summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/blue/source.nix2
-rw-r--r--lass/1systems/coaxmetal/config.nix2
-rw-r--r--lass/1systems/coaxmetal/source.nix21
-rw-r--r--lass/1systems/echelon/config.nix3
-rw-r--r--lass/1systems/green/config.nix9
-rw-r--r--lass/1systems/green/source.nix5
-rw-r--r--lass/1systems/morpheus/config.nix29
-rw-r--r--lass/1systems/morpheus/physical.nix44
-rw-r--r--lass/1systems/mors/config.nix29
-rw-r--r--lass/1systems/mors/source.nix21
-rw-r--r--lass/1systems/prism/config.nix11
-rw-r--r--lass/1systems/prism/physical.nix6
-rw-r--r--lass/1systems/red/config.nix28
-rw-r--r--lass/1systems/red/physical.nix7
-rw-r--r--lass/1systems/uriel/config.nix47
-rw-r--r--lass/1systems/uriel/physical.nix59
-rw-r--r--lass/2configs/IM.nix2
-rw-r--r--lass/2configs/baseX.nix5
-rw-r--r--lass/2configs/bepasty.nix44
-rw-r--r--lass/2configs/binary-cache/server.nix7
-rw-r--r--lass/2configs/blue.nix40
-rw-r--r--lass/2configs/codimd.nix10
-rw-r--r--lass/2configs/default.nix26
-rw-r--r--lass/2configs/exim-smarthost.nix4
-rw-r--r--lass/2configs/fetchWallpaper.nix2
-rw-r--r--lass/2configs/gc.nix2
-rw-r--r--lass/2configs/git-brain.nix57
-rw-r--r--lass/2configs/git.nix2
-rw-r--r--lass/2configs/green-host.nix10
-rw-r--r--lass/2configs/hw/x220.nix6
-rw-r--r--lass/2configs/mpv.nix7
-rw-r--r--lass/2configs/muchsync.nix1
-rw-r--r--lass/2configs/murmur.nix13
-rw-r--r--lass/2configs/pass.nix8
-rw-r--r--lass/2configs/pipewire.nix2
-rw-r--r--lass/2configs/prism-mounts/samba.nix15
-rw-r--r--lass/2configs/programs.nix14
-rw-r--r--lass/2configs/radio.nix85
-rw-r--r--lass/2configs/reaktor-coders.nix37
-rw-r--r--lass/2configs/steam.nix2
-rw-r--r--lass/2configs/sync/sync.nix2
-rw-r--r--lass/2configs/tmux.nix46
-rw-r--r--lass/2configs/ts3.nix19
-rw-r--r--lass/2configs/vim.nix15
-rw-r--r--lass/2configs/websites/default.nix7
-rw-r--r--lass/2configs/websites/domsen.nix19
-rw-r--r--lass/2configs/websites/lassulus.nix1
-rw-r--r--lass/2configs/zsh.nix7
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/klem.nix2
-rw-r--r--lass/3modules/restic.nix119
-rw-r--r--lass/3modules/xjail.nix1
-rw-r--r--lass/5pkgs/sshify/default.nix1
-rw-r--r--lass/krops.nix20
54 files changed, 389 insertions, 595 deletions
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index 2b4158211..0b2bf5f5b 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,5 +1,5 @@
{ lib, pkgs, test, ... }:
-{
+if test then {} else {
nixpkgs = lib.mkIf (! test) (lib.mkForce {
file = {
path = toString (pkgs.fetchFromGitHub {
diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix
index 227c5e1e9..0e6bddf5e 100644
--- a/lass/1systems/coaxmetal/config.nix
+++ b/lass/1systems/coaxmetal/config.nix
@@ -16,7 +16,7 @@
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
- # <stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/prism-mounts/samba.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/bitcoin.nix>
diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix
new file mode 100644
index 000000000..abbf26c75
--- /dev/null
+++ b/lass/1systems/coaxmetal/source.nix
@@ -0,0 +1,21 @@
+{ lib, pkgs, test, ... }: let
+ npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
+in {
+ nixpkgs = (if test then lib.mkForce ({ derivation = let
+ rev = npkgs.rev;
+ sha256 = npkgs.sha256;
+ in ''
+ with import (builtins.fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
+ sha256 = "${sha256}";
+ }) {};
+ pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = "${rev}";
+ sha256 = "${sha256}";
+ }
+ ''; }) else {
+ git.ref = lib.mkForce npkgs.rev;
+ });
+}
diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix
index 9e72916b3..eacdff782 100644
--- a/lass/1systems/echelon/config.nix
+++ b/lass/1systems/echelon/config.nix
@@ -5,10 +5,13 @@
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/tor-initrd.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/green-host.nix>
];
krebs.build.host = config.krebs.hosts.echelon;
boot.tmpOnTmpfs = true;
+
}
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index d7bf62b40..b41e396c9 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -17,6 +17,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/IM.nix>
<stockholm/lass/2configs/muchsync.nix>
<stockholm/lass/2configs/pass.nix>
+
+ <stockholm/lass/2configs/git-brain.nix>
];
krebs.build.host = config.krebs.hosts.green;
@@ -68,6 +70,13 @@ with import <stockholm/lib>;
];
clearTarget = true;
};
+ "/var/lib/git" = {
+ source = "/var/state/git";
+ options = [
+ "-M ${toString config.users.users.git.uid}"
+ ];
+ clearTarget = true;
+ };
};
systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" ''
diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix
index 48499c9db..da137e064 100644
--- a/lass/1systems/green/source.nix
+++ b/lass/1systems/green/source.nix
@@ -1,5 +1,4 @@
-{ lib, pkgs, ... }:
-{
+{ lib, pkgs, test, ... }:
+if test then {} else {
nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
- nixpkgs.git.shallow = true;
}
diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix
deleted file mode 100644
index 79d4f528d..000000000
--- a/lass/1systems/morpheus/config.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
-
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/green-host.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.morpheus;
