From 1edc8c249da009e8e99ee4d0f6dce9449ab03c41 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 19 Jul 2015 22:51:39 +0200 Subject: 2 lass.desktop-base: remove german keyboard layout --- 2configs/lass/desktop-base.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to '2configs') diff --git a/2configs/lass/desktop-base.nix b/2configs/lass/desktop-base.nix index ee7a94bc9..9b98e4a8b 100644 --- a/2configs/lass/desktop-base.nix +++ b/2configs/lass/desktop-base.nix @@ -55,11 +55,9 @@ in { displayManager.auto.enable = true; displayManager.auto.user = mainUser.name; - layout = "us,de"; + layout = "us"; xkbModel = "evdev"; - xkbVariant = "altgr-intl,nodeadkeys"; - xkbOptions = "grp:caps_toggle"; - + xkbVariant = "altgr-intl"; }; } -- cgit v1.2.3 From 2eb1002f7a47b09b64ae1985642168e9733c92e7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Jul 2015 18:57:58 +0200 Subject: 1&2 lass: move userconfig to base.nix --- 2configs/lass/base.nix | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) (limited to '2configs') diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index 5e5b8a7b1..26e6cae51 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -3,14 +3,36 @@ with lib; { imports = [ - ./sshkeys.nix ../../3modules/lass/iptables.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) (import /root/src/secrets/hashedPasswords.nix); } - + { + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = map readFile [ + ../../Zpubkeys/lass.ssh.pub + ]; + }; + mainUser = { + name = "lass"; + uid = 1337; + home = "/home/lass"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "audio" + "wheel" + ]; + openssh.authorizedKeys.keys = map readFile [ + ../../Zpubkeys/lass.ssh.pub + ]; + }; + }; + } ]; nix.useChroot = true; -- cgit v1.2.3 From 69a4c44f08d6e2c6e9a3b9a797fc535d1333833b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Jul 2015 19:02:31 +0200 Subject: 2 lass: remove gitolite from base.nix --- 2configs/lass/base.nix | 33 +++++---------------------------- 1 file changed, 5 insertions(+), 28 deletions(-) (limited to '2configs') diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index 26e6cae51..a0d3c3ad4 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -99,11 +99,11 @@ with lib; "sendmail" ]; - services.gitolite = { - enable = true; - dataDir = "/home/gitolite"; - adminPubkey = config.sshKeys.lass.pub; - }; + #services.gitolite = { + # enable = true; + # dataDir = "/home/gitolite"; + # adminPubkey = config.sshKeys.lass.pub; + #}; services.openssh = { enable = true; @@ -132,27 +132,4 @@ with lib; }; }; - #Networking.firewall = { - # enable = true; - - # allowedTCPPorts = [ - # 22 - # ]; - - # extraCommands = '' - # iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED - # iptables -A INPUT -j ACCEPT -i lo - # #http://serverfault.com/questions/84963/why-not-block-icmp - # iptables -A INPUT -j ACCEPT -p icmp - - # #TODO: fix Retiolum firewall - # #iptables -N RETIOLUM - # #iptables -A INPUT -j RETIOLUM -i retiolum - # #iptables -A RETIOLUM -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED - # #iptables -A RETIOLUM -j REJECT -p tcp --reject-with tcp-reset - # #iptables -A RETIOLUM -j REJECT -p udp --reject-with icmp-port-unreachable - # #iptables -A RETIOLUM -j REJECT --reject-with icmp-proto-unreachable - # #iptables -A RETIOLUM -j REJECT - # ''; - #}; } -- cgit v1.2.3 From a1ea09404f717493cac5bd320093a7240dac32fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Jul 2015 19:14:15 +0200 Subject: 2 lass.git-repos: change irc-server to cd --- 2configs/lass/git-repos.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to '2configs') diff --git a/2configs/lass/git-repos.nix b/2configs/lass/git-repos.nix index c0c305b85..b4f446aef 100644 --- a/2configs/lass/git-repos.nix +++ b/2configs/lass/git-repos.nix @@ -39,7 +39,7 @@ let post-receive = git.irc-announce { nick = config.networking.hostName; # TODO make this the default channel = "#retiolum"; - server = "ire.retiolum"; + server = "cd.retiolum"; }; }; }; @@ -63,7 +63,7 @@ let post-receive = git.irc-announce { nick = config.networking.hostName; # TODO make this the default channel = "#retiolum"; - server = "ire.retiolum"; + server = "cd.retiolum"; }; }; public = true; -- cgit v1.2.3 From d94b2132d54a7b38fa307bb1ad5c0ddf9812f54e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:11:56 +0200 Subject: 1&2 lass: move exim/retiolum to retiolum.nix --- 2configs/lass/retiolum.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 2configs/lass/retiolum.nix (limited to '2configs') diff --git a/2configs/lass/retiolum.nix b/2configs/lass/retiolum.nix new file mode 100644 index 000000000..d1389ad2a --- /dev/null +++ b/2configs/lass/retiolum.nix @@ -0,0 +1,29 @@ +{ ... }: + +{ + imports = [ + ../../3modules/lass/iptables.nix + ../../3modules/tv/retiolum.nix + ../../2configs/tv/exim-retiolum.nix + ]; + + lass.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } + { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + ]; + }; + }; + + tv.retiolum = { + enable = true; + hosts = ../../Zhosts; + connectTo = [ + "fastpoke" + "cloudkrebs" + "pigstarter" + ]; + }; +} -- cgit v1.2.3 From 47f68443a39d8492b4bd056de8e35cfef2027f0c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:17:40 +0200 Subject: 1&2 lass: move vim.nix import to base.nix --- 2configs/lass/base.nix | 1 + 1 file changed, 1 insertion(+) (limited to '2configs') diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index a0d3c3ad4..35631ffef 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -4,6 +4,7 @@ with lib; { imports = [ ../../3modules/lass/iptables.nix + ../../2configs/lass/vim.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) -- cgit v1.2.3 From 5913192e74212e3398b126d50030cfd60333c295 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:19:24 +0200 Subject: 2 lass.base: use precedence in iptables config --- 2configs/lass/base.