Merge branch 'staging/jeschli' of prism.r:stockholm into staging/jeschli

This commit is contained in:
jeschli 2018-03-20 15:37:44 +01:00
commit 01358d3947
96 changed files with 1482 additions and 763 deletions

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
/.graveyard /.graveyard
/TODO /TODO
result

View File

@ -3,12 +3,13 @@
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
# bln config file
{ {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
<stockholm/jeschli> <stockholm/jeschli>
<stockholm/jeschli/2configs/virtualbox.nix> <stockholm/jeschli/2configs/virtualbox.nix>
<stockholm/jeschli/2configs/urxvt.nix>
./hardware-configuration.nix ./hardware-configuration.nix
# ./dcso-vpn.nix # ./dcso-vpn.nix
]; ];
@ -16,10 +17,18 @@
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
jeschliFontSize = 20;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
environment.shellAliases = { environment.shellAliases = {
n = "nix-shell"; n = "nix-shell";
gd = "cd /home/jeschli/go/src/gitlab.dcso.lolcat"; gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
gh = "cd /home/jeschli/go/src/github.com"; gh = "cd /home/markus/go/src/github.com";
stocki = pkgs.writeDash "deploy" '' stocki = pkgs.writeDash "deploy" ''
cd ~/stockholm cd ~/stockholm
LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"'
@ -33,6 +42,7 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
termite
# system helper # system helper
ag ag
copyq copyq
@ -57,6 +67,7 @@
chromium chromium
google-chrome google-chrome
# programming languages # programming languages
elmPackages.elm
go go
gcc gcc
ghc ghc

View File

@ -79,6 +79,8 @@
jetbrains.goland jetbrains.goland
# document viewer # document viewer
zathura zathura
# xorg
xorg.xbacklight
]; ];
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are

View File

@ -40,6 +40,16 @@
}; };
}; };
} }
{
services.taskserver = {
enable = true;
fqdn = "enklave.r";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "jeschli" ];
};
networking.firewall.allowedTCPPorts = [ 53589 ];
}
]; ];
krebs.build.host = config.krebs.hosts.enklave; krebs.build.host = config.krebs.hosts.enklave;

View File

@ -0,0 +1,10 @@
{
services.taskserver = {
enable = true;
fqdn = "enklave.r";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "jeschli" ];
};
networking.firewall.allowedTCPPorts = [ 53589 ];
}

View File

@ -4,6 +4,7 @@ with import <stockholm/lib>;
imports = [ imports = [
./vim.nix ./vim.nix
./retiolum.nix ./retiolum.nix
./zsh.nix
<stockholm/lass/2configs/security-workarounds.nix> <stockholm/lass/2configs/security-workarounds.nix>
{ {
environment.variables = { environment.variables = {

View File

@ -1,19 +1,23 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
options.jeschliFontSize = mkOption {
type = types.int;
default = 12;
};
config = {
services.urxvtd.enable = true; services.urxvtd.enable = true;
krebs.xresources.enable = true; krebs.xresources.enable = true;
krebs.xresources.resources.urxvt = '' krebs.xresources.resources.urxvt = ''
*foreground: rgb:a8/a8/a8 *foreground: rgb:a8/a8/a8
*background: rgb:00/00/00 *background: rgb:00/00/00
*faceName: DejaVu Sans Mono *faceName: DejaVu Sans Mono
*faceSize: 12 *faceSize: ${toString config.jeschliFontSize}
*color0: rgb:00/00/00 *color0: rgb:00/00/00
*color1: rgb:a8/00/00 *color1: rgb:a8/00/00
*color2: rgb:00/a8/00 *color2: rgb:00/a8/00
*color3: rgb:a8/54/00 *color3: rgb:a8/54/00
*color4: rgb:00/00/a8 *color4: rgb:26/8b/d2
*color5: rgb:a8/00/a8 *color5: rgb:a8/00/a8
*color6: rgb:00/a8/a8 *color6: rgb:00/a8/a8
*color7: rgb:a8/a8/a8 *color7: rgb:a8/a8/a8
@ -28,7 +32,8 @@ with import <stockholm/lib>;
URxvt*scrollBar: false URxvt*scrollBar: false
URxvt*urgentOnBell: true URxvt*urgentOnBell: true
URxvt*font: xft:DejaVu Sans Mono:pixelsize=12 URxvt*font: xft:DejaVu Sans Mono:pixelsize=${toString config.jeschliFontSize}
URXvt*faceSize: 12 URXvt*faceSize: ${toString config.jeschliFontSize}
''; '';
};
} }

View File

@ -27,6 +27,9 @@ in {
name = "vim"; name = "vim";
vimrcConfig.customRC = let vimrcConfig.customRC = let
colorscheme = ''colorscheme molokai''; colorscheme = ''colorscheme molokai'';
highlightTrailingWhiteSpaces = ''
au Syntax * syn match Garbage containedin=ALL /\s\+$/
'';
setStatements = '' setStatements = ''
set autowrite set autowrite
set clipboard=unnamedplus set clipboard=unnamedplus
@ -42,6 +45,7 @@ in {
remapStatements = '' remapStatements = ''
imap jk <Esc> imap jk <Esc>
map gr :GoRun<Enter> " Map gr to execute go run map gr :GoRun<Enter> " Map gr to execute go run
map tt :GoTest<Enter> " Map tt to execute go test
map nf :NERDTreeToggle<CR> map nf :NERDTreeToggle<CR>
nnoremap <C-TAB> <c-w><c-w> nnoremap <C-TAB> <c-w><c-w>
nnoremap <S-TAB> :bnext<CR> nnoremap <S-TAB> :bnext<CR>
@ -74,11 +78,12 @@ in {
''; '';
in '' in ''
${colorscheme} ${colorscheme}
${highlightTrailingWhiteSpaces}
${remapStatements} ${remapStatements}
${setStatements} ${setStatements}
${settingsForElm} ${settingsForElm}
${settingsForGo} ${settingsForGo}
" I dont know what this line is about " dont expand tabs in go files and show it with four whitespaces.
autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
''; '';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;

138
jeschli/2configs/zsh.nix Normal file
View File

@ -0,0 +1,138 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [ pkgs.fzf ];
programs.zsh = {
enable = true;
shellInit = ''
#disable config wizard
zsh-newuser-install() { :; }
'';
interactiveShellInit = ''
setopt autocd extendedglob
bindkey -e
#history magic
bindkey "" up-line-or-local-history
bindkey "" down-line-or-local-history
up-line-or-local-history() {
zle set-local-history 1
zle up-line-or-history
zle set-local-history 0
}
zle -N up-line-or-local-history
down-line-or-local-history() {
zle set-local-history 1
zle down-line-or-history
zle set-local-history 0
}
zle -N down-line-or-local-history
setopt share_history
setopt hist_ignore_dups
# setopt inc_append_history
bindkey '^R' history-incremental-search-backward
#C-x C-e open line in editor
autoload -z edit-command-line
zle -N edit-command-line
bindkey "^X^E" edit-command-line
#fzf inclusion
source ${pkgs.fzf}/share/fzf/completion.zsh
source ${pkgs.fzf}/share/fzf/key-bindings.zsh
#completion magic
autoload -Uz compinit
compinit
zstyle ':completion:*' menu select
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
rev = "master";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
}}/LS_COLORS)
#beautiful colors
alias ls='ls --color'
# zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
bindkey "[7~" beginning-of-line
bindkey "[8~" end-of-line
bindkey "Oc" emacs-forward-word
bindkey "Od" emacs-backward-word
#aliases
alias ll='ls -l'
alias la='ls -la'
#fancy window title magic
'';
promptInit = ''
# TODO: figure out why we need to set this here
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
SAVEHIST=$HISTSIZE
autoload -U promptinit
promptinit
p_error='%(?..%F{red}%?%f )'
t_error='%(?..%? )'
case $UID in
0)
p_username='%F{red}root%f'
t_username='root'
;;
1337)
p_username=""
t_username=""
;;
*)
p_username='%F{blue}%n%f'
t_username='%n'
;;
esac
if test -n "$SSH_CLIENT"; then
p_hostname='@%F{magenta}%M%f '
t_hostname='@%M '
else
p_hostname=""
t_hostname=""
fi
#check if in nix shell
if test -n "$buildInputs"; then
p_nixshell='%F{green}[s]%f '
t_nixshell='[s] '
else
p_nixshell=""
t_nixshell=""
fi
PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ "
TITLE="$t_error$t_username$t_hostname$t_nixshell%~"
case $TERM in
(*xterm* | *rxvt*)
function precmd {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED\007"
}
# This is seen while the shell waits for a command to complete.
function preexec {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
}
;;
esac
'';
};
users.defaultUserShell = "/run/current-system/sw/bin/zsh";
}