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = true;
-
- services.logind.lidSwitch = "ignore";
- services.logind.lidSwitchDocked = "ignore";
-
- environment.systemPackages = with pkgs; [
- gitAndTools.hub
- nix-review
- firefox
- ag
- ];
-
- services.openssh.forwardX11 = true;
- programs.x2goserver.enable = true;
-}
diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix
deleted file mode 100644
index 6e59a2273..000000000
--- a/lass/1systems/morpheus/physical.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.efiInstallAsRemovable = true;
- boot.loader.grub.device = "nodev";
-
- networking.hostId = "06442b9a";
-
- fileSystems."/" = {
- device = "/dev/pool/root";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/1F60-17C6";
- fsType = "vfat";
- };
-
- fileSystems."/home" = {
- device = "/dev/pool/home";
- fsType = "btrfs";
- };
-
- fileSystems."/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- devices.luksroot.device = "/dev/nvme0n1p3";
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
- '';
-}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 95b688590..88ac90de4 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -183,35 +183,6 @@ with import <stockholm/lib>;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
- lass.restic = genAttrs [
- "daedalus"
- "icarus"
- "littleT"
- "prism"
- "shodan"
- "skynet"
- ] (dest: {
- dirs = [
- "/home/lass/src"
- "/home/lass/work"
- "/home/lass/.gnupg"
- "/home/lass/Maildir"
- "/home/lass/stockholm"
- "/home/lass/.password-store"
- "/home/bitcoin"
- "/home/bch"
- ];
- passwordFile = (toString <secrets>) + "/restic/${dest}";
- repo = "sftp:backup@${dest}.r:/backups/mors";
- #sshPrivateKey = config.krebs.build.host.ssh.privkey.path;
- extraArguments = [
- "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
- ];
- timerConfig = {
- OnCalendar = "00:05";
- RandomizedDelaySec = "5h";
- };
- });
virtualisation.libvirtd.enable = true;
services.earlyoom = {
diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix
new file mode 100644
index 000000000..abbf26c75
--- /dev/null
+++ b/lass/1systems/mors/source.nix
@@ -0,0 +1,21 @@
+{ lib, pkgs, test, ... }: let
+ npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
+in {
+ nixpkgs = (if test then lib.mkForce ({ derivation = let
+ rev = npkgs.rev;
+ sha256 = npkgs.sha256;
+ in ''
+ with import (builtins.fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
+ sha256 = "${sha256}";
+ }) {};
+ pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = "${rev}";
+ sha256 = "${sha256}";
+ }
+ ''; }) else {
+ git.ref = lib.mkForce npkgs.rev;
+ });
+}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index d43fb804a..45f9ae00e 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -112,7 +112,6 @@ with import <stockholm/lib>;
};
}
<stockholm/lass/2configs/exim-smarthost.nix>
- <stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
@@ -124,16 +123,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/jitsi.nix>
- { # quasi bepasty.nix
- imports = [
- <stockholm/lass/2configs/bepasty.nix>
- ];
- krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
- if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
- return 403;
- }
- '';
- }
{
services.tor = {
enable = true;
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 1a3bee850..26ecd1cda 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -65,6 +65,12 @@
fsType = "ext4";
};
+ # silence mdmonitor.service failures
+ # https://github.com/NixOS/nixpkgs/issues/72394
+ environment.etc."mdadm.conf".text = ''
+ MAILADDR root
+ '';
+
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix
deleted file mode 100644
index 3139e94a2..000000000
--- a/lass/1systems/red/config.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
-let
- inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- servephpBB
- ;
-in
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/websites>
- <stockholm/lass/2configs/websites/sqlBackup.nix>
- (servephpBB [ "rote-allez-fraktion.de" ])
- ];
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
- ];
-
- krebs.build.host = config.krebs.hosts.red;
-
- services.nginx.enable = true;
- environment.systemPackages = [
- pkgs.mk_sql_pair
- ];
-}
diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix
deleted file mode 100644
index b6aa3a894..000000000
--- a/lass/1systems/red/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = false;
-}
diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix
deleted file mode 100644
index c3ce8fced..000000000
--- a/lass/1systems/uriel/config.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ config, pkgs, ... }:
-
-with builtins;
-with import <stockholm/lib>;
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- {
- # locke config
- i18n.defaultLocale ="de_DE.UTF-8";
- time.timeZone = "Europe/Berlin";
- services.xserver.enable = true;
- services.xserver.libinput.enable = false;
- users.users.locke = {
- uid = genid "locke";
- home = "/home/locke";
- group = "users";
- createHome = true;
- extraGroups = [
- "audio"
- "networkmanager"
- ];
- useDefaultShell = true;
- isNormalUser = true;
- };
- networking.networkmanager.enable = true;
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
- environment.systemPackages = with pkgs; [
- pavucontrol
- firefox
- hexchat
- networkmanagerapplet
- ];
