diff options
55 files changed, 379 insertions, 170 deletions
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 3780e0d7d..bb273652d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -22,8 +22,6 @@ with import <stockholm/lib>; pkgs.vaapiVdpau ]; - security.rngd.enable = mkDefault true; - services.xserver = { videoDriver = "intel"; }; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 2823aabef..14e0a3d7a 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -119,6 +119,7 @@ in { users.users.reaktor2 = { uid = genid_uint31 "reaktor2"; home = stateDir; + isSystemUser = true; }; krebs.reaktor2 = { diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index ffa9a29e9..051646b63 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -146,6 +146,7 @@ let uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; + isSystemUser = true; }; users.extraGroups.bepasty = { gid = genid_uint31 "bepasty"; diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 9b2ed4a71..7a78880ea 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -12,7 +12,7 @@ in { users.extraUsers.brockman = { home = "/var/lib/brockman"; createHome = true; - isNormalUser = false; + isSystemUser = true; uid = genid_uint31 "brockman"; }; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 8995753ac..a845bb281 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -322,6 +322,7 @@ let description = "Buildbot Master"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotMaster = { diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index c15169fba..d877b9911 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -131,6 +131,7 @@ let description = "Buildbot Slave"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotSlave = { diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 123bbac47..31cd9e2c3 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -589,6 +589,32 @@ in { }; }; }; + nxnv = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.127"; + aliases = [ + "nxnv.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB + ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt + NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp + wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt + 1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT + eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy + S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/ + 9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN + ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW + 45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila + jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e89b86e32..852c8f630 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -57,6 +57,7 @@ let description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; + isSystemUser = true; }; systemd.timers.fetchWallpaper = { diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 7d618ebfd..d385ec355 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -65,6 +65,7 @@ let users.users.${user.name} = { inherit (user) uid; home = cfg.dataDir; + isSystemUser = true; }; }; diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 390f7585f..41743612a 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -49,6 +49,7 @@ in { }; }; enklave = { + ci = false; nets = rec { internet = { ip4.addr = "88.198.164.182"; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 86b74a8ca..76f333963 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -60,6 +60,7 @@ let uid = genid "realwallpaper"; home = cfg.workingDir; createHome = true; + isSystemUser = true; }; }; diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 33a24871f..19cce8aa4 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -127,6 +127,7 @@ let users.extraUsers.tinc_graphs = { uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; + isSystemUser = true; }; services.nginx = mkIf cfg.nginx.enable { enable = mkDefault true; diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index c127d2987..49d6ff322 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -1,6 +1,6 @@ -{ pkgs, fetchFromGitHub, python2Packages, git, ... }: +{ pkgs, fetchFromGitHub, python3Packages, git, ... }: -python2Packages.buildPythonApplication rec { +python3Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; version = "0.8.18"; namePrefix = ""; @@ -15,11 +15,10 @@ python2Packages.buildPythonApplication rec { postUnpack = "sourceRoot=\${sourceRoot}/master"; propagatedBuildInputs = [ - python2Packages.jinja2 - python2Packages.twisted - python2Packages.dateutil - python2Packages.sqlalchemy_migrate - python2Packages.pysqlite + python3Packages.jinja2 + python3Packages.twisted + python3Packages.dateutil + python3Packages.sqlalchemy_migrate pkgs.coreutils ]; doCheck = false; diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 8728c0ae7..2fbc7ff86 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -9,8 +9,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' gnused file findutils - grib2json - imagemagick + imagemagick6 inkscape jq nomads-cloud diff --git a/krebs/5pkgs/simple/solanum/default.nix b/krebs/5pkgs/simple/solanum/default.nix deleted file mode 100644 index 3fa765c94..000000000 --- a/krebs/5pkgs/simple/solanum/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ lib, stdenv -, fetchFromGitHub -, autoreconfHook -, pkg-config -, bison -, flex -, openssl -, sqlite -, lksctp-tools -}: - -stdenv.mkDerivation rec { - pname = "solanum"; - version = "unstable-2021-04-27"; - - src = fetchFromGitHub { - owner = "solanum-ircd"; - repo = pname; - rev = "3ff5a12e75662e9a642f2a4364797bd361eb0925"; - sha256 = "14ywmfdv8cncbyg08y2qdis00kwg8lvhkcgj185is67smh0qf88f"; - }; - - patches = [ - ./dont-create-logdir.patch - ]; - - configureFlags = [ - "--enable-epoll" - "--enable-ipv6" - "--enable-openssl=${openssl.dev}" - "--with-program-prefix=solanum-" - "--localstatedir=/var/lib" - "--with-rundir=/run" - "--with-logdir=/var/log" - ] ++ lib.optionals (stdenv.isLinux) [ - "--enable-sctp=${lksctp-tools.out}/lib" - ]; - - nativeBuildInputs = [ - autoreconfHook - bison - flex - pkg-config - ]; - - buildInputs = [ - openssl - sqlite - ]; - - doCheck = !stdenv.isDarwin; - - enableParallelBuilding = true; - - meta = with lib; { - description = "An IRCd for unified networks"; - homepage = "https://github.com/solanum-ircd/solanum"; - license = licenses.gpl2Only; - maintainers = with maintainers; [ hexa ]; - platforms = platforms.unix; - }; -} diff --git a/krebs/5pkgs/simple/solanum/dont-create-logdir.patch b/krebs/5pkgs/simple/solanum/dont-create-logdir.patch deleted file mode 100644 index e348dd7b8..000000000 --- a/krebs/5pkgs/simple/solanum/dont-create-logdir.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index 19e7b396..21093521 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -35,9 +35,6 @@ include/serno.h: - echo '#define DATECODE 0UL' >>include/serno.h; \ - fi - --install-data-hook: -- test -d ${DESTDIR}${logdir} || mkdir -p ${DESTDIR}${logdir} -- - install-exec-hook: - rm -f ${DESTDIR}${libdir}/*.la - rm -f ${DESTDIR}${moduledir}/*.la diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index fe46ec022..aaf66e428 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "7a1fbc38a4b538450ac0d42aec8a3e513b4d723e", - "date": "2021-05-16T12:16:31+02:00", - "path": "/nix/store/iq2sy65gmwad2prm8lcdh6k5f7ywxci5-nixpkgs", - "sha256": "0jg8dilsw0gr4jfshkk3wd50gddd11hvd836fxkw43m6m47885p7", + "rev": "fbfb79400a08bf754e32b4d4fc3f7d8f8055cf94", + "date": "2021-06-06T04:54:09-03:00", + "path": "/nix/store/51dsmanfc179xy70kn2rl0qvg45cn6qr-nixpkgs", + "sha256": "0pgyx1l1gj33g5i9kwjar7dc3sal2g14mhfljcajj8bqzzrbc3za", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 06b865cc8..5b1cbe781 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "33824cdf8e4fec30c5b9ddc91b18991c3c375227", - "date": "2021-05-18T19:08:44-04:00", - "path": "/nix/store/s3f1q2a5hn60jdnz8h66z7yahrmzifin-nixpkgs", - "sha256": "1sad0x998k3iid2vp57kv4skvf90yh4gbs61dv3p45c2qi3sql46", + "rev": "5de44c15758465f8ddf84d541ba300b48e56eda4", + "date": "2021-06-05T20:40:48+01:00", + "path": "/nix/store/p5mhp3syp0aqkcrwmf8zi3ik7mgxrlgx-nixpkgs", + "sha256": "05darjv3zc5lfqx9ck7by6p90xgbgs1ni6193pw5zvi7xp2qlg4x", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 