }; -} diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix deleted file mode 100644 index 55f5532d6..000000000 --- a/jeschli/1systems/reagenzglas/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/nvme0n1p8"; - preLVM = true; - } - ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/4d01936e-c876-42c3-962a-d4a20ad0e2e0"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/D455-E4CC"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/jeschli/1systems/reagenzglas/i3-configuration.nix b/jeschli/1systems/reagenzglas/i3-configuration.nix deleted file mode 100644 index 88f63426d..000000000 --- a/jeschli/1systems/reagenzglas/i3-configuration.nix +++ /dev/null @@ -1,181 +0,0 @@ -{pkgs, environment, config, lib, ... }: - -with pkgs; - -let - i3_config_file = pkgs.writeText "config" '' - set $mod Mod4 - - font pango:monospace 8 - - #font pango:DejaVu Sans Mono 8 - - # Before i3 v4.8, we used to recommend this one as the default: - # font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1 - # The font above is very space-efficient, that is, it looks good, sharp and - # clear in small sizes. However, its unicode glyph coverage is limited, the old - # X core fonts rendering does not support right-to-left and this being a bitmap - # font, it doesn’t scale on retina/hidpi displays. - - # Use Mouse+$mod to drag floating windows to their wanted position - floating_modifier $mod - - # start a terminal - bindsym $mod+Return exec alacritty - - # kill focused window - bindsym $mod+Shift+q kill - - # start dmenu (a program launcher) - # bindsym $mod+d exec dmenu_run - - # start dmenu (a program launcher) - bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run - - bindsym $mod+x exec ${pkgs.rofi}/bin/rofi -modi window -show window -auto-select - - bindsym $mod+F1 exec xinput --list | grep Touchpad | sed 's/.*id=\([0-9][0-9]\).*/\1/' | xargs xinput disable - bindsym $mod+F2 exec xinput --list | grep Touchpad | sed 's/.*id=\([0-9][0-9]\).*/\1/' | xargs xinput enable - - # There also is the (new) i3-dmenu-desktop which only displays applications - # shipping a .desktop file. It is a wrapper around dmenu, so you need that - # installed. - # bindsym $mod+d exec --no-startup-id i3-dmenu-desktop - - # change focus - bindsym $mod+j focus left - bindsym $mod+k focus down - bindsym $mod+l focus up - bindsym $mod+semicolon focus right - - # alternatively, you can use the cursor keys: - bindsym $mod+Left focus left - bindsym $mod+Down focus down - bindsym $mod+Up focus up - bindsym $mod+Right focus right - - # move focused window - bindsym $mod+Shift+j move left - bindsym $mod+Shift+k move down - bindsym $mod+Shift+l move up - bindsym $mod+Shift+colon move right - - # alternatively, you can use the cursor keys: - bindsym $mod+Shift+Left move left - bindsym $mod+Shift+Down move down - bindsym $mod+Shift+Up move up - bindsym $mod+Shift+Right move right - - # split in horizontal orientation - bindsym $mod+h split h - - # split in vertical orientation - bindsym $mod+v split v - - # enter fullscreen mode for the focused container - bindsym $mod+f fullscreen toggle - - # change container layout (stacked, tabbed, toggle split) - bindsym $mod+s layout stacking - bindsym $mod+w layout tabbed - bindsym $mod+e layout toggle split - - # toggle tiling / floating - bindsym $mod+Shift+space floating toggle - - # change focus between tiling / floating windows - bindsym $mod+space focus mode_toggle - - # focus the parent container - bindsym $mod+a focus parent - - # focus the child container - #bindsym $mod+d focus child - - # Define names for default workspaces for which we configure key bindings later on. - # We use variables to avoid repeating the names in multiple places. - set $ws1 "1" - set $ws2 "2" - set $ws3 "3" - set $ws4 "4" - set $ws5 "5" - set $ws6 "6" - set $ws7 "7" - set $ws8 "8" - set $ws9 "9" - set $ws10 "10" - - # switch to workspace - bindsym $mod+1 workspace $ws1 - bindsym $mod+2 workspace $ws2 - bindsym $mod+3 workspace $ws3 - bindsym $mod+4 workspace $ws4 - bindsym $mod+5 workspace $ws5 - bindsym $mod+6 workspace $ws6 - bindsym $mod+7 workspace $ws7 - bindsym $mod+8 workspace $ws8 - bindsym $mod+9 workspace $ws9 - bindsym $mod+0 workspace $ws10 - - # move focused container to workspace - bindsym $mod+Shift+1 move container to workspace $ws1 - bindsym $mod+Shift+2 move container to workspace $ws2 - bindsym $mod+Shift+3 move container to workspace $ws3 - bindsym $mod+Shift+4 move container to workspace $ws4 - bindsym $mod+Shift+5 move container to workspace $ws5 - bindsym $mod+Shift+6 move container to workspace $ws6 - bindsym $mod+Shift+7 move container to workspace $ws7 - bindsym $mod+Shift+8 move container to workspace $ws8 - bindsym $mod+Shift+9 move container to workspace $ws9 - bindsym $mod+Shift+0 move container to workspace $ws10 - - # reload the configuration file - bindsym $mod+Shift+c reload - # restart i3 inplace (preserves your layout/session, can be used to upgrade i3) - bindsym $mod+Shift+r restart - # exit i3 (logs you out of your X session) - bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'" - - # resize window (you can also use the mouse for that) - mode "resize" { - # These bindings trigger as soon as you enter the resize mode - - # Pressing left will shrink the window’s width. - # Pressing right will grow the window’s width. - # Pressing up will shrink the window’s height. - # Pressing down will grow the window’s height. - bindsym j resize shrink width 10 px or 10 ppt - bindsym k resize grow height 10 px or 10 ppt - bindsym l resize shrink height 10 px or 10 ppt - bindsym semicolon resize grow width 10 px or 10 ppt - - # same bindings, but for the arrow keys - bindsym Left resize shrink width 10 px or 10 ppt - bindsym Down resize grow height 10 px or 10 ppt - bindsym Up resize shrink height 10 px or 10 ppt - bindsym Right resize grow width 10 px or 10 ppt - - # back to normal: Enter or Escape or $mod+r - bindsym Return mode "default" - bindsym Escape mode "default" - bindsym $mod+r mode "default" - } - - bindsym $mod+r mode "resize" - - # Start i3bar to display a workspace bar (plus the system information i3status - # finds out, if available) - bar { - status_command i3status - } - ''; - -in { - - services.xserver.windowManager.i3 = { - enable = true; - package = pkgs.i3; - configFile = i3_config_file; - }; - -} diff --git a/jeschli/2configs/IM.nix b/jeschli/2configs/IM.nix deleted file mode 100644 index 2366726fb..000000000 --- a/jeschli/2configs/IM.nix +++ /dev/null @@ -1,57 +0,0 @@ -with (import <stockholm/lib>); -{ config, lib, pkgs, ... }: -let - tmux = pkgs.writeDashBin "tmux" '' - export TERM=xterm-256color - exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' - set-option -g default-terminal screen-256color - ''} "$@" - ''; -in { - - services.bitlbee = { - enable = true; - portNumber = 6666; - plugins = [ - pkgs.bitlbee-facebook - pkgs.bitlbee-steam - pkgs.bitlbee-discord - ]; - libpurple_plugins = [ pkgs.telegram-purple ]; - }; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - jeschli.pubkey - jeschli-bln.pubkey - jeschli-brauerei.pubkey - jeschli-bolide.pubkey - ]; - packages = [ tmux ]; - }; - - - systemd.services.chat = { - description = "chat environment setup"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - restartIfChanged = false; - - path = [ - pkgs.rxvt_unicode.terminfo - ]; - - serviceConfig = { - User = "chat"; - RemainAfterExit = true; - Type = "oneshot"; - ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; - ExecStop = "${tmux}/bin/tmux kill-session -t IM"; - }; - }; -} diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix deleted file mode 100644 index 8b61fa29c..000000000 --- a/jeschli/2configs/default.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -{ - imports = [ -# ./vim.nix - ./retiolum.nix - ./zsh.nix - <stockholm/lass/2configs/security-workarounds.nix> - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - ]; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - parallel - proot - populate - - # aliases - (writeDashBin "irc" "ssh chat@enklave -t tmux a") - - #style - most - rxvt_unicode.terminfo - - #monitoring tools - htop - iotop - - #network - iptables - iftop - - #stuff for dl - aria2 - - #neat utils - file - kpaste - krebspaste - mosh - pciutils - psmisc - # q - # rs - tmux - untilport - usbutils - # logify - goify - vim - #unpack stuff - p7zip - unzip - unrar - - (pkgs.writeDashBin "sshn" '' - ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" - '') - ]; - - krebs.enable = true; - networking.hostName = config.krebs.build.host.name; -} diff --git a/jeschli/2configs/elisp b/jeschli/2configs/elisp deleted file mode 160000 -Subproject 279d6a01f5abbab5d28d3a57549b7fec800a510 diff --git a/jeschli/2configs/emacs-org-agenda.nix b/jeschli/2configs/emacs-org-agenda.nix deleted file mode 100644 index 0420dc43d..000000000 --- a/jeschli/2configs/emacs-org-agenda.nix +++ /dev/null @@ -1,2025 +0,0 @@ -let - modifiedBerndHansen = '' -;; Based on http://doc.norang.ca/org-mode.html -;; Organize your life in plain text -;; TODO: minimize this section -(if (boundp 'org-mode-user-lisp-path) - (add-to-list 'load-path org-mode-user-lisp-path) - (add-to-list 'load-path (expand-file-name "~/git/org-mode/lisp"))) - -(add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode)) -(require 'org) - -(add-to-list 'org-modules 'org-habit) - -;; -;; Standard key bindings -(global-set-key "\C-cl" 'org-store-link) -(global-set-key "\C-ca" 'org-agenda) -(global-set-key "\C-cb" 'org-iswitchb) - -;; The following setting is different from the document so that you -;; can override the document org-agenda-files by setting your -;; org-agenda-files in the variable org-user-agenda-files -;; -;; (if (boundp 'org-user-agenda-files) -;; (setq org-agenda-files org-user-agenda-files) -;; (setq org-agenda-files (quote ("~/git/org")))) - -;; Custom Key Bindings -(global-set-key (kbd "<f12>") 'org-agenda) -(global-set-key (kbd "<S-f5>") 'bh/widen) -(global-set-key (kbd "<f9> <f9>") 'bh/show-org-agenda) -(global-set-key (kbd "<f9> b") 'bbdb) -(global-set-key (kbd "<f9> c") 'calendar) -(global-set-key (kbd "<f9> f") 'boxquote-insert-file) -(global-set-key (kbd "<f9> g") 'gnus) -(global-set-key (kbd "<f9> h") 'bh/hide-other) -(global-set-key (kbd "<f9> n") 'bh/toggle-next-task-display) - -(global-set-key (kbd "<f9> I") 'bh/punch-in) -(global-set-key (kbd "<f9> O") 'bh/punch-out) - -(global-set-key (kbd "<f9> o") 'bh/make-org-scratch) - -(global-set-key (kbd "<f9> r") 'boxquote-region) -(global-set-key (kbd "<f9> s") 'bh/switch-to-scratch) - -(global-set-key (kbd "<f9> t") 'bh/insert-inactive-timestamp) -(global-set-key (kbd "<f9> T") 'bh/toggle-insert-inactive-timestamp) - -(global-set-key (kbd "<f9> v") 'visible-mode) -(global-set-key (kbd "<f9> l") 'org-toggle-link-display) -(global-set-key (kbd "<f9> SPC") 'bh/clock-in-last-task) -(global-set-key (kbd "C-<f9>") 'previous-buffer) -(global-set-key (kbd "M-<f9>") 'org-toggle-inline-images) -(global-set-key (kbd "C-x n r") 'narrow-to-region) -(global-set-key (kbd "C-<f10>") 'next-buffer) -(global-set-key (kbd "<f11>") 'org-clock-goto) -(global-set-key (kbd "C-<f11>") 'org-clock-in) -(global-set-key (kbd "C-s-<f12>") 'bh/save-then-publish) -(global-set-key (kbd "C-c c") 'org-capture) - -(defun bh/hide-other () - (interactive) - (save-excursion - (org-back-to-heading 'invisible-ok) - (hide-other) - (org-cycle) - (org-cycle) - (org-cycle))) - -(defun bh/set-truncate-lines () - "Toggle value of truncate-lines and refresh window display." - (interactive) - (setq truncate-lines (not truncate-lines)) - ;; now refresh window display (an idiom from simple.el): - (save-excursion - (set-window-start (selected-window) - (window-start (selected-window))))) - -(defun bh/make-org-scratch () - (interactive) - (find-file "/tmp/publish/scratch.org") - (gnus-make-directory "/tmp/publish")) - -(defun bh/switch-to-scratch () - (interactive) - (switch-to-buffer "*scratch*")) - -(setq org-todo-keywords - (quote ((sequence "TODO(t)" "NEXT(n)" "|" "DONE(d)") - (sequence "WAITING(w@/!)" "HOLD(h@/!)" "|" "CANCELLED(c@/!)" "PHONE" "MEETING")))) - -(setq org-todo-keyword-faces - (quote (("TODO" :foreground "red" :weight bold) - ("NEXT" :foreground "blue" :weight bold) - ("DONE" :foreground "forest green" :weight bold) - ("WAITING" :foreground "orange" :weight bold) - ("HOLD" :foreground "magenta" :weight bold) - ("CANCELLED" :foreground "forest green" :weight bold) - ("MEETING" :foreground "forest green" :weight bold) - ("PHONE" :foreground "forest green" :weight bold)))) - -(setq org-use-fast-todo-selection t) - -(setq org-treat-S-cursor-todo-selection-as-state-change nil) - -(setq org-todo-state-tags-triggers - (quote (("CANCELLED" ("CANCELLED" . t)) - ("WAITING" ("WAITING" . t)) - ("HOLD" ("WAITING") ("HOLD" . t)) - (done ("WAITING") ("HOLD")) - ("TODO" ("WAITING") ("CANCELLED") ("HOLD")) - ("NEXT" ("WAITING") ("CANCELLED") ("HOLD")) - ("DONE" ("WAITING") ("CANCELLED") ("HOLD"))))) - -(setq org-directory "~/projects/notes_privat") -(setq org-default-notes-file "~/projects/notes_privat/refile.org") - -;; I use C-c c to start capture mode -(global-set-key (kbd "C-c c") 'org-capture) - -;; Capture templates for: TODO tasks, Notes, appointments, phone calls, meetings, and org-protocol -(setq org-capture-templates - (quote (("t" "todo" entry (file org-default-notes-file) - "* TODO %?\n%U\n%a\n" :clock-in t :clock-resume t) - ("r" "respond" entry (file org-default-notes-file) - "* NEXT Respond to %:from on %:subject\nSCHEDULED: %t\n%U\n%a\n" :clock-in t :clock-resume t :immediate-finish t) - ("n" "note" entry (file org-default-notes-file) - "* %? :NOTE:\n%U\n%a\n" :clock-in t :clock-resume t) - ("j" "Journal" entry (file+datetree "~/git/org/diary.org") - "* %?\n%U\n" :clock-in t :clock-resume t) - ("w" "org-protocol" entry (file org-default-notes-file) - "* TODO Review %c\n%U\n" :immediate-finish t) - ("m" "Meeting" entry (file org-default-notes-file) - "* MEETING with %? :MEETING:\n%U" :clock-in t :clock-resume t) - ("p" "Phone call" entry (file org-default-notes-file) - "* PHONE %? :PHONE:\n%U" :clock-in t :clock-resume t) - ("h" "Habit" entry (file org-default-notes-file) - "* NEXT %?\n%U\n%a\nSCHEDULED: %(format-time-string \"%<<%Y-%m-%d %a .+1d/3d>>\")\n:PROPERTIES:\n:STYLE: habit\n:REPEAT_TO_STATE: NEXT\n:END:\n")))) - -;; Remove empty LOGBOOK drawers on clock out -(defun bh/remove-empty-drawer-on-clock-out () - (interactive) - (save-excursion - (beginning-of-line 0) - (org-remove-empty-drawer-at (point)))) - -(add-hook 'org-clock-out-hook 'bh/remove-empty-drawer-on-clock-out 'append) - -; Targets include this file and any file contributing to the agenda - up to 9 levels deep -(setq org-refile-targets (quote ((nil :maxlevel . 9) - (org-agenda-files :maxlevel . 9)))) - -; Use full outline paths for refile targets - we file directly with IDO -(setq org-refile-use-outline-path t) - -; Targets complete directly with IDO -(setq org-outline-path-complete-in-steps nil) - -; Allow refile to create parent tasks with confirmation -(setq org-refile-allow-creating-parent-nodes (quote confirm)) - -; Use IDO for both buffer and file completion and ido-everywhere to t -; (setq org-completion-use-ido t) -; (setq ido-everywhere t) -; (setq ido-max-directory-size 100000) -; (ido-mode (quote both)) -; ; Use the current window when visiting files and buffers with ido -; (setq ido-default-file-method 'selected-window) -; (setq ido-default-buffer-method 'selected-window) -; ; Use the current window for indirect buffer display -(setq org-indirect-buffer-display 'current-window) - -;;;; Refile settings -; Exclude DONE state tasks from refile targets -(defun bh/verify-refile-target () - "Exclude todo keywords with a done state from refile targets" - (not (member (nth 2 (org-heading-components)) org-done-keywords))) - -(setq org-refile-target-verify-function 'bh/verify-refile-target) - -;; Do not dim blocked tasks -(setq org-agenda-dim-blocked-tasks nil) - -;; Compact the block agenda view -(setq org-agenda-compact-blocks t) - -;; Custom agenda command definitions -(setq org-agenda-custom-commands - (quote (("N" "Notes" tags "NOTE" - ((org-agenda-overriding-header "Notes") - (org-tags-match-list-sublevels t))) - ("h" "Habits" tags-todo "STYLE=\"habit\"" - ((org-agenda-overriding-header "Habits") - (org-agenda-sorting-strategy - '(todo-state-down effort-up category-keep)))) - (" " "Agenda" - ((agenda "" nil) - (tags "REFILE" - ((org-agenda-overriding-header "Tasks to Refile") - (org-tags-match-list-sublevels nil))) - (tags-todo "-CANCELLED/!" - ((org-agenda-overriding-header "Stuck Projects") - (org-agenda-skip-function 'bh/skip-non-stuck-projects) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "-HOLD-CANCELLED/!" - ((org-agenda-overriding-header "Projects") - (org-agenda-skip-function 'bh/skip-non-projects) - (org-tags-match-list-sublevels 'indented) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "-CANCELLED/!NEXT" - ((org-agenda-overriding-header (concat "Project Next Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks) - (org-tags-match-list-sublevels t) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(todo-state-down effort-up category-keep)))) - (tags-todo "-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Project Subtasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Standalone Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "-CANCELLED+WAITING|HOLD/!" - ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-tasks) - (org-tags-match-list-sublevels nil) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks))) - (tags "-REFILE/" - ((org-agenda-overriding-header "Tasks to Archive") - (org-agenda-skip-function 'bh/skip-non-archivable-tasks) - (org-tags-match-list-sublevels nil)))) - nil) - ("1" "Agenda (@buero|@vpn|WORK)" - ((agenda "" nil) - (tags "REFILE" - ((org-agenda-overriding-header "Tasks to Refile") - (org-tags-match-list-sublevels nil))) - (tags-todo "@buero|@vpn|WORK-CANCELLED/!" - ((org-agenda-overriding-header "Stuck Projects") - (org-agenda-skip-function 'bh/skip-non-stuck-projects) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@buero|@vpn|WORK-HOLD-CANCELLED/!" - ((org-agenda-overriding-header "Projects") - (org-agenda-skip-function 'bh/skip-non-projects) - (org-tags-match-list-sublevels 'indented) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@buero|@vpn|WORK-CANCELLED/!NEXT" - ((org-agenda-overriding-header (concat "Project Next Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks) - (org-tags-match-list-sublevels t) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(todo-state-down effort-up category-keep)))) - (tags-todo "@buero|@vpn|WORK-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Project Subtasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@buero|@vpn|WORK-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Standalone Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@buero|@vpn|WORK-CANCELLED+WAITING|HOLD/!" - ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-tasks) - (org-tags-match-list-sublevels nil) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks))) - (tags "@buero|@vpn|WORK-REFILE/" - ((org-agenda-overriding-header "Tasks to Archive") - (org-agenda-skip-function 'bh/skip-non-archivable-tasks) - (org-tags-match-list-sublevels nil)))) - nil) - ("2" "Agenda (@inet|@home))" - ((agenda "" nil) - (tags "REFILE" - ((org-agenda-overriding-header "Tasks to Refile") - (org-tags-match-list-sublevels nil))) - (tags-todo "@inet|@home-CANCELLED/!" - ((org-agenda-overriding-header "Stuck Projects") - (org-agenda-skip-function 'bh/skip-non-stuck-projects) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@inet|@home-HOLD-CANCELLED/!" - ((org-agenda-overriding-header "Projects") - (org-agenda-skip-function 'bh/skip-non-projects) - (org-tags-match-list-sublevels 'indented) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@inet|@home-CANCELLED/!NEXT" - ((org-agenda-overriding-header (concat "Project Next Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-projects-and-habits-and-single-tasks) - (org-tags-match-list-sublevels t) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(todo-state-down effort-up category-keep)))) - (tags-todo "@inet|@home-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Project Subtasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@inet|@home-REFILE-CANCELLED-WAITING-HOLD/!" - ((org-agenda-overriding-header (concat "Standalone Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-project-tasks) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-with-date bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-sorting-strategy - '(category-keep)))) - (tags-todo "@inet|@home-CANCELLED+WAITING|HOLD/!" - ((org-agenda-overriding-header (concat "Waiting and Postponed Tasks" - (if bh/hide-scheduled-and-waiting-next-tasks - "" - " (including WAITING and SCHEDULED tasks)"))) - (org-agenda-skip-function 'bh/skip-non-tasks) - (org-tags-match-list-sublevels nil) - (org-agenda-todo-ignore-scheduled bh/hide-scheduled-and-waiting-next-tasks) - (org-agenda-todo-ignore-deadlines bh/hide-scheduled-and-waiting-next-tasks))) - (tags "@inet|@home-REFILE/" - ((org-agenda-overriding-header "Tasks to Archive") - (org-agenda-skip-function 'bh/skip-non-archivable-tasks) - (org-tags-match-list-sublevels nil)))) - nil) - ))) - -(defun bh/org-auto-exclude-function (tag) - "Automatic task exclusion in the agenda with / RET" - (and (cond - ((string= tag "hold") - t) - ((string= tag "farm") - t)) - (concat "-" tag))) - -(setq org-agenda-auto-exclude-function 'bh/org-auto-exclude-function) - -;; -;; Resume clocking task when emacs is restarted -(org-clock-persistence-insinuate) -;; -;; Show lot of clocking history so it's easy to pick items off the C-F11 list -(setq org-clock-history-length 23) -;; Resume clocking task on clock-in if the clock is open -(setq org-clock-in-resume t) -;; Change tasks to NEXT when clocking in -(setq org-clock-in-switch-to-state 'bh/clock-in-to-next) -;; Separate drawers for clocking and logs -(setq org-drawers (quote ("PROPERTIES" "LOGBOOK"))) -;; Save clock data and state changes and notes in the LOGBOOK drawer -(setq org-clock-into-drawer t) -;; Sometimes I change tasks I'm clocking quickly - this removes clocked tasks with 0:00 duration -(setq org-clock-out-remove-zero-time-clocks t) -;; Clock out when moving task to a done state -(setq org-clock-out-when-done t) -;; Save the running clock and all clock history when exiting Emacs, load it on startup -(setq org-clock-persist t) -;; Do not prompt to resume an active clock -(setq org-clock-persist-query-resume nil) -;; Enable auto clock resolution for finding open clocks -(setq org-clock-auto-clock-resolution (quote when-no-clock-is-running)) -;; Include current clocking task in clock reports -(setq org-clock-report-include-clocking-task t) - -(setq bh/keep-clock-running nil) - -(defun bh/clock-in-to-next (kw) - "Switch a task from TODO to NEXT when clocking in. -Skips capture tasks, projects, and subprojects. -Switch projects and subprojects from NEXT back to TODO" - (when (not (and (boundp 'org-capture-mode) org-capture-mode)) - (cond - ((and (member (org-get-todo-state) (list "TODO")) - (bh/is-task-p)) - "NEXT") - ((and (member (org-get-todo-state) (list "NEXT")) - (bh/is-project-p)) - "TODO")))) - -(defun bh/find-project-task () - "Move point to the parent (project) task if any" - (save-restriction - (widen) - (let ((parent-task (save-excursion (org-back-to-heading 'invisible-ok) (point)))) - (while (org-up-heading-safe) - (when (member (nth 2 (org-heading-components)) org-todo-keywords-1) - (setq parent-task (point)))) - (goto-char parent-task) - parent-task))) - -(defun bh/punch-in (arg) - "Start continuous clocking and set the default task to the -selected task. If no task is selected set the Organization task -as the default task." - (interactive "p") - (setq bh/keep-clock-running t) - (if (equal major-mode 'org-agenda-mode) - ;; - ;; We're in the agenda - ;; - (let* ((marker (org-get-at-bol 'org-hd-marker)) - (tags (org-with-point-at marker (org-get-tags-at)))) - (if (and (eq arg 4) tags) - (org-agenda-clock-in '(16)) - (bh/clock-in-organization-task-as-default))) - ;; - ;; We are not in the agenda - ;; - (save-restriction - (widen) - ; Find the tags on the current task - (if (and (equal major-mode 'org-mode) (not (org-before-first-heading-p)) (eq arg 4)) - (org-clock-in '(16)) - (bh/clock-in-organization-task-as-default))))) - -(defun bh/punch-out () - (interactive) - (setq bh/keep-clock-running nil) - (when (org-clock-is-active) - (org-clock-out)) - (org-agenda-remove-restriction-lock)) - -(defun bh/clock-in-default-task () - (save-excursion - (org-with-point-at org-clock-default-task - (org-clock-in)))) - -(defun bh/clock-in-parent-task () - "Move point to the parent (project) task if any and clock in" - (let ((parent-task)) - (save-excursion - (save-restriction - (widen) - (while (and (not parent-task) (org-up-heading-safe)) - (when (member (nth 2 (org-heading-components)) org-todo-keywords-1) - (setq parent-task (point)))) - (if parent-task - (org-with-point-at parent-task - (org-clock-in)) - (when bh/keep-clock-running - (bh/clock-in-default-task))))))) - -(defvar bh/organization-task-id "eb155a82-92b2-4f25-a3c6-0304591af2f9") - -(defun bh/clock-in-organization-task-as-default () - (interactive) - (org-with-point-at (org-id-find bh/organization-task-id 'marker) - (org-clock-in '(16)))) - -(defun bh/clock-out-maybe () - (when (and bh/keep-clock-running - (not org-clock-clocking-in) - (marker-buffer org-clock-default-task) - (not org-clock-resolving-clocks-due-to-idleness)) - (bh/clock-in-parent-task))) - -(add-hook 'org-clock-out-hook 'bh/clock-out-maybe 'append) - -(require 'org-id) -(defun bh/clock-in-task-by-id (id) - "Clock in a task by id" - (org-with-point-at (org-id-find id 'marker) - (org-clock-in nil))) - -(defun bh/clock-in-last-task (arg) - "Clock in the interrupted task if there is one -Skip the default task and get the next one. -A prefix arg forces clock in of the default task." - (interactive "p") - (let ((clock-in-to-task - (cond - ((eq arg 4) org-clock-default-task) - ((and (org-clock-is-active) - (equal org-clock-default-task (cadr org-clock-history))) - (caddr org-clock-history)) - ((org-clock-is-active) (cadr org-clock-history)) - ((equal org-clock-default-task (car org-clock-history)) (cadr org-clock-history)) - (t (car org-clock-history))))) - (widen) - (org-with-point-at clock-in-to-task - (org-clock-in nil)))) - -(setq org-time-stamp-rounding-minutes (quote (1 1))) - -(setq org-agenda-clock-consistency-checks - (quote (:max-duration "4:00" - :min-duration 0 - :max-gap 0 - :gap-ok-around ("4:00")))) - -;; Sometimes I change tasks I'm clocking quickly - this removes clocked tasks with 0:00 duration -(setq org-clock-out-remove-zero-time-clocks t) - -;; Agenda clock report parameters -(setq org-agenda-clockreport-parameter-plist - (quote (:link t :maxlevel 5 :fileskip0 t :compact t :narrow 80))) - -; Set default column view headings: Task Effort Clock_Summary -(setq org-columns-default-format "%80ITEM(Task) %10Effort(Effort){:} %10CLOCKSUM") - -; global Effort estimate values -; global STYLE property values for completion -(setq org-global-properties (quote (("Effort_ALL" . "0:15 0:30 0:45 1:00 2:00 3:00 4:00 5:00 6:00 0:00") - ("STYLE_ALL" . "habit")))) - -;; Agenda log mode items to display (closed and state changes by default) -(setq org-agenda-log-mode-items (quote (closed state))) - -; Tags with fast selection keys -(setq org-tag-alist (quote ((:startgroup) - ("@errand" . ?E) - ("@buero" . ?B) - ("@omw" . ?O) - ("@vpn" . ?V) - ("@inet" . ?I) - ("@home" . ?H) - (:endgroup) - ("WAITING" . ?w) - ("HOLD" . ?h) - ("PERSONAL" . ?p) - ("WORK" . ?w) - ("ORG" . ?o) - ("crypt" . ?e) - ("NOTE" . ?n) - ("CANCELLED" . ?c) - ("FLAGGED" . ??)))) - -; Allow setting single tags without the menu -(setq org-fast-tag-selection-single-key (quote expert)) - -; For tag searches ignore tasks with scheduled and deadline dates -(setq org-agenda-tags-todo-honor-ignore-options t) - -(require 'bbdb) -(require 'bbdb-com) - -(global-set-key (kbd "<f9> p") 'bh/phone-call) - -;; -;; Phone capture template handling with BBDB lookup -;; Adapted from code by Gregory J. Grubbs -(defun bh/phone-call () - "Return name and company info for caller from bbdb lookup" - (interactive) - (let* (name rec caller) - (setq name (completing-read "Who is calling? " - (bbdb-hashtable) - 'bbdb-completion-predicate - 'confirm)) - (when (> (length name) 0) - ; Something was supplied - look it up in bbdb - (setq rec - (or (first - (or (bbdb-search (bbdb-records) name nil nil) - (bbdb-search (bbdb-records) nil name nil))) - name))) - - ; Build the bbdb link if we have a bbdb record, otherwise just return the name - (setq caller (cond ((and rec (vectorp rec)) - (let ((name (bbdb-record-name rec)) - (company (bbdb-record-company rec))) - (concat "[[bbdb:" - name "][" - name "]]" - (when company - (concat " - " company))))) - (rec) - (t "NameOfCaller"))) - (insert caller))) - -(setq org-agenda-span 'day) - -(setq org-stuck-projects (quote ("" nil nil ""))) - -(defun bh/is-project-p () - "Any task with a todo keyword subtask" - (save-restriction - (widen) - (let ((has-subtask) - (subtree-end (save-excursion (org-end-of-subtree t))) - (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1))) - (save-excursion - (forward-line 1) - (while (and (not has-subtask) - (< (point) subtree-end) - (re-search-forward "^\*+ " subtree-end t)) - (when (member (org-get-todo-state) org-todo-keywords-1) - (setq has-subtask t)))) - (and is-a-task has-subtask)))) - -(defun bh/is-project-subtree-p () - "Any task with a todo keyword that is in a project subtree. -Callers of this function already widen the buffer view." - (let ((task (save-excursion (org-back-to-heading 'invisible-ok) - (point)))) - (save-excursion - (bh/find-project-task) - (if (equal (point) task) - nil - t)))) - -(defun bh/is-task-p () - "Any task with a todo keyword and no subtask" - (save-restriction - (widen) - (let ((has-subtask) - (subtree-end (save-excursion (org-end-of-subtree t))) - (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1))) - (save-excursion - (forward-line 1) - (while (and (not has-subtask) - (< (point) subtree-end) - (re-search-forward "^\*+ " subtree-end t)) - (when (member (org-get-todo-state) org-todo-keywords-1) - (setq has-subtask t)))) - (and is-a-task (not has-subtask))))) - -(defun bh/is-subproject-p () - "Any task which is a subtask of another project" - (let ((is-subproject) - (is-a-task (member (nth 2 (org-heading-components)) org-todo-keywords-1))) - (save-excursion - (while (and (not is-subproject) (org-up-heading-safe)) - (when (member (nth 2 (org-heading-components)) org-todo-keywords-1) - (setq is-subproject t)))) - (and is-a-task is-subproject))) - -(defun bh/list-sublevels-for-projects-indented () - "Set org-tags-match-list-sublevels so when restricted to a subtree we list all subtasks. - This is normally used by skipping functions where this variable is already local to the agenda." - (if (marker-buffer org-agenda-restrict-begin) - (setq org-tags-match-list-sublevels 'indented) - (setq org-tags-match-list-sublevels nil)) - nil) - -(defun bh/list-sublevels-for-projects () - "Set org-tags-match-list-sublevels so when restricted to a subtree we list all subtasks. - This is normally used by skipping functions where this variable is already local to the agenda." - (if (marker-buffer org-agenda-restrict-begin) - (setq org-tags-match-list-sublevels t) - (setq org-tags-match-list-sublevels nil)) - nil) - -(defvar bh/hide-scheduled-and-waiting-next-tasks t) - -(defun bh/toggle-next-task-display () - (interactive) - (setq bh/hide-scheduled-and-waiting-next-tasks (not bh/hide-scheduled-and-waiting-next-tasks)) - (when (equal major-mode 'org-agenda-mode) - (org-agenda-redo)) - (message "%s WAITING and SCHEDULED NEXT Tasks" (if bh/hide-scheduled-and-waiting-next-tasks "Hide" "Show"))) - -(defun bh/skip-stuck-projects () - "Skip trees that are not stuck projects" - (save-restriction - (widen) - (let ((next-headline (save-excursion (or (outline-next-heading) (point-max))))) - (if (bh/is-project-p) - (let* ((subtree-end (save-excursion (org-end-of-subtree t))) - (has-next )) - (save-excursion - (forward-line 1) - (while (and (not has-next) (< (point) subtree-end) (re-search-forward "^\\*+ NEXT " subtree-end t)) - (unless (member "WAITING" (org-get-tags-at)) - (setq has-next t)))) - (if has-next - nil - next-headline)) ; a stuck project, has subtasks but no next task - nil)))) - -(defun bh/skip-non-stuck-projects () - "Skip trees that are not stuck projects" - ;; (bh/list-sublevels-for-projects-indented) - (save-restriction - (widen) - (let ((next-headline (save-excursion (or (outline-next-heading) (point-max))))) - (if (bh/is-project-p) - (let* ((subtree-end (save-excursion (org-end-of-subtree t))) - (has-next )) - (save-excursion - (forward-line 1) - (while (and (not has-next) (< (point) subtree-end) (re-search-forward "^\\*+ NEXT " subtree-end t)) - (unless (member "WAITING" (org-get-tags-at)) - (setq has-next t)))) - (if has-next - next-headline - nil)) ; a stuck project, has subtasks but no next task - next-headline)))) - -(defun bh/skip-non-projects () - "Skip trees that are not projects" - ;; (bh/list-sublevels-for-projects-indented) - (if (save-excursion (bh/skip-non-stuck-projects)) - (save-restriction - (widen) - (let ((subtree-end (save-excursion (org-end-of-subtree t)))) - (cond - ((bh/is-project-p) - nil) - ((and (bh/is-project-subtree-p) (not (bh/is-task-p))) - nil) - (t - subtree-end)))) - (save-excursion (org-end-of-subtree t)))) - -(defun bh/skip-non-tasks () - "Show non-project tasks. -Skip project and sub-project tasks, habits, and project related tasks." - (save-restriction - (widen) - (let ((next-headline (save-excursion (or (outline-next-heading) (point-max))))) - (cond - ((bh/is-task-p) - nil) - (t - next-headline))))) - -(defun bh/skip-project-trees-and-habits () - "Skip trees that are projects" - (save-restriction - (widen) - (let ((subtree-end (save-excursion (org-end-of-subtree t)))) - (cond - ((bh/is-project-p) - subtree-end) - ((org-is-habit-p) - subtree-end) - (t - nil))))) - -(defun bh/skip-projects-and-habits-and-single-tasks () - "Skip trees that are projects, tasks that are habits, single non-project tasks" - (save-restriction - (widen) - (let ((next-headline (save-excursion (or (outline-next-heading) (point-max))))) - (cond - ((org-is-habit-p) - next-headline) - ((and bh/hide-scheduled-and-waiting-next-tasks - (member "WAITING" (org-get-tags-at))) - next-headline) - ((bh/is-project-p) - next-headline) - ((and (bh/is-task-p) (not (bh/is-project-subtree-p))) - next-headline) - (t - nil))))) - -(defun bh/skip-project-tasks-maybe () - "Show tasks related to the current restriction. -When restricted to a project, skip project and sub project tasks, habits, NEXT tasks, and loose tasks. -When not restricted, skip project and sub-project tasks, habits, and project related tasks." - (save-restriction - (widen) - (let* ((subtree-end (save-excursion (org-end-of-subtree t))) - (next-headline (save-excursion (or (outline-next-heading) (point-max)))) - (limit-to-project (marker-buffer org-agenda-restrict-begin))) - (cond - ((bh/is-project-p) - next-headline) - ((org-is-habit-p) - subtree-end) - ((and (not limit-to-project) - (bh/is-project-subtree-p)) - subtree-end) - ((and limit-to-project - (bh/is-project-subtree-p) - (member (org-get-todo-state) (list "NEXT"))) - subtree-end) - (t - nil))))) - -(defun bh/skip-project-tasks () - "Show non-project tasks. -Skip project and sub-project tasks, habits, and project related tasks." - (save-restriction - (widen) - (let* ((subtree-end (save-excursion (org-end-of-subtree t)))) - (cond - ((bh/is-project-p) - subtree-end) - ((org-is-habit-p) - subtree-end) - ((bh/is-project-subtree-p) - subtree-end) - (t - nil))))) - -(defun bh/skip-non-project-tasks () - "Show project tasks. -Skip project and sub-project tasks, habits, and loose non-project tasks." - (save-restriction - (widen) - (let* ((subtree-end (save-excursion (org-end-of-subtree t))) - (next-headline (save-excursion (or (outline-next-heading) (point-max))))) - (cond - ((bh/is-project-p) - next-headline) - ((org-is-habit-p) - subtree-end) - ((and (bh/is-project-subtree-p) - (member (org-get-todo-state) (list "NEXT"))) - subtree-end) - ((not (bh/is-project-subtree-p)) - subtree-end) - (t - nil))))) - -(defun bh/skip-projects-and-habits () - "Skip trees that are projects and tasks that are habits" - (save-restriction - (widen) - (let ((subtree-end (save-excursion (org-end-of-subtree t)))) - (cond - ((bh/is-project-p) - subtree-end) - ((org-is-habit-p) - subtree-end) - (t - nil))))) - -(defun bh/skip-non-subprojects () - "Skip trees that are not projects" - (let ((next-headline (save-excursion (outline-next-heading)))) - (if (bh/is-subproject-p) - nil - next-headline))) - -(setq org-archive-mark-done nil) -(setq org-archive-location "%s_archive::* Archived Tasks") - -(defun bh/skip-non-archivable-tasks () - "Skip trees that are not available for archiving" - (save-restriction - (widen) - ;; Consider only tasks with done todo headings as archivable candidates - (let ((next-headline (save-excursion (or (outline-next-heading) (point-max)))) - (subtree-end (save-excursion (org-end-of-subtree t)))) - (if (member (org-get-todo-state) org-todo-keywords-1) - (if (member (org-get-todo-state) org-done-keywords) - (let* ((daynr (string-to-number (format-time-string "%d" (current-time)))) - (a-month-ago (* 60 60 24 (+ daynr 1))) - (last-month (format-time-string "%Y-%m-" (time-subtract (current-time) (seconds-to-time a-month-ago)))) - (this-month (format-time-string "%Y-%m-" (current-time))) - (subtree-is-current (save-excursion - (forward-line 1) - (and (< (point) subtree-end) - (re-search-forward (concat last-month "\\|" this-month) subtree-end t))))) - (if subtree-is-current - subtree-end ; Has a date in this month or last month, skip it - nil)) ; available to archive - (or subtree-end (point-max))) - next-headline)))) -(setq org-alphabetical-lists t) - -;; Explicitly load required exporters -(require 'ox-html) -(require 'ox-latex) -(require 'ox-ascii) - -(setq org-ditaa-jar-path "~/git/org-mode/contrib/scripts/ditaa.jar") -(setq org-plantuml-jar-path "~/java/plantuml.jar") - -(add-hook 'org-babel-after-execute-hook 'bh/display-inline-images 'append) - -; Make babel results blocks lowercase -(setq org-babel-results-keyword "results") - -(defun bh/display-inline-images () - (condition-case nil - (org-display-inline-images) - (error nil))) - -(org-babel-do-load-languages - (quote org-babel-load-languages) - (quote ((emacs-lisp . t) - (dot . t) - (ditaa . t) - (R . t) - (python . t) - (ruby . t) - (gnuplot . t) - (clojure . t) - (shell . t) - (ledger . t) - (org . t) - (plantuml . t) - (latex . t)))) - -; Do not prompt to confirm evaluation -; This may be dangerous - make sure you understand the consequences -; of setting this -- see the docstring for details -(setq org-confirm-babel-evaluate nil) - -; Use fundamental mode when editing plantuml blocks with C-c ' -(add-to-list 'org-src-lang-modes (quote ("plantuml" . fundamental))) - -;; Don't enable this because it breaks access to emacs from my Android phone -(setq org-startup-with-inline-images nil) - -; experimenting with docbook exports - not finished -(setq org-export-docbook-xsl-fo-proc-command "fop %s %s") -(setq org-export-docbook-xslt-proc-command "xsltproc --output %s /usr/share/xml/docbook/stylesheet/nwalsh/fo/docbook.xsl %s") -; -; Inline images in HTML instead of producting links to the image -(setq org-html-inline-images t) -; Do not use sub or superscripts - I currently don't need this functionality in my documents -(setq org-export-with-sub-superscripts nil) -; Use org.css from the norang website for export document stylesheets -(setq org-html-head-extra "<link rel=\"stylesheet\" href=\"http://doc.norang.ca/org.css\" type=\"text/css\" />") -(setq org-html-head-include-default-style nil) -; Do not generate internal css formatting for HTML exports -(setq org-export-htmlize-output-type (quote css)) -; Export with LaTeX fragments -(setq org-export-with-LaTeX-fragments t) -; Increase default number of headings to export -(setq org-export-headline-levels 6) - -; List of projects -; norang - http://www.norang.ca/ -; doc - http://doc.norang.ca/ -; org-mode-doc - http://doc.norang.ca/org-mode.html and associated files -; org - miscellaneous todo lists for publishing -(setq org-publish-project-alist - ; - ; http://www.norang.ca/ (norang website) - ; norang-org are the org-files that generate the content - ; norang-extra are images and css files that need to be included - ; norang is the top-level project that gets published - (quote (("norang-org" - :base-directory "~/git/www.norang.ca" - :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs" - :recursive t - :table-of-contents nil - :base-extension "org" - :publishing-function org-html-publish-to-html - :style-include-default nil - :section-numbers nil - :table-of-contents nil - :html-head "<link rel=\"stylesheet\" href=\"norang.css\" type=\"text/css\" />" - :author-info nil - :creator-info nil) - ("norang-extra" - :base-directory "~/git/www.norang.ca/" - :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs" - :base-extension "css\\|pdf\\|png\\|jpg\\|gif" - :publishing-function org-publish-attachment - :recursive t - :author nil) - ("norang" - :components ("norang-org" "norang-extra")) - ; - ; http://doc.norang.ca/ (norang website) - ; doc-org are the org-files that generate the content - ; doc-extra are images and css files that need to be included - ; doc is the top-level project that gets published - ("doc-org" - :base-directory "~/git/doc.norang.ca/" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs" - :recursive nil - :section-numbers nil - :table-of-contents nil - :base-extension "org" - :publishing-function (org-html-publish-to-html org-org-publish-to-org) - :style-include-default nil - :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />" - :author-info nil - :creator-info nil) - ("doc-extra" - :base-directory "~/git/doc.norang.ca/" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs" - :base-extension "css\\|pdf\\|png\\|jpg\\|gif" - :publishing-function org-publish-attachment - :recursive nil - :author nil) - ("doc" - :components ("doc-org" "doc-extra")) - ("doc-private-org" - :base-directory "~/git/doc.norang.ca/private" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs/private" - :recursive nil - :section-numbers nil - :table-of-contents nil - :base-extension "org" - :publishing-function (org-html-publish-to-html org-org-publish-to-org) - :style-include-default nil - :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />" - :auto-sitemap t - :sitemap-filename "index.html" - :sitemap-title "Norang Private Documents" - :sitemap-style "tree" - :author-info nil - :creator-info nil) - ("doc-private-extra" - :base-directory "~/git/doc.norang.ca/private" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs/private" - :base-extension "css\\|pdf\\|png\\|jpg\\|gif" - :publishing-function org-publish-attachment - :recursive nil - :author nil) - ("doc-private" - :components ("doc-private-org" "doc-private-extra")) - ; - ; Miscellaneous pages for other websites - ; org are the org-files that generate the content - ("org-org" - :base-directory "~/git/org/" - :publishing-directory "/ssh:www-data@www:~/org" - :recursive t - :section-numbers nil - :table-of-contents nil - :base-extension "org" - :publishing-function org-html-publish-to-html - :style-include-default nil - :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />" - :author-info nil - :creator-info nil) - ; - ; http://doc.norang.ca/ (norang website) - ; org-mode-doc-org this document - ; org-mode-doc-extra are images and css files that need to be included - ; org-mode-doc is the top-level project that gets published - ; This uses the same target directory as the 'doc' project - ("org-mode-doc-org" - :base-directory "~/git/org-mode-doc/" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs" - :recursive t - :section-numbers nil - :table-of-contents nil - :base-extension "org" - :publishing-function (org-html-publish-to-html) - :plain-source t - :htmlized-source t - :style-include-default nil - :html-head "<link rel=\"stylesheet\" href=\"/org.css\" type=\"text/css\" />" - :author-info nil - :creator-info nil) - ("org-mode-doc-extra" - :base-directory "~/git/org-mode-doc/" - :publishing-directory "/ssh:www-data@www:~/doc.norang.ca/htdocs" - :base-extension "css\\|pdf\\|png\\|jpg\\|gif\\|org" - :publishing-function org-publish-attachment - :recursive t - :author nil) - ("org-mode-doc" - :components ("org-mode-doc-org" "org-mode-doc-extra")) - ; - ; http://doc.norang.ca/ (norang website) - ; org-mode-doc-org this document - ; org-mode-doc-extra are images and css files that need to be included - ; org-mode-doc is the top-level project that gets published - ; This uses the same target directory as the 'doc' project - ("tmp-org" - :base-directory "/tmp/publish/" - :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs/tmp" - :recursive t - :section-numbers nil - :table-of-contents nil - :base-extension "org" - :publishing-function (org-html-publish-to-html org-org-publish-to-org) - :html-head "<link rel=\"stylesheet\" href=\"http://doc.norang.ca/org.css\" type=\"text/css\" />" - :plain-source t - :htmlized-source t - :style-include-default nil - :auto-sitemap t - :sitemap-filename "index.html" - :sitemap-title "Test Publishing Area" - :sitemap-style "tree" - :author-info t - :creator-info t) - ("tmp-extra" - :base-directory "/tmp/publish/" - :publishing-directory "/ssh:www-data@www:~/www.norang.ca/htdocs/tmp" - :base-extension "css\\|pdf\\|png\\|jpg\\|gif" - :publishing-function org-publish-attachment - :recursive t - :author nil) - ("tmp" - :components ("tmp-org" "tmp-extra"))))) - -; I'm lazy and don't want to remember the name of the project to publish when I modify -; a file that is part of a project. So this function saves the file, and publishes -; the project that includes this file -; -; It's bound to C-S-F12 so I just edit and hit C-S-F12 when I'm done and move on to the next thing -(defun bh/save-then-publish (&optional force) - (interactive "P") - (save-buffer) - (org-save-all-org-buffers) - (let ((org-html-head-extra) - (org-html-validation-link "<a href=\"http://validator.w3.org/check?uri=referer\">Validate XHTML 1.0</a>")) - (org-publish-current-project force))) - -(global-set-key (kbd "C-s-<f12>") 'bh/save-then-publish) - -(setq org-latex-listings t) - -(setq org-html-xml-declaration (quote (("html" . "") - ("was-html" . "<?xml version=\"1.0\" encoding=\"%s\"?