- services.xserver.desktopManager.xfce = {
- enable = true;
- };
- }
- ];
-
- krebs.build.host = config.krebs.hosts.uriel;
- nixpkgs.config.allowUnfree = true;
-}
diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix
deleted file mode 100644
index 82a088643..000000000
--- a/lass/1systems/uriel/physical.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{
- imports = [
- ./config.nix
- ];
-
- hardware.enableRedistributableFirmware = true;
- boot = {
- #kernelParams = [
- # "acpi.brightness_switch_enabled=0"
- #];
- #loader.grub.enable = true;
- #loader.grub.version = 2;
- #loader.grub.device = "/dev/sda";
-
- loader.systemd-boot.enable = true;
- loader.timeout = 5;
-
- initrd.luks.devices.luksroot.device = "/dev/sda2";
- initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/pool/root";
- fsType = "ext4";
- };
-
- "/bku" = {
- device = "/dev/pool/bku";
- fsType = "ext4";
- };
-
- "/boot" = {
- device = "/dev/sda1";
- };
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
- '';
-
- services.xserver.synaptics = {
- enable = true;
- twoFingerScroll = true;
- accelFactor = "0.035";
- additionalOptions = ''
- Option "FingerHigh" "60"
- Option "FingerLow" "60"
- '';
- };
-}
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
index 5108f6bc1..5b8cebf5c 100644
--- a/lass/2configs/IM.nix
+++ b/lass/2configs/IM.nix
@@ -30,7 +30,7 @@ in {
imports = [
./bitlbee.nix
];
- environment.systemPackages = [ tmux ];
+ environment.systemPackages = [ tmux weechat ];
systemd.services.chat = {
description = "chat environment setup";
after = [ "network.target" ];
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 23eaa2802..124eef2cf 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -11,6 +11,7 @@ in {
./xdg-open.nix
./yubikey.nix
./pipewire.nix
+ ./tmux.nix
./xmonad.nix
{
krebs.per-user.lass.packages = [
@@ -61,7 +62,8 @@ in {
font-size
fzfmenu
gimp
- gitAndTools.qgit
+ gitAndTools.hub
+ git-crypt
git-preview
gnome3.dconf
iodine
@@ -85,6 +87,7 @@ in {
xorg.xhost
xsel
zathura
+ flameshot-once
(pkgs.writeDashBin "screenshot" ''
set -efu
diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix
deleted file mode 100644
index 9bd416c05..000000000
--- a/lass/2configs/bepasty.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-
-# secrets used:
-# wildcard.krebsco.de.crt
-# wildcard.krebsco.de.key
-# bepasty-secret.nix <- contains single string
-
-with import <stockholm/lib>;
-let
- secKey = import <secrets/bepasty-secret.nix>;
- ext-doms = [
- "paste.lassul.us"
- "paste.krebsco.de"
- ];
-in {
-
- services.nginx.enable = mkDefault true;
- krebs.bepasty = {
- enable = true;
- serveNginx= true;
-
- servers = {
- "paste.r" = {
- nginx = {
- serverAliases = [
- "paste.${config.krebs.build.host.name}"
- "paste.r"
- ];
- };
- defaultPermissions = "admin,list,create,read,delete";
- secretKey = secKey;
- };
- } //
- genAttrs ext-doms (ext-dom: {
- nginx = {
- forceSSL = true;
- enableACME = true;
- };
- defaultPermissions = "read,create";
- secretKey = secKey;
- });
- };
-}
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index 101dd045f..baa891821 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -29,6 +29,13 @@
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'';
+ locations."= /nix-cache-info".extraConfig = ''
+ alias ${pkgs.writeText "cache-info" ''
+ StoreDir: /nix/store
+ WantMassQuery: 1
+ Priority: 42
+ ''};
+ '';
};
virtualHosts."cache.krebsco.de" = {
forceSSL = true;
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index 15408a200..28c7d640d 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -2,16 +2,13 @@ with (import <stockholm/lib>);
{ config, lib, pkgs, ... }:
{
-
imports = [
- ./bitlbee.nix
./mail.nix
./pass.nix
];
environment.systemPackages = with pkgs; [
ag
- brain
dic
nmap
git-preview
@@ -30,43 +27,6 @@ with (import <stockholm/lib>);
{ predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";}
];
- systemd.services.chat = let
- tmux = pkgs.writeDash "tmux" ''
- exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
- set-option -g prefix `
- unbind-key C-b
- bind ` send-prefix
-
- set-option -g status off
- set-option -g default-terminal screen-256color
-
- #use session instead of windows
- bind-key c new-session
- bind-key p switch-client -p
- bind-key n switch-client -n
- bind-key C-s switch-client -l
- ''} "$@"
- '';
- in {
- description = "chat environment setup";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- restartIfChanged = false;
-
- path = [
- pkgs.rxvt_unicode.terminfo
- ];
-
- serviceConfig = {
- User = "lass";
- RemainAfterExit = true;
- Type = "oneshot";
- ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
- ExecStop = "${tmux} kill-session -t IM";
- };
- };
-
services.dovecot2 = {
enable = true;
mailLocation = "maildir:~/Maildir";
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix
index 070781a31..271dcfca4 100644
--- a/lass/2configs/codimd.nix
+++ b/lass/2configs/codimd.nix
@@ -1,8 +1,16 @@
{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
let
- domain = "codi.lassul.us";
+ domain = "pad.lassul.us";
in {
+
+ # redirect legacy domain to new one
+ services.nginx.virtualHosts."codi.lassul.us" = {
+ enableACME = true;
+ addSSL = true;
+ locations."/".return = "301 https://${domain}\$request_uri";
+ };
+