9a0ea7ed4..368a3ecb3 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-20.09' \ + --rev refs/heads/nixos-21.05' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 3e0b1674a..227c5e1e9 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -16,38 +16,54 @@ <stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/wine.nix> <stockholm/lass/2configs/fetchWallpaper.nix> - <stockholm/lass/2configs/nfs-dl.nix> + # <stockholm/lass/2configs/nfs-dl.nix> <stockholm/lass/2configs/pass.nix> <stockholm/lass/2configs/mail.nix> <stockholm/lass/2configs/bitcoin.nix> + + <stockholm/lass/2configs/xonsh.nix> + <stockholm/lass/2configs/review.nix> + <stockholm/lass/2configs/dunst.nix> + # <stockholm/krebs/2configs/ircd.nix> ]; krebs.build.host = config.krebs.hosts.coaxmetal; - environment.shellAliases = { - deploy = pkgs.writeDash "deploy" '' + environment.systemPackages = with pkgs; [ + brain + bank + l-gen-secrets + (pkgs.writeDashBin "deploy" '' set -eu export SYSTEM="$1" $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - usb-tether-on = pkgs.writeDash "usb-tether-on" '' + '') + (pkgs.writeDashBin "usb-tether-on" '' adb shell su -c service call connectivity 33 i32 1 s16 text - ''; - usb-tether-off = pkgs.writeDash "usb-tether-off" '' + '') + (pkgs.writeDashBin "usb-tether-off" '' adb shell su -c service call connectivity 33 i32 0 s16 text - ''; - }; + '') + ]; programs.adb.enable = true; hardware.bluetooth = { enable = true; powerOnBoot = true; - # config.General.Disable = "Headset"; - extraConfig = '' - [General] - Disable = Headset - ''; }; hardware.pulseaudio.package = pkgs.pulseaudioFull; + + lass.browser.config = { + dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; + ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; }; + fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; + }; + + nix.trustedUsers = [ "root" "lass" ]; + + services.tor = { + enable = true; + client.enable = true; + }; } diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix index c94740c54..3632ffd3e 100644 --- a/lass/1systems/coaxmetal/physical.nix +++ b/lass/1systems/coaxmetal/physical.nix @@ -7,6 +7,7 @@ networking.hostId = "e0c335ea"; boot.zfs.requestEncryptionCredentials = true; + boot.zfs.enableUnstable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index d84502b3f..b84ce6acf 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -19,6 +19,7 @@ with import <stockholm/lib>; "networkmanager" ]; useDefaultShell = true; + isNormalUser = true; }; networking.networkmanager.enable = true; networking.wireless.enable = mkForce false; diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index fbd2d223f..d7bf62b40 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -23,7 +23,7 @@ with import <stockholm/lib>; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel ]; krebs.bindfs = { diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index 837872bf5..0b1aff4a8 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -45,16 +45,5 @@ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; - services.thinkfan.enable = true; - services.thinkfan.levels = '' - (0, 0, 55) - (1, 48, 60) - (2, 50, 61) - (3, 52, 63) - (6, 60, 85) - (7, 80, 90) - (127, 89, 32767) - ''; - services.logind.lidSwitch = "ignore"; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 25d688696..89a386139 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -345,6 +345,7 @@ with import <stockholm/lib>; home = "/var/download"; useDefaultShell = true; uid = genid "download"; + isSystemUser = true; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-android.pubkey diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix index b50dc63f5..c3ce8fced 100644 --- a/lass/1systems/uriel/config.nix +++ b/lass/1systems/uriel/config.nix @@ -23,6 +23,7 @@ with import <stockholm/lib>; "networkmanager" ]; useDefaultShell = true; + isNormalUser = true; }; networking.networkmanager.enable = true; hardware.pulseaudio = { diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 22c80b4da..bf818a9b2 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -81,11 +81,6 @@ hardware.bluetooth = { enable = true; powerOnBoot = true; - # config.General.Disable = "Headset"; - extraConfig = '' - [General] - Disable = Headset - ''; }; hardware.pulseaudio.package = pkgs.pulseaudioFull; # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index 9f6fd3bf0..9aa97a8ce 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -4,12 +4,6 @@ let mainUser = config.users.extraUsers.mainUser; in { - krebs.per-user.bch.packages = [ - pkgs.electron-cash - ]; - krebs.per-user.bitcoin.packages = [ - pkgs.electrum - ]; users.extraUsers = { bch = { name = "bch"; @@ -17,6 +11,8 @@ in { home = "/home/bch"; useDefaultShell = true; createHome = true; + packages = [ pkgs.electron-cash ]; + isNormalUser = true; }; bitcoin = { name = "bitcoin"; @@ -24,10 +20,25 @@ in { home = "/home/bitcoin"; useDefaultShell = true; createHome = true; + packages = [ pkgs.electrum ]; + isNormalUser = true; + }; + monero = { + name = "monero"; + description = "user for monero stuff"; + home = "/home/monero"; + useDefaultShell = true; + createHome = true; + packages = [ + pkgs.monero + pkgs.monero-gui + ]; + isNormalUser = true; }; }; security.sudo.extraConfig = '' - ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL - ${mainUser.name} ALL=(bch) NOPASSWD: ALL + ${mainUser.name} ALL=(bch) ALL + ${mainUser.name} ALL=(bitcoin) ALL + ${mainUser.name} ALL=(monero) ALL ''; } diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix index 3d87fb620..f32f062ff 100644 --- a/lass/2configs/ciko.nix +++ b/lass/2configs/ciko.nix @@ -10,6 +10,7 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr" ]; + isNormalUser = true; }; system.activationScripts.user-shadow = '' diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 7b6f01148..193f4bef1 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -32,6 +32,7 @@ with import <stockholm/lib>; group = "users"; createHome = true; useDefaultShell = true; + isNormalUser = true; extraGroups = [ "audio" "fuse" @@ -88,9 +89,7 @@ with import <stockholm/lib>; services.timesyncd.enable = mkForce true; - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; + boot.tmpOnTmpfs = true; # multiple-definition-problem when defining environment.variables.EDITOR environment.extraInit = '' diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix index e3a88c789..5d68def35 100644 --- a/lass/2configs/elster.nix +++ b/lass/2configs/elster.nix @@ -12,6 +12,7 @@ in { useDefaultShell = true; extraGroups = []; createHome = true; + isNormalUser = true; }; }; krebs.per-user.elster.packages = [ diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 67f250ef3..829773b87 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -78,6 +78,7 @@ in { # vdoomserver retroarchBare ]; + isNormalUser = true; }; }; diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 3d4c1e306..89ccae408 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -8,6 +8,8 @@ with import <stockholm/lib>; prefixLength = 24; }]; + networking.domain = "gg23"; + services.dhcpd4 = { enable = true; interfaces = [ "int0" ]; diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix index d9307347e..629d74235 100644 --- a/lass/2configs/htop.nix +++ b/lass/2configs/htop.nix @@ -3,7 +3,6 @@ with import <stockholm/lib>; { - security.hideProcessInformation = true; nixpkgs.config.packageOverrides = super: { htop = pkgs.symlinkJoin { name = "htop"; diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 210551a62..7512787fe 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -80,7 +80,7 @@ let name = "mpv"; paths = [ (pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@" + exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config "$@" # TODO renable autosub when subliminal is in 21.05 again '') pkgs.mpv ]; diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 