From 7e1516cc0de48c169a27a07f43930b940d6a9004 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 May 2017 14:14:38 +0200 Subject: l 2 nixpkgs: aa03833 -> ce00ce2 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 4f1347b82..bbded5fae 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "aa03833"; + ref = "ce00ce2"; }; } -- cgit v1.2.3 From 1a7d62733ca6d49114d5a19eeb6052d51a7c19b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 May 2017 20:10:36 +0200 Subject: k 5 goify: fix extra space bug --- krebs/5pkgs/goify/default.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/krebs/5pkgs/goify/default.nix b/krebs/5pkgs/goify/default.nix index e2849b5c7..9c44aaeeb 100644 --- a/krebs/5pkgs/goify/default.nix +++ b/krebs/5pkgs/goify/default.nix @@ -1,17 +1,18 @@ { pkgs, ... }: -pkgs.writeDashBin "goify" '' +pkgs.writeBashBin "goify" '' set -euf GO_HOST=''${GO_HOST:-go} while read line; do - echo "$line" | sed -E 's|https?://\S*|\n&\n|g' | while read word; do - if echo "$word" | grep -Eq ^https?:; then - ${pkgs.curl}/bin/curl -Ss -F uri="$word" http://"$GO_HOST" | tr -d '\r' + echo "$line" | sed 's|https\?://\S*|\n&\n|g' | while read word; do + if echo "$word" | grep -q '^https\?:'; then + ${pkgs.curl}/bin/curl -Ss -F uri="$word" http://"$GO_HOST" \ + | tr -d '\r' else - echo "$word"; - fi; - done | sed '/^$/d' | tr '\n' ' '; echo; + echo "$word" + fi + done | grep . | tr '\n' ' '; echo done '' -- cgit v1.2.3 From 2b7b0ca955a4051fbd2761c71a4c180c61c09ff0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 May 2017 20:12:17 +0200 Subject: l 2 git: add news repo --- lass/2configs/git.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 72866c067..5f686e26e 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -30,6 +30,10 @@ let rules = concatMap make-rules (attrValues repos); public-repos = mapAttrs make-public-repo { + news = { + cgit.desc = "take a rss feed and a timeout and print it to stdout"; + cgit.section = "software"; + }; stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; cgit.section = "configuration"; -- cgit v1.2.3 From 82604967207b190089f5dca8ab6c07e05aad9272 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 May 2017 20:12:45 +0200 Subject: l 1 iso: never use prism as binary cache --- lass/1systems/iso.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 99399550c..30fc674bc 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -7,7 +7,6 @@ with import ; ../../krebs ../3modules ../5pkgs - ../2configs/binary-cache/client.nix ../2configs/mc.nix ../2configs/nixpkgs.nix ../2configs/vim.nix -- cgit v1.2.3 From e050a2b19d2730a050d8ac6dbf64588689cf7a7c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 May 2017 20:13:07 +0200 Subject: l 2: add goify to pkgs --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e33514ee0..ffed5bb70 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -150,6 +150,7 @@ with import ; untilport usbutils logify + goify #unpack stuff p7zip -- cgit v1.2.3 From e48425770fe42617d244909497867ec800cc691e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 May 2017 22:52:19 +0200 Subject: youtube-dl: init at 2017.04.28 --- krebs/5pkgs/youtube-dl/default.nix | 58 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 krebs/5pkgs/youtube-dl/default.nix diff --git a/krebs/5pkgs/youtube-dl/default.nix b/krebs/5pkgs/youtube-dl/default.nix new file mode 100644 index 000000000..b0c449d49 --- /dev/null +++ b/krebs/5pkgs/youtube-dl/default.nix @@ -0,0 +1,58 @@ +{ stdenv, fetchurl, pkgs +, zip, ffmpeg, rtmpdump, atomicparsley, pandoc +# Pandoc is required to build the package's man page. Release tarballs contain a +# formatted man page already, though, it will still be installed. We keep the +# manpage argument in place in case someone wants to use this derivation to +# build a Git version of the tool that doesn't have the formatted man page +# included. +, generateManPage ? false +, ffmpegSupport ? true +, rtmpSupport ? true +, makeWrapper }: + +with stdenv.lib; +let + buildPythonApplication = args: pkgs.pythonPackages.buildPythonPackage ({namePrefix="";} // args ); +in buildPythonApplication rec { + + name = "youtube-dl-${version}"; + version = "2017.04.28"; + + src = fetchurl { + url = "https://yt-dl.org/downloads/${version}/${name}.tar.gz"; + sha256 = "0d3mgf8qxb07b7bjf79ppaxhcl4f47q0zjpshp6y2q0lalfskh3j"; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ zip ] ++ optional generateManPage pandoc; + + # Ensure ffmpeg is available in $PATH for post-processing & transcoding support. + # rtmpdump is required to download files over RTMP + # atomicparsley for embedding thumbnails + postInstall = let + packagesToBinPath = + [ atomicparsley ] + ++ optional ffmpegSupport ffmpeg + ++ optional rtmpSupport rtmpdump; + in '' + wrapProgram $out/bin/youtube-dl --prefix PATH : "${makeBinPath packagesToBinPath}" + ''; + + # Requires network + doCheck = false; + + meta = { + homepage = http://rg3.github.io/youtube-dl/; + repositories.git = https://github.com/rg3/youtube-dl.git; + description = "Command-line tool to download videos from YouTube.com and other sites"; + longDescription = '' + youtube-dl is a small, Python-based command-line program + to download videos from YouTube.com and a few more sites. + youtube-dl is released to the public domain, which means + you can modify it, redistribute it or use it however you like. + ''; + license = licenses.publicDomain; + platforms = with platforms; linux ++ darwin; + maintainers = with maintainers; [ bluescreen303 phreedom AndersonTorres fuuzetsu fpletz ]; + }; +} -- cgit v1.2.3 From a2963c5bc25a8d1320fe87865005a0533aa22fe0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 3 May 2017 15:11:35 +0200 Subject: l 2 newsbot-js: update newsfeeds --- lass/2configs/newsbot-js.nix | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index d38af211f..070795d14 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -3,19 +3,17 @@ let newsfile = pkgs.writeText "feeds" '' aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news - aktuelle_themen|http://bundestag.de/service/rss/Bundestag_Aktuelle_Themen.rss|#news #bundestag allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#news - anon|http://anoninsiders.net/feed/|#news antirez|http://antirez.com/rss|#news arbor|http://feeds2.feedburner.com/asert/|#news archlinux|http://www.archlinux.org/feeds/news/|#news ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news augustl|http://augustl.com/atom.xml|#news bbc|http://feeds.bbci.co.uk/news/rss.xml|#news + bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#news bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag - bdt_pressemitteilungen|http://bundestag.de/service/rss/Bundestag_Presse.rss|#news #bundestag - bdt_wd|http://bundestag.de/service/rss/Bundestag_WD.rss|#news #bundestag + bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news @@ -30,9 +28,7 @@ let chan_b|https://boards.4chan.org/b/index.rss|#brainfuck chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck - cna|http://www.channelnewsasia.com/starterkit/servlet/cna/rss/home.xml|#news coinspotting|http://coinspotting.com/rss|#news #financial - cryptanalysis|https://cryptanalys.is/rss.php|#news cryptocoinsnews|http://www.cryptocoinsnews.com/feed/|#news #financial cryptogon|http://www.cryptogon.com/?feed=rss2|#news csm|http://rss.csmonitor.com/feeds/csm|#news @@ -52,12 +48,9 @@ let fars|http://www.farsnews.com/rss.php|#news #test faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news faz_politik|http://www.faz.net/rss/aktuell/politik/|#news - faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news #financial - fbi|http://www.fbi.gov/homepage/RSS|#news #bullerei - fbi_news|http://www.fbi.gov/news/news_blog/rss.xml|#news - fbi_press|http://www.fbi.gov/news/current/rss.xml|#news #bullerei - fbi_stories|http://www.fbi.gov/news/stories/all-stories/rss.xml|#news #bullerei - fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news #financial + faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news + fbi|https://www.fbi.gov/news/rss.xml|#news + fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news fefe|http://blog.fefe.de/rss.xml|#news forbes|http://www.forbes.com/forbes/feed2/|#news forbes_realtime|http://www.forbes.com/real-time/feed2/|#news @@ -65,18 +58,18 @@ let geheimorganisation|http://geheimorganisation.org/feed/|#news GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news gmanet|http://www.gmanetwork.com/news/rss/news|#news - golem|http://www.golem.de/rss.php?feed=RSS1.0|#news + golem|https://rss.golem.de/rss.php|#news google|http://news.google.com/?output=rss|#news greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news gulli|http://ticker.gulli.com/rss/|#news handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial - heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news + heise|https://www.heise.de/newsticker/heise-atom.xml|#news hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial hindu|http://www.thehindu.com/?service=rss|#news ign|http://feeds.ign.com/ign/all|#news independent|http://www.independent.com/rss/headlines/|#news - indymedia|http://de.indymedia.org/RSS/newswire.xml|#news + indymedia|https://de.indymedia.org/rss.xml|#news info_libera|http://www.informationliberation.com/rss.xml|#news klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#news korea_herald|http://www.koreaherald.com/rss_xml.php|#news @@ -123,11 +116,11 @@ let sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news shackspace|http://shackspace.de/?feed=rss2|#news shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news - sky_busi|http://news.sky.com/feeds/rss/business.xml|#news - sky_pol|http://news.sky.com/feeds/rss/politics.xml|#news - sky_strange|http://news.sky.com/feeds/rss/strange.xml|#news - sky_tech|http://news.sky.com/feeds/rss/technology.xml|#news - sky_world|http://news.sky.com/feeds/rss/world.xml|#news + sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#news + sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#news + sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#news + sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#news + sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#news slashdot|http://rss.slashdot.org/Slashdot/slashdot|#news slate|http://feeds.slate.com/slate|#news spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news @@ -138,7 +131,7 @@ let stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news #financial - sz_wissen|http://suche.sueddeutsche.de/rss/Wissen|#news + sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#news tagesschau|http://www.tagesschau.de/newsticker.rdf|#news taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news telegraph_finance|http://www.telegraph.co.uk/finance/rss|#news #financial -- cgit v1.2.3 From 60a897ce6b44e0f5901deb7f6da5bd6683e4bd0a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 May 2017 13:51:17 +0200 Subject: l 1 prism: connect Reaktor to #germany --- lass/1systems/prism.