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index eb38d0e97..c3fbc2093 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -19,10 +19,9 @@ with import <stockholm/lib>;
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [
- config.krebs.users.lass-mors.pubkey
+ config.krebs.users.lass.pubkey
config.krebs.users.lass-blue.pubkey
config.krebs.users.lass-green.pubkey
- config.krebs.users.lass-yubikey.pubkey
];
};
mainUser = {
@@ -35,25 +34,17 @@ with import <stockholm/lib>;
isNormalUser = true;
extraGroups = [
"audio"
+ "video"
"fuse"
"wheel"
];
openssh.authorizedKeys.keys = [
- config.krebs.users.lass-mors.pubkey
+ config.krebs.users.lass.pubkey
config.krebs.users.lass-blue.pubkey
config.krebs.users.lass-green.pubkey
- config.krebs.users.lass-yubikey.pubkey
- ];
- };
- nix = {
- isNormalUser = true;
- uid = genid_uint31 "nix";
- openssh.authorizedKeys.keys = [
- config.krebs.hosts.mors.ssh.pubkey
];
};
};
- nix.trustedUsers = ["nix"];
}
{
environment.variables = {
@@ -70,7 +61,7 @@ with import <stockholm/lib>;
{
#for sshuttle
environment.systemPackages = [
- pkgs.pythonPackages.python
+ pkgs.python3Packages.python
];
}
];
@@ -89,8 +80,6 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true;
- boot.tmpOnTmpfs = true;
-
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
@@ -102,6 +91,7 @@ with import <stockholm/lib>;
#stockholm
deploy
git
+ git-preview
gnumake
jq
@@ -126,6 +116,7 @@ with import <stockholm/lib>;
file
hashPassword
kpaste
+ cyberlocker-tools
pciutils
pop
q
@@ -187,6 +178,7 @@ with import <stockholm/lib>;
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
+ Storage=persistent
'';
krebs.iptables = {
@@ -223,7 +215,11 @@ with import <stockholm/lib>;
noipv4ll
'';
+ documentation.nixos.includeAllModules = true;
+
# use 24:00 time format, the default got sneakily changed around 20.03
i18n.defaultLocale = mkDefault "C.UTF-8";
+ time.timeZone = mkDefault"Europe/Berlin";
+
system.stateVersion = mkDefault "20.03";
}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index b677fe455..cb9abd43a 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -19,8 +19,10 @@ in {
"lassul.us"
];
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
- config.krebs.hosts.mors
config.krebs.hosts.blue
+ config.krebs.hosts.coaxmetal
+ config.krebs.hosts.green
+ config.krebs.hosts.mors
config.krebs.hosts.xerxes
];
internet-aliases = map (from: { inherit from to; }) mails;
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index 251f886a9..381df494d 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -5,7 +5,7 @@ let
in {
krebs.fetchWallpaper = {
enable = true;
- url = "prism/realwallpaper-krebs-stars.png";
+ url = "prism/realwallpaper-krebs-stars-berlin.png";
};
}
diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
index f9c61c461..224a6cbb9 100644
--- a/lass/2configs/gc.nix
+++ b/lass/2configs/gc.nix
@@ -3,7 +3,7 @@
with import <stockholm/lib>;
{
nix.gc = {
- automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer);
+ automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" "coaxmetal" ] || config.boot.isContainer);
options = "--delete-older-than 15d";
};
}
diff --git a/lass/2configs/git-brain.nix b/lass/2configs/git-brain.nix
new file mode 100644
index 000000000..1c6f92fcd
--- /dev/null
+++ b/lass/2configs/git-brain.nix
@@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+let
+
+ repos = krebs-repos;
+ rules = concatMap krebs-rules (attrValues krebs-repos);
+
+ krebs-repos = mapAttrs make-krebs-repo {
+ brain = { };
+ krebs-secrets = { };
+ };
+
+
+ make-krebs-repo = with git; name: { cgit ? {}, ... }: {
+ inherit cgit name;
+ public = false;
+ hooks = {
+ post-receive = pkgs.git-hooks.irc-announce {
+ nick = config.networking.hostName;
+ verbose = true;
+ channel = "#xxx";
+ # TODO remove the hardcoded hostname
+ server = "irc.r";
+ };
+ };
+ };
+
+
+
+ # TODO: get the list of all krebsministers
+ krebsminister = with config.krebs.users; [ makefu tv ];
+ krebs-rules = repo:
+ set-owners repo [ config.krebs.users.lass ] ++ set-ro-access repo krebsminister;
+
+ set-ro-access = with git; repo: user:
+ singleton {
+ inherit user;
+ repo = [ repo ];
+ perm = fetch;
+ };
+
+ set-owners = with git;repo: user:
+ singleton {
+ inherit user;
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ };
+
+in {
+ krebs.git = {
+ enable = true;
+ cgit = {
+ enable = false;
+ };
+ inherit repos rules;
+ };
+}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index e6aeca5d1..e6c77f64b 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -189,7 +189,7 @@ let
with git // config.krebs.users;
repo:
singleton {
- user = [ lass lass-mors lass-blue lass-yubikey ];
+ user = [ lass lass-green ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
index 355daba9c..a83ed0544 100644
--- a/lass/2configs/green-host.nix
+++ b/lass/2configs/green-host.nix
@@ -6,12 +6,12 @@
];
krebs.sync-containers.containers.green = {
peers = [
+ "echelon"
"icarus"
+ "littleT"
+ "mors"
"shodan"
"skynet"
- "mors"
- "morpheus"
- "littleT"
"styx"
];
hostIp = "10.233.2.15";
@@ -25,5 +25,9 @@
repo = "/var/lib/sync-containers/green/backup";
compression = "auto,lzma";
startAt = "daily";
+ prune.keep = {
+ daily = 7;
+ weekly = 4;
+ };
};
}
diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix
index 31f9787e0..cbb5b168d 100644
--- a/lass/2configs/hw/x220.nix