>") - ("php" . "<?php echo \"<?xml version=\\\"1.0\\\" encoding=\\\"%s\\\" ?>\"; ?>")))) - -(setq org-export-allow-BIND t) - -; Erase all reminders and rebuilt reminders for today from the agenda -(defun bh/org-agenda-to-appt () - (interactive) - (setq appt-time-msg-list nil) - (org-agenda-to-appt)) - -; Rebuild the reminders everytime the agenda is displayed -(add-hook 'org-finalize-agenda-hook 'bh/org-agenda-to-appt 'append) - -; This is at the end of my .emacs - so appointments are set up when Emacs starts -(bh/org-agenda-to-appt) - -; Activate appointments so we get notifications -(appt-activate t) - -; If we leave Emacs running overnight - reset the appointments one minute after midnight -(run-at-time "24:01" nil 'bh/org-agenda-to-appt) - -;; Enable abbrev-mode -(add-hook 'org-mode-hook (lambda () (abbrev-mode 1))) - -;; Skeletons -;; -;; sblk - Generic block #+begin_FOO .. #+end_FOO -(define-skeleton skel-org-block - "Insert an org block, querying for type." - "Type: " - "#+begin_" str "\n" - _ - \n - "#+end_" str "\n") - -(define-abbrev org-mode-abbrev-table "sblk" "" 'skel-org-block) - -;; splantuml - PlantUML Source block -(define-skeleton skel-org-block-plantuml - "Insert a org plantuml block, querying for filename." - "File (no extension): " - "#+begin_src plantuml :file " str ".png :cache yes\n" - _ - \n - "#+end_src\n") - -(define-abbrev org-mode-abbrev-table "splantuml" "" 'skel-org-block-plantuml) - -(define-skeleton skel-org-block-plantuml-activity - "Insert a org plantuml block, querying for filename." - "File (no extension): " - "#+begin_src plantuml :file " str "-act.png :cache yes :tangle " str "-act.txt\n" - (bh/plantuml-reset-counters) - "@startuml\n" - "skinparam activity {\n" - "BackgroundColor<<New>> Cyan\n" - "}\n\n" - "title " str " - \n" - "note left: " str "\n" - "(*) --> \"" str "\"\n" - "--> (*)\n" - _ - \n - "@enduml\n" - "#+end_src\n") - -(defvar bh/plantuml-if-count 0) - -(defun bh/plantuml-if () - (incf bh/plantuml-if-count) - (number-to-string bh/plantuml-if-count)) - -(defvar bh/plantuml-loop-count 0) - -(defun bh/plantuml-loop () - (incf bh/plantuml-loop-count) - (number-to-string bh/plantuml-loop-count)) - -(defun bh/plantuml-reset-counters () - (setq bh/plantuml-if-count 0 - bh/plantuml-loop-count 0) - "") - -(define-abbrev org-mode-abbrev-table "sact" "" 'skel-org-block-plantuml-activity) - -(define-skeleton skel-org-block-plantuml-activity-if - "Insert a org plantuml block activity if statement" - "" - "if \"\" then\n" - " -> [condition] ==IF" (setq ifn (bh/plantuml-if)) "==\n" - " --> ==IF" ifn "M1==\n" - " -left-> ==IF" ifn "M2==\n" - "else\n" - "end if\n" - "--> ==IF" ifn "M2==") - -(define-abbrev org-mode-abbrev-table "sif" "" 'skel-org-block-plantuml-activity-if) - -(define-skeleton skel-org-block-plantuml-activity-for - "Insert a org plantuml block activity for statement" - "Loop for each: " - "--> ==LOOP" (setq loopn (bh/plantuml-loop)) "==\n" - "note left: Loop" loopn ": For each " str "\n" - "--> ==ENDLOOP" loopn "==\n" - "note left: Loop" loopn ": End for each " str "\n" ) - -(define-abbrev org-mode-abbrev-table "sfor" "" 'skel-org-block-plantuml-activity-for) - -(define-skeleton skel-org-block-plantuml-sequence - "Insert a org plantuml activity diagram block, querying for filename." - "File appends (no extension): " - "#+begin_src plantuml :file " str "-seq.png :cache yes :tangle " str "-seq.txt\n" - "@startuml\n" - "title " str " - \n" - "actor CSR as \"Customer Service Representative\"\n" - "participant CSMO as \"CSM Online\"\n" - "participant CSMU as \"CSM Unix\"\n" - "participant NRIS\n" - "actor Customer" - _ - \n - "@enduml\n" - "#+end_src\n") - -(define-abbrev org-mode-abbrev-table "sseq" "" 'skel-org-block-plantuml-sequence) - -;; sdot - Graphviz DOT block -(define-skeleton skel-org-block-dot - "Insert a org graphviz dot block, querying for filename." - "File (no extension): " - "#+begin_src dot :file " str ".png :cache yes :cmdline -Kdot -Tpng\n" - "graph G {\n" - _ - \n - "}\n" - "#+end_src\n") - -(define-abbrev org-mode-abbrev-table "sdot" "" 'skel-org-block-dot) - -;; sditaa - Ditaa source block -(define-skeleton skel-org-block-ditaa - "Insert a org ditaa block, querying for filename." - "File (no extension): " - "#+begin_src ditaa :file " str ".png :cache yes\n" - _ - \n - "#+end_src\n") - -(define-abbrev org-mode-abbrev-table "sditaa" "" 'skel-org-block-ditaa) - -;; selisp - Emacs Lisp source block -(define-skeleton skel-org-block-elisp - "Insert a org emacs-lisp block" - "" - "#+begin_src emacs-lisp\n" - _ - \n - "#+end_src\n") - -(define-abbrev org-mode-abbrev-table "selisp" "" 'skel-org-block-elisp) - -(defun bh/org-todo (arg) - (interactive "p") - (if (equal arg 4) - (save-restriction - (bh/narrow-to-org-subtree) - (org-show-todo-tree nil)) - (bh/narrow-to-org-subtree) - (org-show-todo-tree nil))) - -(global-set-key (kbd "<S-f5>") 'bh/widen) - -(defun bh/widen () - (interactive) - (if (equal major-mode 'org-agenda-mode) - (progn - (org-agenda-remove-restriction-lock) - (when org-agenda-sticky - (org-agenda-redo))) - (widen))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "W" (lambda () (interactive) (setq bh/hide-scheduled-and-waiting-next-tasks t) (bh/widen)))) - 'append) - -(defun bh/restrict-to-file-or-follow (arg) - "Set agenda restriction to 'file or with argument invoke follow mode. -I don't use follow mode very often but I restrict to file all the time -so change the default 'F' binding in the agenda to allow both" - (interactive "p") - (if (equal arg 4) - (org-agenda-follow-mode) - (widen) - (bh/set-agenda-restriction-lock 4) - (org-agenda-redo) - (beginning-of-buffer))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "F" 'bh/restrict-to-file-or-follow)) - 'append) - -(defun bh/narrow-to-org-subtree () - (widen) - (org-narrow-to-subtree) - (save-restriction - (org-agenda-set-restriction-lock))) - -(defun bh/narrow-to-subtree () - (interactive) - (if (equal major-mode 'org-agenda-mode) - (progn - (org-with-point-at (org-get-at-bol 'org-hd-marker) - (bh/narrow-to-org-subtree)) - (when org-agenda-sticky - (org-agenda-redo))) - (bh/narrow-to-org-subtree))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "N" 'bh/narrow-to-subtree)) - 'append) - -(defun bh/narrow-up-one-org-level () - (widen) - (save-excursion - (outline-up-heading 1 'invisible-ok) - (bh/narrow-to-org-subtree))) - -(defun bh/get-pom-from-agenda-restriction-or-point () - (or (and (marker-position org-agenda-restrict-begin) org-agenda-restrict-begin) - (org-get-at-bol 'org-hd-marker) - (and (equal major-mode 'org-mode) (point)) - org-clock-marker)) - -(defun bh/narrow-up-one-level () - (interactive) - (if (equal major-mode 'org-agenda-mode) - (progn - (org-with-point-at (bh/get-pom-from-agenda-restriction-or-point) - (bh/narrow-up-one-org-level)) - (org-agenda-redo)) - (bh/narrow-up-one-org-level))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "U" 'bh/narrow-up-one-level)) - 'append) - -(defun bh/narrow-to-org-project () - (widen) - (save-excursion - (bh/find-project-task) - (bh/narrow-to-org-subtree))) - -(defun bh/narrow-to-project () - (interactive) - (if (equal major-mode 'org-agenda-mode) - (progn - (org-with-point-at (bh/get-pom-from-agenda-restriction-or-point) - (bh/narrow-to-org-project) - (save-excursion - (bh/find-project-task) - (org-agenda-set-restriction-lock))) - (org-agenda-redo) - (beginning-of-buffer)) - (bh/narrow-to-org-project) - (save-restriction - (org-agenda-set-restriction-lock)))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "P" 'bh/narrow-to-project)) - 'append) - -(defvar bh/project-list nil) - -(defun bh/view-next-project () - (interactive) - (let (num-project-left current-project) - (unless (marker-position org-agenda-restrict-begin) - (goto-char (point-min)) - ; Clear all of the existing markers on the list - (while bh/project-list - (set-marker (pop bh/project-list) nil)) - (re-search-forward "Tasks to Refile") - (forward-visible-line 1)) - - ; Build a new project marker list - (unless bh/project-list - (while (< (point) (point-max)) - (while (and (< (point) (point-max)) - (or (not (org-get-at-bol 'org-hd-marker)) - (org-with-point-at (org-get-at-bol 'org-hd-marker) - (or (not (bh/is-project-p)) - (bh/is-project-subtree-p))))) - (forward-visible-line 1)) - (when (< (point) (point-max)) - (add-to-list 'bh/project-list (copy-marker (org-get-at-bol 'org-hd-marker)) 'append)) - (forward-visible-line 1))) - - ; Pop off the first marker on the list and display - (setq current-project (pop bh/project-list)) - (when current-project - (org-with-point-at current-project - (setq bh/hide-scheduled-and-waiting-next-tasks nil) - (bh/narrow-to-project)) - ; Remove the marker - (setq current-project nil) - (org-agenda-redo) - (beginning-of-buffer) - (setq num-projects-left (length bh/project-list)) - (if (> num-projects-left 0) - (message "%s projects left to view" num-projects-left) - (beginning-of-buffer) - (setq bh/hide-scheduled-and-waiting-next-tasks t) - (error "All projects viewed."))))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "V" 'bh/view-next-project)) - 'append) - -(setq org-show-entry-below (quote ((default)))) - -(add-hook 'org-agenda-mode-hook - '(lambda () (org-defkey org-agenda-mode-map "\C-c\C-x<" 'bh/set-agenda-restriction-lock)) - 'append) - -(defun bh/set-agenda-restriction-lock (arg) - "Set restriction lock to current task subtree or file if prefix is specified" - (interactive "p") - (let* ((pom (bh/get-pom-from-agenda-restriction-or-point)) - (tags (org-with-point-at pom (org-get-tags-at)))) - (let ((restriction-type (if (equal arg 4) 'file 'subtree))) - (save-restriction - (cond - ((and (equal major-mode 'org-agenda-mode) pom) - (org-with-point-at pom - (org-agenda-set-restriction-lock restriction-type)) - (org-agenda-redo)) - ((and (equal major-mode 'org-mode) (org-before-first-heading-p)) - (org-agenda-set-restriction-lock 'file)) - (pom - (org-with-point-at pom - (org-agenda-set-restriction-lock restriction-type)))))))) - -;; Limit restriction lock highlighting to the headline only -(setq org-agenda-restriction-lock-highlight-subtree nil) - -;; Always hilight the current agenda line -(add-hook 'org-agenda-mode-hook - '(lambda () (hl-line-mode 1)) - 'append) - -;; Keep tasks with dates on the global todo lists -(setq org-agenda-todo-ignore-with-date nil) - -;; Keep tasks with deadlines on the global todo lists -(setq org-agenda-todo-ignore-deadlines nil) - -;; Keep tasks with scheduled dates on the global todo lists -(setq org-agenda-todo-ignore-scheduled nil) - -;; Keep tasks with timestamps on the global todo lists -(setq org-agenda-todo-ignore-timestamp nil) - -;; Remove completed deadline tasks from the agenda view -(setq org-agenda-skip-deadline-if-done t) - -;; Remove completed scheduled tasks from the agenda view -(setq org-agenda-skip-scheduled-if-done t) - -;; Remove completed items from search results -(setq org-agenda-skip-timestamp-if-done t) - -(setq org-agenda-include-diary nil) -(setq org-agenda-diary-file "~/git/org/diary.org") - -(setq org-agenda-insert-diary-extract-time t) - -;; Include agenda archive files when searching for things -(setq org-agenda-text-search-extra-files (quote (agenda-archives))) - -;; Show all future entries for repeating tasks -(setq org-agenda-repeating-timestamp-show-all t) - -;; Show all agenda dates - even if they are empty -(setq org-agenda-show-all-dates t) - -;; Sorting order for tasks on the agenda -(setq org-agenda-sorting-strategy - (quote ((agenda habit-down time-up user-defined-up effort-up category-keep) - (todo category-up effort-up) - (tags category-up effort-up) - (search category-up)))) - -;; Start the weekly agenda on Monday -(setq org-agenda-start-on-weekday 1) - -;; Enable display of the time grid so we can see the marker for the current time -;; modified like in -;; https://stackoverflow.com/questions/47778775/wrong-type-argument-when-using-org-agenda -(setq org-agenda-time-grid (quote - ((daily today remove-match) - (0900 1100 1300 1500 1700) - "......" "----------------"))) - -;; Display tags farther right -(setq org-agenda-tags-column -102) - -;; -;; Agenda sorting functions -;; -(setq org-agenda-cmp-user-defined 'bh/agenda-sort) - -(defun bh/agenda-sort (a b) - "Sorting strategy for agenda items. -Late deadlines first, then scheduled, then non-late deadlines" - (let (result num-a num-b) - (cond - ; time specific items are already sorted first by org-agenda-sorting-strategy - - ; non-deadline and non-scheduled items next - ((bh/agenda-sort-test 'bh/is-not-scheduled-or-deadline a b)) - - ; deadlines for today next - ((bh/agenda-sort-test 'bh/is-due-deadline a b)) - - ; late deadlines next - ((bh/agenda-sort-test-num 'bh/is-late-deadline '> a b)) - - ; scheduled items for today next - ((bh/agenda-sort-test 'bh/is-scheduled-today a b)) - - ; late scheduled items next - ((bh/agenda-sort-test-num 'bh/is-scheduled-late '> a b)) - - ; pending deadlines last - ((bh/agenda-sort-test-num 'bh/is-pending-deadline '< a b)) - - ; finally default to unsorted - (t (setq result nil))) - result)) - -(defmacro bh/agenda-sort-test (fn a b) - "Test for agenda sort" - `(cond - ; if both match leave them unsorted - ((and (apply ,fn (list ,a)) - (apply ,fn (list ,b))) - (setq result nil)) - ; if a matches put a first - ((apply ,fn (list ,a)) - (setq result -1)) - ; otherwise if b matches put b first - ((apply ,fn (list ,b)) - (setq result 1)) - ; if none match leave them unsorted - (t nil))) - -(defmacro bh/agenda-sort-test-num (fn compfn a b) - `(cond - ((apply ,fn (list ,a)) - (setq num-a (string-to-number (match-string 1 ,a))) - (if (apply ,fn (list ,b)) - (progn - (setq num-b (string-to-number (match-string 1 ,b))) - (setq result (if (apply ,compfn (list num-a num-b)) - -1 - 1))) - (setq result -1))) - ((apply ,fn (list ,b)) - (setq result 1)) - (t nil))) - -(defun bh/is-not-scheduled-or-deadline (date-str) - (and (not (bh/is-deadline date-str)) - (not (bh/is-scheduled date-str)))) - -(defun bh/is-due-deadline (date-str) - (string-match "Deadline:" date-str)) - -(defun bh/is-late-deadline (date-str) - (string-match "\\([0-9]*\\) d\. ago:" date-str)) - -(defun bh/is-pending-deadline (date-str) - (string-match "In \\([^-]*\\)d\.:" date-str)) - -(defun bh/is-deadline (date-str) - (or (bh/is-due-deadline date-str) - (bh/is-late-deadline date-str) - (bh/is-pending-deadline date-str))) - -(defun bh/is-scheduled (date-str) - (or (bh/is-scheduled-today date-str) - (bh/is-scheduled-late date-str))) - -(defun bh/is-scheduled-today (date-str) - (string-match "Scheduled:" date-str)) - -(defun bh/is-scheduled-late (date-str) - (string-match "Sched\.\\(.*\\)x:" date-str)) - -;; Use sticky agenda's so they persist -(setq org-agenda-sticky t) - -;; The following setting is different from the document so that you -;; can override the document path by setting your path in the variable -;; org-mode-user-contrib-lisp-path -;; -(if (boundp 'org-mode-user-contrib-lisp-path) - (add-to-list 'load-path org-mode-user-contrib-lisp-path) - (add-to-list 'load-path (expand-file-name "~/git/org-mode/contrib/lisp"))) - -(require 'org-checklist) - -(setq org-enforce-todo-dependencies t) - -(setq org-hide-leading-stars nil) - -(setq org-startup-indented t) - -(setq org-cycle-separator-lines 0) - -(setq org-blank-before-new-entry (quote ((heading) - (plain-list-item . auto)))) - -(setq org-insert-heading-respect-content nil) - -(setq org-reverse-note-order nil) - -(setq org-show-following-heading t) -(setq org-show-hierarchy-above t) -(setq org-show-siblings (quote ((default)))) - -(setq org-special-ctrl-a/e t) -(setq org-special-ctrl-k t) -(setq org-yank-adjusted-subtrees t) - -(setq org-id-method (quote uuidgen)) - -(setq org-deadline-warning-days 30) - -(setq org-table-export-default-format "orgtbl-to-csv") - -(setq org-link-frame-setup (quote ((vm . vm-visit-folder) - (gnus . org-gnus-no-new-news) - (file . find-file)))) - -; Use the current window for C-c ' source editing -(setq org-src-window-setup 'current-window) - -(setq org-log-done (quote time)) -(setq org-log-into-drawer t) -(setq org-log-state-notes-insert-after-drawers nil) - -(setq org-clock-sound "/usr/local/lib/tngchime.wav") - -; Enable habit tracking (and a bunch of other modules) -(setq org-modules (quote (org-bbdb - org-bibtex - org-crypt - org-gnus - org-id - org-info - org-jsinfo - org-habit - org-inlinetask - org-irc - org-mew - org-mhe - org-protocol - org-rmail - org-vm - org-wl - org-w3m))) - -; position the habit graph on the agenda to the right of the default -(setq org-habit-graph-column 50) - -(run-at-time "06:00" 86400 '(lambda () (setq org-habit-show-habits t))) - -(global-auto-revert-mode t) - -(require 'org-crypt) -; Encrypt all entries before saving -(org-crypt-use-before-save-magic) -(setq org-tags-exclude-from-inheritance (quote ("crypt"))) -; GPG key to use for encryption -(setq org-crypt-key "F0B66B40") - -(setq org-crypt-disable-auto-save nil) - -(setq org-use-speed-commands t) -(setq org-speed-commands-user (quote (("0" . ignore) - ("1" . ignore) - ("2" . ignore) - ("3" . ignore) - ("4" . ignore) - ("5" . ignore) - ("6" . ignore) - ("7" . ignore) - ("8" . ignore) - ("9" . ignore) - - ("a" . ignore) - ("d" . ignore) - ("h" . bh/hide-other) - ("i" progn - (forward-char 1) - (call-interactively 'org-insert-heading-respect-content)) - ("k" . org-kill-note-or-show-branches) - ("l" . ignore) - ("m" . ignore) - ("q" . bh/show-org-agenda) - ("r" . ignore) - ("s" . org-save-all-org-buffers) - ("w" . org-refile) - ("x" . ignore) - ("y" . ignore) - ("z" . org-add-note) - - ("A" . ignore) - ("B" . ignore) - ("E" . ignore) - ("F" . bh/restrict-to-file-or-follow) - ("G" . ignore) - ("H" . ignore) - ("J" . org-clock-goto) - ("K" . ignore) - ("L" . ignore) - ("M" . ignore) - ("N" . bh/narrow-to-org-subtree) - ("P" . bh/narrow-to-org-project) - ("Q" . ignore) - ("R" . ignore) - ("S" . ignore) - ("T" . bh/org-todo) - ("U" . bh/narrow-up-one-org-level) - ("V" . ignore) - ("W" . bh/widen) - ("X" . ignore) - ("Y" . ignore) - ("Z" . ignore)))) - -(defun bh/show-org-agenda () - (interactive) - (if org-agenda-sticky - (switch-to-buffer "*Org Agenda( )*") - (switch-to-buffer "*Org Agenda*")) - (delete-other-windows)) - -(require 'org-protocol) - -(setq require-final-newline t) - -(defvar bh/insert-inactive-timestamp t) - -(defun bh/toggle-insert-inactive-timestamp () - (interactive) - (setq bh/insert-inactive-timestamp (not bh/insert-inactive-timestamp)) - (message "Heading timestamps are %s" (if bh/insert-inactive-timestamp "ON" "OFF"))) - -(defun bh/insert-inactive-timestamp () - (interactive) - (org-insert-time-stamp nil t t nil nil nil)) - -(defun bh/insert-heading-inactive-timestamp () - (save-excursion - (when bh/insert-inactive-timestamp - (org-return) - (org-cycle) - (bh/insert-inactive-timestamp)))) - -(add-hook 'org-insert-heading-hook 'bh/insert-heading-inactive-timestamp 'append) - -(setq org-export-with-timestamps nil) - -(setq org-return-follows-link t) - -(custom-set-faces - ;; custom-set-faces was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - '(org-mode-line-clock ((t (:foreground "red" :box (:line-width -1 :style released-button)))) t)) - -(defun bh/prepare-meeting-notes () - "Prepare meeting notes for email - Take selected region and convert tabs to spaces, mark TODOs with leading >>>, and copy to kill ring for pasting" - (interactive) - (let (prefix) - (save-excursion - (save-restriction - (narrow-to-region (region-beginning) (region-end)) - (untabify (point-min) (point-max)) - (goto-char (point-min)) - (while (re-search-forward "^\\( *-\\\) \\(TODO\\|DONE\\): " (point-max) t) - (replace-match (concat (make-string (length (match-string 1)) ?>) " " (match-string 2) ": "))) - (goto-char (point-min)) - (kill-ring-save (point-min) (point-max)))))) - -(setq org-remove-highlights-with-change t) - -(add-to-list 'Info-default-directory-list "~/git/org-mode/doc") - -(setq org-read-date-prefer-future 'time) - -(setq org-list-demote-modify-bullet (quote (("+" . "-") - ("*" . "-") - ("1." . "-") - ("1)" . "-") - ("A)" . "-") - ("B)" . "-") - ("a)" . "-") - ("b)" . "-") - ("A." . "-") - ("B." . "-") - ("a." . "-") - ("b." . "-")))) - -(setq org-tags-match-list-sublevels t) - -(setq org-agenda-persistent-filter t) - -(setq org-link-mailto-program (quote (compose-mail "%a" "%s"))) - -(add-to-list 'load-path (expand-file-name "~/.emacs.d")) -(require 'smex) -(smex-initialize) - -(global-set-key (kbd "M-x") 'smex) -(global-set-key (kbd "C-x x") 'smex) -(global-set-key (kbd "M-X") 'smex-major-mode-commands) - -;; Bookmark handling -;; -(global-set-key (kbd "<C-f6>") '(lambda () (interactive) (bookmark-set "SAVED"))) - -(require 'org-mime) - -(setq org-agenda-skip-additional-timestamps-same-entry t) - -(setq org-table-use-standard-references (quote from)) - -(setq org-file-apps (quote ((auto-mode . emacs) - ("\\.mm\\'" . system) - ("\\.x?html?\\'" . system) - ("\\.pdf\\'" . system)))) - -; Overwrite the current window with the agenda -(setq org-agenda-window-setup 'current-window) - -(setq org-clone-delete-id t) - -(setq org-cycle-include-plain-lists t) - -(setq org-src-fontify-natively t) - -(setq org-structure-template-alist - (quote (("s" "#+begin_src ?\n\n#+end_src" "<src lang=\"?\">\n\n</src>") - ("e" "#+begin_example\n?\n#+end_example" "<example>\n?\n</example>") - ("q" "#+begin_quote\n?\n#+end_quote" "<quote>\n?\n</quote>") - ("v" "#+begin_verse\n?\n#+end_verse" "<verse>\n?\n</verse>") - ("c" "#+begin_center\n?\n#+end_center" "<center>\n?\n</center>") - ("l" "#+begin_latex\n?\n#+end_latex" "<literal style=\"latex\">\n?\n</literal>") - ("L" "#+latex: " "<literal style=\"latex\">?</literal>") - ("h" "#+begin_html\n?\n#+end_html" "<literal style=\"html\">\n?\n</literal>") - ("H" "#+html: " "<literal style=\"html\">?</literal>") - ("a" "#+begin_ascii\n?\n#+end_ascii") - ("A" "#+ascii: ") - ("i" "#+index: ?" "#+index: ?") - ("I" "#+include %file ?" "<include file=%file markup=\"?\">")))) - -(defun bh/mark-next-parent-tasks-todo () - "Visit each parent task and change NEXT states to TODO" - (let ((mystate (or (and (fboundp 'org-state) - state) - (nth 2 (org-heading-components))))) - (when mystate - (save-excursion - (while (org-up-heading-safe) - (when (member (nth 2 (org-heading-components)) (list "NEXT")) - (org-todo "TODO"))))))) - -(add-hook 'org-after-todo-state-change-hook 'bh/mark-next-parent-tasks-todo 'append) -(add-hook 'org-clock-in-hook 'bh/mark-next-parent-tasks-todo 'append) - -(setq org-startup-folded t) - -(add-hook 'message-mode-hook 'orgstruct++-mode 'append) -(add-hook 'message-mode-hook 'turn-on-auto-fill 'append) -(add-hook 'message-mode-hook 'bbdb-define-all-aliases 'append) -(add-hook 'message-mode-hook 'orgtbl-mode 'append) -; (add-hook 'message-mode-hook 'turn-on-flyspell 'append) ; aspell needs nix fix -(add-hook 'message-mode-hook - '(lambda () (setq fill-column 72)) - 'append) - -;; flyspell mode for spell checking everywhere -; (add-hook 'org-mode-hook 'turn-on-flyspell 'append) ; aspell needs nix fix - -;; Disable keys in org-mode -;; C-c [ -;; C-c ] -;; C-c ; -;; C-c C-x C-q cancelling the clock (we never want this) -(add-hook 'org-mode-hook - '(lambda () - ;; Undefine C-c [ and C-c ] since this breaks my - ;; org-agenda files when directories are include It - ;; expands the files in the directories individually - (org-defkey org-mode-map "\C-c[" 'undefined) - (org-defkey org-mode-map "\C-c]" 'undefined) - (org-defkey org-mode-map "\C-c;" 'undefined) - (org-defkey org-mode-map "\C-c\C-x\C-q" 'undefined)) - 'append) - -(add-hook 'org-mode-hook - (lambda () - (local-set-key (kbd "C-c M-o") 'bh/mail-subtree)) - 'append) - -(defun bh/mail-subtree () - (interactive) - (org-mark-subtree) - (org-mime-subtree)) - -(setq org-src-preserve-indentation nil) -(setq org-edit-src-content-indentation 0) - -(setq org-catch-invisible-edits 'error) - -(setq org-export-coding-system 'utf-8) -(prefer-coding-system 'utf-8) -(set-charset-priority 'unicode) -(setq default-process-coding-system '(utf-8-unix . utf-8-unix)) - -(setq org-time-clocksum-format - '(:hours "%d" :require-hours t :minutes ":%02d" :require-minutes t)) - -(setq org-id-link-to-org-use-id 'create-if-interactive-and-no-custom-id) - -(setq org-emphasis-alist (quote (("*" bold "<b>" "</b>") - ("/" italic "<i>" "</i>") - ("_" underline "<span style=\"text-decoration:underline;\">" "</span>") - ("=" org-code "<code>" "</code>" verbatim) - ("~" org-verbatim "<code>" "</code>" verbatim)))) - -(setq org-use-sub-superscripts nil) - -(setq org-odd-levels-only nil) - -(run-at-time "00:59" 3600 'org-save-all-org-buffers) - -;; --- ombi's extension - -;; found on https://www.reddit.com/r/emacs/comments/8yrklz/using_outlinemode_with_org_agenda/ -(add-hook - 'org-agenda-mode-hook - (lambda () - (setq-local outline-regexp "^[A-Z]") - (setq-local outline-heading-end-regexp ".$") - ;; Any prefix you'd like, though C-' is usually unoccupied. - (setq-local outline-minor-mode-prefix (kbd "C-'")) - (local-set-key "a" 'outline-toggle-children) - (outline-minor-mode +1) - (local-set-key outline-minor-mode-prefix outline-mode-prefix-map))) -''; -in - modifiedBerndHansen diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix deleted file mode 100644 index 5c35bc280..000000000 --- a/jeschli/2configs/emacs.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ config, pkgs, ... }: - -let - pkgsWithOverlay = import <nixpkgs-unstable> { - overlays = [ - (import (builtins.fetchTarball { - url = https://github.com/nix-community/emacs-overlay/archive/403c14c23be188b58c0b1bc197b428041d8a0cea.tar.gz; - })) - ]; - }; - - # The emacs packages that I use - # I differ between - # - stable (Packages that I use for some time - happy with it) - # - unstable (Packages that I use for some time - but may drop) - # - testing (Packages that I try out - the new stuff) - emacsPkgs = epkgs: - (with epkgs.melpaPackages ; - - ## windows-purpose (testing) - [ window-purpose ] ++ - - ## helm (stable) - # emacs completion engine - [ helm helm-ag ] ++ - - ## deft (testing) - # text search for a directory - [ deft ] ++ - - ## lsp mode (unstable) - # Language Server Protocol mode - # Used for rust - [ company-lsp dap-mode helm-lsp lsp-mode lsp-treemacs lsp-ui ] ++ - - ## emacs convenience (stable) - # Mixed and general purpose - [ ag company direnv evil google-this spacemacs-theme ] ++ - - ## common lisp (testing) - [ slime ] ++ - - ## magit (stable) - [ magit ] ++ - - ## bunch of programming languages (unstable) - [ go-mode haskell-mode nix-mode ] ++ - - ## rust (unstable) - [ racer rust-mode ] ++ - - ## python (stable) - # Python IDE for emacs - [ elpy ]) ++ - - ## org-mode - # Org-Mode has several extensions - # and can be seen as an application of its own. - (with epkgs.melpaPackages ; - # testing - [ org-super-agenda org-bullets org-ql ] ++ - # unstable - [ smex org-mime orgit ] - ) ++ - - # stable - (with epkgs.orgPackages ; - [ org-plus-contrib ]) ++ - - # stable - (with epkgs.elpaPackages ; - [ bbdb which-key ]); - -# ## EXWM related (unstable) -# epkgs.exwm -# epkgs.melpaPackages.desktop-environment -# epkgs.melpaPackages.helm-exwm -# ]; - - emacsWithOverlay = pkgsWithOverlay.emacsWithPackagesFromUsePackage { - config = builtins.readFile ./elisp/init.el; - # Package is optional, defaults to pkgs.emacs - package = pkgsWithOverlay.emacsGit; - # Optionally provide extra packages not in the configuration file - extraEmacsPackages = emacsPkgs; - }; - - myEmacs = pkgs.writeDashBin "my-emacs" '' - exec ${emacsWithOverlay}/bin/emacs -q "$@" - ''; - - myEmacsWithDaemon = pkgs.writeDashBin "my-emacs-daemon" '' - exec ${emacsWithOverlay}/bin/emacs -q --daemon -l ${./elisp/init.el} - ''; - - myEmacsClient = pkgs.writeDashBin "meclient" '' - exec ${emacsWithOverlay}/bin/emacsclient --create-frame "$@" - ''; -in { - environment.systemPackages = [ - myEmacs myEmacsWithDaemon myEmacsClient emacsWithOverlay - ]; - -## EXWM Config -# services.xserver = { -# enable = true; -# xkbOptions = "caps:super"; -# exportConfiguration = true; -# -# displayManager.slim.enable = true; -# windowManager.default = "exwm"; -# -# # Set up the login session -# windowManager.session = [{ -# name = "exwm"; -# start = "${emacsWithOverlay}/bin/emacs -q -l " + builtins.toString ./elisp/init.el; -# }]; -# }; -} diff --git a/jeschli/2configs/firefox.nix b/jeschli/2configs/firefox.nix deleted file mode 100644 index 1e1e16918..000000000 --- a/jeschli/2configs/firefox.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, pkgs, ... }: - -let - - wrapper = pkgs.callPackage ../5pkgs/firefox/firefox-with-config.nix { }; - myFirefox = wrapper pkgs.firefox-unwrapped { - - # these plugins are defined in 5pkgs/firefox - extraExtensions = with pkgs ; [ - dark-reader - https-everywhere - ublock-origin - audio-fingerprint-defender - canvas-fingerprint-defender - webgl-fingerprint-defender - font-fingerprint-defender - user-agent-switcher - ]; - - extraPolicies = { - CaptivePortal = false; - }; - - disablePocket = true; - disableFirefoxSync = true; - allowNonSigned = true; - clearDataOnShutdown = true; - disableDrmPlugin = true; - -}; - -in { - - -environment.variables = { - BROWSER = ["firefox"]; -}; - - -environment.systemPackages = with pkgs; [ - myFirefox -]; - -} diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix deleted file mode 100644 index faa8ccf5b..000000000 --- a/jeschli/2configs/git.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - - out = { - services.nginx.enable = true; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - enable = true; - }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = public-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - stockholm = { - cgit.desc = "Bonbon aus Git - die ganze Nacht"; - }; - krebs-page = { - cgit.desc = "Die Krebs Page"; - }; - xmonad-stockholm = { - cgit.desc = "XMonad Stockholm"; - }; - }; - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - channel = "#xxx"; - nick = config.krebs.build.host.name; - refs = [ - "refs/heads/master" - ]; - server = "irc.r"; - verbose = true; - }; - }; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = [ jeschli jeschli-brauerei jeschli-bolide]; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/jeschli/2configs/haskell.nix b/jeschli/2configs/haskell.nix deleted file mode 100644 index 46ae24fb0..000000000 --- a/jeschli/2configs/haskell.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, ... }: -let - all-hies = import (fetchTarball "https://github.com/infinisil/all-hies/tarball/master") {}; -in -{ - environment.systemPackages = with pkgs; [ - cabal2nix - gcc - ghc - haskellPackages.cabal-install - haskellPackages.ghcid - haskellPackages.hindent - haskellPackages.hlint - haskellPackages.hoogle - haskellPackages.stack - (all-hies.selection { selector = p: {inherit (p) ghc864; }; }) - ]; -} diff --git a/jeschli/2configs/home-manager/default.nix b/jeschli/2configs/home-manager/default.nix deleted file mode 100644 index ad8663d58..000000000 --- a/jeschli/2configs/home-manager/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - imports = [ - <home-manager/nixos> - ]; - home-manager.useUserPackages = true; - home-manager.users.jeschli = { - home.stateVersion = "19.03"; - }; -} diff --git a/jeschli/2configs/i3.nix b/jeschli/2configs/i3.nix deleted file mode 100644 index 1a6c4927a..000000000 --- a/jeschli/2configs/i3.nix +++ /dev/null @@ -1,247 +0,0 @@ -{pkgs, environment, config, lib, ... }: - -with pkgs; - -let - - i3_conf_file = pkgs.writeText "config" '' - - # i3 config file (v4) - # doc: https://i3wm.org/docs/userguide.html - - set $mod Mod4 - - # Font for window titles. Will also be used by the bar unless a different font - # is used in the bar {} block below. - font pango:monospace 8 - - # Use Mouse+$mod to drag floating windows to their wanted position - floating_modifier $mod - - # start a terminal - bindsym $mod+Return exec i3-sensible-terminal - - # kill focused window - bindsym $mod+Shift+q kill - - # start rofi program launcher - bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run - # Switch windows with rofi - bindsym $mod+x exec ${pkgs.rofi}/bin/rofi -modi window -show window -auto-select - - # There also is the (new) i3-dmenu-desktop which only displays applications - # shipping a .desktop file. It is a wrapper around dmenu, so you need that - # installed. - # bindsym $mod+d exec --no-startup-id i3-dmenu-desktop - - # change focus - bindsym $mod+j focus left - bindsym $mod+k focus down - bindsym $mod+l focus up - bindsym $mod+semicolon focus right - - # alternatively, you can use the cursor keys: - bindsym $mod+Left focus left - bindsym $mod+Down focus down - bindsym $mod+Up focus up - bindsym $mod+Right focus right - - # move focused window - bindsym $mod+Shift+j move left - bindsym $mod+Shift+k move down - bindsym $mod+Shift+l move up - bindsym $mod+Shift+semicolon move right - - # alternatively, you can use the cursor keys: - bindsym $mod+Shift+Left move left - bindsym $mod+Shift+Down move down - bindsym $mod+Shift+Up move up - bindsym $mod+Shift+Right move right - - # split in horizontal orientation - bindsym $mod+h split h - - # split in vertical orientation - bindsym $mod+v split v - - # enter fullscreen mode for the focused container - bindsym $mod+f fullscreen toggle - - # change container layout (stacked, tabbed, toggle split) - bindsym $mod+s layout stacking - bindsym $mod+w layout tabbed - bindsym $mod+e layout toggle split - - # toggle tiling / floating - bindsym $mod+Shift+space floating toggle - - # change focus between tiling / floating windows - bindsym $mod+space focus mode_toggle - - # focus the parent container - bindsym $mod+a focus parent - - # focus the child container - #bindsym $mod+d focus child - - # Define names for default workspaces for which we configure key bindings later on. - # We use variables to avoid repeating the names in multiple places. - set $ws1 "1" - set $ws2 "2" - set $ws3 "3: Emacs" - set $ws4 "4" - set $ws5 "5" - set $ws6 "6" - set $ws7 "7" - set $ws8 "8" - set $ws9 "9" - set $ws10 "10" - - assign [class="emacs"] $ws3 - - # switch to workspace - bindsym $mod+1 workspace $ws1 - bindsym $mod+2 workspace $ws2 - bindsym $mod+3 workspace $ws3 - bindsym $mod+4 workspace $ws4 - bindsym $mod+5 workspace $ws5 - bindsym $mod+6 workspace $ws6 - bindsym $mod+7 workspace $ws7 - bindsym $mod+8 workspace $ws8 - bindsym $mod+9 workspace $ws9 - bindsym $mod+0 workspace $ws10 - - # move focused container to workspace - bindsym $mod+Shift+1 move container to workspace $ws1 - bindsym $mod+Shift+2 move container to workspace $ws2 - bindsym $mod+Shift+3 move container to workspace $ws3 - bindsym $mod+Shift+4 move container to workspace $ws4 - bindsym $mod+Shift+5 move container to workspace $ws5 - bindsym $mod+Shift+6 move container to workspace $ws6 - bindsym $mod+Shift+7 move container to workspace $ws7 - bindsym $mod+Shift+8 move container to workspace $ws8 - bindsym $mod+Shift+9 move container to workspace $ws9 - bindsym $mod+Shift+0 move container to workspace $ws10 - - # reload the configuration file - bindsym $mod+Shift+c reload - # restart i3 inplace (preserves your layout/session, can be used to upgrade i3) - bindsym $mod+Shift+r restart - # exit i3 (logs you out of your X session) - bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'" - - # resize window (you can also use the mouse for that) - mode "resize" { - # These bindings trigger as soon as you enter the resize mode - - # Pressing left will shrink the window’s width. - # Pressing right will grow the window’s width. - # Pressing up will shrink the window’s height. - # Pressing down will grow the window’s height. - bindsym j resize shrink width 10 px or 10 ppt - bindsym k resize grow height 10 px or 10 ppt - bindsym l resize shrink height 10 px or 10 ppt - bindsym semicolon resize grow width 10 px or 10 ppt - - # same bindings, but for the arrow keys - bindsym Left resize shrink width 10 px or 10 ppt - bindsym Down resize grow height 10 px or 10 ppt - bindsym Up resize shrink height 10 px or 10 ppt - bindsym Right resize grow width 10 px or 10 ppt - - # back to normal: Enter or Escape or $mod+r - bindsym Return mode "default" - bindsym Escape mode "default" - bindsym $mod+r mode "default" - } - - bindsym $mod+r mode "resize" - - bar { - status_command i3status - position top - } - - ####################### - # # - # AUTORUNS # - # # - ####################### - # Start firefox - exec --no-startup-id ${pkgs.firefox}/bin/firefox --new-instance --setDefaultBrowser - - # Start my-emacs server - exec --no-startup-id my-emacs-daemon - ''; - -in { - - ####################### - # # - # AUTORANDR # - # # - ####################### - - # Start autorandr on display change - services.autorandr = { - enable = true; - defaultTarget = "mobile"; - }; - - # What to execute after resolution has been changed - environment.etc."xdg/autorandr/postswitch" = { - text = '' sleep 4 && i3-msg "restart" ''; - - }; - - # Start autorandr once on startup - systemd.user.services.boot-autorandr = { - description = "Autorandr service"; - partOf = [ "graphical-session.target" ]; - wantedBy = [ "graphical-session.target" ]; - serviceConfig = { - ExecStart = "${pkgs.autorandr}/bin/autorandr -c"; - Type = "oneshot"; - }; - }; - - - - ####################### - # # - # XSERVER # - # # - ####################### -services.xserver.enable = true; - - # Enable i3 Window Manager - services.xserver.windowManager.i3 = { - enable = true; - package = pkgs.i3; - configFile = i3_conf_file; - }; - - - # ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name} - # ${pkgs.xorg.xhost}/bin/xhost -LOCAL: - services.xserver.windowManager.default = "i3"; - services.xserver.desktopManager.xterm.enable = false; - - - # Enable the X11 windowing system. - services.xserver.displayManager.lightdm.enable = true; - - # Allow users in video group to change brightness - environment.systemPackages = with pkgs; [ - rofi # Dmenu replacement - acpilight # Replacement for xbacklight - brightnessctl - arandr # Xrandr gui - feh - wirelesstools # To get wireless statistics - acpi - xorg.xhost - xorg.xauth - ]; - -} diff --git a/jeschli/2configs/officevpn.nix b/jeschli/2configs/officevpn.nix deleted file mode 100644 index eb0477d51..000000000 --- a/jeschli/2configs/officevpn.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, ... }: - -{ - nixpkgs.config.packageOverrides = pkgs: { - openvpn = pkgs.openvpn.override { pkcs11Support = true; useSystemd = false;}; - }; - - environment.systemPackages = with pkgs; [ - opensc - openvpn - yubikey-manager - ]; - - services.pcscd.enable = true; - - # To start the vpn manually execute - # $ openvpn --config clien.ovpn -} - diff --git a/jeschli/2configs/os-templates/CentOS-7-64bit.nix b/jeschli/2configs/os-templates/CentOS-7-64bit.nix deleted file mode 100644 index fb34e94e2..000000000 --- a/jeschli/2configs/os-templates/CentOS-7-64bit.nix +++ /dev/null @@ -1,16 +0,0 @@ -_: - -{ - imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ]; - - boot.loader.grub = { - device = "/dev/sda"; - splashImage = null; - }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; -} diff --git a/jeschli/2configs/python.nix b/jeschli/2configs/python.nix deleted file mode 100644 index 0c32e1fc8..000000000 --- a/jeschli/2configs/python.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - python37 - python37Packages.pip - pipenv - ]; -} diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix deleted file mode 100644 index f22609655..000000000 --- a/jeschli/2configs/retiolum.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, ... }: - -{ - - krebs.tinc.retiolum = { - enable = true; - connectTo = [ - "prism" - "gum" - "ni" - "dishfire" - "enklave" - ]; - }; - - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; - - networking.firewall.allowedTCPPorts = [ 80 655 ]; - networking.firewall.allowedUDPPorts = [ 655 ]; - - environment.systemPackages = [ - pkgs.tinc - ]; -} diff --git a/jeschli/2configs/rust.nix b/jeschli/2configs/rust.nix deleted file mode 100644 index 46addb15c..000000000 --- a/jeschli/2configs/rust.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - rustup - gcc - ]; -} diff --git a/jeschli/2configs/steam.nix b/jeschli/2configs/steam.nix deleted file mode 100644 index 06a068a3f..000000000 --- a/jeschli/2configs/steam.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, pkgs, ... }: - -{ - - nixpkgs.config.steam.java = true; - environment.systemPackages = with pkgs; [ - steam - ]; - hardware.opengl.driSupport32Bit = true; - - #ports for inhome streaming -} diff --git a/jeschli/2configs/tests/dummy-secrets/empty b/jeschli/2configs/tests/dummy-secrets/empty deleted file mode 100644 index e69de29bb..000000000 --- a/jeschli/2configs/tests/dummy-secrets/empty +++ /dev/null diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix deleted file mode 100644 index 4049a47a3..000000000 --- a/jeschli/2configs/urxvt.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -{ - options.jeschliFontSize = mkOption { - type = types.int; - default = 12; - }; - config = { - services.urxvtd.enable = true; - krebs.xresources.enable = true; - krebs.xresources.resources.urxvt = '' - *foreground: rgb:a8/a8/a8 - *background: rgb:00/00/00 - *faceName: DejaVu Sans Mono - *faceSize: ${toString config.jeschliFontSize} - *color0: rgb:00/00/00 - *color1: rgb:a8/00/00 - *color2: rgb:00/a8/00 - *color3: rgb:a8/54/00 - *color4: rgb:26/8b/d2 - *color5: rgb:a8/00/a8 - *color6: rgb:00/a8/a8 - *color7: rgb:a8/a8/a8 - *color8: rgb:54/54/54 - *color9: rgb:fc/54/54 - *color10: rgb:54/fc/54 - *color11: rgb:fc/fc/54 - *color12: rgb:54/54/fc - *color13: rgb:fc/54/fc - *color14: rgb:54/fc/fc - *color15: rgb:fc/fc/fc - - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*font: xft:DejaVu Sans Mono:pixelsize=${toString config.jeschliFontSize} - URXvt*faceSize: ${toString config.jeschliFontSize} - ''; - }; -} diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix deleted file mode 100644 index 586016f60..000000000 --- a/jeschli/2configs/vim.nix +++ /dev/null @@ -1,151 +0,0 @@ -{ config, pkgs, ... }: - -with import <stockholm/lib>; -let - customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { - name = "vim-javascript"; - src = pkgs.fetchFromGitHub { - owner = "pangloss"; - repo = "vim-javascript"; - rev = "1.2.5.1"; - sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; - }; - }; - customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { - name = "vim-jsx"; - src = pkgs.fetchFromGitHub { - owner = "mxw"; - repo = "vim-jsx"; - rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; - }; - }; - customPlugins.vim-fileline = pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchFromGitHub { - owner = "bogado"; - repo = "file-line"; - rev = "1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }; -in { - environment.systemPackages = [ - (pkgs.vim_configurable.customize { - name = "vim"; - vimrcConfig.customRC = let - colorscheme = ''colorscheme molokai''; - highlightTrailingWhiteSpaces = '' - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - ''; - setStatements = '' - set autowrite - set clipboard=unnamedplus - set listchars=trail:¶ - set mouse=a - set nocompatible - set path+=** - set ruler - set undodir=$HOME/.vim/undo "directory where the undo files will be stored - set undofile "turn on the feature - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - ''; - remapStatements = '' - imap jk <Esc> - map gr :GoRun<Enter> " Map gr to execute go run - map tt :GoTest<Enter> " Map tt to execute go test - map nf :NERDTreeToggle<CR> - nnoremap <C-TAB> <c-w><c-w> - nnoremap <S-TAB> :bnext<CR> - noremap x "_x - vmap v v - ''; - settingsForGo = '' - let g:go_decls_includes = "func,type" - let g:go_def_mode = 'godef' - let g:go_fmt_command = "goimports" - let g:go_highlight_extra_types = 1 - let g:go_highlight_fields = 1 - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_types = 1 - let g:go_list_type = "quickfix" - let g:go_metalinter_autosave = 1 - let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] - let g:go_snippet_case_type = "camelcase" - let g:go_test_timeout = '10s' - let g:jsx_ext_required = 0 - let g:molokai_original = 1 - let g:rehash256 = 1 - ''; - settingsForElm = '' - let g:polyglot_disabled = ['elm'] - let g:elm_detailed_complete = 1 - let g:elm_format_autosave = 1 - let g:elm_syntastic_show_warnings = 1 - ''; - in '' - ${colorscheme} - ${highlightTrailingWhiteSpaces} - ${remapStatements} - ${setStatements} - ${settingsForElm} - ${settingsForGo} - " dont expand tabs in go files and show it with four whitespaces. - autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 - ''; - vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; - vimrcConfig.vam.pluginDictionaries = [ - { names = [ - "ctrlp" - "easymotion" - "elm-vim" - "vim-fileline" - "molokai" - "nerdtree" - "snipmate" - "surround" - "Syntastic" - "undotree" - ]; - } - { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } - { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode - { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } - { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } - ]; - }) - ]; - - # set up the directories up if they are not there. -# Needs to be changed. -# vim = let -# dirs = { -# backupdir = "$HOME/.cache/vim/backup"; -# swapdir = "$HOME/.cache/vim/swap"; -# undodir = "$HOME/.cache/vim/undo"; -# }; -# files = { -# viminfo = "$HOME/.cache/vim/info"; -# }; -# -# mkdirs = let -# dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); -# in assert out != ""; out; -# alldirs = attrValues dirs ++ map dirOf (attrValues files); -# in unique (sort lessThan alldirs); -# in -# pkgs.symlinkJoin { -# name = "vim"; -# paths = [ -# (pkgs.writeDashBin "vim" '' -# set -efu -# (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) -# exec ${pkgs.vim}/bin/vim "$@" -# '') -# pkgs.vim -# ]; -# }; - -} diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix deleted file mode 100644 index c9bb8c41f..000000000 --- a/jeschli/2configs/virtualbox.