View File

@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot" then "buildbot"
else "jeschli"; else "jeschli";
_file = <stockholm> + "/jeschli/1systems/${name}/source.nix"; _file = <stockholm> + "/jeschli/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) [ evalSource (toString _file) [
{ {
@ -17,6 +22,7 @@ in
jeschli = "${getEnv "HOME"}/secrets/${name}"; jeschli = "${getEnv "HOME"}/secrets/${name}";
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
} }
override override
] ]

View File

@ -8,6 +8,7 @@ with import <stockholm/lib>;
krebs.go = { krebs.go = {
enable = true; enable = true;
}; };
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts.go = { virtualHosts.go = {

View File

@ -14,7 +14,6 @@ with import <stockholm/lib>;
boot = { boot = {
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
kernelParams = [ "acpi_backlight=none" ]; kernelParams = [ "acpi_backlight=none" ];
}; };

View File

@ -233,6 +233,7 @@ let
"github.com" "github.com"
# List generated with # List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
"192.30.252.*"
"192.30.253.*" "192.30.253.*"
"192.30.254.*" "192.30.254.*"
"192.30.255.*" "192.30.255.*"
@ -240,9 +241,12 @@ let
"185.199.109.*" "185.199.109.*"
"185.199.110.*" "185.199.110.*"
"185.199.111.*" "185.199.111.*"
"18.195.85.27" "13.229.188.59"
"13.250.177.223"
"18.194.104.89" "18.194.104.89"
"18.195.85.27"
"35.159.8.160" "35.159.8.160"
"52.74.223.119"
]; ];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
}; };

View File

@ -551,6 +551,32 @@ with import <stockholm/lib>;
}; };
}; };
}; };
dpdkm = {
ci = false;
external = true;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
ip6.addr = "42:4992:6a6d:900::1";
aliases = [ "dpdkm.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
xerxes = { xerxes = {
cores = 2; cores = 2;
nets = rec { nets = rec {
@ -624,6 +650,10 @@ with import <stockholm/lib>;
mail = "lass@xerxes.r"; mail = "lass@xerxes.r";
pubkey = builtins.readFile ./ssh/xerxes.rsa; pubkey = builtins.readFile ./ssh/xerxes.rsa;
}; };
lass-daedalus = {
mail = "lass@daedalus.r";
pubkey = builtins.readFile ./ssh/daedalus.rsa;
};
fritz = { fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
}; };

View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgF3311cZ/JV7lOzo/Crmy6pi0oBYu5klbTb8lU/Yic55XVRyYFtm+KGrNvqkcFgOx803aS7jogJ1N6HCdUAaEl5MzlkOX++h97ihZ/NeQZKDjYEEQYl4ElmIbCRiddpDm0HVX1OGSCtUzhlyDHJ8ieMCb+QVNrpwovlQnp53c/+Z6rGSZWgBMrzP7stlw+XjC1Alhi1M5L+bJfroa7cEcF+J5ZN+J2mWSmkPiQ6+iuk9zRkc5ELO1Vz4MsLoeKwbJrz+uuNVsY7u070pHtsLwbAsYU5vOWJeN/vtEwy51SY/so30FowvivTD9jIJ0xcmAdC56XjWaxttKuqUVBjJqhwqsUI6+AxLESekFXzkfghmG+AJPPkb2pvpVF3k0Ivn14bFBuFv0T2qPHq68Fs19WLTZn+dK3V+RfVkI6bEZaMOUezyBv59yFEY42wMISPw53jkaWqKIxyGCBECi3XlbeQ61FkwE9TElSY+NmoeMu6jPWw7XGDY4Jt6mtKiYu3hVqI5pg4hq3bxB8r2W7LnkDiYfArbzwmrc2zAmgJtY60/Pcwq7hP3LSDEuDDc4gYgpkLNwHjs+CLWqpbQffCFv+oOZj8G92if+dMBOUSBCr6FDqH6wLxZp2cfhud0p/0kLz09nv/PcRohOHdaQSEW7OAhJ5kgg3DuxhwUwOf/3UX5iLvm4WwE/mb7Iki4U3AENKHUWQ7TOrXcQq9AJX57e9CTI+N4phtzp9qur8vjVl2OpYl2Qb/0yQSGM+4wQ/nM4acePMk80oXLb3OJBlPp0CswzoI7kFBD0TUOnFTCkrJWPaZhgjQXyvCzgFKAvXgqWy4riczqLhdBAhc1vT3a18HsqKXE3mhJa6Kjl6r/ZQaDl2zw7uLmWTHhGuUI9w487L36extGuC3Tv8zEvu2UHqhdEcaSDzRQYcv1kRobfhTWjzFHzdA97Kkc+HuFfJk3MzchsjCxqIuDP4r5YauMBMHAIsUlP7Ar/t29WreAGJbCCd2oulkFL+P+8Sp6SksMMhKQvuRcj74n6BETfailv64z2FjT+qzkCsr/gzvWD08EJRZUCpidX2WfMoL396nBf+EgwhFykqoFg2jlJJ7Vggod8CSHUSeBkslhNk/tkv4y+NnsAIgNluVZlxIeKj1UgazohSNQVRHozs2lkuK0Ytl4TsFrE0X3ar7LpwEVvCLj3eh2kg4kNKNN/vOwWxvMlF9uCBq5FUHaBCst/OXeigjfGZ0ZK5iHsZN+R/iIlG+3V3VN1Rm29aPJPSuAgwl/lfPUfUP5c8QiwnDgdHqMi7VcuCpEtcTLjqDHBssqosRTLodcIZY6qLepm5kQgJ2FfcTPi+ZwT3Z/IFH6p/H7NeVbb8rVYeF/zqDJiWbI+gDy0xFnGgOLpFSBdHq679FjtjZk7Exgz3rVD+QsoSB8VYVOSqpHB1LQyQ2qBry+33CNpxlX5GaaLx5sbEKEguaJ+9R7Mbf8zQMa8EAXhqoT96kIj66IEk= lass@daedalus