+++ b/lass/2configs/hw/x220.nix
@@ -6,7 +6,6 @@
boot = {
initrd.luks.devices.luksroot.device = "/dev/sda3";
- initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
extraModulePackages = [
config.boot.kernelPackages.tp_smapi
@@ -36,11 +35,6 @@
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
};
services.logind.lidSwitch = "ignore";
diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix
index 210551a62..854af3eb5 100644
--- a/lass/2configs/mpv.nix
+++ b/lass/2configs/mpv.nix
@@ -80,7 +80,12 @@ let
name = "mpv";
paths = [
(pkgs.writeDashBin "mpv" ''
- exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@"
+ exec ${pkgs.mpv}/bin/mpv \
+ -vo=gpu \
+ --no-config \
+ --script=${autosub} \
+ --script-opts=ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp \
+ "$@"
'')
pkgs.mpv
];
diff --git a/lass/2configs/muchsync.nix b/lass/2configs/muchsync.nix
index b09bf579b..392970dbd 100644
--- a/lass/2configs/muchsync.nix
+++ b/lass/2configs/muchsync.nix
@@ -4,6 +4,7 @@ with (import <stockholm/lib>);
{
systemd.services.muchsync = let
hosts = [
+ "coaxmetal.r"
"mors.r"
"green.r"
"blue.r"
diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix
index 9f325d0af..7cc4051a8 100644
--- a/lass/2configs/murmur.nix
+++ b/lass/2configs/murmur.nix
@@ -16,7 +16,7 @@
StandardError = lib.mkForce "journal";
};
virtualisation.oci-containers.containers.mumble-web = {
- image = "rankenstein/mumble-web";
+ image = "rankenstein/mumble-web:0.5";
environment = {
MUMBLE_SERVER = "lassul.us:64738";
};
@@ -28,12 +28,9 @@
services.nginx.virtualHosts."mumble.lassul.us" = {
enableACME = true;
forceSSL = true;
- locations."/".extraConfig = ''
- proxy_pass http://localhost:64739/;
- proxy_set_header Accept-Encoding "";
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- '';
+ locations."/" = {
+ proxyPass = "http://localhost:64739";
+ proxyWebsockets = true;
+ };
};
}
diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
index 48070ea06..8ec3ac092 100644
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@@ -4,7 +4,15 @@
users.users.mainUser.packages = with pkgs; [
(pass.withExtensions (ext: [ ext.pass-otp ]))
gnupg
+ (pkgs.writers.writeDashBin "unlock" ''
+ set -efu
+ HOST=$1
+
+ pw=$(pass show "admin/$HOST/luks")
+ torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"
+ '')
];
programs.gnupg.agent.enable = true;
+
}
diff --git a/lass/2configs/pipewire.nix b/lass/2configs/pipewire.nix
index 8fdcff4e3..c21ab5d9c 100644
--- a/lass/2configs/pipewire.nix
+++ b/lass/2configs/pipewire.nix
@@ -16,6 +16,7 @@
environment.systemPackages = with pkgs; [
alsaUtils
pulseaudioLight
+ ponymix
];
environment.variables.PULSE_SERVER = "localhost:4713";
@@ -26,6 +27,7 @@
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
+
# https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Migrate-PulseAudio#module-native-protocol-tcp
config.pipewire-pulse = {
"context.properties" = {
diff --git a/lass/2configs/prism-mounts/samba.nix b/lass/2configs/prism-mounts/samba.nix
new file mode 100644
index 000000000..4b1475ef3
--- /dev/null
+++ b/lass/2configs/prism-mounts/samba.nix
@@ -0,0 +1,15 @@
+{
+ fileSystems."/mnt/prism" = {
+ device = "//prism.r/public";
+ fsType = "cifs";
+ options = [
+ "guest"
+ "nofail"
+ "noauto"
+ "ro"
+ "x-systemd.automount"
+ "x-systemd.device-timeout=1"
+ "x-systemd.idle-timeout=1min"
+ ];
+ };
+ }
diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix
index 241d263f8..0a4b4fd9b 100644
--- a/lass/2configs/programs.nix
+++ b/lass/2configs/programs.nix
@@ -13,9 +13,23 @@
pv
pwgen
remmina
+ ripgrep
silver-searcher
+ transmission
wget
xsel
youtube-dl
+ (pkgs.writeDashBin "tether-on" ''
+ adb shell svc usb setFunctions rndis
+ '')
+ (pkgs.writeDashBin "tether-off" ''
+ adb shell svc usb setFunctions
+ '')
+ (pkgs.writeDashBin "dl-movie" ''
+ ${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/movies -a "$@"
+ '')
+ (pkgs.writeDashBin "dl-series" ''
+ ${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/series -a "$@"
+ '')
];
}
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index b1e1ed4d9..501251d13 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -356,6 +356,89 @@ in {
locations."= /good".extraConfig = ''
proxy_pass http://localhost:8001;
'';
+ locations."= /controls".extraConfig = ''
+ default_type "text/html";
+ alias ${pkgs.writeText "controls.html" ''
+<!doctype html>
+
+<html lang="en">
+<head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+
+ <title>The_Playlist Voting!</title>
+<style>
+#good {
+ display: block;
+ width: 100%;
+ border: none;
+ background-color: #04AA6D;
+ padding: 14px;
+ margin: 14px 0 0 0;
+ height: 100px;
+ font-size: 16px;
+ cursor: pointer;
+ text-align: center;
+}
+#bad {
+ display: block;
+ width: 100%;
+ border: none;
+ background-color: red;
+ padding: 14px;
+ height: 100px;
+
+ margin: 14px 0 0 0;
+ font-size: 16px;
+ cursor: pointer;
+ text-align: center;
+}
+</style>
+
+</head>
+
+<body>
+ <div id=votenote></div>
+ <button id=good type="button"> GUT </button>
+
+ <button id=bad type="button"> SCHLECHT </button>
+ <center>
+ Currently Running: <br/><div>
+ <b id=current></b>
+ </div>
+ <div id=vote>
+ </div>
+ <audio controls autoplay="autoplay">
+ <source src="https://radio.lassul.us/radio.ogg" type="audio/ogg">
+ Your browser does not support the audio element.