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index c897ab655..01cfe5414 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -256,7 +256,7 @@ in { { krebs.Reaktor.coders = { nickname = "Reaktor|lass"; - channels = [ "#coders" ]; + channels = [ "#coders" "#germany" ]; extraEnviron = { REAKTOR_HOST = "irc.hackint.org"; }; -- cgit v1.2.3 From b9f38d2d7665cf34bed1c064a23d58ac259f19f3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 May 2017 15:44:06 +0200 Subject: l 2 nixpkgs: ce00ce2 -> 11b82a9 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index bbded5fae..86b7d6d2a 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "ce00ce2"; + ref = "11b82a9"; }; } -- cgit v1.2.3 From f8891425d6b918237656201a1256e81605983546 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 May 2017 21:08:13 +0200 Subject: youtube-dl: remove because upstream catched up --- krebs/5pkgs/youtube-dl/default.nix | 58 -------------------------------------- 1 file changed, 58 deletions(-) delete mode 100644 krebs/5pkgs/youtube-dl/default.nix diff --git a/krebs/5pkgs/youtube-dl/default.nix b/krebs/5pkgs/youtube-dl/default.nix deleted file mode 100644 index b0c449d49..000000000 --- a/krebs/5pkgs/youtube-dl/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ stdenv, fetchurl, pkgs -, zip, ffmpeg, rtmpdump, atomicparsley, pandoc -# Pandoc is required to build the package's man page. Release tarballs contain a -# formatted man page already, though, it will still be installed. We keep the -# manpage argument in place in case someone wants to use this derivation to -# build a Git version of the tool that doesn't have the formatted man page -# included. -, generateManPage ? false -, ffmpegSupport ? true -, rtmpSupport ? true -, makeWrapper }: - -with stdenv.lib; -let - buildPythonApplication = args: pkgs.pythonPackages.buildPythonPackage ({namePrefix="";} // args ); -in buildPythonApplication rec { - - name = "youtube-dl-${version}"; - version = "2017.04.28"; - - src = fetchurl { - url = "https://yt-dl.org/downloads/${version}/${name}.tar.gz"; - sha256 = "0d3mgf8qxb07b7bjf79ppaxhcl4f47q0zjpshp6y2q0lalfskh3j"; - }; - - nativeBuildInputs = [ makeWrapper ]; - buildInputs = [ zip ] ++ optional generateManPage pandoc; - - # Ensure ffmpeg is available in $PATH for post-processing & transcoding support. - # rtmpdump is required to download files over RTMP - # atomicparsley for embedding thumbnails - postInstall = let - packagesToBinPath = - [ atomicparsley ] - ++ optional ffmpegSupport ffmpeg - ++ optional rtmpSupport rtmpdump; - in '' - wrapProgram $out/bin/youtube-dl --prefix PATH : "${makeBinPath packagesToBinPath}" - ''; - - # Requires network - doCheck = false; - - meta = { - homepage = http://rg3.github.io/youtube-dl/; - repositories.git = https://github.com/rg3/youtube-dl.git; - description = "Command-line tool to download videos from YouTube.com and other sites"; - longDescription = '' - youtube-dl is a small, Python-based command-line program - to download videos from YouTube.com and a few more sites. - youtube-dl is released to the public domain, which means - you can modify it, redistribute it or use it however you like. - ''; - license = licenses.publicDomain; - platforms = with platforms; linux ++ darwin; - maintainers = with maintainers; [ bluescreen303 phreedom AndersonTorres fuuzetsu fpletz ]; - }; -} -- cgit v1.2.3 From 45fdcfa841c34b794640e863d7c613ce5bed8274 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 May 2017 20:40:11 +0200 Subject: l 2 ircd: relax throttle --- lass/2configs/ircd.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/ircd.nix b/lass/2configs/ircd.nix index 4d2c134b6..b72e2b087 100644 --- a/lass/2configs/ircd.nix +++ b/lass/2configs/ircd.nix @@ -94,6 +94,8 @@ general { #maybe we want ident someday? disable_auth = yes; + throttle_duration = 1; + throttle_count = 1000; }; ''; }; -- cgit v1.2.3 From b297822294329f83f6a3ef6c93709ab369da6ffc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 May 2017 20:40:58 +0200 Subject: l 2 radio: add suggest plugin --- lass/2configs/radio.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 6e96f8845..1e14e31bb 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -145,6 +145,12 @@ in { script = "${print_current}/bin/print_current"; pattern = "^current$"; }) + (buildSimpleReaktorPlugin "suggest" { + script = "${pkgs.writeDash "suggest" '' + echo "$@" >> $HOME/playlist_suggest + ''}"; + pattern = "^suggest: (?P.*)$"; + }) ]; }; services.nginx.virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let -- cgit v1.2.3 From 41841469b36bf26cafaa6741fdcb9a0c36982dc3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 May 2017 21:38:45 +0200 Subject: news: init at 1.0.0 --- krebs/5pkgs/haskell-overrides/news.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 krebs/5pkgs/haskell-overrides/news.nix diff --git a/krebs/5pkgs/haskell-overrides/news.nix b/krebs/5pkgs/haskell-overrides/news.nix new file mode 100644 index 000000000..ba5e7a5e1 --- /dev/null +++ b/krebs/5pkgs/haskell-overrides/news.nix @@ -0,0 +1,18 @@ +{ mkDerivation, base, bloomfilter, bytestring, feed, fetchgit, lens +, stdenv, wreq +}: +mkDerivation { + pname = "news"; + version = "1.0.0"; + src = fetchgit { + url = "http://cgit.lassul.us/news"; + sha256 = "1n3ffr2a5irr5aly0y7qsafag3kxvyyh077ayk0vdwbd0s9hvnjs"; + rev = "c3eb2c0a1a34fc41e18d0bc99b1c4dc73aa6eb20"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + base bloomfilter bytestring feed lens wreq + ]; + license = stdenv.lib.licenses.mit; +} -- cgit v1.2.3 From b75c7f570ccbffe774c3517cb21edcf71bc5816a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 May 2017 21:48:49 +0200 Subject: l 1 helios: add mpv to pkgs --- lass/1systems/helios.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 298c9083d..99760dfdb 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -48,6 +48,7 @@ with import ; maven arandr libreoffice + mpv ]; } #{ -- cgit v1.2.3 From f83a90fd7d7c83f71ed4f5c86cf10985cbe605f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 May 2017 22:45:16 +0200 Subject: k 3 l: add sokrateslaptop --- krebs/3modules/lass/default.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ec5811d86..cd8238dc1 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -302,6 +302,27 @@ with import ; iso = { cores = 1; }; + sokrateslaptop = { + nets = { + retiolum = { + ip4.addr = "10.243.142.104"; + ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; + aliases = [ + "sokrateslaptop.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 + t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ + rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW + egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 + aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V + VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { -- cgit v1.2.3 From e84124d6c0a175be907f8dad1c37647e163978a9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 May 2017 22:45:49 +0200 Subject: l 2 websites lass: serve /etc/hosts --- lass/2configs/websites/lassulus.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 3a8979427..9d5f2645d 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -80,6 +80,9 @@ in { locations."= /retiolum-hosts.tar.bz2".extraConfig = '' alias ${config.krebs.tinc.retiolum.hostsArchive}; ''; + locations."= /retiolum.hosts".extraConfig = '' + alias /etc/hosts; + ''; locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; -- cgit v1.2.3 From 7587f91b743d120de8191a1af2245686d361d83a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 May 2017 22:49:54 +0200 Subject: l 2 wine: users.extraUsers -> users.users --- lass/2configs/wine.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 8d55da7fd..8674559c6 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -7,7 +7,7 @@ in { environment.systemPackages = with pkgs; [ wineUnstable ]; - users.extraUsers = { + users.users= { wine = { name = "wine"; description = "user for running wine"; -- cgit v1.2.3 From 689399546d38b6dc5a643cc2efad9c1d0ae76058 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 May 2017 22:50:16 +0200 Subject: l 2 wine: systemPackages -> per-user --- lass/2configs/wine.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 8674559c6..ee688e18c 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -4,7 +4,7 @@ let mainUser = config.users.extraUsers.mainUser; in { - environment.systemPackages = with pkgs; [ + krebs.per-user.wine.packages = with pkgs; [ wineUnstable ]; users.users= { -- cgit v1.2.3 From 991687f7428440356403b6c63d695397b33078a6 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 9 May 2017 22:52:53 +0200 Subject: m studio: init --- krebs/3modules/makefu/default.nix | 25 ++++++++++++++ makefu/1systems/studio.nix | 70 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100644 makefu/1systems/studio.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 650344981..7e098eea1 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -26,6 +26,31 @@ with import ; }; }; }; + studio = rec { + cores = 4; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; + nets = { + retiolum = { + ip4.addr = "10.243.227.163"; + ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6"; + aliases = [ + "studio.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti + cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk + GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI + jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1 + 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu + 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + fileleech = rec { cores = 4; ssh.privkey.path = ; diff --git a/makefu/1systems/studio.nix b/makefu/1systems/studio.nix new file mode 100644 index 000000000..f80dfc09a --- /dev/null +++ b/makefu/1systems/studio.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: +{ + imports = [ + ../. + + ]; + krebs = { + enable = true; + tinc.retiolum.enable = true; + build.host = config.krebs.hosts.studio; + }; + + users.users.user = { + isNormalUser = true; + extraGroups = [ "wheel" "audio" ]; + uid = 1000; + }; + + environment.systemPackages = with pkgs;[ + pavucontrol + firefox + chromium + ]; + + sound.enable = true; + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + fonts = { + enableCoreFonts = true; + enableFontDir = true; + enableGhostscriptFonts = true; + fonts = [ ]; + }; + # ingos favorite display manager + services.xserver.displayManager.sddm = { + enable = true; + autoLogin.enable = true; + autoLogin.user = "user"; + }; + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.layout = "us"; + services.xserver.xkbVariant = "altgr-intl"; + services.xserver.xkbOptions = "ctrl:nocaps"; + + i18n = { + consoleKeyMap = "us-int"; + defaultLocale = "en_US.UTF-8"; + }; + + + + # hardware + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/0aeda516-230e-4c54-9e27-13515c2f3f21"; + fsType = "ext4"; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/1914af67-5a8f-41d3-a1c2-211c39605da9"; } ]; +} -- cgit v1.2.3 From 669a7936fc75e377e840472d2b941fef382413b3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 10 May 2017 16:47:58 +0200 Subject: m 2 vncserver: init --- makefu/2configs/vncserver.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 makefu/2configs/vncserver.nix diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix new file mode 100644 index 000000000..2e8e50feb --- /dev/null +++ b/makefu/2configs/vncserver.nix @@ -0,0 +1,30 @@ +{config,lib,pkgs, ...