diff options
42 files changed, 265 insertions, 1348 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index aa06a883d..f3180722d 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -102,7 +102,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./nin { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } { krebs = import ./external/mic92.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix deleted file mode 100644 index 1531a2c89..000000000 --- a/krebs/3modules/nin/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, ... }: - -with import <stockholm/lib>; - -{ - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.nin; - ci = true; - }) { - hiawatha = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.132.96"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; - aliases = [ - "hiawatha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o - Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB - iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E - UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr - lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ - yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; - }; - axon= { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.134.66"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; - aliases = [ - "axon.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo - glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj - KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH - L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j - VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY - PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN - X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh - m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp - OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT - LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H - /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK - MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w - 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm - ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 - 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF - 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt - 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj - FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl - buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p - hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG - yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi - ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; - }; - onondaga = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.132.55"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; - aliases = [ - "onondaga.r" - "cgit.onondaga.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR - OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu - htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH - xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO - kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn - hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; - }; - - }; - users = { - nin = { - mail = "nin@axon.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; - }; - nin_h = { - mail = "nin@hiawatha.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; - }; - }; -} diff --git a/krebs/5pkgs/simple/go-shortener/node-packages.nix b/krebs/5pkgs/simple/go-shortener/node-packages.nix index 526cd5a11..613e31ba0 100644 --- a/krebs/5pkgs/simple/go-shortener/node-packages.nix +++ b/krebs/5pkgs/simple/go-shortener/node-packages.nix @@ -1,34 +1,43 @@ -# This file has been generated by node2nix 1.5.3. Do not edit! +# This file has been generated by node2nix 1.7.0. Do not edit! {nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}: let sources = { - "double-ended-queue-2.1.0-0" = { - name = "double-ended-queue"; - packageName = "double-ended-queue"; - version = "2.1.0-0"; + "denque-1.4.1" = { + name = "denque"; + packageName = "denque"; + version = "1.4.1"; src = fetchurl { - url = "https://registry.npmjs.org/double-ended-queue/-/double-ended-queue-2.1.0-0.tgz"; - sha1 = "103d3527fd31528f40188130c841efdd78264e5c"; + url = "https://registry.npmjs.org/denque/-/denque-1.4.1.tgz"; + sha512 = "OfzPuSZKGcgr96rf1oODnfjqBFmr1DVoc/TrItj3Ohe0Ah1C5WX5Baquw/9U9KovnQ88EqmJbD66rKYUQYN1tQ=="; }; }; - "redis-commands-1.3.5" = { + "redis-commands-1.5.0" = { name = "redis-commands"; packageName = "redis-commands"; - version = "1.3.5"; + version = "1.5.0"; src = fetchurl { - url = "https://registry.npmjs.org/redis-commands/-/redis-commands-1.3.5.tgz"; - sha512 = "2q8pai3gf0dczb03jjig3mpaz4j2kvw8icpgf8hp4fryr3d6c0mjkvxxdmlyhainybx4zhgqsw9ghc9p986alzdzd2n2p4cxvr8b0by"; + url = "https://registry.npmjs.org/redis-commands/-/redis-commands-1.5.0.tgz"; + sha512 = "6KxamqpZ468MeQC3bkWmCB1fp56XL64D4Kf0zJSwDZbVLLm7KFkoIcHrgRvQ+sk8dnhySs7+yBg94yIkAK7aJg=="; }; }; - "redis-parser-2.6.0" = { + "redis-errors-1.2.0" = { + name = "redis-errors"; + packageName = "redis-errors"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz"; + sha1 = "eb62d2adb15e4eaf4610c04afe1529384250abad"; + }; + }; + "redis-parser-3.0.0" = { name = "redis-parser"; packageName = "redis-parser"; - version = "2.6.0"; + version = "3.0.0"; src = fetchurl { - url = "https://registry.npmjs.org/redis-parser/-/redis-parser-2.6.0.tgz"; - sha1 = "52ed09dacac108f1a631c07e9b69941e7a19504b"; + url = "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz"; + sha1 = "b66d828cdcafe6b4b8a428a7def4c6bcac31c8b4"; }; }; }; @@ -37,40 +46,43 @@ in formidable = nodeEnv.buildNodePackage { name = "formidable"; packageName = "formidable"; - version = "1.2.1"; + version = "1.2.2"; src = fetchurl { - url = "https://registry.npmjs.org/formidable/-/formidable-1.2.1.tgz"; - sha512 = "1x0n2rfaiasdjbw1mm7s29z84f68c7iji7lb1gkxvpknvv6q7bwns7z55ijcf4vkh4kvis12rbgaaih49jf9lj53s30mllb1d35bkqn"; + url = "https://registry.npmjs.org/formidable/-/formidable-1.2.2.tgz"; + sha512 = "V8gLm+41I/8kguQ4/o1D3RIHRmhYFG4pnNyonvua+40rqcEmT4+V71yaZ3B457xbbgCsCfjSPi65u/W6vK1U5Q=="; }; buildInputs = globalBuildInputs; meta = { description = "A node.js module for parsing form data, especially file uploads."; - homepage = https://github.com/felixge/node-formidable; + homepage = https://github.com/node-formidable/formidable; license = "MIT"; }; production = true; bypassCache = true; + reconstructLock = true; }; redis = nodeEnv.buildNodePackage { name = "redis"; packageName = "redis"; - version = "2.8.0"; + version = "3.0.2"; src = fetchurl { - url = "https://registry.npmjs.org/redis/-/redis-2.8.0.tgz"; - sha512 = "3a3044ax6qdvss83xgjfx10h5q91ls0mwgs3wpsnxcdsiipq3cnmqzsh6glyq0r7vsmpw49jp84c2jnfrhi2bgycrkd9hhhf6ia8lrk"; + url = "https://registry.npmjs.org/redis/-/redis-3.0.2.tgz"; + sha512 = "PNhLCrjU6vKVuMOyFu7oSP296mwBkcE6lrAjruBYG5LgdSqtRBoVQIylrMyVZD/lkF24RSNNatzvYag6HRBHjQ=="; }; dependencies = [ - sources."double-ended-queue-2.1.0-0" - sources."redis-commands-1.3.5" - sources."redis-parser-2.6.0" + sources."denque-1.4.1" + sources."redis-commands-1.5.0" + sources."redis-errors-1.2.0" + sources."redis-parser-3.0.0" ]; buildInputs = globalBuildInputs; meta = { - description = "Redis client library"; - homepage = https://github.com/NodeRedis/node_redis; + description = "A high performance Redis client."; + homepage = https://github.com/NodeRedis/node-redis; license = "MIT"; }; production = true; bypassCache = true; + reconstructLock = true; }; }
\ No newline at end of file diff --git a/krebs/5pkgs/simple/go-shortener/update.sh b/krebs/5pkgs/simple/go-shortener/update.sh index 0c1ecc58c..1a58d0367 100755 --- a/krebs/5pkgs/simple/go-shortener/update.sh +++ b/krebs/5pkgs/simple/go-shortener/update.sh @@ -1,2 +1,4 @@ -node2nix -8 -i pkgs.json -c combine.nix +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nodePackages_10_x.node2nix +node2nix -10 -i pkgs.json -c combine.nix rm node-env.nix combine.nix diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 3a8998e48..3c4afe8bb 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "b67bc34d4e3de1e89b8bb7cd6e375ba44f1ae8ca", - "date": "2020-04-15T22:11:06+01:00", - "sha256": "1q9a64bl5afflgpa2iaw1q7z7s08c8xq9w6lndlnc5c3siajrp8v", + "rev": "5272327b81ed355bbed5659b8d303cf2979b6953", + "date": "2020-04-20T11:58:47-04:00", + "sha256": "0182ys095dfx02vl2a20j1hz92dx3mfgz2a6fhn31bqlp1wa8hlq", "fetchSubmodules": false } diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 9b5d7ccd8..bb4b54793 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs-channels \ - --rev refs/heads/nixos-19.09' \ + --rev refs/heads/nixos-20.03' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d8bb14d0a..f1f14e791 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -65,13 +65,6 @@ with import <stockholm/lib>; config.krebs.users.makefu.pubkey ]; }; - users.users.nin = { - uid = genid "nin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; users.extraUsers.dritter = { uid = genid_uint31 "dritter"; isNormalUser = true; @@ -123,26 +116,6 @@ with import <stockholm/lib>; localAddress = "10.233.2.2"; }; } - { - #onondaga - systemd.services."container@onondaga".reloadIfChanged = mkForce false; - containers.onondaga = { - config = { ... }: { - imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.5"; - localAddress = "10.233.2.6"; - }; - } <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/ts3.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix index 3eddcfc52..b50dc63f5 100644 --- a/lass/1systems/uriel/config.nix +++ b/lass/1systems/uriel/config.nix @@ -12,6 +12,7 @@ with import <stockholm/lib>; i18n.defaultLocale ="de_DE.UTF-8"; time.timeZone = "Europe/Berlin"; services.xserver.enable = true; + services.xserver.libinput.enable = false; users.users.locke = { uid = genid "locke"; home = "/home/locke"; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 901fecfb2..baeac213b 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -13,6 +13,8 @@ in { ]; security.acme = { + email = "acme@lassul.us"; + acceptTerms = true; certs."lassul.us" = { allowKeysForGroup = true; group = "lasscert"; @@ -72,11 +74,6 @@ in { security.acme.certs."cgit.lassul.us" = { email = "lassulus@lassul.us"; webroot = "/var/lib/acme/acme-challenge"; - plugins = [ - "account_key.json" - "fullchain.pem" - "key.pem" - ]; group = "nginx"; user = "nginx"; }; diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index f9d73c139..e1c45598f 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -56,7 +56,7 @@ instance UrgencyHook LibNotifyUrgencyHook where safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx] myTerm :: FilePath -myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc" +myTerm = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtc" myFont :: String myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1" diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/makefu/0tests/data/secrets/ebk-notify.yml index e69de29bb..e69de29bb 100644 --- a/nin/0tests/dummysecrets/ssh.id_ed25519 +++ b/makefu/0tests/data/secrets/ebk-notify.yml diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 8603d7696..7f7330ea6 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -137,6 +137,7 @@ in { <stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix> <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix> + <stockholm/makefu/2configs/deployment/feed.euer.krebsco.de> <stockholm/makefu/2configs/deployment/boot-euer.nix> <stockholm/makefu/2configs/deployment/gecloudpad> <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix> diff --git a/makefu/2configs/deployment/feed.euer.krebsco.de/default.nix b/makefu/2configs/deployment/feed.euer.krebsco.de/default.nix new file mode 100644 index 000000000..de072092b --- /dev/null +++ b/makefu/2configs/deployment/feed.euer.krebsco.de/default.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: +let + filter-file = ./filter.yml; + pkg = with pkgs.python3Packages;buildPythonPackage rec { + version = "d16ce227dc68c9f60f6dd06e6835bab7cdfdf61b"; + pname = "ebk-notify"; + propagatedBuildInputs = [ + docopt + pyyaml + requests + beautifulsoup4 + dateutil + feedgen + ]; + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/ebk-notify"; + rev = version; + sha256 = "15dlhp17alm01fw7mzdyh2z9zwz8psrs489lxs3hgg1p5wa0kzsp"; + }; + }; + domain = "feed.euer.krebsco.de"; + path = "/var/www/feed.euer.krebsco.de"; +in +{ + systemd.tmpfiles.rules = [ + "d ${path} nginx nogroup - -" + ]; + krebs.secret.files.ebknotify = { + path = "/etc/ebk-notify.yml"; + owner.name = "nginx"; + source-path = "${<secrets/ebk-notify.yml>}"; + }; + systemd.services.ebk-notify = { + startAt = "*:0/10"; + serviceConfig = { + User = "nginx"; # TODO better permission setting + # PrivateTmp = true; + ExecStart = "${pkg}/bin/ebk-notify --atom --outdir ${path} --config /etc/ebk-notify.yml --cache /tmp/ebk-cache.json --filter ${filter-file} --wait 30"; + }; + }; + systemd.timers.ebk-notify.timerConfig.RandomizedDelaySec = "120"; + services.nginx = { + virtualHosts."${domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + root = path; + index = "root.atom"; + }; + }; + }; +} diff --git a/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml b/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml new file mode 100644 index 000000000..50058f32b --- /dev/null +++ b/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml @@ -0,0 +1,44 @@ +- name: Free Stuff by Category + zipcode: 70378 + distance: 2 + categoryId: 192 +- name: Kies + zipcode: 70378 + q: grobkies + distance: 2 +- name: pflanzkübel + zipcode: 70378 + q: Pflanzkübel + distance: 3 +- name: Ikea Samla + zipcode: 70378 + q: samla + distance: 5 +- name: Duplo + zipcode: 70378 + q: Duplo + distance: 10 +- name: Baby Gummistiefel + zipcode: 70378 + q: Gummistiefel + distance: 5 +- name: Werkbank + zipcode: 70378 + q: Werkbank + distance: 5 +- name: Stirnthermometer + zipcode: 70378 + q: Stirnthermometer + distance: 5 +- name: Ohrthermometer + zipcode: 70378 + q: Ohrthermometer + distance: 5 +- name: Fieberthermometer + zipcode: 70378 + q: Fieberthermometer + distance: 5 +- name: Einhell + zipcode: 70378 + q: Einhell + distance: 5 diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 2a6e41ad8..639994674 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -18,6 +18,7 @@ let yacos-backend = { cgit.desc = "Yet Another Check-Out System"; }; + ebk-notify.cgit.desc = "Ebay Kleinanzeigen Notify"; }; krebs-repos = mapAttrs make-krebs-repo { diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index 5b46c7e2d..854fbfa52 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -32,8 +32,11 @@ in default = "awesome"; }; - displayManager.auto.enable = true; - displayManager.auto.user = mainUser; + displayManager.lightdm = { + enable = true; + autoLogin.enable = true; + autoLogin.user = mainUser; + }; desktopManager.xterm.enable = false; }; environment.systemPackages = [ pkgs.gnome3.defaultIconTheme ]; @@ -43,10 +46,9 @@ in i18n.consoleFont = "Lat2-Terminus16"; fonts = { - enableCoreFonts = true; enableFontDir = true; enableGhostscriptFonts = true; - fonts = [ pkgs.terminus_font ]; + fonts = [ pkgs.terminus_font pkgs.corefonts ]; }; users.users.