View File

@ -1 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgEuFS5MwYQRF+0MKAQvyv6O+0ky0QnOKGMVZgFXE4g2JrByTCXQAeQmyJquM1wl9IRD63res8ZguMoAz2PkHfNbRSSsR7pH/G3DaJRl0VGf14zO3bjBbogQ45j1Bwxi78h44SDmuBAkp0t76ca16kWGhwEVt03+8sqmbLV90RjHZlrFw2sDgTu35SDz1q/ZzkdyFP3xSIBUnsQD64qRLMx64yLcBp0uu2h7gBBCVyA1T+VR3Nc1yIOyv0nUaqEHz+CDATtFlgGTgT6cCXoIPN0QAuIa3pDxt7htD/POsWuFbpbqrBQVcgun5s3J5X0OmNyoqGqqubcycvuYipZUjBCxyTb7RxCqj2oR8alSaeGZm64I0VSGX/iSCtXKaEJqBbxwNUgDH6B2oUeZbRwgPl/SG8vBku1oKzt/36IBoY8HttcosqLkfTquyyO7KVtOBu04geCmmiqJpSV4j5iYMxvrD0AQ3JJmrcbzUYoCGxlYO19TPsa+Ybhn/E8suach75+DIPj5LacYAh9Wjirw67Kg5QyYEt8XGTR2xxF78CFi0JGBRcyorPfFPLznmVntqJLe6dGNL3njgdD0Ocz8V5ktk1pjY5D2nG8GXfd45NQl2QjTLYnYX4dGuudBXth0nEJMv/MRHZrXVViIqwazdq4mA5z1Yu4Tb3l17d2cAZobzdut6JuZbd7itXAPIiY0vEWXr8lpEuE8Uz9mz8aPxZlhmHSXvNcwhq+i2+cFO8OPwUGbnE2cAHpymlQ3aDRgpptAIMU2LjIAblqsvA72asJpuRqu7ZOoy0vVRCOhktIzZXWR9hF5/CM/7NZ5skvHzYlmgkvnuu4jDDGusF32Zyiip0WJg+Iijqe8VpOqCup5UEF5QG32yQwaZDrKd71hq7Z1xNe0vEPN8yCxpes8hWafYY9m8YRrUduDVlOon7SzmdU76RPn2oF6udCGP7A/hEeRiwrDaRuIwchh99Xw3LioxXNzLYB1aXd+yKuZyhW+witC20ISdyZz7JPIrb49JCGH8FtbcDzD1B8Xd1By34POfhxriSr9UG5Hj9LGbA3/aKMOajZdcbrKXorUrKdhAuZv1z4rjW5iwYgXF2G/nseeCOw+DPEcB3GexsyCTUzSjJ6fy3Aqlzppwttx5MfkbNhPZWRCfDX3i0g8e0aFlgvlj99aGgUQeEpYg8peZhe1lxl25Ftc0R7pYmXPDeCY1yWxZiXZ3YtVVr43c/FEaQHXfkZ2I+t5lG6CmgJhhYjUry5Sx4/NgfBvpmU22cIBWNmyTn9q3gDFmeoIiTwlF654K7NnsWrdKr2L2fGI10Xe/J/GYkkzX39e5bToQPXh23gUfIr7faYEPBsVU/SaEkWNHojzf/NKjPT0utvlFr0HqnFYSdk4wpWzcrhii7E/UhgKvpA/k2Vlj4ZhkejfZXQWxRbJzejkVSJcUGim+Dt1WUZJXVOgEkJ3WA6z+ha2FN2sBDdvRKlad55aelvRrbu3/vPzEuE= lass@icarus

View File

@ -503,6 +503,7 @@ with import <stockholm/lib>;
# ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; # ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [ aliases = [
"wbob.r" "wbob.r"
"hydra.wbob.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -1038,6 +1039,10 @@ with import <stockholm/lib>;
inherit (makefu) mail pgp; inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
}; };
makefu-remote-builder = {
inherit (makefu) mail pgp;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild";
};
makefu-bob = { makefu-bob = {
inherit (makefu) mail pgp; inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";

View File

@ -5,7 +5,11 @@ let
nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})";
nixos-pretty-name = "NixOS ${nixos-version}"; nixos-pretty-name = "NixOS ${nixos-version}";
stockholm-version-id = maybeEnv "STOCKHOLM_VERSION" "unknown"; stockholm-version-id = let
eval = tryEval (removeSuffix "\n" (readFile <stockholm-version>));
in
if eval.success then eval.value else "unknown";
stockholm-version = "${stockholm-version-id}"; stockholm-version = "${stockholm-version-id}";
stockholm-pretty-name = "stockholm ${stockholm-version}"; stockholm-pretty-name = "stockholm ${stockholm-version}";

View File

@ -18,10 +18,10 @@ let
type = types.attrsOf (types.submodule ({ config, ... }: { type = types.attrsOf (types.submodule ({ config, ... }: {
options = { options = {
origin = mkOption { origin = mkOption {
type = types.git-source; type = types.source-types.git;
}; };
mirror = mkOption { mirror = mkOption {
type = types.git-source; type = types.source-types.git;
}; };
}; };
config = { config = {
@ -31,7 +31,7 @@ let
})); }));
}; };
latest = mkOption { latest = mkOption {
type = types.nullOr types.git-source; type = types.nullOr types.source-types.git;
default = null; default = null;
}; };
timerConfig = mkOption { timerConfig = mkOption {

View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, makeDesktopItem { stdenv, fetchurl
, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm , jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm
, openjdk , openjdk
, mesa, openal , mesa, openal
@ -7,23 +7,12 @@ with stdenv.lib;
assert useAlsa -> alsaOss != null; assert useAlsa -> alsaOss != null;
let stdenv.mkDerivation {
desktopItem = makeDesktopItem {
name = "minecraft";
exec = "minecraft";
icon = "minecraft";
comment = "A sandbox-building game";
desktopName = "Minecraft";
genericName = "minecraft";
categories = "Game;";
};
in stdenv.mkDerivation {
name = "ftb"; name = "ftb";
src = fetchurl { src = fetchurl {
url = "http://ftb.cursecdn.com/FTB2/launcher/FTB_Launcher.jar"; url = "http://ftb.cursecdn.com/FTB2/launcher/FTB_Launcher.jar";
sha256 = "10ga4jgyfsj5dy4rj2rla0fpnfpnxv8r3bmxpqpwn7fsry4il79v"; sha256 = "0pyh83hhni97ryvz6yy8lyiagjrlx67cwr780s2bja92rxc1sqpj";
}; };
phases = "installPhase"; phases = "installPhase";
@ -36,6 +25,7 @@ in stdenv.mkDerivation {
cat > $out/bin/ftb << EOF cat > $out/bin/ftb << EOF
#!${stdenv.shell} #!${stdenv.shell}
export _JAVA_AWT_WM_NONREPARENTING=1
export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]} export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]}
${if useAlsa then "${alsaOss}/bin/aoss" else "" } \ ${if useAlsa then "${alsaOss}/bin/aoss" else "" } \
${jre}/bin/java -jar $out/ftb.jar ${jre}/bin/java -jar $out/ftb.jar
@ -43,9 +33,6 @@ in stdenv.mkDerivation {
chmod +x $out/bin/ftb chmod +x $out/bin/ftb
mkdir -p $out/share/applications
ln -s ${desktopItem}/share/applications/* $out/share/applications/
${openjdk}/bin/jar xf $out/ftb.jar favicon.png ${openjdk}/bin/jar xf $out/ftb.jar favicon.png
''; '';
} }

View File

@ -16,12 +16,12 @@ in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "populate"; name = "populate";
version = "2.1.0"; version = "2.3.0";
src = fetchgit { src = fetchgit {
url = http://cgit.ni.krebsco.de/populate; url = http://cgit.ni.krebsco.de/populate;
rev = "refs/tags/v${version}"; rev = "refs/tags/v${version}";
sha256 = "0cr50y6h6nps0qgpmi01h0z9wzpv2704y5zgx2salk1grkmvcfmh"; sha256 = "05zr132k1s3a1cc879lvhb83hax7dbfmsbrnxmh7dxjcdg3yhxd7";
}; };
phases = [ phases = [

View File

@ -216,7 +216,6 @@
init.env = pkgs.writeText "init.env" /* sh */ '' init.env = pkgs.writeText "init.env" /* sh */ ''
export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${cmds.get-version})}"
export quiet export quiet
export system export system
@ -251,7 +250,6 @@
"$target_user@$target_host" -p "$target_port" \ "$target_user@$target_host" -p "$target_port" \
cd "$target_path/stockholm" \; \ cd "$target_path/stockholm" \; \
NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \ NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \
STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \
nix-shell --run "$(${pkgs.quote}/bin/quote " nix-shell --run "$(${pkgs.quote}/bin/quote "
${lib.concatStringsSep " " (lib.mapAttrsToList ${lib.concatStringsSep " " (lib.mapAttrsToList
(name: opt: /* sh */ (name: opt: /* sh */