+ </audio>
+ </center>
+
+ <script>
+ document.getElementById("good").onclick=async ()=>{
+ let result = await fetch("https://radio.lassul.us/good", {"method": "POST"})
+ document.getElementById("vote").textContent = "Dieses Lied findest du gut"
+ };
+ document.getElementById("bad").onclick=async ()=>{
+ let result = await fetch("https://radio.lassul.us/skip", {"method": "POST"})
+ document.getElementById("vote").textContent = "Dieses Lied findest du schlecht"
+ };
+
+ async function current() {
+ let result = await fetch("https://radio.lassul.us/current", {"method": "GET"})
+ let data = await result.json()
+ document.getElementById("current").textContent = data.name
+ }
+ window.onload = function() {
+ window.setInterval('current()', 10000)
+ current()
+ }
+
+ </script>
+</body>
+</html>
+ ''};
+ '';
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
@@ -371,7 +454,7 @@ in {
</head>
<body>
<div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
- <iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
+ <iframe src="https://kiwiirc.com/client/irc.hackint.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
</div>
<div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
<audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 7fd6a2a29..457d5b6c7 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -29,43 +29,6 @@ in {
hooks.url-title
{
activate = "match";
- pattern = ''^@([^ ]+) (.*)$'';
- command = 1;
- arguments = [2];
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- commands = let
- lambdabot = (import (pkgs.fetchFromGitHub {
- owner = "NixOS"; repo = "nixpkgs";
- rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
- sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
- }) {}).lambdabot;
- lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" ''
- exec ${lambdabot}/bin/lambdabot \
- -XStandaloneDeriving -XGADTs -XFlexibleContexts \
- -XFlexibleInstances -XMultiParamTypeClasses \
- -XOverloadedStrings -XFunctionalDependencies \
- -e "$@"
- '';
- in {
- pl.filename = pkgs.writeDash "lambdabot-pl" ''
- ${lambdabotWrapper} "@pl $1"
- '';
- type.filename = pkgs.writeDash "lambdabot-type" ''
- ${lambdabotWrapper} "@type $1"
- '';
- "let".filename = pkgs.writeDash "lambdabot-let" ''
- ${lambdabotWrapper} "@let $1"
- '';
- run.filename = pkgs.writeDash "lambdabot-run" ''
- ${lambdabotWrapper} "@run $1"
- '';
- kind.filename = pkgs.writeDash "lambdabot-kind" ''
- ${lambdabotWrapper} "@kind $1"
- '';
- };
- }
- {
- activate = "match";
pattern = ''^!([^ ]+)(?:\s*(.*))?'';
command = 1;
arguments = [2];
diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix
index 2b9811959..d814a2499 100644
--- a/lass/2configs/steam.nix
+++ b/lass/2configs/steam.nix
@@ -13,7 +13,7 @@
nixpkgs.config.steam.java = true;
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
- users.users.games.packages = [ (pkgs.steam.override {
+ users.users.mainUser.packages = [ (pkgs.steam.override {
extraPkgs = p: with p; [
gnutls # needed for Halo MCC
];
diff --git a/lass/2configs/sync/sync.nix b/lass/2configs/sync/sync.nix
index bee1d03ac..7c0f2e030 100644
--- a/lass/2configs/sync/sync.nix
+++ b/lass/2configs/sync/sync.nix
@@ -1,6 +1,6 @@
{
services.syncthing.declarative.folders."/home/lass/sync" = {
- devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" ];
+ devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" "coaxmetal" ];
};
krebs.permown."/home/lass/sync" = {
file-mode = "u+rw,g+rw";
diff --git a/lass/2configs/tmux.nix b/lass/2configs/tmux.nix
new file mode 100644
index 000000000..c977a1105
--- /dev/null
+++ b/lass/2configs/tmux.nix
@@ -0,0 +1,46 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }:
+
+{
+ nixpkgs.config.packageOverrides = super: {
+ tmux = pkgs.symlinkJoin {
+ name = "tmux";
+ paths = [
+ (pkgs.writeDashBin "tmux" ''
+ exec ${super.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
+ #change prefix key to `
+ set-option -g prefix `
+ unbind-key C-b
+ bind ` send-prefix
+
+ set-option -g default-terminal screen-256color
+
+ #use session instead of windows
+ bind-key c new-session
+ bind-key p switch-client -p
+ bind-key n switch-client -n
+ bind-key C-s switch-client -l
+ ''} "$@"
+ '')
+ super.tmux
+ ];
+ };
+ };
+ environment.systemPackages = with pkgs; [
+ tmux
+ ];
+
+ # programs.bash.interactiveShellInit = ''
+ # if [[ "$TERM" != "linux" && -z "$TMUX" ]]; then
+ # if [[ -n "$SSH_AUTH_SOCK" ]]; then
+ # tmux set-environment -g SSH_AUTH_SOCK "$SSH_AUTH_SOCK" 2>/dev/null
+ # fi
+
+ # exec tmux -u
+ # fi
+ # if [[ "$__host__" != "$HOST" ]]; then
+ # tmux set -g status-bg colour$(string_hash $HOST 255)
+ # export __host__=$HOST
+ # fi
+ # '';
+}
diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix
deleted file mode 100644
index d0cfdf478..000000000
--- a/lass/2configs/ts3.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, ... }:
-
-{
- services.teamspeak3 = {
- enable = true;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- #voice port
- { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 9987"; target = "ACCEPT"; }