${mainUser} = { diff --git a/makefu/2configs/ham/androidtv/adbshell.nix b/makefu/2configs/ham/androidtv/adbshell.nix index f5b96c859..0fadeeb05 100644 --- a/makefu/2configs/ham/androidtv/adbshell.nix +++ b/makefu/2configs/ham/androidtv/adbshell.nix @@ -9,11 +9,11 @@ buildPythonPackage rec { pname = "adb_shell"; - version = "0.0.8"; + version = "0.1.1"; src = fetchPypi { inherit pname version; - sha256 = "01f9jinhfyjldg9793gz2i7gcd9xyx0a62r7a5ijssklcnn2rwnm"; + sha256 = "0a4mjrnw2lrhsakb1vjb5l6m3cr1ii7fibs7020nwv08cyx6pq6q"; }; propagatedBuildInputs = [ diff --git a/makefu/2configs/ham/androidtv/default.nix b/makefu/2configs/ham/androidtv/default.nix index 8f3bdc1f3..b7d397db4 100644 --- a/makefu/2configs/ham/androidtv/default.nix +++ b/makefu/2configs/ham/androidtv/default.nix @@ -6,11 +6,11 @@ buildPythonPackage rec { pname = "androidtv"; - version = "0.0.34"; + version = "0.0.38"; src = fetchPypi { inherit pname version; - sha256 = "13078i2a9hglpv4ldycph5n5485np21vs6z2qn830hybmx8kfxsw"; + sha256 = "0ri1fnc63zashc667w2mlpb0c7ri3x6wnhnf54klb89v73pdnb8k"; }; propagatedBuildInputs = [ diff --git a/makefu/2configs/ham/androidtv/purepythonadb.nix b/makefu/2configs/ham/androidtv/purepythonadb.nix index d4e763b70..c9b1ff5e8 100644 --- a/makefu/2configs/ham/androidtv/purepythonadb.nix +++ b/makefu/2configs/ham/androidtv/purepythonadb.nix @@ -5,11 +5,11 @@ buildPythonPackage rec { pname = "pure-python-adb"; - version = "0.2.3.dev0"; + version = "0.2.2.dev0"; src = fetchPypi { inherit pname version; - sha256 = "88e5a4578435197799aa368fb1a5d87fe43e02a888cb7e85c2ad66173b383c89"; + sha256 = "1xigv6c8xyb4g852nr3smz0137rnp81jvlikza071y7rc6pdzwza"; }; meta = with lib; { @@ -18,4 +18,4 @@ buildPythonPackage rec { license = licenses.mit; # maintainers = [ maintainers. ]; }; -}
\ No newline at end of file +} diff --git a/makefu/2configs/ham/default.nix b/makefu/2configs/ham/default.nix index 53723299c..ddcf65b5a 100644 --- a/makefu/2configs/ham/default.nix +++ b/makefu/2configs/ham/default.nix @@ -14,6 +14,7 @@ let #flurlicht = import ./multi/flurlicht.nix; kurzzeitwecker = import ./multi/kurzzeitwecker.nix; firetv_restart = import ./multi/firetv_restart.nix; + the_playlist = import ./multi/the_playlist.nix; # switch # automation # binary_sensor @@ -49,6 +50,8 @@ in { logger = { default = "info"; }; + rest_command = {} + // the_playlist.rest_command; tts = [ { platform = "google_translate"; language = "de"; @@ -131,6 +134,7 @@ in { # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ ] ++ ((import ./sensor/outside.nix) {inherit lib;}) + ++ the_playlist.sensor ++ zigbee.sensor ; frontend = { }; # light = flurlicht.light; @@ -140,6 +144,7 @@ in { ++ (import ./automation/firetv_restart.nix) ++ kurzzeitwecker.automation #++ flurlicht.automation + ++ the_playlist.automation ++ zigbee.automation; script = { } diff --git a/makefu/2configs/ham/multi/the_playlist.nix b/makefu/2configs/ham/multi/the_playlist.nix new file mode 100644 index 000000000..ad090938c --- /dev/null +++ b/makefu/2configs/ham/multi/the_playlist.nix @@ -0,0 +1,83 @@ +# Inputs: +# binary_sensor.playlist_button_good +# binary_sensor.playlist_button_bad + +# outputs +# rest_command +# automation +# sensor +{ + rest_command = { + good_song = { + url = "http://prism.r:8001/good"; + method = "POST"; + }; + bad_song = { + url = "http://prism.r:8001/skip"; + method = "POST"; + }; + }; + automation = [ + { + alias = "playlist song publish"; + trigger = { + #platform = "event"; + #event_data.entity_id = "sensor.the_playlist_song"; + platform = "state"; + entity_id = "sensor.the_playlist_song"; + }; + action = { + service = "mqtt.publish"; + data = { + topic = "/ham/the_playlist/song"; + payload_template = "{{ states.sensor.the_playlist_song.state }}"; + }; + }; + } + { + alias = "playlist upvote on button"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.playlist_button_good"; + from = "off"; + to = "on"; + }; + action.service = "rest_command.good_song"; + } + { + alias = "playlist downvote on button"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.playlist_button_bad"; + from = "off"; + to = "on"; + }; + action.service = "rest_command.bad_song"; + } + ]; + sensor = [ + { platform = "rest"; + name = "pl"; + resource = "http://prism.r:8001/current"; + scan_interval = 30; + value_template = "1"; + json_attributes = [ "name" "filename" "youtube" ]; + } + { platform = "template"; + sensors = { + the_playlist_song = { + friendly_name = "Current Song"; + value_template = ''{{ states.sensor.pl.attributes['name'] }}''; + }; + the_playlist_url = { + friendly_name = "Song Youtube URL"; + value_template = ''{{ states.sensor.pl.attributes['youtube'] }}''; + }; + the_playlist_filename = { + friendly_name = "Song Filename"; + value_template = ''{{ states.sensor.pl.attributes['filename'] }}''; + }; + }; + } + ]; +} diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 4cd9becc7..0dc7f256b 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -8,7 +8,7 @@ { # bat home-manager.users.makefu.home.packages = [ pkgs.bat ]; home-manager.users.makefu.programs.zsh.shellAliases = { - cat = "bat"; + cat = "bat --style=header,snip"; catn = "${pkgs.coreutils}/bin/cat"; ncat = "${pkgs.coreutils}/bin/cat"; }; diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix index 891144957..65cf836c4 100644 --- a/makefu/2configs/nur.nix +++ b/makefu/2configs/nur.nix @@ -1,8 +1,8 @@ { pkgs, ... }:{ nixpkgs.config.packageOverrides = pkgs: { nur = import (builtins.fetchTarball { - url = "https://github.com/nix-community/NUR/archive/7bfd0117b359d0f72d086ff7e1f0ba3aeaf8d91e.tar.gz"; - sha256 = "0gb2np1r2m9kkz1s374gxdqrwhkzx48iircy00y6mjr7h14rhyxk"; + url = "https://github.com/nix-community/NUR/archive/b7f7e072b3fa56aa0d86dfe3689cb13f0615bbbe.tar.gz"; + sha256 = "0slxxg3r460aa1rc83j0rklmr0i1hyzfbjy0kn30fyh1l3lqb22m"; } ){ inherit pkgs; diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index ed5066787..929e5c601 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -42,6 +42,18 @@ in { browseable = "yes"; "guest ok" = "yes"; }; + anime = { + path = "/media/cryptX/anime"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + serien = { + path = "/media/cryptX/series"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; crypX-games = { path = "/media/cryptX/games"; "read only" = "yes"; diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 43892ed2c..f184b5be5 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -21,6 +21,7 @@ brain whatsupnix nixpkgs-pytools + hydra-check # git-related git-preview tig diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix deleted file mode 100644 index 0967ef424..000000000 --- a/nin/0tests/dummysecrets/hashedPasswords.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix deleted file mode 100644 index 5e81afdbd..000000000 --- a/nin/1systems/axon/config.nix +++ /dev/null @@ -1,132 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - <stockholm/nin> - <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - #../2configs/copyq.nix - <stockholm/nin/2configs/ableton.nix> - <stockholm/nin/2configs/games.nix> - <stockholm/nin/2configs/git.nix> - <stockholm/nin/2configs/retiolum.nix> - <stockholm/nin/2configs/termite.nix> - ]; - - krebs.build.host = config.krebs.hosts.axon; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/pool/root"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices.crypted.device = "/dev/sda2"; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver = { - enable = true; - - displayManager.lightdm.enable = true; - }; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - atom - chromium - firefox - git - htop - keepassx - lmms - networkmanagerapplet - openvpn - python - ruby - steam - taskwarrior - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xhost}/bin/xhost + local: - ''; - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix deleted file mode 100644 index a09eed958..000000000 --- a/nin/1systems/hiawatha/config.nix +++ /dev/null @@ -1,126 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - <stockholm/nin> - <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - #../2configs/copyq.nix - <stockholm/nin/2configs/games.nix> - <stockholm/nin/2configs/git.nix> - <stockholm/nin/2configs/retiolum.nix> - <stockholm/nin/2configs/termite.nix> - ]; - - krebs.build.host = config.krebs.hosts.hiawatha; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/home" = - { device = "/dev/fam/home"; - }; - - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - fileSystems."/home/nin/.local/share/Steam" = { - device = "/dev/fam/steam"; - }; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - firefox - git - lmms - networkmanagerapplet - python - steam - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix deleted file mode 100644 index 3cd0773ae..000000000 --- a/nin/1systems/onondaga/config.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -{ - imports = [ - <stockholm/nin> - <stockholm/nin/2configs/retiolum.nix> - <stockholm/nin/2configs/weechat.nix> - <stockholm/nin/2configs/git.nix> - ]; - - krebs.build.host = config.krebs.hosts.onondaga; - - boot.isContainer = true; - networking.useDHCP = false; - - time.timeZone = "Europe/Amsterdam"; - - services.openssh.enable = true; -} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix deleted file mode 100644 index 343a9089d..000000000 --- a/nin/2configs/ableton.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, ... }: let - mainUser = config.users.extraUsers.nin; -in { - users.users= { - ableton = { - isNormalUser = true; - extraGroups = [ - "audio" - "video" - ]; - packages = [ - pkgs.wine - pkgs.winetricks - ]; - }; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(ableton) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix deleted file mode 100644 index 0616c4025..000000000 --- a/nin/2configs/copyq.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -let - copyqConfig = pkgs.writeDash "copyq-config" '' - ${pkgs.copyq}/bin/copyq config check_clipboard true - ${pkgs.copyq}/bin/copyq config check_selection true - ${pkgs.copyq}/bin/copyq config copy_clipboard true - ${pkgs.copyq}/bin/copyq config copy_selection true - - ${pkgs.copyq}/bin/copyq config activate_closes true - ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 - ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard - ${pkgs.copyq}/bin/copyq config disable_tray true - ${pkgs.copyq}/bin/copyq config hide_tabs true - ${pkgs.copyq}/bin/copyq config hide_toolbar true - ${pkgs.copyq}/bin/copyq config item_popup_interval true - ${pkgs.copyq}/bin/copyq config maxitems 1000 - ${pkgs.copyq}/bin/copyq config move true - ${pkgs.copyq}/bin/copyq config text_wrap true - ''; -in { - systemd.user.services.copyq = { - after = [ "graphical.target" ]; - wants = [ "graphical.target" ]; - wantedBy = [ "default.target" ]; - environment = { - DISPLAY = ":0"; - }; - serviceConfig = { - SyslogIdentifier = "copyq"; - ExecStart = "${pkgs.copyq}/bin/copyq"; - ExecStartPost = copyqConfig; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - }; - }; -} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix deleted file mode 100644 index 250383ca8..000000000 --- a/nin/2configs/default.