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.jeschli; - -in { - #services.virtualboxHost.enable = true; - virtualisation.virtualbox.host.enable = true; - - users.extraUsers = { - virtual = { - name = "virtual"; - description = "user for running VirtualBox"; - home = "/home/virtual"; - useDefaultShell = true; - extraGroups = [ "vboxusers" "audio" ]; - createHome = true; - }; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(virtual) NOPASSWD: ALL - ''; -} diff --git a/jeschli/2configs/xdg.nix b/jeschli/2configs/xdg.nix deleted file mode 100644 index 18bac9b38..000000000 --- a/jeschli/2configs/xdg.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ - environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; - - systemd.tmpfiles.rules = let - forUsers = flip map users; - isUser = { name, group, ... }: - name == "root" || hasSuffix "users" group; - users = filter isUser (mapAttrsToList (_: id) config.users.users); - in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -"); -} diff --git a/jeschli/2configs/xserver/Xmodmap.nix b/jeschli/2configs/xserver/Xmodmap.nix deleted file mode 100644 index d2b1b2604..000000000 --- a/jeschli/2configs/xserver/Xmodmap.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, pkgs, ... }: - -with import <stockholm/lib>; - -pkgs.writeText "Xmodmap" '' - !keycode 66 = Caps_Lock - !remove Lock = Caps_Lock - clear Lock - - ! caps lock - keycode 66 = Mode_switch - - keycode 13 = 4 dollar EuroSign cent - keycode 30 = u U udiaeresis Udiaeresis - keycode 32 = o O odiaeresis Odiaeresis - keycode 38 = a A adiaeresis Adiaeresis - keycode 39 = s S ssharp - - keycode 33 = p P Greek_pi Greek_PI - keycode 46 = l L Greek_lambda Greek_LAMBDA - - keycode 54 = c C cacute Cacute - - ! BULLET OPERATOR - keycode 17 = 8 asterisk U2219 - keycode 27 = r R r U211D -'' diff --git a/jeschli/2configs/xserver/Xresources.nix b/jeschli/2configs/xserver/Xresources.nix deleted file mode 100644 index ebe7159ff..000000000 --- a/jeschli/2configs/xserver/Xresources.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -pkgs.writeText "Xresources" /* xdefaults */ '' - Xcursor.theme: aero-large-drop - Xcursor.size: 128 - - URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}‘’" - URxvt*eightBitInput: false - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 - URxvt*scrollBar: false - URxvt*background: #050505 - URxvt*foreground: #d0d7d0 - URxvt*cursorColor: #f042b0 - URxvt*cursorColor2: #f0b000 - URxvt*cursorBlink: off - URxvt*jumpScroll: true - URxvt*allowSendEvents: false - URxvt*charClass: 33:48,37:48,45-47:48,64:48,38:48,61:48,63:48 - URxvt*cutNewline: False - URxvt*cutToBeginningOfLine: False - URxvt*font: xft:Monospace:size=12 - URxvt*font: xft:Monospace:size=12:bold - URxvt*color0: #232342 - URxvt*color3: #c07000 - URxvt*color4: #4040c0 - URxvt*color7: #c0c0c0 - URxvt*color8: #707070 - URxvt*color9: #ff6060 - URxvt*color10: #70ff70 - URxvt*color11: #ffff70 - URxvt*color12: #7070ff - URxvt*color13: #ff50ff - URxvt*color14: #70ffff - URxvt*color15: #ffffff - - URxvt*iso14755: False - - URxvt*urgentOnBell: True - URxvt*visualBell: True - - ! ref https://github.com/muennich/urxvt-perls - URxvt*perl-ext: default,url-select - URxvt*keysym.M-u: perl:url-select:select_next - URxvt*url-select.underline: true - URxvt*colorUL: #4682B4 - URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl - URxvt*saveLines: 10000 - - root-urxvt*background: #230000 - root-urxvt*foreground: #e0c0c0 - root-urxvt*BorderColor: #400000 - root-urxvt*color0: #800000 -'' diff --git a/jeschli/2configs/xserver/default.nix b/jeschli/2configs/xserver/default.nix deleted file mode 100644 index 44c35ca37..000000000 --- a/jeschli/2configs/xserver/default.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ config, pkgs, ... }@args: -with import <stockholm/lib>; -let - cfg = { - cacheDir = cfg.dataDir; - configDir = "/var/empty"; - dataDir = "/run/xdg/${cfg.user.name}/xmonad"; - user = config.krebs.users.jeschli; - }; -in { - - environment.systemPackages = [ - pkgs.font-size - pkgs.gitAndTools.qgit - pkgs.mpv - pkgs.sxiv - pkgs.xdotool - pkgs.xsel - pkgs.zathura - ]; - - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; - - # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /run/wrappers/bin - krebs.setuid.slock = { - filename = "${pkgs.slock}/bin/slock"; - group = "wheel"; - envp = { - DISPLAY = ":${toString config.services.xserver.display}"; - USER = cfg.user.name; - }; - }; - - systemd.services.display-manager.enable = false; - - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - - XMONAD_CACHE_DIR = cfg.cacheDir; - XMONAD_CONFIG_DIR = cfg.configDir; - XMONAD_DATA_DIR = cfg.dataDir; - - XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & - ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & - ${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} & - ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & - ${config.services.xserver.displayManager.sessionCommands} - if test -z "$DBUS_SESSION_BUS_ADDRESS"; then - exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" "" - fi - export DBUS_SESSION_BUS_ADDRESS - ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS - wait - ''; - - # XXX JSON is close enough :) - XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ - "dashboard" # we start here - "stockholm" - "pycharm" - "chromium" - "iRC" - "git" - "hipbird" - ]); - }; - serviceConfig = { - SyslogIdentifier = "xmonad"; - ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [ - "\${XMONAD_CACHE_DIR}" - "\${XMONAD_CONFIG_DIR}" - "\${XMONAD_DATA_DIR}" - ]}"; - ExecStart = "${pkgs.xmonad-jeschli}/bin/xmonad"; - ExecStop = "${pkgs.xmonad-jeschli}/bin/xmonad --shutdown"; - User = cfg.user.name; - WorkingDirectory = cfg.user.home; - }; - }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" - ]; - reloadIfChanged = true; - environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); - }; - serviceConfig = { - SyslogIdentifier = "xserver"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = toString [ - "${pkgs.xorg.xorgserver}/bin/X" - ":${toString config.services.xserver.display}" - "vt${toString config.services.xserver.tty}" - "-config ${import ./xserver.conf.nix args}" - "-logfile /dev/null -logverbose 0 -verbose 3" - "-nolisten tcp" - "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" - ]; - }; - }; - - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - SyslogIdentifier = "urxvtd"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = cfg.user.name; - }; - }; -} diff --git a/jeschli/2configs/xserver/xserver.conf.nix b/jeschli/2configs/xserver/xserver.conf.nix deleted file mode 100644 index 6f34e0150..000000000 --- a/jeschli/2configs/xserver/xserver.conf.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - cfg = config.services.xserver; -in - -pkgs.stdenv.mkDerivation { - name = "xserver.conf"; - - xfs = optionalString (cfg.useXFS != false) - ''FontPath "${toString cfg.useXFS}"''; - - inherit (cfg) config; - - buildCommand = - '' - echo 'Section "Files"' >> $out - echo $xfs >> $out - - for i in ${toString config.fonts.fonts}; do - if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then - for j in $(find $i -name fonts.dir); do - echo " FontPath \"$(dirname $j)\"" >> $out - done - fi - done - - for i in $(find ${toString cfg.modules} -type d); do - if test $(echo $i/*.so* | wc -w) -ne 0; then - echo " ModulePath \"$i\"" >> $out - fi - done - - echo 'EndSection' >> $out - - echo "$config" >> $out - ''; -} diff --git a/jeschli/2configs/zsh.nix b/jeschli/2configs/zsh.nix deleted file mode 100644 index 0f6775efb..000000000 --- a/jeschli/2configs/zsh.nix +++ /dev/null @@ -1,138 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - environment.systemPackages = [ pkgs.fzf ]; - programs.zsh = { - enable = true; - shellInit = '' - #disable config wizard - zsh-newuser-install() { :; } - ''; - interactiveShellInit = '' - setopt autocd extendedglob - bindkey -e - - #history magic - bindkey "[A" up-line-or-local-history - bindkey "[B" down-line-or-local-history - - up-line-or-local-history() { - zle set-local-history 1 - zle up-line-or-history - zle set-local-history 0 - } - zle -N up-line-or-local-history - down-line-or-local-history() { - zle set-local-history 1 - zle down-line-or-history - zle set-local-history 0 - } - zle -N down-line-or-local-history - - setopt share_history - setopt hist_ignore_dups - # setopt inc_append_history - bindkey '^R' history-incremental-search-backward - - #C-x C-e open line in editor - autoload -z edit-command-line - zle -N edit-command-line - bindkey "^X^E" edit-command-line - - #fzf inclusion - source ${pkgs.fzf}/share/fzf/completion.zsh - source ${pkgs.fzf}/share/fzf/key-bindings.zsh - - #completion magic - autoload -Uz compinit - compinit - zstyle ':completion:*' menu select - - #enable automatic rehashing of $PATH - zstyle ':completion:*' rehash true - - eval $(dircolors -b ${pkgs.fetchFromGitHub { - owner = "trapd00r"; - repo = "LS_COLORS"; - rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0"; - sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4"; - }}/LS_COLORS) - - #beautiful colors - alias ls='ls --color' - # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} - - #emacs bindings - bindkey "[7~" beginning-of-line - bindkey "[8~" end-of-line - bindkey "Oc" emacs-forward-word - bindkey "Od" emacs-backward-word - - #aliases - alias ll='ls -l' - alias la='ls -la' - - #fancy window title magic - ''; - promptInit = '' - # TODO: figure out why we need to set this here - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - SAVEHIST=$HISTSIZE - - autoload -U promptinit - promptinit - - p_error='%(?..%F{red}%?%f )' - t_error='%(?..%? )' - - case $UID in - 0) - p_username='%F{red}root%f' - t_username='root' - ;; - 1337) - p_username="" - t_username="" - ;; - *) - p_username='%F{blue}%n%f' - t_username='%n' - ;; - esac - - if test -n "$SSH_CLIENT"; then - p_hostname='@%F{magenta}%M%f ' - t_hostname='@%M ' - else - p_hostname="" - t_hostname="" - fi - - #check if in nix shell - if test -n "$buildInputs"; then - p_nixshell='%F{green}[s]%f ' - t_nixshell='[s] ' - else - p_nixshell="" - t_nixshell="" - fi - - PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ " - TITLE="$t_error$t_username$t_hostname$t_nixshell%~" - case $TERM in - (*xterm* | *rxvt*) - function precmd { - PROMPT_EVALED="$(print -P $TITLE)" - echo -ne "\033]0;$$ $PROMPT_EVALED\007" - } - # This is seen while the shell waits for a command to complete. - function preexec { - PROMPT_EVALED="$(print -P $TITLE)" - echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" - } - ;; - esac - ''; - }; - users.defaultUserShell = "/run/current-system/sw/bin/zsh"; -} diff --git a/jeschli/5pkgs/default.nix b/jeschli/5pkgs/default.nix deleted file mode 100644 index 3fa5b5e85..000000000 --- a/jeschli/5pkgs/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -with import <stockholm/lib>; - -self: super: - -# Import files and subdirectories like they are overlays. -foldl' mergeAttrs {} - (map - (name: import (./. + "/${name}") self super) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) diff --git a/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix deleted file mode 100644 index 05815e132..000000000 --- a/jeschli/5pkgs/firefox/audio-fingerprint-defender/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ stdenv, fetchurl, unzip, jq, zip }: - -stdenv.mkDerivation rec { - pname = "audio-fingerprint-defender-${version}"; - version = "0.1.3"; - - extid = "@audio-fingerprint-defender"; - signed = false; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3363623/audiocontext_fingerprint_defender-${version}-an+fx.xpi"; - sha256 = "0yfk5vqwjg4g25c98psj56sw3kv8imxav3nss4hbibflgla1h5pb"; - }; - - phases = [ "buildPhase" ]; - - buildInputs = [ zip unzip jq ]; - - buildPhase = '' - mkdir -p $out/${extid} - unzip ${src} -d $out/${extid} - NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) - echo "$NEW_MANIFEST" > $out/${extid}/manifest.json - cd $out/${extid} - zip -r -FS $out/${extid}.xpi * - rm -r $out/${extid} - ''; - - meta = with stdenv.lib; { - description = "Audio context fingerprint defender firefox browser addon"; - homepage = https://mybrowseraddon.com/audiocontext-defender.html; - license = { - fullName = "Mozilla Public License Version 2.0"; - shortName = "moz2"; - spdxId = "mozilla-2.0"; - url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix deleted file mode 100644 index 21b4b3f97..000000000 --- a/jeschli/5pkgs/firefox/canvas-fingerprint-defender/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ stdenv, fetchurl, unzip, jq, zip }: - -stdenv.mkDerivation rec { - pname = "canvas-fingerprint-defender-${version}"; - version = "0.1.5"; - - extid = "@canvas-fingerprint-defender"; - signed = false; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3362272/canvas_fingerprint_defender-${version}-an+fx.xpi?src=recommended"; - sha256 = "1hg00zsrw7ij7bc222j83g2wm3ml1aj34zg5im1802cjq4qqvbld"; - }; - - phases = [ "buildPhase" ]; - - buildInputs = [ zip unzip jq ]; - - buildPhase = '' - mkdir -p $out/${extid} - unzip ${src} -d $out/${extid} - NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) - echo "$NEW_MANIFEST" > $out/${extid}/manifest.json - cd $out/${extid} - zip -r -FS $out/${extid}.xpi * - rm -r $out/${extid} - ''; - - meta = with stdenv.lib; { - description = "Canvas fingerprint defender firefox browser addon"; - homepage = https://mybrowseraddon.com/webgl-defender.html; - license = { - fullName = "Mozilla Public License Version 2.0"; - shortName = "moz2"; - spdxId = "mozilla-2.0"; - url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/dark-reader/default.nix b/jeschli/5pkgs/firefox/dark-reader/default.nix deleted file mode 100644 index 44f4f9054..000000000 --- a/jeschli/5pkgs/firefox/dark-reader/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - pname = "dark-reader-${version}"; - version = "4.8.1"; - - extid = "addon@darkreader.org"; - signed = true; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3404143/dark_reader-${version}-an+fx.xpi"; - sha256 = "0ic0i56jhmxymvy68bs5hqcjvdvw3vks5r58i2ygmpsm190rlldb"; - }; - - phases = [ "installPhase" ]; - - installPhase = '' - install -D ${src} "$out/${extid}.xpi" - ''; - - meta = with stdenv.lib; { - description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing."; - homepage = https://github.com/darkreader/darkreader; - license = licenses.mit; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/default.nix b/jeschli/5pkgs/firefox/default.nix deleted file mode 100644 index 6ba4fec83..000000000 --- a/jeschli/5pkgs/firefox/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -with import <stockholm/lib>; - -self: super: - -let - # This callPackage will try to detect obsolete overrides. - callPackage = path: args: let - override = self.callPackage path args; - upstream = optionalAttrs (override ? "name") - (super.${(parseDrvName override.name).name} or {}); - in if upstream ? "name" && - override ? "name" && - compareVersions upstream.name override.name != -1 - then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override - else override; -in - - mapNixDir (path: callPackage path {}) ./. diff --git a/jeschli/5pkgs/firefox/firefox-with-config.nix b/jeschli/5pkgs/firefox/firefox-with-config.nix deleted file mode 100644 index fc22c434e..000000000 --- a/jeschli/5pkgs/firefox/firefox-with-config.nix +++ /dev/null @@ -1,487 +0,0 @@ -{ stdenv, lib, pkgs, makeDesktopItem, makeWrapper, lndir, replace, config - -## various stuff that can be plugged in -, flashplayer, hal-flash -, MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2 -, jrePlugin, icedtea_web -, bluejeans, djview4, adobe-reader -, fribid, gnome3/*.gnome-shell*/ -, esteidfirefoxplugin ? "" -, browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow -, udev -, kerberos - -}: - -## configurability of the wrapper itself - -browser: - -let - wrapper = - { browserName ? browser.browserName or (builtins.parseDrvName browser.name).name - , name ? (browserName + "-" + (builtins.parseDrvName browser.name).version) - , desktopName ? # browserName with first letter capitalized - (lib.toUpper (lib.substring 0 1 browserName) + lib.substring 1 (-1) browserName) - , nameSuffix ? "" - , icon ? browserName - , extraPlugins ? [] - , extraPrefs ? "" - , extraExtensions ? [ ] - , allowNonSigned ? false - , disablePocket ? false - , disableTelemetry ? true - , disableDrmPlugin ? false - , showPunycodeUrls ? true - , disableFirefoxStudies ? true - , disableFirefoxSync ? false - , useSystemCertificates ? true - , dontCheckDefaultBrowser ? false - # For more information about anti tracking - # vist https://wiki.kairaven.de/open/app/firefox - , activateAntiTracking ? true - , disableFeedbackCommands ? true - , disableDNSOverHTTPS ? true - , disableGoogleSafebrowsing ? false - , clearDataOnShutdown ? false - , homepage ? "about:blank" - # For more information about policies visit - # https://github.com/mozilla/policy-templates#enterprisepoliciesenabled - , extraPolicies ? {} - , extraNativeMessagingHosts ? [] - , gdkWayland ? false - }: - - assert gdkWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used - - let - - # If extraExtensions has been set disable manual extensions - disableManualExtensions = if lib.count (x: true) extraExtensions > 0 then true else false; - - cfg = config.${browserName} or {}; - enableAdobeFlash = cfg.enableAdobeFlash or false; - ffmpegSupport = browser.ffmpegSupport or false; - gssSupport = browser.gssSupport or false; - jre = cfg.jre or false; - icedtea = cfg.icedtea or false; - supportsJDK = - stdenv.hostPlatform.system == "i686-linux" || - stdenv.hostPlatform.system == "x86_64-linux" || - stdenv.hostPlatform.system == "armv7l-linux" || - stdenv.hostPlatform.system == "aarch64-linux"; - - plugins = - assert !(jre && icedtea); - if builtins.hasAttr "enableVLC" cfg - then throw "The option \"${browserName}.enableVLC\" has been removed since Firefox no longer supports npapi plugins" - else - ([ ] - ++ lib.optional enableAdobeFlash flashplayer - ++ lib.optional (cfg.enableDjvu or false) (djview4) - ++ lib.optional (cfg.enableMPlayer or false) (MPlayerPlugin browser) - ++ lib.optional (supportsJDK && jre && jrePlugin ? mozillaPlugin) jrePlugin - ++ lib.optional icedtea icedtea_web - ++ lib.optional (cfg.enableFriBIDPlugin or false) fribid - ++ lib.optional (cfg.enableGnomeExtensions or false) gnome3.gnome-shell - ++ lib.optional (cfg.enableBluejeans or false) bluejeans - ++ lib.optional (cfg.enableAdobeReader or false) adobe-reader - ++ lib.optional (cfg.enableEsteid or false) esteidfirefoxplugin - ++ extraPlugins - ); - nativeMessagingHosts = - ([ ] - ++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass) - ++ lib.optional (cfg.enableBukubrow or false) bukubrow - ++ lib.optional (cfg.enableGnomeExtensions or false) chrome-gnome-shell - ++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator - ++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma-browser-integration - ++ extraNativeMessagingHosts - ); - libs = lib.optional stdenv.isLinux udev - ++ lib.optional ffmpegSupport ffmpeg - ++ lib.optional gssSupport kerberos - ++ lib.optionals (cfg.enableQuakeLive or false) - (with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsaLib zlib ]) - ++ lib.optional (enableAdobeFlash && (cfg.enableAdobeFlashDRM or false)) hal-flash - ++ lib.optional (config.pulseaudio or true) libpulseaudio; - gtk_modules = [ libcanberra-gtk2 ]; - - enterprisePolicies = - { - policies = { - DisableAppUpdate = true; - } // lib.optionalAttrs disableManualExtensions ( - { - ExtensionSettings = { - "*" = { - blocked_install_message = "You can't have manual extension mixed with nix extensions"; - installation_mode = "blocked"; - }; - - } // lib.foldr (e: ret: - ret // { - "${e.extid}" = { - installation_mode = "allowed"; - }; - } - ) {} extraExtensions; - } - ) // lib.optionalAttrs disablePocket ( - { - DisablePocket = true; - } - ) // lib.optionalAttrs disableTelemetry ( - { - DisableTelemetry = true; - } - ) // lib.optionalAttrs disableFirefoxStudies ( - { - DisableFirefoxStudies = true; - } - ) // lib.optionalAttrs disableFirefoxSync ( - { - DisableFirefoxAccounts = true; - } - ) // lib.optionalAttrs useSystemCertificates ( - { - # Disable useless firefox certificate store - Certificates = { - ImportEnterpriseRoots = true; - }; - } - ) // lib.optionalAttrs ( - if lib.count (x: true) extraExtensions > 0 then true else false) ( - { - # Don't try to update nix installed addons - DisableSystemAddonUpdate = true; - - # But update manually installed addons - ExtensionUpdate = false; - } - ) // lib.optionalAttrs dontCheckDefaultBrowser ( - { - DontCheckDefaultBrowser = true; - } - )// lib.optionalAttrs disableDNSOverHTTPS ( - { - DNSOverHTTPS = { - Enabled = false; - }; - } - ) // lib.optionalAttrs clearDataOnShutdown ( - { - SanitizeOnShutdown = true; - } - ) // lib.optionalAttrs disableFeedbackCommands ( - { - DisableFeedbackCommands = true; - } - ) // lib.optionalAttrs ( if homepage == "" then false else true) ( - { - Homepage = { - URL = homepage; - Locked = true; - }; - } - ) // extraPolicies ;} ; - - - extensions = builtins.map (a: - if ! (builtins.hasAttr "signed" a) || ! (builtins.isBool a.signed) then - throw "Addon ${a.pname} needs boolean attribute 'signed' " - else if ! (builtins.hasAttr "extid" a) || ! (builtins.isString a.extid) then - throw "Addon ${a.pname} needs a string attribute 'extid'" - else if a.signed == false && !allowNonSigned then - throw "Disable signature checking in firefox if you want ${a.pname} addon" - else a - ) extraExtensions; - - policiesJson = builtins.toFile "policies.json" - (builtins.toJSON enterprisePolicies); - - mozillaCfg = builtins.toFile "mozilla.cfg" '' - // First line must be a comment - - // Remove default top sites - lockPref("browser.newtabpage.pinned", ""); - lockPref("browser.newtabpage.activity-stream.default.sites", ""); - - // Deactivate first run homepage - lockPref("browser.startup.firstrunSkipsHomepage", false); - - // If true, don't show the privacy policy tab on first run - lockPref("datareporting.policy.dataSubmissionPolicyBypassNotification", true); - - ${ - if allowNonSigned == true then - ''lockPref("xpinstall.signatures.required", false)'' - else - "" - } - - ${ - if showPunycodeUrls == true then - '' - lockPref("network.IDN_show_punycode", true); - '' - else - "" - } - - ${ - if disableManualExtensions == true then - '' - lockPref("extensions.getAddons.showPane", false); - lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); - lockPref("app.update.auto", false); - '' - else - "" - } - - ${ - if disableDrmPlugin == true then - '' - lockPref("media.gmp-gmpopenh264.enabled", false); - lockPref("media.gmp-widevinecdm.enabled", false); - '' - else - "" - } - - ${ - if activateAntiTracking == true then - '' - // Tracking - lockPref("browser.send_pings", false); - lockPref("browser.send_pings.require_same_host", true); - lockPref("network.dns.disablePrefetch", true); - lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false); - lockPref("browser.search.geoip.url", ""); - lockPref("privacy.firstparty.isolate", true); - lockPref("privacy.userContext.enabled", true); - lockPref("privacy.userContext.ui.enabled", true); - lockPref("privacy.firstparty.isolate.restrict_opener_access", false); - lockPref("network.http.referer.XOriginPolicy", 1); - lockPref("network.http.referer.hideOnionSource", true); - lockPref(" privacy.spoof_english", true); - - // This option is currently not usable because of bug: - // https://bugzilla.mozilla.org/show_bug.cgi?id=1557620 - // lockPref("privacy.resistFingerprinting", true); - '' - else "" - } - ${ - if disableTelemetry == true then - '' - // Telemetry - lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); - lockPref("browser.ping-centre.telemetry", false); - lockPref("devtools.onboarding.telemetry.logged", false); - lockPref("toolkit.telemetry.archive.enabled", false); - lockPref("toolkit.telemetry.bhrPing.enabled", false); - lockPref("toolkit.telemetry.enabled", false); - lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); - lockPref("toolkit.telemetry.hybridContent.enabled", false); - lockPref("toolkit.telemetry.newProfilePing.enabled", false); - lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); - lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); - lockPref("dom.push.enabled", false); - lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); - lockPref("security.ssl.errorReporting.enabled", false); - '' - else "" - } - - ${ - if disableGoogleSafebrowsing == true then - '' - // Google data sharing - lockPref("browser.safebrowsing.blockedURIs.enabled", false); - lockPref("browser.safebrowsing.downloads.enabled", false); - lockPref("browser.safebrowsing.malware.enabled", false); - lockPref("browser.safebrowsing.passwords.enabled", false); - lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); - lockPref("browser.safebrowsing.malware.enabled", false); - lockPref("browser.safebrowsing.phishing.enabled", false); - lockPref("browser.safebrowsing.provider.mozilla.gethashURL", ""); - lockPref("browser.safebrowsing.provider.mozilla.updateURL", ""); - '' - else "" - } - - // User customization - ${extraPrefs} - ''; - in stdenv.mkDerivation { - inherit name; - - desktopItem = makeDesktopItem { - name = browserName; - exec = "${browserName}${nameSuffix} %U"; - inherit icon; - comment = ""; - desktopName = "${desktopName}${nameSuffix}${lib.optionalString gdkWayland " (Wayland)"}"; - genericName = "Web Browser"; - categories = "Application;Network;WebBrowser;"; - mimeType = stdenv.lib.concatStringsSep ";" [ - "text/html" - "text/xml" - "application/xhtml+xml" - "application/vnd.mozilla.xul+xml" - "x-scheme-handler/http" - "x-scheme-handler/https" - "x-scheme-handler/ftp" - ]; - }; - - nativeBuildInputs = [ makeWrapper lndir ]; - buildInputs = lib.optional (browser ? gtk3) browser.gtk3; - - buildCommand = lib.optionalString stdenv.isDarwin '' - mkdir -p $out/Applications - cp -R --no-preserve=mode,ownership ${browser}/Applications/${browserName}.app $out/Applications - rm -f $out${browser.execdir or "/bin"}/${browserName} - '' + '' - - # Link the runtime. The executable itself has to be copied, - # because it will resolve paths relative to its true location. - # Any symbolic links have to be replicated as well. - cd "${browser}" - find . -type d -exec mkdir -p "$out"/{} \; - - find . -type f \( -not -name "${browserName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \; - - find . -type f -name "${browserName}" -print0 | while read -d $'\0' f; do - cp -P --no-preserve=mode,ownership "${browser}/$f" "$out/$f" - chmod a+rwx "$out/$f" - done - - # fix links and absolute references - cd "${browser}" - - find . -type l -print0 | while read -d $'\0' l; do - target="$(readlink "$l" | ${replace}/bin/replace-literal -es -- "${browser}" "$out")" - ln -sfT "$target" "$out/$l" - done - - # This will not patch binaries, only "text" files. - # Its there for the wrapper mostly. - cd "$out" - ${replace}/bin/replace-literal -esfR -- "${browser}" "$out" - - # create the wrapper - - executablePrefix="$out${browser.execdir or "/bin"}" - executablePath="$executablePrefix/${browserName}" - - if [ ! -x "$executablePath" ] - then - echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'" - exit 1 - fi - - if [ ! -L "$executablePath" ] - then - # Careful here, the file at executablePath may already be - # a wrapper. That is why we postfix it with -old instead - # of -wrapped. - oldExe="$executablePrefix"/".${browserName}"-old - mv "$executablePath" "$oldExe" - else - oldExe="$(readlink -v --canonicalize-existing "$executablePath")" - fi - - - makeWrapper "$oldExe" "$out${browser.execdir or "/bin"}/${browserName}${nameSuffix}" \ - --suffix-each MOZ_PLUGIN_PATH ':' "$plugins" \ - --suffix LD_LIBRARY_PATH ':' "$libs" \ - --suffix-each GTK_PATH ':' "$gtk_modules" \ - --suffix-each LD_PRELOAD ':' "$(cat $(filterExisting $(addSuffix /extra-ld-preload $plugins)))" \ - --prefix-contents PATH ':' "$(filterExisting $(addSuffix /extra-bin-path $plugins))" \ - --suffix PATH ':' "$out${browser.execdir or "/bin"}" \ - --set MOZ_APP_LAUNCHER "${browserName}${nameSuffix}" \ - --set MOZ_SYSTEM_DIR "$out/lib/mozilla" \ - ${lib.optionalString gdkWayland '' - --set GDK_BACKEND "wayland" \ - ''}${lib.optionalString (browser ? gtk3) - ''--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ - --suffix XDG_DATA_DIRS : '${gnome3.adwaita-icon-theme}/share' - '' - } - - if [ -e "${browser}/share/icons" ]; then - mkdir -p "$out/share" - ln -s "${browser}/share/icons" "$out/share/icons" - else - for res in 16 32 48 64 128; do - mkdir -p "$out/share/icons/hicolor/''${res}x''${res}/apps" - icon=( "${browser}/lib/"*"/browser/chrome/icons/default/default''${res}.png" ) - if [ -e "$icon" ]; then ln -s "$icon" \ - "$out/share/icons/hicolor/''${res}x''${res}/apps/${browserName}.png" - fi - done - fi - - install -D -t $out/share/applications $desktopItem/share/applications/* - - mkdir -p $out/lib/mozilla - for ext in ${toString nativeMessagingHosts}; do - lndir -silent $ext/lib/mozilla $out/lib/mozilla - done - - # For manpages, in case the program supplies them - mkdir -p $out/nix-support - echo ${browser} > $out/nix-support/propagated-user-env-packages - - # user customization - mkdir -p $out/lib/firefox - - # creating policies.json - mkdir -p "$out/lib/firefox/distribution" - - cat > "$out/lib/firefox/distribution/policies.json" < ${policiesJson} - - # preparing for autoconfig - mkdir -p "$out/lib/firefox/defaults/pref" - - cat > "$out/lib/firefox/defaults/pref/autoconfig.js" <<EOF - pref("general.config.filename", "mozilla.cfg"); - pref("general.config.obscure_value", 0); - EOF - - cat > "$out/lib/firefox/mozilla.cfg" < ${mozillaCfg} - - mkdir -p $out/lib/firefox/distribution/extensions - - for i in ${toString extensions}; do - ln -s -t $out/lib/firefox/distribution/extensions $i/* - done - ''; - - preferLocalBuild = true; - - # Let each plugin tell us (through its `mozillaPlugin') attribute - # where to find the plugin in its tree. - plugins = map (x: x + x.mozillaPlugin) plugins; - libs = lib.makeLibraryPath libs + ":" + lib.makeSearchPathOutput "lib" "lib64" libs; - gtk_modules = map (x: x + x.gtkModule) gtk_modules; - - passthru = { unwrapped = browser; }; - - disallowedRequisites = [ stdenv.cc ]; - - meta = browser.meta // { - description = - browser.meta.description - + " (with plugins: " - + lib.concatStrings (lib.intersperse ", " (map (x: x.name) plugins)) - + ")"; - hydraPlatforms = []; - priority = (browser.meta.priority or 0) - 1; # prefer wrapper over the package - }; - }; -in - lib.makeOverridable wrapper diff --git a/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix deleted file mode 100644 index 26751beef..000000000 --- a/jeschli/5pkgs/firefox/font-fingerprint-defender/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ stdenv, fetchurl, unzip, jq, zip }: - -stdenv.mkDerivation rec { - pname = "font-fingerprint-defender-${version}"; - version = "0.1.0"; - - extid = "@font-fingerprint-defender"; - signed = false; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3387637/font_fingerprint_defender-${version}-an+fx.xpi"; - sha256 = "1aidkvisnx6qd7hn2x756rvzmbnaz6laqbwq0j5yd86g1kc56dr0"; - }; - - phases = [ "buildPhase" ]; - - buildInputs = [ zip unzip jq ]; - - buildPhase = '' - mkdir -p $out/${extid} - unzip ${src} -d $out/${extid} - NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) - echo "$NEW_MANIFEST" > $out/${extid}/manifest.json - cd $out/${extid} - zip -r -FS $out/${extid}.xpi * - rm -r $out/${extid} - ''; - - meta = with stdenv.lib; { - description = "Font fingerprint defender firefox browser addon"; - homepage = https://mybrowseraddon.com/font-defender.html; - license = { - fullName = "Mozilla Public License Version 2.0"; - shortName = "moz2"; - spdxId = "mozilla-2.0"; - url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/hopper/default.nix b/jeschli/5pkgs/firefox/hopper/default.nix deleted file mode 100644 index 569fc6aaf..000000000 --- a/jeschli/5pkgs/firefox/hopper/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ stdenv, fetchurl, pkgs, makeWrapper, lib }: - -stdenv.mkDerivation rec { - name = "${pname}-${version}"; - pname = "hopper"; - version = "4.5.16"; - rev = "v${lib.versions.major version}"; - - src = fetchurl { - url = "https://d2ap6ypl1xbe4k.cloudfront.net/Hopper-${rev}-${version}-Linux.pkg.tar.xz"; - sha256 = "0gjnn7f6ibfx46k4bbj8ra7k04s0mrpq7316brgzks6x5yd1m584"; - }; - - sourceRoot = "."; - - ldLibraryPath = with pkgs; stdenv.lib.makeLibraryPath [ -libbsd.out libffi.out gmpxx.out python27Full.out python27Packages.libxml2.out qt5.qtbase zlib xlibs.libX11.out xorg_sys_opengl.out xlibs.libXrender.out gcc-unwrapped.lib - ]; - - nativeBuildInputs = [ makeWrapper ]; - - installPhase = '' - mkdir -p $out/bin - mkdir -p $out/lib - mkdir -p $out/share - cp $sourceRoot/opt/hopper-${rev}/bin/Hopper $out/bin/hopper - cp -r $sourceRoot/opt/hopper-${rev}/lib $out - cp -r $sourceRoot/usr/share $out/share - patchelf \ - --set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \ - $out/bin/hopper - # Details: https://nixos.wiki/wiki/Qt - wrapProgram $out/bin/hopper \ - --suffix LD_LIBRARY_PATH : ${ldLibraryPath} \ - --suffix QT_PLUGIN_PATH : ${pkgs.qt5.qtbase}/lib/qt-${pkgs.qt5.qtbase.qtCompatVersion}/plugins - ''; - - meta = { - homepage = "https://www.hopperapp.com/index.html"; - description = "A macOS and Linux Disassembler"; - license = stdenv.lib.licenses.unfree; - maintainers = [ stdenv.lib.maintainers.luis ]; - platforms = stdenv.lib.platforms.linux; - }; -} diff --git a/jeschli/5pkgs/firefox/https-everywhere/default.nix b/jeschli/5pkgs/firefox/https-everywhere/default.nix deleted file mode 100644 index 66fede43c..000000000 --- a/jeschli/5pkgs/firefox/https-everywhere/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - pname = "https-everywhere-${version}"; - version = "2019.6.27"; - - extid = "https-everywhere@eff.org"; - signed = true; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3060290/https_everywhere-${version}-an+fx.xpi"; - sha256 = "0743lhn9phn7n6c0886h9ddn1n8vhzbl0vrw177zs43995aj3frp"; - }; - - phases = [ "installPhase" ]; - - installPhase = '' - install -D ${src} "$out/${extid}.xpi" - - ''; - - meta = { - description = "Https everywhere browser addon"; - homepage = https://www.eff.org/https-everywhere; - license = stdenv.lib.licenses.gpl2Plus; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/pyocclient/default.nix b/jeschli/5pkgs/firefox/pyocclient/default.nix deleted file mode 100644 index cd91f6171..000000000 --- a/jeschli/5pkgs/firefox/pyocclient/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, python37Packages }: - -python37Packages.buildPythonPackage rec { - pname = "pyocclient"; - version = "0.4"; - - src = python37Packages.fetchPypi { - inherit pname version; - sha256 = "19k3slrk2idixsdw61in9a3jxglvkigkn5kvwl37lj8hrwr4yq6q"; - }; - - doCheck = false; - - propagatedBuildInputs = with python37Packages; [ - requests - six - ]; - - meta = with lib; { - homepage = https://github.com/owncloud/pyocclient/; - description = "Nextcloud / Owncloud library for python"; - license = licenses.mit; - maintainers = with maintainers; [ ]; - }; - -} diff --git a/jeschli/5pkgs/firefox/rmount/default.nix b/jeschli/5pkgs/firefox/rmount/default.nix deleted file mode 100644 index 22631f420..000000000 --- a/jeschli/5pkgs/firefox/rmount/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ stdenv, fetchgit, makeWrapper, lib, pkgs ? import <nixpkgs> {} }: -with pkgs; - -stdenv.mkDerivation rec { - name = "rmount-${version}"; - version = "1.0.1"; - rev = "v${version}"; - - src = fetchgit { - rev = "9df124780d2e66f01c70afaecf92090669c5ffb6"; - url = "https://github.com/Luis-Hebendanz/rmount"; - sha256 = "0ydb6sspfnfa3y6gg1r8sk4r58il6636lpqwb2rw7dzmb4b8hpd2"; - }; - - buildInputs = [ stdenv makeWrapper ]; - - installPhase = '' - mkdir -p $out/bin - mkdir -p $out/share/man/man1 - cp ${src}/rmount.man $out/share/man/man1/rmount.1 - cp ${src}/rmount.bash $out/bin/rmount-noenv - cp ${src}/config.json $out/share/config.json - chmod +x $out/bin/rmount-noenv - - makeWrapper $out/bin/rmount-noenv $out/bin/rmount \ - --prefix PATH : ${lib.makeBinPath [ nmap jq cifs-utils sshfs ]} - ''; - - meta = { - homepage = "https://github.com/Luis-Hebendanz/rmount"; - description = "Remote mount utility which parses a json file"; - license = stdenv.lib.licenses.mit; - }; -} diff --git a/jeschli/5pkgs/firefox/ublock-origin/default.nix b/jeschli/5pkgs/firefox/ublock-origin/default.nix deleted file mode 100644 index 002fa3efc..000000000 --- a/jeschli/5pkgs/firefox/ublock-origin/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - pname = "ublock-origin-${version}"; - version = "1.21.2"; - - extid = "uBlock0@raymondhill.net"; - signed = true; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3361355/ublock_origin-${version}-an+fx.xpi"; - sha256 = "0ypdq3z61mrymknl37qlq6379bx9f2fsgbgr0czbhqs9f2vwszkc"; - }; - - phases = [ "installPhase" ]; - - installPhase = '' - install -D ${src} "$out/${extid}.xpi" - ''; - - meta = with stdenv.lib; { - description = "ublock origin firefox browser addon"; - homepage = https://github.com/gorhill/uBlock; - license = licenses.gpl3; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/user-agent-switcher/default.nix b/jeschli/5pkgs/firefox/user-agent-switcher/default.nix deleted file mode 100644 index c96f11129..000000000 --- a/jeschli/5pkgs/firefox/user-agent-switcher/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ stdenv, fetchurl, unzip, jq, zip }: - -stdenv.mkDerivation rec { - pname = "user-agent-switcher-${version}"; - version = "0.3.2"; - - extid = "@user-agent-switcher"; - signed = false; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3370255/user_agent_switcher_and_manager-${version}-an+fx.xpi"; - sha256 = "0lrw1xf6fsxr47bifkayfxpysv8s2p9ghmbmw2s7ymhrgy42i6v5"; - }; - - phases = [ "buildPhase" ]; - - buildInputs = [ zip unzip jq ]; - - buildPhase = '' - mkdir -p $out/${extid} - unzip ${src} -d $out/${extid} - NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) - echo "$NEW_MANIFEST" > $out/${extid}/manifest.json - cd $out/${extid} - zip -r -FS $out/${extid}.xpi * - rm -r $out/${extid} - ''; - - meta = with stdenv.lib; { - description = "User agent switcher"; - homepage = https://add0n.com/useragent-switcher.html; - license = { - fullName = "Mozilla Public License Version 2.0"; - shortName = "moz2"; - spdxId = "mozilla-2.0"; - url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix b/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix deleted file mode 100644 index 4e608d182..000000000 --- a/jeschli/5pkgs/firefox/webgl-fingerprint-defender/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ stdenv, fetchurl, unzip, jq, zip }: - -stdenv.mkDerivation rec { - pname = "webgl-fingerprint-defender-${version}"; - version = "0.1.2"; - - extid = "@webgl-fingerprint-defender"; - signed = false; - - src = fetchurl { - url = "https://addons.mozilla.org/firefox/downloads/file/3362869/webgl_fingerprint_defender-${version}-an+fx.xpi"; - sha256 = "06hfr5hxr4qw0jx6i9fi9gdk5211z08brnvqj2jlmpyc3dwl4pif"; - }; - - phases = [ "buildPhase" ]; - - buildInputs = [ zip unzip jq ]; - - buildPhase = '' - mkdir -p $out/${extid} - unzip ${src} -d $out/${extid} - NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) - echo "$NEW_MANIFEST" > $out/${extid}/manifest.json - cd $out/${extid} - zip -r -FS $out/${extid}.xpi * - rm -r $out/${extid} - ''; - - meta = with stdenv.lib; { - description = "Canvas defender firefox browser addon"; - homepage = https://mybrowseraddon.com/webgl-defender.html; - license = { - fullName = "Mozilla Public License Version 2.0"; - shortName = "moz2"; - spdxId = "mozilla-2.0"; - url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; - maintainers = []; - platforms = stdenv.lib.platforms.all; - }; -} diff --git a/jeschli/5pkgs/firefox/wl-clipboard/default.nix b/jeschli/5pkgs/firefox/wl-clipboard/default.nix deleted file mode 100644 index 349d910da..000000000 --- a/jeschli/5pkgs/firefox/wl-clipboard/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig -, wayland, wayland-protocols }: - -stdenv.mkDerivation rec { - pname = "wl-clipboard"; - version = "2.0.0"; - - src = fetchFromGitHub { - owner = "bugaevc"; - repo = "wl-clipboard"; - rev = "v${version}"; - sha256 = "0c4w87ipsw09aii34szj9p0xfy0m00wyjpll0gb0aqmwa60p0c5d"; - }; - - nativeBuildInputs = [ meson ninja pkgconfig wayland-protocols ]; - buildInputs = [ wayland ]; - - meta = with stdenv.lib; { - description = "Command-line copy/paste utilities for Wayland"; - homepage = https://github.com/bugaevc/wl-clipboard; - license = licenses.gpl3; - maintainers = with maintainers; [ dywedir ]; - platforms = platforms.linux; - }; -} diff --git a/jeschli/5pkgs/simple/default.nix b/jeschli/5pkgs/simple/default.nix deleted file mode 100644 index 6ba4fec83..000000000 --- a/jeschli/5pkgs/simple/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -with import <stockholm/lib>; - -self: super: - -let - # This callPackage will try to detect obsolete overrides. - callPackage = path: args: let - override = self.callPackage path args; - upstream = optionalAttrs (override ? "name") - (super.${(parseDrvName override.name).name} or {}); - in if upstream ? "name" && - override ? "name" && - compareVersions upstream.name override.name != -1 - then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override - else override; -in - - mapNixDir (path: callPackage path {}) ./. diff --git a/jeschli/default.nix b/jeschli/default.nix deleted file mode 100644 index b57932719..000000000 --- a/jeschli/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ../krebs - ./2configs - ]; - - nixpkgs.config.packageOverrides = import ./5pkgs pkgs; -} diff --git a/jeschli/krops.nix b/jeschli/krops.nix deleted file mode 100644 index 242f1f7bb..000000000 --- a/jeschli/krops.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ name }: let - inherit (import ../krebs/krops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - (krebs-source { test = test; }) - { - nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; - nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs"; - ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; - }; - secrets = if test then { - file = toString ./2configs/tests/dummy-secrets; - } else { - file = "${lib.getEnv "HOME"}/secrets/${name}"; - }; - } - { - home-manager.git = { - url = https://github.com/rycee/home-manager; - ref = "2ccbf43"; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - inherit target; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) - test = { target }: pkgs.krops.writeTest "${name}-test" { - force = true; - inherit target; - source = source { test = true; }; - }; -} diff --git a/krebs/3modules/external/dbalan.nix b/kartei/dbalan/default.nix index 301f010d3..fadf187db 100644 --- a/krebs/3modules/external/dbalan.nix +++ b/kartei/dbalan/default.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ../../lib; { config, ... }: let hostDefaults = hostName: host: flip recursiveUpdate host ({ diff --git a/kartei/default.nix b/kartei/default.nix new file mode 100644 index 000000000..6024e2351 --- /dev/null +++ b/kartei/default.nix @@ -0,0 +1,18 @@ +{ config, lib, ... }: let + removeTemplate = + # TODO don't remove during CI + lib.flip builtins.removeAttrs ["template"]; +in { + config = + lib.mkMerge + (lib.mapAttrsToList + (name: _type: let + path = ./. + "/${name}"; + in { + krebs = import path { inherit config; }; + }) + (removeTemplate + (lib.filterAttrs + (_name: type: type == "directory") + (builtins.readDir ./.)))); +} diff --git a/krebs/3modules/jeschli/default.nix b/kartei/jeschli/default.nix index 41743612a..fe12c16a4 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/kartei/jeschli/default.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ../../lib; { config, ... }: let hostDefaults = hostName: host: flip recursiveUpdate host ({ diff --git a/krebs/3modules/external/kmein.nix b/kartei/kmein/default.nix index 09a95f02e..1a5a57d1a 100644 --- a/krebs/3modules/external/kmein.nix +++ b/kartei/kmein/default.