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to '2configs') diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index 35631ffef..b24e6a9a4 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -125,10 +125,10 @@ with lib; filter.INPUT.policy = "DROP"; filter.FORWARD.policy = "DROP"; filter.INPUT.rules = [ - { predicate = "-i lo"; target = "ACCEPT"; } - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } - { predicate = "-p icmp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; } + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } ]; }; }; -- cgit v1.2.3 From 118b74fdb21d348c82b4bdc8ba88e5f39afe2ea7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:19:46 +0200 Subject: 2 lass.base: add nmap to defaultPackages --- 2configs/lass/base.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to '2configs') diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index b24e6a9a4..494cafa95 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -53,6 +53,8 @@ with lib; ''; environment.systemPackages = with pkgs; [ + nmap + git most rxvt_unicode.terminfo -- cgit v1.2.3 From b590d9e21d8c99a91fd419c3e0bea949a9ac6849 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:20:44 +0200 Subject: 1 lass.cloudkrebs: move config to fastpoke-pages --- 2configs/lass/fastpoke-pages.nix | 103 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 2configs/lass/fastpoke-pages.nix (limited to '2configs') diff --git a/2configs/lass/fastpoke-pages.nix b/2configs/lass/fastpoke-pages.nix new file mode 100644 index 000000000..2fd9a863a --- /dev/null +++ b/2configs/lass/fastpoke-pages.nix @@ -0,0 +1,103 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + imports = [ + ../../3modules/tv/nginx.nix + ../../3modules/lass/iptables.nix + ]; + + lass.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + ]; + }; + }; + + #createStaticPage = domain: + # { + # irc.nginx.servers."${domain}" = { + # server-names = [ + # "${domain}" + # "www.${domain}" + # ]; + # locations = [ + # (nameValuePair "/" '' + # root /var/lib/http/${domain}; + # '') + # ]; + # }; + # networking.extraHosts = '' + # 10.243.206.102 ${domain} + # ''; + # }; + + #map createStaticPage [ + # "habsys.de" + # "pixelpocket.de" + # "karlaskop.de" + # "ubikmedia.de" + # "apanowicz.de" + # "aidsballs.de" + #]; + + tv.nginx = { + enable = true; + servers = { + + "habsys.de" = { + server-names = [ + "habsys.de" + "www.habsys.de" + ]; + locations = [ + (nameValuePair "/" '' + root /var/lib/http/habsys.de; + '') + ]; + }; + + "karlaskop.de" = { + server-names = [ + "karlaskop.de" + "www.karlaskop.de" + ]; + locations = [ + (nameValuePair "/" '' + root /var/lib/http/karlaskop.de; + '') + ]; + }; + + "pixelpocket.de" = { + server-names = [ + "pixelpocket.de" + "www.karlaskop.de" + ]; + locations = [ + (nameValuePair "/" '' + root /var/lib/http/karlaskop.de; + '') + ]; + }; + + }; + }; + + networking.extraHosts = '' + 10.243.206.102 habsys.de karlaskop.de pixelpocket.de ubikmedia.de apanowicz.de + 10.243.206.102 aidsballs.de + ''; + + #services.postgresql = { + # enable = true; + #}; + + #config.services.vsftpd = { + # enable = true; + # userlistEnable = true; + # userlistFile = pkgs.writeFile "vsftpd-userlist" '' + # ''; + #}; +} -- cgit v1.2.3 From e2cf12b59d7142ce292cc086d260c7b5539adf05 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 13:16:30 +0200 Subject: 2 lass.identity: add with cloudkrebs --- 2configs/lass/identity.nix | 48 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 2configs/lass/identity.nix (limited to '2configs') diff --git a/2configs/lass/identity.nix b/2configs/lass/identity.nix new file mode 100644 index 000000000..bfaad14d2 --- /dev/null +++ b/2configs/lass/identity.nix @@ -0,0 +1,48 @@ +{ config, ... }: + +{ + imports = [ ../../3modules/tv/identity.nix ]; + tv.identity = { + enable = true; + search = "retiolum"; + hosts = { + cloudkrebs = { + cores = 1; + dc = "lass"; #dc = "cac"; + nets = rec { + internet = { + addrs4 = ["104.167.113.104"]; + aliases = [ + "cloudkrebs.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.206.102"]; + addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"]; + aliases = [ + "cloudkrebs.retiolum" + "cgit.cloudkrebs.retiolum" + "habsys.de" + "pixelpocket.de" + "karlaskop.de" + "ubikmedia.de" + "apanowicz.de" + "aidsballs.de" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA + OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF + QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v + 3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC + sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO + TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; + }; +} -- cgit v1.2.3 From 6476abd6ac7e000d0759569a1e2754acb2f518ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jul 2015 14:00:28 +0200 Subject: 2 lass.fastpoke-pages: use functions for static --- 2configs/lass/fastpoke-pages.nix | 121 ++++++++++++++++++++------------------- 1 file changed, 61 insertions(+), 60 deletions(-) (limited to '2configs') diff --git a/2configs/lass/fastpoke-pages.nix b/2configs/lass/fastpoke-pages.nix index 2fd9a863a..4db4847f4 100644 --- a/2configs/lass/fastpoke-pages.nix +++ b/2configs/lass/fastpoke-pages.nix @@ -1,10 +1,37 @@ { config, lib, pkgs, ... }: with lib; -{ + +let + createStaticPage = domain: + { + tv.nginx.servers."${domain}" = { + server-names = [ + "${domain}" + "www.${domain}" + ]; + locations = [ + (nameValuePair "/" '' + root /var/lib/http/${domain}; + '') + ]; + }; + #networking.extraHosts = '' + # 10.243.206.102 ${domain} + #''; + }; + +in { imports = [ ../../3modules/tv/nginx.nix ../../3modules/lass/iptables.nix + ] ++ map createStaticPage [ + "habsys.de" + "pixelpocket.de" + "karlaskop.de" + "ubikmedia.de" + "apanowicz.de" + "aidsballs.de" ]; lass.iptables = { @@ -15,72 +42,46 @@ with lib; }; }; - #createStaticPage = domain: - # { - # irc.nginx.servers."${domain}" = { - # server-names = [ - # "${domain}" - # "www.