6b2a0142a..48070ea06 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - users.users.lass.packages = with pkgs; [ + users.users.mainUser.packages = with pkgs; [ (pass.withExtensions (ext: [ ext.pass-otp ])) gnupg ]; diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index c7bdb525d..648ffc784 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -32,9 +32,12 @@ in { user = "lass"; }; - users.users.power-action.extraGroups = [ - "audio" - ]; + users.users.power-action = { + isNormalUser = true; + extraGroups = [ + "audio" + ]; + }; security.sudo.extraConfig = '' ${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend} diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index cfc280e50..a474b0ebc 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -4,7 +4,6 @@ with import <stockholm/lib>; let name = "radio"; - mainUser = config.users.extraUsers.mainUser; music_dir = "/home/radio/music"; @@ -84,6 +83,17 @@ let }' ''; + set_irc_topic = pkgs.writeDash "set_irc_topic" '' + ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \ + -H content-type:application/json \ + -d "$(${pkgs.jq}/bin/jq -n \ + --arg text "$1" '{ + command:"TOPIC", + params:["#the_playlist",$text] + }' + )" + ''; + write_to_irc = pkgs.writeDash "write_to_irc" '' ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \ -H content-type:application/json \ @@ -128,11 +138,25 @@ in { services.mpd = { enable = true; - group = "radio"; + user = "radio"; musicDirectory = "${music_dir}"; + dataDir = "/home/radio/state"; # TODO create this somwhere extraConfig = '' log_level "default" auto_update "yes" + volume_normalization "yes" + + audio_output { + type "httpd" + name "lassulus radio mp3" + encoder "lame" # optional + port "8002" + quality "5.0" # do not define if bitrate is defined + # bitrate "128" # do not define if quality is defined + format "44100:16:2" + always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. + tags "yes" # httpd supports sending tags to listening streams. + } audio_output { type "httpd" @@ -152,6 +176,7 @@ in { tables = { filter.INPUT.rules = [ { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 8002"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 8001"; target = "ACCEPT"; } ]; }; @@ -200,10 +225,10 @@ in { ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null ${pkgs.mpc_cli}/bin/mpc current -f %file% done | while read track; do - listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | wc -l) + listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | grep '^mptcp' | wc -l) echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" - ${write_to_irc} "playing: $track listeners: $listeners" + ${set_irc_topic} "playing: $track listeners: $listeners" done ''; in { @@ -349,7 +374,7 @@ in { }; services.syncthing.declarative.folders."the_playlist" = { path = "/home/radio/music/the_playlist"; - devices = [ "mors" "phone" "prism" "xerxes" ]; + devices = [ "mors" "phone" "prism" ]; }; krebs.permown."/home/radio/music/the_playlist" = { owner = "radio"; diff --git a/lass/2configs/review.nix b/lass/2configs/review.nix new file mode 100644 index 000000000..658f32084 --- /dev/null +++ b/lass/2configs/review.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; +in { + + users.users.review = { + isNormalUser = true; + packages = [ pkgs.nixpkgs-review ]; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(review) NOPASSWD: ALL + ''; +} diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index c43c8c902..e603f49da 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -170,6 +170,7 @@ in { home = "/home/UBIK-SFTP"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.xanf = { @@ -178,6 +179,7 @@ in { home = "/home/xanf"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.domsen = { @@ -185,8 +187,9 @@ in { description = "maintenance acc for domsen"; home = "/home/domsen"; useDefaultShell = true; - extraGroups = [ "nginx" "download" ]; + extraGroups = [ "syncthing" "download" "xanf" ]; createHome = true; + isNormalUser = true; }; users.users.bruno = { @@ -194,6 +197,7 @@ in { home = "/home/bruno"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.jla-trading = { @@ -201,6 +205,7 @@ in { home = "/home/jla-trading"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.jms = { @@ -208,6 +213,7 @@ in { home = "/home/jms"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.ms = { @@ -215,6 +221,7 @@ in { home = "/home/ms"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.testuser = { @@ -222,20 +229,23 @@ in { home = "/home/testuser"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; - users.users.akayguen = { - uid = genid_uint31 "akayguen"; - home = "/home/akayguen"; - useDefaultShell = true; - createHome = true; - }; + #users.users.akayguen = { + # uid = genid_uint31 "akayguen"; + # home = "/home/akayguen"; + # useDefaultShell = true; + # createHome = true; + # isNormalUser = true; + #}; users.users.bui = { uid = genid_uint31 "bui"; home = "/home/bui"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.klabusterbeere = { @@ -243,6 +253,7 @@ in { home = "/home/klabusterbeere"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.kasia = { @@ -250,6 +261,7 @@ in { home = "/home/kasia"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.XANF_TEAM = { @@ -258,6 +270,25 @@ in { home = "/home/XANF_TEAM"; useDefaultShell = true; createHome = true; + isNormalUser = true; + }; + + users.users.dif = { + uid = genid_uint31 "dif"; + home = "/home/dif"; + useDefaultShell = true; + extraGroups = [ "xanf" ]; + createHome = true; + isNormalUser = true; + }; + + users.users.lavafilms = { + uid = genid_uint31 "lavafilms"; + home = "/home/lavafilms"; + useDefaultShell = true; + extraGroups = [ "xanf" ]; + createHome = true; + isNormalUser = true; }; users.groups.xanf = {}; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 17df71310..bb983b78e 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -97,6 +97,7 @@ in { home = "/srv/http/lassul.us"; useDefaultShell = true; createHome = true; + isSystemUser = true; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-mors.pubkey diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 5cb019c13..5476624c9 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -14,8 +14,9 @@ in { ]; createHome = true; packages = [ - pkgs.wineMinimal + pkgs.wineWowPackages.stable ]; + isNormalUser = true; }; }; security.sudo.extraConfig = '' diff --git a/lass/2configs/xonsh.nix b/lass/2configs/xonsh.nix new file mode 100644 index 000000000..23ed28847 --- /dev/null +++ b/lass/2configs/xonsh.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.xonsh + pkgs.xonsh2 + ]; +} diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix index 0c77d4da8..4171abdb6 100644 --- a/lass/3modules/browsers.nix +++ b/lass/3modules/browsers.nix @@ -5,7 +5,9 @@ let cfg = config.lass.browser; browserScripts = { - chromium = "${pkgs.chromium}/bin/chromium"; + brave = "${pkgs.brave}/bin/brave"; + chrome = "${pkgs.google-chrome}/bin/chrome"; + chromium = "${pkgs.ungoogled-chromium}/bin/chromium"; firefox = "${pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.tridactyl-native ]; }}/bin/firefox"; @@ -14,8 +16,9 @@ let browser-select = let sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) + (filter (x: ! x.value.hidden) (mapAttrsToList (name: value: { inherit name value; }) - cfg.config); + cfg.config)); in if (lib.length sortedPaths) > 1 then pkgs.writeScriptBin "browser-select" '' BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) @@ -48,6 +51,10 @@ in { type = types.str; default = config._module.args.name; }; + hidden = mkOption { + type = types.bool; + default = false; + }; precedence = mkOption { type = types.int; default = 0; @@ -58,7 +65,7 @@ in { }; browser = mkOption { type = types.enum (attrNames browserScripts); - default = "chromium"; + default = "brave"; }; groups = mkOption { type = types.listOf types.str; diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 37f90ee1c..526e12db7 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -147,6 +147,7 @@ with import <stockholm/lib>; useDefaultShell = true; createHome = true; extraGroups = cfg.groups; + isNormalUser = true; } ) config.lass.xjail; diff --git a/lass/5pkgs/tdlib-purple/default.nix b/lass/5pkgs/tdlib-purple/default.nix index 54841588e..d7937da58 100644 --- a/lass/5pkgs/tdlib-purple/default.nix +++ b/lass/5pkgs/tdlib-purple/default.nix @@ -1,6 +1,24 @@ -{ stdenv, fetchFromGitHub, cmake, tdlib, pidgin, libwebp, libtgvoip } : +{ stdenv, pkgs, fetchFromGitHub, cmake, pidgin, libwebp, libtgvoip } : -stdenv.mkDerivation rec { +let + + tdlib = stdenv.mkDerivation rec { + version = "1.6.0"; + pname = "tdlib"; + + src = fetchFromGitHub { + owner = "tdlib"; + repo = "td"; + rev = "v${version}"; + sha256 = "0zlzpl6fgszg18kwycyyyrnkm255dvc6fkq0b0y32m5wvwwl36cv"; + }; + + buildInputs = with pkgs; [ gperf openssl readline zlib ]; + nativeBuildInputs = [ pkgs.cmake ]; + + }; + +in stdenv.mkDerivation rec { pname = "tdlib-purple"; version = "0.7.8"; diff --git a/lass/5pkgs/xonsh2/default.nix b/lass/5pkgs/xonsh2/default.nix new file mode 100644 index 000000000..d55d22445 --- /dev/null +++ b/lass/5pkgs/xonsh2/default.nix @@ -0,0 +1,56 @@ +{ lib, stdenv +, fetchFromGitHub +, python39Packages +, glibcLocales +, coreutils +, git +, extraInputs ? [] +}: let + + python3Packages = python39Packages; + +in python3Packages.buildPythonApplication rec { + pname = "xonsh2"; + version = "master"; + + # fetch from github because the pypi package ships incomplete tests + src = fetchFromGitHub { + owner = "anki-code"; + repo = "xonsh2"; + rev = "bd96fcdce9319ab6b90c7d9ac47d2249b61144d0"; + sha256 = "0b632rac8macfp2mmvhh1f34cf1m5qfpjajwnf676qk7jzn79vx6"; + }; + + LC_ALL = "en_US.UTF-8"; + + postPatch = '' + sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' scripts/xon.sh + find scripts -name 'xonsh*' -exec sed -i -e "s|env -S|env|" {} \; + find -name "*.xsh" | xargs sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' + patchShebangs . + ''; + + doCheck = false; + + checkPhase = '' + HOME=$TMPDIR pytest -k 'not test_repath_backslash and not test_os and not test_man_completion and not test_builtins and not test_main and not test_ptk_highlight and not test_pyghooks' + HOME=$TMPDIR pytest -k 'test_builtins or test_main' --reruns 5 + HOME=$TMPDIR pytest -k 'test_ptk_highlight' + ''; + + checkInputs = [ python3Packages.pytest python3Packages.pytest-rerunfailures glibcLocales git ]; + + propagatedBuildInputs = with python3Packages; [ ply prompt_toolkit pygments ] ++ extraInputs; + + meta = with lib; { + description = "A Python-ish, BASHwards-compatible shell"; + homepage = "https://xon.sh/"; + # changelog = "https://github.com/xonsh/xonsh/releases/tag/${version}"; + license = licenses.bsd3; + platforms = platforms.all; + }; + + passthru = { + shellPath = "/bin/xonsh2"; + }; +} diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 80655f998..fee4145b9 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -130,7 +130,7 @@ # Virtualization # <stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/docker.nix> - # <stockholm/makefu/2configs/virtualisation/virtualbox.nix> + <stockholm/makefu/2configs/virtualisation/virtualbox.nix> #{ # networking.firewall.allowedTCPPorts = [ 8080 ]; # networking.nat = { diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix index ac601845a..f0d663ee9 100644 --- a/makefu/1systems/x/x13/default.nix +++ b/makefu/1systems/x/x13/default.nix @@ -32,5 +32,9 @@ users.groups.video = {}; users.users.makefu.extraGroups = [ "video" ]; + + boot.extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; } diff --git a/makefu/2configs/bgt/social-to-irc.nix b/makefu/2configs/bgt/social-to-irc.nix index 8e81f9b50..d02e60695 100644 --- a/makefu/2configs/bgt/social-to-irc.nix +++ b/makefu/2configs/bgt/social-to-irc.nix @@ -13,7 +13,7 @@ channel = "#binaergewitter"; notifyErrors = false; irc = { - host = "irc.freenode.net"; + host = "irc.libera.chat"; port = 6667; }; #controller = { diff --git a/makefu/2configs/deployment/dirctator.nix