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -{ - imports = [ - ../2configs/vim.nix - <stockholm/krebs/2configs/binary-cache/nixos.nix> - <stockholm/krebs/2configs/binary-cache/prism.nix> - { - users.extraUsers = - mapAttrs (_: h: { hashedPassword = h; }) - (import <secrets/hashedPasswords.nix>); - } - { - users.users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - nin = { - name = "nin"; - uid = 1337; - home = "/home/nin"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "audio" - "fuse" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - }; - } - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { - environment.variables = { - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - }) - ]; - - networking.hostName = config.krebs.build.host.name; - nix.maxJobs = config.krebs.build.host.cores; - - krebs = { - enable = true; - dns.search-domain = "r"; - build = { - user = config.krebs.users.nin; - }; - }; - - nix.useSandbox = true; - - users.mutableUsers = false; - - services.timesyncd.enable = true; - - #why is this on in the first place? - services.nscd.enable = false; - - boot.tmpOnTmpfs = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - ''; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - gs = "git status"; - }; - - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - proot - pavucontrol - populate - p7zip - termite - unzip - unrar - hashPassword - ]; - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' - else - PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - krebs.iptables = { - enable = true; - tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; - }; - - networking.dhcpcd.extraConfig = '' - noipv4ll - ''; -} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix deleted file mode 100644 index 15e17238d..000000000 --- a/nin/2configs/games.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; - vdoom = pkgs.writeDash "vdoom" '' - ${pkgs.zandronum}/bin/zandronum \ - -fov 120 \ - "$@" - ''; - doom = pkgs.writeDash "doom" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ - "$@" - ''; - doom1 = pkgs.writeDashBin "doom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - doom2 = pkgs.writeDashBin "doom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - vdoom1 = pkgs.writeDashBin "vdoom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - vdoom2 = pkgs.writeDashBin "vdoom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - - doomservercfg = pkgs.writeText "doomserver.cfg" '' - skill 7 - #survival true - #sv_maxlives 4 - #sv_norespawn true - #sv_weapondrop true - no_jump true - #sv_noweaponspawn true - sv_sharekeys true - sv_survivalcountdowntime 1 - sv_noteamselect true - sv_updatemaster false - #sv_coop_loseinventory true - #cl_startasspectator false - #lms_spectatorview false - ''; - - vdoomserver = pkgs.writeDashBin "vdoomserver" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - - ${pkgs.zandronum}/bin/zandronum-server \ - +exec ${doomservercfg} \ - "$@" - ''; - -in { - environment.systemPackages = with pkgs; [ - dwarf_fortress - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - - hardware.pulseaudio.support32Bit = true; - -} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix deleted file mode 100644 index aed4a9f48..000000000 --- a/nin/2configs/git.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - - out = { - services.nginx.enable = true; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = public-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - stockholm = { - cgit.desc = "take all the computers hostage, they'll love you!"; - }; - }; - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = [ nin nin_h ]; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix deleted file mode 100644 index b078dbd53..000000000 --- a/nin/2configs/im.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; -{ - environment.systemPackages = with pkgs; [ - (pkgs.writeDashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - ssh chat@onondaga - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - ]; -} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix deleted file mode 100644 index 821e3cc00..000000000 --- a/nin/2configs/retiolum.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: - -{ - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } - ]; - }; - }; - - krebs.tinc.retiolum = { - enable = true; - connectTo = [ - "prism" - "pigstarter" - "gum" - "flap" - ]; - }; - - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; -} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix deleted file mode 100644 index 621dfae82..000000000 --- a/nin/2configs/skype.