- ##file transfer port
- { predicate = "-p tcp --dport 30033"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 30033"; target = "ACCEPT"; }
- ##query port
- #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; }
- #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; }
- ];
-}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index 0e4ac5394..36ce3d74c 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -5,16 +5,6 @@ let
out = {
environment.systemPackages = [
(hiPrio vim)
- (pkgs.writeDashBin "govet" ''
- go vet "$@"
- '')
- (hiPrio (pkgs.python3.withPackages (ps: [
- ps.python-language-server
- ps.pyls-isort
- ps.pyflakes
- ps.flake8
- ps.yapf
- ])))
];
environment.etc.vimrc.source = vimrc;
@@ -33,6 +23,7 @@ let
set directory=${dirs.swapdir}//
set hlsearch
set incsearch
+ set ttymouse=sgr
set mouse=a
set ruler
set pastetoggle=<INS>
@@ -126,11 +117,7 @@ let
'';
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
- pkgs.vimPlugins.ack-vim
pkgs.vimPlugins.undotree
- pkgs.vimPlugins.vim-go
- pkgs.vimPlugins.fzf-vim
- pkgs.vimPlugins.LanguageClient-neovim
(pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchFromGitHub {
diff --git a/lass/2configs/websites/default.nix b/lass/2configs/websites/default.nix
index 1ffa105a7..bfd86ad7e 100644
--- a/lass/2configs/websites/default.nix
+++ b/lass/2configs/websites/default.nix
@@ -8,12 +8,7 @@ with import <stockholm/lib>;
recommendedOptimisation = true;
recommendedTlsSettings = true;
- virtualHosts._http = {
- default = true;
- extraConfig = ''
- return 404;
- '';
- };
+ enableReload = true;
virtualHosts.default = {
locations."= /etc/os-release".extraConfig = ''
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 40f67537e..3f055e370 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -82,7 +82,6 @@ in {
"o_ubikmedia_de"
];
- services.phpfpm.phpPackage = pkgs.php73;
services.phpfpm.phpOptions = ''
sendmail_path = ${sendmail} -t
upload_max_filesize = 100M
@@ -117,6 +116,13 @@ in {
# workaround for android 7
security.acme.certs."lassul.us".keyType = "rsa4096";
+ services.roundcube = {
+ enable = true;
+ hostName = "mail.lassul.us";
+ extraConfig = ''
+ $config['smtp_port'] = 25;
+ '';
+ };
services.dovecot2 = {
enable = true;
mailLocation = "maildir:~/Mail";
@@ -138,7 +144,7 @@ in {
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
- server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
+ server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
'';
internet-aliases = [
{ from = "dma@ubikmedia.de"; to = "domsen"; }
@@ -317,6 +323,15 @@ in {
isNormalUser = true;
};
+ users.users.line = {
+ uid = genid_uint31 "line";
+ home = "/home/line";
+ useDefaultShell = true;
+ # extraGroups = [ "xanf" ];
+ createHome = true;
+ isNormalUser = true;
+ };
+
users.groups.xanf = {};
krebs.on-failure.plans.restic-backups-domsen = {
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index bb983b78e..5bf8de013 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -32,6 +32,7 @@ in {
services.nginx.virtualHosts."lassul.us" = {
addSSL = true;
enableACME = true;
+ default = true;
locations."/".extraConfig = ''
root /srv/http/lassul.us;
'';
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index e65cdd97d..6571461ca 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -58,7 +58,6 @@
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
}}/LS_COLORS)
- alias ls='ls --color'
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
@@ -66,12 +65,6 @@
bindkey "[8~" end-of-line
bindkey "Oc" emacs-forward-word
bindkey "Od" emacs-backward-word
-
- #aliases
- alias ll='ls -l'
- alias la='ls -la'
-
- #fancy window title magic
'';
promptInit = ''
# TODO: figure out why we need to set this here
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 1ce88b238..570bb45be 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -9,7 +9,6 @@ _:
./news.nix
./nichtparasoup.nix
./pyload.nix
- ./restic.nix
./screenlock.nix
./usershadow.nix
./xjail.nix
diff --git a/lass/3modules/klem.nix b/lass/3modules/klem.nix
index a297adcd1..8536d967d 100644
--- a/lass/3modules/klem.nix
+++ b/lass/3modules/klem.nix
@@ -38,7 +38,7 @@ in {
# match filetype against patterns
${concatMapStringsSep "\n" (script: ''
${pkgs.xclip}/bin/xclip -selection clipboard -target TARGETS -out \
- | grep -q '${script.target}'
+ | ${pkgs.gnugrep}/bin/grep -q '${script.target}'
if [ $? -eq 0 ]; then
labels="$labels:${script.label}"
fi
diff --git a/lass/3modules/restic.nix b/lass/3modules/restic.nix
deleted file mode 100644
index c720793b1..000000000
--- a/lass/3modules/restic.nix
+++ /dev/null
@@ -1,119 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
- options.lass.restic = mkOption {
- type = types.attrsOf (types.submodule ({ config, ... }: {
- options = {
- name = mkOption {
- type = types.str;
- default = config._module.args.name;
- };
- passwordFile = mkOption {
- type = types.str;
- default = toString <secrets/restic-password>;
- description = ''
- read the repository password from a file.