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ../../lib; { config, ... }: let maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else []; @@ -82,6 +82,8 @@ in "makanek.r" "makanek.kmein.r" "grafana.kmein.r" + "alertmanager.kmein.r" + "prometheus.kmein.r" "names.kmein.r" "graph.r" "rrm.r" @@ -138,6 +140,28 @@ in wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; }; }; + tabula = { + nets.retiolum = { + ip4.addr = "10.243.2.78"; + aliases = [ "tabula.r" "tabula.kmein.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA4cdFDoKRA9t+r686w6gH1u4UjEQJBmhsf3tkPEkv7nyVr4ahcZQk + rQwlhNRJwv0wekwO0qG19VoAmBkVMzYu5JWn9WeYfIEUtP3ndPa7tqWQ4qIkYh8q + 4KQ03Y3CZav5ClK9rLO7gj+dsP+BhVdqhte4pJANs4CyglYkyu6p0P4+R2P0tfcq + LTl8RB+SXuafqzhoQD+yhhA1HR8O1o9gHJjKiEVrSLwSFfD8WWH55yeWzIYAbuv8 + 8a5VzhS5zvDYUFTP1WUPTeGlKsJdslSZqsrZmBDpkh1iEpRzQUnwQNMJ/uGXIldE + 3FKKoL9LKlvr1Iz9IcuxO4QLk+DoC8+Jc7yQrwIiQQCwAfwdyY6KcRDAqna1WZRd + MFRvPd6y1BmLVJMG43VpWm5POE9Gw5nj5IzSNAFshoNljf246y2+wf8EtULqtrJD + DMckquiYRnzQPco9PgjLfH/6SnlB/oXhvT4+rB4KceSoFKOLWq1pFogDGDy0xyB0 + ufkPsXiYE2KRnkozDJWlKSqrkM3GSR2lTM5cAmLh8VzxkI6LeJu8/6qxFa6J6tn4 + +kH8yjbcLqjmuUykfOZ2eL4GniaFexDvZcGgLD1I5f1ylEmSuU6boyx83WkCH7NH + 1cmaBDQsy4x0gMUYlLDVDW7X2PECoq5mQ61FHBNkdNOujOM/JPnYf4UCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "eZsnMScJdH5k/W3Y5fILnz5Kc01R+dRzjjE/cnu96VF"; + }; + }; tahina = { nets.retiolum = { ip4.addr = "10.243.2.74"; diff --git a/krebs/3modules/external/gpg/kmein.gpg b/kartei/kmein/kmein.gpg index 1fa694326..1fa694326 100644 --- a/krebs/3modules/external/gpg/kmein.gpg +++ b/kartei/kmein/kmein.gpg diff --git a/krebs/3modules/external/ssh/kmein.kabsa.pub b/kartei/kmein/ssh/kmein.kabsa.pub index a3cec5f8f..a3cec5f8f 100644 --- a/krebs/3modules/external/ssh/kmein.kabsa.pub +++ b/kartei/kmein/ssh/kmein.kabsa.pub diff --git a/krebs/3modules/external/ssh/kmein.manakish.pub b/kartei/kmein/ssh/kmein.manakish.pub index 8be09d407..8be09d407 100644 --- a/krebs/3modules/external/ssh/kmein.manakish.pub +++ b/kartei/kmein/ssh/kmein.manakish.pub diff --git a/krebs/3modules/krebs/default.nix b/kartei/krebs/default.nix index 854176f0b..e5626d923 100644 --- a/krebs/3modules/krebs/default.nix +++ b/kartei/krebs/default.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ../../lib; { config, ... }: let hostDefaults = hostName: host: flip recursiveUpdate host ({ @@ -78,6 +78,7 @@ in { "build.r" "build.hotdog.r" "ca.r" + "calendar.r" "cgit.hotdog.r" "irc.r" "wiki.r" @@ -164,12 +165,20 @@ in { ponte = { cores = 1; owner = config.krebs.users.krebs; + extraZones = { + "krebsco.de" = /* bindzone */ '' + krebsco.de. 60 IN A ${config.krebs.hosts.ponte.nets.internet.ip4.addr} + ''; + }; nets = rec { internet = { - ip4 = { + ip4 = rec { addr = "141.147.36.79"; - prefix = "0.0.0.0/0"; + prefix = "${addr}/32"; }; + aliases = [ + "ponte.i" + ]; }; retiolum = { via = internet; diff --git a/krebs/3modules/lass/default.nix b/kartei/lass/default.nix index 3e58fee1d..e17e000dd 100644 --- a/krebs/3modules/lass/default.nix +++ b/kartei/lass/default.nix @@ -1,12 +1,6 @@ -with import <stockholm/lib>; +with import ../../lib; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host { - ci = true; - monitoring = true; - owner = config.krebs.users.lass; - }; - r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; @@ -16,6 +10,7 @@ in { }; hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; + consul = true; ci = true; monitoring = true; }) { @@ -64,11 +59,12 @@ in { cores = 4; extraZones = { "krebsco.de" = '' - cache IN A ${nets.internet.ip4.addr} - p IN A ${nets.internet.ip4.addr} - c IN A ${nets.internet.ip4.addr} - paste IN A ${nets.internet.ip4.addr} - prism IN A ${nets.internet.ip4.addr} + cache 60 IN A ${nets.internet.ip4.addr} + p 60 IN A ${nets.internet.ip4.addr} + c 60 IN A ${nets.internet.ip4.addr} + paste 60 IN A ${nets.internet.ip4.addr} + prism 60 IN A ${nets.internet.ip4.addr} + social 60 IN A ${nets.internet.ip4.addr} ''; "lassul.us" = '' $TTL 3600 @@ -78,7 +74,7 @@ in { 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} IN MX 5 mail.lassul.us. - 60 IN TXT v=spf1 mx a:lassul.us -all + 60 IN TXT "v=spf1 mx -all" 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} @@ -418,6 +414,7 @@ in { }; xerxes = { cores = 2; + consul = false; nets = rec { retiolum = { ip4.addr = "10.243.1.3"; @@ -592,7 +589,53 @@ in { syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; }; + massulus = { + cores = 1; + ci = false; + nets = { + retiolum = { + ip4.addr = "10.243.0.113"; + ip6.addr = r6 "113"; + aliases = [ + "massulus.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt + ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN + ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K + zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3 + F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e + v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd + kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF + LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW + EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb + KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl + oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00 + yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM"; + port = 1655; + }; + }; + wiregrill = { + ip6.addr = w6 "113"; + aliases = [ + "massulus.w" + ]; + wireguard.pubkey = '' + 4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ= + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 "; + }; + phone = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.13"; @@ -608,6 +651,7 @@ in { syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; tablet = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.14"; @@ -622,6 +666,7 @@ in { ci = false; }; hilum = { + consul = false; cores = 1; nets = { retiolum = { @@ -797,6 +842,7 @@ in { }; lasspi = { + consul = false; cores = 1; nets = { retiolum = { @@ -840,6 +886,7 @@ in { }; domsen-pixel = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.17"; diff --git a/krebs/3modules/lass/pgp/mors.pgp b/kartei/lass/pgp/mors.pgp index 6d985f0e2..6d985f0e2 100644 --- a/krebs/3modules/lass/pgp/mors.pgp +++ b/kartei/lass/pgp/mors.pgp diff --git a/kartei/lass/pgp/yubikey.pgp b/kartei/lass/pgp/yubikey.pgp new file mode 100644 index 000000000..be1054048 --- /dev/null +++ b/kartei/lass/pgp/yubikey.pgp @@ -0,0 +1,157 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF2iTTQBEAChyVXMTAd7NWUHV1iepW+ZjvCedpr5AQR7kT6btSYPJCjiCNEy +aCesw0OFyodQDhEZhKldBdvCnvTxKF/GtBuSKrvFhm7uxJgtT7/VS82IB57Ezmog +3AaX95D7tRHKf0I0coWKk+5Yaq2SpNyjTYmG65y93/Hf1PMt4v+oySGfEz/f+R4P +rsyIJBfpXOyVKwd7zy4Hj0mqzbsNy9aP7Fk3zMUv+M3A0D33XCd+dm/ogzQpI4vw +xlzd5my5R+b7uGwrCHZg9Egp4gbeSChgQc/5ZIcYrUncVVP6OMAjlHfdJFQEOmru +eLtuoXwSSSlU8c85O2PV/1/ClkrGGn2zT+UmKnOz1RK405MCOB35wkyboZ4efk2m +28LVoYRaoN1yTW7c3CsHpOAIXLsP91LmcHmRI59UHAkNmtlZKS95titv6Dwe3yZj +iyOE7McfxpxR0K9P3vUSr42XRYHLJFQuZDCDeReMomGzy8X9EQhUi0cH1BcfZfSD +dvcXC9IWpdWickU2wFkDkTECSyJTbC4JPpTQQtj/LAP+zya3tdobnpPn9Msj99WX +yLFkKUGWy9yxmDRYst6ErAZMY84J+dqZkm+mLQw9x1jKWIVZDNlwP+Jrz7VMqc1g +S2gg1BVl6Nts8Z7foZV6w5IYLr7g3noUm7+NhD83jKTJw8AsHU5RIaJnwwARAQAB +tB1sYXNzdWx1cyA8bGFzc3VsdXNAbGFzc3VsLnVzPokCTAQTAQoANhYhBNvNdXhG +Bps5LqlAHWZXvoqNHugHBQJdok00AhsBBAsJCAcEFQoJCAUWAgMBAAIeAQIXgAAK +CRBmV76KjR7oB3AdD/0TaW3wUWaUhNr5B3clDrTOHL94Ztzsg/Xjr1b/KT1sygad +WAanuwGvdmFr4x+eshrTijIXmh5giBwi+QnG7+VX2hlOKuJ+j+0zR2n7i4KVwAuQ +SRcQ8TGnBCrWLl80NjnGOky5Nmq4qCzpxhtuFcWixaqlBa3GnXDfecDfBDrcD1T9 +z63gPJ2Ghovoub1UGp01A+4ZBXD4yc1ZEGmhLFA8Aih4BPdsD6cfXWsAi5Nx8FmC +KvNEg4FeMGV13ZEAF8cxaIS/xq9R2xdgYt+lImaDson/ODIoeg+k5B9ntSGs2H9N +YoFDlSiB4/a6mBkZm6BA649aL2FjbfOaIB3V07ynzkrSDeUvES9ybnyqbkvd2Slf +4us4me9zroOo2UQn1fJVWfPFRFb7aAoBIAIHNVmf1vtMYe9tQQ5o1Mcxb0sixaqO +To4fBaaz1WOtrH6NdEWD3OHUkJrFJb/2dVfvR4bHxdWxtF+WdKkbRfdRmYPVAwVf +PhasEaaTOZ5r0QghOnjF0YL0YAqvJLx/roz54mNTgavH5BzXjYd9koW0csbWghXd +p7BfBwGjfaJfPq6MK+Ifk0WH2Dr5mbSFUw1QdEx9dYZJUDuwu7np5ctd62sjZkwY +ppZlgf+gp+OVjGz+yiTAlQ3PB3wCs23qKtdypxsA7G056TNNkwMcBLN16ngLD7kC +DQRdok2SARAA/FdD3ji4pAe3C8ziLQfxq2LJX2QPmySoqr0nZWZ2XmZu58w9fVZh +SSaKpdmqXfR1qSxIw8Pz+7i5Hh2dcG6dJleAMNYYTc7sm4EUDqLtUaQSNVtXrmCE +SwWcsOPybgHwQNIBd6CTgtQON+iNe6xA/b6nLw5/4ITalkTe43Kv3yVZbvo7X8x+ +c+eIyhYx1UZjbndagH26FXB+WJ22QsNgQrPAYdltn57eQ2m8u9LBCtQl00DLUbv4 ++1SDvVAlal3Es62m0u97tKx2FOoJBehMBc+Czle5/6hS6xKgKgArdKfUcfLch7Au +FtOd2n+HpCCUskApEgH9s7pcMFmioL9V366x1sgTZoRE+qhs81255hjnK8oWQ6+E +F+D3YHPKb8b9wDLMfvwXZLPQPyNpAuDczDBrbAZ7s2CvQ4icOYJLBGzQo0bHAHTs +N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs +8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4 +bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr +s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE +cgQYAQoAJgIbAhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY99AkDB +dCAEGQEKAB0WIQRUCi2fioiGp7ze92x+F4aKnXyczwUCXaJNkgAKCRB+F4aKnXyc +z0NXEAC6pfuLO111u22Qh83rlHlck+PPs1GDQAjwb7WqeS8Xdza582Mv74ElK+Vu +L/ai/3ZL7QI8XTwTiQOweMD8kzvzYPqUN9JmW1bhgEGqQll22I8SVwioiEzoRft+ +zcCD9GNRU9vi1iQfbTFw2HKX7RF0G5K9HT4o5dcF+g2azJAzj+FQqJZbe8Y5k4GZ +g81y8BBwyz6ngPkkdBw7LGC1fKJdT9XG9RYjtwfojt1pENMVHcvjNegitHCoSDEi +qh/ZmbiyagcMt9fEZCtyOPp4qSf+C39PupjGeFwbmC5LYPAhrLlzvFXXG4HukOAz +U6fnqF4PbUMji+1dedOSOjv/qGzDZ7pMFyfb3l8R6S8G6lhXBrN58FKWvZ/fHGUO +93fkPm1ZlFUaynPE7XkNxNpOCU5421GdgZHAfAT+2InQbS7AZ+9ojTF57G6GdN+8 +SSknhIn+IyX4Wk7DsjfkfubPwytE0yO1H4SzyDO7DuE0SuZuHRItm912g+eq32QX +xrIDWLPVf0qIGSSPcRu8j32NiN0MObmWzEJkotJfiv0ynbforoMwaWJ9E3YB91fO +JeE8AFCQoTmbuRyfWAAuf0xyDkeB5dN3FqfpA/fnKAO2Y2V0kYQ/4BYBnhHBoUrw +/f+ipD/xeGeTAfmfZI93xZCqeV2+u1qNTNR6C8lSy0tLkHVMVAkQZle+io0e6Afj +AQ/+Lzh1018ILwq/IvV57GrjsYp2lBlcp2n/jZ5KlCVpVPsYjkGT+e2XYvcloPBK +IXzkHr88/U4iyJGJeIC+a/pYJ6RpR6EzPb1kDB2i0kGbZinoxZwix0b4wvkMoSbT +KDMkZYEIe0/v6CEU3mCbE9gnNWhPSF+XwXYxNyFNfMqaSqx4mjC6LAuFZA4AgqHB +uGudBgeIQ+sP8zJTSHKtePgK1JgAMYPGUHgfJHE3tcMDxMgKr2x3PN1Z6/YH/ifZ +wq1oUFPbB0LGZhkwrSDzgIya5FBoBfnawAwbh562LRuphHdqk+wBYigfFBztbmQx +MqtA6pmH+k8vNUq6QY/CbZfvcpkRAAR1ib2QaZYXTlq7jqb+nLM9EbACxj9651SQ +D7u4ShvPtxqFf+mv/4eHYx2akBIIUQYAf5OYGnE3E0kqiuK4qHKgt1NI5z1mSd9D +duWIuoRbBUrApTKsHgwtMxNrNVioGIE1dTRuu56drhwY2ZPyzVtSb7q/hRU/a3UZ +5S6EsrmDGIIlAHrgKfKfuerESE5VzN1Nn3QHpfjwX+gq51cosTqlRiu4oMesPk31 +ZmPcuG6H/m7nGagX9+l00sDsqISqMG4lZCJAFa020OS/g6V3q6LCqggky6+4sQTG +5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLiJBGwEGAEKACACGwIW +IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCY1E8SAJAwXQgBBkBCgAdFiEEVAotn4qI +hqe83vdsfheGip18nM8FAl2iTZIACgkQfheGip18nM9DVxAAuqX7iztddbttkIfN +65R5XJPjz7NRg0AI8G+1qnkvF3c2ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA +/JM782D6lDfSZltW4YBBqkJZdtiPElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhy +l+0RdBuSvR0+KOXXBfoNmsyQM4/hUKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxg +tXyiXU/VxvUWI7cH6I7daRDTFR3L4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6 +eKkn/gt/T7qYxnhcG5guS2DwIay5c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7 +/6hsw2e6TBcn295fEekvBupYVwazefBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTa +TglOeNtRnYGRwHwE/tiJ0G0uwGfvaI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7m +z8MrRNMjtR+Es8gzuw7hNErmbh0SLZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99 +jYjdDDm5lsxCZKLSX4r9Mp236K6DMGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9M +cg5HgeXTdxan6QP35ygDtmNldJGEP+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQ +qnldvrtajUzUegvJUstLS5B1TFQJEGZXvoqNHugHrtcP+waicH+WhpbvPoHJW//U +c7IwcrsOpWNuh0gKV1+LvBV9dGzGZDlhwsncMeNzT8tnxDwhD1CiJ1uzO2H1m+yX +CeljVnYFlP0sl9IT/AiV8NNiuaIpOc5RjRY1yvOZ017/J7Hyhnaw0iap1vNDNOwH +t7tzB1PvM3p6an4Jh0AJZF5adReQTbi9Zw7MW2Yf0XHTT4rFX+Mn5gcuvsV9n39d +6U3k5G6Hf1bSROsXNVwOwF6VbO8NvBm6ehgNyRcGsino/f82HRwvnQPhJgEakZ1h +WWUUnakK14mRRMUns8CMNfFh+50ciK1Q8kAVgYLVA1H1NXM0+68YZMl5CiiaD3pM +17flwcWUdkIu3uWAvc3hSCNw6i9F4Kx1yD/ZdiT0vBapa3ehUXIo5g79NcFl9xnQ +fnYG+nnl2bLZSHP8b+LZsGivOEZuBHoR2ComeTqqJxeT8ZsEdtLcloaSaf2Em2xf +b9OfhGOC7hKfS4HAlLFbEydWuZuA8EpTXd6eqINCFbOb9BjpKvSCCLs5S3s7T4WE +FQB7yHXQQgB1EzYaJxFZstkiD8exu/hiWfwVLaho09QbtPmt2u1lvbxiSxtCdphi +hoKc6wjhD8F9YM5xxitcF7iAV7oEDZ/1JVkvi/1gWFgW0UmEKuy2KN/Eb/mr41NJ +bMauCCfjnCbAzoW6dhHpbO45uQINBF2iTdYBEADTC8saHpJxpU7ZBuuNFD+WZFBK +I8F8ZZ4t79naVhGhCTvcqr5BCwlrpuaUc/og86AxUpVD5z92ClRZC2wJZOemmyAE +OlSu8JDkhwsNRey5QmPN9G0ZIBifP2/LrPSqRE+gJnouzhmFbajQVKHRCYul5B+a +vUS0HlUfu8p7dC0wMTv5jBWHN54XHK4Wnbm4Yea03Xv1HMQS/82MfLQgctheHqeg +J8dNhzmrk8GqpOCi4QfSHHUvLCUBxWO4hFVjXKL8BfJbhhBjyTnTj0zGc+Iw+Glh +am0+q2oFmhvLYrCxHvVIRE9iy96/+AyIACWOG8IOU2civ9Y/jY9SMmJEPQOmBfem +OVwovQxdDGKvTcrVjZzAk/BeEAgg0VoYKpe9ePxK/6n8J09jOpvD+DktbAB7+bww +2F3swdFqyTbLWL4bR4YuHLbqJQbsDm+58iAZWaL4ZOf+iABZqFKa3xhzrrbRHD00 +Qxr+9+3EdXGGs+UDLs9rLzVN4ryP7WHyEMDAI7/OAGTdsJet0JIIWKP3ZvWuRMe/ +AjcGQ/8+xzhN8w/kXdAvf4Vy6VVYTdJipg84CRz1KFQ5P/z92IMzPnbVFljydRX2 +k89ueN1fTMFVlCUI9AyIJeJ6Cx198JHf3eIGBgIZVpAcZG0DyeDU+xCgRZOOH2ug +1bhjhmrQQMSkKtRn7QARAQABiQI8BBgBCgAmAhsMFiEE2811eEYGmzkuqUAdZle+ +io0e6AcFAl+Jdg8FCQWpjzkACgkQZle+io0e6Afw7A//ekxnx2ugVtb9pFMh1Cpq +XZOtlIWc+PZ07DrtSXjCNnAzC5Cmj8nii7Eac1dqnDqBtXWpe3YI7cyrFnc9B8a6 +2xLNKwSTuMTpoNdkr/X7bU6HE7dm0DHt3dtFYoW4vjQxMdj3sp3GLpQ3fDzXw5If +L1lCUKE4aopl6FQEcCjbh9qA8rRnHiKfgWSzh/B0c9BEh/ZwgBsN4FV+r0D7Y2zI +KCFxwJwCZCHtm6MslB7tmZg+gho8RkkiAjM0oXA7zZHMjyhuQWzhkaW3oWjHDjoh +h9DbLnVDzrMsULfdGz/1Plhz4bzkxpND6hmjn/EAxLGhpQoXd8FSvrghpetLM3MU +LG4M5REFVBt7U1uEBn8y91yuWx77ho9N1W+OdNOWOOlAlD+GZBGA7MNR65+W5Dzj +/z3PEs9TELfp8NVN0F2xy8S2/HwfNgeqAzGpBz4GsO9x8WMG2lw7MAW+gVU3POkZ +l0R9fkrTmw4iafodehKnbEsqdebUjPNBkX9SmjSsXDAODe/4u4/TP89nylk+70wB +nXIPL4WR9DA0Pb0ZmLLkGbaDYnmVV58kPyCwID4Yi6Xcj330FdAaVinevAvJBIaD +D9A94elI/PGTrmqcjgr7Kwb0e0kDlYfi/ijI4dV4MVrzybqFOCaMeKIPOfxs9FIv +BETmMh4Ocqj6rAQZs+ofBe6JAjYEGAEKACACGwwWIQTbzXV4RgabOS6pQB1mV76K +jR7oBwUCY1E8SAAKCRBmV76KjR7oBwM+D/0evufvIWftzdge63hol1k4LdZSiSD9 +bh+h8fb/Mm+2HIS8RweHr1+CS8CW/Om9MJoW0ZDsCmC0vU44/vLL3JzbP4+BDuVF +dky1XX/9Z73Fn/LpakITyXd6YJMsknzAA4ZEzhe4uModNSH5IU818I+/Vyvbe1nX +Hfg2FYva4zVn9E5Gd4vpHBF7D99dGg0vUINtux06WKfdsDB59MiZxCSWfqty+yTM +XWwh5fuFIxwjlkKVdrb45101MnUtzJDmxwPxjOpF+z2tJ0qIvs6Zu6FDEh7fcaJM +mKAPtVXKRxTYaS6j7fpNk5ACFgiHDb+0mI60fH0eiQSqp9Q7cyYbt1yiW2bKY4Pg +qDOtcLT+uIYYVmxBHTLx38gT3Gp83O7WqNZ9ouctIXAXHWwTNsKzMhwgaEmmPbkP +7VO8oZZ9hVphirmijgNO1Oz7Qqh5ORYwsGdvYtbPXD4ZUSpqFT5bTMHS5TKPHf70 +5alkwYuwYfLs4m2zYsKadQ+vq12ZX7Z6+DbjfzWAEhzqLP2Y8yGnFSBSmULsALnj +Zg3RN5sxJe3fhTze09Fm8OTopTLoDH5fR91VPhRLGHahvV1Sm/H4ZdtAXTPsHP20 +phAc8mK2DgEM0k7vDO5RtV4xTLjBopiciXIBL+TzCKGmDRX2+9nTyF3Kx9qjN52H +EFFJ1mTed/J7VrkCDQRdok4KARAAyG97rjKhP8Uie1i/16SekDo+GkpodBmvhrZi +Zdwg75YxriHhgioe2AKKmQItOdZOY+mVqMA63FmByDlPodHmQnrIAn/gr7p5V3lM ++l0oVTI8maPO39iT7Nh6W/rv4ni8eMBkL6P2cPPaTpcv76qWl/WcMiEflPNSAFax +yIapq04rafthcIILWmOBbQ+liMn9YT7a6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAc +eQQYAqIrlu8F5y1AQVWHjtyCPee1z/8lPNnPg40lSbXozg5kQDP965Pge6XReUoU +VVRcgeiSUfkHdYPIkh/tkFy1MtzTNizebuadqE41Ds6BD1maO5cpGc5iFnf+YY01 +vWIhwvgPMbAsUKrPOw/RyvYSwOrnWeghpKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm +64rKyYS8RIilqTCmIHnpoSIq3n1wOlMVX4sB4N4CfAZRAbI9LZfx1QEYn0dst9+m +CDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1 +MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BP +g6qZH7JeMnlOZXXOg8K5VcLkiGuL1brOHlg94Axha8ffMmqjsde6XOAgvSl5P9k4 +7SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJf +iXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP+gJ01mSEs3+0jriWqg7V+Q59rulMVrUd +V2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOicz +GClK+yWSm/CM02+HATFws66umAl4GQ4XqAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCA +dn55u4pf+B1rmkA3cWhN51SvAriA/YcGqmyJZgXO+qZOPWNHxNUdgq9lVEO132dh +DzH1b9ufnvQMDxF2V681fQ7E3zWEJZZbYLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU1 +61jSawblBTcIRXK9c4hv178xQWAInMjtHst4YCpvclG26ypZLCzvw6swfnXf3A6Q +4A8pZQVvogWZ01dlgofwHm8qlYxT7wSqeicOu3FkSHD8vNwkXnMLqxwkFr4BcSef +zCiXulyMcb3h67ZfXAYAFGrrR581vGEtXy+xfXK5PqBX7CWEl3Vs2an9whEncZuv +1I9iyXDUmGP7Y373JjqNtpS2GMMPA73knB7eI/zpVS5qoxUlqw35Pldvt+L4E3hv +rvE7iZE3w4lB9WUyY1OnSRDU10l2rqWtPtyk3LE2ed5hz5I+gy8/RsXrAooMBXIG +V/GJrhye45wf5F/XQqPulnj38sKhmrQCQTubPgJwG/kTpNdrA3YukE3E7T5ejaGT +T2n5nKat6bj7iQI2BBgBCgAgAhsgFiEE2811eEYGmzkuqUAdZle+io0e6AcFAmNR +PEgACgkQZle+io0e6AfQpg/+K0gD0WVyXYLOEM6jCvtz5/f9nDQnqj90ck9VfpuN +QG+cMSK/u3T4ya0k3UDWxEyRih0BzChOlmwnaupBwN7ZbYAzxM0sglwseSdAPpCE +s63RTnaAxpSWFocsUxtJngSoPnnmD1fVbWL3/j9j6jZkT4NB/l2ekDngMyRqt104 +BmabaLdz44X1VDgg0tXyACkZ8c/8ISBOoPSFg2n9FuCmhI9Atu6hjCFQZOA/youA +fXzeUxU3iFw5UhyNP084jZ9AK2xwp+rB3JzvzMdiqO3OBFemuiU4/ZKQKFg5a/n4 +UAZtO8V2DGe76o1N9uFUvQ41RSAXolPUOTXiZvP4GfiGIhJUXV96QaPHhKWybKlr +4MWG5PpwfuWnGoP8vXtLmz2TDRUfEBOQBzYRBRvXmzekq8nFQCM7dGofLLEchMRv +lYHab2fquGmXiY3LfzyQX+vS3FO9/m2POJcdXcQvSq4MXIzOEzXnJKw5HemfZ3ae +/AlTTfE4og/AYLwacECY6CZqUFOYtQeVx9hSXV97XnoKotde66D4RyFgzFbsIBM/ +bA5qyvdpKb60hqjpj/rhXjlnhH8KwAwOlaPVgI1cgnW8uJTElJEtqHPhuRkU6y9f +au4EZ+tsmaxJ0whuziG1/3LJ62AIM9ZpixDEj4GQYaRdkFrx/1IKiUOlw5GQC3y2 +zxs= +=MmP2 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/lass/ssh/android.ed25519 b/kartei/lass/ssh/android.ed25519 index 44f424809..44f424809 100644 --- a/krebs/3modules/lass/ssh/android.ed25519 +++ b/kartei/lass/ssh/android.ed25519 diff --git a/krebs/3modules/lass/ssh/blue.rsa b/kartei/lass/ssh/blue.rsa index c0bf9b817..c0bf9b817 100644 --- a/krebs/3modules/lass/ssh/blue.rsa +++ b/kartei/lass/ssh/blue.rsa diff --git a/krebs/3modules/lass/ssh/green.ed25519 b/kartei/lass/ssh/green.ed25519 index 1aa7b1801..1aa7b1801 100644 --- a/krebs/3modules/lass/ssh/green.ed25519 +++ b/kartei/lass/ssh/green.ed25519 diff --git a/krebs/3modules/lass/ssh/mors.rsa b/kartei/lass/ssh/mors.rsa index 3aa18bcf9..3aa18bcf9 100644 --- a/krebs/3modules/lass/ssh/mors.rsa +++ b/kartei/lass/ssh/mors.rsa diff --git a/krebs/3modules/lass/ssh/tablet.ed25519 b/kartei/lass/ssh/tablet.ed25519 index 250be53f7..250be53f7 100644 --- a/krebs/3modules/lass/ssh/tablet.ed25519 +++ b/kartei/lass/ssh/tablet.ed25519 diff --git a/krebs/3modules/lass/ssh/yubikey.rsa b/kartei/lass/ssh/yubikey.rsa index 349bb4aab..349bb4aab 100644 --- a/krebs/3modules/lass/ssh/yubikey.rsa +++ b/kartei/lass/ssh/yubikey.rsa diff --git a/krebs/3modules/makefu/default.nix b/kartei/makefu/default.nix index c1aeffe4a..ecb834bbf 100644 --- a/krebs/3modules/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -2,7 +2,7 @@ # tinc generate-keys # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host -with import <stockholm/lib>; +with import ../../lib; { config, ... }: let hostDefaults = hostName: host: foldl' recursiveUpdate {} [ diff --git a/krebs/3modules/makefu/pgp/brain.asc b/kartei/makefu/pgp/brain.asc index 739385a38..739385a38 100644 --- a/krebs/3modules/makefu/pgp/brain.asc +++ b/kartei/makefu/pgp/brain.asc diff --git a/krebs/3modules/makefu/pgp/default.asc b/kartei/makefu/pgp/default.asc index bc5c50b76..bc5c50b76 100644 --- a/krebs/3modules/makefu/pgp/default.asc +++ b/kartei/makefu/pgp/default.asc diff --git a/krebs/3modules/makefu/retiolum/cake.pub b/kartei/makefu/retiolum/cake.pub index 8a1e4b933..8a1e4b933 100644 --- a/krebs/3modules/makefu/retiolum/cake.pub +++ b/kartei/makefu/retiolum/cake.pub diff --git a/krebs/3modules/makefu/retiolum/cake_ed25519.pub b/kartei/makefu/retiolum/cake_ed25519.pub index 6c6bf2b33..6c6bf2b33 100644 --- a/krebs/3modules/makefu/retiolum/cake_ed25519.pub +++ b/kartei/makefu/retiolum/cake_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/crapi.pub b/kartei/makefu/retiolum/crapi.pub index c66f24882..c66f24882 100644 --- a/krebs/3modules/makefu/retiolum/crapi.pub +++ b/kartei/makefu/retiolum/crapi.pub diff --git a/krebs/3modules/makefu/retiolum/crapi_ed25519.pub b/kartei/makefu/retiolum/crapi_ed25519.pub index ce5a6f05a..ce5a6f05a 100644 --- a/krebs/3modules/makefu/retiolum/crapi_ed25519.pub +++ b/kartei/makefu/retiolum/crapi_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/fileleech.pub b/kartei/makefu/retiolum/fileleech.pub index 1dc6a5b1f..1dc6a5b1f 100644 --- a/krebs/3modules/makefu/retiolum/fileleech.pub +++ b/kartei/makefu/retiolum/fileleech.pub diff --git a/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub b/kartei/makefu/retiolum/fileleech_ed25519.pub index ea93cfddb..ea93cfddb 100644 --- a/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub +++ b/kartei/makefu/retiolum/fileleech_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/filepimp.pub b/kartei/makefu/retiolum/filepimp.pub index 007806230..007806230 100644 --- a/krebs/3modules/makefu/retiolum/filepimp.pub +++ b/kartei/makefu/retiolum/filepimp.pub diff --git a/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub b/kartei/makefu/retiolum/filepimp_ed25519.pub index 7a62ff46f..7a62ff46f 100644 --- a/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub +++ b/kartei/makefu/retiolum/filepimp_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/firecracker.pub b/kartei/makefu/retiolum/firecracker.pub index 6f7907829..6f7907829 100644 --- a/krebs/3modules/makefu/retiolum/firecracker.pub +++ b/kartei/makefu/retiolum/firecracker.pub diff --git a/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub b/kartei/makefu/retiolum/firecracker_ed25519.pub index 76e6def7c..76e6def7c 100644 --- a/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub +++ b/kartei/makefu/retiolum/firecracker_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/flap.pub b/kartei/makefu/retiolum/flap.pub index 8906e659b..8906e659b 100644 --- a/krebs/3modules/makefu/retiolum/flap.pub +++ b/kartei/makefu/retiolum/flap.pub diff --git a/krebs/3modules/makefu/retiolum/flap_ed25519.pub b/kartei/makefu/retiolum/flap_ed25519.pub index 47da38477..47da38477 100644 --- a/krebs/3modules/makefu/retiolum/flap_ed25519.pub +++ b/kartei/makefu/retiolum/flap_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/gum.pub b/kartei/makefu/retiolum/gum.pub index 73f8563d0..73f8563d0 100644 --- a/krebs/3modules/makefu/retiolum/gum.pub +++ b/kartei/makefu/retiolum/gum.pub diff --git a/krebs/3modules/makefu/retiolum/gum_ed25519.pub b/kartei/makefu/retiolum/gum_ed25519.pub index 5b6f2426e..5b6f2426e 100644 --- a/krebs/3modules/makefu/retiolum/gum_ed25519.pub +++ b/kartei/makefu/retiolum/gum_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/latte.pub b/kartei/makefu/retiolum/latte.pub index 17fca2b40..17fca2b40 100644 --- a/krebs/3modules/makefu/retiolum/latte.pub +++ b/kartei/makefu/retiolum/latte.pub diff --git a/krebs/3modules/makefu/retiolum/latte_ed25519.pub b/kartei/makefu/retiolum/latte_ed25519.pub index 7974bb6e5..7974bb6e5 100644 --- a/krebs/3modules/makefu/retiolum/latte_ed25519.pub +++ b/kartei/makefu/retiolum/latte_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/nukular.pub b/kartei/makefu/retiolum/nukular.pub index eb5891b1b..eb5891b1b 100644 --- a/krebs/3modules/makefu/retiolum/nukular.pub +++ b/kartei/makefu/retiolum/nukular.pub diff --git a/krebs/3modules/makefu/retiolum/nukular_ed25519.pub b/kartei/makefu/retiolum/nukular_ed25519.pub index 0cae03b83..0cae03b83 100644 --- a/krebs/3modules/makefu/retiolum/nukular_ed25519.pub +++ b/kartei/makefu/retiolum/nukular_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/omo.pub b/kartei/makefu/retiolum/omo.pub index ce558d10a..ce558d10a 100644 --- a/krebs/3modules/makefu/retiolum/omo.pub +++ b/kartei/makefu/retiolum/omo.pub diff --git a/krebs/3modules/makefu/retiolum/omo_ed25519.pub b/kartei/makefu/retiolum/omo_ed25519.pub index dd11ab7dd..dd11ab7dd 100644 --- a/krebs/3modules/makefu/retiolum/omo_ed25519.pub +++ b/kartei/makefu/retiolum/omo_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/sdev.pub b/kartei/makefu/retiolum/sdev.pub index be500bbab..be500bbab 100644 --- a/krebs/3modules/makefu/retiolum/sdev.pub +++ b/kartei/makefu/retiolum/sdev.pub diff --git a/krebs/3modules/makefu/retiolum/sdev_ed25519.pub b/kartei/makefu/retiolum/sdev_ed25519.pub index fef79aa68..fef79aa68 100644 --- a/krebs/3modules/makefu/retiolum/sdev_ed25519.pub +++ b/kartei/makefu/retiolum/sdev_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/senderechner.pub b/kartei/makefu/retiolum/senderechner.pub index a6cbabc28..a6cbabc28 100644 --- a/krebs/3modules/makefu/retiolum/senderechner.pub +++ b/kartei/makefu/retiolum/senderechner.pub diff --git a/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub b/kartei/makefu/retiolum/senderechner_ed25519.pub index f0968aa12..f0968aa12 100644 --- a/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub +++ b/kartei/makefu/retiolum/senderechner_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/studio.pub b/kartei/makefu/retiolum/studio.pub index b8fe8ee23..b8fe8ee23 100644 --- a/krebs/3modules/makefu/retiolum/studio.pub +++ b/kartei/makefu/retiolum/studio.pub diff --git a/krebs/3modules/makefu/retiolum/studio_ed25519.pub b/kartei/makefu/retiolum/studio_ed25519.pub index 13a09ad1b..13a09ad1b 100644 --- a/krebs/3modules/makefu/retiolum/studio_ed25519.pub +++ b/kartei/makefu/retiolum/studio_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/tsp.pub b/kartei/makefu/retiolum/tsp.pub index 48533da58..48533da58 100644 --- a/krebs/3modules/makefu/retiolum/tsp.pub +++ b/kartei/makefu/retiolum/tsp.pub diff --git a/krebs/3modules/makefu/retiolum/tsp_ed25519.pub b/kartei/makefu/retiolum/tsp_ed25519.pub index c7baf9067..c7baf9067 100644 --- a/krebs/3modules/makefu/retiolum/tsp_ed25519.pub +++ b/kartei/makefu/retiolum/tsp_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/vbob.pub b/kartei/makefu/retiolum/vbob.pub index 168437e78..168437e78 100644 --- a/krebs/3modules/makefu/retiolum/vbob.pub +++ b/kartei/makefu/retiolum/vbob.pub diff --git a/krebs/3modules/makefu/retiolum/vbob_ed25519.pub b/kartei/makefu/retiolum/vbob_ed25519.pub index 5e287f36b..5e287f36b 100644 --- a/krebs/3modules/makefu/retiolum/vbob_ed25519.pub +++ b/kartei/makefu/retiolum/vbob_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/wbob.pub b/kartei/makefu/retiolum/wbob.pub index 8abfa34d4..8abfa34d4 100644 --- a/krebs/3modules/makefu/retiolum/wbob.pub +++ b/kartei/makefu/retiolum/wbob.pub diff --git a/krebs/3modules/makefu/retiolum/wbob_ed25519.pub b/kartei/makefu/retiolum/wbob_ed25519.pub index eeef652e2..eeef652e2 100644 --- a/krebs/3modules/makefu/retiolum/wbob_ed25519.pub +++ b/kartei/makefu/retiolum/wbob_ed25519.pub diff --git a/krebs/3modules/makefu/retiolum/x.pub b/kartei/makefu/retiolum/x.pub index da6482eed..da6482eed 100644 --- a/krebs/3modules/makefu/retiolum/x.pub +++ b/kartei/makefu/retiolum/x.pub diff --git a/krebs/3modules/makefu/retiolum/x_ed25519.pub b/kartei/makefu/retiolum/x_ed25519.pub index fbf63d08e..fbf63d08e 100644 --- a/krebs/3modules/makefu/retiolum/x_ed25519.pub +++ b/kartei/makefu/retiolum/x_ed25519.pub diff --git a/krebs/3modules/makefu/ssh/makefu.android.pub b/kartei/makefu/ssh/makefu.android.pub index 2bef2442a..2bef2442a 100644 --- a/krebs/3modules/makefu/ssh/makefu.android.pub +++ b/kartei/makefu/ssh/makefu.android.pub diff --git a/krebs/3modules/makefu/ssh/makefu.bob.pub b/kartei/makefu/ssh/makefu.bob.pub index bc8718978..bc8718978 100644 --- a/krebs/3modules/makefu/ssh/makefu.bob.pub +++ b/kartei/makefu/ssh/makefu.bob.pub diff --git a/krebs/3modules/makefu/ssh/makefu.omo.pub b/kartei/makefu/ssh/makefu.omo.pub index 5567040fb..5567040fb 100644 --- a/krebs/3modules/makefu/ssh/makefu.omo.pub +++ b/kartei/makefu/ssh/makefu.omo.pub diff --git a/krebs/3modules/makefu/ssh/makefu.remote-builder.pub b/kartei/makefu/ssh/makefu.remote-builder.pub index ad49f380a..ad49f380a 100644 --- a/krebs/3modules/makefu/ssh/makefu.remote-builder.pub +++ b/kartei/makefu/ssh/makefu.remote-builder.pub diff --git a/krebs/3modules/makefu/ssh/makefu.tempx.pub b/kartei/makefu/ssh/makefu.tempx.pub index 48d90040f..48d90040f 100644 --- a/krebs/3modules/makefu/ssh/makefu.tempx.pub +++ b/kartei/makefu/ssh/makefu.tempx.pub diff --git a/krebs/3modules/makefu/ssh/makefu.tsp.pub b/kartei/makefu/ssh/makefu.tsp.pub index 9a9c9b6f8..9a9c9b6f8 100644 --- a/krebs/3modules/makefu/ssh/makefu.tsp.pub +++ b/kartei/makefu/ssh/makefu.tsp.pub diff --git a/krebs/3modules/makefu/ssh/makefu.vbob.pub b/kartei/makefu/ssh/makefu.vbob.pub index c49714e24..c49714e24 100644 --- a/krebs/3modules/makefu/ssh/makefu.vbob.pub +++ b/kartei/makefu/ssh/makefu.vbob.pub diff --git a/krebs/3modules/makefu/ssh/makefu.x.pub b/kartei/makefu/ssh/makefu.x.pub index 74b130f56..74b130f56 100644 --- a/krebs/3modules/makefu/ssh/makefu.x.pub +++ b/kartei/makefu/ssh/makefu.x.pub diff --git a/krebs/3modules/makefu/sshd/cake.pub b/kartei/makefu/sshd/cake.pub index 8eab57ab7..8eab57ab7 100644 --- a/krebs/3modules/makefu/sshd/cake.pub +++ b/kartei/makefu/sshd/cake.pub diff --git a/krebs/3modules/makefu/sshd/crapi.pub b/kartei/makefu/sshd/crapi.pub index 5361111a5..5361111a5 100644 --- a/krebs/3modules/makefu/sshd/crapi.pub +++ b/kartei/makefu/sshd/crapi.pub diff --git a/krebs/3modules/makefu/sshd/fileleech.pub b/kartei/makefu/sshd/fileleech.pub index 22a3c7534..22a3c7534 100644 --- a/krebs/3modules/makefu/sshd/fileleech.pub +++ b/kartei/makefu/sshd/fileleech.pub diff --git a/krebs/3modules/makefu/sshd/firecracker.pub b/kartei/makefu/sshd/firecracker.pub index 8e9ef5a37..8e9ef5a37 100644 --- a/krebs/3modules/makefu/sshd/firecracker.pub +++ b/kartei/makefu/sshd/firecracker.pub diff --git a/krebs/3modules/makefu/sshd/gum.pub b/kartei/makefu/sshd/gum.pub index c79e3cbee..c79e3cbee 100644 --- a/krebs/3modules/makefu/sshd/gum.pub +++ b/kartei/makefu/sshd/gum.pub diff --git a/krebs/3modules/makefu/sshd/omo.pub b/kartei/makefu/sshd/omo.pub index 5b9435414..5b9435414 100644 --- a/krebs/3modules/makefu/sshd/omo.pub +++ b/kartei/makefu/sshd/omo.pub diff --git a/krebs/3modules/makefu/sshd/sdev.pub b/kartei/makefu/sshd/sdev.pub index 972e9b6d4..972e9b6d4 100644 --- a/krebs/3modules/makefu/sshd/sdev.pub +++ b/kartei/makefu/sshd/sdev.pub diff --git a/krebs/3modules/makefu/sshd/studio.pub b/kartei/makefu/sshd/studio.pub index be5a4e6d3..be5a4e6d3 100644 --- a/krebs/3modules/makefu/sshd/studio.pub +++ b/kartei/makefu/sshd/studio.pub diff --git a/krebs/3modules/makefu/sshd/wbob.pub b/kartei/makefu/sshd/wbob.pub index 8b1789f21..8b1789f21 100644 --- a/krebs/3modules/makefu/sshd/wbob.pub +++ b/kartei/makefu/sshd/wbob.pub diff --git a/krebs/3modules/makefu/sshd/x.pub b/kartei/makefu/sshd/x.pub index 085f7f490..085f7f490 100644 --- a/krebs/3modules/makefu/sshd/x.pub +++ b/kartei/makefu/sshd/x.pub diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/kartei/makefu/wiregrill/gum.pub index 67d6c7216..67d6c7216 100644 --- a/krebs/3modules/makefu/wiregrill/gum.pub +++ b/kartei/makefu/wiregrill/gum.pub diff --git a/krebs/3modules/makefu/wiregrill/rockit.pub b/kartei/makefu/wiregrill/rockit.pub index ace109450..ace109450 100644 --- a/krebs/3modules/makefu/wiregrill/rockit.pub +++ b/kartei/makefu/wiregrill/rockit.pub diff --git a/krebs/3modules/makefu/wiregrill/shackdev.pub b/kartei/makefu/wiregrill/shackdev.pub index 6cb0d960d..6cb0d960d 100644 --- a/krebs/3modules/makefu/wiregrill/shackdev.pub +++ b/kartei/makefu/wiregrill/shackdev.pub diff --git a/krebs/3modules/makefu/wiregrill/telex.pub b/kartei/makefu/wiregrill/telex.pub index 12a42177e..12a42177e 100644 --- a/krebs/3modules/makefu/wiregrill/telex.pub +++ b/kartei/makefu/wiregrill/telex.pub diff --git a/krebs/3modules/makefu/wiregrill/x.pub b/kartei/makefu/wiregrill/x.pub index cfa9eb254..cfa9eb254 100644 --- a/krebs/3modules/makefu/wiregrill/x.pub +++ b/kartei/makefu/wiregrill/x.pub diff --git a/krebs/3modules/external/mic92.nix b/kartei/mic92/default.nix index 58757b0b3..7c5c09c81 100644 --- a/krebs/3modules/external/mic92.nix +++ b/kartei/mic92/default.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ../../lib; { config, ... }: let hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; @@ -930,34 +930,35 @@ in { }; }; - dev1 = { + ruby = { owner = config.krebs.users.mic92; nets = rec { - internet = { - ip4.addr = "65.108.192.175"; - ip6.addr = "2a01:4f9:1a:94a4::1"; - aliases = [ "dev1.i" ]; - }; retiolum = { - aliases = [ "dev1.r" ]; + aliases = [ "ruby.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAwx2l5llCtEdoTRT9UJKHqa/GTqd5f9mUWX/n3HKQHdeEVao6cH9J - LteQ2rJY+Gh2zt3FZYzRBykvArjGmu1qKKnouldFJis0DygUI1jZVbeeNKbA2lZx - 7+jCUIz4kgpA0ggJt/9Nb0xHMGPpgXSMADPHLKODT2FPxA4026pI6xLAZWY1o1SY - oypaIxaOUbqi9M+eR5KRCngUGHBOQm3rGtgw5wYxHsfJqHvqCmFIicxHVifpbzOf - Hf0hDvk6E54PijcrDUfDBkXrEoa1hFezCMnzv0h+1Y4qfueFtCtPbJdYKUo87X04 - PWT/P+x78VY9e7fJswi4bYflXmE6jVg/0gXPNpWNV1iBmbrFMJMduGNiuyBcSAxp - S1ubP/+5D2hgOLCuflLfnPOozPtvV6F/XYKatQGPmgo4d7+z7g4frFKv6Uu9ZMT0 - p2CN/bnVNAEErPbTVLyk8zX6J3ruCBQxucr3dsqyw7pk74tTQlFwH9BY8tWfRrAP - v7rDLHzv/1KA9GRDkbVPJmCkwIlPd9PcqSeHL9pnV9IkFr0UTVJE5qBLDSRW9XAb - QY6wVgsMocMeAxwrx6q+pdX/NAPbBzrmr0IB+DwYfMhZdGWoWEw+NV1wOsQjBzjw - SA63+XAgJ30QR5Z87d5g2Y7560+6oQavMPdt+5kfPTGa48UR7WwYyzsCAwEAAQ== + MIICCgKCAgEAzqrguDMHqYyidLxbz3jsQS3JVNCy0HaN6wprT1Ge1Anf5E8KtuXh + M9IjYPShzzJ162rYaJdd2lBmc5o435j+0/Gg5pySILni9bILhuRr7TMWN0sjNbgr + x0JRbpMmpW5DOmQx1BSyA+LLNbyVVnCc1XI0P2EaRr1ZrRSU0bpE/7kJ//Zt7ATu + GfqJTuL2aqap12VMKAfjRByyXA9V7szJMRom2Ia3cWSXhie1E0OOvCNT+InKXx4c + QbEGX71noCgsNgxbD8AVSwMnNV15vdnbgwK/1QzA0Cep1uxFS05TXJZLZTjcGwG0 + Kp0kEjntq1rCqgdoUHIubNB17efU/oP6aSrdfvtgeYBjn0zSLHSUYdhf3JHd1Fvf + Ov2TwHxt/sm8d91UjhrkYwjf2nzSruAklYDnIDJiHgLFoT5WuOoVlnfUjRpQEw44 + kp8KXsd24Y0UT5XJO5cQA+kZ1vl2ktHbQGTqYuYDB2FKEnBR/JIwJzJfugcGiyRx + OukQ2/rjnS60JA2pHUEfoezIAMhYAF+EPgOgMcNSSRYUVBpPVKD26oGTrNn0AtnO + ALW1vqUDwxb0cpv877vN1VfqvLE8n8Zgtt7itdT0+vxNPxICvF6//LNYUeDoQ3pj + w+1ZSdYZsvIQ7tDcilnL0hU5/nfsSIbHV+ceuLde1xDt5c7Tnl4v/U0CAwEAAQ== -----END RSA PUBLIC KEY----- ''; - tinc.pubkey_ed25519 = "nu1d0uwAE1Lg16SfXkCgGz2blir402mlucwJMfHivrJ"; + tinc.pubkey_ed25519 = "TV9byzSblknvqdUjQCwjgLmA8qCB4Tnl/DSd2mbsZTJ"; }; }; }; }; + users = { + mic92 = { + mail = "joerg@thalheim.io"; + pubkey = builtins.readFile ./ssh/mic92.pub; + }; + }; } diff --git a/krebs/3modules/external/ssh/mic92.pub b/kartei/mic92/ssh/mic92.pub index 600709c78..600709c78 100644 --- a/krebs/3modules/external/ssh/mic92.pub +++ b/kartei/mic92/ssh/mic92.pub diff --git a/krebs/3modules/external/default.nix b/kartei/others/default.nix index 5cb40cfbb..f3ea8b80c 100644 --- a/krebs/3modules/external/default.nix +++ b/kartei/others/default.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ../../lib; { config, ... }: let hostDefaults = hostName: host: flip recursiveUpdate host ({ @@ -592,106 +592,6 @@ in { syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC"; nets = {}; }; - catalonia = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.13.12"; - aliases = [ "catalonia.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y - gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA - VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE - Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e - FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ - HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3 - mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3 - zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6 - sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3 - ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf - vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL"; - }; - }; - }; - sicily = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.161.1"; - aliases = [ "sicily.r" "mukke.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg - aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam - xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod - 1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/ - IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7 - KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC - 7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L - LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp - T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB - w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO - 8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN"; - }; - }; - }; - rojava = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.23.42"; - aliases = [ "rojava.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd - B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb - HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61 - Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD - lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW - +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs - 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2 - vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx - HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+ - XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4 - yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F"; - }; - }; - }; - aland = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.12.34"; - aliases = [ "aland.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY - CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU - plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb - DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx - aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+ - OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1 - ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X - TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa - aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX - zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf - VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A"; - }; - }; - }; papawhakaaro = { owner = config.krebs.users.feliks; nets = { @@ -769,6 +669,31 @@ in { }; }; }; + verex = { + owner = config.krebs.users.lc4r; + nets = { + retiolum = { + ip4.addr = "10.243.232.232"; + aliases = [ "verex.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA7RCGaxVcTK3cPIs5NkbDdKEg/ASLRyKN2tBklvs43fD2lq/t77YK + vtLkZhJokcxzDWNAyUZXgTsmVblYTzbyg+DFhygNwhMSI0vdrG5AoYhWa+eIe8mf + Hxi7TWNTbDx/p66kw2NFDlw6Wbs5enPlMzfZPZj+aI7Dx7GrZRz8TrsKAauSSBKc + Vtl7Aqs2FLk8suiMAOE4JD4Lt/pvR7YSISBo1N6/eBbFEosY1XqYkv+l9a0d948a + k3jfJYRllsBRQzUyseMewwgVEz8Ny+rwk2J4ukSogAlMXXkPD/pYQgdTZwbGWOyY + FMLgb7qULn60aUO6mE/mW9JP90/9cX3CD9McdEFRXV4oM0P9EUq49kN+vinD6JDm + bL9fP+yx3sdzl34dFWDRPwrzn13kTDlRbble8jATRcisxMT1zYiADuRwIx8AeKs7 + O4uc7r/hz8ANO3zksuPhkTUoObTvZyW4mXbac2p6DGv/2aC6jzMRFJsJbWQK1TSr + 9WjeAOknhSP9UGxQWz6AgHNjq04dR3lQk34xMfKfWxRAaMD+T6frWKz++Z07WpUo + OkPlz57jPZ7yeJGwwPM/CMcNNmA6YCqgE2kJo5rVQqlUb90nVRbuiQYYldl1YCIc + Z4X36TKEXPBTiiKf6rFL6dJ64vaVxmOPr3+jdvLSufa/L7uXq3g66ZECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "9ifWNFwaXe6qLVTW0UrOl2jg7erwTUC7f50Th4Vv2iE"; + }; + }; + }; }; users = { @@ -791,10 +716,6 @@ in { jonge = { mail = "jacek.galowicz@gmail.com"; }; - mic92 = { - mail = "joerg@thalheim.io"; - pubkey = ssh-for "mic92"; - }; pinpox = { mail = "main@pablo.tools"; }; @@ -836,9 +757,6 @@ in { mail = "xq@shackspace.de"; pubkey = ssh-for "xq"; }; - xkey = { - pubkey = ssh-for "xkey"; - }; miaoski = { }; filly = { @@ -849,5 +767,8 @@ in { feliks = { mail = "feliks@flipdot.org"; }; + lc4r = { + mail = "lc4r@riseup.net"; + }; }; } diff --git a/krebs/3modules/external/ssh/0x4A6F.pub b/kartei/others/ssh/0x4A6F.pub index 1ea084bad..1ea084bad 100644 --- a/krebs/3modules/external/ssh/0x4A6F.pub +++ b/kartei/others/ssh/0x4A6F.pub diff --git a/krebs/3modules/external/ssh/exco.pub b/kartei/others/ssh/exco.pub index cab884c0c..cab884c0c 100644 --- a/krebs/3modules/external/ssh/exco.pub +++ b/kartei/others/ssh/exco.pub diff --git a/krebs/3modules/external/ssh/hase.pub b/kartei/others/ssh/hase.pub index 02051a81f..02051a81f 100644 --- a/krebs/3modules/external/ssh/hase.pub +++ b/kartei/others/ssh/hase.pub diff --git a/krebs/3modules/external/ssh/neos.pub b/kartei/others/ssh/neos.pub index 72065dab7..72065dab7 100644 --- a/krebs/3modules/external/ssh/neos.pub +++ b/kartei/others/ssh/neos.pub diff --git a/krebs/3modules/external/ssh/qubasa.pub b/kartei/others/ssh/qubasa.pub index a8ab605d8..a8ab605d8 100644 --- a/krebs/3modules/external/ssh/qubasa.pub +++ b/kartei/others/ssh/qubasa.pub diff --git a/krebs/3modules/external/ssh/raute.pub b/kartei/others/ssh/raute.pub index 69b4d3d10..69b4d3d10 100644 --- a/krebs/3modules/external/ssh/raute.pub +++ b/kartei/others/ssh/raute.pub diff --git a/krebs/3modules/external/ssh/rtjure.pub b/kartei/others/ssh/rtjure.pub index 4c69e1836..4c69e1836 100644 --- a/krebs/3modules/external/ssh/rtjure.pub +++ b/kartei/others/ssh/rtjure.pub diff --git a/krebs/3modules/external/ssh/shannan.pub b/kartei/others/ssh/shannan.pub index ed89d702a..ed89d702a 100644 --- a/krebs/3modules/external/ssh/shannan.pub +++ b/kartei/others/ssh/shannan.pub diff --git a/krebs/3modules/external/ssh/ulrich.pub b/kartei/others/ssh/ulrich.pub index 8ac69004c..8ac69004c 100644 --- a/krebs/3modules/external/ssh/ulrich.pub +++ b/kartei/others/ssh/ulrich.pub diff --git a/kartei/others/ssh/xkey.pub b/kartei/others/ssh/xkey.pub new file mode 100644 index 000000000..a50522fce --- /dev/null +++ b/kartei/others/ssh/xkey.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwyWKyTjg00x1M1PCDBXbixmdZObZiMLAW0f9KGFvC diff --git a/krebs/3modules/external/ssh/xq.pub b/kartei/others/ssh/xq.pub index 2c23970e3..2c23970e3 100644 --- a/krebs/3modules/external/ssh/xq.pub +++ b/kartei/others/ssh/xq.pub diff --git a/krebs/3modules/external/tinc/hasegateway.pub b/kartei/others/tinc/hasegateway.pub index ef6520e85..ef6520e85 100644 --- a/krebs/3modules/external/tinc/hasegateway.pub +++ b/kartei/others/tinc/hasegateway.pub diff --git a/krebs/3modules/external/tinc/horisa.pub b/kartei/others/tinc/horisa.pub index 06d686ce3..06d686ce3 100644 --- a/krebs/3modules/external/tinc/horisa.pub +++ b/kartei/others/tinc/horisa.pub diff --git a/krebs/3modules/external/tinc/justraute.pub b/kartei/others/tinc/justraute.pub index b4af349b7..b4af349b7 100644 --- a/krebs/3modules/external/tinc/justraute.pub +++ b/kartei/others/tinc/justraute.pub diff --git a/krebs/3modules/external/tinc/tpsw.pub b/kartei/others/tinc/tpsw.pub index 38b0cb293..38b0cb293 100644 --- a/krebs/3modules/external/tinc/tpsw.pub +++ b/kartei/others/tinc/tpsw.pub diff --git a/kartei/oxzi/default.nix b/kartei/oxzi/default.nix new file mode 100644 index 000000000..a4d23b01a --- /dev/null +++ b/kartei/oxzi/default.nix @@ -0,0 +1,62 @@ +{ config, ... }: let + lib = import ../../lib; +in { + users.oxzi = { + mail = "post@0x21.biz"; + }; + hosts = { + ancha = { + owner = config.krebs.users.oxzi; + nets.retiolum = { + aliases = [ + "ancha.oxzi.r" + "gosh.r" + ]; + ip4.addr = "10.243.32.1"; + ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "ancha"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA5RSP7nWZ1c04kvQBxoHqcdRKpJuRDzD3f0Nl2KhS7QsAqHJGdK7T + RrsoZcvJaKIFnlohJ4T1YpGGcXqShhTmKt3sm/0awLhD+zTE8lAlvEj+lnCkHls8 + eXO+VDB5FelibW/wEnvdImxKBaSVt4RLmMyTuzS9xklEq8Q+wMvzJktnV3pWJjYX + /JBYQEUHlrqXldBlKGHkU1KhFZHD/wzV5Ybkku4w1BHrMUHJNwHpTshD/QBDiJFj + iRA3e3Jfpp3qj2uWetGuP7NlFpZCh/fSrTqkAE8uShcFlplbgJIEGz2pp644maqw + XxRWPH1Iy5NHwVz/GSzQ67vsEunRJjueFQk8gxnhjh/CAlmE9VdxfGQOkejBAq+X + zCbqyflLPPz3Qx56TVpmAOY4gma7sfsaYAv+zv2paUxFKBfZrEL5UNoIevV9kZDn + nDixTQ6cDxHt3yCVzvwqTTBktZ0mYom43lvKSUnihDrQL1u338labFPtsZTOK4bo + 687ToSUC6u80VcnMTZxPFYOgTMjdCZPo+j1bhzmCQQCzcStRSeKRta+LOYb73Tjz + M6CwC9uaHDxhtmysXpZ4Qp83tfU6h/AsBJJpBdpkyLYXTq+E32pIq6RtKFFQL00O + /e0DzUzSB30oKLW1i2ZxWRQMVqvNdKsyq4glI4eRjnRmrnXOwTb7Y2MCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "oLvC/Y3jfGH4a8mBbv9eCCWKsx32gDGW/iCyia/fuBD"; + }; + }; + marohu = { + owner = config.krebs.users.oxzi; + nets.retiolum = { + aliases = [ + "marohu.oxzi.r" + ]; + ip4.addr = "10.243.32.2"; + ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "marohu"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxHLkvuH9JMXay/fEmoWTEqLHg9A50EzkxPVBn4nyezgp5vxsUqJz + Ys0VnO6jjgz9T6N8u0CaavsqFy+X48A/+uB5nd/nGDZNaeTg+HUdznT4OFAJEaDi + uQREDsR5ZwmpI534eESHMdn5LSb/+5CUgj2xsoOBxnukALm1YccPxR0PPibCm+Z1 + P8r+1+nBgIPv+cknTXzhWMF/L7UOXuyV3Jmk1BIhwYmzWVes6idtIyJwoCbssoQT + cl21Czvhwx63o/QEa81qKeCK3AAAnMbp1tAxnzl7Wr/cSoBYRgSIZkOQPEUNHvpF + fT9UzZ3DZyAOMWNjqiK1M93VruFYer05qO3jGgumDey/9gLjP6GMjBw9jVDNY9yn + 8mOKz9dkrP3v/A96Uqp+w/lYO87YrxA+h9BYY4jyPngGh0DoXddHLHAKco39vbq8 + 4vQRsK5QNgquF7O9aBDMSrFosk1VFedpZQwC2LaXcjtI3aMq3vIURTbuWkutAjAd + p9a5dRa62pWk41n6yLmalCkqnHoqVUaft9wZIxbcrDLUso7QxY6kFhjADSijnr5B + HrBXJhNLGVjBD/W++l2CJ+L4njmy4eGrOTBvIzosCMbtgMtfuu7WSQhsjxTwclbD + utT3hmgxDPZydsvzRMsLNvNQwUoiLAL4mz27V9hYcJTKPAbUL3y8h48CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "q/DIqHkb/8Qu7OrCXaBeuxkT9XNPmxo8uF3GkFFC6rJ"; + }; + }; + }; +} diff --git a/krebs/3modules/external/palo.nix b/kartei/palo/default.nix index aea1792f4..4caf41f87 100644 --- a/krebs/3modules/external/palo.nix +++ b/kartei/palo/default.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ../../lib; { config, ... }: let hostDefaults = hostName: host: flip recursiveUpdate host ({ @@ -12,8 +12,6 @@ with import <stockholm/lib>; nets.wiregrill.ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }); - ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); - tinc-for = name: builtins.readFile (./tinc + "/${name}.pub"); in { hosts = mapAttrs hostDefaults { @@ -24,7 +22,7 @@ in { ip4.addr = "10.243.23.1"; tinc.port = 720; aliases = [ "pepe.r" ]; - tinc.pubkey = tinc-for "palo"; + tinc.pubkey = builtins.readFile ./retiolum.pub; }; }; }; @@ -35,7 +33,7 @@ in { ip4.addr = "10.243.23.2"; tinc.port = 720; aliases = [ "schasch.r" ]; - tinc.pubkey = tinc-for "palo"; + tinc.pubkey = builtins.readFile ./retiolum.pub; }; }; syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ"; @@ -49,7 +47,7 @@ in { aliases = [ "sterni.r" ]; - tinc.pubkey = tinc-for "palo"; + tinc.pubkey = builtins.readFile ./retiolum.pub; }; }; }; @@ -60,7 +58,7 @@ in { ip4.addr = "10.243.23.5"; tinc.port = 720; aliases = [ "workhorse.r" ]; - tinc.pubkey = tinc-for "palo"; + tinc.pubkey = builtins.readFile ./retiolum.pub; }; }; }; @@ -71,7 +69,7 @@ in { ip4.addr = "10.243.23.4"; tinc.port = 720; aliases = [ "workout.r" ]; - tinc.pubkey = tinc-for "palo"; + tinc.pubkey = builtins.readFile ./retiolum.pub; }; }; }; diff --git a/krebs/3modules/external/tinc/palo.pub b/kartei/palo/retiolum.pub index 65284d51d..65284d51d 100644 --- a/krebs/3modules/external/tinc/palo.pub +++ b/kartei/palo/retiolum.pub diff --git a/kartei/rtunreal/default.nix b/kartei/rtunreal/default.nix new file mode 100644 index 000000000..5f00e3d45 --- /dev/null +++ b/kartei/rtunreal/default.nix @@ -0,0 +1,51 @@ +with import ../../lib; +{ config, ... }: +let + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + owner = config.krebs.users.rtunreal; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum = { + ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill = { + ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + }; + }); +in +{ + users = rec { + rtunreal = { + # Mail is temporary as it will change in the future and I + # don't want it to be semi permanent + # mail: krebscotemp(a)user-sites[point]de + }; + }; + hosts = mapAttrs hostDefaults { + rtspinner = { + nets.retiolum = { + aliases = [ "spinner.rtunreal.r" ]; + ip4.addr = "10.243.20.18"; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEApgnFW2hCP2Lf+CGMtzgiTyA9sphEKGzVtOTJy+LxZ/WchFU6QiU6 + Dl5ybz/Bor25dbwvQCRsQo42gPb+xyjsoHGu2q1NVazMQobePjt/8Qzfqw+Ydz3e + CC0Lq2J7A5HkzHAevvSHjWh52EfAfu9PGnsszDyWY/oKY+JkBd3wdnE4VsZIhUU6 + Zrmuq+JU53Wy4TAcd3JNStvTW3z7MK4BXxovTV3zSq9sg4a120dyrG/d/m35abvm + V20Qb9VPmG+861f7gBn45M1w9d4X+3Ev8zum60Lk9JDRETfnufbOsSWNFVk2nsc3 + wpCYd+7FMq5hBf75At/pQ32kbsMkAMpQDJlHwE/xmhxYU2mzlMLY6JW1gspOt00C + iny5qqmhMoZ3r1VmGuu1aA00V+My+dj5i+pvZiUQ9DG2eYoKM43Var2XsU6lURpL + UhozcYkb+ax9mqlaPjq2BSYLNzmqTJc3FJY6CcyZxIi4aB8EhDeebYD7wIX115tf + wwMIJB9FgmvwBhL2K48P5p8lmxU0sNidvv/Gnr3Fgf1p+jEo8BC9hDK3gigD0lqo + AGmRrjHQN7AjysTMTllDj8RSoO2LhOYTxVtcMsQnPJ9hfFrgnSpSZok64y0h+QJG + q2WZRBwRYORC7JfKNbE6drRtM6DXccMxOM0eQXoDvg3D5Xg4aqWy3ikCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "eHWJxlhbUQY0rT2PLqbqb9W4hf7zHh3+gEIRaGrxAdB"; + }; + }; + }; +} diff --git a/kartei/template/default.nix b/kartei/template/default.nix new file mode 100644 index 000000000..2acf78d38 --- /dev/null +++ b/kartei/template/default.nix @@ -0,0 +1,20 @@ +{ config, ... }: let + lib = import ../../lib; +in { + users.DUMMYUSER = { + mail = "DUMMYUSER@example.ork"; + }; + hosts.DUMMYHOST = { + owner = config.krebs.users.DUMMYUSER; + nets.retiolum = { + aliases = [ "DUMMYHOST.DUMMYUSER.r" ]; + ip6.addr = (lib.krebs.genipv6 "retiolum" "DUMMYUSER" { hostName = "DUMMYHOST"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + DUMMYTINCPUBKEYRSA + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "DUMMYTINCPUBKEYED25519"; + }; + }; +} diff --git a/krebs/3modules/tv/default.nix b/kartei/tv/default.nix index 016d5ca9f..f7e86c598 100644 --- a/krebs/3modules/tv/default.nix +++ b/kartei/tv/default.nix @@ -1,4 +1,4 @@ -with import ../../../lib; +with import ../../lib; { config, ... }: let evalHost = hostName: hostConfig: evalSubmodule types.host [ @@ -169,8 +169,10 @@ in { cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} + search.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} + search.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} krebsco.de. 60 IN MX 5 ni - krebsco.de. 60 IN TXT v=spf1 mx -all + krebsco.de. 60 IN TXT "v=spf1 mx -all" tv 300 IN NS ni ''; }; @@ -196,6 +198,8 @@ in { aliases = [ "ni.r" "cgit.ni.r" + "krebs.ni.r" + "search.ni.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -316,7 +320,6 @@ in { aliases = [ "xu.r" "cgit.xu.r" - "krebs.xu.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -366,7 +369,7 @@ in { "http://cgit.krebsco.de" = { desc = "Git repositories"; }; - "http://krebs.xu.r" = { + "http://krebs.ni.r" = { desc = "krebs-pages mirror"; }; }; diff --git a/krebs/3modules/tv/pgp/CBF89B0B.asc b/kartei/tv/pgp/CBF89B0B.asc index e059116ae..e059116ae 100644 --- a/krebs/3modules/tv/pgp/CBF89B0B.asc +++ b/kartei/tv/pgp/CBF89B0B.asc diff --git a/krebs/3modules/tv/wiregrill/alnus.pub b/kartei/tv/wiregrill/alnus.pub index de85e54da..de85e54da 100644 --- a/krebs/3modules/tv/wiregrill/alnus.pub +++ b/kartei/tv/wiregrill/alnus.pub diff --git a/krebs/3modules/tv/wiregrill/mu.pub b/kartei/tv/wiregrill/mu.pub index 18edc8986..18edc8986 100644 --- a/krebs/3modules/tv/wiregrill/mu.pub +++ b/kartei/tv/wiregrill/mu.pub diff --git a/krebs/3modules/tv/wiregrill/ni.pub b/kartei/tv/wiregrill/ni.pub index 257b29833..257b29833 100644 --- a/krebs/3modules/tv/wiregrill/ni.pub +++ b/kartei/tv/wiregrill/ni.pub diff --git a/krebs/3modules/tv/wiregrill/nomic.pub b/kartei/tv/wiregrill/nomic.pub index be9c94be6..be9c94be6 100644 --- a/krebs/3modules/tv/wiregrill/nomic.pub +++ b/kartei/tv/wiregrill/nomic.pub diff --git a/krebs/3modules/tv/wiregrill/querel.pub b/kartei/tv/wiregrill/querel.pub index 2273cf99d..2273cf99d 100644 --- a/krebs/3modules/tv/wiregrill/querel.pub +++ b/kartei/tv/wiregrill/querel.pub diff --git a/krebs/3modules/tv/wiregrill/umz.pub b/kartei/tv/wiregrill/umz.pub index c041b5eee..c041b5eee 100644 --- a/krebs/3modules/tv/wiregrill/umz.pub +++ b/kartei/tv/wiregrill/umz.pub diff --git a/krebs/3modules/tv/wiregrill/wu.pub b/kartei/tv/wiregrill/wu.pub index 0d25d9de9..0d25d9de9 100644 --- a/krebs/3modules/tv/wiregrill/wu.pub +++ b/kartei/tv/wiregrill/wu.pub diff --git a/krebs/3modules/tv/wiregrill/xu.pub b/kartei/tv/wiregrill/xu.pub index ba0c7dd04..ba0c7dd04 100644 --- a/krebs/3modules/tv/wiregrill/xu.pub +++ b/kartei/tv/wiregrill/xu.pub diff --git a/krebs/3modules/tv/wiregrill/zu.pub b/kartei/tv/wiregrill/zu.pub index 0238dd653..0238dd653 100644 --- a/krebs/3modules/tv/wiregrill/zu.pub +++ b/kartei/tv/wiregrill/zu.pub diff --git a/kartei/xkey/default.nix b/kartei/xkey/default.nix new file mode 100644 index 000000000..a8a6648ce --- /dev/null +++ b/kartei/xkey/default.nix @@ -0,0 +1,126 @@ +with import ../../lib; +{ config, ... }: +let + maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else []; + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + owner = config.krebs.users.kmein; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum = { + ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill = { + ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + }; + }); + ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); +in +{ + users = rec { + xkey = { + mail = "xkey@krebsco.de"; + pubkey = ssh-for "xkey"; + }; + }; + hosts = mapAttrs hostDefaults { + aland = { + nets = { + retiolum = { + ip4.addr = "10.243.12.34"; + aliases = [ "aland.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY + CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU + plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb + DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx + aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+ + OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1 + ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X + TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa + aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX + zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf + VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A"; + }; + }; + }; + catalonia = { + nets = { + retiolum = { + ip4.addr = "10.243.13.12"; + aliases = [ "catalonia.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y + gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA + VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE + Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e + FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ + HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3 + mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3 + zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6 + sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3 + ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf + vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL"; + }; + }; + }; + rojava = { + nets = { + retiolum = { + ip4.addr = "10.243.23.42"; + aliases = [ "rojava.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd + B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb + HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61 + Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD + lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW + +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs + 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2 + vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx + HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+ + XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4 + yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F"; + }; + }; + }; + sicily = { + nets = { + retiolum = { + ip4.addr = "10.243.161.1"; + aliases = [ "sicily.r" "mukke.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg + aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam + xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod + 1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/ + IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7 + KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC + 7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L + LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp + T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB + w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO + 8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN"; + }; + }; + }; + }; +} diff --git a/kartei/xkey/ssh/xkey.pub b/kartei/xkey/ssh/xkey.pub new file mode 100644 index 000000000..a50522fce --- /dev/null +++ b/kartei/xkey/ssh/xkey.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwyWKyTjg00x1M1PCDBXbixmdZObZiMLAW0f9KGFvC diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index cf07d3b4d..9849937d5 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -13,12 +13,16 @@ <stockholm/krebs/2configs/acme.nix> <stockholm/krebs/2configs/mud.nix> + <stockholm/krebs/2configs/cal.nix> + <stockholm/krebs/2configs/mastodon.nix> + ## shackie irc bot <stockholm/krebs/2configs/shack/reaktor.nix> ]; krebs.build.host = config.krebs.hosts.hotdog; krebs.github-hosts-sync.enable = true; + krebs.pages.enable = true; boot.isContainer = true; networking.useDHCP = false; diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix index 8250ebad9..2f55995cf 100644 --- a/krebs/1systems/ponte/config.nix +++ b/krebs/1systems/ponte/config.nix @@ -7,5 +7,31 @@ <stockholm/krebs/2configs/matterbridge.nix> ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.logRefusedConnections = false; + networking.firewall.logRefusedUnicastsOnly = false; + + # Move Internet-facing SSH port to reduce logspam. + networking.firewall.extraCommands = let + host = config.krebs.build.host; + in /* sh */ '' + iptables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22 + iptables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22 + iptables -t nat -A PREROUTING -d ${host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT + iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0 + + ip6tables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22 + ip6tables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22 + ip6tables -t nat -A PREROUTING -d ${host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT + ip6tables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0 + ''; + krebs.build.host = config.krebs.hosts.ponte; + + krebs.pages.enable = true; + krebs.pages.nginx.addSSL = true; + krebs.pages.nginx.enableACME = true; + + security.acme.acceptTerms = true; + security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de"; } diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix new file mode 100644 index 000000000..90093e8eb --- /dev/null +++ b/krebs/2configs/cal.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: +{ + users.users.testing = { + uid = pkgs.stockholm.lib.genid_uint31 "testing"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.xkey.pubkey + config.krebs.users.lass.pubkey + ]; + packages = [ + pkgs.calendar-cli + pkgs.tmux + ]; + }; + + services.xandikos = { + enable = true; + extraOptions = [ + "--autocreate" + "--defaults" + "--current-user-principal /krebs" + "--dump-dav-xml" + ]; + }; + + services.nginx = { + enable = true; + + virtualHosts = { + "calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/"; + }; + }; +} diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 38d770316..fffe128e6 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -27,9 +27,6 @@ with import <stockholm/lib>; ]; console.keyMap = "us"; - i18n = { - defaultLocale = lib.mkForce "C"; - }; programs.ssh.startAgent = false; @@ -60,4 +57,7 @@ with import <stockholm/lib>; # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "17.03"; + + # maybe fix Error: unsupported locales detected: + i18n.defaultLocale = mkDefault "C.UTF-8"; } diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index 82f8ec942..01597f49f 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -16,6 +16,14 @@ in { tv ]; eloop-ml = spam-ml; + krebstel-ml = [ + config.krebs.users."0x4A6F" + { mail = "krebstel-1rxz0mqa95nkmk298s1731ly0ii7vc36kkm36pnjj89hrq52pgn1@ni.r"; } + { mail = "krebstel-1difh7483axpiaq92ghi14r5cql822wbhixqb0nn3y3jkcj0b785@ni.r"; } + { mail = "lass@green.r"; } + tv + xkey + ]; spam-ml = [ lass makefu @@ -28,6 +36,7 @@ in { "spam@eloop.org" = eloop-ml; "youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead "postmaster@krebsco.de" = spam-ml; # RFC 822 + "krebstel@krebsco.de" = krebstel-ml; "lass@krebsco.de" = lass; "makefu@krebsco.de" = makefu; "spam@krebsco.de" = spam-ml; diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index c6c91e074..a802b8a25 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,9 +5,9 @@ 6667 ]; - krebs.ergo = { + services.ergochat = { enable = true; - config = { + settings = { server.secure-nets = [ "42::0/16" "10.240.0.0/12" diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix new file mode 100644 index 000000000..4d359c3fe --- /dev/null +++ b/krebs/2configs/mastodon-proxy.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: +{ + services.nginx = { + enable = true; + virtualHosts."social.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + # TODO use this in 22.11 + # recommendedProxySettings = true; + proxyPass = "http://hotdog.r"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + ''; + }; + }; + }; +} diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix new file mode 100644 index 000000000..145b383ed --- /dev/null +++ b/krebs/2configs/mastodon.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresql = { + enable = true; + dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}"; + package = pkgs.postgresql_11; + }; + systemd.tmpfiles.rules = [ + "d /var/state/postgresql 0700 postgres postgres -" + ]; + + services.mastodon = { + enable = true; + localDomain = "social.krebsco.de"; + configureNginx = true; + trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr; + smtp.createLocally = false; + smtp.fromAddress = "derp"; + }; + + services.nginx.virtualHosts.${config.services.mastodon.localDomain} = { + forceSSL = lib.mkForce false; + enableACME = lib.mkForce false; + locations."@proxy".extraConfig = '' + proxy_redirect off; + proxy_pass_header Server; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + ''; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + ]; + + environment.systemPackages = [ + (pkgs.writers.writeDashBin "tootctl" '' + sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@" + '') + (pkgs.writers.writeDashBin "create-mastodon-user" '' + set -efu + nick=$1 + /run/current-system/sw/bin/tootctl accounts create "$nick" --email "$nick"@krebsco.de --confirmed + /run/current-system/sw/bin/tootctl accounts approve "$nick" + '') + ]; +} diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix index a68aa292c..b96dea300 100644 --- a/krebs/2configs/matterbridge.nix +++ b/krebs/2configs/matterbridge.nix @@ -10,14 +10,10 @@ Charset = "utf-8"; }; telegram.krebs.Token = bridgeBotToken; - irc = let + irc.hackint = { + Server = "irc.hackint.org:6697"; + UseTLS = true; Nick = "ponte"; - in { - hackint = { - Server = "irc.hackint.org:6697"; - UseTLS = true; - inherit Nick; - }; }; gateway = [ { diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix index b7728986f..07674c86e 100644 --- a/krebs/2configs/news-host.nix +++ b/krebs/2configs/news-host.nix @@ -4,10 +4,7 @@ "shodan" "mors" "styx" - "puyak" ]; - hostIp = "10.233.2.101"; - localIp = "10.233.2.102"; format = "plain"; }; } diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 3649aeeea..d6c6371da 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -68,8 +68,8 @@ wantedBy = [ "multi-user.target" ]; }; - krebs.ergo.openFilesLimit = 16384; - krebs.ergo.config = { + services.ergochat.openFilesLimit = 16384; + services.ergochat.settings = { limits.nicklen = 100; limits.identlen = 100; history.enabled = false; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index afaac9dae..13b59fa82 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -51,6 +51,77 @@ let }; }; + confuse = { + pattern = "^!confuse (.*)$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writeDash "confuse" '' + set -efux + + export PATH=${makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.stable-generate + ]} + stable_url=$(stable-generate "$@") + paste_url=$(curl -Ss "$stable_url" | + curl -Ss http://p.r --data-binary @- | + tail -1 + ) + echo "$_from: $paste_url" + ''; + }; + }; + + confuse_hackint = { + pattern = "^!confuse (.*)$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writeDash "confuse" '' + set -efu + export PATH=${makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.stable-generate + ]} + case $_msgtarget in \#*) + stable_url=$(stable-generate "$@") + paste_url=$(curl -Ss "$stable_url" | + curl -Ss https://p.krebsco.de --data-binary @- | + tail -1 + ) + echo "$_from: $paste_url" + esac + ''; + }; + }; + + say = { + pattern = "^!say (.*)$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writeDash "say" '' + set -efu + + export PATH=${makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.opusTools + ]} + paste_url=$(printf '%s' "$1" | + curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' | + opusenc - - | + curl -Ss https://p.krebsco.de --data-binary @- | + tail -1 + ) + echo "$_from: $paste_url" + ''; + }; + }; + taskRcFile = builtins.toFile "taskrc" '' confirmation=no ''; @@ -112,7 +183,7 @@ let } ''; - systemPlugin = { + systemPlugin = { extra_privmsg_hooks ? [] }: { plugin = "system"; config = { workdir = stateDir; @@ -185,8 +256,9 @@ let }; } { - pattern = "18@p"; + pattern = ''^18@p\s+(\S+)\s+(\d+)m$''; activate = "match"; + arguments = [1 2]; command = { env = { CACHE_DIR = "${stateDir}/krebsfood"; @@ -196,45 +268,36 @@ let osm-restaurants-src = pkgs.fetchFromGitHub { owner = "kmein"; repo = "scripts"; - rev = "66b2068d548d3418c81dd093bba3f80248c68196"; - sha256 = "059sp2lz54iwklswaxv9w703sbm2vv7p0ccig10gsqshriq6v58z"; + rev = "dda381be26abff73a0cf364c6dfff6e1701f41ee"; + sha256 = "sha256-J7jGWZeAULDA1EkO50qx+hjl+5IsUj389pUUMreKeNE="; }; osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {}; in pkgs.writeDash "krebsfood" '' set -efu - ecke_lat=52.51252 - ecke_lon=13.41740 - ${osm-restaurants}/bin/osm-restaurants --radius 500 --latitude "$ecke_lat" --longitude "$ecke_lon" \ - | ${pkgs.jq}/bin/jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"' - ' - ''; - }; - } - { - pattern = ''^([\H-]*?):?\s+([+-][1-9][0-9]*)\s+(\S+)$''; - activate = "match"; - arguments = [1 2 3]; - command = { - env = { - # TODO; get state as argument - state_file = "${stateDir}/ledger"; - }; - filename = pkgs.writeDash "ledger-add" '' - set -x - tonick=$1 - amt=$2 - unit=$3 - printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file - ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ - | ${pkgs.coreutils}/bin/tail +2 \ - | ${pkgs.miller}/bin/mlr --icsv --opprint cat \ - | ${pkgs.gnugrep}/bin/grep "$_from" + export PATH=${makeBinPath [ + osm-restaurants + pkgs.coreutils + pkgs.curl + pkgs.jq + ]} + poi=$(curl -fsS http://c.r/poi.json | jq --arg name "$1" '.[$name]') + if [ "$poi" = null ]; then + latitude=52.51252 + longitude=13.41740 + else + latitude=$(echo "$poi" | jq -r .latitude) + longitude=$(echo "$poi" | jq -r .longitude) + fi + + restaurant=$(osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude") + printf '%s' "$restaurant" | tail -1 | jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"' ''; }; } bedger-add bedger-balance hooks.sed + say (generators.command_hook { inherit (commands) dance random-emoji nixos-version; tell = { @@ -251,7 +314,7 @@ let }; }) (task "agenda") - ]; + ] ++ extra_privmsg_hooks; }; }; @@ -411,7 +474,11 @@ in { ]; }; } - systemPlugin + (systemPlugin { + extra_privmsg_hooks = [ + confuse_hackint + ]; + }) ]; username = "reaktor2"; port = "6697"; @@ -429,7 +496,11 @@ in { ]; }; } - systemPlugin + (systemPlugin { + extra_privmsg_hooks = [ + confuse + ]; + }) ]; username = "reaktor2"; }; diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix index 74a77a0ed..cb5d236ac 100644 --- a/krebs/2configs/security-workarounds.nix +++ b/krebs/2configs/security-workarounds.nix @@ -4,10 +4,15 @@ nixpkgs.overlays = [ (self: super: { exim = - super.exim.overrideAttrs (old: { + super.exim.overrideAttrs (old: let + key = if builtins.hasAttr "preBuild" old then + "preBuild" + else + "configurePhase"; + in { buildInputs = old.buildInputs ++ [ self.gnutls ]; - preBuild = /* sh */ '' - ${old.preBuild} + ${key} = /* sh */ '' + ${old.${key}} sed -Ei ' s:^USE_OPENSSL=.*:# &: s:^# (USE_GNUTLS)=.*:\1=yes: diff --git a/krebs/2configs/shack/doorstatus.sh b/krebs/2configs/shack/doorstatus.sh index 46314cb9c..aa6c1c3d1 100755 --- a/krebs/2configs/shack/doorstatus.sh +++ b/krebs/2configs/shack/doorstatus.sh @@ -54,7 +54,8 @@ Herr makefu an Kasse 3 bitte, Kasse 3 bitte Herr makefu. Der API Computer ist ma EOF ) -state=$(curl -fSsk https://api.shackspace.de/v1/space | jq .doorState.open) +payload=$(curl -fSsk https://api.shackspace.de/v1/space) +state=$(printf '%s' "$payload" | jq .doorState.open) prevstate=$(cat state ||:) if test "$state" == "$(cat state)";then diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix index 0f85b27c0..022da5884 100644 --- a/krebs/3modules/ci/default.nix +++ b/krebs/3modules/ci/default.nix @@ -115,6 +115,7 @@ let build_name = stage, build_script = stages[stage], ), + timeout = 3600, command="${pkgs.writeDash "build.sh" '' set -xefu profile=${shell.escape profileRoot}/$build_name diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 01436d352..6babac72e 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ../../kartei ./acl.nix ./airdcpp.nix ./announce-activation.nix @@ -19,7 +20,6 @@ let ./ci ./current.nix ./dns.nix - ./ergo.nix ./exim-retiolum.nix ./exim-smarthost.nix ./exim.nix @@ -34,6 +34,7 @@ let ./iptables.nix ./kapacitor.nix ./konsens.nix + ./krebs-pages.nix ./monit.nix ./nixpkgs.nix ./on-failure.nix @@ -48,6 +49,7 @@ let ./secret.nix ./setuid.nix ./shadow.nix + ./sitemap.nix ./ssl.nix ./sync-containers.nix ./systemd.nix @@ -55,6 +57,7 @@ let ./tinc_graphs.nix ./upstream ./urlwatch.nix + ./users.nix ./xresources.nix ./zones.nix ]; @@ -65,15 +68,6 @@ let api = { enable = mkEnableOption "krebs"; - users = mkOption { - type = with types; attrsOf user; - }; - - sitemap = mkOption { - default = {}; - type = types.attrsOf types.sitemap.entry; - }; - zone-head-config = mkOption { type = with types; attrsOf str; description = '' @@ -90,49 +84,13 @@ let @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) IN NS ns19.ovh.net. IN NS dns19.ovh.net. - IN A 185.199.108.153 - IN A 185.199.109.153 - IN A 185.199.110.153 - IN A 185.199.111.153 ''; }; }; }; imp = lib.mkMerge [ - { krebs = import ./external { inherit config; }; } - { krebs = import ./external/dbalan.nix { inherit config; }; } - { krebs = import ./external/kmein.nix { inherit config; }; } - { krebs = import ./external/mic92.nix { inherit config; }; } - { krebs = import ./external/palo.nix { inherit config; }; } - { krebs = import ./jeschli { inherit config; }; } - { krebs = import ./krebs { inherit config; }; } - { krebs = import ./lass { inherit config; }; } - { krebs = import ./makefu { inherit config; }; } - { krebs = import ./tv { inherit config; }; } { - krebs.dns.providers = { - "krebsco.de" = "zones"; - shack = "hosts"; - i = "hosts"; - r = "hosts"; - w = "hosts"; - }; - - krebs.dns.search-domain = mkDefault "r"; - - krebs.users = { - krebs = { - home = "/krebs"; - mail = "spam@krebsco.de"; - }; - root = { - home = "/root"; - pubkey = config.krebs.build.host.ssh.pubkey; - uid = 0; - }; - }; - services.openssh.hostKeys = let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) [privkey]; diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix index 8acc4ccd8..8a74d3067 100644 --- a/krebs/3modules/dns.nix +++ b/krebs/3modules/dns.nix @@ -1,12 +1,21 @@ with import <stockholm/lib>; -{ +{ config, ... }: { options = { krebs.dns.providers = mkOption { type = types.attrsOf types.str; }; - krebs.dns.search-domain = mkOption { type = types.nullOr types.hostname; }; }; + config = mkIf config.krebs.enable { + krebs.dns.providers = { + "krebsco.de" = "zones"; + shack = "hosts"; + i = "hosts"; + r = "hosts"; + w = "hosts"; + }; + krebs.dns.search-domain = mkDefault "r"; + }; } diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix deleted file mode 100644 index 50c5ab628..000000000 --- a/krebs/3modules/ergo.nix +++ /dev/null @@ -1,133 +0,0 @@ -{ config, lib, options, pkgs, ... }: { - options = { - krebs.ergo = { - enable = lib.mkEnableOption "Ergo IRC daemon"; - openFilesLimit = lib.mkOption { - type = lib.types.int; - default = 1024; - description = '' - Maximum number of open files. Limits the clients and server connections. - ''; - }; - config = lib.mkOption { - type = (pkgs.formats.json {}).type; - description = '' - Ergo IRC daemon configuration file. - https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml - ''; - default = { - network = { - name = "krebstest"; - }; - server = { - name = "${config.networking.hostName}.r"; - listeners = { - ":6667" = {}; - }; - casemapping = "permissive"; - enforce-utf = true; - lookup-hostnames = false; - ip-cloaking = { - enabled = false; - }; - forward-confirm-hostnames = false; - check-ident = false; - relaymsg = { - enabled = false; - }; - max-sendq = "1M"; - ip-limits = { - count = false; - throttle = false; - }; - }; - datastore = { - autoupgrade = true; - path = "/var/lib/ergo/ircd.db"; - }; - accounts = { - authentication-enabled = true; - registration = { - enabled = true; - allow-before-connect = true; - throttling = { - enabled = true; - duration = "10m"; - max-attempts = 30; - }; - bcrypt-cost = 4; - email-verification.enabled = false; - }; - multiclient = { - enabled = true; - allowed-by-default = true; - always-on = "opt-out"; - auto-away = "opt-out"; - }; - }; - channels = { - default-modes = "+ntC"; - registration = { - enabled = true; - }; - }; - limits = { - nicklen = 32; - identlen = 20; - channellen = 64; - awaylen = 390; - kicklen = 390; - topiclen = 390; - }; - history = { - enabled = true; - channel-length = 2048; - client-length = 256; - autoresize-window = "3d"; - autoreplay-on-join = 0; - chathistory-maxmessages = 100; - znc-maxmessages = 2048; - restrictions = { - expire-time = "1w"; - query-cutoff = "none"; - grace-period = "1h"; - }; - retention = { - allow-individual-delete = false; - enable-account-indexing = false; - }; - tagmsg-storage = { - default = false; - whitelist = [ - "+draft/react" - "+react" - ]; - }; - }; - }; - }; - }; - }; - config = let - cfg = config.krebs.ergo; - configFile = pkgs.writeJSON "ergo.conf" cfg.config; - in lib.mkIf cfg.enable ({ - environment.etc."ergo.yaml".source = configFile; - krebs.ergo.config = - lib.mapAttrsRecursive (_: lib.mkDefault) options.krebs.ergo.config.default; - systemd.services.ergo = { - description = "Ergo IRC daemon"; - wantedBy = [ "multi-user.target" ]; - # reload currently not working as expected - # reloadIfChanged = true; - restartTriggers = [ configFile ]; - serviceConfig = { - ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml"; - ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID"; - DynamicUser = true; - StateDirectory = "ergo"; - LimitNOFILE = "${toString cfg.openFilesLimit}"; - }; - }; - }); -} diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index fe149448b..7c176d224 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -12,6 +12,8 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; + enableSPFVerification = mkEnableOption "SPF verification"; + authenticators = mkOption { type = types.attrsOf types.str; default = {}; @@ -123,10 +125,12 @@ let # XXX We abuse local_domains to mean "domains, we're the gateway for". domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} + domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains} hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts} - acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data + acl_smtp_mail = acl_check_mail + acl_smtp_rcpt = acl_check_rcpt never_users = root @@ -173,11 +177,46 @@ let acl_check_data: warn - sender_domains = ${concatStringsSep ":" cfg.sender_domains} + sender_domains = +sender_domains set acl_m_special_dom = $sender_address_domain accept + acl_check_mail: + ${if cfg.enableSPFVerification then indent /* exim */ '' + accept + authenticated = * + accept + hosts = +relay_from_hosts + deny + spf = fail : softfail + log_message = spf=$spf_result + message = SPF validation failed: \ + $sender_host_address is not allowed to send mail from \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + deny + spf = permerror + log_message = spf=$spf_result + message = SPF validation failed: \ + syntax error in SPF record(s) for \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + defer + spf = temperror + log_message = spf=$spf_result; deferred + message = temporary error during SPF validation; \ + please try again later + warn + spf = none : neutral + log_message = spf=$spf_result + accept + add_header = $spf_received + '' else indent /* exim */ '' + accept + ''} begin routers diff --git a/krebs/3modules/external/ssh/xkey.pub b/krebs/3modules/external/ssh/xkey.pub deleted file mode 100644 index cd09f06bb..000000000 --- a/krebs/3modules/external/ssh/xkey.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZFKgFcAEGXcsssJxDeUVvOTKD0U4LlT2Yw85+WmMTj diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index ae0136303..bd1bb1652 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -11,7 +11,7 @@ in { }; }; - config = { + config = mkIf config.krebs.enable { networking.hosts = filterAttrs (_name: value: value != []) diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 375e26974..b760ea671 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -2,6 +2,12 @@ with import <stockholm/lib>; let + optionalAttr = name: value: + if name != null then + { ${name} = value; } + else + {}; + cfg = config.krebs.htgen; out = { @@ -30,8 +36,15 @@ let }; script = mkOption { - type = types.str; + type = types.nullOr types.str; + default = null; + }; + + scriptFile = mkOption { + type = types.nullOr (types.either types.package types.pathname); + default = null; }; + user = mkOption { type = types.user; default = { @@ -54,8 +67,10 @@ let after = [ "network.target" ]; environment = { HTGEN_PORT = toString htgen.port; - HTGEN_SCRIPT = htgen.script; - }; + } + // optionalAttr "HTGEN_SCRIPT" htgen.script + // optionalAttr "HTGEN_SCRIPT_FILE" htgen.scriptFile + ; serviceConfig = { SyslogIdentifier = "htgen"; User = htgen.user.name; diff --git a/krebs/3modules/krebs-pages.nix b/krebs/3modules/krebs-pages.nix new file mode 100644 index 000000000..a2a5b723e --- /dev/null +++ b/krebs/3modules/krebs-pages.nix @@ -0,0 +1,44 @@ +{ config, modulesPath, pkgs, ... }: let + cfg = config.krebs.pages; + lib = import ../../lib; + extraTypes.nginx-vhost = lib.types.submodule ( + lib.recursiveUpdate + (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix") + { inherit config lib; }) + {} + ); +in { + options.krebs.pages = { + enable = lib.mkEnableOption "krebs-pages"; + domain = lib.mkOption { + type = lib.types.hostname; + default = "krebsco.de"; + }; + nginx = lib.mkOption { + type = extraTypes.nginx-vhost; + default = {}; + example = lib.literalExpression /* nix */ '' + { + # To enable encryption and let let's encrypt take care of certificate + enableACME = true; + forceSSL = true; + } + ''; + description = lib.mkDoc '' + With this option, you can customize the nginx virtualHost settings. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.krebs-pages; + }; + }; + config = lib.mkIf cfg.enable { + services.nginx = { + enable = lib.mkDefault true; + virtualHosts.${cfg.domain} = lib.mkMerge [ cfg.nginx { + root = lib.mkForce cfg.package; + }]; + }; + }; +} diff --git a/krebs/3modules/lass/pgp/yubikey.pgp b/krebs/3modules/lass/pgp/yubikey.pgp deleted file mode 100644 index d7b3c29c5..000000000 --- a/krebs/3modules/lass/pgp/yubikey.pgp +++ /dev/null @@ -1,109 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBF2iTTQBEAChyVXMTAd7NWUHV1iepW+ZjvCedpr5AQR7kT6btSYPJCjiCNEy -aCesw0OFyodQDhEZhKldBdvCnvTxKF/GtBuSKrvFhm7uxJgtT7/VS82IB57Ezmog -3AaX95D7tRHKf0I0coWKk+5Yaq2SpNyjTYmG65y93/Hf1PMt4v+oySGfEz/f+R4P -rsyIJBfpXOyVKwd7zy4Hj0mqzbsNy9aP7Fk3zMUv+M3A0D33XCd+dm/ogzQpI4vw -xlzd5my5R+b7uGwrCHZg9Egp4gbeSChgQc/5ZIcYrUncVVP6OMAjlHfdJFQEOmru -eLtuoXwSSSlU8c85O2PV/1/ClkrGGn2zT+UmKnOz1RK405MCOB35wkyboZ4efk2m -28LVoYRaoN1yTW7c3CsHpOAIXLsP91LmcHmRI59UHAkNmtlZKS95titv6Dwe3yZj -iyOE7McfxpxR0K9P3vUSr42XRYHLJFQuZDCDeReMomGzy8X9EQhUi0cH1BcfZfSD -dvcXC9IWpdWickU2wFkDkTECSyJTbC4JPpTQQtj/LAP+zya3tdobnpPn9Msj99WX -yLFkKUGWy9yxmDRYst6ErAZMY84J+dqZkm+mLQw9x1jKWIVZDNlwP+Jrz7VMqc1g -S2gg1BVl6Nts8Z7foZV6w5IYLr7g3noUm7+NhD83jKTJw8AsHU5RIaJnwwARAQAB -tB1sYXNzdWx1cyA8bGFzc3VsdXNAbGFzc3VsLnVzPokCTAQTAQoANhYhBNvNdXhG -Bps5LqlAHWZXvoqNHugHBQJdok00AhsBBAsJCAcEFQoJCAUWAgMBAAIeAQIXgAAK -CRBmV76KjR7oB3AdD/0TaW3wUWaUhNr5B3clDrTOHL94Ztzsg/Xjr1b/KT1sygad -WAanuwGvdmFr4x+eshrTijIXmh5giBwi+QnG7+VX2hlOKuJ+j+0zR2n7i4KVwAuQ -SRcQ8TGnBCrWLl80NjnGOky5Nmq4qCzpxhtuFcWixaqlBa3GnXDfecDfBDrcD1T9 -z63gPJ2Ghovoub1UGp01A+4ZBXD4yc1ZEGmhLFA8Aih4BPdsD6cfXWsAi5Nx8FmC -KvNEg4FeMGV13ZEAF8cxaIS/xq9R2xdgYt+lImaDson/ODIoeg+k5B9ntSGs2H9N -YoFDlSiB4/a6mBkZm6BA649aL2FjbfOaIB3V07ynzkrSDeUvES9ybnyqbkvd2Slf -4us4me9zroOo2UQn1fJVWfPFRFb7aAoBIAIHNVmf1vtMYe9tQQ5o1Mcxb0sixaqO -To4fBaaz1WOtrH6NdEWD3OHUkJrFJb/2dVfvR4bHxdWxtF+WdKkbRfdRmYPVAwVf -PhasEaaTOZ5r0QghOnjF0YL0YAqvJLx/roz54mNTgavH5BzXjYd9koW0csbWghXd -p7BfBwGjfaJfPq6MK+Ifk0WH2Dr5mbSFUw1QdEx9dYZJUDuwu7np5ctd62sjZkwY -ppZlgf+gp+OVjGz+yiTAlQ3PB3wCs23qKtdypxsA7G056TNNkwMcBLN16ngLD7kC -DQRdok2SARAA/FdD3ji4pAe3C8ziLQfxq2LJX2QPmySoqr0nZWZ2XmZu58w9fVZh -SSaKpdmqXfR1qSxIw8Pz+7i5Hh2dcG6dJleAMNYYTc7sm4EUDqLtUaQSNVtXrmCE -SwWcsOPybgHwQNIBd6CTgtQON+iNe6xA/b6nLw5/4ITalkTe43Kv3yVZbvo7X8x+ -c+eIyhYx1UZjbndagH26FXB+WJ22QsNgQrPAYdltn57eQ2m8u9LBCtQl00DLUbv4 -+1SDvVAlal3Es62m0u97tKx2FOoJBehMBc+Czle5/6hS6xKgKgArdKfUcfLch7Au -FtOd2n+HpCCUskApEgH9s7pcMFmioL9V366x1sgTZoRE+qhs81255hjnK8oWQ6+E -F+D3YHPKb8b9wDLMfvwXZLPQPyNpAuDczDBrbAZ7s2CvQ4icOYJLBGzQo0bHAHTs -N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs -8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4 -bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr -s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE -cgQYAQoAJgIbAhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY99AkDB -dCAEGQEKAB0WIQRUCi2fioiGp7ze92x+F4aKnXyczwUCXaJNkgAKCRB+F4aKnXyc -z0NXEAC6pfuLO111u22Qh83rlHlck+PPs1GDQAjwb7WqeS8Xdza582Mv74ElK+Vu -L/ai/3ZL7QI8XTwTiQOweMD8kzvzYPqUN9JmW1bhgEGqQll22I8SVwioiEzoRft+ -zcCD9GNRU9vi1iQfbTFw2HKX7RF0G5K9HT4o5dcF+g2azJAzj+FQqJZbe8Y5k4GZ -g81y8BBwyz6ngPkkdBw7LGC1fKJdT9XG9RYjtwfojt1pENMVHcvjNegitHCoSDEi -qh/ZmbiyagcMt9fEZCtyOPp4qSf+C39PupjGeFwbmC5LYPAhrLlzvFXXG4HukOAz -U6fnqF4PbUMji+1dedOSOjv/qGzDZ7pMFyfb3l8R6S8G6lhXBrN58FKWvZ/fHGUO -93fkPm1ZlFUaynPE7XkNxNpOCU5421GdgZHAfAT+2InQbS7AZ+9ojTF57G6GdN+8 -SSknhIn+IyX4Wk7DsjfkfubPwytE0yO1H4SzyDO7DuE0SuZuHRItm912g+eq32QX -xrIDWLPVf0qIGSSPcRu8j32NiN0MObmWzEJkotJfiv0ynbforoMwaWJ9E3YB91fO -JeE8AFCQoTmbuRyfWAAuf0xyDkeB5dN3FqfpA/fnKAO2Y2V0kYQ/4BYBnhHBoUrw -/f+ipD/xeGeTAfmfZI93xZCqeV2+u1qNTNR6C8lSy0tLkHVMVAkQZle+io0e6Afj -AQ/+Lzh1018ILwq/IvV57GrjsYp2lBlcp2n/jZ5KlCVpVPsYjkGT+e2XYvcloPBK -IXzkHr88/U4iyJGJeIC+a/pYJ6RpR6EzPb1kDB2i0kGbZinoxZwix0b4wvkMoSbT -KDMkZYEIe0/v6CEU3mCbE9gnNWhPSF+XwXYxNyFNfMqaSqx4mjC6LAuFZA4AgqHB -uGudBgeIQ+sP8zJTSHKtePgK1JgAMYPGUHgfJHE3tcMDxMgKr2x3PN1Z6/YH/ifZ -wq1oUFPbB0LGZhkwrSDzgIya5FBoBfnawAwbh562LRuphHdqk+wBYigfFBztbmQx -MqtA6pmH+k8vNUq6QY/CbZfvcpkRAAR1ib2QaZYXTlq7jqb+nLM9EbACxj9651SQ -D7u4ShvPtxqFf+mv/4eHYx2akBIIUQYAf5OYGnE3E0kqiuK4qHKgt1NI5z1mSd9D -duWIuoRbBUrApTKsHgwtMxNrNVioGIE1dTRuu56drhwY2ZPyzVtSb7q/hRU/a3UZ -5S6EsrmDGIIlAHrgKfKfuerESE5VzN1Nn3QHpfjwX+gq51cosTqlRiu4oMesPk31 -ZmPcuG6H/m7nGagX9+l00sDsqISqMG4lZCJAFa020OS/g6V3q6LCqggky6+4sQTG -5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLi5Ag0EXaJN1gEQANML -yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS -lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am -ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd -e/UcxBL/zYx8tCBy2F4ep6Anx02HOauTwaqk4KLhB9IcdS8sJQHFY7iEVWNcovwF -8luGEGPJOdOPTMZz4jD4aWFqbT6ragWaG8tisLEe9UhET2LL3r/4DIgAJY4bwg5T -ZyK/1j+Nj1IyYkQ9A6YF96Y5XCi9DF0MYq9NytWNnMCT8F4QCCDRWhgql714/Er/ -qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk -5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A -ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo -VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW -kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYCGwwW -IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCX4l2DwUJBamPOQAKCRBmV76KjR7oB/Ds -D/96TGfHa6BW1v2kUyHUKmpdk62UhZz49nTsOu1JeMI2cDMLkKaPyeKLsRpzV2qc -OoG1dal7dgjtzKsWdz0HxrrbEs0rBJO4xOmg12Sv9fttTocTt2bQMe3d20Vihbi+ -NDEx2PeyncYulDd8PNfDkh8vWUJQoThqimXoVARwKNuH2oDytGceIp+BZLOH8HRz -0ESH9nCAGw3gVX6vQPtjbMgoIXHAnAJkIe2boyyUHu2ZmD6CGjxGSSICMzShcDvN -kcyPKG5BbOGRpbehaMcOOiGH0NsudUPOsyxQt90bP/U+WHPhvOTGk0PqGaOf8QDE -saGlChd3wVK+uCGl60szcxQsbgzlEQVUG3tTW4QGfzL3XK5bHvuGj03Vb45005Y4 -6UCUP4ZkEYDsw1Hrn5bkPOP/Pc8Sz1MQt+nw1U3QXbHLxLb8fB82B6oDMakHPgaw -73HxYwbaXDswBb6BVTc86RmXRH1+StObDiJp+h16EqdsSyp15tSM80GRf1KaNKxc -MA4N7/i7j9M/z2fKWT7vTAGdcg8vhZH0MDQ9vRmYsuQZtoNieZVXnyQ/ILAgPhiL -pdyPffQV0BpWKd68C8kEhoMP0D3h6Uj88ZOuapyOCvsrBvR7SQOVh+L+KMjh1Xgx -WvPJuoU4Jox4og85/Gz0Ui8EROYyHg5yqPqsBBmz6h8F7rkCDQRdok4KARAAyG97 -rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV -qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk -L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a -6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAceQQYAqIrlu8F5y1AQVWHjtyCPee1z/8l -PNnPg40lSbXozg5kQDP965Pge6XReUoUVVRcgeiSUfkHdYPIkh/tkFy1MtzTNize -buadqE41Ds6BD1maO5cpGc5iFnf+YY01vWIhwvgPMbAsUKrPOw/RyvYSwOrnWegh -pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV -X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh -81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN -6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO -Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYh -BNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP -+gJ01mSEs3+0jriWqg7V+Q59rulMVrUdV2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/ -Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOiczGClK+yWSm/CM02+HATFws66umAl4GQ4X -qAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCAdn55u4pf+B1rmkA3cWhN51SvAriA/YcG -qmyJZgXO+qZOPWNHxNUdgq9lVEO132dhDzH1b9ufnvQMDxF2V681fQ7E3zWEJZZb -YLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU161jSawblBTcIRXK9c4hv178xQWAInMjt -Hst4YCpvclG26ypZLCzvw6swfnXf3A6Q4A8pZQVvogWZ01dlgofwHm8qlYxT7wSq -eicOu3FkSHD8vNwkXnMLqxwkFr4BcSefzCiXulyMcb3h67ZfXAYAFGrrR581vGEt -Xy+xfXK5PqBX7CWEl3Vs2an9whEncZuv1I9iyXDUmGP7Y373JjqNtpS2GMMPA73k -nB7eI/zpVS5qoxUlqw35Pldvt+L4E3hvrvE7iZE3w4lB9WUyY1OnSRDU10l2rqWt -Ptyk3LE2ed5hz5I+gy8/RsXrAooMBXIGV/GJrhye45wf5F/XQqPulnj38sKhmrQC -QTubPgJwG/kTpNdrA3YukE3E7T5ejaGTT2n5nKat6bj7 -=h9fX ------END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/sitemap.nix b/krebs/3modules/sitemap.nix new file mode 100644 index 000000000..ec2179db1 --- /dev/null +++ b/krebs/3modules/sitemap.nix @@ -0,0 +1,8 @@ +let + lib = import ../../lib; +in { + options.krebs.sitemap = lib.mkOption { + type = with lib.types; attrsOf sitemap.entry; + default = {}; + }; +} diff --git a/krebs/3modules/ssl.nix b/krebs/3modules/ssl.nix index 3a9b5d329..8cbd8dcce 100644 --- a/krebs/3modules/ssl.nix +++ b/krebs/3modules/ssl.nix @@ -5,26 +5,7 @@ in { rootCA = lib.mkOption { type = lib.types.str; readOnly = true; - default = '' - -----BEGIN CERTIFICATE----- - MIIC0jCCAjugAwIBAgIJAKeARo6lDD0YMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD - VQQGEwJaWjESMBAGA1UECAwJc3RhdGVsZXNzMRAwDgYDVQQKDAdLcmVic2NvMQsw - CQYDVQQLDAJLTTEWMBQGA1UEAwwNS3JlYnMgUm9vdCBDQTEnMCUGCSqGSIb3DQEJ - ARYYcm9vdC1jYUBzeW50YXgtZmVobGVyLmRlMB4XDTE0MDYxMTA4NTMwNloXDTM5 - MDIwMTA4NTMwNlowgYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3Mx - EDAOBgNVBAoMB0tyZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBS - b290IENBMScwJQYJKoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUw - gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMs/WNyeQziccllLqom7bfCjlh6/ - /qx9p6UOqpw96YOOT3sh/mNSBLyNxIUJbWsU7dN5hT7HkR7GwzpfKDtudd9qiZeU - QNYQ+OL0HdOnApjdPqdspZfKxKTXyC1T1vJlaODsM1RBrjLK9RUcQZeNhgg3iM9B - HptOCrMI2fjCdZuVAgMBAAGjUDBOMB0GA1UdDgQWBBSKeq01+rAwp7yAXwzlwZBo - 3EGVLzAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGVLzAMBgNVHRMEBTAD - AQH/MA0GCSqGSIb3DQEBBQUAA4GBAIWIffZuQ43ddY2/ZnjAxPCRpM3AjoKIwEj9 - GZuLJJ1sB9+/PAPmRrpmUniRkPLD4gtmolDVuoLDNAT9os7/v90yg5dOuga33Ese - 725musUbhEoQE1A1oVHrexBs2sQOplxHKsVXoYJp2/trQdqvaNaEKc3EeVnzFC63 - 80WiO952 - -----END CERTIFICATE----- - ''; + default = builtins.readFile ../6assets/krebsRootCA.crt; }; intermediateCA = lib.mkOption { type = lib.types.str; diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix index e2caa0834..60ca993e6 100644 --- a/krebs/3modules/sync-containers.nix +++ b/krebs/3modules/sync-containers.nix @@ -5,27 +5,55 @@ with import <stockholm/lib>; plain = "/var/lib/containers/${cname}/var/state"; ecryptfs = "${cfg.dataLocation}/${cname}/ecryptfs"; securefs = "${cfg.dataLocation}/${cname}/securefs"; + luksfile = "${cfg.dataLocation}/${cname}/luksfile"; + }; + init = cname: { + plain = '' + echo 'no need for init' + ''; + ecryptfs = '' + ${pkgs.ecrypt}/bin/ecrypt init ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state + ''; + securefs = '' + ${pkgs.securefs}/bin/securefs create --format 3 ${cfg.dataLocation}/${cname}/securefs + ''; + luksfile = '' + ${pkgs.coreutils}/bin/truncate -s 10G '${(paths cname).luksfile}/fs.luks' + ${pkgs.cryptsetup}/bin/cryptsetup luksFormat '${(paths cname).luksfile}/fs.luks' + ${pkgs.cryptsetup}/bin/cryptsetup luksOpen '${(paths cname).luksfile}/fs.luks' 'luksfile-${cname}' + ${pkgs.xfsprogs}/bin/mkfs.xfs '/dev/mapper/luksfile-${cname}' + ''; }; start = cname: { plain = '' : ''; ecryptfs = '' - if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then - if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then + + if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then + if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then ${pkgs.ecrypt}/bin/ecrypt mount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state - else - ${pkgs.ecrypt}/bin/ecrypt init ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state fi + else + echo 'please run init-${cname} first' + exit 1 fi ''; securefs = '' - ## TODO init file systems if it does not exist - # ${pkgs.securefs}/bin/securefs create --format 3 ${cfg.dataLocation}/${cname}/securefs + ## check if FS was initialized first if ! ${pkgs.mount}/bin/mount | grep -q '^securefs on /var/lib/containers/${cname}/var/state type fuse.securefs'; then ${pkgs.securefs}/bin/securefs mount ${cfg.dataLocation}/${cname}/securefs /var/lib/containers/${cname}/var/state -b -o allow_other -o default_permissions fi ''; + luksfile = '' + mkdir -p /var/lib/containers/${cname}/var/state + if ! test -e /dev/mapper/luksfile-${cname}; then + ${pkgs.cryptsetup}/bin/cryptsetup luksOpen '${(paths cname).luksfile}/fs.luks' 'luksfile-${cname}' + fi + if ! ${pkgs.mount}/bin/mount | grep -q '^/dev/mapper/luksfile-${cname} on /var/lib/containers/${cname}/var/state'; then + mount '/dev/mapper/luksfile-${cname}' '/var/lib/containers/${cname}/var/state' + fi + ''; }; stop = cname: { plain = '' @@ -37,12 +65,16 @@ with import <stockholm/lib>; securefs = '' umount /var/lib/containers/${cname}/var/state ''; + luksfile = '' + umount /var/lib/containers/${cname}/var/state + ${pkgs.cryptsetup}/bin/cryptsetup luksClose luksfile-${cname} + ''; }; in { options.krebs.sync-containers = { dataLocation = mkOption { description = '' - location where the encrypted sync-container lie around + location where the encrypted sync-containers lie around ''; default = "/var/lib/sync-containers"; type = types.absolute-pathname; @@ -64,25 +96,11 @@ in { default = []; type = types.listOf types.str; }; - hostIp = mkOption { # TODO find this automatically - description = '' - hostAddress of the privateNetwork - ''; - example = "10.233.2.15"; - type = types.str; - }; - localIp = mkOption { # TODO find this automatically - description = '' - localAddress of the privateNetwork - ''; - example = "10.233.2.16"; - type = types.str; - }; format = mkOption { description = '' file system encrption format of the container ''; - type = types.enum [ "plain" "ecryptfs" "securefs" ]; + type = types.enum [ "plain" "ecryptfs" "securefs" "luksfile" ]; }; }; })); @@ -102,12 +120,11 @@ in { ignorePerms = false; })) cfg.containers); - krebs.permown = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ - file-mode = "u+rw"; - directory-mode = "u+rwx"; - owner = "syncthing"; - keepGoing = false; - })) cfg.containers); + krebs.acl = mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" { + "u:syncthing:rX".parents = true; + "u:syncthing:rwX" = {}; + }) cfg.containers; + systemd.services = mapAttrs' (n: ctr: nameValuePair "containers@${ctr.name}" ({ reloadIfChanged = mkForce false; @@ -116,8 +133,11 @@ in { containers = mapAttrs' (n: ctr: nameValuePair ctr.name ({ config = { ... }: { environment.systemPackages = [ + pkgs.dhcpcd pkgs.git + pkgs.jq ]; + networking.useDHCP = mkForce true; system.activationScripts.fuse = { text = '' ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229 @@ -131,11 +151,57 @@ in { autoStart = false; enableTun = true; privateNetwork = true; - hostAddress = ctr.hostIp; - localAddress = ctr.localIp; + hostBridge = "ctr0"; })) cfg.containers; - environment.systemPackages = flatten (mapAttrsToList (n: ctr: [ + networking.networkmanager.unmanaged = [ "ctr0" ]; + networking.bridges.ctr0.interfaces = []; + networking.interfaces.ctr0.ipv4.addresses = [{ + address = "10.233.0.1"; + prefixLength = 24; + }]; + # networking.nat = { + # enable = true; + # externalInterface = lib.mkDefault "et0"; + # internalInterfaces = [ "ctr0" ]; + # }; + services.dhcpd4 = { + enable = true; + interfaces = [ "ctr0" ]; + extraConfig = '' + option subnet-mask 255.255.255.0; + option routers 10.233.0.1; + # option domain-name-servers 8.8.8.8; # TODO configure dns server + subnet 10.233.0.0 netmask 255.255.255.0 { + range 10.233.0.10 10.233.0.250; + } + ''; + }; + + users.users.root.packages = flatten (mapAttrsToList (n: ctr: [ + (pkgs.writeDashBin "init-${ctr.name}" '' + set -euf + set -x + + mkdir -p /var/lib/containers/${ctr.name}/var/state + STATE=$(/run/current-system/sw/bin/nixos-container status ${ctr.name}) + if [ "$STATE" = 'up' ]; then + /run/current-system/sw/bin/nixos-container stop ${ctr.name} + fi + ${(init ctr.name).