${domain}" - # ]; - # locations = [ - # (nameValuePair "/" '' - # root /var/lib/http/${domain}; - # '') - # ]; - # }; - # networking.extraHosts = '' - # 10.243.206.102 ${domain} - # ''; - # }; - - #map createStaticPage [ - # "habsys.de" - # "pixelpocket.de" - # "karlaskop.de" - # "ubikmedia.de" - # "apanowicz.de" - # "aidsballs.de" - #]; tv.nginx = { enable = true; servers = { - "habsys.de" = { - server-names = [ - "habsys.de" - "www.habsys.de" - ]; - locations = [ - (nameValuePair "/" '' - root /var/lib/http/habsys.de; - '') - ]; - }; + #"habsys.de" = { + # server-names = [ + # "habsys.de" + # "www.habsys.de" + # ]; + # locations = [ + # (nameValuePair "/" '' + # root /var/lib/http/habsys.de; + # '') + # ]; + #}; - "karlaskop.de" = { - server-names = [ - "karlaskop.de" - "www.karlaskop.de" - ]; - locations = [ - (nameValuePair "/" '' - root /var/lib/http/karlaskop.de; - '') - ]; - }; + #"karlaskop.de" = { + # server-names = [ + # "karlaskop.de" + # "www.karlaskop.de" + # ]; + # locations = [ + # (nameValuePair "/" '' + # root /var/lib/http/karlaskop.de; + # '') + # ]; + #}; - "pixelpocket.de" = { - server-names = [ - "pixelpocket.de" - "www.karlaskop.de" - ]; - locations = [ - (nameValuePair "/" '' - root /var/lib/http/karlaskop.de; - '') - ]; - }; + #"pixelpocket.de" = { + # server-names = [ + # "pixelpocket.de" + # "www.karlaskop.de" + # ]; + # locations = [ + # (nameValuePair "/" '' + # root /var/lib/http/karlaskop.de; + # '') + # ]; + #}; }; }; -- cgit v1.2.3 From 5daf0be71967de2d2ef9d9902d9132cee6e68d83 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:55:16 +0200 Subject: 2 lass.fastpoke-pages: tv.nginx -> krebs.nginx --- 2configs/lass/fastpoke-pages.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to '2configs') diff --git a/2configs/lass/fastpoke-pages.nix b/2configs/lass/fastpoke-pages.nix index 4db4847f4..3d6fcf2e1 100644 --- a/2configs/lass/fastpoke-pages.nix +++ b/2configs/lass/fastpoke-pages.nix @@ -5,7 +5,7 @@ with lib; let createStaticPage = domain: { - tv.nginx.servers."${domain}" = { + krebs.nginx.servers."${domain}" = { server-names = [ "${domain}" "www.${domain}" @@ -23,7 +23,6 @@ let in { imports = [ - ../../3modules/tv/nginx.nix ../../3modules/lass/iptables.nix ] ++ map createStaticPage [ "habsys.de" @@ -43,7 +42,7 @@ in { }; - tv.nginx = { + krebs.nginx = { enable = true; servers = { -- cgit v1.2.3 From cee80c3a67ba9d097733e9c42fa740729803f393 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:56:46 +0200 Subject: 2 lass.retiolum: tv.retiolum -> krebs.retiolum --- 2configs/lass/retiolum.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to '2configs') diff --git a/2configs/lass/retiolum.nix b/2configs/lass/retiolum.nix index d1389ad2a..767a1ce83 100644 --- a/2configs/lass/retiolum.nix +++ b/2configs/lass/retiolum.nix @@ -3,7 +3,6 @@ { imports = [ ../../3modules/lass/iptables.nix - ../../3modules/tv/retiolum.nix ../../2configs/tv/exim-retiolum.nix ]; @@ -17,7 +16,7 @@ }; }; - tv.retiolum = { + krebs.retiolum = { enable = true; hosts = ../../Zhosts; connectTo = [ -- cgit v1.2.3 From 611ae1101e303c860624c39a62c745420a37cd18 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:57:46 +0200 Subject: 1 lass: use new-repos.nix --- 2configs/lass/new-repos.nix | 77 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 2configs/lass/new-repos.nix (limited to '2configs') diff --git a/2configs/lass/new-repos.nix b/2configs/lass/new-repos.nix new file mode 100644 index 000000000..2c73f9509 --- /dev/null +++ b/2configs/lass/new-repos.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, ... }: + +with import ../../4lib/tv { inherit lib pkgs; }; +let + + out = { + krebs.git = { + enable = true; + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + inherit repos rules; + }; + }; + + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) ( + public-repos // + optionalAttrs config.krebs.build.host.secure restricted-repos + ); + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + painload = {}; + stockholm = { + desc = "take all the computers hostage, they'll love you!"; + }; + wai-middleware-time = {}; + web-routes-wai-custom = {}; + }; + + restricted-repos = mapAttrs make-restricted-repo ( + { + brain = { + collaborators = with config.krebs.users; [ tv makefu ]; + }; + } // + import /root/src/secrets/repos.nix { inherit config lib pkgs; } + ); + + make-public-repo = name: { desc ? null, ... }: { + inherit name desc; + public = true; + hooks = { + post-receive = git.irc-announce { + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + channel = "#retiolum"; + server = "cd.retiolum"; + }; + }; + }; + + make-restricted-repo = name: { desc ? null, ... }: { + inherit name desc; + public = false; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = lass; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = [ tv makefu uriel ]; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out -- cgit v1.2.3 From da925fd8223b5e7e066d78759faf89df8ddd2e9d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:59:47 +0200 Subject: 2 lass.fastpoke-pages: dont write /etc/hosts --- 2configs/lass/fastpoke-pages.nix | 6 ------ 1 file changed, 6 deletions(-) (limited to '2configs') diff --git a/2configs/lass/fastpoke-pages.nix b/2configs/lass/fastpoke-pages.nix index 3d6fcf2e1..74e92ccc3 100644 --- a/2configs/lass/fastpoke-pages.nix +++ b/2configs/lass/fastpoke-pages.nix @@ -30,7 +30,6 @@ in { "karlaskop.de" "ubikmedia.de" "apanowicz.de" - "aidsballs.de" ]; lass.iptables = { @@ -85,11 +84,6 @@ in { }; }; - networking.extraHosts = '' - 10.243.206.102 habsys.de karlaskop.de pixelpocket.de ubikmedia.de apanowicz.de - 10.243.206.102 aidsballs.de - ''; - #services.postgresql = { # enable = true; #}; -- cgit v1.2.3 From f2fd8a6ec978d73df9df1bf280dc2173e7039e05 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 14:00:37 +0200 Subject: 2 lass.git-repos: delete --- 2configs/lass/git-repos.nix | 140 -------------------------------------------- 1 file changed, 140 deletions(-) delete mode 100644 2configs/lass/git-repos.nix (limited to '2configs') diff --git a/2configs/lass/git-repos.nix b/2configs/lass/git-repos.nix deleted file mode 100644 index b4f446aef..000000000 --- a/2configs/lass/git-repos.nix +++ /dev/null @@ -1,140 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (builtins) map readFile; - inherit (lib) concatMap listToAttrs; - # TODO lib should already include our stuff - inherit (import ../../4lib/tv { inherit lib pkgs; }) addNames git; - - x-repos = [ - (krebs-private "brain") - - (public "painload") - (public "shitment") - (public "wai-middleware-time") - (public "web-routes-wai-custom") - - (secret "pass") - - (tv-lass "emse-drywall") - (tv-lass "emse-hsdb") - ]; - - users = addNames { - tv = { pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; }; - lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; }; - uriel = { pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; }; - makefu = { pubkey = readFile ../../Zpubkeys/makefu.ssh.pub; }; - }; - - repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) x-repos); - - rules = concatMap ({ rules, ... }: rules) x-repos; - - krebs-private = repo-name: - rec { - repo = { - name = repo-name; - hooks = { - post-receive = git.irc-announce { - nick = config.networking.hostName; # TODO make this the default - channel = "#retiolum"; - server = "cd.retiolum"; - }; - }; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ tv makefu uriel ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - - public = repo-name: - rec { - repo = { - name = repo-name; - hooks = { - post-receive = git.irc-announce { - nick = config.networking.hostName; # TODO make this the default - channel = "#retiolum"; - server = "cd.retiolum"; - }; - }; - public = true; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ tv makefu uriel ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - - secret = repo-name: - rec { - repo = { - name = repo-name; - hooks = {}; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ uriel ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - - tv-lass = repo-name: - rec { - repo = { - name = repo-name; - hooks = {}; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ tv ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - -in - -{ - imports = [ - ../../3modules/tv/git.nix - ../../3modules/lass/iptables.nix - ]; - - tv.git = { - enable = true; - inherit repos rules users; - }; - - lass.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - }; - -} -- cgit v1.2.3 From a141fa1e0c7ed11510d3a1006576b05ce4e280cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 17:03:20 +0200 Subject: lass: move krebs config to base --- 2configs/lass/base.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to '2configs') diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index 494cafa95..8d4a9c896 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -36,6 +36,11 @@ with lib; } ]; + krebs = { + enable = true; + search-domain = "retiolum"; + }; + nix.useChroot = true; users.mutableUsers = false; -- cgit v1.2.3 From ac64527c5707cca5fc6e6e6ecf3957129cdb32b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jul 2015 20:28:21 +0200 Subject: lass: port everything to stockholm --- 2configs/lass/base.nix | 143 ------------------------------ 2configs/lass/binary-caches.nix | 13 --- 2configs/lass/bird.nix | 13 --- 2configs/lass/bitcoin.nix | 17 ---- 2configs/lass/browsers.nix | 67 -------------- 2configs/lass/chromium-patched.nix | 48 ---------- 2configs/lass/desktop-base.nix | 63 -------------- 2configs/lass/elster.nix | 20 ----- 2configs/lass/fastpoke-pages.nix | 97 --------------------- 2configs/lass/games.nix | 25 ------ 2configs/lass/gitolite-base.nix | 173 ------------------------------------- 2configs/lass/identity.nix | 48 ---------- 2configs/lass/ircd.nix | 92 -------------------- 2configs/lass/mors/repos.nix | 87 ------------------- 2configs/lass/mors/retiolum.nix | 21 ----- 2configs/lass/new-repos.nix | 77 ----------------- 2configs/lass/pass.nix | 10 --- 2configs/lass/programs.nix | 24 ----- 2configs/lass/retiolum.nix | 28 ------ 2configs/lass/sshkeys.nix | 11 --- 2configs/lass/steam.nix | 30 ------- 2configs/lass/texlive.nix | 7 -- 2configs/lass/urxvt.nix | 40 --------- 2configs/lass/vim.nix | 118 ------------------------- 2configs/lass/virtualbox.nix | 22 ----- 2configs/lass/wine.nix | 23 ----- 26 files changed, 1317 deletions(-) delete mode 100644 2configs/lass/base.nix delete mode 100644 2configs/lass/binary-caches.nix delete mode 100644 2configs/lass/bird.nix delete mode 100644 2configs/lass/bitcoin.nix delete mode 100644 2configs/lass/browsers.nix delete mode 100644 2configs/lass/chromium-patched.nix delete mode 100644 2configs/lass/desktop-base.nix delete mode 100644 2configs/lass/elster.nix delete mode 100644 2configs/lass/fastpoke-pages.nix delete mode 100644 2configs/lass/games.nix delete mode 100644 2configs/lass/gitolite-base.nix delete mode 100644 2configs/lass/identity.nix delete mode 100644 2configs/lass/ircd.nix delete mode 100644 2configs/lass/mors/repos.nix delete mode 100644 2configs/lass/mors/retiolum.nix delete mode 100644 2configs/lass/new-repos.nix delete mode 100644 2configs/lass/pass.nix delete mode 100644 2configs/lass/programs.nix delete mode 100644 2configs/lass/retiolum.nix delete mode 100644 2configs/lass/sshkeys.nix delete mode 100644 2configs/lass/steam.nix delete mode 100644 2configs/lass/texlive.nix delete mode 100644 2configs/lass/urxvt.nix delete mode 100644 2configs/lass/vim.nix delete mode 100644 2configs/lass/virtualbox.nix delete mode 100644 2configs/lass/wine.nix (limited to '2configs') diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix deleted file mode 100644 index 8d4a9c896..000000000 --- a/2configs/lass/base.nix +++ /dev/null @@ -1,143 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -{ - imports = [ - ../../3modules/lass/iptables.nix - ../../2configs/lass/vim.nix - { - users.extraUsers = - mapAttrs (_: h: { hashedPassword = h; }) - (import /root/src/secrets/hashedPasswords.nix); - } - { - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/lass.ssh.pub - ]; - }; - mainUser = { - name = "lass"; - uid = 1337; - home = "/home/lass"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "audio" - "wheel" - ]; - openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/lass.ssh.pub - ]; - }; - }; - } - ]; - - krebs = { - enable = true; - search-domain = "retiolum"; - }; - - nix.useChroot = true; - - users.mutableUsers = false; - - boot.tmpOnTmpfs = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - PAGER=most - ''; - - environment.systemPackages = with pkgs; [ - nmap - - git - most - rxvt_unicode.terminfo - - #network - iptables - ]; - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - - #fancy colors - if [ -e ~/LS_COLORS ]; then - eval $(dircolors ~/LS_COLORS) - fi - - if [ -e /etc/nixos/dotfiles/link ]; then - /etc/nixos/dotfiles/link - fi - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]\w\[\033[0m\] ' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]\w\[\033[0m\] ' - else - PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - - security.setuidPrograms = [ - "sendmail" - ]; - - #services.gitolite = { - # enable = true; - # dataDir = "/home/gitolite"; - # adminPubkey = config.sshKeys.lass.pub; - #}; - - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - lass.iptables = { - enable = true; - tables = { - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - ]; - }; - }; - -} diff --git a/2configs/lass/binary-caches.nix b/2configs/lass/binary-caches.nix deleted file mode 100644 index c2727520d..000000000 --- a/2configs/lass/binary-caches.