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - mainUser = config.users.extraUsers.nin; - inherit (import <stockholm/lib>) genid; - -in { - users.extraUsers = { - skype = { - name = "skype"; - uid = genid "skype"; - description = "user for running skype"; - home = "/home/skype"; - useDefaultShell = true; - extraGroups = [ "audio" "video" ]; - createHome = true; - }; - }; - - krebs.per-user.skype.packages = [ - pkgs.skype - ]; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(skype) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix deleted file mode 100644 index 942446b01..000000000 --- a/nin/2configs/termite.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = [ - pkgs.termite - ]; - - krebs.per-user.nin.packages = let - termitecfg = pkgs.writeTextFile { - name = "termite-config"; - destination = "/etc/xdg/termite/config"; - text = '' - [colors] - foreground = #d0d7d0 - background = #000000 - ''; - }; - in [ - termitecfg - ]; - -} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix deleted file mode 100644 index 7b5d37611..000000000 --- a/nin/2configs/vim.nix +++ /dev/null @@ -1,355 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - out = { - environment.systemPackages = [ - vim - pkgs.pythonPackages.flake8 - ]; - - environment.etc.vimrc.source = vimrc; - - environment.variables.EDITOR = mkForce "vim"; - environment.variables.VIMINIT = ":so /etc/vimrc"; - }; - - vimrc = pkgs.writeText "vimrc" '' - set nocompatible - - set autoindent - set backspace=indent,eol,start - set backup - set backupdir=${dirs.backupdir}/ - set directory=${dirs.swapdir}// - set hlsearch - set incsearch - set laststatus=2 - set mouse=a - set noruler - set pastetoggle=<INS> - set runtimepath=${extra-runtimepath},$VIMRUNTIME - set shortmess+=I - set showcmd - set showmatch - set ttimeoutlen=0 - set undodir=${dirs.undodir} - set undofile - set undolevels=1000000 - set undoreload=1000000 - set viminfo='20,<1000,s100,h,n${files.viminfo} - set visualbell - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - set wildmode=longest,full - - set et ts=2 sts=2 sw=2 - - filetype plugin indent on - - set t_Co=256 - colorscheme hack - syntax on - - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - \ | syn match TabStop containedin=ALL /\t\+/ - \ | syn keyword Todo containedin=ALL TODO - - au BufRead,BufNewFile *.hs so ${hs.vim} - - au BufRead,BufNewFile *.nix so ${nix.vim} - - au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - - "Syntastic config - let g:syntastic_python_checkers=['flake8'] - - nmap <esc>q :buffer - nmap <M-q> :buffer - - cnoremap <C-A> <Home> - - noremap <C-c> :q<cr> - vnoremap < <gv - vnoremap > >gv - - nnoremap <esc>[5^ :tabp<cr> - nnoremap <esc>[6^ :tabn<cr> - nnoremap <esc>[5@ :tabm -1<cr> - nnoremap <esc>[6@ :tabm +1<cr> - - nnoremap <f1> :tabp<cr> - nnoremap <f2> :tabn<cr> - inoremap <f1> <esc>:tabp<cr> - inoremap <f2> <esc>:tabn<cr> - - " <C-{Up,Down,Right,Left> - noremap <esc>Oa <nop> | noremap! <esc>Oa <nop> - noremap <esc>Ob <nop> | noremap! <esc>Ob <nop> - noremap <esc>Oc <nop> | noremap! <esc>Oc <nop> - noremap <esc>Od <nop> | noremap! <esc>Od <nop> - " <[C]S-{Up,Down,Right,Left> - noremap <esc>[a <nop> | noremap! <esc>[a <nop> - noremap <esc>[b <nop> | noremap! <esc>[b <nop> - noremap <esc>[c <nop> | noremap! <esc>[c <nop> - noremap <esc>[d <nop> | noremap! <esc>[d <nop> - vnoremap u <nop> - ''; - - extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - pkgs.vimPlugins.Syntastic - pkgs.vimPlugins.undotree - pkgs.vimPlugins.airline - (pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchgit { - url = git://github.com/bogado/file-line; - rev = "refs/tags/1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "hack"; - in { - name = "vim-color-${name}-1.0.2"; - destination = "/colors/${name}.vim"; - text = /* vim */ '' - set background=dark - hi clear - if exists("syntax_on") - syntax clear - endif - - let colors_name = ${toJSON name} - - hi Normal ctermbg=235 - hi Comment ctermfg=242 - hi Constant ctermfg=062 - hi Identifier ctermfg=068 - hi Function ctermfg=041 - hi Statement ctermfg=167 - hi PreProc ctermfg=167 - hi Type ctermfg=041 - hi Delimiter ctermfg=251 - hi Special ctermfg=062 - - hi Garbage ctermbg=088 - hi TabStop ctermbg=016 - hi Todo ctermfg=174 ctermbg=NONE - - hi NixCode ctermfg=148 - hi NixData ctermfg=149 - hi NixQuote ctermfg=150 - - hi diffNewFile ctermfg=207 - hi diffFile ctermfg=207 - hi diffLine ctermfg=207 - hi diffSubname ctermfg=207 - hi diffAdded ctermfg=010 - hi diffRemoved ctermfg=009 - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "vim"; - in { - name = "vim-syntax-${name}-1.0.0"; - destination = "/syntax/${name}.vim"; - text = /* vim */ '' - ${concatMapStringsSep "\n" (s: /* vim */ '' - syn keyword vimColor${s} ${s} - \ containedin=ALLBUT,vimComment,vimLineComment - hi vimColor${s} ctermfg=${s} - '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "showsyntax"; - in { - name = "vim-plugin-${name}-1.0.0"; - destination = "/plugin/${name}.vim"; - text = /* vim */ '' - if exists('g:loaded_showsyntax') - finish - endif - let g:loaded_showsyntax = 0 - - fu! ShowSyntax() - let id = synID(line("."), col("."), 1) - let name = synIDattr(id, "name") - let transName = synIDattr(synIDtrans(id),"name") - if name != transName - let name .