${ctr.format}} + ${(start ctr.name).${ctr.format}} + /run/current-system/sw/bin/nixos-container start ${ctr.name} + /run/current-system/sw/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" '' + set -x + + mkdir -p /var/state/var_src + ln -sfTr /var/state/var_src /var/src + touch /etc/NIXOS + ''} + target_ip=$(/run/current-system/sw/bin/nixos-container run ${ctr.name} -- ip -j a s eth0 | jq -r '.[].addr_info[] | select(.family=="inet") | .local') + + echo "deploy to $target_ip" + '') (pkgs.writeDashBin "start-${ctr.name}" '' set -euf set -x @@ -144,12 +210,12 @@ in { ${(start ctr.name).${ctr.format}} - STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${ctr.name}) + STATE=$(/run/current-system/sw/bin/nixos-container status ${ctr.name}) if [ "$STATE" = 'down' ]; then - ${pkgs.nixos-container}/bin/nixos-container start ${ctr.name} + /run/current-system/sw/bin/nixos-container start ${ctr.name} fi - ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" '' + /run/current-system/sw/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" '' set -x mkdir -p /var/state/var_src @@ -158,15 +224,17 @@ in { ''} if [ -h /var/lib/containers/${ctr.name}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${ctr.name}.r); then - ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch + /run/current-system/sw/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch else + echo 'no nixos config, or target already online, bailing out' ${(stop ctr.name).${ctr.format}} + /run/current-system/sw/bin/nixos-container stop ${ctr.name} fi '') (pkgs.writeDashBin "stop-${ctr.name}" '' set -euf - ${pkgs.nixos-container}/bin/nixos-container stop ${ctr.name} + /run/current-system/sw/bin/nixos-container stop ${ctr.name} ${(stop ctr.name).${ctr.format}} '') ]) cfg.containers); diff --git a/krebs/3modules/users.nix b/krebs/3modules/users.nix new file mode 100644 index 000000000..c1ad4b44b --- /dev/null +++ b/krebs/3modules/users.nix @@ -0,0 +1,20 @@ +{ config, ... }: let + lib = import ../../lib; +in { + options.krebs.users = lib.mkOption { + type = with lib.types; attrsOf user; + }; + config = lib.mkIf config.krebs.enable { + krebs.users = { + krebs = { + home = "/krebs"; + mail = "spam@krebsco.de"; + }; + root = { + home = "/root"; + pubkey = config.krebs.build.host.ssh.pubkey; + uid = 0; + }; + }; + }; +} diff --git a/krebs/5pkgs/simple/ergo/default.nix b/krebs/5pkgs/simple/ergo/default.nix deleted file mode 100644 index 2c9223eed..000000000 --- a/krebs/5pkgs/simple/ergo/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ buildGo117Module , fetchFromGitHub, lib }: - -buildGo117Module rec { - pname = "ergo"; - version = "2.9.1"; - - src = fetchFromGitHub { - owner = "ergochat"; - repo = "ergo"; - rev = "v${version}"; - sha256 = "sha256-RxsmkTfHymferS/FRW0sLnstKfvGXkW6cEb/JbeS4lc="; - }; - - vendorSha256 = null; - - meta = { - description = "A modern IRC server (daemon/ircd) written in Go"; - homepage = "https://github.com/ergochat/ergo"; - license = lib.licenses.mit; - maintainers = with lib.maintainers; [ lassulus tv ]; - platforms = lib.platforms.linux; - }; -} diff --git a/krebs/5pkgs/simple/hashPassword/default.nix b/krebs/5pkgs/simple/hashPassword/default.nix index 3c604be80..8d3ba2525 100644 --- a/krebs/5pkgs/simple/hashPassword/default.nix +++ b/krebs/5pkgs/simple/hashPassword/default.nix @@ -1,6 +1,6 @@ { lib, pkgs, ... }: -pkgs.writeDashBin "hashPassword" '' +pkgs.writers.writeDashBin "hashPassword" '' # usage: hashPassword [...] set -euf diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix index 14b6f4c58..1ee13783b 100644 --- a/krebs/5pkgs/simple/htgen/default.nix +++ b/krebs/5pkgs/simple/htgen/default.nix @@ -1,13 +1,12 @@ { fetchgit, lib, pkgs, stdenv }: stdenv.mkDerivation rec { pname = "htgen"; - version = "1.3.1"; + version = "1.4.0"; - #src = <htgen>; src = fetchgit { - url = "http://cgit.krebsco.de/htgen"; + url = "https://cgit.krebsco.de/htgen"; rev = "refs/tags/${version}"; - sha256 = "0ml8kp89bwkrwy6iqclzyhxgv2qn9dcpwaafbmsr4mgcl70zx22r"; + sha256 = "1k6xdr4g1p2wjiyizwh33ihw3azbar7kmhyxywcq0whpip9inpmj"; }; installPhase = '' diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html index e6b7034b3..68b2cbad6 100644 --- a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html +++ b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html @@ -24,19 +24,10 @@ } </script> <body> - <p> - <a href="http://krebscode.github.io/minikrebs/linuxtag"> - Linuxtag Heckenkrebs Presentation - </a> - </p> - <p> - <a href="http://krebscode.github.io/writeups"> - CTF Writeups - </a> - </p> - <p> - <a href="thesauron.html"> - Thesauron - </a> - </p> + <p><a href='https://cgit.krebsco.de/krops/about/'>krops</a></p> + <p><a href='https://github.com/krebs/cholerab/blob/master/thesauron.adoc'>Thesauron</a></p> + <p><a href='https://nixos.wiki/'>Project: The new NixOS wiki</a></p> + <p><a target="_blank" href="https://www.amazon.de/?&_encoding=UTF8&tag=krebscode06-21&linkCode=ur2&linkId=d4430b368b8aceeca92101cd4a4cdd1d&camp=1638&creative=6742">Go through this amazon affiliate link and generate krebsgold</a><img src="//ir-de.amazon-adsystem.com/e/ir?t=krebscode06-21&l=ur2&o=3" width="1" height="1" border="0" alt="" style="border:none !important; margin:0px !important;" /></p> + <p> <a href="https://s.click.aliexpress.com/e/_A5luNt" target="_parent">Go through this aliexpress affiliate link and generate krebsgold</a></p> + </body> diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html deleted file mode 100644 index bcf1c5d48..000000000 --- a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html +++ /dev/null @@ -1,133 +0,0 @@ -<p>Cholerab n. -[de] -- Kunstwort aus Kollaboration und Cholera. Beschreibt den Zustand, dass - Zusammenarbeit niemals gut, einfach und ohne Schmerzen funktioniert. -- Teamwork-Plattform für Krebscode.</p> - -<p>eigentlich adv. -[de] -- Hinweis darauf, dass der Inhalt eines Satzes eine Soll-Realität beschreibt, - die nicht der Fall ist. -Antonym: tatsaechlich</p> - -<p>ghost n. -[de] -- Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen - Festplatten) aber wohl nie wieder kommen wird. -Siehe: Wiederbelebung</p> - -<p>KD;RP abbr. (pronounciation: kah-derp) -[en] -- Short for Krebs Darknet / Retiolum Prefix.</p> - -<p>krebs -[de] -- krebs ist ein soziales Experiment, eine Organisation, das zweit aelteste - Softwareprojekt im Shack und viel verteilte infrastruktur.</p> - -<p>kremium -[en] -- coinage derived from the words premium and krebs -see: broken -usage: Reaktor ircbot has unfixed broken behavior since ever->“Kremium Software”</p> - -<p>KRI abbr. (pronounciation: [en] cry) -[en] -- Short for Krebs Request for Implementation. - Derived from Scheme Requests for Implementation (SRFI).</p> - -<p>litterate programming n. -[en] -- any code that has not been proved mathematically.</p> - -<p>Nahziel n. -[de] -- Ziel mit höchst möglicher Priorität.</p> - -<p>Nahzielerfahrung n. -[de] -- das Erlebnis der (endgültigen) Nichterreichung eines Nahziels (obwohl - nur noch wenig ((quasi-) infinitesimal viel) nötig gewesen wäre).</p> - -<p>parentheses of fear -[en] -- unnecessary parentheses, usually used when order of precedence is unknown. - - Examples: 1 + (2 * 3)</p> - -<p>Protip n. -[en] -- (Probably vague) description how a task can be solved. - - Antonym: Spoiler - - Example: - - To defeat the Cyberdaemon, shoot at it until it dies. - - RTFM</p> - -<p>Punching Lemma n. -[de] -- Sozialer Druck zur Aufrechterhaltung der Ordnung in dem sozialen Geflaecht - von Krebs</p> - -<p>ref, n. -[en] -- A reference like an URI, ISBN, name of a person, etc.</p> - -<p>reftrace, n. -[en] -- A stacktrace-like representation of refs that lead to some (any kind of) - conclusion. Usually generated by a human. The conclusion can be either on - the top or on the bottom of the stack. If the order is ambiguous, then it - should be communicated explicitly. - - Example: (conclusion first) - - http://en.wikipedia.org/wiki/Stack_trace - - google “stacktrace” (first entry / 2014–12–05T12:13:58Z) - - think about some example [this could be omitted, as it’s obvious…]</p> - -<p>Retiolum n. -[en] -- The official darknet of Krebs which utilizes the Retiolum Prefix to - address individual nodes.</p> - -<p>Retiolum Prefix n. -[en] -- The universally accepted IPv6-prefix, 42::/16. Anyone can has a - /128-subnet and, if require, anything larger.</p> - -<p>Retiolum Realtime Map n. -[en] -- The network map of the public visible part of Retiolum.</p> - -<p>RRM [abbr.][en] -- Short for Retiolum Retiolum Map.</p> - -<p>Sanatorium n. -[en] -- The Krebs Control and Command Center. -- An Retiolum-based IRC-channel where all Reaktor-enabled nodes gather - and lurk for relevant input.</p> - -<p>Spoiler n. -[en] -- A subset of walkthrough, i.e. any individual steps may be omitted. - - Antonym: Protip</p> - -<p>tatsaechlich, adv. -[de] -- Hinweis darauf, dass der Inhalt eines Satzes exakt der Realität entspricht. -Antonym: eigentlich</p> - -<p>Verkrebsung n. -[de] -- Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs - Komponente) auf einem beliebigem System.</p> - -<p>Walkthrough n. -[en] -- Description of the individual steps to complete a task. - - Examples: - - program code - - small-step semantics</p> - -<p>Wiederbelebung n. -[de] -- Ein ghost wird im Darknet wieder erreichbar -Siehe: ghost</p> diff --git a/krebs/5pkgs/simple/nix-prefetch-github.nix b/krebs/5pkgs/simple/nix-prefetch-github.nix deleted file mode 100644 index 14096c33f..000000000 --- a/krebs/5pkgs/simple/nix-prefetch-github.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ curl, jq, nix, writeDashBin }: - -writeDashBin "nix-prefetch-github" '' - # usage: nix-prefetch-github OWNER REPO [REF] - set -efu - - owner=$1 - repo=$2 - ref=''${3-master} - - info_url=https://api.github.com/repos/$owner/$repo/commits/$ref - info=$(${curl}/bin/curl -fsS "$info_url") - rev=$(printf %s "$info" | ${jq}/bin/jq -r .sha) - - name=$owner-$repo-$ref - url=https://github.com/$owner/$repo/tarball/$rev - sha256=$(${nix}/bin/nix-prefetch-url --name "$name" --unpack "$url") - - export owner repo rev sha256 - ${jq}/bin/jq -n ' - env | { - owner, repo, rev, sha256 - } - ' -'' diff --git a/krebs/5pkgs/simple/stable-generate/default.nix b/krebs/5pkgs/simple/stable-generate/default.nix new file mode 100644 index 000000000..fac261613 --- /dev/null +++ b/krebs/5pkgs/simple/stable-generate/default.nix @@ -0,0 +1,64 @@ +{ pkgs, lib, ... }: + +pkgs.writers.writeDashBin "stable-generate" '' + set -efu + + export PATH=${lib.makeBinPath [ + pkgs.curl + pkgs.jq + ]} + + STABLE_URL=''${STABLE_URL:-http://stable-confusion.r} + + PAYLOAD=$(jq -cn --arg query "$*" '{fn_index: 51, data: [ + $query, + "", + "None", + "None", + 20, # sampling steps + "Euler a", # sampling method + false, # restore faces + false, + 1, + 1, + 7, + -1, + -1, + 0, + 0, + 0, + false, + 512, #probably resolution + 512, #probably resolution + false, + 0.7, + 0, + 0, + "None", + "", + false, + false, + false, + "", + "Seed", + "", + "Nothing", + "", + true, + false, + false, + null, + "", + ""], session_hash: "hello_this_is_dog"}') + + data=$(curl -Ssf "$STABLE_URL/run/predict/" \ + -X POST \ + --Header 'Content-Type: application/json' \ + --data "$PAYLOAD" + ) + export data + + filename=$(jq -rn 'env.data | fromjson.data[0][0].name') + + echo "$STABLE_URL/file=$filename" +'' diff --git a/krebs/5pkgs/simple/weechat-declarative/default.nix b/krebs/5pkgs/simple/weechat-declarative/default.nix index 5f9c8635b..93c73761c 100644 --- a/krebs/5pkgs/simple/weechat-declarative/default.nix +++ b/krebs/5pkgs/simple/weechat-declarative/default.nix @@ -33,7 +33,7 @@ let eval = lib.evalModules { modules = lib.singleton { - _file = toString ./weechat-declarative.nix; + _file = toString ./default.nix; imports = lib.singleton config; options = { scripts = lib.mkOption { @@ -148,7 +148,8 @@ let ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: target: /* sh */ '' - ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name} + ${pkgs.coreutils}/bin/cp ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name} + ${pkgs.coreutils}/bin/chmod +w "$CONFDIR"/${lib.escapeShellArg name} '') cfg.files ) diff --git a/krebs/6assets/krebsAcmeCA.crt b/krebs/6assets/krebsAcmeCA.crt index 1cd5aed0b..bf05b44f4 100644 --- a/krebs/6assets/krebsAcmeCA.crt +++ b/krebs/6assets/krebsAcmeCA.crt @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICWTCCAcKgAwIBAgIQbAfVX2J0VIzhEYSPVAB4SzANBgkqhkiG9w0BAQsFADCB +MIICWTCCAcKgAwIBAgIQIpBt0MsRpYd8LWNdb9MfITANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq -hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMTAwODQ5 -MDZaFw0yMjEyMTAwODQ5MDZaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT -BgcqhkjOPQIBBggqhkjOPQMBBwNCAATL8dNO7ajNe60Km7wHrG06tCUj5kQKWsrQ -Ay7KX8zO+RwQpYhd/i4bqpeGkGWh8uHLZ+164FlZaLgHO10DRja5o4GAMH4wDgYD -VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFMt9yJED -mPRhXsrNZ0x+GtzjdnTLMB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv -MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEANo/2 -teIuEsniwxVdqu+ukjqOXHIkBK7F91+G7BuDjBlx2U96v1MwsmT4D9upajERnOOD -tLx990Sj4t3avRTpytt+qLeIMIxt62YksUXVjDWndqaDcEUat5ZVEQsZ0ZmjOHrA -BaB65eU0xhJWKAZdk55GqHEFz3Ym4rx7WUaomzk= +hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMjEyMDYxODI2 +MDhaFw0yMzEyMDYxODI2MDhaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT +BgcqhkjOPQIBBggqhkjOPQMBBwNCAAT4KuemY4BowAbFjzCvi+PthBTWCtewnAbr +qDSlA602QcuQVmqa1/3TaYag7KNDgeg5eshMRI9GN/boKTpgcLeZo4GAMH4wDgYD +VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJYxArnj +SEArwloaM5blBymFmcL2MB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv +MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEAekCt +XrKwanrcy6+k3YfXWGiMJ47Ys7Mfa5UfIs7QiXv74MgtklLsX63D27hKn5rd7wk4 +20wXLMhb8ofrKnO4mt0VFRSGm9/cq9N/c/uuf4hMzhAJmusgkn02GG+cafqZ9ab9 +MjLmveT9WHphmgQTnJPEeYP2U2faHKIp6Gwv5qc= -----END CERTIFICATE----- diff --git a/krebs/6assets/krebsRootCA.crt b/krebs/6assets/krebsRootCA.crt new file mode 100644 index 000000000..3938c58b4 --- /dev/null +++ b/krebs/6assets/krebsRootCA.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0jCCAjugAwIBAgIJAKeARo6lDD0YMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD +VQQGEwJaWjESMBAGA1UECAwJc3RhdGVsZXNzMRAwDgYDVQQKDAdLcmVic2NvMQsw +CQYDVQQLDAJLTTEWMBQGA1UEAwwNS3JlYnMgUm9vdCBDQTEnMCUGCSqGSIb3DQEJ +ARYYcm9vdC1jYUBzeW50YXgtZmVobGVyLmRlMB4XDTE0MDYxMTA4NTMwNloXDTM5 +MDIwMTA4NTMwNlowgYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3Mx +EDAOBgNVBAoMB0tyZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBS +b290IENBMScwJQYJKoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMs/WNyeQziccllLqom7bfCjlh6/ +/qx9p6UOqpw96YOOT3sh/mNSBLyNxIUJbWsU7dN5hT7HkR7GwzpfKDtudd9qiZeU +QNYQ+OL0HdOnApjdPqdspZfKxKTXyC1T1vJlaODsM1RBrjLK9RUcQZeNhgg3iM9B +HptOCrMI2fjCdZuVAgMBAAGjUDBOMB0GA1UdDgQWBBSKeq01+rAwp7yAXwzlwZBo +3EGVLzAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGVLzAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAIWIffZuQ43ddY2/ZnjAxPCRpM3AjoKIwEj9 +GZuLJJ1sB9+/PAPmRrpmUniRkPLD4gtmolDVuoLDNAT9os7/v90yg5dOuga33Ese +725musUbhEoQE1A1oVHrexBs2sQOplxHKsVXoYJp2/trQdqvaNaEKc3EeVnzFC63 +80WiO952 +-----END CERTIFICATE----- diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 465a1a889..644192bbf 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "4428e23312933a196724da2df7ab78eb5e67a88e", - "date": "2022-10-14T02:36:00-05:00", - "path": "/nix/store/i516gwjhbmkgalw3zjfn8ahnvmb198hz-nixpkgs", - "sha256": "1rwr5p7pmi612mc5mwp7hk2l9hyiwrv8lf2cfzpjh5ya46wpw5jq", + "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "date": "2022-12-11T09:33:23+00:00", + "path": "/nix/store/lmiwldi32kcc2qgm68swxgb3xzba0ayc-nixpkgs", + "sha256": "1hmx7hhjr74fqmxhb49yfyrpqhzwayrq48xwjv3a117czpb0gnjx", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 46e03bc6b..fe44c172d 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "78a37aa630faa41944060a966607d4f1128ea94b", - "date": "2022-10-14T18:11:43+02:00", - "path": "/nix/store/zmi573bwzr6xg5v6d21gcf14qh9skxy6-nixpkgs", - "sha256": "1rq4m1g7apvcgjp21xjhm94acpw6wyiddd48vhcwgwvsiiircwff", + "rev": "e8ec26f41fd94805d8fbf2552d8e7a449612c08e", + "date": "2022-12-09T22:31:53+00:00", + "path": "/nix/store/k2c06zy4vq019bb766rqnfszzx4q74zc-nixpkgs", + "sha256": "05jsnhb3a72m733qr7dvva71kark5268l77lrvmlylzwaqzq4yyx", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 59dbd91b5..97c069d86 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-22.05' \ + --rev refs/heads/nixos-22.11' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index d6943c110..9ef858e28 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -53,6 +53,7 @@ with import <stockholm/lib>; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; services.xserver.desktopManager.plasma5.enable = true; + services.tlp.enable = lib.mkForce false; services.xserver.layout = "de"; } { diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 5cf7d9242..4c98091f1 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -11,78 +11,50 @@ with import <stockholm/lib>; <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/sync/sync.nix> <stockholm/lass/2configs/sync/decsync.nix> - <stockholm/lass/2configs/sync/weechat.nix> + <stockholm/lass/2configs/weechat.nix> <stockholm/lass/2configs/bitlbee.nix> - <stockholm/lass/2configs/IM.nix> + <stockholm/lass/2configs/muchsync.nix> <stockholm/lass/2configs/pass.nix> <stockholm/lass/2configs/git-brain.nix> + <stockholm/lass/2configs/et-server.nix> + <stockholm/lass/2configs/consul.nix> + + <stockholm/lass/2configs/atuin-server.nix> ]; krebs.build.host = config.krebs.hosts.green; - users.users.mainUser.openssh.authorizedKeys.keys = [ - config.krebs.users.lass-android.pubkey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel - ]; - - krebs.bindfs = { - "/home/lass/.weechat" = { - source = "/var/state/lass_weechat"; - options = [ - "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" - "--create-for-user=${toString config.users.users.syncthing.uid}" - ]; - }; - "/home/lass/Maildir" = { - source = "/var/state/lass_mail"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - }; - "/var/lib/bitlbee" = { - source = "/var/state/bitlbee"; - options = [ - "-M ${toString config.users.users.bitlbee.uid}" - ]; - clearTarget = true; - }; - "/home/lass/.ssh" = { - source = "/var/state/lass_ssh"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - clearTarget = true; - }; - "/home/lass/.gnupg" = { - source = "/var/state/lass_gnupg"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - clearTarget = true; - }; - "/var/lib/git" = { - source = "/var/state/git"; - options = [ - "-M ${toString config.users.users.git.uid}" - ]; - clearTarget = true; - }; + lass.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y"; }; - systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' - sleep 1 - mkdir -p /home/lass/notmuch - chown lass: /home/lass/notmuch - ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch + systemd.tmpfiles.rules = [ + "d /home/lass/.local/share 0700 lass users -" + "d /home/lass/.local 0700 lass users -" - mkdir -p /home/lass/notmuch/muchsync - chown lass: /home/lass/notmuch/muchsync - mkdir -p /home/lass/Maildir/.muchsync - ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp - ''; + "d /var/state/lass_mail 0700 lass users -" + "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail" + + "d /var/state/lass_ssh 0700 lass users -" + "L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh" + "d /var/state/lass_gpg 0700 lass users -" + "L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg" + "d /var/state/lass_sync 0700 lass users -" + "L+ /home/lass/sync - - - - ../../var/state/lass_sync" + + "d /var/state/git 0700 git nogroup -" + "L+ /var/lib/git - - - - ../../var/state/git" + ]; + + users.users.mainUser.openssh.authorizedKeys.keys = [ + config.krebs.users.lass-android.pubkey + config.krebs.users.lass-tablet.pubkey + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel + ]; krebs.iptables.tables.nat.PREROUTING.rules = [ { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } @@ -93,4 +65,11 @@ with import <stockholm/lib>; HostKeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa ''; + + services.dovecot2 = { + enable = true; + mailLocation = "maildir:~/Maildir"; + }; + + networking.firewall.allowedTCPPorts = [ 143 ]; } diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix index b6aa3a894..8577daf34 100644 --- a/lass/1systems/green/physical.nix +++ b/lass/1systems/green/physical.nix @@ -3,5 +3,5 @@ ./config.nix ]; boot.isContainer = true; - networking.useDHCP = false; + networking.useDHCP = true; } diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix index da137e064..4acdb0c26 100644 --- a/lass/1systems/green/source.nix +++ b/lass/1systems/green/source.nix @@ -1,4 +1,6 @@ -{ lib, pkgs, test, ... }: -if test then {} else { +{ lib, pkgs, test, ... }: let + npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; +in if test then {} else { + nixpkgs.git.ref = lib.mkForce npkgs.rev; nixpkgs-unstable = lib.mkForce { file = "/var/empty"; }; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 62c6f0b71..594a21c02 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -25,7 +25,6 @@ with import <stockholm/lib>; ]; } { # TODO make new hfos.nix out of this vv - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { uid = genid_uint31 "riot"; isNormalUser = true; @@ -33,23 +32,10 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" ]; - packages = [ - (pkgs.writeDashBin "kick-routing" '' - /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service - '') - ]; }; - security.sudo.extraConfig = '' - riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service - ''; - - # TODO write function for proxy_pass (ssl/nonssl) - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; } + { v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; } ]; } { @@ -125,6 +111,8 @@ with import <stockholm/lib>; <stockholm/lass/2configs/jitsi.nix> <stockholm/lass/2configs/fysiirc.nix> <stockholm/lass/2configs/bgt-bot> + <stockholm/lass/2configs/mumble-reminder.nix> + <stockholm/krebs/2configs/mastodon-proxy.nix> { services.tor = { enable = true; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 151cfbf41..027a27b2b 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -78,29 +78,31 @@ boot.loader.grub.version = 2; boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; - boot.kernelParams = [ "net.ifnames=0" ]; + # we don't pay for power there and this might solve a problem we observed at least once + # https://www.thomas-krenn.com/de/wiki/PCIe_Bus_Error_Status_00001100_beheben + boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" ]; networking.dhcpcd.enable = false; + + # bridge config + networking.bridges."ext-br".interfaces = [ "eth0" ]; networking = { hostId = "2283aaae"; defaultGateway = "95.216.1.129"; - defaultGateway6 = { address = "fe80::1"; interface = "eth0"; }; + defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; }; # Use google's public DNS server nameservers = [ "8.8.8.8" ]; - interfaces.eth0.ipv4.addresses = [ + interfaces.ext-br.ipv4.addresses = [ { address = "95.216.1.150"; prefixLength = 26; } - { - address = "95.216.1.130"; - prefixLength = 26; - } ]; - interfaces.eth0.ipv6.addresses = [ + interfaces.ext-br.ipv6.addresses = [ { address = "2a01:4f9:2a:1e9::1"; prefixLength = 64; } ]; }; + } diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 5d6a440e0..ef538f339 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -1,6 +1,5 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: -with import <stockholm/lib>; { imports = [ <stockholm/lass> @@ -17,11 +16,10 @@ with import <stockholm/lib>; <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/green-host.nix> <stockholm/krebs/2configs/news-host.nix> - <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/prism-mounts/samba.nix> <stockholm/lass/2configs/fetchWallpaper.nix> - <stockholm/lass/2configs/home-media.nix> - <stockholm/lass/2configs/syncthing.nix> - <stockholm/lass/2configs/sync/sync.nix> + <stockholm/lass/2configs/consul.nix> + <stockholm/lass/2configs/red-host.nix> <stockholm/lass/2configs/snapclient.nix> ]; diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 55e91b0e4..f94edcf9b 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -11,7 +11,6 @@ loader.grub.device = "/dev/sda"; initrd.luks.devices.lusksroot.device = "/dev/sda2"; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; fileSystems = { @@ -28,11 +27,6 @@ fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; "/bku" = { device = "/dev/pool/bku"; fsType = "btrfs"; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 554882bf3..c8077e5ea 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -1,6 +1,6 @@ -with import <stockholm/lib>; -{ config, lib, pkgs, ... }: -{ +{ config, lib, pkgs, ... }: let + vpnIp = "85.202.81.161"; +in { imports = [ <stockholm/lass> <stockholm/lass/2configs> @@ -11,6 +11,8 @@ with import <stockholm/lib>; users.groups.download.members = [ "transmission" ]; + networking.useHostResolvConf = false; + networking.useNetworkd = true; systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ]; systemd.services.transmission.after = [ "openvpn-nordvpn.service" ]; services.transmission = { @@ -154,17 +156,29 @@ with import <stockholm/lib>; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web + { predicate = "-p tcp --dport 9092"; target = "ACCEPT"; } # magnetico webinterface { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin ]; + tables.filter.OUTPUT = { + policy = "DROP"; + rules = [ + { v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; } + { predicate = "-o tun0"; target = "ACCEPT"; } + { predicate = "-o retiolum"; target = "ACCEPT"; } + { v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; } + { v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; } + { v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; } + ]; + }; }; services.openvpn.servers.nordvpn.config = '' client dev tun proto udp - remote 196.240.57.43 1194 + remote ${vpnIp} 1194 resolv-retry infinite remote-random nobind @@ -174,7 +188,7 @@ with import <stockholm/lib>; persist-key persist-tun ping 15 - ping-restart 0 + ping-restart 15 ping-timer-rem reneg-sec 0 comp-lzo no @@ -250,7 +264,7 @@ with import <stockholm/lib>; path = [ pkgs.coreutils pkgs.findutils - pkgs.inotifyTools + pkgs.inotify-tools ]; serviceConfig = { Restart = "always"; @@ -271,4 +285,10 @@ with import <stockholm/lib>; enable = true; group = "download"; }; + + services.magnetico = { + enable = true; + web.address = "0.0.0.0"; + web.port = 9092; + }; } diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix index 8567def02..8db2a05d6 100644 --- a/lass/2configs/IM.nix +++ b/lass/2configs/IM.nix @@ -24,7 +24,7 @@ in { restartIfChanged = false; path = [ - pkgs.rxvt_unicode.terminfo + pkgs.rxvt-unicode-unwrapped.terminfo ]; serviceConfig = { diff --git a/lass/2configs/alacritty.nix b/lass/2configs/alacritty.nix index 903ddf6cc..e5e001a4c 100644 --- a/lass/2configs/alacritty.nix +++ b/lass/2configs/alacritty.nix @@ -1,21 +1,23 @@ { config, lib, pkgs, ... }: let alacritty-cfg = extrVals: builtins.toJSON ({ - font = { + font = let + family = "Iosevka"; + in { normal = { - family = "Inconsolata"; + family = family; style = "Regular"; }; bold = { - family = "Inconsolata"; + family = family; style = "Bold"; }; italic = { - family = "Inconsolata"; + family = family; style = "Italic"; }; bold_italic = { - family = "Inconsolata"; + family = family; style = "Bold Italic"; }; size = 8; @@ -44,6 +46,7 @@ name = "alacritty"; paths = [ (pkgs.writeDashBin "alacritty" '' + ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml msg create-window "$@" || ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml "$@" '') pkgs.alacritty diff --git a/lass/2configs/atuin-server.nix b/lass/2configs/atuin-server.nix new file mode 100644 index 000000000..ad959a311 --- /dev/null +++ b/lass/2configs/atuin-server.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresql = { + enable = true; + dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}"; + ensureDatabases = [ "atuin" ]; + ensureUsers = [{ + name = "atuin"; + ensurePermissions."DATABASE atuin" = "ALL PRIVILEGES"; + }]; + }; + systemd.tmpfiles.rules = [ + "d /var/state/postgresql 0700 postgres postgres -" + ]; + users.groups.atuin = {}; + users.users.atuin = { + uid = pkgs.stockholm.lib.genid_uint31 "atuin"; + isSystemUser = true; + group = "atuin"; + home = "/run/atuin"; + createHome = true; + }; + + systemd.services.atuin = { + wantedBy = [ "multi-user.target" ]; + environment = { + ATUIN_HOST = "0.0.0.0"; + ATUIN_PORT = "8888"; + ATUIN_OPEN_REGISTRATION = "true"; + ATUIN_DB_URI = "postgres:///atuin"; + }; + serviceConfig = { + User = "atuin"; + ExecStart = "${pkgs.atuin}/bin/atuin server start"; + }; + }; + networking.firewall.allowedTCPPorts = [ 8888 ]; +} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index e94cbbd2c..efd6c8a24 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -7,7 +7,6 @@ in { ./alacritty.nix ./mpv.nix ./power-action.nix - ./copyq.nix ./urxvt.nix ./xdg-open.nix ./yubikey.nix @@ -78,9 +77,10 @@ in { pavucontrol ponymix powertop - rxvt_unicode-with-plugins + rxvt-unicode sshvnc sxiv + nsxiv taskwarrior termite transgui @@ -105,10 +105,55 @@ in { enableGhostscriptFonts = true; fonts = with pkgs; [ - hack-font xorg.fontschumachermisc - terminus_font_ttf inconsolata + noto-fonts + (iosevka.override { + # https://typeof.net/Iosevka/customizer + privateBuildPlan = { + family = "Iosevka"; + spacing = "term"; + serifs = "slab"; + no-ligation = true; + + variants.design = { + capital-j = "serifless"; + a = "double-storey-tailed"; + b = "toothless-corner"; + d = "toothless-corner-serifless"; + f = "flat-hook-tailed"; + g = "earless-corner"; + i = "hooky"; + j = "serifless"; + l = "tailed"; + + m = "earless-corner-double-arch"; + n = "earless-corner-straight"; + p = "earless-corner"; + q = "earless-corner"; + r = "earless-corner"; + u = "toothless-rounded"; + y = "cursive-flat-hook"; + + one = "no-base-long-top-serif"; + two = "straight-neck"; + three = "flat-top"; + four = "open"; + six = "open-contour"; + seven = "straight-serifless"; + eight = "two-circles"; + nine = "open-contour"; + tilde = "low"; + asterisk = "hex-low"; + number-sign = "upright"; + at = "short"; + dollar = "open"; + percent = "dots"; + question = "corner-flat-hooked"; + }; + }; + set = "kookiefonts"; + }) ]; }; @@ -174,4 +219,20 @@ in { ''; }; }; + + services.clipmenu.enable = true; + + # synchronize all the clipboards + systemd.user.services.autocutsel = { + enable = true; + wantedBy = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "forking"; + ExecStart = pkgs.writers.writeDash "autocutsel" '' + ${pkgs.autocutsel}/bin/autocutsel -fork -selection PRIMARY + ${pkgs.autocutsel}/bin/autocutsel -fork -selection CLIPBOARD + ''; + }; + }; } diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 7aabf0931..532e55fe5 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -34,7 +34,7 @@ in { config = { ... }: { environment.systemPackages = [ pkgs.git - pkgs.rxvt_unicode.terminfo + pkgs.rxvt-unicode-unwrapped.terminfo ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ diff --git a/lass/2configs/consul.nix b/lass/2configs/consul.nix new file mode 100644 index 000000000..b8d925de5 --- /dev/null +++ b/lass/2configs/consul.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +{ + services.consul = { + enable = true; + # dropPrivileges = false; + webUi = true; + # interface.bind = "retiolum"; + extraConfig = { + bind_addr = config.krebs.build.host.nets.retiolum.ip4.addr; + bootstrap_expect = 3; + server = true; + # retry_join = config.services.consul.extraConfig.start_join; + retry_join = lib.mapAttrsToList (n: h: + lib.head h.nets.retiolum.aliases + ) (lib.filterAttrs (n: h: h.consul) config.krebs.hosts); + rejoin_after_leave = true; + + # try to fix random lock loss on leader reelection + retry_interval = "3s"; + performance = { + raft_multiplier = 8; + }; + }; + }; + + environment.etc."consul.d/testservice.json".text = builtins.toJSON { + service = { + name = "testing"; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 8300"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8301"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8301"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8302"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8302"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8400"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8500"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8600"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8500"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e8ac55988..49a04e9c2 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -98,7 +98,7 @@ with import <stockholm/lib>; jq #style - rxvt_unicode.terminfo + rxvt-unicode-unwrapped.terminfo #monitoring tools htop diff --git a/lass/2configs/et-server.nix b/lass/2configs/et-server.nix new file mode 100644 index 000000000..19961fb84 --- /dev/null +++ b/lass/2configs/et-server.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + services.eternal-terminal = { + enable = true; + }; + networking.firewall.allowedTCPPorts = [ config.services.eternal-terminal.port ]; +} diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix index a83ed0544..1e41e8e02 100644 --- a/lass/2configs/green-host.nix +++ b/lass/2configs/green-host.nix @@ -2,32 +2,9 @@ { imports = [ <stockholm/lass/2configs/container-networking.nix> - <stockholm/lass/2configs/syncthing.nix> ]; - krebs.sync-containers.containers.green = { - peers = [ - "echelon" - "icarus" - "littleT" - "mors" - "shodan" - "skynet" - "styx" - ]; - hostIp = "10.233.2.15"; - localIp = "10.233.2.16"; - format = "ecryptfs"; - }; - services.borgbackup.jobs.sync-green = { - encryption.mode = "none"; - paths = "/var/lib/sync-containers/green/ecryptfs"; - repo = "/var/lib/sync-containers/green/backup"; - compression = "auto,lzma"; - startAt = "daily"; - prune.keep = { - daily = 7; - weekly = 4; - }; + lass.sync-containers3.containers.green = { + sshKey = "${toString <secrets>}/green.sync.key"; }; } diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix index 78d5ae0e9..d391e0d7b 100644 --- a/lass/2configs/libvirt.nix +++ b/lass/2configs/libvirt.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, ... }: { - users.users.mainUser.extraGroups = [ "libvirtd" ]; virtualisation.libvirtd.enable = true; + security.polkit.enable = true; krebs.iptables.tables.filter.INPUT.rules = [ { v6 = false; predicate = "-i virbr0 -p udp -m udp --dport 53"; target = "ACCEPT"; } diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix new file mode 100644 index 000000000..fe75a96a6 --- /dev/null +++ b/lass/2configs/mumble-reminder.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: let + write_to_irc = chan: pkgs.writeDash "write_to_irc" '' + ${pkgs.curl}/bin/curl -fsSv --unix-socket '${lib.removePrefix "unix:" config.krebs.reaktor2.mumble-reminder.API.listen}' http://z/ \ + -H content-type:application/json \ + -d "$(${pkgs.jq}/bin/jq -n \ + --arg text "$1" '{ + command:"PRIVMSG", + params:["${chan}",$text] + }' + )" + ''; + animals = '' + Erdferkel + Paviane + Raupen + Australischen Wildhunde + Emus + Flundern + Gorillas + Kolibris + Schwarzfersenantilopen + Quallen + Kois + Faulaffen + Schraubenziegen + Nachtigalle + Okapis + Stachelschweine + Kurzschwanzkängurus + Waschbären + ''; + systemPlugin = { + plugin = "system"; + config = { + hooks.PRIVMSG = [ + { + pattern = "^erriner mich$"; + activate = "match"; + command = { + filename = pkgs.writeDash "add_remind" '' + echo "$_from" >> /var/lib/reaktor2-mumble-reminder/users + sort /var/lib/reaktor2-mumble-reminder/users | uniq > /var/lib/reaktor2-mumble-reminder/users.tmp + mv /var/lib/reaktor2-mumble-reminder/users.tmp /var/lib/reaktor2-mumble-reminder/users + echo "Ich werde $_from in zukunft an das meetup errinern" + ''; + }; + } + { + pattern = "^nerv nicht$"; + activate = "match"; + command = { + filename = pkgs.writeDash "add_remind" '' + ${pkgs.gnused}/bin/sed -i "/$_from/d" /var/lib/reaktor2-mumble-reminder/users + echo "okok, Ich werde $_from nich mehr errinern" + ''; + }; + } + ]; + }; + }; + +in { + krebs.reaktor2.mumble-reminder = { + hostname = "irc.hackint.org"; + nick = "lassulus__"; + API.listen = "unix:/var/lib/reaktor2-mumble-reminder/reaktor_hackint.sock"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#krebs" + "#nixos" + ]; + }; + } + systemPlugin + ]; + port = "6697"; + }; + systemd.services.mumble-reminder-nixos = { + description = "weekly reminder for nixos mumble"; + startAt = "Thu *-*-* 19:00:00 Europe/Berlin"; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "mumble_reminder" '' + animals=' + ${animals} + ' + ${write_to_irc "#nixos"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!" + ${write_to_irc "#nixos"} "kommt auf mumble://lassul.us" + ''; + }; + }; + systemd.services.mumble-reminder-krebs = { + description = "weekly reminder for nixos mumble"; + startAt = "Thu *-*-* 19:00:00 Europe/Berlin"; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "mumble_reminder" '' + animals=' + ${animals} + ' + ${write_to_irc "#krebs"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!" + ${write_to_irc "#krebs"} "$(cat /var/lib/reaktor2-mumble-reminder/users | ${pkgs.findutils}/bin/xargs echo) : mumble?" + ''; + }; + }; +} diff --git a/lass/2configs/pipewire.nix b/lass/2configs/pipewire.nix index f6ccd48d4..ec5a67b6e 100644 --- a/lass/2configs/pipewire.nix +++ b/lass/2configs/pipewire.nix @@ -9,7 +9,7 @@ }; environment.systemPackages = with pkgs; [ - alsaUtils + alsa-utils pulseaudio ponymix ]; diff --git a/lass/2configs/radio/default.nix b/lass/2configs/radio/default.nix index 2f503eae9..dfb3d7e0b 100644 --- a/lass/2configs/radio/default.nix +++ b/lass/2configs/radio/default.nix @@ -1,85 +1,54 @@ -{ config, pkgs, ... }: -with pkgs.stockholm.lib; +{ config, pkgs, lib, ... }: let name = "radio"; music_dir = "/home/radio/music"; - add_random = pkgs.writeDashBin "add_random" '' - ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" \ - | grep -Ev '/other/|/.graveyard/' \ - | grep '\.ogg$' \ - | shuf -n1 \ - | sed 's,${music_dir}/,,' \ - )" - ''; - - get_current_track_position = pkgs.writeDash "get_current_track_position" '' - ${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }' - ''; - - skip_track = pkgs.writeBashBin "skip_track" '' + skip_track = pkgs.writers.writeBashBin "skip_track" '' set -eu - ${add_random}/bin/add_random - music_dir=${escapeShellArg music_dir} - current_track=$(${pkgs.mpc_cli}/bin/mpc current -f %file%) - track_infos=$(${print_current}/bin/print_current) - skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$music_dir"/"$current_track" || echo 0) - if [[ "$current_track" =~ ^the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then - skip_count=$((skip_count+1)) - ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$music_dir"/"$current_track" - echo skipping: "$track_infos" skip_count: "$skip_count" - else - mkdir -p "$music_dir"/the_playlist/.graveyard/ - mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/.graveyard/ - echo killing: "$track_infos" - fi - ${pkgs.mpc_cli}/bin/mpc -q next + # TODO come up with new rating, without moving files + # current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename) + # track_infos=$(${print_current}/bin/print_current) + # skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$current_track" || echo 0) + # if [[ "$current_track" =~ .*/the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then + # skip_count=$((skip_count+1)) + # ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$current_track" + # echo skipping: "$track_infos" skip_count: "$skip_count" + # else + # mkdir -p "$music_dir"/the_playlist/.graveyard/ + # mv "$current_track" "$music_dir"/the_playlist/.graveyard/ + # echo killing: "$track_infos" + # fi + ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/skip | + ${pkgs.jq}/bin/jq -r '.filename' ''; good_track = pkgs.writeBashBin "good_track" '' set -eu - music_dir=${escapeShellArg music_dir} - current_track=$(${pkgs.mpc_cli}/bin/mpc current -f %file%) + current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename) track_infos=$(${print_current}/bin/print_current) - if [[ "$current_track" =~ ^the_playlist/music/.* ]]; then - ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$music_dir"/"$current_track" - else - mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/music/ || : - fi + # TODO come up with new rating, without moving files + # if [[ "$current_track" =~ .*/the_playlist/music/.* ]]; then + # ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$current_track" + # else + # mv "$current_track" "$music_dir"/the_playlist/music/ || : + # fi echo good: "$track_infos" ''; - track_youtube_link = pkgs.writeDash "track_youtube_link" '' - ${pkgs.mpc_cli}/bin/mpc current -f %file% \ - | ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://www.youtube.com/watch?v=\1@' - ''; - print_current = pkgs.writeDashBin "print_current" '' - echo "$(${pkgs.mpc_cli}/bin/mpc current -f %file%) \ - $(${track_youtube_link})" - ''; - - print_current_json = pkgs.writeDashBin "print_current_json" '' - ${pkgs.jq}/bin/jq -n -c \ - --arg name "$(${pkgs.mpc_cli}/bin/mpc current)" \ - --arg artist "$(${pkgs.mpc_cli}/bin/mpc current -f %artist%)" \ - --arg title "$(${pkgs.mpc_cli}/bin/mpc current -f %title%)" \ - --arg filename "$(${pkgs.mpc_cli}/bin/mpc current -f %file%)" \ - --arg position "$(${get_current_track_position})" \ - --arg length "$(${pkgs.mpc_cli}/bin/mpc current -f %time%)" \ - --arg youtube "$(${track_youtube_link})" '{ - name: $name, - artist: $artist, - title: $title, - filename: $filename, - position: $position, - length: $length, - youtube: $youtube - }' + file=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | + ${pkgs.jq}/bin/jq -r '.filename' | + ${pkgs.gnused}/bin/sed 's,^${music_dir},,' + ) + link=$(${pkgs.curl}/bin/curl http://localhost:8002/current | + ${pkgs.jq}/bin/jq -r '.filename' | + ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://youtu.be/\1@' + ) + echo "$file": "$link" ''; set_irc_topic = pkgs.writeDash "set_irc_topic" '' @@ -113,15 +82,14 @@ in { users.users = { "${name}" = rec { inherit name; - createHome = mkForce false; + createHome = lib.mkForce false; group = name; - uid = genid_uint31 name; + uid = pkgs.stockholm.lib.genid_uint31 name; description = "radio manager"; home = "/home/${name}"; useDefaultShell = true; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey - lass-mors.pubkey ]; }; }; @@ -131,50 +99,35 @@ in { }; krebs.per-user.