View File

@ -2,13 +2,13 @@
python3Packages.buildPythonApplication rec { python3Packages.buildPythonApplication rec {
name = "urlwatch-${version}"; name = "urlwatch-${version}";
version = "2.7"; version = "2.8";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "thp"; owner = "thp";
repo = "urlwatch"; repo = "urlwatch";
rev = version; rev = version;
sha256 = "0fx964z73yv08b1lpymmjsigf6929zx9ax5bp34rcf2c5gk11l5m"; sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4";
}; };
propagatedBuildInputs = with python3Packages; [ propagatedBuildInputs = with python3Packages; [

View File

@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot" then "buildbot"
else "krebs"; else "krebs";
_file = <stockholm> + "/krebs/1systems/${name}/source.nix"; _file = <stockholm> + "/krebs/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) [ evalSource (toString _file) [
{ {
@ -16,9 +21,10 @@ in
}; };
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs.git = { nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs; url = https://github.com/NixOS/nixpkgs;
ref = "b222a0713f4a689519686421b3fbf5ca0c9bd3da"; # nixos-17.09 @ 2018-01-23 ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27
}; };
} }
override override

View File

@ -16,6 +16,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/virtualbox.nix> <stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix> <stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
{ # automatic hardware detection { # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
@ -144,16 +145,39 @@ with import <stockholm/lib>;
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
(pkgs.writeText "minio.cert" ''
-----BEGIN CERTIFICATE-----
MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
-----END CERTIFICATE-----
'')
]; ];
lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
programs.adb.enable = true; programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ]; users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
services.printing.drivers = [ pkgs.postscript-lexmark ]; services.printing.drivers = [ pkgs.postscript-lexmark ];
services.logind.extraConfig = '' services.logind.extraConfig = ''
HandleLidSwitch=ignore HandleLidSwitch=ignore
''; '';
virtualisation.docker.enable = true;
} }

View File

@ -31,6 +31,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/c-base.nix> <stockholm/lass/2configs/c-base.nix>
<stockholm/lass/2configs/br.nix> <stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/ableton.nix> <stockholm/lass/2configs/ableton.nix>
<stockholm/lass/2configs/dunst.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
{ {
#risk of rain port #risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
@ -89,6 +91,10 @@ with import <stockholm/lib>;
fsType = "btrfs"; fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"]; options = ["defaults" "noatime" "ssd" "compress=lzo"];
}; };
"/home/virtual" = {
device = "/dev/mapper/pool-virtual";
fsType = "ext4";
};
}; };
services.udev.extraRules = '' services.udev.extraRules = ''
@ -176,7 +182,7 @@ with import <stockholm/lib>;
echo 'secrets are crypted' >&2 echo 'secrets are crypted' >&2
exit 23 exit 23
else else
exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
fi fi
''; '';
predeploy = pkgs.writeDash "predeploy" '' predeploy = pkgs.writeDash "predeploy" ''
@ -194,5 +200,6 @@ with import <stockholm/lib>;
nix.package = pkgs.nixUnstable; nix.package = pkgs.nixUnstable;
programs.adb.enable = true; programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ]; users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
} }

View File

@ -292,11 +292,22 @@ in {
<stockholm/krebs/2configs/reaktor-krebs.nix> <stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix> <stockholm/lass/2configs/dcso-dev.nix>
{ {
users.users.jeschli = {
uid = genid "jeschli";
isNormalUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey
jeschli-bln.pubkey
jeschli-bolide.pubkey
jeschli-brauerei.pubkey
];
};
krebs.git.rules = [ krebs.git.rules = [
{ {
user = with config.krebs.users; [ user = with config.krebs.users; [
jeschli jeschli
jeschli-bln jeschli-bln
jeschli-bolide
jeschli-brauerei jeschli-brauerei
]; ];
repo = [ config.krebs.git.repos.stockholm ]; repo = [ config.krebs.git.repos.stockholm ];
@ -313,6 +324,18 @@ in {
} }
<stockholm/lass/2configs/downloading.nix> <stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix> <stockholm/lass/2configs/minecraft.nix>
{
services.taskserver = {
enable = true;
fqdn = "lassul.us";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "lass" "android" ];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
];
}
]; ];
krebs.build.host = config.krebs.hosts.prism; krebs.build.host = config.krebs.hosts.prism;

View File

@ -61,4 +61,8 @@ with import <stockholm/lib>;
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
''; '';
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
} }

View File

@ -41,6 +41,7 @@ in {
lass-shodan.pubkey lass-shodan.pubkey
lass-icarus.pubkey lass-icarus.pubkey
lass-android.pubkey lass-android.pubkey
lass-helios.pubkey
]; ];
}; };

View File

@ -2,6 +2,7 @@
with import <stockholm/lib>; with import <stockholm/lib>;
let let
user = config.krebs.build.user; user = config.krebs.build.user;
xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; };
in { in {
imports = [ imports = [
./mpv.nix ./mpv.nix
@ -10,6 +11,7 @@ in {
./livestream.nix ./livestream.nix
./dns-stuff.nix ./dns-stuff.nix
./urxvt.nix ./urxvt.nix
./network-manager.nix
{ {
hardware.pulseaudio = { hardware.pulseaudio = {
enable = true; enable = true;
@ -83,7 +85,6 @@ in {
powertop powertop
push push
rxvt_unicode_with-plugins rxvt_unicode_with-plugins
screengrab
slock slock
sxiv sxiv
timewarrior timewarrior
@ -98,6 +99,7 @@ in {
zathura zathura
cabal2nix cabal2nix
xephyrify
]; ];
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs; [
@ -121,13 +123,13 @@ in {
name = "xmonad"; name = "xmonad";
start = '' start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: ${pkgs.xorg.xhost}/bin/xhost +LOCAL:
${pkgs.coreutils}/bin/sleep infinity ${pkgs.systemd}/bin/systemctl --user start xmonad
exec ${pkgs.coreutils}/bin/sleep infinity
''; '';
}]; }];
}; };
systemd.user.services.xmonad = { systemd.user.services.xmonad = {
wantedBy = [ "graphical-session.target" ];
environment = { environment = {
DISPLAY = ":${toString config.services.xserver.display}"; DISPLAY = ":${toString config.services.xserver.display}";
RXVT_SOCKET = "%t/urxvtd-socket"; RXVT_SOCKET = "%t/urxvtd-socket";
@ -135,8 +137,8 @@ in {
}; };
serviceConfig = { serviceConfig = {
SyslogIdentifier = "xmonad"; SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; ExecStart = "${xmonad-lass}/bin/xmonad";
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; ExecStop = "${xmonad-lass}/bin/xmonad --shutdown";
}; };
restartIfChanged = false; restartIfChanged = false;
}; };

View File

@ -17,6 +17,7 @@ in {
config.krebs.users.lass.pubkey config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey config.krebs.users.lass-android.pubkey
config.krebs.users.jeschli-bln.pubkey config.krebs.users.jeschli-bln.pubkey
config.krebs.users.jeschli-brauerei.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB"
]; ];
@ -44,6 +45,11 @@ in {
}; };
}; };
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT";}
{ predicate = "-p tcp --dport 9000"; target = "ACCEPT";}
];
krebs.per-user.dev.packages = [ krebs.per-user.dev.packages = [
pkgs.go pkgs.go
]; ];
@ -51,4 +57,6 @@ in {
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL ${mainUser.name} ALL=(dev) NOPASSWD: ALL
''; '';
services.minio.enable = true;
} }

View File

@ -16,6 +16,8 @@ with import <stockholm/lib>;
lass.pubkey lass.pubkey
lass-shodan.pubkey lass-shodan.pubkey
lass-icarus.pubkey lass-icarus.pubkey
lass-daedalus.pubkey
lass-helios.pubkey
makefu.pubkey makefu.pubkey
wine-mors.pubkey wine-mors.pubkey
]; ];