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: - -{ - nix.sshServe.enable = true; - nix.sshServe.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel" - ]; - nix.binaryCaches = [ - #"scp://nix-ssh@mors" - #"scp://nix-ssh@uriel" - ]; -} diff --git a/2configs/lass/bird.nix b/2configs/lass/bird.nix deleted file mode 100644 index 3fc265cd7..000000000 --- a/2configs/lass/bird.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: - -{ - config.services.bird = { - enable = true; - config = '' - router id 192.168.122.1; - protocol device { - scan time 10; - } - ''; - }; -} diff --git a/2configs/lass/bitcoin.nix b/2configs/lass/bitcoin.nix deleted file mode 100644 index d3bccbf5c..000000000 --- a/2configs/lass/bitcoin.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - electrum - ]; - - users.extraUsers = { - bitcoin = { - name = "bitcoin"; - description = "user for bitcoin stuff"; - home = "/home/bitcoin"; - useDefaultShell = true; - createHome = true; - }; - }; -} diff --git a/2configs/lass/browsers.nix b/2configs/lass/browsers.nix deleted file mode 100644 index 8aecea925..000000000 --- a/2configs/lass/browsers.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; - -in { - - nixpkgs.config.packageOverrides = pkgs : { - chromium = pkgs.chromium.override { - pulseSupport = true; - }; - }; - - environment.systemPackages = with pkgs; [ - firefox - ]; - - users.extraUsers = { - firefox = { - name = "firefox"; - description = "user for running firefox"; - home = "/home/firefox"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; - }; - chromium = { - name = "chromium"; - description = "user for running chromium"; - home = "/home/chromium"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; - }; - facebook = { - name = "facebook"; - description = "user for running facebook in chromium"; - home = "/home/facebook"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; - }; - google = { - name = "google"; - description = "user for running google+/gmail in chromium"; - home = "/home/google"; - useDefaultShell = true; - createHome = true; - }; - flash = { - name = "flash"; - description = "user for running flash stuff"; - home = "/home/flash"; - useDefaultShell = true; - extraGroups = [ "audio" ]; - createHome = true; - }; - }; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(firefox) NOPASSWD: ALL - ${mainUser.name} ALL=(chromium) NOPASSWD: ALL - ${mainUser.name} ALL=(facebook) NOPASSWD: ALL - ${mainUser.name} ALL=(google) NOPASSWD: ALL - ${mainUser.name} ALL=(flash) NOPASSWD: ALL - ''; -} diff --git a/2configs/lass/chromium-patched.nix b/2configs/lass/chromium-patched.nix deleted file mode 100644 index 715181778..000000000 --- a/2configs/lass/chromium-patched.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, pkgs, ... }: - -#settings to test: -# - #"ForceEphemeralProfiles": true, -let - masterPolicy = pkgs.writeText "master.json" '' - { - "PasswordManagerEnabled": false, - "DefaultGeolocationSetting": 2, - "RestoreOnStartup": 1, - "AutoFillEnabled": false, - "BackgroundModeEnabled": false, - "DefaultBrowserSettingEnabled": false, - "SafeBrowsingEnabled": false, - "ExtensionInstallForcelist": [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx", - "ihlenndgcmojhcghmfjfneahoeklbjjh;https://clients2.google.com/service/update2/crx" - ] - } - ''; - - master_preferences = pkgs.writeText "master_preferences" '' - { - "browser": { - "custom_chrome_frame": true - }, - - "extensions": { - "theme": { - "id": "", - "use_system": true - } - } - } - ''; -in { - environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy; - - environment.systemPackages = [ - #pkgs.chromium - (pkgs.lib.overrideDerivation pkgs.chromium (attrs: { - buildCommand = attrs.buildCommand + '' - touch $out/TEST123 - ''; - })) - ]; -} diff --git a/2configs/lass/desktop-base.nix b/2configs/lass/desktop-base.nix deleted file mode 100644 index 9b98e4a8b..000000000 --- a/2configs/lass/desktop-base.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; -in { - imports = [ - ./base.nix - ]; - - time.timeZone = "Europe/Berlin"; - - virtualisation.libvirtd.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - programs.ssh.startAgent = false; - - security.setuidPrograms = [ "slock" ]; - - services.printing = { - enable = true; - drivers = [ pkgs.foomatic_filters ]; - }; - - environment.systemPackages = with pkgs; [ - - powertop - - #window manager stuff - haskellPackages.xmobar - haskellPackages.yeganesh - dmenu2 - xlibs.fontschumachermisc - ]; - - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; - - services.xserver = { - enable = true; - - windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [ - X11-xshape - ]; - windowManager.xmonad.enable = true; - windowManager.xmonad.enableContribAndExtras = true; - windowManager.default = "xmonad"; - desktopManager.default = "none"; - desktopManager.xterm.enable = false; - displayManager.slim.enable = true; - displayManager.auto.enable = true; - displayManager.auto.user = mainUser.name; - - layout = "us"; - xkbModel = "evdev"; - xkbVariant = "altgr-intl"; - }; - -} diff --git a/2configs/lass/elster.nix b/2configs/lass/elster.nix deleted file mode 100644 index 1edd01896..000000000 --- a/2configs/lass/elster.