}: +with lib; +let + pwfile = (toString )+ "/vnc-password"; # create with `vncpasswd` + pwtmp = "/tmp/vnc-password"; + # nixos-unstable tigervnc is currently broken :\ + package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc; + User = "makefu"; + port = 5900; +in { + networking.firewall.allowedTCPPorts = [ port ]; + networking.firewall.allowedUDPPorts = [ port ]; + + systemd.services."terminal-server" = { + description = "Terminal Server"; + after = [ "display-manager.service" ]; + wantedBy = [ "graphical.target" ]; + serviceConfig = { + inherit User; + ExecStartPre = pkgs.writeDash "terminal-pre" '' + + set -eufx + install -m0700 -o ${User} ${pwfile} ${pwtmp} + ''; + ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString port} -passwordfile ${pwtmp}"; + PermissionsStartOnly = true; + PrivateTmp = true; + }; + }; +} -- cgit v1.2.3 From 52329b41431de750131c3180b8ab72acfff5152c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 11 May 2017 12:07:03 +0200 Subject: m 2 led-fader: init --- makefu/2configs/deployment/led-fader/default.nix | 27 ++++++++ makefu/2configs/deployment/led-fader/fade.py | 78 ++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 makefu/2configs/deployment/led-fader/default.nix create mode 100755 makefu/2configs/deployment/led-fader/fade.py diff --git a/makefu/2configs/deployment/led-fader/default.nix b/makefu/2configs/deployment/led-fader/default.nix new file mode 100644 index 000000000..fee741997 --- /dev/null +++ b/makefu/2configs/deployment/led-fader/default.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + mq = "192.168.8.11"; +in { + systemd.services.led-fader = { + description = "Send led change to message queue"; + environment = { + NIX_PATH = "/var/src"; + }; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ + nix # nix-shell + mosquitto #mosquitto_pub + bash # nix-shell + ]; + serviceConfig = { + # User = "nobody"; # need a user with permissions to run nix-shell + ExecStart = pkgs.writeDash "run-fader" '' + ${./fade.py} --add-empty --mode chain 3 loop --skip-unchanged 0.002 0.1 \ + | mosquitto_pub -h ${mq} -p 1883 -l -t '/leds/nodemcu-switcher/set' + ''; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/deployment/led-fader/fade.py b/makefu/2configs/deployment/led-fader/fade.py new file mode 100755 index 000000000..8178ad6e8 --- /dev/null +++ b/makefu/2configs/deployment/led-fader/fade.py @@ -0,0 +1,78 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i python3 -p python3 python35Packages.docopt +""" usage: run [options] NUMLEDS (loop [--skip-unchanged] [STEP] [DELAY]|single STARTVAL) + + --add-empty essentially add a single empty led in front, does not count into NUMLEDS + + --mode=TYPE mode of fading (Default: chain) + --output=TYPE output type, either json or raw (Default: json) + --skip-unchanged if the value in the loop is unchanged, skip the output + +running with loop this script essentially becomes a generator which outputs the +next value each "DELAY" +single returns a single output with STARTVAL as starting point for the first led + +NUMLEDS is the number of leds to output data for (--add-empty does not count in here) +STEP defaults to 0.01 +DELAY defaults to 1 second + +""" +from docopt import docopt +import time +from colorsys import hsv_to_rgb +import json +import sys + +def calc_chain(numleds,val): + divisor = 1.0 / numleds + ret = [] + for i in range(numleds): + v = float(divisor * i + val) % 1 + r,g,b = hsv_to_rgb(v,0.9,1) + ret.append([int(r*255), + int(g*255), + int(b*255)]) + return ret + +def calc_single(numleds,val): + ret = [] + for i in range(numleds): + r,g,b = hsv_to_rgb(val,1,1) + ret.append([int(r*255), + int(g*255), + int(b*255)]) + return ret + +def main(): + args = docopt(__doc__) + numleds = int(args['NUMLEDS']) + mode = args['--mode'] + step = float(args['STEP'] or 0.01) + delay = float(args['DELAY'] or 1) + val = float(args['STARTVAL'] or 0) + last = [] + while True: + if mode == "chain": + ret = calc_chain(numleds,val) + elif mode == "single": + ret = calc_single(numleds,val) + + if args['--add-empty']: + ret.insert(0,[0,0,0]) + + # early serialization makes comparsion easy + ret = json.dumps(ret) + if not (args['--skip-unchanged'] and last == ret): + last = ret + print(ret) + sys.stdout.flush() + if args['single']: + break + else: + val += step % 1 + time.sleep(delay) + + + +if __name__ == "__main__": + main() -- cgit v1.2.3 From d2f896842e59f2e8bdce44926b1bf49672c9c91f Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 11 May 2017 16:06:41 +0200 Subject: m 2 led-fader: rm ad-hoc script --- makefu/1systems/wbob.nix | 3 + makefu/2configs/deployment/led-fader.nix | 27 ++++++++ makefu/2configs/deployment/led-fader/default.nix | 27 -------- makefu/2configs/deployment/led-fader/fade.py | 78 ------------------------ 4 files changed, 30 insertions(+), 105 deletions(-) create mode 100644 makefu/2configs/deployment/led-fader.nix delete mode 100644 makefu/2configs/deployment/led-fader/default.nix delete mode 100755 makefu/2configs/deployment/led-fader/fade.py diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index 43fbd6d2b..f2c42692c 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -15,6 +15,8 @@ in { ../2configs/tools/media.nix ../2configs/virtualization.nix ../2configs/tinc/retiolum.nix + ../2configs/mqtt.nix + ../2configs/deployment/led-fader.nix ]; krebs = { @@ -43,6 +45,7 @@ in { networking.firewall.allowedUDPPorts = [ 655 ]; networking.firewall.allowedTCPPorts = [ 655 49152 ]; + networking.firewall.trustedInterfaces = [ "enp0s25" ]; #services.tinc.networks.siem = { # name = "display"; # extraConfig = '' diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix new file mode 100644 index 000000000..fee741997 --- /dev/null +++ b/makefu/2configs/deployment/led-fader.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + mq = "192.168.8.11"; +in { + systemd.services.led-fader = { + description = "Send led change to message queue"; + environment = { + NIX_PATH = "/var/src"; + }; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ + nix # nix-shell + mosquitto #mosquitto_pub + bash # nix-shell + ]; + serviceConfig = { + # User = "nobody"; # need a user with permissions to run nix-shell + ExecStart = pkgs.writeDash "run-fader" '' + ${./fade.py} --add-empty --mode chain 3 loop --skip-unchanged 0.002 0.1 \ + | mosquitto_pub -h ${mq} -p 1883 -l -t '/leds/nodemcu-switcher/set' + ''; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/deployment/led-fader/default.nix b/makefu/2configs/deployment/led-fader/default.nix deleted file mode 100644 index fee741997..000000000 --- a/makefu/2configs/deployment/led-fader/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - mq = "192.168.8.11"; -in { - systemd.services.led-fader = { - description = "Send led change to message queue"; - environment = { - NIX_PATH = "/var/src"; - }; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ - nix # nix-shell - mosquitto #mosquitto_pub - bash # nix-shell - ]; - serviceConfig = { - # User = "nobody"; # need a user with permissions to run nix-shell - ExecStart = pkgs.writeDash "run-fader" '' - ${./fade.py} --add-empty --mode chain 3 loop --skip-unchanged 0.002 0.1 \ - | mosquitto_pub -h ${mq} -p 1883 -l -t '/leds/nodemcu-switcher/set' - ''; - PrivateTmp = true; - }; - }; -} diff --git a/makefu/2configs/deployment/led-fader/fade.py b/makefu/2configs/deployment/led-fader/fade.py deleted file mode 100755 index 8178ad6e8..000000000 --- a/makefu/2configs/deployment/led-fader/fade.py +++ /dev/null @@ -1,78 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i python3 -p python3 python35Packages.docopt -""" usage: run [options] NUMLEDS (loop [--skip-unchanged] [STEP] [DELAY]|single STARTVAL) - - --add-empty essentially add a single empty led in front, does not count into NUMLEDS - - --mode=TYPE mode of fading (Default: chain) - --output=TYPE output type, either json or raw (Default: json) - --skip-unchanged if the value in the loop is unchanged, skip the output - -running with loop this script essentially becomes a generator which outputs the -next value each "DELAY" -single returns a single output with STARTVAL as starting point for the first led - -NUMLEDS is the number of leds to output data for (--add-empty does not count in here) -STEP defaults to 0.01 -DELAY defaults to 1 second - -""" -from docopt import docopt -import time -from colorsys import hsv_to_rgb -import json -import sys - -def calc_chain(numleds,val): - divisor = 1.0 / numleds - ret = [] - for i in range(numleds): - v = float(divisor * i + val) % 1 - r,g,b = hsv_to_rgb(v,0.9,1) - ret.append([int(r*255), - int(g*255), - int(b*255)]) - return ret - -def calc_single(numleds,val): - ret = [] - for i in range(numleds): - r,g,b = hsv_to_rgb(val,1,1) - ret.append([int(r*255), - int(g*255), - int(b*255)]) - return ret - -def main(): - args = docopt(__doc__) - numleds = int(args['NUMLEDS']) - mode = args['--mode'] - step = float(args['STEP'] or 0.01) - delay = float(args['DELAY'] or 1) - val = float(args['STARTVAL'] or 0) - last = [] - while True: - if mode == "chain": - ret = calc_chain(numleds,val) - elif mode == "single": - ret = calc_single(numleds,val) - - if args['--add-empty']: - ret.insert(0,[0,0,0]) - - # early serialization makes comparsion easy - ret = json.dumps(ret) - if not (args['--skip-unchanged'] and last == ret): - last = ret - print(ret) - sys.stdout.flush() - if args['single']: - break - else: - val += step % 1 - time.sleep(delay) - - - -if __name__ == "__main__": - main() -- cgit v1.2.3 From d95ff6942d2244a7f019032787073e5f087755c2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 11 May 2017 16:16:13 +0200 Subject: l 3 l: .internet -> .i --- krebs/3modules/lass/default.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index cd8238dc1..b86e05319 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -10,7 +10,7 @@ with import ; internet = { ip4.addr = "144.76.172.188"; aliases = [ - "dishfire.internet" + "dishfire.i" ]; ssh.port = 45621; }; @@ -42,7 +42,7 @@ with import ; internet = { ip4.addr = "104.233.79.118"; aliases = [ - "echelon.internet" + "echelon.i" ]; ssh.port = 45621; }; @@ -82,9 +82,8 @@ with import ; internet = { ip4.addr = "213.239.205.240"; aliases = [ - "prism.internet" + "prism.i" "paste.i" - "paste.internet" ]; ssh.port = 45621; }; @@ -132,7 +131,7 @@ with import ; internet = { ip4.addr = "104.167.113.104"; aliases = [ - "cloudkrebs.internet" + "cloudkrebs.i" ]; ssh.port = 45621; }; -- cgit v1.2.3 From d92281cf4dc8244076a9826f1586d287db5be9ef Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 11 May 2017 16:40:51 +0200 Subject: m 2 led-fader: use ampel --- makefu/2configs/deployment/led-fader.nix | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index fee741997..a18416497 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -3,6 +3,26 @@ with import ; let mq = "192.168.8.11"; + + pkg = pkgs.stdenv.mkDerivation { + name = "ampel-master"; + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/ampel"; + rev = "07a6791de368e16cc0864d2676fd255eba522cee"; + sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q"; + }; + buildInputs = [ + (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ + docopt + paho-mqtt + ])) + ]; + installPhase = '' + install -m755 -D fade.py $out/bin/fade.py + install -m755 -D ampel.py $out/bin/ampel + install -m755 -D times.json $out/share/times.json + ''; + }; in { systemd.services.led-fader = { description = "Send led change to message queue"; @@ -10,17 +30,9 @@ in { NIX_PATH = "/var/src"; }; wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ - nix # nix-shell - mosquitto #mosquitto_pub - bash # nix-shell - ]; serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell - ExecStart = pkgs.writeDash "run-fader" '' - ${./fade.py} --add-empty --mode chain 3 loop --skip-unchanged 0.002 0.1 \ - | mosquitto_pub -h ${mq} -p 1883 -l -t '/leds/nodemcu-switcher/set' - ''; + ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; PrivateTmp = true; }; }; -- cgit v1.2.3 From a6abeed21da488e8997c4ee8bdc0344119317bac Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 11 May 2017 18:02:24 +0200 Subject: l 2 w lass: /etc/hosts -> pkgs.retiolum-hosts --- lass/2configs/websites/lassulus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 9d5f2645d..0771570ca 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -81,7 +81,7 @@ in { alias ${config.krebs.tinc.retiolum.hostsArchive}; ''; locations."