277
lass/2configs/dunst.nix Normal file
View File

@ -0,0 +1,277 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
dunstConfig = pkgs.writeText "dunst-config" ''
[global]
font = Iosevka Term 11
# Allow a small subset of html markup:
# <b>bold</b>
# <i>italic</i>
# <s>strikethrough</s>
# <u>underline</u>
#
# For a complete reference see
# <http://developer.gnome.org/pango/stable/PangoMarkupFormat.html>.
# If markup is not allowed, those tags will be stripped out of the
# message.
markup = yes
plain_text = no
# The format of the message. Possible variables are:
# %a appname
# %s summary
# %b body
# %i iconname (including its path)
# %I iconname (without its path)
# %p progress value if set ([ 0%] to [100%]) or nothing
# Markup is allowed
format = "%a\n<b>%s</b>\n%b"
# Sort messages by urgency.
sort = yes
# Show how many messages are currently hidden (because of geometry).
indicate_hidden = yes
# Alignment of message text.
# Possible values are "left", "center" and "right".
alignment = center
# The frequency with wich text that is longer than the notification
# window allows bounces back and forth.
# This option conflicts with "word_wrap".
# Set to 0 to disable.
bounce_freq = 0
# Show age of message if message is older than show_age_threshold
# seconds.
# Set to -1 to disable.
show_age_threshold = 1
# Split notifications into multiple lines if they don't fit into
# geometry.
word_wrap = yes
# Ignore newlines '\n' in notifications.
ignore_newline = no
# Hide duplicate's count and stack them
stack_duplicates = yes
hide_duplicates_count = no
# The geometry of the window:
# [{width}]x{height}[+/-{x}+/-{y}]
# The geometry of the message window.
# The height is measured in number of notifications everything else
# in pixels. If the width is omitted but the height is given
# ("-geometry x2"), the message window expands over the whole screen
# (dmenu-like). If width is 0, the window expands to the longest
# message displayed. A positive x is measured from the left, a
# negative from the right side of the screen. Y is measured from
# the top and down respectevly.
# The width can be negative. In this case the actual width is the
# screen width minus the width defined in within the geometry option.
geometry = "500x10-0+0"
# Shrink window if it's smaller than the width. Will be ignored if
# width is 0.
shrink = no
# The transparency of the window. Range: [0; 100].
# This option will only work if a compositing windowmanager is
# present (e.g. xcompmgr, compiz, etc.).
# transparency = 5
# Don't remove messages, if the user is idle (no mouse or keyboard input)
# for longer than idle_threshold seconds.
# Set to 0 to disable.
idle_threshold = 0
# Which monitor should the notifications be displayed on.
monitor = keyboard
# Display notification on focused monitor. Possible modes are:
# mouse: follow mouse pointer
# keyboard: follow window with keyboard focus
# none: don't follow anything
#
# "keyboard" needs a windowmanager that exports the
# _NET_ACTIVE_WINDOW property.
# This should be the case for almost all modern windowmanagers.
#
# If this option is set to mouse or keyboard, the monitor option
# will be ignored.
follow = none
# Should a notification popped up from history be sticky or timeout
# as if it would normally do.
sticky_history = yes
# Maximum amount of notifications kept in history
history_length = 15
# Display indicators for URLs (U) and actions (A).
show_indicators = no
# The height of a single line. If the height is smaller than the
# font height, it will get raised to the font height.
# This adds empty space above and under the text.
line_height = 3
# Draw a line of "separatpr_height" pixel height between two
# notifications.
# Set to 0 to disable.
separator_height = 1
# Padding between text and separator.
padding = 1
# Horizontal padding.
horizontal_padding = 1
# Define a color for the separator.
# possible values are:
# * auto: dunst tries to find a color fitting to the background;
# * foreground: use the same color as the foreground;
# * frame: use the same color as the frame;
# * anything else will be interpreted as a X color.
separator_color = frame
# Print a notification on startup.
# This is mainly for error detection, since dbus (re-)starts dunst
# automatically after a crash.
startup_notification = true
# dmenu path.
dmenu = ${pkgs.dmenu}/bin/dmenu -p dunst:
# Browser for opening urls in context menu.
browser = /usr/bin/firefox -new-tab
# Align icons left/right/off
icon_position = off
max_icon_size = 80
# Paths to default icons.
icon_folders = /usr/share/icons/Paper/16x16/mimetypes/:/usr/share/icons/Paper/48x48/status/:/usr/share/icons/Paper/16x16/devices/:/usr/share/icons/Paper/48x48/notifications/:/usr/share/icons/Paper/48x48/emblems/
frame_width = 2
frame_color = "#8EC07C"
[shortcuts]
# Shortcuts are specified as [modifier+][modifier+]...key
# Available modifiers are "ctrl", "mod1" (the alt-key), "mod2",
# "mod3" and "mod4" (windows-key).
# Xev might be helpful to find names for keys.
# Close notification.
close = ctrl+space
# Close all notifications.
close_all = ctrl+shift+space
# Redisplay last message(s).
# On the US keyboard layout "grave" is normally above TAB and left
# of "1".
history = ctrl+grave
# Context menu.
context = mod4+u
[urgency_low]
# IMPORTANT: colors have to be defined in quotation marks.
# Otherwise the "#" and following would be interpreted as a comment.
frame_color = "#3B7C87"
foreground = "#3B7C87"
background = "#191311"
#background = "#2B313C"
timeout = 0
[urgency_normal]
frame_color = "#5B8234"
foreground = "#5B8234"
background = "#191311"
#background = "#2B313C"
timeout = 0
[urgency_critical]
frame_color = "#B7472A"
foreground = "#B7472A"
background = "#191311"
#background = "#2B313C"
timeout = 0
# Every section that isn't one of the above is interpreted as a rules to
# override settings for certain messages.
# Messages can be matched by "appname", "summary", "body", "icon", "category",
# "msg_urgency" and you can override the "timeout", "urgency", "foreground",
# "background", "new_icon" and "format".
# Shell-like globbing will get expanded.
#
# SCRIPTING
# You can specify a script that gets run when the rule matches by
# setting the "script" option.
# The script will be called as follows:
# script appname summary body icon urgency
# where urgency can be "LOW", "NORMAL" or "CRITICAL".
#
# NOTE: if you don't want a notification to be displayed, set the format
# to "".
# NOTE: It might be helpful to run dunst -print in a terminal in order
# to find fitting options for rules.
#[espeak]
# summary = "*"
# script = dunst_espeak.sh
#[script-test]
# summary = "*script*"
# script = dunst_test.sh
#[ignore]
# # This notification will not be displayed
# summary = "foobar"
# format = ""
#[signed_on]
# appname = Pidgin
# summary = "*signed on*"
# urgency = low
#
#[signed_off]
# appname = Pidgin
# summary = *signed off*
# urgency = low
#
#[says]
# appname = Pidgin
# summary = *says*
# urgency = critical
#
#[twitter]
# appname = Pidgin
# summary = *twitter.com*
# urgency = normal
#
# vim: ft=cfg
'';
in {
systemd.user.services.dunst = {
wantedBy = [ "graphical-session.target" ];
requires = [ "xmonad.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
serviceConfig = {
SyslogIdentifier = "dunst";
ExecStart = "${pkgs.dunst}/bin/dunst -conf ${dunstConfig}";
Restart = "always";
RestartSec = "15s";
StartLimitBurst = 0;
};
};
}