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; - -in { - users.extraUsers = { - elster = { - name = "elster"; - description = "user for running elster-online"; - home = "/home/elster"; - useDefaultShell = true; - extraGroups = []; - createHome = true; - }; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(elster) NOPASSWD: ALL - ''; -} diff --git a/2configs/lass/fastpoke-pages.nix b/2configs/lass/fastpoke-pages.nix deleted file mode 100644 index 74e92ccc3..000000000 --- a/2configs/lass/fastpoke-pages.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - createStaticPage = domain: - { - krebs.nginx.servers."${domain}" = { - server-names = [ - "${domain}" - "www.${domain}" - ]; - locations = [ - (nameValuePair "/" '' - root /var/lib/http/${domain}; - '') - ]; - }; - #networking.extraHosts = '' - # 10.243.206.102 ${domain} - #''; - }; - -in { - imports = [ - ../../3modules/lass/iptables.nix - ] ++ map createStaticPage [ - "habsys.de" - "pixelpocket.de" - "karlaskop.de" - "ubikmedia.de" - "apanowicz.de" - ]; - - lass.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - ]; - }; - }; - - - krebs.nginx = { - enable = true; - servers = { - - #"habsys.de" = { - # server-names = [ - # "habsys.de" - # "www.habsys.de" - # ]; - # locations = [ - # (nameValuePair "/" '' - # root /var/lib/http/habsys.de; - # '') - # ]; - #}; - - #"karlaskop.de" = { - # server-names = [ - # "karlaskop.de" - # "www.karlaskop.de" - # ]; - # locations = [ - # (nameValuePair "/" '' - # root /var/lib/http/karlaskop.de; - # '') - # ]; - #}; - - #"pixelpocket.de" = { - # server-names = [ - # "pixelpocket.de" - # "www.karlaskop.de" - # ]; - # locations = [ - # (nameValuePair "/" '' - # root /var/lib/http/karlaskop.de; - # '') - # ]; - #}; - - }; - }; - - #services.postgresql = { - # enable = true; - #}; - - #config.services.vsftpd = { - # enable = true; - # userlistEnable = true; - # userlistFile = pkgs.writeFile "vsftpd-userlist" '' - # ''; - #}; -} diff --git a/2configs/lass/games.nix b/2configs/lass/games.nix deleted file mode 100644 index 6043a8759..000000000 --- a/2configs/lass/games.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; - -in { - environment.systemPackages = with pkgs; [ - dwarf_fortress - ]; - - users.extraUsers = { - games = { - name = "games"; - description = "user playing games"; - home = "/home/games"; - extraGroups = [ "audio" "video" "input" ]; - createHome = true; - useDefaultShell = true; - }; - }; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(games) NOPASSWD: ALL - ''; -} diff --git a/2configs/lass/gitolite-base.nix b/2configs/lass/gitolite-base.nix deleted file mode 100644 index b47629956..000000000 --- a/2configs/lass/gitolite-base.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, ... }: - -{ - services.gitolite = { - mutable = false; - keys = { - lass = config.sshKeys.lass.pub; - uriel = config.sshKeys.uriel.pub; - }; - rc = '' - %RC = ( - UMASK => 0077, - GIT_CONFIG_KEYS => "", - LOG_EXTRA => 1, - ROLES => { - READERS => 1, - WRITERS => 1, - }, - LOCAL_CODE => "$ENV{HOME}/.gitolite", - ENABLE => [ - 'help', - 'desc', - 'info', - 'perms', - 'writable', - 'ssh-authkeys', - 'git-config', - 'daemon', - 'gitweb', - 'repo-specific-hooks', - ], - ); - 1; - ''; - - repoSpecificHooks = { - irc-announce = '' - #! /bin/sh - set -euf - - config_file="$GL_ADMIN_BASE/conf/irc-announce.conf" - if test -f "$config_file"; then - . "$config_file" - fi - - # XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update - # any relevant gitolite LOCAL_CODE! - # CAVEAT we hope that IRC_NICK is unique - IRC_NICK="''${IRC_NICK-gl$GL_TID}" - IRC_CHANNEL="''${IRC_CHANNEL-#retiolum}" - IRC_SERVER="''${IRC_SERVER-ire.retiolum}" - IRC_PORT="''${IRC_PORT-6667}" - - # for privmsg_cat below - export IRC_CHANNEL - - # collect users that are mentioned in the gitolite configuration - interested_users="$(perl -e ' - do "gl-conf"; - print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} }); - ')" - - # CAVEAT beware of real TABs in grep pattern! - # CAVEAT there will never be more than 42 relevant log entries! - tab=$(printf '\x09') - log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^$tab]*$tab$GL_TID$tab" || :)" - - update_log="$(echo "$log" | grep "^[^$tab]*$tab$GL_TID''${tab}update")" - - # (debug output) - env | sed 's/^/env: /' - echo "$log" | sed 's/^/log: /' - - # see http://gitolite.com/gitolite/dev-notes.html#lff - reponame=$(echo "$update_log" | cut -f 4) - username=$(echo "$update_log" | cut -f 5) - ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||') - old_sha=$(echo "$update_log" | cut -f 8) - new_sha=$(echo "$update_log" | cut -f 9) - - # check if new branch is created - if test $old_sha = 0000000000000000000000000000000000000000; then - # TODO what should we really show? - old_sha=$new_sha^ - fi - - # - git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)" - commit_count=$(echo "$git_log" | wc -l) - - # echo2 and cat2 are used output to both, stdout and stderr - # This is used to see what we send to the irc server. (debug output) - echo2() { echo "$*"; echo "$*" >&2; } - cat2() { tee /dev/stderr; } - - # privmsg_cat transforms stdin to a privmsg - privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } - - # ircin is used to feed the output of netcat back to the "irc client" - # so we can implement expect-like behavior with sed^_^ - # XXX mkselfdestructingtmpfifo would be nice instead of this cruft - tmpdir="$(mktemp -d irc-announce_XXXXXXXX)" - cd "$tmpdir" - mkfifo ircin - trap " - rm ircin - cd '$OLDPWD' - rmdir '$tmpdir' - trap - EXIT INT QUIT - " EXIT INT QUIT - - # - # - # - { - echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)" - echo2 "NICK $IRC_NICK" - - # wait for MODE message - sed -n '/^:[^ ]* MODE /q' - - echo2 "JOIN $IRC_CHANNEL" - - echo "$interested_users" \ - | tr ' ' '\n' \ - | grep -v "^$GL_USER" \ - | sed 's/$/: poke/' \ - | privmsg_cat \ - | cat2 - - printf '[\x0313%s\x03] %s pushed %s new commit%s to \x036%s %s\x03\n' \ - "$reponame" \ - "$username" \ - "$commit_count" \ - "$(test $commit_count = 1 || echo s)" \ - "$(hostname)" \ - "$ref_name" \ - | privmsg_cat \ - | cat2 - - echo "$git_log" \ - | sed 's/^/\x0314/;s/ /\x03 /' \ - | privmsg_cat \ - | cat2 - - echo2 "PART $IRC_CHANNEL" - - # wait for PART confirmation - sed -n '/:'"$IRC_NICK"'![^ ]* PART /q' - - echo2 'QUIT :Gone to have lunch' - } < ircin \ - | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin - ''; - }; - customFiles = [ - { - path = ".gitolite/conf/irc-announce.conf"; - file = '' - IRC_NICK="$(hostname)$GL_TID" - case "$GL_REPO" in - brain|painload|services|load-env|config) - IRC_CHANNEL='#retiolum' - ;; - *) - IRC_CHANNEL='&testing' - ;; - esac - ''; - } - ]; - }; -} diff --git a/2configs/lass/identity.nix b/2configs/lass/identity.nix deleted file mode 100644 index bfaad14d2..000000000 --- a/2configs/lass/identity.