= /retiolum.hosts".extraConfig = '' - alias /etc/hosts; + alias ${pkgs.retiolum-hosts}; ''; locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; -- cgit v1.2.3 From b51c69dbde19a6b7a5f04b790e038208cbc4a6b6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 11 May 2017 18:03:51 +0200 Subject: l 2 mpv: install mpv for all users --- lass/2configs/mpv.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index d9c6274db..bb068e7a1 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -34,7 +34,7 @@ let down = moveToDir "Y" "./down"; in { - krebs.per-user.lass.packages = [ + environment.systemPackages = [ mpv ]; } -- cgit v1.2.3 From 1ec9f84c651e048705b0201c3dcc9547f63611d0 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:29:46 +0200 Subject: m 2: mv base-gui gui/base --- makefu/1systems/tsp.nix | 2 +- makefu/1systems/wbob.nix | 26 +++------- makefu/2configs/base-gui.nix | 97 -------------------------------------- makefu/2configs/gui/base.nix | 97 ++++++++++++++++++++++++++++++++++++++ makefu/2configs/gui/studio.nix | 22 +++++++++ makefu/2configs/gui/urxvtd.nix | 21 +++++++++ makefu/2configs/gui/wbob-kiosk.nix | 23 +++++++++ makefu/2configs/main-laptop.nix | 2 +- makefu/2configs/urxvtd.nix | 21 --------- 9 files changed, 172 insertions(+), 139 deletions(-) delete mode 100644 makefu/2configs/base-gui.nix create mode 100644 makefu/2configs/gui/base.nix create mode 100644 makefu/2configs/gui/studio.nix create mode 100644 makefu/2configs/gui/urxvtd.nix create mode 100644 makefu/2configs/gui/wbob-kiosk.nix delete mode 100644 makefu/2configs/urxvtd.nix diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 9809abf4c..25fc2b49b 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -7,7 +7,7 @@ imports = [ # Include the results of the hardware scan. ../. - ../2configs/base-gui.nix + ../2configs/gui/base.nix ../2configs/fs/sda-crypto-root.nix # hardware specifics are in here ../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index f2c42692c..5b9938ffa 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -1,14 +1,14 @@ { config, pkgs, lib, ... }: -let +let rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115"; datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F"; + user = config.makefu.gui.user; in { imports = [ # Include the results of the hardware scan. ../. ../2configs/zsh-user.nix - ../2configs/base-gui.nix ../2configs/tools/core.nix ../2configs/tools/core-gui.nix ../2configs/tools/extra-gui.nix @@ -17,6 +17,10 @@ in { ../2configs/tinc/retiolum.nix ../2configs/mqtt.nix ../2configs/deployment/led-fader.nix + # ../2configs/gui/wbob-kiosk.nix + + ../2configs/gui/studio.nix + ../2configs/vncserver.nix ]; krebs = { @@ -26,22 +30,6 @@ in { swapDevices = [ { device = "/var/swap"; } ]; - services.xserver = { - layout = lib.mkForce "de"; - - windowManager = lib.mkForce { - awesome.enable = false; - default = "none"; - }; - desktopManager.xfce.enable = true; - - # xrandrHeads = [ "HDMI1" "HDMI2" ]; - # prevent screen from turning off, disable dpms - displayManager.sessionCommands = '' - xset s off -dpms - xrandr --output HDMI2 --right-of HDMI1 - ''; - }; networking.firewall.allowedUDPPorts = [ 655 ]; networking.firewall.allowedTCPPorts = [ 655 49152 ]; @@ -88,7 +76,7 @@ in { # TODO: add crypto layer systemd.services."synergy-client" = { environment.DISPLAY = ":0"; - serviceConfig.User = "makefu"; + serviceConfig.User = user; }; services.synergy = { diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix deleted file mode 100644 index 1a19ab36b..000000000 --- a/makefu/2configs/base-gui.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ config, lib, pkgs, ... }: -## -# of course this name is a lie -# - it prepares a GUI environment close to my -# current configuration,specifically: -# -# * autologin with mainUser into awesome -# * audio -# * terminus font -# -# if this is not enough, check out main-laptop.nix - - -with import ; -let - mainUser = config.krebs.build.user.name; -in -{ - imports = [ - ./urxvtd.nix - ]; - - services.xserver = { - enable = true; - layout = "us"; - xkbVariant = "altgr-intl"; - xkbOptions = "ctrl:nocaps"; - - windowManager = { - awesome.enable = true; - awesome.luaModules = [ pkgs.luaPackages.vicious ]; - default = "awesome"; - }; - - displayManager.auto.enable = true; - displayManager.auto.user = mainUser; - desktopManager.xterm.enable = false; - }; - # lid switch is handled via button presses - services.logind.extraConfig = mkDefault "HandleLidSwitch=ignore"; - makefu.awesome.enable = true; - i18n.consoleFont = "Lat2-Terminus16"; - - fonts = { - enableCoreFonts = true; - enableFontDir = true; - enableGhostscriptFonts = true; - fonts = [ pkgs.terminus_font ]; - }; - - environment.systemPackages = with pkgs;[ - pavucontrol - xlockmore - rxvt_unicode-with-plugins - firefox - ]; - users.extraUsers.${mainUser}.extraGroups = [ "audio" ]; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - services.xserver.displayManager.sessionCommands = let - xdefaultsfile = pkgs.writeText "Xdefaults" '' - cat |derp <; +let + mainUser = config.krebs.build.user.name; +in +{ + imports = [ + ./urxvtd.nix + ]; + + services.xserver = { + enable = true; + layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "ctrl:nocaps"; + + windowManager = { + awesome.enable = true; + awesome.luaModules = [ pkgs.luaPackages.vicious ]; + default = "awesome"; + }; + + displayManager.auto.enable = true; + displayManager.auto.user = mainUser; + desktopManager.xterm.enable = false; + }; + # lid switch is handled via button presses + services.logind.extraConfig = mkDefault "HandleLidSwitch=ignore"; + makefu.awesome.enable = true; + i18n.consoleFont = "Lat2-Terminus16"; + + fonts = { + enableCoreFonts = true; + enableFontDir = true; + enableGhostscriptFonts = true; + fonts = [ pkgs.terminus_font ]; + }; + + environment.systemPackages = with pkgs;[ + pavucontrol + xlockmore + rxvt_unicode-with-plugins + firefox + ]; + users.extraUsers.${mainUser}.extraGroups = [ "audio" ]; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + services.xserver.displayManager.sessionCommands = let + xdefaultsfile = pkgs.writeText "Xdefaults" '' + cat |derp < Date: Fri, 12 May 2017 11:30:26 +0200 Subject: k 3 m: retab --- krebs/3modules/makefu/default.nix | 49 ++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 7e098eea1..33202d0ab 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -26,30 +26,30 @@ with import ; }; }; }; - studio = rec { - cores = 4; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; - nets = { - retiolum = { - ip4.addr = "10.243.227.163"; - ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6"; - aliases = [ - "studio.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti - cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk - GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI - jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1 - 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu - 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; + studio = rec { + cores = 4; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; + nets = { + retiolum = { + ip4.addr = "10.243.227.163"; + ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6"; + aliases = [ + "studio.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti + cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk + GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI + jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1 + 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu + 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; fileleech = rec { cores = 4; @@ -474,6 +474,7 @@ with import ; nets = rec { internet = { ip4.addr = "188.68.40.19"; + ip6.addr = "2a03:4000:17:2df::1"; aliases = [ "gum.i" ]; -- cgit v1.2.3 From 7a7612fb4d32349ba0ad87531845e65a8ee54deb Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:31:46 +0200 Subject: m 2 audio: init --- makefu/2configs/audio/jack-on-pulse.nix | 45 ++++++++++++++++++++++++++++++++ makefu/2configs/audio/realtime-audio.nix | 12 +++++++++ makefu/2configs/sources/default.nix | 7 +++++ makefu/2configs/sources/musnix.nix | 6 +++++ 4 files changed, 70 insertions(+) create mode 100644 makefu/2configs/audio/jack-on-pulse.nix create mode 100644 makefu/2configs/audio/realtime-audio.nix create mode 100644 makefu/2configs/sources/default.nix create mode 100644 makefu/2configs/sources/musnix.nix diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix new file mode 100644 index 000000000..09d03ea9f --- /dev/null +++ b/makefu/2configs/audio/jack-on-pulse.nix @@ -0,0 +1,45 @@ +{ config, pkgs, ... }: +let + pulse = pkgs.pulseaudioFull; + user = config.makefu.gui.user; +in +{ + sound.enable = true; + hardware.pulseaudio = { + enable = true; + package = pulse; + }; + + environment.systemPackages = with pkgs; [ jack2Full ]; + # from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html + + systemd.services = { + jackdbus = { + description = "Runs jack, and points pulseaudio at it"; + serviceConfig = { + User = user; + Type = "oneshot"; + ExecStart = pkgs.writeScript "start_jack.sh" '' + #! ${pkgs.bash}/bin/bash + . ${config.system.build.setEnvironment} + sleep 5 # wait for the gui to load + + ${pkgs.jack2Full}/bin/jack_control start + sleep 3 # give some time for sources/sinks to be created + + ${pulse}/bin/pacmd set-default-sink jack_out + ${pulse}/bin/pacmd set-default-source jack_in + ''; + ExecStop = pkgs.writeScript "stop_jack.sh" '' + #! ${pkgs.bash}/bin/bash + . ${config.system.build.setEnvironment} + + ${pkgs.jack2Full}/bin/jack_control stop + ''; + RemainAfterExit = true; + }; + after = [ "display-manager.service" "sound.target" ]; + wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/makefu/2configs/audio/realtime-audio.nix b/makefu/2configs/audio/realtime-audio.nix new file mode 100644 index 000000000..d9709e4b7 --- /dev/null +++ b/makefu/2configs/audio/realtime-audio.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +let + user = config.makefu.gui.user; +in +{ + imports = [ + ../sources/musnix.nix # populate musnix + + ]; + musnix.enable = true; + users.users."${user}".extraGroups = [ "audio" ]; +} diff --git a/makefu/2configs/sources/default.nix b/makefu/2configs/sources/default.nix new file mode 100644 index 000000000..232117aec --- /dev/null +++ b/makefu/2configs/sources/default.nix @@ -0,0 +1,7 @@ +# the builder pc (my laptop) will also require the sources i use to deploy +# other boxes +{ + imports = [ + ./musnix.nix + ]; +} diff --git a/makefu/2configs/sources/musnix.nix b/makefu/2configs/sources/musnix.nix new file mode 100644 index 000000000..d02dd4a48 --- /dev/null +++ b/makefu/2configs/sources/musnix.nix @@ -0,0 +1,6 @@ +{ + krebs.build.source.musnix.git = { + url = https://github.com/musnix/musnix.git; + ref = "37a8378"; + }; +} -- cgit v1.2.3 From 89b254d485c8babbd7c4f329c52681dd9cc1a8e2 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:32:12 +0200 Subject: m 2 backup: provide borgbackup --- makefu/2configs/backup.