diff options
Diffstat (limited to 'lass')
31 files changed, 495 insertions, 377 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 2c1be473a..bd559944a 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -34,6 +34,7 @@ with import <stockholm/lib>; ]; }; environment.systemPackages = with pkgs; [ + ark pavucontrol #firefox chromium diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index 998fa1478..f57d275d8 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: { imports = [ <stockholm/lass> @@ -14,15 +14,19 @@ krebs.build.host = config.krebs.hosts.hilum; - boot.loader.grub.extraEntries = '' - menuentry "grml" { - iso_path=/isos/grml.iso - export iso_path - search --set=root --file $iso_path - loopback loop $iso_path - root=(loop) - configfile /boot/grub/loopback.cfg - loopback --delete loop - } - ''; + boot.loader.grub = { + extraEntries = '' + submenu isos { + source /grub/autoiso.cfg + } + ''; + extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { + name = "autoiso.cfg"; + src = pkgs.grub2.src; + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + cp docs/autoiso.cfg $out + ''; + }); + }; } diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index d8c8699ae..86727700f 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { imports = [ @@ -14,20 +14,13 @@ <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/games.nix> <stockholm/lass/2configs/bitcoin.nix> - <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/wine.nix> - <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/nfs-dl.nix> - <stockholm/lass/2configs/prism-share.nix> + #<stockholm/lass/2configs/prism-share.nix> <stockholm/lass/2configs/ssh-cryptsetup.nix> ]; krebs.build.host = config.krebs.hosts.icarus; - - environment.systemPackages = with pkgs; [ - macchanger - dpass - ]; programs.adb.enable = true; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 13e865c6e..e957279e2 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -261,41 +261,6 @@ with import <stockholm/lib>; hostAddress = "10.233.2.3"; localAddress = "10.233.2.4"; }; - services.nginx.virtualHosts."rote-allez-fraktion.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - extraConfig = '' - proxy_set_header Host rote-allez-fraktion.de; - proxy_pass http://10.233.2.4; - ''; - }; - }; - } - { - imports = [ <stockholm/lass/2configs/backup.nix> ]; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "mors" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/chat/.weechat" - "/bku/sql_dumps" - ]; - passwordFile = (toString <secrets>) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/prism"; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); } { users.users.download.openssh.authorizedKeys.keys = [ diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 2d25bc88a..8630d0f4b 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -28,6 +28,12 @@ export SYSTEM="$1" $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; + usb-tether-on = pkgs.writeDash "usb-tether-on" '' + adb shell su -c service call connectivity 33 i32 1 s16 text + ''; + usb-tether-off = pkgs.writeDash "usb-tether-off" '' + adb shell su -c service call connectivity 33 i32 0 s16 text + ''; }; services.xserver = { @@ -66,26 +72,8 @@ programs.adb.enable = true; - services.logind.lidSwitch = "ignore"; - services.acpid = { - enable = true; - lidEventCommands = '' - export DISPLAY=:${toString config.services.xserver.display} - case "$1" in - "button/lid LID close") - ${pkgs.xorg.xinput}/bin/xinput disable 'pointer: Mouse for Windows' - ${pkgs.xorg.xinput}/bin/xinput disable 'keyboard: Mouse for Windows' - ${pkgs.acpilight}/bin/xbacklight -get > /tmp/pre_lid_brightness - ${pkgs.acpilight}/bin/xbacklight -set 0 - ;; - "button/lid LID open") - ${pkgs.xorg.xinput}/bin/xinput enable 'pointer: Mouse for Windows' - ${pkgs.xorg.xinput}/bin/xinput enable 'keyboard: Mouse for Windows' - ${pkgs.acpilight}/bin/xbacklight -set $(cat /tmp/pre_lid_brightness) - ;; - esac - ''; - }; + services.logind.lidSwitch = "suspend"; + lass.screenlock.enable = lib.mkForce false; systemd.services.suspend-again = { after = [ "suspend.target" ]; diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix index 5d60dfc45..77cf2206b 100644 --- a/lass/1systems/xerxes/physical.nix +++ b/lass/1systems/xerxes/physical.nix @@ -13,9 +13,8 @@ }; boot.loader.efi.canTouchEfiVariables = true; - # TODO fix touchscreen boot.blacklistedKernelModules = [ - "goodix" + "sdhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; @@ -46,7 +45,7 @@ swapDevices = [ ]; boot.extraModprobeConfig = '' - options zfs zfs_arc_max=1073741824 + options zfs zfs_arc_max=107374182 ''; nix.maxJobs = lib.mkDefault 4; @@ -74,13 +73,10 @@ services.xserver = { videoDrivers = [ "intel" ]; - deviceSection = '' - Option "TearFree" "true" - ''; displayManager.sessionCommands = '' echo nonono > /tmp/xxyy (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right) - (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1) ''; }; } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index ecbb7541f..52d694c46 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -10,6 +10,7 @@ in { ./copyq.nix ./urxvt.nix ./xdg-open.nix + ./yubikey.nix { hardware.pulseaudio = { enable = true; @@ -54,7 +55,7 @@ in { time.timeZone = "Europe/Berlin"; programs.ssh.agentTimeout = "10m"; - programs.ssh.startAgent = true; + programs.ssh.startAgent = false; services.openssh.forwardX11 = true; environment.systemPackages = with pkgs; [ @@ -62,11 +63,11 @@ in { acpilight ag cabal2nix - cholerab dic dmenu font-size fzfmenu + gimp gitAndTools.qgit git-preview gnome3.dconf diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index c0085995d..eafab400c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,100 +1,13 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - - mainUser = config.users.extraUsers.mainUser; - - browser-select = let - sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) - (mapAttrsToList (name: value: { inherit name value; }) - config.lass.browser.paths); - in pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) - case $BROWSER in - ${concatMapStringsSep "\n" (n: '' - ${n.name}) - export BIN=${n.value.path}/bin/${n.name} - ;; - '') (sortedPaths)} - esac - $BIN "$@" - ''; - - createUser = script: name: groups: precedence: dpi: - { - lass.xjail.${name} = { - inherit script groups dpi; - }; - environment.systemPackages = [ - config.lass.xjail-bins.${name} - (pkgs.writeDashBin "cx-${name}" '' - DISPLAY=:${toString (genid_uint31 name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip - '') - ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; - - createChromiumUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.chromium}/bin/chromium "$@" - '') name groups precedence 80; - - createFirefoxUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.firefox}/bin/firefox "$@" - '') name groups precedence 80; - - createQuteUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.qutebrowser}/bin/qutebrowser "$@" - '') name groups precedence 60; - -in { - - lass.browser.select = browser-select; - - environment.systemPackages = [ - browser-select - ]; - +{ + lass.browser.config = { + cr = { groups = [ "audio" "video" ]; precedence = 9; }; + }; programs.chromium = { enable = true; extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium + "ihlenndgcmojhcghmfjfneahoeklbjjh" #cVim ]; }; - - imports = [ - { - options.lass.browser.select = mkOption { - type = types.path; - }; - options.lass.browser.paths = mkOption { - type = types.attrsOf (types.submodule ({ - options = { - path = mkOption { - type = types.path; - }; - precedence = mkOption { - type = types.int; - default = 0; - }; - }; - })); - }; - } - ( createFirefoxUser "ff" [ "audio" ] 11 ) - ( createQuteUser "qb" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "audio" "video" ] 9 ) - ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "audio" ] 0 ) - ( createChromiumUser "fb" [ "audio" ] 0 ) - ( createChromiumUser "com" [ "audio" ] 0 ) - ( createChromiumUser "fin" [] (-1) ) - ]; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 972b4760a..27242b129 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -23,8 +23,8 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey + config.krebs.users.lass-xerxes.pubkey + config.krebs.users.lass-yubikey.pubkey ]; }; mainUser = { @@ -42,6 +42,8 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey + config.krebs.users.lass-xerxes.pubkey + config.krebs.users.lass-yubikey.pubkey ]; }; }; @@ -173,13 +175,7 @@ with import <stockholm/lib>; ''; }; - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; + services.openssh.enable = true; services.journald.extraConfig = '' SystemMaxUse=1G @@ -190,7 +186,9 @@ with import <stockholm/lib>; enable = true; tables = { nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-i retiolum -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + { predicate = "-i wiregrill -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + { predicate = "-p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } ]; nat.OUTPUT.rules = [ @@ -217,7 +215,4 @@ with import <stockholm/lib>; networking.dhcpcd.extraConfig = '' noipv4ll ''; - services.netdata = { - enable = true; - }; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index d1e6b195b..a82672998 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -15,6 +15,7 @@ with import <stockholm/lib>; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.blue + config.krebs.hosts.xerxes ]; internet-aliases = with config.krebs.users; [ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 @@ -106,6 +107,10 @@ with import <stockholm/lib>; { from = "ubisoft@lassul.us"; to = lass.mail; } { from = "kottezeller@lassul.us"; to = lass.mail; } { from = "pie@lassul.us"; to = lass.mail; } + { from = "vebit@lassul.us"; to = lass.mail; } + { from = "vcvrack@lassul.us"; to = lass.mail; } + { from = "epic@lassul.us"; to = lass.mail; } + { from = "microsoft@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index a3acb82bb..c0e6beba4 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -10,7 +10,7 @@ let doom = pkgs.writeDash "doom" '' DOOM_DIR=''${DOOM_DIR:-~/doom/} ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ + -file $DOOM_DIR/lib/brutalv21.pk3 \ "$@" ''; doom1 = pkgs.writeDashBin "doom1" '' @@ -56,15 +56,6 @@ let ''; in { - environment.systemPackages = with pkgs; [ - dolphinEmu - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - users.extraUsers = { games = { name = "games"; @@ -76,7 +67,14 @@ in { packages = with pkgs; [ minecraft steam-run + scummvm dolphinEmu + doom1 + doom2 + vdoom1 + vdoom2 + vdoomserver + retroarchBare ]; }; }; diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index a1bb26049..0ddb63a03 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import <stockholm/lib>; { nix.gc = { - automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer); + automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer); }; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 7650f4294..ced0d7955 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -180,7 +180,7 @@ let with git // config.krebs.users; repo: singleton { - user = [ lass lass-mors lass-shodan lass-icarus lass-blue ]; + user = [ lass lass-mors lass-shodan lass-icarus lass-blue lass-xerxes ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index 5649041f9..89b119347 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, pkgs, ... }: { imports = [ <stockholm/krebs/2configs/hw/x220.nix> @@ -8,7 +8,20 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + extraModulePackages = [ + config.boot.kernelPackages.tp_smapi + config.boot.kernelPackages.acpi_call + ]; + kernelModules = [ + "acpi_call" + "tp_smapi" + ]; }; + + environment.systemPackages = [ + pkgs.tpacpi-bat + ]; + fileSystems = { "/" = { device = "/dev/mapper/pool-root"; @@ -33,4 +46,10 @@ services.logind.lidSwitch = "ignore"; services.logind.lidSwitchDocked = "ignore"; + services.tlp.enable = true; + services.tlp.extraConfig = '' + START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 + ''; + } diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 1c253a6c5..156ebcae7 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -2,7 +2,7 @@ { krebs.per-user.lass.packages = with pkgs; [ - pass + (pass.withExtensions (ext: [ ext.pass-otp ])) gnupg ]; diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 7e1433fde..b24d7af3e 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -260,7 +260,7 @@ in { }; krebs.syncthing.folders."the_playlist" = { path = "/home/radio/music/the_playlist"; - peers = [ "mors" "phone" "prism" ]; + peers = [ "mors" "phone" "prism" "xerxes" ]; }; krebs.permown."/home/radio/music/the_playlist" = { owner = "radio"; diff --git a/lass/2configs/starcraft.nix b/lass/2configs/starcraft.nix index 742b877e8..c95a610e7 100644 --- a/lass/2configs/starcraft.nix +++ b/lass/2configs/starcraft.nix @@ -1,36 +1,5 @@ { config, pkgs, ... }: let mainUser = config.users.extraUsers.mainUser; - newWine = pkgs.wineStaging; - #newWine = pkgs.wineStaging.overrideAttrs (old: { - # name = "wine-3.7"; - # buildInputs = old.buildInputs ++ [ - # pkgs.libuuid.bin - # pkgs.autoconf.out - # ]; - # src = pkgs.fetchurl { - # url = "https://dl.winehq.org/wine/source/3.x/wine-3.7.tar.xz"; - # sha256 = "1drbzk3y0m14lkq3vzwwkvain5shykgcbmyzh6gcb5r4sxh3givn"; - # }; - # postPatch = old.postPatch or "" + '' - # patchShebangs tools - # cp -r ${pkgs.fetchFromGitHub { - # sha256 = "0kam73jqhah7bzji5csxxhhfdp6byhzpcph6xnzjqz2aic5xk7xi"; - # owner = "wine-staging"; - # repo = "wine-staging"; - # rev = "v3.7"; - # }}/patches . - # chmod +w patches - # cd patches - # patchShebangs gitapply.sh - # ./patchinstall.sh DESTDIR="$PWD/.." --all - # cd .. - # ''; - - #}); - #newWine = (import (builtins.fetchGit { - # url = "https://github.com/NixOS/nixpkgs"; - # rev = "696c6bed4e8e2d9fd9b956dea7e5d49531e9d13f"; - #}) {}).wineStaging; in { users.users= { starcraft = { @@ -40,7 +9,7 @@ in { "video" ]; packages = [ - newWine + pkgs.wineWowPackages.minimal pkgs.winetricks pkgs.mpg123 ]; diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index e1b523e3a..701e5047e 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -11,9 +11,8 @@ # ##TODO: make steam module nixpkgs.config.steam.java = true; - environment.systemPackages = with pkgs; [ - steam - ]; + + users.users.games.packages = [ pkgs.steam ]; #ports for inhome streaming krebs.iptables = { diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix index 5b92d0919..d0cfdf478 100644 --- a/lass/2configs/ts3.nix +++ b/lass/2configs/ts3.nix @@ -10,8 +10,8 @@ { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; } { predicate = "-p udp --dport 9987"; target = "ACCEPT"; } ##file transfer port - #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } - #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } + { predicate = "-p udp --dport 30033"; target = "ACCEPT"; } ##query port #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; } #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 9980e0501..b9673de70 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,7 +26,6 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ "jarugadesign.de" "www.jarugadesign.de" ]) (servePage [ "freemonkey.art" "www.freemonkey.art" @@ -41,6 +40,7 @@ in { "youthtube.xyz" "joemisch.com" "weirdwednesday.de" + "jarugadesign.de" "www.apanowicz.de" "www.nirwanabluete.de" @@ -50,6 +50,7 @@ in { "www.ubikmedia.de" "www.joemisch.com" "www.weirdwednesday.de" + "www.jarugadesign.de" "aldona2.ubikmedia.de" "apanowicz.ubikmedia.de" @@ -64,6 +65,7 @@ in { "freemonkey.ubikmedia.de" "jarugadesign.ubikmedia.de" "crypto4art.ubikmedia.de" + "jarugadesign.ubikmedia.de" ]) ]; @@ -250,14 +252,13 @@ in { lines = 1000; }; }; + services.restic.backups.domsen = { initialize = true; - extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; - repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + repository = "/backups/domsen"; passwordFile = toString <secrets> + "/domsen_backup_pw"; timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; paths = [ - "/srv/http" "/home/domsen/Mail" "/home/ms/Mail" "/home/klabusterbeere/Mail" @@ -270,32 +271,32 @@ in { }; boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576"; + krebs.syncthing.folders = { + domsen-backups = { + path = "/backups/domsen"; + peers = [ "domsen-backup" ]; + }; + domsen-backup-srv-http = { + path = "/srv/http"; + peers = [ "domsen-backup" ]; + }; + }; + + system.activationScripts.domsen-backups = '' + ${pkgs.coreutils}/bin/chmod 750 /backups + ''; + krebs.permown = { - "/srv/http/ubikmedia.de" = { - owner = "domsen"; - group = "nginx"; + "/backups/domsen" = { + owner = "backup"; + group = "syncthing"; umask = "0007"; }; - "/srv/http/o.ubikmedia.de" = { - owner = "domsen"; + "/srv/http" = { + owner = "syncthing"; group = "nginx"; umask = "0007"; }; - "/srv/http/freemonkey.art" = { - owner = "domsen"; - group = "nginx"; - umask = "0002"; - }; - "/srv/http/jarugadesign.de" = { - owner = "domsen"; - group = "nginx"; - umask = "0002"; - }; - "/srv/http/reich-gebaeudereinigung.de" = { - owner = "domsen"; - group = "nginx"; - umask = "0002"; - }; }; } diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix new file mode 100644 index 000000000..e6482c58c --- /dev/null +++ b/lass/2configs/yubikey.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + yubikey-personalization + ]; + + services.udev.packages = with pkgs; [ yubikey-personalization ]; + services.pcscd.enable = true; + + environment.shellInit = '' + if [ "$UID" -eq 1337 ]; then + export GPG_TTY="$(tty)" + gpg-connect-agent /bye + export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + fi + ''; + + programs = { + ssh.startAgent = false; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; +} diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 53106b03b..05964eb51 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -8,6 +8,7 @@ zsh-newuser-install() { :; } ''; interactiveShellInit = '' + unsetopt nomatch # no matches found urls setopt autocd extendedglob bindkey -e diff --git a/lass/3modules/autowifi.nix b/lass/3modules/autowifi.nix index b84569df8..9aa1a2d28 100644 --- a/lass/3modules/autowifi.nix +++ b/lass/3modules/autowifi.nix @@ -11,101 +11,28 @@ in { type = types.str; default = "/etc/wifis"; }; + enablePrisonBreak = mkOption { + type = types.bool; + default = false; + }; }; config = lib.mkIf cfg.enable { systemd.services.autowifi = { description = "Automatic wifi connector"; wantedBy = [ "multi-user.target" ]; + path = [ pkgs.networkmanager ]; serviceConfig = { Type = "simple"; Restart = "always"; RestartSec = "10s"; - ExecStart = pkgs.writers.writePython3 "autowifi" {} /* python3 */ '' - import subprocess - import time - import urllib.request - - - def connect(ssid, psk=None): - subprocess.run(["${pkgs.networkmanager}/bin/nmcli", "connection", "delete", "autowifi"]) - print("connecting to {}".format(ssid)) - if psk is None: - subprocess.run(["${pkgs.networkmanager}/bin/nmcli", "device", "wifi", "connect", ssid, "name", "autowifi"]) - else: - subprocess.run(["${pkgs.networkmanager}/bin/nmcli", "device", "wifi", "connect", ssid, "name", "autowifi", "password", psk]) - - - def scan(): - wifis_raw = subprocess.check_output(["${pkgs.networkmanager}/bin/nmcli", "-t", "device", "wifi", "list", "--rescan", "yes"]) - wifis_list = wifis_raw.split(b'\n') - wifis = [] - for line in wifis_list: - ls = line.split(b':') - if len(ls) == 8: - wifis.append({"ssid": ls[1], "signal": int(ls[5]), "crypto": ls[7]}) - return wifis - - - def get_known_wifis(): - wifis_lines = [] - with open('${cfg.knownWifisFile}') as f: - wifis_lines = f.read().splitlines() - wifis = [] - for line in wifis_lines: - ls = line.split(':') - wifis.append({"ssid": ls[0].encode(), "psk": ls[1].encode()}) - return wifis - - - def check_internet(): - try: - beacon = urllib.request.urlopen('http://krebsco.de/secret') - except: # noqa - print("no internet") - return False - if beacon.read() == b'1337\n': - return True - print("no internet") - return False - - - def is_wifi_open(wifi): - if wifi['crypto'] == ${"b''"}: - return True - else: - return False - - - def is_wifi_seen(wifi, seen_wifis): - for seen_wifi in seen_wifis: - if seen_wifi["ssid"] == wifi["ssid"]: - return True - return False - - - def bloop(): - while True: - if not check_internet(): - wifis = scan() - known_wifis = get_known_wifis() - known_seen_wifis = [wifi for wifi in known_wifis if is_wifi_seen(wifi, wifis)] - for wifi in known_seen_wifis: - connect(wifi['ssid'], wifi['psk']) - if check_internet(): - continue - open_wifis = filter(is_wifi_open, wifis) - for wifi in open_wifis: - connect(wifi['ssid']) - if check_internet(): - continue - time.sleep(10) - - - bloop() - ''; + ExecStart = "${autowifi}/bin/autowifi"; }; }; + + networking.networkmanager.dispatcherScripts = mkIf cfg.enablePrisonBreak [ + { source = "${pkgs.callPackage <stockholm/makefu/5pkgs/prison-break}/bin/prison-break"; } + ]; }; } diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix new file mode 100644 index 000000000..ccb108f8a --- /dev/null +++ b/lass/3modules/browsers.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, ... }: +with import <stockholm/lib>; +let + + cfg = config.lass.browser; + + browserScripts = { + chromium = "${pkgs.chromium}/bin/chromium"; + firefox = "${pkgs.firefox.override { + extraNativeMessagingHosts = [ pkgs.tridactyl-native ]; + }}/bin/firefox"; + qutebrowser = "${pkgs.qutebrowser}/bin/qutebrowser"; + }; + + browser-select = let + sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) + (mapAttrsToList (name: value: { inherit name value; }) + cfg.config); + in if (lib.length sortedPaths) > 1 then + pkgs.writeScriptBin "browser-select" '' + BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) + case $BROWSER in + ${concatMapStringsSep "\n" (n: '' + ${n.name}) + export BIN=${config.lass.xjail-bins.${n.name}}/bin/${n.name} + ;; + '') (sortedPaths)} + esac + $BIN "$@" + '' + else + let + name = (lib.head sortedPaths).name; + in pkgs.writeScriptBin "browser-select2" '' + ${config.lass.xjail-bins.${name}}/bin/${name} "$@" + '' + ; + +in { + options.lass.browser = { + select = mkOption { + type = types.path; + }; + config = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + name = mkOption { + type = types.str; + default = config._module.args.name; + }; + precedence = mkOption { + type = types.int; + default = 0; + }; + user = mkOption { + type = types.str; + default = config._module.args.name; + }; + browser = mkOption { + type = types.enum (attrNames browserScripts); + default = "chromium"; + }; + groups = mkOption { + type = types.listOf types.str; + default = []; + }; + }; + })); + default = {}; + }; + }; + + config = (mkIf (cfg.config != {}) { + lass.xjail = mapAttrs' (name: browser: + nameValuePair name { + script = browserScripts.${browser.browser}; + groups = browser.groups; + } + ) cfg.config; + environment.systemPackages = (map (browser: + config.lass.xjail-bins.${browser.name} + ) (attrValues cfg.config)) ++ [ + browser-select + ]; + lass.browser.select = browser-select; + }); +} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 1195cd3d4..90dcb9d9c 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -15,5 +15,6 @@ _: ./usershadow.nix ./xjail.nix ./autowifi.nix + ./browsers.nix ]; } diff --git a/lass/5pkgs/autowifi/autowifi.py b/lass/5pkgs/autowifi/autowifi.py new file mode 100644 index 000000000..fa3d007e7 --- /dev/null +++ b/lass/5pkgs/autowifi/autowifi.py @@ -0,0 +1,228 @@ +import subprocess +import time +import urllib.request +import logging +import argparse +import socket +import struct +import signal +import os + +wifiDB = '' +logger = logging.getLogger() +got_signal = False + + +def signal_handler(signum, frame): + global got_signal + got_signal = True + + +def get_default_gateway() -> str: + """Read the default gateway directly from /proc.""" + with open("/proc/net/route") as fh: + for line in fh: + fields = line.strip().split() + if fields[1] != '00000000' or not int(fields[3], 16) & 2: + continue + + return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16))) + + +def connect(ssid, psk=None): + subprocess.run( + ["nmcli", "connection", "delete", "autowifi"], + stdout=subprocess.PIPE, + ) + logging.info('connecting to %s', ssid) + if psk is None: + subprocess.run( + [ + "nmcli", + "device", + "wifi", + "connect", + ssid, + "name", + "autowifi", + ], + stdout=subprocess.PIPE, + ) + else: + subprocess.run( + [ + "nmcli", + "device", + "wifi", + "connect", + ssid, + "name", + "autowifi", + "password", + psk, + ], + stdout=subprocess.PIPE, + ) + time.sleep(5) + + +def scan(): + logging.debug('scanning wifis') + wifis_raw = subprocess.check_output([ + "nmcli", + "-t", + "device", + "wifi", + "list", + "--rescan", + "yes", + ]) + wifis_list = wifis_raw.split(b'\n') + logging.debug('scanning wifis finished') + wifis = [] + for line in wifis_list: + logging.debug(line) + ls = line.split(b':') + if len(ls) == 8: + wifis.append({ + "ssid": ls[1], + "signal": int(ls[5]), + "crypto": ls[7] + }) + return wifis + + +def get_known_wifis(): + wifis_lines = [] + with open(wifiDB) as f: + wifis_lines = f.read().splitlines() + wifis = [] + for line in wifis_lines: + ls = line.split('/') + wifis.append({"ssid": ls[0].encode(), "psk": ls[1].encode()}) + return wifis + + +def check_network(): + logging.debug('checking network') + + global got_signal + if got_signal: + logging.info('got disconnect signal') + got_signal = False + return False + else: + gateway = get_default_gateway() + if gateway: + response = subprocess.run( + [ + 'ping', + '-q', + '-c', + '1', + gateway, + ], + stdout=subprocess.PIPE, + ) + if response.returncode == 0: + logging.debug('host %s is up', gateway) + return True + else: + logging.debug('host %s is down', gateway) + return False + else: + logging.debug('no gateway') + return False + + +def check_internet(): + logging.debug('checking internet') + + try: + with open('./dummy_internet') as f: + dummy_content = f.read() + if dummy_content == 'xxx\n': + return True + beacon = urllib.request.urlopen('http://krebsco.de/secret') + except Exception as e: # noqa + logging.debug(e) + logging.info('no internet exc') + return False + if beacon.read() == b'1337\n': + return True + logging.info('no internet oh') + return False + + +def is_wifi_open(wifi): + if wifi['crypto'] == b'': + return True + else: + return False + + +def is_wifi_seen(wifi, seen_wifis): + for seen_wifi in seen_wifis: + if seen_wifi["ssid"] == wifi["ssid"]: + return True + return False + + +def main(): + parser = argparse.ArgumentParser() + + parser.add_argument( + '-c', '--config', + dest='config', + help='wifi config file to use', + default='/etc/wifis', + ) + + parser.add_argument( + '-l', '--loglevel', + dest='loglevel', + help='loglevel to use', + default=logging.INFO, + ) + + parser.add_argument( + '-p', '--pidfile', + dest='pidfile', + help='file to write the pid to', + default=None, + ) + + args = parser.parse_args() + + global wifiDB + wifiDB = args.config + logger.setLevel(args.loglevel) + + signal.signal(signal.SIGUSR1, signal_handler) + + if args.pidfile: + with open(args.pidfile, 'w+') as f: + f.write(str(os.getpid())) + + while True: + if not check_network(): + wifis = scan() + known_wifis = get_known_wifis() + known_seen_wifis = [ + wifi for wifi in known_wifis if is_wifi_seen(wifi, wifis) + ] + for wifi in known_seen_wifis: + connect(wifi['ssid'], wifi['psk']) + if check_network(): + break + open_wifis = filter(is_wifi_open, wifis) + for wifi in open_wifis: + connect(wifi['ssid']) + + if check_network(): + break + time.sleep(10) + + +if __name__ == '__main__': + main() diff --git a/lass/5pkgs/autowifi/default.nix b/lass/5pkgs/autowifi/default.nix new file mode 100644 index 000000000..d565a6bb6 --- /dev/null +++ b/lass/5pkgs/autowifi/default.nix @@ -0,0 +1 @@ +pkgs.writers.writePython3Bin "autowifi" {} ./autowifi.py diff --git a/lass/5pkgs/bank/default.nix b/lass/5pkgs/bank/default.nix new file mode 100644 index 000000000..9f3a44d79 --- /dev/null +++ b/lass/5pkgs/bank/default.nix @@ -0,0 +1,14 @@ +{ writeDashBin, coreutils, pass, hledger, diffutils }: + +writeDashBin "bank" '' + tmp=$(mktemp) + ${pass}/bin/pass show hledger > $tmp + ${hledger}/bin/hledger --file=$tmp "$@" + ${pass}/bin/pass show hledger | if ${diffutils}/bin/diff $tmp -; then + exit 0 + else + ${coreutils}/bin/cat $tmp | ${pass}/bin/pass insert -m hledger + fi + ${coreutils}/bin/rm $tmp +'' + diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 9d6f8e00c..c0aef513f 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -109,6 +109,7 @@ myKeyMap = [ ("M4-<F11>", spawn "${config.lass.screenlock.command}") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") + , ("M4-S-p", spawn "${pkgs.otpmenu}/bin/otpmenu") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") , ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons") @@ -116,8 +117,8 @@ myKeyMap = , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") - , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") - , ("<XF86MonBrightnessUp>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -inc 1") + , ("<XF86MonBrightnessDown>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -dec 1") + , ("<XF86MonBrightnessUp>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -inc 1") , ("<XF86Launch1>", gridselectWorkspace gridConfig W.view) , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") @@ -158,15 +159,15 @@ myKeyMap = ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f - ''}") - , ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") - , ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") - , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") - , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") + , ("M4-<F5>", spawn "${pkgs.acpilight}/bin/xbacklight -set 1") + , ("M4-<F6>", spawn "${pkgs.acpilight}/bin/xbacklight -set 10") + , ("M4-<F7>", spawn "${pkgs.acpilight}/bin/xbacklight -set 33") + , ("M4-<F8>", spawn "${pkgs.acpilight}/bin/xbacklight -set 100") , ("M4-<F9>", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8") , ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x") - , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") + , ("M4-u", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("M4-s", spawn "${pkgs.knav}/bin/knav") , ("<Print>", spawn "${pkgs.flameshot-once}/bin/flameshot-once") diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index fd6a555d4..e4208f1c1 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -19,20 +19,6 @@ self: super: let mapAttrs (name: _: path + "/${name}") (filterAttrs (_: eq "directory") (readDir path)); -in { - bank = self.writeDashBin "bank" '' - tmp=$(mktemp) - ${self.pass}/bin/pass show hledger > $tmp - ${self.hledger}/bin/hledger --file=$tmp "$@" - ${self.pass}/bin/pass show hledger | if ${self.diffutils}/bin/diff $tmp -; then - exit 0 - else - ${self.coreutils}/bin/cat $tmp | ${self.pass}/bin/pass insert -m hledger - fi - ${self.coreutils}/bin/rm $tmp - ''; -} - -// mapAttrs (_: flip callPackage {}) +in mapAttrs (_: flip callPackage {}) (filterAttrs (_: dir: pathExists (dir + "/default.nix")) (subdirsOf ./.)) diff --git a/lass/krops.nix b/lass/krops.nix index 12652216a..c1fbe2841 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -5,11 +5,6 @@ pkgs ; - host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then - import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; } - else - {} - ; source = { test }: lib.evalSource ([ (krebs-source { test = test; }) @@ -24,7 +19,12 @@ }; }; } - ] ++ (lib.optional (! test) host-source)); + (if lib.pathExists (./. + "/1systems/${name}/source.nix") then + import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs test; } + else + {} + ) + ]); in { |