View File

@ -11,7 +11,6 @@ with import <stockholm/lib>;
primary_hostname = "lassul.us"; primary_hostname = "lassul.us";
sender_domains = [ sender_domains = [
"lassul.us" "lassul.us"
"aidsballs.de"
]; ];
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors config.krebs.hosts.mors
@ -59,6 +58,26 @@ with import <stockholm/lib>;
{ from = "coinexchange@lassul.us"; to = lass.mail; } { from = "coinexchange@lassul.us"; to = lass.mail; }
{ from = "verwaltung@lassul.us"; to = lass.mail; } { from = "verwaltung@lassul.us"; to = lass.mail; }
{ from = "gearbest@lassul.us"; to = lass.mail; } { from = "gearbest@lassul.us"; to = lass.mail; }
{ from = "binance@lassul.us"; to = lass.mail; }
{ from = "bitfinex@lassul.us"; to = lass.mail; }
{ from = "alternate@lassul.us"; to = lass.mail; }
{ from = "redacted@lassul.us"; to = lass.mail; }
{ from = "mytaxi@lassul.us"; to = lass.mail; }
{ from = "pizza@lassul.us"; to = lass.mail; }
{ from = "robinhood@lassul.us"; to = lass.mail; }
{ from = "drivenow@lassul.us"; to = lass.mail; }
{ from = "aws@lassul.us"; to = lass.mail; }
{ from = "reddit@lassul.us"; to = lass.mail; }
{ from = "banggood@lassul.us"; to = lass.mail; }
{ from = "immoscout@lassul.us"; to = lass.mail; }
{ from = "gmail@lassul.us"; to = lass.mail; }
{ from = "amazon@lassul.us"; to = lass.mail; }
{ from = "humblebundle@lassul.us"; to = lass.mail; }
{ from = "meetup@lassul.us"; to = lass.mail; }
{ from = "gebfrei@lassul.us"; to = lass.mail; }
{ from = "github@lassul.us"; to = lass.mail; }
{ from = "ovh@lassul.us"; to = lass.mail; }
{ from = "hetzner@lassul.us"; to = lass.mail; }
]; ];
system-aliases = [ system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; } { from = "mailer-daemon"; to = "postmaster"; }

View File

@ -10,9 +10,13 @@ let
echelon = "197"; echelon = "197";
cloudkrebs = "119"; cloudkrebs = "119";
}; };
urgent = [
"\\blass@mors\\b"
];
in { in {
environment.systemPackages = [ environment.systemPackages = [
(pkgs.writeDashBin "logf" '' (pkgs.writeDashBin "logf" ''
export LOGF_URGENT=${pkgs.writeJSON "urgent" urgent}
export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors} export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors}
${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)} ${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)}
'') '')

View File

@ -21,13 +21,46 @@ let
''; '';
mailboxes = { mailboxes = {
wireguard = [ "wireguard@lists.zx2c4" ]; c-base = [ "to:c-base.org" ];
c-base = [ "c-base.org" ]; coins = [
security = [ "seclists.org" "security" "bugtraq" ]; "to:btce@lassul.us"
nix-devel = [ "nix-devel@googlegroups.com" ]; "to:coinbase@lassul.us"
shack = [ "shackspace.de" ]; "to:polo@lassul.us"
"to:bitwala@lassul.us"
"to:payeer@lassul.us"
"to:gatehub@lassul.us"
"to:bitfinex@lassul.us"
"to:binance@lassul.us"
"to:bitcoin.de@lassul.us"
"to:robinhood@lassul.us"
];
dezentrale = [ "to:dezentrale.space" ];
dhl = [ "to:dhl@lassul.us" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
nix-devel = [ "to:nix-devel@googlegroups.com" ];
patreon = [ "to:patreon@lassul.us" ];
paypal = [ "to:paypal@lassul.us" ];
ptl = [ "to:ptl@posttenebraslab.ch" ];
retiolum = [ "to:lass@mors.r" ];
security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ];
shack = [ "to:shackspace.de" ];
steam = [ "to:steam@lassul.us" ];
tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ];
wireguard = [ "to:wireguard@lists.zx2c4" ];
zzz = [ "to:pizza@lassul.us" "to:spam@krebsco.de" ];
}; };
tag-new-mails = pkgs.writeDashBin "nm-tag-init" ''
${pkgs.notmuch}/bin/notmuch new
${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
'';
tag-old-mails = pkgs.writeDashBin "nm-tag-old" ''
${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
'';
muttrc = pkgs.writeText "muttrc" '' muttrc = pkgs.writeText "muttrc" ''
# gpg # gpg
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
@ -80,16 +113,15 @@ let
# V # V
''} %r |" ''} %r |"
virtual-mailboxes \ virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
"Unread" "notmuch://?query=tag:unread"\ virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
"INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\ ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)}
${concatMapStringsSep "\n" (i: ''${" "}"${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)} virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
"BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\ virtual-mailboxes "Starred" "notmuch://?query=tag:*"
"TODO" "notmuch://?query=tag:TODO"\ virtual-mailboxes "Archive" "notmuch://?query=tag:archive"
"Starred" "notmuch://?query=tag:*"\ virtual-mailboxes "Sent" "notmuch://?query=tag:sent"
"Archive" "notmuch://?query=tag:archive"\ virtual-mailboxes "Junk" "notmuch://?query=tag:junk"
"Sent" "notmuch://?query=tag:sent"\ virtual-mailboxes "All" "notmuch://?query=*"
"Junk" "notmuch://?query=tag:junk"
tag-transforms "junk" "k" \ tag-transforms "junk" "k" \
"unread" "u" \ "unread" "u" \
@ -163,5 +195,7 @@ in {
mutt mutt
pkgs.much pkgs.much
pkgs.notmuch pkgs.notmuch
tag-new-mails
tag-old-mails
]; ];
} }

View File

@ -17,5 +17,6 @@
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 25565"; target = "ACCEPT"; } { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; } { predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
]; ];
} }

View File

@ -0,0 +1,24 @@
{ pkgs, lib, ... }:
{
networking.wireless.enable = lib.mkForce false;
systemd.services.modemmanager = {
description = "ModemManager";
after = [ "network-manager.service" ];
bindsTo = [ "network-manager.service" ];
wantedBy = [ "network-manager.service" ];
serviceConfig = {
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
PrivateTmp = true;
Restart = "always";
RestartSec = "5";
};
};
networking.networkmanager.enable = true;
users.users.mainUser = {
extraGroups = [ "networkmanager" ];
packages = with pkgs; [
gnome3.gnome_keyring gnome3.dconf
];
};
}

View File

@ -0,0 +1,6 @@
{
boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ];
services.udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="adm", MODE="0666", SYMLINK+="rtl_sdr"
'';
}

View File

@ -6,6 +6,9 @@ let
environment.systemPackages = [ environment.systemPackages = [
(hiPrio vim) (hiPrio vim)
pkgs.python35Packages.flake8 pkgs.python35Packages.flake8
(pkgs.writeDashBin "govet" ''
go vet "$@"
'')
]; ];
environment.etc.vimrc.source = vimrc; environment.etc.vimrc.source = vimrc;
@ -68,6 +71,9 @@ let
let g:syntastic_python_checkers=['flake8'] let g:syntastic_python_checkers=['flake8']
let g:syntastic_python_flake8_post_args='--ignore=E501' let g:syntastic_python_flake8_post_args='--ignore=E501'
let g:go_metalinter_autosave = 1
let g:go_metalinter_deadline = "10s"
nmap <esc>q :buffer nmap <esc>q :buffer
nmap <M-q> :buffer nmap <M-q> :buffer

View File

@ -32,7 +32,6 @@ rec {
let let
domain = head domains; domain = head domains;
in { in {
services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true; enableACME = true;
enableSSL = true; enableSSL = true;

View File

@ -19,23 +19,8 @@ in {
pkgs.wine pkgs.wine
]; ];
}; };
wine64 = {
name = "wine64";
description = "user for running wine in 64bit";
home = "/home/wine64";
useDefaultShell = true;
extraGroups = [
"audio"
"video"
];
createHome = true;
packages = [
(pkgs.wine.override { wineBuild = "wineWow"; })
];
};
}; };
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${mainUser.name} ALL=(wine) NOPASSWD: ALL ${mainUser.name} ALL=(wine) NOPASSWD: ALL
${mainUser.name} ALL=(wine64) NOPASSWD: ALL
''; '';
} }