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 9ed890326..1cc78bfc1 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: with import ; let # preparation: @@ -32,4 +32,7 @@ in { # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; }; + environment.systemPackages = [ + pkgs.borgbackup + ]; } -- cgit v1.2.3 From f87ff0023c32511055695eb4e0dfecc63bc736bc Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:32:29 +0200 Subject: m 2 wbob: use realtime audio --- makefu/1systems/wbob.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index 5b9938ffa..7f465ec72 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -20,6 +20,8 @@ in { # ../2configs/gui/wbob-kiosk.nix ../2configs/gui/studio.nix + ../2configs/audio/jack-on-pulse.nix + ../2configs/audio/realtime-audio.nix ../2configs/vncserver.nix ]; -- cgit v1.2.3 From 4e3ca6651ebbfc77b927e7a3694a002c79939776 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:33:12 +0200 Subject: m 1 x: also deploy sources --- makefu/1systems/x.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 65df426e5..d1503c8d7 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -38,6 +38,8 @@ with import ; # ../2configs/temp/sabnzbd.nix + # development + ../2configs/sources # Krebs # ../2configs/disable_v6.nix -- cgit v1.2.3 From e971a641bd3b9dafaff38821e8c4d741c5f4f900 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:33:35 +0200 Subject: m 5 alsa-tools: gtk -> gtk3 --- makefu/5pkgs/alsa-tools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/5pkgs/alsa-tools/default.nix b/makefu/5pkgs/alsa-tools/default.nix index 9a672f048..5134c10ec 100644 --- a/makefu/5pkgs/alsa-tools/default.nix +++ b/makefu/5pkgs/alsa-tools/default.nix @@ -1,4 +1,4 @@ -{stdenv,alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk}: +{stdenv,alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk3}: stdenv.mkDerivation rec { name = "alsa-${alsaToolTarget}-${version}"; @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { sha256 = "1lgvyb81md25s9ciswpdsbibmx9s030kvyylf0673w3kbamz1awl"; }; sourceRoot = "${alsaToolsName}/${alsaToolTarget}/"; - buildInputs = [ alsaLib fltk13 gtk ncurses ]; + buildInputs = [ alsaLib fltk13 gtk3 ncurses ]; meta = { homepage = http://www.alsa-project.org/; -- cgit v1.2.3 From 783ddcf4834a3f374e4c7dbe20ab2bd879bc5d84 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:34:21 +0200 Subject: m 3 taskserver: make dirs accessible again otherwise taskserver will not boot up --- makefu/3modules/taskserver.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/3modules/taskserver.nix b/makefu/3modules/taskserver.nix index 808e70425..40a18fe05 100644 --- a/makefu/3modules/taskserver.nix +++ b/makefu/3modules/taskserver.nix @@ -41,8 +41,8 @@ let Type = "simple"; ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}"; WorkingDirectory = cfg.workingDir; - PrivateTmp = true; - InaccessibleDirectories = "/home /boot /opt /mnt /media"; + # PrivateTmp = true; + # InaccessibleDirectories = "/home /boot /opt /mnt /media"; User = "taskd"; }; }; -- cgit v1.2.3 From 1f9ddd9c6f8cdd9ce1b5a6bb9dc65475e2a90e62 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:34:41 +0200 Subject: m 2 avahi: init --- makefu/2configs/avahi.nix | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 makefu/2configs/avahi.nix diff --git a/makefu/2configs/avahi.nix b/makefu/2configs/avahi.nix new file mode 100644 index 000000000..59f59fd80 --- /dev/null +++ b/makefu/2configs/avahi.nix @@ -0,0 +1,8 @@ +{ pkgs, ...}: +{ + services.avahi = { + enable = true; + wideArea = false; + }; + environment.systemPackages = [ pkgs.avahi ]; +} -- cgit v1.2.3 From 4c2408763eec98ec9cecf340dccfffa34a0c3cb0 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:35:35 +0200 Subject: m: init and use 'makefu.gui.user' --- makefu/2configs/vncserver.nix | 70 ++++++++++++++++++++++++++++----------- makefu/3modules/server-config.nix | 5 +++ makefu/5pkgs/novnc/default.nix | 41 +++++++++++++++++++++++ 3 files changed, 97 insertions(+), 19 deletions(-) create mode 100644 makefu/5pkgs/novnc/default.nix diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix index 2e8e50feb..c56b3e294 100644 --- a/makefu/2configs/vncserver.nix +++ b/makefu/2configs/vncserver.nix @@ -5,26 +5,58 @@ let pwtmp = "/tmp/vnc-password"; # nixos-unstable tigervnc is currently broken :\ package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc; - User = "makefu"; - port = 5900; + user = config.makefu.gui.user; + vnc_port = 5900; + web_port = 6080; in { - networking.firewall.allowedTCPPorts = [ port ]; - networking.firewall.allowedUDPPorts = [ port ]; + networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ]; + systemd.services = { + terminal-server = { + description = "VNC Terminal Server"; + after = [ "display-manager.service" "graphical.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = user; + Restart = "always"; + ExecStartPre = pkgs.writeDash "terminal-pre" '' + sleep 5 + install -m0700 -o ${user} ${pwfile} ${pwtmp} + ''; + ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}"; + PermissionsStartOnly = true; + PrivateTmp = true; + }; + }; + terminal-web = { + description = "noVNC Web Server"; + after = [ "terminal-server.service" "graphical.target" "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}"; + PrivateTmp = true; + }; + }; + }; + services.nginx.enable = true; + services.nginx.virtualHosts._.locations = { + "/" = { + root = "${pkgs.novnc}"; + index = "vnc_auto.html"; + }; + "/websockify" = { + proxyPass = "http://127.0.0.1:6080/"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; - systemd.services."terminal-server" = { - description = "Terminal Server"; - after = [ "display-manager.service" ]; - wantedBy = [ "graphical.target" ]; - serviceConfig = { - inherit User; - ExecStartPre = pkgs.writeDash "terminal-pre" '' - - set -eufx - install -m0700 -o ${User} ${pwfile} ${pwtmp} + # VNC connection timeout + proxy_read_timeout 61s; + + # Disable cache + proxy_buffering off; ''; - ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString port} -passwordfile ${pwtmp}"; - PermissionsStartOnly = true; - PrivateTmp = true; - }; - }; + }; + }; } diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix index dbd29d748..846642580 100644 --- a/makefu/3modules/server-config.nix +++ b/makefu/3modules/server-config.nix @@ -6,5 +6,10 @@ with import ; type = types.str; description = "Primary interface of the server"; }; + options.makefu.gui.user = lib.mkOption { + type = types.str; + description = "GUI user"; + default = config.krebs.build.user.name; + }; } diff --git a/makefu/5pkgs/novnc/default.nix b/makefu/5pkgs/novnc/default.nix new file mode 100644 index 000000000..b1d62248d --- /dev/null +++ b/makefu/5pkgs/novnc/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, pkgs }: +# source: https://github.com/hyphon81/Nixtack/blob/master/noVNC/noVNC.nix +let +in + +stdenv.mkDerivation rec { + name = "novnc-${version}"; + version = "0.6.2"; + + src = fetchurl { + url = "https://github.com/novnc/noVNC/archive/v${version}.tar.gz"; + sha256 = "16ygbdzdmnfg9a26d9il4a6fr16qmq0ix9imfbpzl0drfbj7z8kh"; + }; + p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify + pkgs.coreutils pkgs.which pkgs.procps ]; + # TODO: propagatedBuildInputs does not seem to work with shell scripts + patchPhase = '' + sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh + ''; + installPhase = '' + mkdir -p $out/bin + cp utils/launch.sh $out/bin/launch-novnc.sh + chmod +x $out/bin/launch-novnc.sh + mkdir -p $out/images + cp -r images/* $out/images/ + mkdir -p $out/include + cp -r include/* $out/include/ + cp favicon.ico $out + cp vnc.html $out + cp vnc_auto.html $out + ''; + + meta = with stdenv.lib; { + homepage = http://novnc.com/info.html; + repositories.git = git://github.com/novnc/noVNC.git; + description = '' + A HTML5 VNC Client + ''; + license = licenses.mpl20; + }; +} -- cgit v1.2.3 From 5c7a36ab51fbfe89ddc76f979fbab9cd0f40e664 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:36:11 +0200 Subject: m 5 shackie: init --- makefu/5pkgs/shackie/default.nix | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 makefu/5pkgs/shackie/default.nix diff --git a/makefu/5pkgs/shackie/default.nix b/makefu/5pkgs/shackie/default.nix new file mode 100644 index 000000000..ce926fcd6 --- /dev/null +++ b/makefu/5pkgs/shackie/default.nix @@ -0,0 +1,33 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python3Packages; +let + asyncio-irc = buildPythonPackage rec { + name = "asyncio-irc-${version}"; + version = "2016-09-02"; + src = fetchFromGitHub { + owner = "watchtower"; + repo = "asyncirc"; + rev = "5384d19"; + sha256 = "0xgzdvp0ig0im7r3vbqd3a9rzac0lkk2mvf7y4fw56p8k61df8nv"; + }; + propagatedBuildInputs = [ blinker ]; + }; +in +buildPythonPackage rec { + name = "shackie-${version}"; + version = "2017-04-24"; + propagatedBuildInputs = [ + asyncio-irc + beautifulsoup4 + lxml + pytz + redis + requests2 + ]; + src = fetchFromGitHub { + owner = "shackspace"; + repo = "shackie"; + rev = "e717ec7"; + sha256 = "1ffbjm3x2xcyxl42hfsjs5xg1pm0xsprdi5if9zxa5ycqydmiw3l"; + }; +} -- cgit v1.2.3 From d60e92f04b3b04deb2e638ab0f602094578ad71d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:37:00 +0200 Subject: m 2 git: init ampel --- makefu/2configs/git/cgit-retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 81a5cde81..96b6c303d 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -19,6 +19,7 @@ let cgit.desc = "Build new Stockholm hosts"; }; cac-api = { }; + ampel = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; -- cgit v1.2.3 From 4519913a656b5aad1a53e012e2622fd9884dd518 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:37:20 +0200 Subject: m 2 default: bump to c5badb1 --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 6cc891047..07f4a0543 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "4fac473"; # unstable @ 2017-03-31 + command-not-found + ref = "c5badb1"; # unstable @ 2017-05-09 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { -- cgit v1.2.3 From 43ac35b7494b45050e7c40243d623cca55564702 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:38:02 +0200 Subject: m 1 gum: enable v6 --- makefu/1systems/gum.