b/makefu/2configs/deployment/dirctator.nix index 4f2f8818d..7303bb414 100644 --- a/makefu/2configs/deployment/dirctator.nix +++ b/makefu/2configs/deployment/dirctator.nix @@ -15,7 +15,7 @@ in { inputConfig = '' irc { channels => [ "#krebs", "#afra" ] - host => "irc.freenode.net" + host => "irc.hackint.org" nick => "dirctator" } ''; diff --git a/makefu/2configs/elchos/irc-token.nix b/makefu/2configs/elchos/irc-token.nix index a91223b28..4844bf29f 100644 --- a/makefu/2configs/elchos/irc-token.nix +++ b/makefu/2configs/elchos/irc-token.nix @@ -17,7 +17,7 @@ in { echo "$message" LOGNAME=sec-announcer HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --transient) - IRC_SERVER=irc.freenode.net + IRC_SERVER=irc.hackint.org IRC_PORT=6667 IRC_NICK=$HOSTNAME-$$ IRC_CHANNEL='#eloop' diff --git a/makefu/2configs/home/ham/automation/fenster_auf.nix b/makefu/2configs/home/ham/automation/fenster_auf.nix index 871f248b9..0c57fc760 100644 --- a/makefu/2configs/home/ham/automation/fenster_auf.nix +++ b/makefu/2configs/home/ham/automation/fenster_auf.nix @@ -36,6 +36,7 @@ let platform = "state"; entity_id = entity; to = "off"; + for.seconds = 10; } ]; condition = [ @@ -61,12 +62,13 @@ let in { services.home-assistant.config = { input_boolean = { - badezimmerfinester_lang_offen.name = "Badezimmer lange offen"; + badezimmerfenster_lang_offen.name = "Badezimmer lange offen"; duschfenster_lang_offen.name = "Duschfenster lange offen"; }; automation = [ (fenster_geschlossen_lang "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact") - (fenster_geschlossen_lang "Duschfenster" "binary_sensor.badezimmer_fenster_contact") + (fenster_geschlossen_lang "Duschfenster" "binary_sensor.dusche_fenster_contact") + (fenster_offen "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact") (fenster_offen "Duschfenster" "binary_sensor.dusche_fenster_contact") ]; diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix index 006cafec0..20cdf7ba7 100644 --- a/makefu/2configs/systemdultras/ircbot.nix +++ b/makefu/2configs/systemdultras/ircbot.nix @@ -11,7 +11,7 @@ config = { channel = "#systemdultras"; irc = { - host = "irc.freenode.net"; + host = "irc.hackint.org"; port = 6667; }; notifyErrors = false; diff --git a/makefu/5pkgs/chitubox/default.nix b/makefu/5pkgs/chitubox/default.nix new file mode 100644 index 000000000..2e01949bb --- /dev/null +++ b/makefu/5pkgs/chitubox/default.nix @@ -0,0 +1,66 @@ +{ stdenv, autoPatchelfHook, libglvnd +, libgcrypt,zlib,glib,fontconfig,freetype,libdrm +, libxkbcommon +, libpulseaudio +, xlibs +, gst_all_1 +, kerberos +, alsaLib +}: +# via https://raw.githubusercontent.com/simon-the-sourcerer-ab/chitubox/main/default.nix +stdenv.mkDerivation rec { + pname = "chitubox"; + + version = "1.8.1"; + + src = builtins.fetchTarball { + url = "https://sac.chitubox.com/software/download.do?softwareId=17839&softwareVersionId=v${version}&fileName=CHITUBOX_V${version}.tar.gz"; + sha256 = "08fh8w7s5qvlx6bhdg24g81a7zprq7n8m27w2vdv0cd8j0wixbsx"; + }; + nativeBuildInputs = [ autoPatchelfHook ]; + + buildInputs = with xlibs; [ stdenv.cc.cc.lib libglvnd libgcrypt zlib glib fontconfig freetype libdrm + libxkbcommon libpulseaudio kerberos alsaLib + xcbutilwm xcbutilimage xcbutilrenderutil xcbutilkeysyms + gst_all_1.gst-plugins-base gst_all_1.gstreamer +]; + + buildPhase = '' + mkdir -p bin + mv CHITUBOX bin/chitubox + + # Remove unused stuff + rm AppRun + + # Place resources where ChiTuBox can expect to find them + mkdir ChiTuBox + mv resource ChiTuBox/ + + # Configure Qt paths + cat << EOF > bin/qt.conf + [Paths] + Prefix = $out + Plugins = plugins + Imports = qml + Qml2Imports = qml + EOF + ''; + + installPhase = '' + mkdir -p $out + mv * $out/ + ''; + + autoPatchelfIgnoreMissingDeps=true; + + meta = { + description = "A Revolutionary Tool to Change 3D Printing Processes within One Click"; + homepage = "https://www.chitubox.com"; + license = { + fullName = "ChiTuBox EULA"; + shortName = "ChiTuBox"; + url = "https://www.chitubox.com"; + }; + }; +} + |