- '';
- example = "/etc/nixos/restic-password";
-
- };
- repo = mkOption {
- type = types.str;
- default = "sftp:backup@prism.r:/backups/${config.name}";
- description = ''
- repository to backup to.
- '';
- example = "sftp:backup@192.168.1.100:/backups/${config.name}";
- };
- dirs = mkOption {
- type = types.listOf types.str;
- default = [];
- description = ''
- which directories to backup.
- '';
- example = [
- "/var/lib/postgresql"
- "/home/user/backup"
- ];
- };
- timerConfig = mkOption {
- type = types.attrsOf types.str;
- default = {
- OnCalendar = "daily";
- };
- description = ''
- When to run the backup. See man systemd.timer for details.
- '';
- example = {
- OnCalendar = "00:05";
- RandomizedDelaySec = "5h";
- };
- };
- user = mkOption {
- type = types.str;
- default = "root";
- description = ''
- As which user the backup should run.
- '';
- example = "postgresql";
- };
- extraArguments = mkOption {
- type = types.listOf types.str;
- default = [];
- description = ''
- Extra arguments to append to the restic command.
- '';
- example = [
- "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp"
- ];
- };
- initialize = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Create the repository if it doesn't exist.
- '';
- };
- };
- }));
- default = {};
- };
-
- config = {
- systemd.services =
- mapAttrs' (_: plan:
- let
- extraArguments = concatMapStringsSep " " (arg: "-o ${arg}") plan.extraArguments;
- connectTo = elemAt (splitString ":" plan.repo) 1;
- resticCmd = "${pkgs.restic}/bin/restic ${extraArguments}";
- in nameValuePair "backup.${plan.name}" {
- environment = {
- RESTIC_PASSWORD_FILE = plan.passwordFile;
- RESTIC_REPOSITORY = plan.repo;
- };
- path = with pkgs; [
- openssh
- ];
- restartIfChanged = false;
- serviceConfig = {
- ExecStartPre = mkIf plan.initialize (pkgs.writeScript "rustic-${plan.name}-init" ''
- #! ${pkgs.bash}/bin/bash
- ${resticCmd} snapshots || ${resticCmd} init
- '');
- ExecStart = pkgs.writeDash "rustic-${plan.name}" (
- "#! ${pkgs.bash}/bin/bash\n" +
- concatMapStringsSep "\n" (dir: "${resticCmd} backup ${dir}") plan.dirs
- );
- User = plan.user;
- };
- }
- ) config.lass.restic;
- systemd.timers =
- mapAttrs' (_: plan: nameValuePair "backup.${plan.name}" {
- wantedBy = [ "timers.target" ];
- timerConfig = plan.timerConfig;
- }) config.lass.restic;
- };
-}
diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix
index 526e12db7..f94e7ebbf 100644
--- a/lass/3modules/xjail.nix
+++ b/lass/3modules/xjail.nix
@@ -48,6 +48,7 @@ with import <stockholm/lib>;
wm = mkOption {
#TODO find type
type = types.str;
+ defaultText = "‹script›";
default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
executables.xmonad = {
extra-depends = [
diff --git a/lass/5pkgs/sshify/default.nix b/lass/5pkgs/sshify/default.nix
index aba0ab6bb..445b9b4aa 100644
--- a/lass/5pkgs/sshify/default.nix
+++ b/lass/5pkgs/sshify/default.nix
@@ -1,4 +1,5 @@
{ pkgs }:
+# usage: sshify prism.r -- curl ifconfig.me
pkgs.writers.writeBashBin "sshify" ''
set -efu
diff --git a/lass/krops.nix b/lass/krops.nix
index 128c9ee04..769112706 100644
--- a/lass/krops.nix
+++ b/lass/krops.nix
@@ -24,7 +24,7 @@
};
};
}
- (if (lib.pathExists (./. + "/1systems/${name}/source.nix")) && (! test) then
+ (if lib.pathExists (./. + "/1systems/${name}/source.nix") then
import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs test; }
else
{}
@@ -33,9 +33,23 @@
in {
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
- deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
+ deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeCommand "deploy" {
+ command = targetPath: ''
+
+ set -fu
+
+ outDir=$(mktemp -d)
+ trap "rm -rf $outDir;" INT TERM EXIT
+
+ nix build \
+ -I "${targetPath}" \
+ -f '<nixpkgs/nixos>' config.system.build.toplevel \
+ -o "$outDir/out"
+
+ $outDir/out/bin/switch-to-configuration switch
+ '';
source = source { test = false; };
+ allocateTTY = true;
inherit target;
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 05:43:53 +0000
[cgit] Unable to lock slot /tmp/cgit/f1200000.lock: No such file or directory (2)