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, ... }: - -{ - imports = [ ../../3modules/tv/identity.nix ]; - tv.identity = { - enable = true; - search = "retiolum"; - hosts = { - cloudkrebs = { - cores = 1; - dc = "lass"; #dc = "cac"; - nets = rec { - internet = { - addrs4 = ["104.167.113.104"]; - aliases = [ - "cloudkrebs.internet" - ]; - }; - retiolum = { - via = internet; - addrs4 = ["10.243.206.102"]; - addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"]; - aliases = [ - "cloudkrebs.retiolum" - "cgit.cloudkrebs.retiolum" - "habsys.de" - "pixelpocket.de" - "karlaskop.de" - "ubikmedia.de" - "apanowicz.de" - "aidsballs.de" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA - OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF - QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v - 3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC - sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO - TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - }; - }; -} diff --git a/2configs/lass/ircd.nix b/2configs/lass/ircd.nix deleted file mode 100644 index f71b769fd..000000000 --- a/2configs/lass/ircd.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ config, pkgs, ... }: - -{ - config.services.charybdis = { - enable = true; - config = '' - serverinfo { - name = "ire.irc.retiolum"; - sid = "4z3"; - description = "miep!"; - network_name = "irc.retiolum"; - network_desc = "Retiolum IRC Network"; - hub = yes; - - vhost = "0.0.0.0"; - vhost6 = "::"; - - #ssl_private_key = "etc/ssl.key"; - #ssl_cert = "etc/ssl.cert"; - #ssl_dh_params = "etc/dh.pem"; - #ssld_count = 1; - - default_max_clients = 10000; - #nicklen = 30; - }; - - listen { - defer_accept = yes; - - /* If you want to listen on a specific IP only, specify host. - * host definitions apply only to the following port line. - */ - host = "0.0.0.0"; - port = 6667; - sslport = 6697; - - /* Listen on IPv6 (if you used host= above). */ - host = "::"; - port = 6667; - sslport = 9999; - }; - - class "users" { - ping_time = 2 minutes; - number_per_ident = 200; - number_per_ip = 200; - number_per_ip_global = 500; - cidr_ipv4_bitlen = 24; - cidr_ipv6_bitlen = 64; - number_per_cidr = 9000; - max_number = 10000; - sendq = 400 kbytes; - }; - - exempt { - ip = "127.0.0.1"; - }; - - auth { - user = "*@*"; - class = "users"; - flags = exceed_limit; - }; - - channel { - use_invex = yes; - use_except = yes; - use_forward = yes; - use_knock = yes; - knock_delay = 5 minutes; - knock_delay_channel = 1 minute; - max_chans_per_user = 15; - max_bans = 100; - max_bans_large = 500; - default_split_user_count = 0; - default_split_server_count = 0; - no_create_on_split = no; - no_join_on_split = no; - burst_topicwho = yes; - kick_on_split_riding = no; - only_ascii_channels = no; - resv_forcepart = yes; - channel_target_change = yes; - disable_local_channels = no; - }; - general { - #maybe we want ident someday? - disable_auth = yes; - }; - ''; - }; -} diff --git a/2configs/lass/mors/repos.nix b/2configs/lass/mors/repos.nix deleted file mode 100644 index 1f7f33456..000000000 --- a/2configs/lass/mors/repos.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ ... }: - -{ - imports = [ - ../lass/gitolite-base.nix - ../common/krebs-keys.nix - ../common/krebs-repos.nix - ]; - - services.gitolite = { - repos = { - - config = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - pass = { - users = { - lass = "RW+"; - uriel = "R"; - }; - }; - - load-env = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - emse-drywall = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - emse-hsdb = { - users = { - lass = "RW+"; - uriel = "R"; - tv = "R"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - brain = { - users = { - lass = "RW+"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - #hooks.post-receive = irc-announce; - }; - - painload = { - users = { - lass = "RW+"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - services = { - users = { - lass = "RW+"; - }; - extraConfig = "option hook.post-receive = irc-announce"; - }; - - xmonad-config = { - users = { - lass = "RW+"; - uriel = "R"; - }; - }; - - }; - }; -} diff --git a/2configs/lass/mors/retiolum.nix b/2configs/lass/mors/retiolum.nix deleted file mode 100644 index 1148bee9c..000000000 --- a/2configs/lass/mors/retiolum.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ../tv/retiolum - ]; - - tv.retiolum = { - enable = true; - hosts = ; - privateKeyFile = "/etc/nixos/secrets/mors.retiolum.rsa_key.priv"; - connectTo = [ - "fastpoke" - "gum" - "ire" - ]; - }; - - networking.firewall.allowedTCPPorts = [ 655 ]; - networking.firewall.allowedUDPPorts = [ 655 ]; -} diff --git a/2configs/lass/new-repos.nix b/2configs/lass/new-repos.nix deleted file mode 100644 index 2c73f9509..000000000 --- a/2configs/lass/new-repos.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ../../4lib/tv { inherit lib pkgs; }; -let - - out = { - krebs.git = { - enable = true; - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - inherit repos rules; - }; - }; - - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) ( - public-repos // - optionalAttrs config.krebs.build.host.secure restricted-repos - ); - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - painload = {}; - stockholm = { - desc = "take all the computers hostage, they'll love you!"; - }; - wai-middleware-time = {}; - web-routes-wai-custom = {}; - }; - - restricted-repos = mapAttrs make-restricted-repo ( - { - brain = { - collaborators = with config.krebs.users; [ tv makefu ]; - }; - } // - import /root/src/secrets/repos.nix { inherit config lib pkgs; } - ); - - make-public-repo = name: { desc ? null, ... }: { - inherit name desc; - public = true; - hooks = { - post-receive = git.irc-announce { - # TODO make nick = config.krebs.build.host.name the default - nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "cd.retiolum"; - }; - }; - }; - - make-restricted-repo = name: { desc ? null, ... }: { - inherit name desc; - public = false; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = [ tv makefu uriel ]; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/2configs/lass/pass.nix b/2configs/lass/pass.nix deleted file mode 100644 index 33eca0a17..000000000 --- a/2configs/lass/pass.