View File

@ -50,16 +50,15 @@
#enable automatic rehashing of $PATH #enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true zstyle ':completion:*' rehash true
#beautiful colors
eval $(dircolors -b ${pkgs.fetchFromGitHub { eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r"; owner = "trapd00r";
repo = "LS_COLORS"; repo = "LS_COLORS";
rev = "master"; rev = "master";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
}}/LS_COLORS) }}/LS_COLORS)
#beautiful colors
alias ls='ls --color' alias ls='ls --color'
# zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings #emacs bindings
bindkey "[7~" beginning-of-line bindkey "[7~" beginning-of-line
@ -109,7 +108,7 @@
fi fi
#check if in nix shell #check if in nix shell
if test -n "$buildInputs"; then if test -n "$IN_NIX_SHELL"; then
p_nixshell='%F{green}[s]%f ' p_nixshell='%F{green}[s]%f '
t_nixshell='[s] ' t_nixshell='[s] '
else else

View File

@ -33,6 +33,11 @@ let
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: & ${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${xcfg.displayManager.sessionCommands} ${xcfg.displayManager.sessionCommands}
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
fi
export DBUS_SESSION_BUS_ADDRESS
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
wait wait
''; '';
@ -74,6 +79,7 @@ let
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}") (optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
]; ];
User = user.name;
}; };
}; };
krebs.xresources.resources.dpi = '' krebs.xresources.resources.dpi = ''

View File

@ -23,6 +23,7 @@ import XMonad
import qualified XMonad.StackSet as W import qualified XMonad.StackSet as W
import Control.Monad.Extra (whenJustM) import Control.Monad.Extra (whenJustM)
import Data.List (isInfixOf) import Data.List (isInfixOf)
import Data.Monoid (Endo)
import System.Environment (getArgs, lookupEnv) import System.Environment (getArgs, lookupEnv)
import System.Posix.Process (executeFile) import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CopyWindow (copy, kill1)
@ -36,7 +37,7 @@ import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
import XMonad.Layout.NoBorders (smartBorders) import XMonad.Layout.NoBorders (smartBorders)
@ -44,9 +45,20 @@ import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Util.EZConfig (additionalKeysP) import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Util.NamedWindows (getName)
import XMonad.Util.Run (safeSpawn)
import XMonad.Stockholm.Shutdown import XMonad.Stockholm.Shutdown
data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
instance UrgencyHook LibNotifyUrgencyHook where
urgencyHook LibNotifyUrgencyHook w = do
name <- getName w
Just idx <- fmap (W.findTag w) $ gets windowset
safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx]
myTerm :: FilePath myTerm :: FilePath
myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc" myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc"
@ -61,7 +73,7 @@ main = getArgs >>= \case
main' :: IO () main' :: IO ()
main' = do main' = do
xmonad $ ewmh xmonad $ ewmh
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ withUrgencyHook LibNotifyUrgencyHook
$ def $ def
{ terminal = myTerm { terminal = myTerm
, modMask = mod4Mask , modMask = mod4Mask
@ -80,11 +92,12 @@ myLayoutHook = defLayout
where where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeAll . concat $ floatHooks = composeAll . concat $
[ [ title =? t --> doFloat | t <- myTitleFloats] [ [ title =? t --> doFloat | t <- myTitleFloats]
, [ className =? c --> doFloat | c <- myClassFloats ] ] , [ className =? c --> doFloat | c <- myClassFloats ] ]
where where
myTitleFloats = [] -- for the KDE "open link" popup from konsole myTitleFloats = []
myClassFloats = ["Pinentry"] -- for gpg passphrase entry myClassFloats = ["Pinentry"] -- for gpg passphrase entry
@ -130,12 +143,21 @@ myKeyMap =
, ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
, ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" ''
export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
''}")
, ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") , ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1")
, ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") , ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
--, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
--, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
--, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView))
] ]
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()

View File

@ -1,40 +1,39 @@
{ config, pkgs, ... }@args: with import <stockholm/lib>;
self: super: let
{ # This callPackage will try to detect obsolete overrides.
nixpkgs.config.packageOverrides = rec { callPackage = path: args: let
acronym = pkgs.callPackage ./acronym/default.nix {}; override = super.callPackage path args;
dpass = pkgs.callPackage ./dpass {}; upstream = optionalAttrs (override ? "name")
firefoxPlugins = { (super.${(parseDrvName override.name).name} or {});
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {}; in if upstream ? "name" &&
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; override ? "name" &&
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; compareVersions upstream.name override.name != -1
}; then
init = pkgs.callPackage ./init/default.nix args; trace
logify = pkgs.callPackage ./logify/default.nix {}; "Upstream `${upstream.name}' gets overridden by `${override.name}'."
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; override
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; else override;
pop = pkgs.callPackage ./pop/default.nix {};
q = pkgs.callPackage ./q {};
rs = pkgs.callPackage ./rs/default.nix {};
urban = pkgs.callPackage ./urban/default.nix {};
xml2json = pkgs.callPackage ./xml2json/default.nix {};
xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; };
yt-next = pkgs.callPackage ./yt-next/default.nix {};
bank = pkgs.writeDashBin "bank" '' subdirsOf = path:
mapAttrs (name: _: path + "/${name}")
(filterAttrs (_: eq "directory") (readDir path));
in {
bank = self.writeDashBin "bank" ''
tmp=$(mktemp) tmp=$(mktemp)
${pkgs.pass}/bin/pass show hledger > $tmp ${self.pass}/bin/pass show hledger > $tmp
${pkgs.hledger}/bin/hledger --file=$tmp "$@" ${self.hledger}/bin/hledger --file=$tmp "$@"
${pkgs.pass}/bin/pass show hledger | if ${pkgs.diffutils}/bin/diff $tmp -; then ${self.pass}/bin/pass show hledger | if ${self.diffutils}/bin/diff $tmp -; then
exit 0 exit 0
else else
${pkgs.coreutils}/bin/cat $tmp | ${pkgs.pass}/bin/pass insert -m hledger ${self.coreutils}/bin/cat $tmp | ${self.pass}/bin/pass insert -m hledger
fi fi
${pkgs.coreutils}/bin/rm $tmp ${self.coreutils}/bin/rm $tmp
''; '';
screengrab = pkgs.writeDashBin "screengrab" '' rtl8814au = callPackage ./custom/rtl8814au { kernel = self.linux; };
resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')"
${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1
'';
};
} }
// mapAttrs (_: flip callPackage {})
(filterAttrs (_: dir: pathExists (dir + "/default.nix"))
(subdirsOf ./.))