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 93ca8f643..92c446212 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -4,8 +4,11 @@ with import ; let external-mac = "3a:66:48:8e:82:b2"; external-ip = config.krebs.build.host.nets.internet.ip4.addr; + external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; external-gw = "188.68.40.1"; + external-gw6 = "fe80::1"; external-netmask = 22; + external-netmask6 = 64; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; in { @@ -14,7 +17,7 @@ in { ../2configs/headless.nix ../2configs/fs/single-partition-ext4.nix - ../2configs/smart-monitor.nix + # ../2configs/smart-monitor.nix ../2configs/git/cgit-retiolum.nix ../2configs/backup.nix # ../2configs/mattermost-docker.nix @@ -55,7 +58,6 @@ in { # ../2configs/logging/central-logging-client.nix ]; - services.smartd.devices = [ { device = main-disk;} ]; makefu.dl-dir = "/var/download"; @@ -134,6 +136,11 @@ in { address = external-ip; prefixLength = external-netmask; }]; + interfaces.et0.ip6 = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + defaultGateway6 = external-gw6; defaultGateway = external-gw; nameservers = [ "8.8.8.8" ]; }; -- cgit v1.2.3 From 1d2bad9d10a09fddeba4e41547949ffd46d60334 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:38:45 +0200 Subject: m 1 studio: provide vnc and realtime audio --- makefu/1systems/studio.nix | 55 +++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/makefu/1systems/studio.nix b/makefu/1systems/studio.nix index f80dfc09a..400d9f883 100644 --- a/makefu/1systems/studio.nix +++ b/makefu/1systems/studio.nix @@ -2,32 +2,46 @@ { imports = [ ../. + ../2configs/vncserver.nix + ../2configs/vim.nix + ../2configs/disable_v6.nix + ../2configs/jack-on-pulse.nix + ../2configs/gui/studio.nix ]; + makefu.gui.user = "user"; # we use an extra user krebs = { enable = true; tinc.retiolum.enable = true; build.host = config.krebs.hosts.studio; }; + networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedUDPPorts = [ 655 ]; - users.users.user = { - isNormalUser = true; - extraGroups = [ "wheel" "audio" ]; - uid = 1000; - }; environment.systemPackages = with pkgs;[ + # audio foo + ## pulseaudio pavucontrol + paprefs + pamixer + + # extra alsa tools + alsa-hdspconf + alsa-hdspmixer + alsa-hdsploader + + # recording + darkice + (mumble.override { jackSupport = true; }) + + # browsing firefox chromium ]; - sound.enable = true; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; + nixpkgs.config.allowUnfree = true; fonts = { enableCoreFonts = true; enableFontDir = true; @@ -35,21 +49,6 @@ fonts = [ ]; }; # ingos favorite display manager - services.xserver.displayManager.sddm = { - enable = true; - autoLogin.enable = true; - autoLogin.user = "user"; - }; - services.xserver.desktopManager.plasma5.enable = true; - services.xserver.layout = "us"; - services.xserver.xkbVariant = "altgr-intl"; - services.xserver.xkbOptions = "ctrl:nocaps"; - - i18n = { - consoleKeyMap = "us-int"; - defaultLocale = "en_US.UTF-8"; - }; - # hardware @@ -67,4 +66,10 @@ }; swapDevices = [ { device = "/dev/disk/by-uuid/1914af67-5a8f-41d3-a1c2-211c39605da9"; } ]; + users.users.user = { + isNormalUser = true; + extraGroups = [ "wheel" "audio" ]; + uid = 1000; + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; } -- cgit v1.2.3 From 39c264108329a412446c091852dd5a655da38b27 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 15:37:11 +0200 Subject: m 2 default: bump to 0afb6d7 fixes virt-manager broken build --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 07f4a0543..7d0faae94 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "c5badb1"; # unstable @ 2017-05-09 + ref = "0afb6d7"; # unstable @ 2017-05-09 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { -- cgit v1.2.3 From aa7fc6786d5195babca6aaefbd0509a87e474add Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 17:52:37 +0200 Subject: m: requests2 -> requests --- makefu/5pkgs/acdcli/default.nix | 2 +- makefu/5pkgs/bintray-upload/default.nix | 2 +- makefu/5pkgs/devpi/default.nix | 2 +- makefu/5pkgs/elchhub/default.nix | 2 +- makefu/5pkgs/shackie/default.nix | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/makefu/5pkgs/acdcli/default.nix b/makefu/5pkgs/acdcli/default.nix index 6442fecbf..13b19e482 100644 --- a/makefu/5pkgs/acdcli/default.nix +++ b/makefu/5pkgs/acdcli/default.nix @@ -4,7 +4,7 @@ with python3Packages; buildPythonPackage rec { name = "acdcli-${version}"; version = "0.3.2"; propagatedBuildInputs = [ - dateutil colorama fusepy appdirs requests2 requests_toolbelt six + dateutil colorama fusepy appdirs requests requests_toolbelt six ]; src = fetchurl { url = "mirror://pypi/a/acdcli/${name}.tar.gz"; diff --git a/makefu/5pkgs/bintray-upload/default.nix b/makefu/5pkgs/bintray-upload/default.nix index 1e9582cca..099b8ca88 100644 --- a/makefu/5pkgs/bintray-upload/default.nix +++ b/makefu/5pkgs/bintray-upload/default.nix @@ -10,7 +10,7 @@ pkgs.python3Packages.buildPythonPackage rec { sha256 = "1401saisk98n5wgw73nwh8hb484vayw5c6dlypxc1fp4ybym4zi9"; }; - propagatedBuildInputs = with pkgs.python3Packages; [ requests2 ]; + propagatedBuildInputs = with pkgs.python3Packages; [ requests ]; meta = { description = "Simple BinTray utility for uploading packages"; diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix index 020b2fdc2..e7c26da55 100644 --- a/makefu/5pkgs/devpi/default.nix +++ b/makefu/5pkgs/devpi/default.nix @@ -56,7 +56,7 @@ let sha256 = "0l3a7iyk596x6pvzg7604lzzi012qszr804fqn6f517zcy1xz23j"; }; - propagatedBuildInputs = with pkgs.python3Packages; [ requests2 py ]; + propagatedBuildInputs = with pkgs.python3Packages; [ requests py ]; meta = { homepage = https://bitbucket.org/hpk42/devpi; diff --git a/makefu/5pkgs/elchhub/default.nix b/makefu/5pkgs/elchhub/default.nix index a28267cb1..76ba834ab 100644 --- a/makefu/5pkgs/elchhub/default.nix +++ b/makefu/5pkgs/elchhub/default.nix @@ -16,7 +16,7 @@ in buildPythonPackage rec { version = "1.0.5"; propagatedBuildInputs = [ flask - requests2 + requests ftputil redis ]; diff --git a/makefu/5pkgs/shackie/default.nix b/makefu/5pkgs/shackie/default.nix index ce926fcd6..b6cf8afe6 100644 --- a/makefu/5pkgs/shackie/default.nix +++ b/makefu/5pkgs/shackie/default.nix @@ -22,7 +22,7 @@ buildPythonPackage rec { lxml pytz redis - requests2 + requests ]; src = fetchFromGitHub { owner = "shackspace"; -- cgit v1.2.3 From ddc78797c290044ebbe593eca66e731d15b3b288 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 12 May 2017 19:24:41 +0200 Subject: k 5 R sed: make pep80 happy --- krebs/5pkgs/Reaktor/scripts/sed-plugin.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py index 22b48e59d..f96b849e2 100644 --- a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py @@ -3,15 +3,17 @@ # Usage: # _from=krebs state_dir=. python sed-plugin.py 'dick butt' # _from=krebs state_dir=. python sed-plugin.py 's/t/l/g' -## dick bull +# > dick bull import shelve from os import environ from os.path import join from sys import argv -d = shelve.open(join(environ['state_dir'],'sed-plugin.shelve'),writeback=True) -usr = environ['_from'] import re +d = shelve.open(join(environ['state_dir'], 'sed-plugin.shelve'), writeback=True) +usr = environ['_from'] + + def is_regex(line): myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$') return myre.match(line) @@ -19,11 +21,11 @@ def is_regex(line): line = argv[1] if is_regex(line): - last = d.get(usr,None) + last = d.get(usr, None) if last: - from subprocess import Popen,PIPE - p = Popen(['sed',line],stdin=PIPE,stdout=PIPE) - so,se = p.communicate(bytes("{}\n".format(last),"UTF-8")) + from subprocess import Popen, PIPE + p = Popen(['sed', line], stdin=PIPE, stdout=PIPE) + so, se = p.communicate(bytes("{}\n".format(last), "UTF-8")) if p.returncode: print("something went wrong when trying to process your regex: {}".format(se.decode())) ret = so.decode() -- cgit v1.2.3 From d04f5af71e0861210a6a307aa8d3289abed2ada8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 12 May 2017 19:25:39 +0200 Subject: k 5 R sed: write english --- krebs/5pkgs/Reaktor/scripts/sed-plugin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py index f96b849e2..da8e2f726 100644 --- a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py @@ -29,7 +29,7 @@ if is_regex(line): if p.returncode: print("something went wrong when trying to process your regex: {}".format(se.decode())) ret = so.decode() - print("\x1b[1m{}\x1b[0m meinte: {}".format(usr,ret.strip())) + print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) if ret: d[usr] = ret -- cgit v1.2.3 From e4ddb51e2fbd561ffc436f871eecff5636c7edd6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 12 May 2017 19:34:19 +0200 Subject: l 3 news: init --- lass/3modules/default.nix | 1 + lass/3modules/news.nix | 76 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 lass/3modules/news.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 959c9d1b4..73692446a 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -5,6 +5,7 @@ _: ./folderPerms.nix ./hosts.nix ./mysql-backup.nix + ./news.nix ./umts.nix ./usershadow.nix ./xresources.nix diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix new file mode 100644 index 000000000..ecf43ab0a --- /dev/null +++ b/lass/3modules/news.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let + cfg = config.lass.news; + + out = { + options.lass.news = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "umts"; + feeds = mkOption { + type = types.listOf (types.submodule { options = { + nick = mkOption { + type = types.str; + }; + feedurl = mkOption { + type = types.str; + }; + interval = mkOption { + type = types.int; + default = 1000; + }; + channels = mkOption { + type = types.listOf types.str; + }; + };}); + }; + user = mkOption { + type = types.user; + default = { + name = "news"; + home = "/var/lib/news"; + }; + }; + ircServer = mkOption { + type = types.str; + default = "echelon.r"; + description = "to which server the bot should connect"; + }; + }; + + imp = { + + users.users.${cfg.user.name} = { + inherit (cfg.user) home name uid; + createHome = true; + }; + + systemd.services = listToAttrs (map (feed: + nameValuePair "news-${feed.nick}" { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + SyslogIdentifier = "news-${feed.nick}"; + User = cfg.user.name; + PrivateTmp = true; + Restart = "always"; + ExecStart = pkgs.writeDash "news-${feed.nick}" '' + ${pkgs.haskellPackages.news}/bin/news '${feed.feedurl}' '${toString feed.interval}' \ + | ${pkgs.goify}/bin/goify \ + | while :; do + ${pkgs.haskellPackages.kirk}/bin/ircout --nick '${feed.nick}' --host '${cfg.ircServer}' \ + \${concatStringsSep " \\" feed.channels} + done + ''; + }; + } + ) cfg.feeds); + + }; + +in out -- cgit v1.2.3 From 402473e25b5e5b6a88f1501cea5a7bd4ae00ce0d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 15 May 2017 15:19:41 +0200 Subject: l 5 xml2json: init --- lass/5pkgs/default.nix | 1 + lass/5pkgs/xml2json/default.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 lass/5pkgs/xml2json/default.nix diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index fd52325ae..6e6ba56fa 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -19,6 +19,7 @@ q = pkgs.callPackage ./q {}; rs = pkgs.callPackage ./rs/default.nix {}; urban = pkgs.callPackage ./urban/default.nix {}; + xml2json = pkgs.callPackage ./xml2json/default.nix {}; xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; }; yt-next = pkgs.callPackage ./yt-next/default.nix {}; }; diff --git a/lass/5pkgs/xml2json/default.nix b/lass/5pkgs/xml2json/default.nix new file mode 100644 index 000000000..78690d4b7 --- /dev/null +++ b/lass/5pkgs/xml2json/default.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: +let + pp = pkgs.python35Packages; +in pp.buildPythonPackage rec { + name = "xml2json-${version}"; + version = "22ffcd"; + propagatedBuildInputs = [ + pp.simplejson + ]; + src = pkgs.fetchFromGitHub { + owner = "hay"; + repo = "xml2json"; + rev = "${version}"; + sha256 = "1snjd6q6bk517350gdrl8kkphkra0iaz56i583h2q57ab09r29vc"; + }; + doCheck = false; +} -- cgit v1.2.3 From a5b18f7d696a1ec628dc2a59cc2c6fe6b685c2f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 15 May 2017 18:02:04 +0200 Subject: l 2 nixpkgs: 11b82a9 -> 2bb9c1c --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 86b7d6d2a..49c44aa88 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "11b82a9"; + ref = "2bb9c1c"; }; } -- cgit v1.2.3 From 1aa20d39d7361a7f1555191997496011a307ef3f Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 15 May 2017 22:52:48 +0200 Subject: m 2 urlwatch: follow msf --- makefu/2configs/urlwatch.