${name}.packages = with pkgs; [ - add_random good_track skip_track print_current - print_current_json - ncmpcpp - mpc_cli ]; - services.mpd = { - enable = true; - user = "radio"; - musicDirectory = "${music_dir}"; - dataDir = "/home/radio/state"; # TODO create this somwhere - extraConfig = '' - log_level "default" - auto_update "yes" - volume_normalization "yes" - - audio_output { - type "httpd" - name "raw radio" - encoder "wave" - port "7900" - format "44100:16:2" - always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. - tags "yes" # httpd supports sending tags to listening streams. - } - ''; + services.liquidsoap.streams.radio = ./radio.liq; + systemd.services.radio = { + environment = { + RADIO_PORT = "8002"; + HOOK_TRACK_CHANGE = pkgs.writers.writeDash "on_change" '' + set -xefu + LIMIT=1000 #how many tracks to keep in the history + HISTORY_FILE=/var/lib/radio/recent + + listeners=$(${pkgs.curl}/bin/curl -fSs lassul.us:8000/status-json.xsl | + ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0) + echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE" + echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" + ${set_irc_topic} "playing: $filename listeners: $listeners" + ''; + MUSIC = "${music_dir}/the_playlist"; + ICECAST_HOST = "localhost"; + }; + path = [ + pkgs.yt-dlp + ]; + serviceConfig.User = lib.mkForce "radio"; }; - services.liquidsoap.streams.radio-news = pkgs.writeText "radio-news.liq" '' - source = mksafe(input.http("http://localhost:7900/raw.wave")) - - output.icecast(mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), source) - output.icecast(mount = '/music.mp3', password = 'hackme', %mp3.vbr(), source) - output.icecast(mount = '/music.opus', password = 'hackme', %opus(bitrate = 96), source) - - extra_input = amplify(1.4, audio_to_stereo(input.harbor("live", port=1338))) - o = smooth_add(normal = source, special = extra_input) - output.icecast(mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), o) - output.icecast(mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), o) - output.icecast(mount = '/radio.opus', password = 'hackme', %opus(bitrate = 96), o) - ''; services.icecast = { enable = true; hostname = "radio.lassul.us"; @@ -195,73 +148,8 @@ in { }; }; - systemd.timers.radio = { - description = "radio autoadder timer"; - wantedBy = [ "timers.target" ]; - - timerConfig = { - OnCalendar = "*:0/1"; - }; - }; - - systemd.services.radio = let - autoAdd = pkgs.writeDash "autoAdd" '' - LIMIT=$1 #in seconds - - timeLeft () { - playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') - currentTime=$(${get_current_track_position}) - expr ''${playlistDuration:-0} - ''${currentTime:-0} - } - - if test $(timeLeft) -le $LIMIT; then - ${add_random}/bin/add_random - fi - ${pkgs.mpc_cli}/bin/mpc play > /dev/null - ''; - in { - description = "radio playlist autoadder"; - after = [ "network.target" ]; - - restartIfChanged = true; - - serviceConfig = { - ExecStart = "${autoAdd} 150"; - }; - }; - - systemd.services.radio-recent = let - recentlyPlayed = pkgs.writeDash "recentlyPlayed" '' - set -xefu - LIMIT=1000 #how many tracks to keep in the history - HISTORY_FILE=/var/lib/radio/recent - while :; do - ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null - ${pkgs.mpc_cli}/bin/mpc current -f %file% - done | while read track; do - - listeners=$(${pkgs.curl}/bin/curl lassul.us:8000/status-json.xsl | - ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add') - echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" - echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" - ${set_irc_topic} "playing: $track listeners: $listeners" - done - ''; - in { - description = "radio recently played"; - after = [ "mpd.service" "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - restartIfChanged = true; - - serviceConfig = { - ExecStart = recentlyPlayed; - User = "radio"; - }; - }; - # allow reaktor2 to modify files - systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = mkForce false; + systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = lib.mkForce false; krebs.reaktor2.the_playlist = { hostname = "irc.hackint.org"; @@ -300,6 +188,12 @@ in { like.filename = "${good_track}/bin/good_track"; current.filename = "${print_current}/bin/print_current"; + wish.filename = pkgs.writeDash "wish" '' + echo "youtube-dl:$1" | ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish -d @- > /dev/null + ''; + wishlist.filename = pkgs.writeDash "wishlist" '' + ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish | ${pkgs.jq}/bin/jq -r '.[]' + ''; suggest.filename = pkgs.writeDash "suggest" '' echo "$@" >> playlist_suggest ''; @@ -316,15 +210,8 @@ in { user = { name = "radio"; }; - script = ''. ${pkgs.writeDash "radio" '' + scriptFile = pkgs.writeDash "radio" '' case "$Method $Request_URI" in - "GET /current") - printf 'HTTP/1.1 200 OK\r\n' - printf 'Connection: close\r\n' - printf '\r\n' - ${print_current_json}/bin/print_current_json - exit - ;; "POST /skip") printf 'HTTP/1.1 200 OK\r\n' printf 'Connection: close\r\n' @@ -344,7 +231,7 @@ in { exit ;; esac - ''}''; + ''; }; services.nginx = { @@ -365,7 +252,7 @@ in { alias /var/lib/radio/recent; ''; locations."= /current".extraConfig = '' - proxy_pass http://localhost:8001; + proxy_pass http://localhost:8002; ''; locations."= /skip".extraConfig = '' proxy_pass http://localhost:8001; @@ -375,10 +262,11 @@ in { ''; locations."= /radio.sh".alias = pkgs.writeScript "radio.sh" '' #!/bin/sh + trap 'exit 0' EXIT while sleep 1; do mpv \ --cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \ - 'http://lassul.us:8000/radio.opus' + 'http://lassul.us:8000/radio.ogg' done ''; locations."= /controls".extraConfig = '' diff --git a/lass/2configs/radio/news.nix b/lass/2configs/radio/news.nix index e5b5405ff..0dc711e6c 100644 --- a/lass/2configs/radio/news.nix +++ b/lass/2configs/radio/news.nix @@ -3,7 +3,8 @@ let send_to_radio = pkgs.writers.writeDashBin "send_to_radio" '' ${pkgs.vorbis-tools}/bin/oggenc - | - ${pkgs.libshout}/bin/shout --format ogg --host localhost --port 1338 --mount /live + ${pkgs.cyberlocker-tools}/bin/cput news.ogg + ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/newsshow ''; gc_news = pkgs.writers.writeDashBin "gc_news" '' diff --git a/lass/2configs/radio/radio.liq b/lass/2configs/radio/radio.liq new file mode 100644 index 000000000..70d316043 --- /dev/null +++ b/lass/2configs/radio/radio.liq @@ -0,0 +1,112 @@ +log.stdout.set(true) + +# use yt-dlp +settings.protocol.youtube_dl.path.set("yt-dlp") + +## functions + +def stringify_attrs(attrs) = + let json.stringify out = (attrs : [(string * string)] as json.object) + out +end + +def filter_graveyard(req) = + filename = request.filename(req) + if string.match(pattern = '.*/\\.graveyard/.*', filename) then + false + else + true + end +end + +def queue_contents(q) = + list.map(fun (req) -> request.uri(req), q) +end +## main + +env = environment() +port = string.to_int(env["RADIO_PORT"], default = 8000) + +all_music = playlist(env["MUSIC"], check_next = filter_graveyard) +wishlist = request.queue() +tracks = fallback(track_sensitive = true, [wishlist, all_music]) +tracks = blank.eat(tracks) + +last_metadata = ref([]) +def on_metadata(m) = + last_metadata := m + print("changing tracks") + out = process.read(env["HOOK_TRACK_CHANGE"], env = m) + print(out) +end +tracks.on_metadata(on_metadata) + +# some nice effects +music = crossfade(tracks) +music = mksafe(music) +music = normalize(music) + +news = request.queue() +radio = smooth_add(normal = music, special = amplify(1.5, news)) + +if string.length(env["ICECAST_HOST"]) > 0 then + output.icecast(host = env["ICECAST_HOST"], mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), music) + output.icecast(host = env["ICECAST_HOST"], mount = '/music.mp3', password = 'hackme', %mp3.vbr(), music) + output.icecast(host = env["ICECAST_HOST"], mount = '/music.opus', password = 'hackme', %opus(bitrate = 128), music) + + output.icecast(host = env["ICECAST_HOST"], mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), radio) + output.icecast(host = env["ICECAST_HOST"], mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), radio) + output.icecast(host = env["ICECAST_HOST"], mount = '/radio.opus', password = 'hackme', %opus(bitrate = 128), radio) +else + output(fallible = true, buffer(radio)) +end + +interactive.harbor(port = port) + +def current(~protocol, ~headers, ~data, uri) = + http.response(content_type = "application/json", data = stringify_attrs( + !last_metadata + )) +end +harbor.http.register("/current", port = port, current) + +def skip(~protocol, ~headers, ~data, uri) = + tracks.skip() + http.response(content_type = "application/json", data = stringify_attrs( + !last_metadata + )) +end +harbor.http.register("/skip", method = "POST", port = port, skip) + +def all_tracks(~protocol, ~headers, ~data, uri) = + http.response(content_type = "application/json", data = json.stringify( + all_music.remaining_files() + )) +end +harbor.http.register("/all_tracks", port = port, all_tracks) + +def wish_track(~protocol, ~headers, ~data, uri) = + # disallow process: + if string.match(pattern = '^process:', data) then + http.response(code = 400) + else + # TODO report errors back + wish = request.create(data) + wishlist.push(wish) + http.response(content_type = "application/json", data = "ok") + end +end +harbor.http.register("/wish", method = "POST", port = port, wish_track) + +def wish_tracklist(~protocol, ~headers, ~data, uri) = + http.response(content_type = "application/json", data = json.stringify( + queue_contents(wishlist.queue()) + )) +end +harbor.http.register("/wish", port = port, wish_tracklist) + +def newsshow(~protocol, ~headers, ~data, uri) = + news.push(request.create("http://c.r/news.ogg")) + http.response(content_type = "application/json", data = "ok") +end +harbor.http.register("/newsshow", method = "POST", port = port, newsshow) diff --git a/lass/2configs/radio/shell.nix b/lass/2configs/radio/shell.nix new file mode 100644 index 000000000..9d00e3b06 --- /dev/null +++ b/lass/2configs/radio/shell.nix @@ -0,0 +1,7 @@ +{ pkgs ? import <nixpkgs> {} }: +pkgs.mkShell { + buildInputs = [ + pkgs.liquidsoap + pkgs.yt-dlp + ]; +} diff --git a/lass/2configs/radio/weather.nix b/lass/2configs/radio/weather.nix index 3beac6693..704bf7218 100644 --- a/lass/2configs/radio/weather.nix +++ b/lass/2configs/radio/weather.nix @@ -6,7 +6,7 @@ let } ./weather_for_ips.py; weather_report = pkgs.writers.writeDashBin "weather_report" '' - set -efu + set -efux export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.curl @@ -14,7 +14,7 @@ let pkgs.jc pkgs.jq ]}" - curl -z /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb + curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY ss -no 'sport = :8000' | @@ -42,7 +42,7 @@ in { --arg to "$(date -u +'%FT%TZ' -d '+1 hours')" \ --slurp --raw-input --compact-output --ascii-output \ '{text: ., from: $from, to: $to, priority: 100}' | - retry -t 5 -d 10 -- curl -v -d@- http://radio-news.r + retry -t 5 -d 10 -- curl -fSs -d@- http://radio-news.r ''; startAt = "*:58:00"; serviceConfig = { diff --git a/lass/2configs/radio/weather_for_ips.py b/lass/2configs/radio/weather_for_ips.py index 587cc1f28..1f8489bd1 100644 --- a/lass/2configs/radio/weather_for_ips.py +++ b/lass/2configs/radio/weather_for_ips.py @@ -24,9 +24,10 @@ for ip in fileinput.input(): weather = json.loads(resp.text) output.append( f'Weather report for {location.city.name}, {location.country.name}. ' - f'Currently it is {weather["current"]["weather"][0]["description"]} outside ' + f'It is {weather["current"]["weather"][0]["description"]} outside ' f'with a temperature of {weather["current"]["temp"]:.1f} degrees, ' - f'and a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second. ' + f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second ' + f'and a humidity of {weather["current"]["humidity"]} percent. ' f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. ' ) diff --git a/lass/2configs/red-host.nix b/lass/2configs/red-host.nix new file mode 100644 index 000000000..cbd9c097e --- /dev/null +++ b/lass/2configs/red-host.nix @@ -0,0 +1,167 @@ +{ config, lib, pkgs, ... }: +let + ctr.name = "red"; +in +{ + imports = [ + <stockholm/lass/2configs/container-networking.nix> + ]; + + + lass.sync-containers3.containers.red = { + sshKey = "${toString <secrets>}/containers/red/sync.key"; + ephemeral = true; + }; + + # containers.${ctr.name} = { + # config = { + # environment.systemPackages = [ + # pkgs.dhcpcd + # pkgs.git + # pkgs.jq + # ]; + # networking.useDHCP = lib.mkForce true; + # systemd.services.autoswitch = { + # environment = { + # NIX_REMOTE = "daemon"; + # }; + # wantedBy = [ "multi-user.target" ]; + # serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" '' + # if test -e /var/src/nixos-config; then + # /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || : + # fi + # ''; + # unitConfig.X-StopOnRemoval = false; + # }; + # }; + # autoStart = false; + # enableTun = true; + # privateNetwork = true; + # hostBridge = "ctr0"; + # bindMounts = { + # "/etc/resolv.conf".hostPath = "/etc/resolv.conf"; + # "/var/lib/self-state/disk-image" = { + # hostPath = "/var/lib/sync-containers3/${ctr.name}"; + # isReadOnly = true; + # }; + # }; + # }; + + # systemd.services."${ctr.name}_scheduler" = { + # wantedBy = [ "multi-user.target" ]; + # path = with pkgs; [ + # coreutils + # consul + # cryptsetup + # mount + # util-linux + # systemd + # untilport + # ]; + # serviceConfig = { + # Restart = "always"; + # RestartSec = "15s"; + # ExecStart = "${pkgs.consul}/bin/consul lock container_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-start" '' + # set -efux + # trap ${pkgs.writers.writeDash "stop-${ctr.name}" '' + # set -efux + # /run/current-system/sw/bin/nixos-container stop ${ctr.name} || : + # umount /var/lib/nixos-containers/${ctr.name}/var/state || : + # cryptsetup luksClose ${ctr.name} || : + # ''} INT TERM EXIT + # consul kv put containers/${ctr.name}/host ${config.networking.hostName} + # cryptsetup luksOpen --key-file /var/src/secrets/containers/${ctr.name}/luks /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name} + # mkdir -p /var/lib/nixos-containers/${ctr.name}/var/state + # mount /dev/mapper/${ctr.name} /var/lib/nixos-containers/${ctr.name}/var/state + # ln -frs /var/lib/nixos-containers/${ctr.name}/var/state/var_src /var/lib/nixos-containers/${ctr.name}/var/src + # /run/current-system/sw/bin/nixos-container start ${ctr.name} + # set +x + # until /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done + # while /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done + # ''}"; + # }; + # }; + + # users.groups."container_${ctr.name}" = {}; + # users.users."container_${ctr.name}" = { + # group = "container_${ctr.name}"; + # isSystemUser = true; + # home = "/var/lib/sync-containers3/${ctr.name}"; + # createHome = true; + # homeMode = "705"; + # openssh.authorizedKeys.keys = [ + # config.krebs.users.lass.pubkey + # ]; + # }; + + # systemd.timers."${ctr.name}_syncer" = { + # timerConfig = { + # RandomizedDelaySec = 300; + # }; + # }; + # systemd.services."${ctr.name}_syncer" = { + # path = with pkgs; [ + # coreutils + # rsync + # openssh + # systemd + # ]; + # startAt = "*:0/1"; + # serviceConfig = { + # User = "container_${ctr.name}"; + # LoadCredential = [ + # "ssh_key:${toString <secrets>}/containers/${ctr.name}/sync.key" + # ]; + # ExecCondition = pkgs.writers.writeDash "${ctr.name}_checker" '' + # set -efu + # ! systemctl is-active --quiet container@${ctr.name}.service + # ''; + # ExecStart = pkgs.writers.writeDash "${ctr.name}_syncer" '' + # set -efu + # rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk-image/disk $HOME/disk + # ''; + # }; + # }; + + # # networking + # networking.networkmanager.unmanaged = [ "ctr0" ]; + # networking.interfaces.dummy0.virtual = true; + # networking.bridges.ctr0.interfaces = [ "dummy0" ]; + # networking.interfaces.ctr0.ipv4.addresses = [{ + # address = "10.233.0.1"; + # prefixLength = 24; + # }]; + # systemd.services."dhcpd-ctr0" = { + # wantedBy = [ "multi-user.target" ]; + # after = [ "network.target" ]; + # serviceConfig = { + # Type = "forking"; + # Restart = "always"; + # DynamicUser = true; + # StateDirectory = "dhcpd-ctr0"; + # User = "dhcpd-ctr0"; + # Group = "dhcpd-ctr0"; + # AmbientCapabilities = [ + # "CAP_NET_RAW" # to send ICMP messages + # "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67) + # ]; + # ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases"; + # ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" '' + # default-lease-time 600; + # max-lease-time 7200; + # authoritative; + # ddns-update-style interim; + # log-facility local1; # see dhcpd.nix + + # option subnet-mask 255.255.255.0; + # option routers 10.233.0.1; + # # option domain-name-servers 8.8.8.8; # TODO configure dns server + # subnet 10.233.0.0 netmask 255.255.255.0 { + # range 10.233.0.10 10.233.0.250; + # } + # ''} ctr0"; + # }; + # }; + +} + diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 22b1669b0..bffa1036b 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -174,7 +174,6 @@ rec { services.phpfpm.pools."${domain}" = { user = "nginx"; group = "nginx"; - phpPackage = pkgs.php74; extraConfig = '' listen = /srv/http/${domain}/phpfpm.pool pm = dynamic @@ -228,7 +227,6 @@ rec { services.phpfpm.pools."${domain}" = { user = "nginx"; group = "nginx"; - phpPackage = pkgs.php74; extraConfig = '' listen = /srv/http/${domain}/phpfpm.pool pm = dynamic diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix new file mode 100644 index 000000000..845a7e3b8 --- /dev/null +++ b/lass/2configs/weechat.nix @@ -0,0 +1,221 @@ +{ config, lib, pkgs, ... }: let + + weechat-configured = pkgs.weechat-declarative.override { + config = { + scripts = [ + pkgs.weechat-matrix + pkgs.weechatScripts.wee-slack + ]; + settings = { + irc.server_default.nicks = [ "lassulus" "hackulus" ]; + irc.server.bitlbee = { + addresses = "localhost/6666"; + command = "msg &bitlbee identify \${sec.data.bitlbee}"; + }; + irc.server.hackint = { + addresses = "irc.hackint.org/6697"; + autojoin = [ + "#c3-gsm" + "#panthermoderns" + "#36c3" + "#cccac" + "#nixos" + "#krebs" + "#c-base" + "#afra" + "#tvl" + "#eloop" + "#systemdultras" + "#rc3" + "#krebs-announce" + "#the_playlist" + "#germany" + "#hackint" + "#dezentrale" + "#hackerfleet \${sec.data.c3-gsm}" # TODO support channel passwords in a cooler way + ]; + ssl = true; + sasl_fail = "reconnect"; + sasl_username = "lassulus"; + sasl_password = "\${sec.data.hackint_sasl}"; + }; + irc.server.r = { + addresses = "irc.r"; + autojoin = [ + "#xxx" + "#autowifi" + "#brockman" + "#flix" + "#kollkoll" + "#noise" + "#mukke" + ]; + sasl_fail = "reconnect"; + sasl_username = "lassulus"; + sasl_password = "\${sec.data.r_sasl}"; + anti_flood_prio_high = 0; + anti_flood_prio_low = 0; + }; + irc.server.libera = { + addresses = "irc.libera.chat/6697"; + autojoin = [ + "#shackspace" + "#nixos" + "#krebs" + "#dezentrale" + "#tinc" + "#nixos-de" + "#fysi" + "#hillhacks" + "#nixos-rc3" + "#binaergewitter" + "#hackerfleet" + "#weechat" + ]; + ssl = true; + sasl_username = "lassulus"; + sasl_fail = "reconnect"; + sasl_password = "\${sec.data.libera_sasl}"; + }; + irc.server.news = { + addresses = "news.r"; + autojoin = [ + "#all" + "#aluhut" + "#querdenkos" + "#news" + "#drachengame" + ]; + anti_flood_prio_high = 0; + anti_flood_prio_low = 0; + }; + matrix.server.lassulus = { + address = "matrix.lassul.us"; + username = "lassulus"; + password = "\${sec.data.matrix_lassulus}"; + device_name = config.networking.hostName; + }; + matrix.server.nixos_dev = { + address = "matrix.nixos.dev"; + username = "@lassulus:nixos.dev"; + device_name = config.networking.hostName; + sso_helper_listening_port = 55123; + }; + plugins.var.python.go.short_name = true; + plugins.var.python.go.short_name_server = true; + plugins.var.python.go.fuzzy_search = true; + relay.network.password = "xxx"; # secret? + relay.port.weechat = 9998; + relay.weechat.commands = "*,!exec,!quit"; + weechat.look.buffer_time_format = "%m-%d_%H:%M:%S"; + weechat.look.item_time_format = "%m-%d_%H:%M:%S"; + irc.look.color_nicks_in_names = true; + irc.look.color_nicks_in_nicklist = true; + logger.file.mask = "$plugin.$name/%Y-%m-%d.weechatlog"; + logger.file.path = "/var/state/weechat_logs"; + logger.look.backlog = 1000; + weechat.notify.python.matrix.nixos_dev."!YLoVsCxScyQODoqIbb:hackint.org" = "none"; #c-base + weechat.notify.python.matrix.nixos_dev."!bohcSYPVoePqBDWlvE:hackint.org" = "none"; #krebs + weechat.notify.irc.news."#all" = "highlight"; + + # setting logger levels for channels is currently not possible declarativly + # because of already defined + logger.level.core.weechat = 0; + logger.level.irc = 3; + logger.level.python = 3; + weechat.bar.title.color_bg = 0; + weechat.bar.status.color_bg = 0; + alias.cmd.reload = "exec -oc cat /etc/weechat.set"; + script.scripts.download_enabled = true; + weechat.look.prefix_align = "left"; + weechat.look.prefix_align_max = 20; + irc.look.server_buffer = "independent"; + matrix.look.server_buffer = "independent"; + weechat.bar.buflist.size_max = 20; + weechat.color.chat_nick_colors = [ + 1 2 3 4 5 6 9 + 10 11 12 13 14 + 28 29 + 30 31 32 33 34 35 36 37 38 39 + 70 + 94 + 101 102 103 104 105 106 107 + 130 131 133 134 135 136 137 + 140 141 142 143 + 160 161 162 163 165 166 167 168 169 + 170 171 172 173 174 175 + 196 197 198 199 + 200 201 202 203 204 205 206 208 209 209 + 210 211 212 + ]; + }; + extraCommands = '' + /script upgrade + /script install go.py + /script install nickregain.pl + /script install autosort.py + /key bind meta-q /go + /key bind meta-t /bar toggle nicklist + /key bind meta-y /bar toggle buflist + /filter addreplace irc_smart * irc_smart_filter * + /filter addreplace playlist_topic irc.*.#the_playlist irc_topic * + /filter addreplace xxx_joinpart irc.r.#xxx irc_join,irc_part,irc_quit * + /set logger.level.irc.news 0 + /set logger.level.python.server.nixos_dev = 0; + /set logger.level.irc.hackint.#the_playlist = 0; + /connect bitlbee + /connect r + /connect news + /connect libera + /connect hackint + /matrix connect nixos_dev + /matrix connect lassulus + ''; + files."sec.conf" = toString (pkgs.writeText "sec.conf" '' + [crypt] + cipher = aes256 + hash_algo = sha256 + passphrase_command = "cat $CREDENTIALS_DIRECTORY/WEECHAT_PASSPHRASE" + salt = on + + [data] + __passphrase__ = on + hackint_sasl = "5CA242E92E7A09B180711B50C4AE2E65C42934EB4E584EC82BC1281D8C72CD411D590C16CC435687C0DA13759873CC" + libera_sasl = "9500B5AC3B29F9CAA273F1B89DC99550E038AF95C4B47442B1FB4CB9F0D6B86B26015988AD39E642CA9C4A78DED7F42D1F409B268C93E778" + r_sasl = "CB6FB1421ED5A9094CD2C05462DB1FA87C4A675628ABD9AEC9928A1A6F3F96C07D9F26472331BAF80B7B73270680EB1BBEFD" + c3-gsm = "C49DD845900CFDFA93EEBCE4F1ABF4A963EF6082B7DA6410FA701CC77A04BB6C201FCB864988C4F2B97ED7D44D5A28F162" + matrix.server.nixos_dev.access_token = "C40FE41B9B7B73553D51D8FCBD53871E940FE7FCCAB543E7F4720A924B8E1D58E2B1E1F460F5476C954A223F78CCB956337F6529159C0ECD7CB0384C13CB7170FF1270A577B1C4FF744D20FCF5C708259896F8D9" + bitlbee = "814ECAC59D9CF6E8340B566563E5D7E92AB92209B49C1EDE4CAAC32DD0DF1EC511D97C75E840C45D69BB9E3D03E79C" + matrix_lassulus = "0CA5C0F70A9F893881370F4A665B4CC40FBB1A41E53BC94916CD92B029103528611EC0B390116BE60FA79AE10F486E96E17B0824BE2DE1C97D87B88F5407330DAD70C044147533C36B09B7030CAD97" + ''); + }; + }; + +in { + users.users.mainUser.packages = [ + weechat-configured + ]; + environment.etc."weechat.set".source = "${weechat-configured}/weechat.set"; + systemd.tmpfiles.rules = [ + "d /var/state/weechat_logs 0700 lass users -" + "d /var/state/weechat 0700 lass users -" + "d /var/state/weechat_cfg 0700 lass users -" + "L+ /home/lass/.local/share/weechat - - - - ../../../../var/state/weechat" + "L+ /home/lass/.config/weechat - - - - ../../../../var/state/weechat_cfg" + ]; + + systemd.services.weechat = { + wantedBy = [ "multi-user.target" ]; + restartIfChanged = false; + serviceConfig = { + User = "lass"; + RemainAfterExit = true; + Type = "oneshot"; + LoadCredential = [ + "WEECHAT_PASSPHRASE:${toString <secrets>}/weechat_passphrase" + ]; + ExecStart = "${pkgs.tmux}/bin/tmux -2 new-session -d -s IM ${weechat-configured}/bin/weechat"; + ExecStop = "${pkgs.tmux}/bin/tmux kill-session -t IM"; # TODO run save in weechat + }; + }; +} diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index 3b372189c..8784da379 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -45,6 +45,7 @@ import XMonad.Layout.Minimize (minimize) import XMonad.Layout.NoBorders (smartBorders) import XMonad.Layout.MouseResizableTile (mouseResizableTile) import XMonad.Layout.SimplestFloat (simplestFloat) +import XMonad.Layout.StateFull import XMonad.ManageHook (composeAll) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) @@ -63,8 +64,6 @@ instance UrgencyHook LibNotifyUrgencyHook where safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx] myTerm :: FilePath --- myTerm = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtc -e /run/current-system/sw/bin/xonsh" --- myTerm = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtc" myTerm = "/run/current-system/sw/bin/alacritty" myFont :: String @@ -89,7 +88,7 @@ main = do myLayoutHook = defLayout where - defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) + defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| StateFull ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) floatHooks = composeAll [ className =? "Pinentry" --> doCenterFloat @@ -152,7 +151,14 @@ myKeyMap = , ("M4-S-q", return ()) - , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") + , ("M4-d", floatNext True >> spawn "${pkgs.writers.writeDash "clipmenu" '' + PATH=${lib.makeBinPath [ + pkgs.coreutils + pkgs.gawk + pkgs.dmenu + ]} + ${pkgs.clipmenu}/bin/clipmenu + ''}") , ("M4-<F2>", windows copyToAll) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 6571461ca..a7b0c372c 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -1,6 +1,17 @@ { config, lib, pkgs, ... }: { - environment.systemPackages = [ pkgs.fzf ]; + environment.systemPackages = with pkgs; [ + atuin + direnv + fzf + ]; + environment.variables.ATUIN_CONFIG_DIR = toString (pkgs.writeTextDir "/config.toml" '' + auto_sync = true + update_check = false + sync_address = "http://green.r:8888" + sync_frequency = 0 + style = "compact" + ''); programs.zsh = { enable = true; shellInit = '' @@ -12,27 +23,9 @@ setopt autocd extendedglob bindkey -e - #history magic - bindkey "[A" up-line-or-local-history - bindkey "[B" down-line-or-local-history - - up-line-or-local-history() { - zle set-local-history 1 - zle up-line-or-history - zle set-local-history 0 - } - zle -N up-line-or-local-history - down-line-or-local-history() { - zle set-local-history 1 - zle down-line-or-history - zle set-local-history 0 - } - zle -N down-line-or-local-history - - setopt SHARE_HISTORY - setopt HIST_IGNORE_ALL_DUPS - # setopt inc_append_history - bindkey '^R' history-incremental-search-backward + + # # setopt inc_append_history + # bindkey '^R' history-incremental-search-backward #C-x C-e open line in editor autoload -z edit-command-line @@ -43,6 +36,13 @@ source ${pkgs.fzf}/share/fzf/completion.zsh source ${pkgs.fzf}/share/fzf/key-bindings.zsh + # atuin distributed shell history + export ATUIN_NOBIND="true" # disable all keybdinings of atuin + eval "$(atuin init zsh)" + bindkey '^r' _atuin_search_widget # bind ctrl+r to atuin + # use zsh only session history + fc -p + #completion magic autoload -Uz compinit compinit @@ -65,13 +65,11 @@ bindkey "[8~" end-of-line bindkey "Oc" emacs-forward-word bindkey "Od" emacs-backward-word + + # direnv integration + eval "$(${pkgs.direnv}/bin/direnv hook zsh)" ''; promptInit = '' - # TODO: figure out why we need to set this here - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - SAVEHIST=$HISTSIZE - autoload -U promptinit promptinit diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 3a0b1306c..42efa8cd6 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -15,5 +15,6 @@ _: ./xjail.nix ./autowifi.nix ./browsers.nix + ./sync-containers3.nix ]; } diff --git a/lass/3modules/drbd.nix b/lass/3modules/drbd.nix index 816e58f0a..dbc3db4db 100644 --- a/lass/3modules/drbd.nix +++ b/lass/3modules/drbd.nix @@ -64,13 +64,42 @@ in { services.udev.packages = [ pkgs.drbd ]; boot.kernelModules = [ "drbd" ]; - environment.systemPackages = [ pkgs.drbd ]; + environment.systemPackages = [ + pkgs.drbd + (pkgs.writers.writeDashBin "drbd-change-nodeid" '' + # https://linbit.com/drbd-user-guide/drbd-guide-9_0-en/#s-using-truck-based-replication + set -efux + if [ "$#" -ne 2 ]; then + echo '$1 needs to be drbd volume name' + echo '$2 needs to be new node id' + exit 1 + fi + + + TMPDIR=$(mktemp -d) + trap 'rm -rf $TMPDIR' EXIT + + V=$1 + NODE_TO=$2 + META_DATA_LOCATION=internal + + ${pkgs.drbd}/bin/drbdadm -- --force dump-md $V > "$TMPDIR"/md_orig.txt + NODE_FROM=$(cat "$TMPDIR"/md_orig.txt | ${pkgs.gnused}/bin/sed -n 's/^node-id \(.*\);$/\1/p') + ${pkgs.gnused}/bin/sed -e "s/node-id $NODE_FROM/node-id $NODE_TO/" \ + -e "s/^peer.$NODE_FROM. /peer-NEW /" \ + -e "s/^peer.$NODE_TO. /peer[$NODE_FROM] /" \ + -e "s/^peer-NEW /peer[$NODE_TO] /" \ + < "$TMPDIR"/md_orig.txt > "$TMPDIR"/md.txt + + drbdmeta --force $(drbdadm sh-minor $V) v09 $(drbdadm sh-md-dev $V) $META_DATA_LOCATION restore-md "$TMPDIR"/md.txt + '') + ]; networking.firewall.allowedTCPPorts = map (device: device.port) (lib.attrValues cfg); systemd.services = lib.mapAttrs' (_: device: lib.nameValuePair "drbd-${device.name}" { - after = [ "systemd-udev.settle.service" "network.target" ]; + after = [ "systemd-udev.settle.service" "network.target" "retiolum.service" ]; wants = [ "systemd-udev.settle.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { @@ -88,7 +117,7 @@ in { ''} if ! ${pkgs.drbd}/bin/drbdadm adjust ${device.name}; then ${pkgs.drbd}/bin/drbdadm down ${device.name} - ${pkgs.drbd}/bin/drbdadm create-md ${device.name} + ${pkgs.drbd}/bin/drbdadm create-md ${device.name}/0 --max-peers 31 ${pkgs.drbd}/bin/drbdadm up ${device.name} fi ''; diff --git a/lass/3modules/sync-containers3.nix b/lass/3modules/sync-containers3.nix new file mode 100644 index 000000000..1371d5233 --- /dev/null +++ b/lass/3modules/sync-containers3.nix @@ -0,0 +1,313 @@ +{ config, lib, pkgs, ... }: let + cfg = config.lass.sync-containers3; + slib = pkgs.stockholm.lib; +in { + options.lass.sync-containers3 = { + inContainer = { + enable = lib.mkEnableOption "container config for syncing"; + pubkey = lib.mkOption { + type = lib.types.str; # TODO ssh key + }; + }; + containers = lib.mkOption { + default = {}; + type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = config._module.args.name; + }; + sshKey = lib.mkOption { + type = slib.types.absolute-pathname; + }; + luksKey = lib.mkOption { + type = slib.types.absolute-pathname; + default = config.sshKey; + }; + ephemeral = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + })); + }; + }; + config = lib.mkMerge [ + (lib.mkIf (cfg.containers != {}) { + + containers = lib.mapAttrs' (n: ctr: lib.nameValuePair ctr.name { + config = { + environment.systemPackages = [ + pkgs.dhcpcd + pkgs.git + pkgs.jq + ]; + networking.useDHCP = lib.mkForce true; + systemd.services.autoswitch = { + environment = { + NIX_REMOTE = "daemon"; + }; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" '' + set -efu + ln -frs /var/state/var_src /var/src + if test -e /var/src/nixos-config; then + /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || : + fi + ''; + unitConfig.X-StopOnRemoval = false; + }; + }; + autoStart = false; + enableTun = true; + ephemeral = ctr.ephemeral; + privateNetwork = true; + hostBridge = "ctr0"; + bindMounts = { + "/etc/resolv.conf".hostPath = "/etc/resolv.conf"; + "/var/lib/self/disk" = { + hostPath = "/var/lib/sync-containers3/${ctr.name}/disk"; + isReadOnly = false; + }; + "/var/state" = { + hostPath = "/var/lib/sync-containers3/${ctr.name}/state"; + isReadOnly = false; + }; + }; + }) cfg.containers; + + systemd.services = lib.foldr lib.recursiveUpdate {} (lib.flatten (map (ctr: [ + { "${ctr.name}_syncer" = { + path = with pkgs; [ + coreutils + consul + rsync + openssh + systemd + ]; + startAt = "*:0/1"; + serviceConfig = { + User = "${ctr.name}_container"; + LoadCredential = [ + "ssh_key:${ctr.sshKey}" + ]; + ExecCondition = pkgs.writers.writeDash "${ctr.name}_checker" '' + set -efu + ! systemctl is-active --quiet container@${ctr.name}.service + ''; + ExecStart = pkgs.writers.writeDash "${ctr.name}_syncer" '' + set -efux + consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" '' + set -efux + if /run/wrappers/bin/ping -c 1 ${ctr.name}.r; then + touch "$HOME"/incomplete + rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk "$HOME"/disk + rm "$HOME"/incomplete + fi + ''} + ''; + }; + }; } + { "${ctr.name}_watcher" = { + path = with pkgs; [ + coreutils + consul + cryptsetup + curl + mount + util-linux + jq + retry + ]; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "${ctr.name}_watcher" '' + set -efux + while sleep 5; do + # get the payload + # check if the host reacted recently + case $(curl -s -o /dev/null --retry 10 --retry-delay 10 -w '%{http_code}' http://127.0.0.1:8500/v1/kv/containers/${ctr.name}) in + 404) + echo 'got 404 from kv, should kill the container' + break + ;; + 500) + echo 'got 500 from kv, will kill container' + break + ;; + 200) + # echo 'got 200 from kv, will check payload' + export payload=$(consul kv get containers/${ctr.name}) + if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then + # echo 'we are the host, trying to reach container' + if $(retry -t 10 -d 10 -- /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null); then + # echo 'container is reachable, continueing' + continue + else + # echo 'container seems dead, killing' + break + fi + else + echo 'we are not host, killing container' + break + fi + ;; + *) + echo 'unknown state, continuing' + continue + ;; + esac + done + /run/current-system/sw/bin/nixos-container stop ${ctr.name} || : + umount /var/lib/sync-containers3/${ctr.name}/state || : + cryptsetup luksClose ${ctr.name} || : + ''; + }; + }; } + { "${ctr.name}_scheduler" = { + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ + coreutils + consul + cryptsetup + mount + util-linux + curl + systemd + jq + retry + bc + ]; + serviceConfig = { + Restart = "always"; + RestartSec = "30s"; + ExecStart = pkgs.writers.writeDash "${ctr.name}_scheduler" '' + set -efux + # get the payload + # check if the host reacted recently + case $(curl -s -o /dev/null --retry 10 -w '%{http_code}' http://127.0.0.1:8500/v1/kv/containers/${ctr.name}) in + 404) + # echo 'got 404 from kv, will create container' + ;; + 500) + # echo 'got 500 from kv, retrying again' + exit 0 + ;; + 200) + # echo 'got 200 from kv, will check payload' + export payload=$(consul kv get containers/${ctr.name}) + if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then + echo 'we are the host, starting container' + else + # echo 'we are not host, checking timestamp' + # if [ $(echo "$(date +%s) - $(jq -rn 'env.payload | fromjson.time') > 100" | bc) -eq 1 ]; then + if [ "$(jq -rn 'env.payload | fromjson.time | now - tonumber > 100')" = 'true' ]; then + echo 'last beacon is more than 100s ago, taking over' + else + # echo 'last beacon was recent. trying again' + exit 0 + fi + fi + ;; + *) + echo 'unknown state, bailing out' + exit 0 + ;; + esac + if test -e /var/lib/sync-containers3/${ctr.name}/incomplete; then + echo 'data is inconistent, start aborted' + exit 1 + fi + consul kv put containers/${ctr.name} "$(jq -cn '{host: "${config.networking.hostName}", time: now}')" >/dev/null + consul lock -verbose -monitor-retry=100 -timeout 30s -name container_${ctr.name} container_${ctr.name} ${pkgs.writers.writeBash "${ctr.name}-start" '' + set -efu + cryptsetup luksOpen --key-file ${ctr.luksKey} /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name} || : + mkdir -p /var/lib/sync-containers3/${ctr.name}/state + mountpoint /var/lib/sync-containers3/${ctr.name}/state || mount /dev/mapper/${ctr.name} /var/lib/sync-containers3/${ctr.name}/state + /run/current-system/sw/bin/nixos-container start ${ctr.name} + # wait for system to become reachable for the first time + retry -t 10 -d 10 -- /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null + systemctl start ${ctr.name}_watcher.service + while systemctl is-active container@${ctr.name}.service >/devnull && /run/wrappers/bin/ping -q -c 3 ${ctr.name}.r >/dev/null; do + consul kv put containers/${ctr.name} "$(jq -cn '{host: "${config.networking.hostName}", time: now}')" >/dev/null + sleep 10 + done + ''} + ''; + }; + }; } + ]) (lib.attrValues cfg.containers))); + + systemd.timers = lib.mapAttrs' (n: ctr: lib.nameValuePair "${ctr.name}_syncer" { + timerConfig = { + RandomizedDelaySec = 100; + }; + }) cfg.containers; + + users.groups = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" { + }) cfg.containers; + users.users = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" ({ + group = "container_${ctr.name}"; + isNormalUser = true; + uid = slib.genid_uint31 "container_${ctr.name}"; + home = "/var/lib/sync-containers3/${ctr.name}"; + createHome = true; + homeMode = "705"; + })) cfg.containers; + + }) + (lib.mkIf (cfg.containers != {}) { + # networking + networking.networkmanager.unmanaged = [ "ctr0" ]; + networking.interfaces.dummy0.virtual = true; + networking.bridges.ctr0.interfaces = [ "dummy0" ]; + networking.interfaces.ctr0.ipv4.addresses = [{ + address = "10.233.0.1"; + prefixLength = 24; + }]; + systemd.services."dhcpd-ctr0" = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Type = "forking"; + Restart = "always"; + DynamicUser = true; + StateDirectory = "dhcpd-ctr0"; + User = "dhcpd-ctr0"; + Group = "dhcpd-ctr0"; + AmbientCapabilities = [ + "CAP_NET_RAW" # to send ICMP messages + "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67) + ]; + ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases"; + ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" '' + default-lease-time 600; + max-lease-time 7200; + authoritative; + ddns-update-style interim; + log-facility local1; # see dhcpd.nix + + option subnet-mask 255.255.255.0; + option routers 10.233.0.1; + # option domain-name-servers 8.8.8.8; # TODO configure dns server + subnet 10.233.0.0 netmask 255.255.255.0 { + range 10.233.0.10 10.233.0.250; + } + ''} ctr0"; + }; + }; + }) + (lib.mkIf cfg.inContainer.enable { + users.groups.container_sync = {}; + users.users.container_sync = { + group = "container_sync"; + uid = slib.genid_uint31 "container_sync"; + isNormalUser = true; + home = "/var/lib/self"; + createHome = true; + openssh.authorizedKeys.keys = [ + cfg.inContainer.pubkey + ]; + }; + }) + ]; +} diff --git a/lass/5pkgs/drbd9/default.nix b/lass/5pkgs/drbd9/default.nix new file mode 100644 index 000000000..34ef0f564 --- /dev/null +++ b/lass/5pkgs/drbd9/default.nix @@ -0,0 +1,35 @@ +{ lib, stdenv, git, fetchzip, fetchFromGitHub, kernel }: let + + version = "9.1.7"; + +in stdenv.mkDerivation { + pname = "drbd"; + version = "${kernel.version}-${version}"; + + src = fetchzip { + url = "https://pkg.linbit.com//downloads/drbd/9/drbd-9.1.7.tar.gz"; + sha256 = "sha256-JsbtOrqhZkG7tFEc6tDmj3RlxZggl0HOKfCI8lYtQok="; + }; + # src = fetchFromGitHub { + # owner = "LINBIT"; + # repo = "drbd"; + # rev = "drbd-${version}"; + # sha256 = "sha256-8HAt+k0yi6XsZZ9mkVCQkv2pn65o3Zsa0KwTSBJh0yY="; + # leaveDotGit = true; + # }; + + nativeBuildInputs = [ git ] ++ kernel.moduleBuildDependencies; + + # hardeningDisable = [ "pic" ]; + + makeFlags = kernel.makeFlags ++ [ + "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; + + installPhase = '' + install -D drbd/drbd.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/" + install -D drbd/drbd_transport_tcp.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/" + ''; + + enableParallelBuilding = true; +} diff --git a/lass/5pkgs/sxiv/default.nix b/lass/5pkgs/sxiv/default.nix new file mode 100644 index 000000000..04fc1c3f6 --- /dev/null +++ b/lass/5pkgs/sxiv/default.nix @@ -0,0 +1,27 @@ +{ nsxiv, writers }: + +writers.writeDashBin "sxiv" '' + set -efu + tmpfile="''${TMPDIR:-/tmp}/nsxiv_pipe_$$" + trap 'rm -f -- $tmpfile' EXIT + + if [ "$#" -eq 0 ]; then + if [ -t 0 ]; then + echo "sxiv: No arguments provided" >&2; exit 1 + else + # Consume stdin and put it in the temporal file + cat > "$tmpfile" + fi + fi + + for arg in "$@"; do + # if it's a pipe then drain it to $tmpfile + [ -p "$arg" ] && cat "$arg" > "$tmpfile" + done + + if [ -s "$tmpfile" ]; then + ${nsxiv}/bin/nsxiv -q "$@" "$tmpfile" # -q to silence warnings + else + ${nsxiv}/bin/nsxiv "$@" # fallback + fi +'' diff --git a/lass/5pkgs/weechat-matrix/default.nix b/lass/5pkgs/weechat-matrix/default.nix new file mode 100644 index 000000000..40848caaa --- /dev/null +++ b/lass/5pkgs/weechat-matrix/default.nix @@ -0,0 +1,80 @@ +{ python3Packages +, lib +, fetchFromGitHub +}: + +with python3Packages; + +let + scriptPython = python.withPackages (ps: with ps; [ + aiohttp + requests + python_magic + ]); + + version = "lassulus-fork"; +in python3Packages.buildPythonPackage { + pname = "weechat-matrix"; + inherit version; + + src = fetchFromGitHub { + owner = "poljar"; + repo = "weechat-matrix"; + rev = version; + hash = "sha256-o4kgneszVLENG167nWnk2FxM+PsMzi+PSyMUMIktZcc="; + }; + # src = ./weechat-matrix; + + propagatedBuildInputs = [ + pyopenssl + webcolors + future + atomicwrites + attrs + Logbook + pygments + matrix-nio + aiohttp + requests + ]; + + passthru.scripts = [ "matrix.py" ]; + + dontBuild = true; + doCheck = false; + + format = "other"; + + installPhase = '' + mkdir -p $out/share $out/bin + cp main.py $out/share/matrix.py + + cp contrib/matrix_upload.py $out/bin/matrix_upload + cp contrib/matrix_decrypt.py $out/bin/matrix_decrypt + cp contrib/matrix_sso_helper.py $out/bin/matrix_sso_helper + substituteInPlace $out/bin/matrix_upload \ + --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python' + substituteInPlace $out/bin/matrix_sso_helper \ + --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python' + substituteInPlace $out/bin/matrix_decrypt \ + --replace '/usr/bin/env python3' '${scriptPython}/bin/python' + + mkdir -p $out/${python.sitePackages} + cp -r matrix $out/${python.sitePackages}/matrix + ''; + + dontPatchShebangs = true; + postFixup = '' + addToSearchPath program_PYTHONPATH $out/${python.sitePackages} + patchPythonScript $out/share/matrix.py + substituteInPlace $out/${python.sitePackages}/matrix/server.py --replace \"matrix_sso_helper\" \"$out/bin/matrix_sso_helper\" + ''; + + meta = with lib; { + description = "A Python plugin for Weechat that lets Weechat communicate over the Matrix protocol"; + homepage = "https://github.com/poljar/weechat-matrix"; + license = licenses.isc; + platforms = platforms.unix; + maintainers = with maintainers; [ tilpner emily ]; + }; +} diff --git a/lib/default.nix b/lib/default.nix index 7c3b0370e..149b97a72 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -95,9 +95,12 @@ let path = dirPath + "/${relPath}"; in nameValuePair (toPackageName name) (f path)) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir dirPath)))); + (attrNames + (filterAttrs isNixDirEntry (readDir dirPath)))); + + isNixDirEntry = name: type: + (type == "regular" && hasSuffix ".nix" name && name != "default.nix") || + (type == "directory" && !hasPrefix "." name); # https://tools.ietf.org/html/rfc5952 normalize-ip6-addr = @@ -191,3 +194,4 @@ let in lib +// { inherit lib; } diff --git a/lib/types.nix b/lib/types.nix index f312b734b..67a0c6f1b 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -58,6 +58,14 @@ rec { default = false; }; + consul = mkOption { + description = '' + Whether the host is a member of the global consul network + ''; + type = bool; + default = false; + }; + owner = mkOption { type = user; }; @@ -128,7 +136,7 @@ rec { default = null; }; ip4 = mkOption { - type = nullOr (submodule { + type = nullOr (submodule (ip4: { options = { addr = mkOption { type = addr4; @@ -138,13 +146,15 @@ rec { } // { retiolum.default = "10.243.0.0/16"; wiregrill.default = "10.244.0.0/16"; - }.${config._module.args.name} or {}); + }.${config._module.args.name} or { + default = "${ip4.config.addr}/32"; + }); }; - }); + })); default = null; }; ip6 = mkOption { - type = nullOr (submodule { + type = nullOr (submodule (ip6: { options = { addr = mkOption { type = addr6; @@ -155,9 +165,11 @@ rec { } // { retiolum.default = "42:0::/32"; wiregrill.default = "42:1::/32"; - }.${config._module.args.name} or {}); + }.${config._module.args.name} or { + default = "${ip6.config.addr}/128"; + }); }; - }); + })); default = null; }; ssh = mkOption { diff --git a/submodules/nix-writers b/submodules/nix-writers -Subproject c528cf970e292790b414b4c1c8c8e9d7e73b2a7 +Subproject 0c8de150426476b5287cf2787bbd85263691a80 diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index c36fbc4bf..90501d56d 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - imports = [ <stockholm/tv> <stockholm/tv/2configs/hw/x220.nix> diff --git a/tv/1systems/alnus/lib b/tv/1systems/alnus/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/alnus/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/au/lib b/tv/1systems/au/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/au/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/bu/config.nix b/tv/1systems/bu/config.nix index 11cdac398..22e5f1484 100644 --- a/tv/1systems/bu/config.nix +++ b/tv/1systems/bu/config.nix @@ -1,7 +1,5 @@ -{ config, pkgs, ... }: let - lib = import ../../../lib; -in { - +with import ./lib; +{ config, pkgs, ... }: { imports = [ ./disks.nix <stockholm/tv> diff --git a/tv/1systems/bu/lib b/tv/1systems/bu/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/bu/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/lib b/tv/1systems/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 00bd5da15..00cdf84c1 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - imports = [ <stockholm/tv> <stockholm/tv/2configs/br.nix> diff --git a/tv/1systems/mu/lib b/tv/1systems/mu/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/mu/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index 4dc0b4e82..fb67814db 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.nomic; imports = [ diff --git a/tv/1systems/nomic/lib b/tv/1systems/nomic/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/nomic/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix index 44c7685e8..8df29f75e 100644 --- a/tv/1systems/querel/config.nix +++ b/tv/1systems/querel/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - imports = [ <stockholm/tv> <stockholm/tv/2configs/retiolum.nix> diff --git a/tv/1systems/querel/lib b/tv/1systems/querel/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/querel/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index bf250cefa..4d45f6d40 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ../lib; { config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.wu; imports = [ diff --git a/tv/1systems/wu/lib b/tv/1systems/wu/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/wu/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 8a86e209b..6ca62ac0d 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.xu; imports = [ @@ -11,7 +10,6 @@ with import <stockholm/lib>; <stockholm/tv/2configs/gitrepos.nix> <stockholm/tv/2configs/mail-client.nix> <stockholm/tv/2configs/man.nix> - <stockholm/tv/2configs/nginx/krebs-pages.nix> <stockholm/tv/2configs/nginx/public_html.nix> <stockholm/tv/2configs/ppp.nix> <stockholm/tv/2configs/pulse.nix> diff --git a/tv/1systems/xu/lib b/tv/1systems/xu/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/1systems/xu/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index 8a3040a36..169fa6bd6 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - krebs.build.host = config.krebs.hosts.zu; imports = [ diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index a5e0cf4c7..c8ab73b50 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -1,6 +1,5 @@ -{ config, lib, ... }: -with import <stockholm/lib>; -{ +with import ./lib; +{ config, pkgs, ... }: { krebs.backup.plans = { } // mapAttrs (_: recursiveUpdate { snapshots = { diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix index 92e2499a9..e38566b78 100644 --- a/tv/2configs/bash/default.nix +++ b/tv/2configs/bash/default.