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - pass - gnupg1 - ]; - - services.xserver.startGnuPGAgent = true; -} diff --git a/2configs/lass/programs.nix b/2configs/lass/programs.nix deleted file mode 100644 index 41d241bac..000000000 --- a/2configs/lass/programs.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, pkgs, ... }: - -## TODO sort and split up -{ - environment.systemPackages = with pkgs; [ - aria2 - gnupg1compat - htop - i3lock - mc - mosh - mpv - pass - pavucontrol - pv - pwgen - python34Packages.livestreamer - remmina - silver-searcher - wget - xsel - youtube-dl - ]; -} diff --git a/2configs/lass/retiolum.nix b/2configs/lass/retiolum.nix deleted file mode 100644 index 767a1ce83..000000000 --- a/2configs/lass/retiolum.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: - -{ - imports = [ - ../../3modules/lass/iptables.nix - ../../2configs/tv/exim-retiolum.nix - ]; - - lass.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } - ]; - }; - }; - - krebs.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "fastpoke" - "cloudkrebs" - "pigstarter" - ]; - }; -} diff --git a/2configs/lass/sshkeys.nix b/2configs/lass/sshkeys.nix deleted file mode 100644 index 114a2596b..000000000 --- a/2configs/lass/sshkeys.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, ... }: - -{ - imports = [ - ../../3modules/lass/sshkeys.nix - ]; - - config.sshKeys.lass.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors"; - - config.sshKeys.uriel.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel"; -} diff --git a/2configs/lass/steam.nix b/2configs/lass/steam.nix deleted file mode 100644 index 7d088fc6a..000000000 --- a/2configs/lass/steam.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, ... }: - -{ - - imports = [ - ./games.nix - ]; - # - # Steam stuff - # source: https://nixos.org/wiki/Talk:Steam - # - ##TODO: make steam module - hardware.opengl.driSupport32Bit = true; - - nixpkgs.config.steam.java = true; - environment.systemPackages = with pkgs; [ - steam - ]; - networking.firewall = { - allowedUDPPorts = [ - 27031 - 27036 - ]; - allowedTCPPorts = [ - 27036 - 27037 - ]; - }; - -} diff --git a/2configs/lass/texlive.nix b/2configs/lass/texlive.nix deleted file mode 100644 index 295df31cd..000000000 --- a/2configs/lass/texlive.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - (pkgs.texLiveAggregationFun { paths = [ pkgs.texLive pkgs.texLiveFull ]; }) - ]; -} diff --git a/2configs/lass/urxvt.nix b/2configs/lass/urxvt.nix deleted file mode 100644 index a2074ba02..000000000 --- a/2configs/lass/urxvt.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, pkgs, ... }: - -let - inherit (config.users.extraUsers) mainUser; - -in - -{ - imports = [ - ../../3modules/lass/urxvtd.nix - ../../3modules/lass/xresources.nix - ]; - - services.urxvtd = { - enable = true; - users = [ mainUser.name ]; - urxvtPackage = pkgs.rxvt_unicode_with-plugins; - }; - services.xresources.enable = true; - services.xresources.resources.urxvt = '' - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* - URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: browser-select - URxvt.url-select.underline: true - URxvt.keysym.M-u: perl:url-select:select_next - URxvt.keysym.M-Escape: perl:keyboard-select:activate - URxvt.keysym.M-s: perl:keyboard-select:search - - URxvt.intensityStyles: false - - URxvt*background: #000000 - URxvt*foreground: #ffffff - - !change unreadable blue - URxvt*color4: #268bd2 - ''; -} diff --git a/2configs/lass/vim.nix b/2configs/lass/vim.nix deleted file mode 100644 index 3fe45e1d1..000000000 --- a/2configs/lass/vim.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ config, pkgs, ... }: - -let - customPlugins.mustang2 = pkgs.vimUtils.buildVimPlugin { - name = "Mustang2"; - src = pkgs.fetchFromGitHub { - owner = "croaker"; - repo = "mustang-vim"; - rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5"; - sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67"; - }; - }; - -in { - - environment.systemPackages = [ - (pkgs.vim_configurable.customize { - name = "vim"; - - vimrcConfig.customRC = '' - set nocompatible - set t_Co=16 - syntax on - " TODO autoload colorscheme file - set background=dark - colorscheme mustang - filetype off - filetype plugin indent on - - imap - - set mouse=a - set ruler - set showmatch - set backspace=2 - set visualbell - set encoding=utf8 - set showcmd - set wildmenu - - set title - set titleold= - set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} - - set autoindent - - set ttyfast - - set pastetoggle= - - - " Force Saving Files that Require Root Permission - command! W silent w !sudo tee "%" >/dev/null - - nnoremap :q - vnoremap < >gv - - nmap q :buffer - - "Tabwidth - set ts=2 sts=2 sw=2 et - - " create Backup/tmp/undo dirs - function! InitBackupDir() - let l:parent = $HOME . '/.vim/' - let l:backup = l:parent . 'backups/' - let l:tmpdir = l:parent . 'tmp/' - let l:undodi = l:parent . 'undo/' - - if !isdirectory(l:parent) - call mkdir(l:parent) - endif - if !isdirectory(l:backup) - call mkdir(l:backup) - endif - if !isdirectory(l:tmpdir) - call mkdir(l:tmpdir) - endif - if !isdirectory(l:undodi) - call mkdir(l:undodi) - endif - endfunction - call InitBackupDir() - - " Backups & Files - set backup - set backupdir=~/.vim/backups - set directory=~/.vim/tmp// - set viminfo='20,<1000,s100,h,n~/.vim/tmp/info - set undodir=$HOME/.vim/undo - set undofile - - " highlight whitespaces - highlight ExtraWhitespace ctermbg=red guibg=red - match ExtraWhitespace /\s\+$/ - autocmd BufWinEnter * match ExtraWhitespace /\s\+$/ - autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@