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index d1dcec657..9493b2b7b 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -20,6 +20,7 @@ https://api.github.com/repos/dorimanx/exfat-nofuse/commits https://api.github.com/repos/dorimanx/exfat-nofuse/tags https://api.github.com/repos/radare/radare2/tags + https://api.github.com/repos/rapid7/metasploit-framework/tags ]; }; } -- cgit v1.2.3 From 56116a4dfa7369787c4f09ed2bb8a2cfd3ed976f Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 15 May 2017 22:53:13 +0200 Subject: m 2 default: fix nixpkgs requests2 fuckup --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 7d0faae94..0d61e8dee 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "0afb6d7"; # unstable @ 2017-05-09 + ref = "a772c3a"; # unstable @ 2017-05-09 + graceful requests2 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { -- cgit v1.2.3 From 44c3a498693e6d40bd7d09460a6c2dabb08fcd65 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 15 May 2017 23:24:18 +0200 Subject: s 2 default: bump to 22da5d02466ffe465735986d705675982f3646a0 --- shared/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 49c0d3d95..e7f600cd0 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with import ; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 @ 2017-03-03 + ref = "22da5d02466ffe465735986d705675982f3646a0"; # nixos-17.03 @ 2017-05-13 }; secrets.file = if getEnv "dummy_secrets" == "true" -- cgit v1.2.3 From 44cc54eef16e1b309eff1b17dbb2cfe8ac76948d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 15 May 2017 23:38:50 +0200 Subject: weechat: 1.7.1 -> 1.8 --- krebs/5pkgs/weechat/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/weechat/default.nix b/krebs/5pkgs/weechat/default.nix index f5dc6a8d4..c703ca8bf 100644 --- a/krebs/5pkgs/weechat/default.nix +++ b/krebs/5pkgs/weechat/default.nix @@ -21,12 +21,12 @@ let in stdenv.mkDerivation rec { - version = "1.7.1"; + version = "1.8"; name = "weechat-${version}"; src = fetchurl { url = "http://weechat.org/files/src/weechat-${version}.tar.bz2"; - sha256 = "1020m1lsm8lg9n0dlxgp2wbn9b0r11g8r0namnzi2x6gvxn7iyf0"; + sha256 = "10km0437lg9ms6f16h20s89l2w9f9g597rykybxb16s95ql48z08"; }; outputs = [ "out" "doc" ]; -- cgit v1.2.3 From e6164ce3b3bab2efd14d0c03ada2f0f855f3f8cd Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 15 May 2017 23:40:52 +0200 Subject: l 3 news: use correct name in enable --- lass/3modules/news.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix index ecf43ab0a..06b80df8d 100644 --- a/lass/3modules/news.nix +++ b/lass/3modules/news.nix @@ -11,7 +11,7 @@ let }; api = { - enable = mkEnableOption "umts"; + enable = mkEnableOption "news"; feeds = mkOption { type = types.listOf (types.submodule { options = { nick = mkOption { -- cgit v1.2.3 From 5aba81b12a6ebef1f2da11364fc8239c23cf7e33 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 May 2017 09:38:33 +0200 Subject: l 2 buildbot: use correct NIX_PATH --- lass/2configs/buildbot-standalone.nix | 35 +++++++++++++---------------------- 1 file changed, 13 insertions(+), 22 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 7b38e44c6..151eec9c4 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -92,7 +92,6 @@ in { nixshell = [ "nix-shell", "-I", "stockholm=.", - "-I", "nixpkgs=/var/src/nixpkgs", "-p" ] + deps + [ "--run" ] @@ -107,11 +106,9 @@ in { for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: addShell(f,name="build-{}".format(i),env=env_shared, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -119,11 +116,9 @@ in { for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -131,11 +126,9 @@ in { for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: addShell(f,name="build-{}".format(i),env=env_makefu, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -143,11 +136,9 @@ in { for i in [ "hiawatha", "onondaga" ]: addShell(f,name="build-{}".format(i),env=env_nin, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -211,7 +202,7 @@ in { ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ make system=prism pkgs.{}".format(i)]) bu.append(util.BuilderConfig(name="build-pkgs", -- cgit v1.2.3 From 7c77e866e745b607bfd0cc553df05179cca87328 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 May 2017 09:42:06 +0200 Subject: l 2 buildbot: use buildbotworker as user --- lass/2configs/buildbot-standalone.nix | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 151eec9c4..62b823c3f 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -246,7 +246,7 @@ in { options.lass.build-ssh-privkey = mkOption { type = types.secret-file; default = { - path = "${config.users.users.buildbotworker.home}/ssh.privkey"; + path = "${config.users.users.buildbotworker.home}/.ssh/id_rsa"; owner = { inherit (config.users.users.buildbotworker ) name uid;}; source-path = toString + "/build.ssh.key"; }; @@ -254,16 +254,10 @@ in { config.krebs.secret.files = { build-ssh-privkey = config.lass.build-ssh-privkey; }; - config.users.users = { - build = { - name = "build"; - uid = genid "build"; - home = "/home/build"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors" - ]; - }; + config.users.users.buildbotworker = { + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP" + ]; }; } -- cgit v1.2.3 From c82f8db1ce718ae927e6e47173114c255c9883fa Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 16 May 2017 14:30:14 +0200 Subject: m 2 realtime-audio:enable optimization --- makefu/2configs/audio/realtime-audio.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/makefu/2configs/audio/realtime-audio.nix b/makefu/2configs/audio/realtime-audio.nix index d9709e4b7..fbeacd025 100644 --- a/makefu/2configs/audio/realtime-audio.nix +++ b/makefu/2configs/audio/realtime-audio.nix @@ -8,5 +8,9 @@ in ]; musnix.enable = true; + musnix.kernel.optimize = true; + musnix.kernel.realtime = true; + # TODO: musnix.kernel.packages = pkgs.linuxPackages_latest_rt; + users.users."${user}".extraGroups = [ "audio" ]; } -- cgit v1.2.3 From 514dda7d1ea2757f0989cb5dcb20d49a5e29a76f Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 16 May 2017 16:49:40 +0200 Subject: m 2 wiki-irc: also notify #nixos --- makefu/2configs/deployment/wiki-irc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/deployment/wiki-irc.nix b/makefu/2configs/deployment/wiki-irc.nix index a7527f796..dc7c8afe8 100644 --- a/makefu/2configs/deployment/wiki-irc.nix +++ b/makefu/2configs/deployment/wiki-irc.nix @@ -40,9 +40,9 @@ in { file { path => "/tmp/logs.json" codec => "json_lines" } if [output] { irc { - channels => [ "#krebs" ] + channels => [ "#nixos" , "#krebs" ] host => "irc.freenode.net" - nick => "nixos-wiki" + nick => "nixos-users-wiki" format => "%{output}" } } -- cgit v1.2.3 From a89e7a5c75204c5d1ad825f25430830f718a0411 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 16 May 2017 22:03:42 +0200 Subject: krebs.tinc: expose confDir --- krebs/3modules/retiolum.nix | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 0a3d7ed2f..67d383bb1 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -18,6 +18,26 @@ let enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; + confDir = mkOption { + type = types.package; + default = pkgs.linkFarm "${netname}-etc-tinc" + (mapAttrsToList (name: path: { inherit name path; }) { + "hosts" = tinc.config.hostsPackage; + "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' + Name = ${tinc.config.host.name} + Interface = ${netname} + ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} + PrivateKeyFile = ${tinc.config.privkey.path} + Port = ${toString tinc.config.host.nets.${netname}.tinc.port} + ${tinc.config.extraConfig} + ''; + "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' + ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up + ${tinc.config.tincUp} + ''; + }); + }; + host = mkOption { type = types.host; default = config.krebs.build.host; @@ -179,25 +199,6 @@ let let tinc = cfg.tincPackage; iproute = cfg.iproutePackage; - - confDir = let - namePathPair = name: path: { inherit name path; }; - in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair { - "hosts" = cfg.hostsPackage; - "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" '' - Name = ${cfg.host.name} - Interface = ${netname} - ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} - PrivateKeyFile = ${cfg.privkey.path} - Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port} - ${cfg.extraConfig} - ''; - "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' - ${iproute}/sbin/ip link set ${netname} up - ${cfg.tincUp} - ''; - } - ); in { description = "Tinc daemon for ${netname}"; after = [ "network.target" ]; @@ -206,7 +207,7 @@ let path = [ tinc iproute ]; serviceConfig = rec { Restart = "always"; - ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; + ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; SyslogIdentifier = netname; }; } -- cgit v1.2.3 From fe639f585e9054096c2cee6e1a3cef9f22a37c78 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 May 2017 22:06:31 +0200 Subject: k3: retiolum.nix -> tinc.nix --- krebs/3modules/default.nix | 2 +- krebs/3modules/retiolum.nix | 216 -------------------------------------------- krebs/3modules/tinc.nix | 216 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 217 insertions(+), 217 deletions(-) delete mode 100644 krebs/3modules/retiolum.nix create mode 100644 krebs/3modules/tinc.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index daa963bc8..227eb209b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -34,10 +34,10 @@ let ./Reaktor.nix ./realwallpaper.nix ./retiolum-bootstrap.nix - ./retiolum.nix ./rtorrent.nix ./secret.nix ./setuid.nix + ./tinc.nix ./tinc_graphs.nix ./urlwatch.nix ./repo-sync.nix diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix deleted file mode 100644 index 67d383bb1..000000000 --- a/krebs/3modules/retiolum.nix +++ /dev/null @@ -1,216 +0,0 @@ -{ config, pkgs, lib, ... }: -with import ; -let - out = { - options.krebs.tinc = api; - config = imp; - }; - - api = mkOption { - default = {}; - description = '' - define a tinc network - ''; - type = with types; attrsOf (submodule (tinc: { - options = let - netname = tinc.config._module.args.name; - in { - - enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; - - confDir = mkOption { - type = types.package; - default = pkgs.linkFarm "${netname}-etc-tinc" - (mapAttrsToList (name: path: { inherit name path; }) { - "hosts" = tinc.config.hostsPackage; - "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' - Name = ${tinc.config.host.name} - Interface = ${netname} - ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} - PrivateKeyFile = ${tinc.config.privkey.path} - Port = ${toString tinc.config.host.nets.${netname}.tinc.port} - ${tinc.config.extraConfig} - ''; - "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' - ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up - ${tinc.config.tincUp} - ''; - }); - }; - - host = mkOption { - type = types.host; - default = config.krebs.build.host; - }; - - netname = mkOption { - type = types.enum (attrNames tinc.config.host.nets); - default = netname; - description = '' - The tinc network name. - It is used to name the TUN device and to generate the default value for - config.krebs.tinc.retiolum.hosts. - ''; - }; - - extraConfig = mkOption { - type = types.str; - default = ""; - description = '' - Extra Configuration to be appended to tinc.conf - ''; - }; - tincUp = mkOption { - type = types.string; - default = let - net = tinc.config.host.nets.