= " (" . transName . ")" - endif - echo "Syntax: " . name - endfu - - command! -n=0 -bar ShowSyntax :call ShowSyntax() - ''; - }))) - ]; - - dirs = { - backupdir = "$HOME/.cache/vim/backup"; - swapdir = "$HOME/.cache/vim/swap"; - undodir = "$HOME/.cache/vim/undo"; - }; - files = { - viminfo = "$HOME/.cache/vim/info"; - }; - - mkdirs = let - dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); - in assert out != ""; out; - alldirs = attrValues dirs ++ map dirOf (attrValues files); - in unique (sort lessThan alldirs); - - vim = pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - exec ${pkgs.vim}/bin/vim "$@" - ''; - - - hs.vim = pkgs.writeText "hs.vim" '' - syn region String start=+\[[[:alnum:]]*|+ end=+|]+ - - hi link ConId Identifier - hi link VarId Identifier - hi link hsDelimiter Delimiter - ''; - - nix.vim = pkgs.writeText "nix.vim" '' - setf nix - - " Ref <nix/src/libexpr/lexer.l> - syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ - syn match NixINT /\<[0-9]\+\>/ - syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ - syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ - syn region NixSTRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - syn region NixIND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - - syn match NixOther /[():/;=.,?\[\]]/ - - syn match NixCommentMatch /\(^\|\s\)#.*/ - syn region NixCommentRegion start="/\*" end="\*/" - - hi link NixCode Statement - hi link NixData Constant - hi link NixComment Comment - - hi link NixCommentMatch NixComment - hi link NixCommentRegion NixComment - hi link NixID NixCode - hi link NixINT NixData - hi link NixPATH NixData - hi link NixHPATH NixData - hi link NixSPATH NixData - hi link NixURI NixData - hi link NixSTRING NixData - hi link NixIND_STRING NixData - - hi link NixEnter NixCode - hi link NixOther NixCode - hi link NixQuote NixData - - syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings - syn cluster nix_ind_strings contains=NixIND_STRING - syn cluster nix_strings contains=NixSTRING - - ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let - startAlts = filter isString [ - ''/\* ${lang} \*/'' - extraStart - ]; - sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; - in /* vim */ '' - syn include @nix_${lang}_syntax syntax/${lang}.vim - unlet b:current_syntax - - syn match nix_${lang}_sigil - \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X - \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING - \ transparent - - syn region nix_${lang}_region_STRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn region nix_${lang}_region_IND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn cluster nix_ind_strings - \ add=nix_${lang}_region_IND_STRING - - syn cluster nix_strings - \ add=nix_${lang}_region_STRING - - syn cluster nix_has_dollar_curly - \ add=@nix_${lang}_syntax - '') { - c = {}; - cabal = {}; - haskell = {}; - sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - vim.extraStart = - ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; - })} - - " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. - syn clear shVarAssign - - syn region nixINSIDE_DOLLAR_CURLY - \ matchgroup=NixEnter - \ start="[$]{" - \ end="}" - \ contains=TOP - \ containedin=@nix_has_dollar_curly - \ transparent - - syn region nix_inside_curly - \ matchgroup=NixEnter - \ start="{" - \ end="}" - \ contains=TOP - \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly - \ transparent - - syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /\\./he=s+1 - \ containedin=@nix_strings - \ contained - - syn sync fromstart - - let b:current_syntax = "nix" - - set isk=@,48-57,_,192-255,-,' - set bg=dark - ''; -in -out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix deleted file mode 100644 index 6c0fb313e..000000000 --- a/nin/2configs/weechat.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import <stockholm/lib>) genid; -in { - krebs.per-user.chat.packages = with pkgs; [ - mosh - weechat - tmux - ]; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; -} diff --git a/nin/default.nix b/nin/default.nix deleted file mode 100644 index c31d6d949..000000000 --- a/nin/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: -{ - imports = [ - ../krebs - ./2configs - ]; -} diff --git a/nin/krops.nix b/nin/krops.nix deleted file mode 100644 index 52aeb8470..000000000 --- a/nin/krops.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ name }: let - inherit (import ../krebs/krops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - (krebs-source { test = test; }) - { - nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; - secrets = if test then { - file = toString ./0tests/dummysecrets; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.krops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - target = "root@${name}/var/src"; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) - test = { target }: pkgs.krops.writeTest "${name}-test" { - inherit target; - source = source { test = true; }; - }; -} |