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { programs.bash = { interactiveShellInit = /* sh */ '' HISTCONTROL='erasedups:ignorespace' @@ -17,8 +14,20 @@ with import <stockholm/lib>; case $UID in ${shell.escape (toString config.krebs.users.tv.uid)}) - if test ''${SHLVL-1} = 1; then - case ''${XMONAD_SPAWN_WORKSPACE-} in + if test ''${SHLVL-1} = 1 && test -n "''${DISPLAY-}"; then + _CURRENT_DESKTOP_NAME=''${_CURRENT_DESKTOP_NAME-$( + ${pkgs.xorg.xprop}/bin/xprop -notype -root \ + 32i _NET_CURRENT_DESKTOP \ + 8s _NET_DESKTOP_NAMES \ + | + ${pkgs.gnused}/bin/sed -r 's/.* = //;s/"//g;s/, /\a/g' | + { + read -r _NET_CURRENT_DESKTOP + IFS=$'\a' read -ra _NET_DESKTOP_NAMES + echo "''${_NET_DESKTOP_NAMES[$_NET_CURRENT_DESKTOP]}" + } + )} + case $_CURRENT_DESKTOP_NAME in stockholm) cd ~/stockholm ;; diff --git a/tv/2configs/bash/lib b/tv/2configs/bash/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/bash/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix index 58791f4f6..66d740715 100644 --- a/tv/2configs/binary-cache/default.nix +++ b/tv/2configs/binary-cache/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with import <stockholm/lib>; +{ config, lib, pkgs, ... }: with import ./lib; { environment.etc."binary-cache.pubkey".text = config.krebs.build.host.binary-cache.pubkey; diff --git a/tv/2configs/binary-cache/lib b/tv/2configs/binary-cache/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/binary-cache/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/br.nix b/tv/2configs/br.nix index e6a46e903..4a8db2e38 100644 --- a/tv/2configs/br.nix +++ b/tv/2configs/br.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { imports = [ diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index f3ce2da40..9babb92c2 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - boot.tmpOnTmpfs = true; krebs.enable = true; @@ -38,7 +37,7 @@ with import <stockholm/lib>; { i18n.defaultLocale = mkDefault "C.UTF-8"; security.sudo.extraConfig = '' - Defaults env_keep+="SSH_CLIENT XMONAD_SPAWN_WORKSPACE" + Defaults env_keep+="SSH_CLIENT _CURRENT_DESKTOP_NAME" Defaults mailto="${config.krebs.users.tv.mail}" Defaults !lecture ''; @@ -46,14 +45,15 @@ with import <stockholm/lib>; } { - # TODO check if both are required: - nix.sandboxPaths = [ "/etc/protocols" pkgs.iana-etc.outPath ]; - - nix.requireSignedBinaryCaches = true; - - nix.binaryCaches = ["https://cache.nixos.org"]; + nix.extraOptions = '' + auto-optimise-store = true + ''; - nix.useSandbox = true; + # TODO check if both are required: + nix.settings.extra-sandbox-paths = [ + "/etc/protocols" + pkgs.iana-etc.outPath + ]; } { nixpkgs.config.allowUnfree = false; diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix index 3d4ada46b..fefc6dd24 100644 --- a/tv/2configs/exim-retiolum.nix +++ b/tv/2configs/exim-retiolum.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { environment.systemPackages = [ pkgs.eximlog ]; diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 4a0dcf616..e905536df 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { environment.systemPackages = [ pkgs.eximlog ]; diff --git a/tv/2configs/gitconfig.nix b/tv/2configs/gitconfig.nix index 771a4b2a4..fb9b78e6a 100644 --- a/tv/2configs/gitconfig.nix +++ b/tv/2configs/gitconfig.nix @@ -1,8 +1,5 @@ -{ config, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { environment.etc.gitconfig.text = '' [alias] patch = !${pkgs.git}/bin/git --no-pager diff --no-color diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 50444c1ee..d8e7755fe 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let { +with import ./lib; +{ config, pkgs, ... }: let { body = { @@ -134,7 +131,6 @@ let { web-routes-wai-custom = {}; xintmap = {}; xmonad-aeson = {}; - xmonad-stockholm = {}; xmonad-web = {}; } // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) { cac-api = { @@ -165,6 +161,7 @@ let { soundcloud = { cgit.desc = "SoundCloud command line interface"; }; + xmonad-stockholm = {}; }); restricted-repos = mapAttrs make-restricted-repo ( diff --git a/tv/2configs/htop.nix b/tv/2configs/htop.nix index e78caeb5f..09372980f 100644 --- a/tv/2configs/htop.nix +++ b/tv/2configs/htop.nix @@ -1,8 +1,5 @@ -{ pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ pkgs, ... }: { nixpkgs.config.packageOverrides = super: { htop = pkgs.symlinkJoin { name = "htop"; diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix index dd6fcfe67..b998fcf7c 100644 --- a/tv/2configs/hw/AO753.nix +++ b/tv/2configs/hw/AO753.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { imports = [ ../smartd.nix diff --git a/tv/2configs/hw/lib b/tv/2configs/hw/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/hw/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix index 09dd9a49d..bf749a98a 100644 --- a/tv/2configs/hw/w110er.nix +++ b/tv/2configs/hw/w110er.nix @@ -1,6 +1,5 @@ -{ pkgs, ... }: let - lib = import <stockholm/lib>; -in { +with import ./lib; +{ pkgs, ... }: { imports = [ ../smartd.nix { diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 8c68cdef0..ee3c7dc04 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -1,7 +1,5 @@ -{ config, pkgs, ... }: let - lib = import <stockholm/lib>; -in -{ +with import ./lib; +{ config, pkgs, ... }: { imports = [ ../smartd.nix { @@ -28,8 +26,8 @@ in } { - nix.buildCores = 2; - nix.maxJobs = 2; + nix.settings.cores = 2; + nix.settings.max-jobs = 2; } (if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then { nix.daemonCPUSchedPolicy = "batch"; @@ -61,6 +59,9 @@ in emulateWheel = true; }; + # Conflicts with TLP, but gets enabled by DEs. + services.power-profiles-daemon.enable = false; + services.tlp.enable = true; services.tlp.settings = { START_CHARGE_THRESH_BAT0 = 80; diff --git a/tv/2configs/imgur.nix b/tv/2configs/imgur.nix index ba84fd2df..e22122761 100644 --- a/tv/2configs/imgur.nix +++ b/tv/2configs/imgur.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { - services.nginx.virtualHosts."ni.r" = { locations."/image" = { extraConfig = /* nginx */ '' @@ -18,8 +17,6 @@ with import <stockholm/lib>; krebs.htgen.imgur = { port = 7771; - script = /* sh */ '' - (. ${pkgs.htgen-imgur}/bin/htgen-imgur) - ''; + scriptFile = "${pkgs.htgen-imgur}/bin/htgen-imgur"; }; } diff --git a/tv/2configs/lib b/tv/2configs/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix index efea3a844..6844df99b 100644 --- a/tv/2configs/nginx/default.nix +++ b/tv/2configs/nginx/default.nix @@ -1,8 +1,5 @@ -{ config, lib, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, ... }: { services.nginx = { enableReload = true; diff --git a/tv/2configs/nginx/krebs-pages.nix b/tv/2configs/nginx/krebs-pages.nix deleted file mode 100644 index 4dd643db7..000000000 --- a/tv/2configs/nginx/krebs-pages.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, pkgs, ... }: -{ - services.nginx = { - virtualHosts.krebs-pages = { - serverAliases = [ - "krebs.${config.krebs.build.host.name}.r" - ]; - extraConfig = '' - root ${pkgs.krebs-pages}; - ''; - }; - }; -} diff --git a/tv/2configs/nginx/lib b/tv/2configs/nginx/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/nginx/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix index 43d7189ef..c2403cd8d 100644 --- a/tv/2configs/nginx/public_html.nix +++ b/tv/2configs/nginx/public_html.nix @@ -1,8 +1,5 @@ -{ config, lib, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, ... }: { services.nginx = { enable = true; virtualHosts.default = { diff --git a/tv/2configs/pki/default.nix b/tv/2configs/pki/default.nix index 51a5c716f..415755b16 100644 --- a/tv/2configs/pki/default.nix +++ b/tv/2configs/pki/default.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let certFile = config.environment.etc."ssl/certs/ca-certificates.crt".source; diff --git a/tv/2configs/pki/lib b/tv/2configs/pki/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/pki/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix index c801401b2..24d2831c4 100644 --- a/tv/2configs/ppp.nix +++ b/tv/2configs/ppp.nix @@ -1,5 +1,5 @@ +with import ./lib; { config, pkgs, ... }: let - lib = import <stockholm/lib>; cfg = { pin = "@${toString <secrets/o2.pin>}"; ttys.ppp = "/dev/ttyACM0"; diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index 513a0eb17..7a07e8154 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -1,7 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let +with import ./lib; +{ config, pkgs, ... }: let pkg = pkgs.pulseaudio; runDir = "/run/pulse"; diff --git a/tv/2configs/repo-sync/lib b/tv/2configs/repo-sync/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/repo-sync/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/repo-sync/wiki.nix b/tv/2configs/repo-sync/wiki.nix index 913439906..515e731c4 100644 --- a/tv/2configs/repo-sync/wiki.nix +++ b/tv/2configs/repo-sync/wiki.nix @@ -1,6 +1,5 @@ -{ config, pkgs, ... }: let - lib = import <stockholm/lib>; -in { +with import ./lib; +{ config, pkgs, ... }: { krebs.repo-sync.enable = true; krebs.repo-sync.repos.wiki.branches.hotdog = { origin.url = "http://cgit.hotdog.r/wiki"; diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix index 3c3b2adf0..de77de381 100644 --- a/tv/2configs/retiolum.nix +++ b/tv/2configs/retiolum.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { krebs.tinc.retiolum = { enable = true; connectTo = filter (ne config.krebs.build.host.name) [ diff --git a/tv/2configs/ssh.nix b/tv/2configs/ssh.nix index 84d247362..ad828813d 100644 --- a/tv/2configs/ssh.nix +++ b/tv/2configs/ssh.nix @@ -1,8 +1,5 @@ -{ config, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { # Override NixOS's "Allow DSA keys for now." environment.etc."ssh/ssh_config".text = mkForce '' AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} diff --git a/tv/2configs/sshd.nix b/tv/2configs/sshd.nix index 79af5b01f..4da8c8216 100644 --- a/tv/2configs/sshd.nix +++ b/tv/2configs/sshd.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, ... }: let cfg.host = config.krebs.build.host; in { diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 619b04459..7ba364ff3 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let exec = filename: args: url: { inherit url; diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index fed74c921..b8819ee36 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -1,7 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let { +with import ./lib; +{ config, pkgs, ... }: let { body = { environment.systemPackages = [ vim-wrapper @@ -13,7 +11,7 @@ let { environment.variables.VIMINIT = ":so /etc/vimrc"; }; - extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + extra-runtimepath = pkgs.tv.vim.makeRuntimePath [ pkgs.tv.vimPlugins.elixir pkgs.tv.vimPlugins.file-line pkgs.tv.vimPlugins.fzf @@ -79,6 +77,7 @@ let { set showmatch set timeoutlen=0 set ttimeoutlen=0 + set ttymouse=sgr set undodir=${dirs.undodir} set undofile set undolevels=1000000 diff --git a/tv/2configs/xdg.nix b/tv/2configs/xdg.nix index 18bac9b38..b7c14af5a 100644 --- a/tv/2configs/xdg.nix +++ b/tv/2configs/xdg.nix @@ -1,8 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, pkgs, ... }: { environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; systemd.tmpfiles.rules = let diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix index a97fb3679..51fd1ae8c 100644 --- a/tv/2configs/xp-332.nix +++ b/tv/2configs/xp-332.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: { environment.etc."utsushi.conf".text = '' diff --git a/tv/2configs/xserver/Xmodmap.nix b/tv/2configs/xserver/Xmodmap.nix index 8e8e3dfdd..8e555e927 100644 --- a/tv/2configs/xserver/Xmodmap.nix +++ b/tv/2configs/xserver/Xmodmap.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: -with import <stockholm/lib>; +with import ./lib; pkgs.writeText "Xmodmap" '' !keycode 66 = Caps_Lock diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 8bedb0e81..f534b557e 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -1,6 +1,5 @@ -{ config, pkgs, ... }@args: -with import <stockholm/lib>; -let +with import ./lib; +{ config, pkgs, ... }@args: let cfg = { cacheDir = cfg.dataDir; configDir = "/var/empty"; diff --git a/tv/2configs/xserver/lib b/tv/2configs/xserver/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/2configs/xserver/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/2configs/xserver/sxiv.nix b/tv/2configs/xserver/sxiv.nix index 10e450da4..eb862f887 100644 --- a/tv/2configs/xserver/sxiv.nix +++ b/tv/2configs/xserver/sxiv.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let cfg.user = config.krebs.build.user; in { diff --git a/tv/2configs/xserver/urxvt.nix b/tv/2configs/xserver/urxvt.nix index 2d504e165..3502c6356 100644 --- a/tv/2configs/xserver/urxvt.nix +++ b/tv/2configs/xserver/urxvt.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let cfg.user = config.krebs.build.user; in { diff --git a/tv/2configs/xserver/xserver.conf.nix b/tv/2configs/xserver/xserver.conf.nix index 99038e5fc..3fdfebf1b 100644 --- a/tv/2configs/xserver/xserver.conf.nix +++ b/tv/2configs/xserver/xserver.conf.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; +with import ./lib; +{ config, pkgs, ... }: let cfg = config.services.xserver; diff --git a/tv/3modules/Xresources.nix b/tv/3modules/Xresources.nix index ab233dd65..266531de9 100644 --- a/tv/3modules/Xresources.nix +++ b/tv/3modules/Xresources.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let cfg = { enable = config.services.xserver.enable && config.tv.Xresources != {}; diff --git a/tv/3modules/charybdis/config.nix b/tv/3modules/charybdis/config.nix index dccbfde67..4669345eb 100644 --- a/tv/3modules/charybdis/config.nix +++ b/tv/3modules/charybdis/config.nix @@ -1,4 +1,4 @@ -{ config, ... }: with import <stockholm/lib>; let +{ config, ... }: with import ./lib; let cfg = config.tv.charybdis; in toFile "charybdis.conf" '' /* doc/example.conf - brief example configuration file diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 96aae702a..4a0f99503 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -1,4 +1,5 @@ -{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let +with import ./lib; +{ config, pkgs, ... }@args: let cfg = config.tv.charybdis; in { options.tv.charybdis = { diff --git a/tv/3modules/charybdis/lib b/tv/3modules/charybdis/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/3modules/charybdis/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/3modules/dnsmasq.nix b/tv/3modules/dnsmasq.nix index ab24ac089..e1dfdea34 100644 --- a/tv/3modules/dnsmasq.nix +++ b/tv/3modules/dnsmasq.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, ... }: let cfg = config.tv.dnsmasq; in { diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index edc5296b0..e3a41a57b 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -1,5 +1,5 @@ -{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let - +with import ./lib; +{ config, pkgs, ... }: let cfg = config.tv.ejabberd; gen-dhparam = pkgs.writeDash "gen-dhparam" '' diff --git a/tv/3modules/ejabberd/lib b/tv/3modules/ejabberd/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/3modules/ejabberd/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/3modules/focus.nix b/tv/3modules/focus.nix index b1a7b2e52..c16d44243 100644 --- a/tv/3modules/focus.nix +++ b/tv/3modules/focus.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { options.tv.focus.enable = mkEnableOption "tv.focus"; } diff --git a/tv/3modules/hosts.nix b/tv/3modules/hosts.nix index 118740510..2d382e266 100644 --- a/tv/3modules/hosts.nix +++ b/tv/3modules/hosts.nix @@ -1,8 +1,5 @@ -{ config, ... }: - -with import <stockholm/lib>; - -{ +with import ./lib; +{ config, ... }: { options.tv.hosts = mkOption { type = types.attrsOf types.host; default = diff --git a/tv/3modules/hw.nix b/tv/3modules/hw.nix index 6eb722d2f..db1a77c85 100644 --- a/tv/3modules/hw.nix +++ b/tv/3modules/hw.nix @@ -1,5 +1,5 @@ +with import ./lib; let - lib = import <stockholm/lib>; local.types.screen = lib.types.submodule { options.width = lib.mkOption { type = lib.types.uint; diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix index e98a57327..76a61b191 100644 --- a/tv/3modules/im.nix +++ b/tv/3modules/im.nix @@ -1,6 +1,6 @@ +with import ./lib; { config, pkgs, ... }: let im = config.tv.im; - lib = import <stockholm/lib>; in { options = { tv.im.client.enable = lib.mkEnableOption "tv.im.client" // { diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 9cf0bd5a2..c4bf4644d 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -1,7 +1,5 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let { +with import ./lib; +{ config, pkgs, ... }: let { cfg = config.tv.iptables; body = { diff --git a/tv/3modules/lib b/tv/3modules/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/3modules/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/3modules/org.freedesktop.machine1.host-shell.nix b/tv/3modules/org.freedesktop.machine1.host-shell.nix index e1a5323d6..7d31edf9d 100644 --- a/tv/3modules/org.freedesktop.machine1.host-shell.nix +++ b/tv/3modules/org.freedesktop.machine1.host-shell.nix @@ -1,4 +1,5 @@ -{ config, ... }: let lib = import ../../lib; in { +with import ./lib; +{ config, ... }: { options.org.freedesktop.machine1.host-shell.access = lib.mkOption { default = {}; type = diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix index 926adc8e0..a08303215 100644 --- a/tv/3modules/slock.nix +++ b/tv/3modules/slock.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let cfg = config.tv.slock; in { diff --git a/tv/3modules/x0vncserver.nix b/tv/3modules/x0vncserver.nix index 4dbb34df0..f19bfebcc 100644 --- a/tv/3modules/x0vncserver.nix +++ b/tv/3modules/x0vncserver.nix @@ -1,8 +1,6 @@ -with import <stockholm/lib>; +with import ./lib; { config, pkgs, ... }: let - cfg = config.tv.x0vncserver; - in { options.tv.x0vncserver = { display = mkOption { diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 5a018a166..245d0542b 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,4 +1,4 @@ -with import ../../lib; +with import ./lib; let pushBack = x: xs: if elem x xs then @@ -14,7 +14,6 @@ fix (foldl' (flip extends) (_: super) (map (name: import (./. + "/${name}")) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (pushBack "override" - (attrNames (readDir ./.)))))) + (pushBack "override" + (attrNames + (filterAttrs isNixDirEntry (readDir ./.)))))) diff --git a/tv/5pkgs/haskell/default.nix b/tv/5pkgs/haskell/default.nix index 33fd2506a..f05223d72 100644 --- a/tv/5pkgs/haskell/default.nix +++ b/tv/5pkgs/haskell/default.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; let overrides = self: super: mapNixDir (path: self.callPackage path {}) [ diff --git a/tv/5pkgs/haskell/lib b/tv/5pkgs/haskell/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/haskell/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/haskell/xmonad-tv/default.nix b/tv/5pkgs/haskell/xmonad-tv/default.nix index edb5f258e..be3eca982 100644 --- a/tv/5pkgs/haskell/xmonad-tv/default.nix +++ b/tv/5pkgs/haskell/xmonad-tv/default.nix @@ -1,6 +1,6 @@ { mkDerivation, aeson, base, bytestring, containers, directory -, extra, lib, template-haskell, th-env, unix, X11, xmonad -, xmonad-contrib, xmonad-stockholm +, extra, filepath, lib, systemd, template-haskell, th-env +, transformers, unix, X11, xmonad, xmonad-contrib }: mkDerivation { pname = "xmonad-tv"; @@ -9,8 +9,8 @@ mkDerivation { isLibrary = false; isExecutable = true; executableHaskellDepends = [ - aeson base bytestring containers directory extra template-haskell - th-env unix X11 xmonad xmonad-contrib xmonad-stockholm + aeson base bytestring containers directory extra filepath systemd + template-haskell th-env transformers unix X11 xmonad xmonad-contrib ]; license = lib.licenses.mit; } diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Build.hs b/tv/5pkgs/haskell/xmonad-tv/src/Build.hs new file mode 100644 index 000000000..553a129b1 --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/Build.hs @@ -0,0 +1,24 @@ +{-# LANGUAGE TemplateHaskell #-} +{-# LANGUAGE TypeApplications #-} + +module Build where + +import XMonad (Dimension) +import THEnv.JSON (getCompileEnvJSONExp) + + +myFont :: String +myFont = + "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" + +myScreenWidth :: Dimension +myScreenWidth = + $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_SCREEN_WIDTH") + +myTermFontWidth :: Dimension +myTermFontWidth = + $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_TERM_FONT_WIDTH") + +myTermPadding :: Dimension +myTermPadding = + 2 diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs b/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs new file mode 100644 index 000000000..d4a4d93cf --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/Shutdown.hs @@ -0,0 +1,113 @@ +{-# LANGUAGE LambdaCase #-} + +module Shutdown + ( newShutdownEventHandler + , shutdown + ) + where + +import Control.Applicative ((<|>), empty) +import Control.Concurrent (threadDelay) +import Control.Monad (forever, guard, when) +import Data.Monoid (All(All)) +import System.Directory (XdgDirectory(XdgData), createDirectoryIfMissing, doesFileExist, getAppUserDataDirectory, getXdgDirectory) +import System.Exit (exitSuccess) +import System.Environment (lookupEnv) +import System.FilePath ((</>)) +import System.IO.Error (isDoesNotExistError, tryIOError) +import System.IO (hPutStrLn, stderr) +import System.Posix.Process (getProcessID) +import System.Posix.Signals (nullSignal, signalProcess) +import System.Posix.Types (ProcessID) +import XMonad hiding (getXMonadDataDir) + + +-- XXX this is for compatibility with both xmonad<0.17 and xmonad>=0.17 +getXMonadDataDir :: IO String +getXMonadDataDir = xmEnvDir <|> xmDir <|> xdgDir + where + -- | Check for xmonad's environment variables first + xmEnvDir :: IO String + xmEnvDir = + maybe empty pure =<< lookupEnv "XMONAD_DATA_DIR" + + -- | Check whether the config file or a build script is in the + -- @~\/.xmonad@ directory + xmDir :: IO String + xmDir = do + d <- getAppUserDataDirectory "xmonad" + conf <- doesFileExist $ d </> "xmonad.hs" + build <- doesFileExist $ d </> "build" + pid <- doesFileExist $ d </> "xmonad.pid" + + -- Place *everything* in ~/.xmonad if yes + guard $ conf || build || pid + pure d + + -- | Use XDG directories as a fallback + xdgDir :: IO String + xdgDir = do + d <- getXdgDirectory XdgData "xmonad" + d <$ createDirectoryIfMissing True d + + +newShutdownEventHandler :: IO (Event -> X All) +newShutdownEventHandler = do + writeProcessIDToFile + return handleShutdownEvent + +handleShutdownEvent :: Event -> X All +handleShutdownEvent = \case + ClientMessageEvent { ev_message_type = mt } -> do + isShutdownEvent <- (mt ==) <$> getAtom "XMONAD_SHUTDOWN" + when isShutdownEvent $ do + broadcastMessage ReleaseResources + writeStateToFile + io exitSuccess >> return () + return (All (not isShutdownEvent)) + _ -> + return (All True) + +sendShutdownEvent :: IO () +sendShutdownEvent = do + dpy <- openDisplay "" + rw <- rootWindow dpy $ defaultScreen dpy + a <- internAtom dpy "XMONAD_SHUTDOWN" False + allocaXEvent $ \e -> do + setEventType e clientMessage + setClientMessageEvent e rw a 32 0 currentTime + sendEvent dpy rw False structureNotifyMask e + sync dpy False + +shutdown :: IO () +shutdown = do + pid <- readProcessIDFromFile + sendShutdownEvent + hPutStrLn stderr ("waiting for: " <> show pid) + result <- tryIOError (waitProcess pid) + if isSuccess result + then hPutStrLn stderr ("result: " <> show result <> " [AKA success^_^]") + else hPutStrLn stderr ("result: " <> show result) + where + isSuccess = either isDoesNotExistError (const False) + +waitProcess :: ProcessID -> IO () +waitProcess pid = forever (signalProcess nullSignal pid >> threadDelay 10000) + +-- +-- PID file stuff +-- + +getProcessIDFileName :: IO FilePath +getProcessIDFileName = (</> "xmonad.pid") <$> getXMonadDataDir + +writeProcessIDToFile :: IO () +writeProcessIDToFile = do + pidFileName <- getProcessIDFileName + pid <- getProcessID + writeFile pidFileName (show pid) + +readProcessIDFromFile :: IO ProcessID +readProcessIDFromFile = do + pidFileName <- getProcessIDFileName + read <$> readFile pidFileName diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index 81373f410..c921d428b 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -1,6 +1,4 @@ {-# LANGUAGE LambdaCase #-} -{-# LANGUAGE TemplateHaskell #-} -{-# LANGUAGE TypeApplications #-} module Main (main) where @@ -32,25 +30,9 @@ import Data.Ratio import XMonad.Hooks.Place (placeHook, smart) import XMonad.Actions.PerWorkspaceKeys (chooseAction) -import XMonad.Stockholm.Pager -import XMonad.Stockholm.Shutdown +import Shutdown (shutdown, newShutdownEventHandler) -import THEnv.JSON (getCompileEnvJSONExp) - - -myFont :: String -myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" - -myScreenWidth :: Dimension -myScreenWidth = - $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_SCREEN_WIDTH") - -myTermFontWidth :: Dimension -myTermFontWidth = - $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_TERM_FONT_WIDTH") - -myTermPadding :: Dimension -myTermPadding = 2 +import Build (myFont, myScreenWidth, myTermFontWidth, myTermPadding) main :: IO () @@ -136,13 +118,6 @@ spawnRootTerm = Nothing -spawnTermAt :: String -> X () -spawnTermAt ws = do - env <- io getEnvironment - let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env - forkFile {-pkg:rxvt_unicode-}"urxvtc" [] (Just env') - - myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) myKeys conf = Map.fromList $ [ ((_4 , xK_Escape ), forkFile {-pkg-}"slock" [] Nothing) @@ -151,11 +126,9 @@ myKeys conf = Map.fromList $ , ((_4 , xK_o ), forkFile {-pkg:fzmenu-}"otpmenu" [] Nothing) , ((_4 , xK_p ), forkFile {-pkg:fzmenu-}"passmenu" [] Nothing) - , ((_4 , xK_x ), chooseAction spawnTermAt) + , ((_4 , xK_x ), forkFile {-pkg:rxvt_unicode-}"urxvtc" [] Nothing) , ((_4C , xK_x ), spawnRootTerm) - , ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) - , ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) , ((_C , xK_Menu ), toggleWS) , ((_4 , xK_space ), withFocused $ \w -> ifM (isFloatingX w) xdeny $ sendMessage NextLayout) @@ -233,23 +206,3 @@ xdeny = , "-e", "sleep", "0.05" ] Nothing - - -pagerConfig :: PagerConfig -pagerConfig = def - { pc_font = myFont - , pc_cellwidth = 64 - , pc_matchmethod = MatchPrefix - , pc_windowColors = windowColors - } - where - windowColors _ _ _ True _ = ("#ef4242","#ff2323") - windowColors wsf m c u wf = do - let y = defaultWindowColors wsf m c u wf - if m == False && wf == True - then ("#402020", snd y) - else y - - -allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] -allWorkspaceNames = return . map W.tag . W.workspaces diff --git a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal index f3bd2e0ab..a3ddcb039 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal +++ b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal @@ -15,14 +15,15 @@ executable xmonad containers, directory, extra, + filepath, template-haskell, th-env, unix, X11, xmonad, - xmonad-contrib, - xmonad-stockholm + xmonad-contrib other-modules: + Shutdown, THEnv.JSON default-language: Haskell2010 ghc-options: -O2 -Wall -threaded diff --git a/tv/5pkgs/lib b/tv/5pkgs/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix index f719a9f69..87b7ce929 100644 --- a/tv/5pkgs/override/default.nix +++ b/tv/5pkgs/override/default.nix @@ -1,4 +1,4 @@ -with import ../../../lib; +with import ./lib; self: super: mapNixDir (path: import path self super) ./. diff --git a/tv/5pkgs/override/fzf/complete1.patch b/tv/5pkgs/override/fzf/complete1.patch index 4b2126a2c..3e3f2c4d5 100644 --- a/tv/5pkgs/override/fzf/complete1.patch +++ b/tv/5pkgs/override/fzf/complete1.patch @@ -1,50 +1,72 @@ +commit 57cbd76c068121b685399fdb4649e7ba537983d6 +Author: tv <tv@krebsco.de> +Date: Mon Dec 5 15:24:30 2022 +0100 + + Add --complete-1 option + +diff --git a/man/man1/fzf.1 b/man/man1/fzf.1 +index 79e7291..3b8a753 100644 +--- a/man/man1/fzf.1 ++++ b/man/man1/fzf.1 +@@ -685,6 +685,9 @@ interactive finder and automatically select the only match + If there is no match for the initial query (\fB--query\fR), do not start + interactive finder and exit immediately + .TP ++.B "--complete-1" ++Exit interactive finder when there's exactly one match ++.TP + .BI "-f, --filter=" "STR" + Filter mode. Do not start interactive finder. When used with \fB--no-sort\fR, + fzf becomes a fuzzy-version of grep. diff --git a/src/core.go b/src/core.go -index a18c3a1..a3d92a4 100644 +index 2ddddc3..09afff2 100644 --- a/src/core.go +++ b/src/core.go -@@ -331,6 +331,13 @@ func Run(opts *Options, version string, revision string) { +@@ -337,8 +337,14 @@ func Run(opts *Options, version string, revision string) { + } + determine(val.final) } - } - terminal.UpdateList(val, clearSelection()) -+ if (opts.Complete1) { -+ count := val.Length() -+ if count == 1 { ++ } else { ++ if opts.Complete1 && val.Length() == 1 { + opts.Printer(val.Get(0).item.AsString(opts.Ansi)) + terminal.reqBox.Set(reqClose, nil) ++ } else { ++ terminal.UpdateList(val, clearSelection()) + } -+ } + } +- terminal.UpdateList(val, clearSelection()) } } } diff --git a/src/options.go b/src/options.go -index a55dc34..7f121cd 100644 +index 5400311..1e38fe4 100644 --- a/src/options.go +++ b/src/options.go -@@ -92,6 +92,7 @@ const usage = `usage: fzf [options] - -1, --select-1 Automatically select the only match - -0, --exit-0 Exit immediately when there's no match - -f, --filter=STR Filter mode. Do not start interactive finder. -+ --complete-1 Exit interactive finder when there's exactly one match - --print-query Print query as the first line - --expect=KEYS Comma-separated list of keys to complete fzf - --read0 Read input delimited by ASCII NUL characters -@@ -208,6 +209,7 @@ type Options struct { - Query string - Select1 bool - Exit0 bool -+ Complete1 bool - Filter *string - ToggleSort bool - Expect map[tui.Event]string -@@ -269,6 +271,7 @@ func defaultOptions() *Options { - Query: "", - Select1: false, - Exit0: false, -+ Complete1: false, - Filter: nil, - ToggleSort: false, - Expect: make(map[tui.Event]string), -@@ -1311,6 +1314,8 @@ func parseOptions(opts *Options, allArgs []string) { +@@ -108,6 +108,7 @@ const usage = `usage: fzf [options] + -1, --select-1 Automatically select the only match + -0, --exit-0 Exit immediately when there's no match + -f, --filter=STR Filter mode. Do not start interactive finder. ++ --complete-1 Exit interactive finder when there's exactly one match + --print-query Print query as the first line + --expect=KEYS Comma-separated list of keys to complete fzf + --read0 Read input delimited by ASCII NUL characters +@@ -274,6 +275,7 @@ type Options struct { + Query string + Select1 bool + Exit0 bool ++ Complete1 bool + Filter *string + ToggleSort bool + Expect map[tui.Event]string +@@ -342,6 +344,7 @@ func defaultOptions() *Options { + Query: "", + Select1: false, + Exit0: false, ++ Complete1: false, + Filter: nil, + ToggleSort: false, + Expect: make(map[tui.Event]string), +@@ -1546,6 +1549,8 @@ func parseOptions(opts *Options, allArgs []string) { opts.Exit0 = true case "+0", "--no-exit-0": opts.Exit0 = false diff --git a/tv/5pkgs/override/fzf/default.nix b/tv/5pkgs/override/fzf/default.nix index 661db0ed5..2254d455a 100644 --- a/tv/5pkgs/override/fzf/default.nix +++ b/tv/5pkgs/override/fzf/default.nix @@ -1,9 +1,7 @@ self: super: super.fzf.overrideAttrs (old: { - # XXX cannot use `patches` because fzf has a custom patchPhase - patchPhase = '' - patch -Np1 < ${./complete1.patch} - ${old.patchPhase or ""} - ''; + patches = old.patches or [] ++ [ + ./complete1.patch + ]; }) diff --git a/tv/5pkgs/override/lib b/tv/5pkgs/override/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/override/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/rpi/default.nix b/tv/5pkgs/rpi/default.nix index f0ac47f6a..e41d6373f 100644 --- a/tv/5pkgs/rpi/default.nix +++ b/tv/5pkgs/rpi/default.nix @@ -1,6 +1,4 @@ -let - lib = import <stockholm/lib>; -in +with import ./lib; self: super: diff --git a/tv/5pkgs/rpi/lib b/tv/5pkgs/rpi/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/rpi/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/simple/alacritty-font-size.nix b/tv/5pkgs/simple/alacritty-font-size.nix new file mode 100644 index 000000000..84bc3f616 --- /dev/null +++ b/tv/5pkgs/simple/alacritty-font-size.nix @@ -0,0 +1,67 @@ +{ pkgs }: + +pkgs.writeDashBin "font-size-alacritty" '' + # usage: font-size-alacritty (+N|-N|=N) + # Increase by, decrease by, or set font size to the value N. + + set -efu + + min_size=8 + + op=''${1%%[0-9]*} + op=''${op:-=} + + value=''${1#[=+-]} + + window_id=$(${pkgs.xdotool}/bin/xdotool getactivewindow) + + current_size=$( + ${pkgs.xorg.xprop}/bin/xprop -notype -id $window_id FONT_SIZE | + ${pkgs.gnused}/bin/sed -rn 's/.* = ([0-9]+)$/\1/p' + ) + + # usage: set_font_size WINDOW_ID FONT_SIZE + set_font_size() { + ${pkgs.alacritty}/bin/alacritty msg config -w $1 font.size=$2 + ${pkgs.xorg.xprop}/bin/xprop -id $1 -f FONT_SIZE 32c -set FONT_SIZE $2 + } + + # usage: reset_font_size WINDOW_ID + reset_font_size() { + ${pkgs.alacritty}/bin/alacritty msg config -w $1 font.size=$min_size + ${pkgs.xorg.xprop}/bin/xprop -id $1 -remove FONT_SIZE + } + + # usage: make_next_size + make_next_size() { + case $op in + -) next_size=$(expr $current_size - $value) ;; + =) next_size=$value ;; + +) + next_size=$(expr $current_size + $value) + test $next_size -ge $min_size || next_size=$min_size + ;; + esac + } + + if test -z "$current_size"; then + current_size=0 + make_next_size + if test $next_size -ge $min_size; then + ${pkgs.alacritty}/bin/alacritty msg config -w $window_id \ + font.normal.family='Input Mono' \ + font.normal.style=Condensed \ + font.bold.family='Input Mono' \ + font.bold.style=Bold + set_font_size $window_id $next_size + fi + else + make_next_size + if test $next_size -ge $min_size; then + set_font_size $window_id $next_size + else + ${pkgs.alacritty}/bin/alacritty msg config -w $window_id -r + reset_font_size $window_id + fi + fi +'' diff --git a/tv/5pkgs/simple/alacritty-tv.nix b/tv/5pkgs/simple/alacritty-tv.nix new file mode 100644 index 000000000..466ff27c5 --- /dev/null +++ b/tv/5pkgs/simple/alacritty-tv.nix @@ -0,0 +1,93 @@ +{ pkgs }: + +let + lib = import ./lib; + font-size = arg: { + program = "${pkgs.font-size-alacritty}/bin/font-size-alacritty"; + args = [arg]; + }; + config = { + bell.animation = "EaseOut"; + bell.duration = 50; + bell.color = "#ff00ff"; + colors.cursor.cursor = "#f042b0"; + colors.primary.background = "#202020"; + colors.primary.foreground = "#d0d7d0"; + colors.normal.black = "#000000"; + colors.normal.red = "#cd0000"; + colors.normal.green = "#00cd00"; + colors.normal.yellow = "#bc7004"; + colors.normal.blue = "#4343be"; + colors.normal.magenta = "#cb06cb"; + colors.normal.cyan = "#04c9c9"; + colors.normal.white = "#bebebe"; + colors.bright.black = "#727272"; + colors.bright.red = "#fb6262"; + colors.bright.green = "#72fb72"; + colors.bright.yellow = "#fbfb72"; + colors.bright.blue = "#7272fb"; + colors.bright.magenta = "#fb53fb"; + colors.bright.cyan = "#72fbfb"; + colors.bright.white = "#fbfbfb"; + draw_bold_text_with_bright_colors = true; + font.normal.family = "Clean"; + font.bold.family = "Clean"; + font.bold.style = "Regular"; + font.size = 10; + hints.enabled = [ + { + regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\\u0000-\\u001F\\u007F-\\u009F<>\"\\s{-}\\^⟨⟩`]+"; + mouse.enabled = true; + post_processing = true; + action = "Select"; + } + ]; + key_bindings = [ + { key = "Up"; mods = "Shift|Control"; command = font-size "=14"; } + { key = "Up"; mods = "Control"; command = font-size "+1"; } + { key = "Down"; mods = "Control"; command = font-size "-1"; } + { key = "Down"; mods = "Shift|Control"; command = font-size "=0"; } + ]; + scrolling.multiplier = 8; + }; + config-file = pkgs.writeJSON "alacritty-tv.json" config; +in + +pkgs.symlinkJoin { + name = "alacritty-tv"; + paths = [ + (pkgs.writeDashBin "alacritty" '' + # usage: + # alacritty [--singleton] [ARGS...] + + set -efu + + # Use home so Alacritty can find the configuration without arguments. + # HOME will be reset once in Alacritty. + HOME=$TMPDIR/Alacritty + export HOME + + # Install stored configuration if it has changed. + # This allows for both declarative updates and runtime modifications. + ${pkgs.coreutils}/bin/mkdir -p "$HOME" + ref=$(${pkgs.coreutils}/bin/cat "$HOME"/ref) + if test "$ref" != ${config-file}; then + echo ${config-file} > "$HOME"/ref + ${pkgs.coreutils}/bin/cp ${config-file} "$HOME"/.alacritty.yml + fi + + case ''${1-} in + --singleton) + shift + if ! ${pkgs.alacritty}/bin/alacritty msg create-window "$@"; then + ${pkgs.alacritty}/bin/alacritty "$@" & + fi + ;; + *) + exec ${pkgs.alacritty}/bin/alacritty "$@" + ;; + esac + '') + pkgs.alacritty + ]; +} diff --git a/tv/5pkgs/simple/bash-fzf-history.nix b/tv/5pkgs/simple/bash-fzf-history.nix index 88a8e9e4a..1166ec7fd 100644 --- a/tv/5pkgs/simple/bash-fzf-history.nix +++ b/tv/5pkgs/simple/bash-fzf-history.nix @@ -1,4 +1,4 @@ -with import <stockholm/lib>; +with import ./lib; { pkgs , edit-key ? "ctrl-e" diff --git a/tv/5pkgs/simple/default.nix b/tv/5pkgs/simple/default.nix index 9fb45dd1a..82a19a9b1 100644 --- a/tv/5pkgs/simple/default.nix +++ b/tv/5pkgs/simple/default.nix @@ -1,4 +1,4 @@ -with import ../../../lib; +with import ./lib; self: super: diff --git a/tv/5pkgs/simple/imagescan-plugin-networkscan.nix b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix index c3f2deaca..4f9b84b22 100644 --- a/tv/5pkgs/simple/imagescan-plugin-networkscan.nix +++ b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { preFixup = '' patchelf --set-interpreter \ - ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \ + ${pkgs.pkgsi686Linux.glibc}/lib/ld-linux-x86-64.so.2 \ $out/lib/utsushi/networkscan # libstdc++.so.6 diff --git a/tv/5pkgs/simple/lib b/tv/5pkgs/simple/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/simple/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/simple/pinentry-urxvt/default.nix b/tv/5pkgs/simple/pinentry-urxvt/default.nix index 65b76c077..ad8039ff2 100644 --- a/tv/5pkgs/simple/pinentry-urxvt/default.nix +++ b/tv/5pkgs/simple/pinentry-urxvt/default.nix @@ -1,8 +1,7 @@ +with import ./lib; { pkgs, ... }@args: let - lib = import <stockholm/lib>; - # config cannot be declared in the input attribute set because that would # cause callPackage to inject the wrong config. Instead, get it from ... # via args. @@ -20,7 +19,11 @@ let type = lib.types.str; }; display = lib.mkOption { - default = ":0"; + default = null; + type = lib.types.nullOr lib.types.str; + }; + xwud.className = lib.mkOption { + default = "PinentryUrxvtXwudFloat"; type = lib.types.str; }; }; @@ -30,12 +33,77 @@ let in + # pinentry-urxvt - A mechanism for PIN entry utilizing rxvt-unicode + # + # This spawns a PIN entry terminal on top of a tinted screenshot of the + # current display's root window. The display for spawning the terminal can + # be predefined, in which case both the current and the predefined display + # will show the screenshot. + # + # The purpose of the screenshot, aside from looking nice, is to prevent entry + # of the PIN into the wrong window, e.g. by accidentally moving the cursor + # while typing. If necessary, the screenshot can be closed by sending 'q', + # 'Q', or ctrl-c while its focused. + # pkgs.write "pinentry-urxvt" { "/bin/pinentry".link = pkgs.writeDash "pinentry-urxvt-wrapper" '' set -efu + + trap cleanup EXIT + + cleanup() { + ${pkgs.utillinux}/bin/kill -- $(${pkgs.coreutils}/bin/cat "$displayers") + rm "$displayers" + rm "$screenshot" + } + + displayers=$(${pkgs.coreutils}/bin/mktemp -t pinentry-urxvt.$$.displayers.XXXXXXXX) + screenshot=$(${pkgs.coreutils}/bin/mktemp -t pinentry-urxvt.$$.screenshot.XXXXXXXX) + + ${pkgs.xorg.xwd}/bin/xwd -root | + ${pkgs.imagemagick}/bin/convert xwd:- -fill \#424242 -colorize 80% xwd:"$screenshot" + + display_screenshot() { + ${pkgs.exec "pinentry-urxvt.display_screenshot" { + filename = "${pkgs.xorg.xwud}/bin/xwud"; + argv = [ + cfg.xwud.className + "-noclick" + ]; + }} < "$screenshot" & + wait_for_screenshot $! && echo $! >>"$displayers" + } + + # Wait for the xwud window by trying to intercept the call to munmap(). + # If it cannot be intercepted within 0.1s, assume that attaching strace + # wasn't fast enough or xwud doesn't call munmap() anymore. In either + # case fall back to search the window by class name, assuming there can + # be only one per display. + wait_for_screenshot() { + if ! \ + ${pkgs.coreutils}/bin/timeout 0.1 \ + ${pkgs.strace}/bin/strace -p "$1" -e munmap 2>&1 | + read -r _ + then + until ${pkgs.xdotool}/bin/xdotool search \ + --classname ${lib.shell.escape cfg.xwud.className} + do + ${pkgs.coreutils}/bin/sleep 0.1 + done + fi + } + + display_screenshot + + ${lib.optionalString (cfg.display != null) /* sh */ '' + if test "$DISPLAY" != ${lib.shell.escape cfg.display}; then + export DISPLAY=${lib.shell.escape cfg.display} + display_screenshot + fi + ''} + exec 3<&0 4>&1 5>&2 - export DISPLAY=${lib.shell.escape cfg.display} - exec ${pkgs.rxvt_unicode}/bin/urxvt \ + ${pkgs.rxvt_unicode}/bin/urxvt \ -name ${lib.shell.escape cfg.appName} \ -e ${pkgs.writeDash "pinentry-urxvt-tty" '' set -efu diff --git a/tv/5pkgs/simple/pinentry-urxvt/lib b/tv/5pkgs/simple/pinentry-urxvt/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/simple/pinentry-urxvt/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix index e17282e17..2ae71db52 100644 --- a/tv/5pkgs/simple/q/default.nix +++ b/tv/5pkgs/simple/q/default.nix @@ -1,5 +1,5 @@ -{ pkgs, ... }: -with import <stockholm/lib>; +with import ./lib; +{ pkgs }: let q-cal = let diff --git a/tv/5pkgs/simple/q/lib b/tv/5pkgs/simple/q/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/simple/q/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/vim/default.nix b/tv/5pkgs/vim/default.nix index 5582be3fd..c143592ad 100644 --- a/tv/5pkgs/vim/default.nix +++ b/tv/5pkgs/vim/default.nix @@ -1,7 +1,11 @@ -with import <stockholm/lib>; +with import ./lib; self: super: { tv = super.tv // { + vim = { + makePlugin = outPath: outPath // { inherit outPath; }; + makeRuntimePath = concatMapStringsSep "," (getAttr "outPath"); + }; vimPlugins = mapNixDir (path: self.callPackage path {}) ./.; }; } diff --git a/tv/5pkgs/vim/hack.nix b/tv/5pkgs/vim/hack.nix index 2145cc166..922d85ba2 100644 --- a/tv/5pkgs/vim/hack.nix +++ b/tv/5pkgs/vim/hack.nix @@ -1,7 +1,7 @@ -with import <stockholm/lib>; +with import ./lib; { pkgs }: -(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let +pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let name = "hack"; in { name = "vim-color-${name}-1.0.2"; diff --git a/tv/5pkgs/vim/lib b/tv/5pkgs/vim/lib new file mode 120000 index 000000000..dc598c56d --- /dev/null +++ b/tv/5pkgs/vim/lib @@ -0,0 +1 @@ +../lib
\ No newline at end of file diff --git a/tv/5pkgs/vim/nix.nix b/tv/5pkgs/vim/nix.nix index 6715af737..43caf46c2 100644 --- a/tv/5pkgs/vim/nix.nix +++ b/tv/5pkgs/vim/nix.nix @@ -1,7 +1,7 @@ -with import <stockholm/lib>; +with import ./lib; { pkgs }: -(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" { +pkgs.tv.vim.makePlugin (pkgs.write "vim-syntax-nix-nested" { "/syntax/haskell.vim".text = '' syn region String start=+\[[[:alnum:]]*|+ end=+|]+ diff --git a/tv/5pkgs/vim/showsyntax.nix b/tv/5pkgs/vim/showsyntax.nix index a5547e46a..c27dd0447 100644 --- a/tv/5pkgs/vim/showsyntax.nix +++ b/tv/5pkgs/vim/showsyntax.nix @@ -1,6 +1,6 @@ { pkgs }: -(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let +pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let name = "showsyntax"; in { name = "vim-plugin-${name}-1.0.0"; diff --git a/tv/5pkgs/vim/tv.nix b/tv/5pkgs/vim/tv.nix index ae6245b87..dee6b2df8 100644 --- a/tv/5pkgs/vim/tv.nix +++ b/tv/5pkgs/vim/tv.nix @@ -1,6 +1,6 @@ { pkgs }: -(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { +pkgs.tv.vim.makePlugin (pkgs.write "vim-tv" { # # Haskell # diff --git a/tv/5pkgs/vim/vim.nix b/tv/5pkgs/vim/vim.nix index 216ab6abb..c5693a243 100644 --- a/tv/5pkgs/vim/vim.nix +++ b/tv/5pkgs/vim/vim.nix @@ -1,7 +1,7 @@ -with import <stockholm/lib>; +with import ./lib; { pkgs }: -(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let +pkgs.tv.vim.makePlugin (pkgs.writeTextFile (let name = "vim"; in { name = "vim-syntax-${name}-1.0.0"; @@ -0,0 +1 @@ +../lib
\ No newline at end of file |