${netname}; - iproute = tinc.config.iproutePackage; - in '' - ${optionalString (net.ip4 != null) /* sh */ '' - ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} - ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} - ''} - ${optionalString (net.ip6 != null) /* sh */ '' - ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} - ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} - ''} - ''; - description = '' - tinc-up script to be used. Defaults to setting the - krebs.host.nets..ip4 and ip6 for the new ips and - configures forwarding of the respecitive netmask as subnet. - ''; - }; - - tincPackage = mkOption { - type = types.package; - default = pkgs.tinc; - description = "Tincd package to use."; - }; - - hosts = mkOption { - type = with types; attrsOf host; - default = - filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts; - description = '' - Hosts to generate config.krebs.tinc.retiolum.hostsPackage. - Note that these hosts must have a network named - config.krebs.tinc.retiolum.netname. - ''; - }; - - hostsArchive = mkOption { - type = types.package; - default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} '' - ${pkgs.coreutils}/bin/ln -s ${tinc.config.hostsPackage} hosts - ${pkgs.gnutar}/bin/tar -hcjf $out hosts - ''; - readOnly = true; - }; - - hostsPackage = mkOption { - type = types.package; - default = pkgs.stdenv.mkDerivation { - name = "${tinc.config.netname}-tinc-hosts"; - phases = [ "installPhase" ]; - installPhase = '' - mkdir $out - ${concatStrings (lib.mapAttrsToList (_: host: '' - echo ${shell.escape host.nets."${tinc.config.netname}".tinc.config} \ - > $out/${shell.escape host.name} - '') tinc.config.hosts)} - ''; - }; - description = '' - Package of tinc host configuration files. By default, a package will - be generated from config.krebs.${tinc.config.netname}.hosts. This - option's main purpose is to expose the generated hosts package to other - modules, like config.krebs.tinc_graphs. But it can - also be used to provide a custom hosts directory. - ''; - example = literalExample '' - (pkgs.stdenv.mkDerivation { - name = "my-tinc-hosts"; - src = /home/tv/my-tinc-hosts; - installPhase = "cp -R . $out"; - }) - ''; - }; - - iproutePackage = mkOption { - type = types.package; - default = pkgs.iproute; - description = "Iproute2 package to use."; - }; - - privkey = mkOption { - type = types.secret-file; - default = { - path = "${tinc.config.user.home}/tinc.rsa_key.priv"; - owner = tinc.config.user; - source-path = toString + "/${tinc.config.netname}.rsa_key.priv"; - }; - }; - - connectTo = mkOption { - type = types.listOf types.str; - ${if tinc.config.netname == "retiolum" then "default" else null} = [ - "gum" - "ni" - "prism" - ]; - description = '' - The list of hosts in the network which the client will try to connect - to. These hosts should have an 'Address' configured which points to a - routeable IPv4 or IPv6 address. - - In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; - ''; - }; - - user = mkOption { - type = types.user; - default = { - name = tinc.config.netname; - home = "/var/lib/${tinc.config.user.name}"; - }; - }; - }; - })); - }; - - imp = { - # TODO `environment.systemPackages = [ cfg.tincPackage cfg.iproutePackage ]` for each network, - # avoid conflicts in environment if the packages differ - - krebs.secret.files = mapAttrs' (netname: cfg: - nameValuePair "${netname}.rsa_key.priv" cfg.privkey ) config.krebs.tinc; - - users.users = mapAttrs' (netname: cfg: - nameValuePair "${netname}" { - inherit (cfg.user) home name uid; - createHome = true; - } - ) config.krebs.tinc; - - systemd.services = mapAttrs (netname: cfg: - let - tinc = cfg.tincPackage; - iproute = cfg.iproutePackage; - in { - description = "Tinc daemon for ${netname}"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - requires = [ "secret.service" ]; - path = [ tinc iproute ]; - serviceConfig = rec { - Restart = "always"; - ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; - SyslogIdentifier = netname; - }; - } - ) config.krebs.tinc; - }; -in out diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix new file mode 100644 index 000000000..67d383bb1 --- /dev/null +++ b/krebs/3modules/tinc.nix @@ -0,0 +1,216 @@ +{ config, pkgs, lib, ... }: +with import ; +let + out = { + options.krebs.tinc = api; + config = imp; + }; + + api = mkOption { + default = {}; + description = '' + define a tinc network + ''; + type = with types; attrsOf (submodule (tinc: { + options = let + netname = tinc.config._module.args.name; + in { + + enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; + + confDir = mkOption { + type = types.package; + default = pkgs.linkFarm "${netname}-etc-tinc" + (mapAttrsToList (name: path: { inherit name path; }) { + "hosts" = tinc.config.hostsPackage; + "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' + Name = ${tinc.config.host.name} + Interface = ${netname} + ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} + PrivateKeyFile = ${tinc.config.privkey.path} + Port = ${toString tinc.config.host.nets.${netname}.tinc.port} + ${tinc.config.extraConfig} + ''; + "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' + ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up + ${tinc.config.tincUp} + ''; + }); + }; + + host = mkOption { + type = types.host; + default = config.krebs.build.host; + }; + + netname = mkOption { + type = types.enum (attrNames tinc.config.host.nets); + default = netname; + description = '' + The tinc network name. + It is used to name the TUN device and to generate the default value for + config.krebs.tinc.retiolum.hosts. + ''; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = '' + Extra Configuration to be appended to tinc.conf + ''; + }; + tincUp = mkOption { + type = types.string; + default = let + net = tinc.config.host.nets.${netname}; + iproute = tinc.config.iproutePackage; + in '' + ${optionalString (net.ip4 != null) /* sh */ '' + ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} + ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} + ''} + ${optionalString (net.ip6 != null) /* sh */ '' + ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} + ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} + ''} + ''; + description = '' + tinc-up script to be used. Defaults to setting the + krebs.host.nets..ip4 and ip6 for the new ips and + configures forwarding of the respecitive netmask as subnet. + ''; + }; + + tincPackage = mkOption { + type = types.package; + default = pkgs.tinc; + description = "Tincd package to use."; + }; + + hosts = mkOption { + type = with types; attrsOf host; + default = + filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts; + description = '' + Hosts to generate config.krebs.tinc.retiolum.hostsPackage. + Note that these hosts must have a network named + config.krebs.tinc.retiolum.netname. + ''; + }; + + hostsArchive = mkOption { + type = types.package; + default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} '' + ${pkgs.coreutils}/bin/ln -s ${tinc.config.hostsPackage} hosts + ${pkgs.gnutar}/bin/tar -hcjf $out hosts + ''; + readOnly = true; + }; + + hostsPackage = mkOption { + type = types.package; + default = pkgs.stdenv.mkDerivation { + name = "${tinc.config.netname}-tinc-hosts"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir $out + ${concatStrings (lib.mapAttrsToList (_: host: '' + echo ${shell.escape host.nets."${tinc.config.netname}".tinc.config} \ + > $out/${shell.escape host.name} + '') tinc.config.hosts)} + ''; + }; + description = '' + Package of tinc host configuration files. By default, a package will + be generated from config.krebs.${tinc.config.netname}.hosts. This + option's main purpose is to expose the generated hosts package to other + modules, like config.krebs.tinc_graphs. But it can + also be used to provide a custom hosts directory. + ''; + example = literalExample '' + (pkgs.stdenv.mkDerivation { + name = "my-tinc-hosts"; + src = /home/tv/my-tinc-hosts; + installPhase = "cp -R . $out"; + }) + ''; + }; + + iproutePackage = mkOption { + type = types.package; + default = pkgs.iproute; + description = "Iproute2 package to use."; + }; + + privkey = mkOption { + type = types.secret-file; + default = { + path = "${tinc.config.user.home}/tinc.rsa_key.priv"; + owner = tinc.config.user; + source-path = toString + "/${tinc.config.netname}.rsa_key.priv"; + }; + }; + + connectTo = mkOption { + type = types.listOf types.str; + ${if tinc.config.netname == "retiolum" then "default" else null} = [ + "gum" + "ni" + "prism" + ]; + description = '' + The list of hosts in the network which the client will try to connect + to. These hosts should have an 'Address' configured which points to a + routeable IPv4 or IPv6 address. + + In stockholm this can be done by configuring: + krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip + krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; + ''; + }; + + user = mkOption { + type = types.user; + default = { + name = tinc.config.netname; + home = "/var/lib/${tinc.config.user.name}"; + }; + }; + }; + })); + }; + + imp = { + # TODO `environment.systemPackages = [ cfg.tincPackage cfg.iproutePackage ]` for each network, + # avoid conflicts in environment if the packages differ + + krebs.secret.files = mapAttrs' (netname: cfg: + nameValuePair "${netname}.rsa_key.priv" cfg.privkey ) config.krebs.tinc; + + users.users = mapAttrs' (netname: cfg: + nameValuePair "${netname}" { + inherit (cfg.user) home name uid; + createHome = true; + } + ) config.krebs.tinc; + + systemd.services = mapAttrs (netname: cfg: + let + tinc = cfg.tincPackage; + iproute = cfg.iproutePackage; + in { + description = "Tinc daemon for ${netname}"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + requires = [ "secret.service" ]; + path = [ tinc iproute ]; + serviceConfig = rec { + Restart = "always"; + ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; + SyslogIdentifier = netname; + }; + } + ) config.krebs.tinc; + }; +in out -- cgit v1.2.3 From e1350904390ca40e9ab8186c0ff27d088431a430 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 May 2017 23:18:28 +0200 Subject: l 2 retiolum: don't open smtp --- lass/2configs/retiolum.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 7a7bf95be..647327de5 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -5,7 +5,6 @@ krebs.iptables = { tables = { filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } ]; -- cgit v1.2.3 From 0c2dc4ff66eded9f718a242bb342b366ee6c6978 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 May 2017 23:19:08 +0200 Subject: tinc module: add option enableLegacy --- krebs/3modules/tinc.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 67d383bb1..8af15c13b 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -17,6 +17,7 @@ let in { enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; + enableLegacy = mkEnableOption "/etc/tinc/${netname}"; confDir = mkOption { type = types.package; @@ -195,6 +196,12 @@ let } ) config.krebs.tinc; + environment.etc = mapAttrs' (netname: cfg: + nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy { + source = cfg.confDir; + }) + ) config.krebs.tinc; + systemd.services = mapAttrs (netname: cfg: let tinc = cfg.tincPackage; -- cgit v1.2.3 From f27676c5ea34a8d400988027e326c7022914bcf0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 May 2017 23:18:50 +0200 Subject: l 2 retiolum: enable legacy /etc/tinc --- lass/2configs/retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 647327de5..7f1b36c96 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -12,6 +12,7 @@ }; krebs.tinc.retiolum = { + enableLegacy = true; enable = true; connectTo = [ "prism" -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/8d300000.lock: No such file or directory (2)