View File

@ -0,0 +1,42 @@
{ writeDashBin, writeHaskell, coreutils, xorg, virtualgl, ... }:
let
minimalXmonad = writeHaskell "minimalXmonad" {
executables.xmonad = {
extra-depends = [
"containers"
"xmonad"
];
text = /* haskell */ ''
module Main where
import XMonad
import qualified Data.Map as Map
main :: IO ()
main = do
xmonad def
{ workspaces = [ "1" ]
, layoutHook = myLayoutHook
, keys = myKeys
, normalBorderColor = "#000000"
, focusedBorderColor = "#000000"
}
myLayoutHook = Full
myKeys _ = Map.fromList []
'';
};
};
in writeDashBin "xephyrify" ''
NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1)
echo "using DISPLAY $NDISPLAY"
${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY &
XEPHYR_PID=$!
DISPLAY=$NDISPLAY ${minimalXmonad}/bin/xmonad &
XMONAD_PID=$!
DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@"
kill $XMONAD_PID
kill $XEPHYR_PID
''

View File

@ -1,9 +1,9 @@
_: { pkgs, ... }:
{ {
imports = [ imports = [
../krebs ../krebs
./2configs ./2configs
./3modules ./3modules
./5pkgs
]; ];
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
} }

View File

@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot" then "buildbot"
else "lass"; else "lass";
_file = <stockholm> + "/lass/1systems/${name}/source.nix"; _file = <stockholm> + "/lass/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) [ evalSource (toString _file) [
{ {
@ -17,6 +22,7 @@ in
}; };
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
} }
override override
] ]

View File

@ -2,7 +2,7 @@
let let
inherit (lib) inherit (lib)
all any concatMapStringsSep concatStringsSep const filter flip all any attrNames concatMapStringsSep concatStringsSep const filter flip
genid hasSuffix head isInt isString length mergeOneOption mkOption genid hasSuffix head isInt isString length mergeOneOption mkOption
mkOptionType optional optionalAttrs optionals range splitString mkOptionType optional optionalAttrs optionals range splitString
stringLength substring test testString typeOf; stringLength substring test testString typeOf;
@ -231,61 +231,58 @@ rec {
source = submodule ({ config, ... }: { source = submodule ({ config, ... }: {
options = { options = {
type = let type = let
types = [ known-types = attrNames source-types;
"file" type-candidates = filter (k: config.${k} != null) known-types;
"git"
"pass"
"symlink"
];
in mkOption { in mkOption {
type = enum types; default = if length type-candidates == 1
default = let then head type-candidates
cands = filter (k: config.${k} != null) types;
in
if length cands == 1
then head cands
else throw "cannot determine type"; else throw "cannot determine type";
type = enum known-types;
}; };
file = let file = mkOption {
file-path = (file-source.getSubOptions "FIXME").path.type;
in mkOption {
type = nullOr (either file-source file-path);
default = null;
apply = x: apply = x:
if file-path.check x if absolute-pathname.check x
then { path = x; } then { path = x; }
else x; else x;
default = null;
type = nullOr (either absolute-pathname source-types.file);
}; };
git = mkOption { git = mkOption {
type = nullOr git-source;
default = null; default = null;
type = nullOr source-types.git;
}; };
pass = mkOption { pass = mkOption {
type = nullOr pass-source;
default = null; default = null;
type = nullOr source-types.pass;
}; };
symlink = let pipe = mkOption {
symlink-target = (symlink-source.getSubOptions "FIXME").target.type; apply = x:
in mkOption { if absolute-pathname.check x
type = nullOr (either symlink-source symlink-target); then { command = x; }
else x;
default = null;
type = nullOr (either absolute-pathname source-types.pipe);
};
symlink = mkOption {
type = nullOr (either pathname source-types.symlink);
default = null; default = null;
apply = x: apply = x:
if symlink-target.check x if pathname.check x
then { target = x; } then { target = x; }
else x; else x;
}; };
}; };
}); });
file-source = submodule { source-types = {
file = submodule {
options = { options = {
path = mkOption { path = mkOption {
type = absolute-pathname; type = absolute-pathname;
}; };
}; };
}; };
git = submodule {
git-source = submodule {
options = { options = {
ref = mkOption { ref = mkOption {
type = str; # TODO types.git.ref type = str; # TODO types.git.ref
@ -295,8 +292,7 @@ rec {
}; };
}; };
}; };
pass = submodule {
pass-source = submodule {
options = { options = {
dir = mkOption { dir = mkOption {
type = absolute-pathname; type = absolute-pathname;
@ -306,8 +302,14 @@ rec {
}; };
}; };
}; };
pipe = submodule {
symlink-source = submodule { options = {
command = mkOption {
type = absolute-pathname;
};
};
};
symlink = submodule {
options = { options = {
target = mkOption { target = mkOption {
type = pathname; # TODO relative-pathname type = pathname; # TODO relative-pathname
@ -315,6 +317,7 @@ rec {
}; };
}; };
};
suffixed-str = suffs: suffixed-str = suffs:
mkOptionType { mkOptionType {

View File

@ -148,6 +148,11 @@ in {
allowedIPs = [ "10.244.0.5/32" ]; allowedIPs = [ "10.244.0.5/32" ];
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
} }
{
# workr
allowedIPs = [ "10.244.0.6/32" ];
publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
}
]; ];
}; };
} }

View File

@ -19,22 +19,24 @@ let
# __FRONT_ # __FRONT_
# |* d0 | # |* d0 |
# | | # | |
# |* d3 | # |* d1 |
# | | # | |
# |* d3 | # |* d3 |
# | | # | |
# |* | # |* |
# |* d2 | # |* d2 |
# | * r0 | # | * |
# | * |
# |_______| # |_______|
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
# all physical disks # all physical disks
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks } # TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ]; dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
allDisks = [ rootDisk ] ++ dataDisks; allDisks = [ rootDisk ] ++ dataDisks;
in { in {
imports = imports =
@ -68,6 +70,8 @@ in {
<stockholm/makefu/2configs/syncthing.nix> <stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/mqtt.nix> <stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
# security # security
@ -116,7 +120,6 @@ in {
services.sabnzbd.enable = true; services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
virtualisation.docker.enable = true;
makefu.ps3netsrv = { makefu.ps3netsrv = {
enable = true; enable = true;
servedir = "/media/cryptX/emu/ps3"; servedir = "/media/cryptX/emu/ps3";
@ -126,6 +129,7 @@ in {
makefu.snapraid = { makefu.snapraid = {
enable = true; enable = true;
# TODO: 3 is not protected
disks = map toMapper [ 0 1 ]; disks = map toMapper [ 0 1 ];
parity = toMapper 2; parity = toMapper 2;
}; };
@ -150,6 +154,7 @@ in {
in cryptMount "crypt0" in cryptMount "crypt0"
// cryptMount "crypt1" // cryptMount "crypt1"
// cryptMount "crypt2" // cryptMount "crypt2"
// cryptMount "crypt3"
// { "/media/cryptX" = { // { "/media/cryptX" = {
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]); device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]);
fsType = "mergerfs"; fsType = "mergerfs";
@ -178,6 +183,7 @@ in {
(usbkey "crypt0" cryptDisk0) (usbkey "crypt0" cryptDisk0)
(usbkey "crypt1" cryptDisk1) (usbkey "crypt1" cryptDisk1)
(usbkey "crypt2" cryptDisk2) (usbkey "crypt2" cryptDisk2)
(usbkey "crypt3" cryptDisk3)
]; ];
}; };
loader.grub.device = lib.mkForce rootDisk; loader.grub.device = lib.mkForce rootDisk;

View File

@ -5,32 +5,35 @@
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
<stockholm/makefu> <stockholm/makefu>
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>) # <stockholm/makefu/2configs/hw/vbox-guest.nix>
{ # until virtualbox-image is fixed
imports = [
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
];
boot.loader.grub.device = "/dev/sda";
}
<stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix> # <secrets/extra-hosts.nix>
# environment # environment
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
]; ];
# workaround for https://github.com/NixOS/nixpkgs/issues/16641
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
nixpkgs.config.allowUnfree = true;
# allow sdev to deploy self # allow sdev to deploy self
users.extraUsers = { users.extraUsers = {
root = { root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
}; };
}; };
# corefonts
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[ environment.systemPackages = with pkgs;[
ppp xclip ppp xclip
get get
passwdqc-utils passwdqc-utils
docker
gnupg gnupg
populate populate
(pkgs.writeScriptBin "tor-browser" '' (pkgs.writeScriptBin "tor-browser" ''
@ -39,18 +42,11 @@
'') '')
]; ];
virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
25 25
80 80
8010 8010
]; ];
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = [ "rw" "uid=9001" "gid=9001" ];
};
} }

View File

@ -8,30 +8,9 @@
{ {
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ]; imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
virtualisation.virtualbox.guest.enable = true;
} }
# { # <stockholm/makefu/2configs/hw/vbox-guest.nix>
# imports = [
# <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
# ];
# virtualbox.baseImageSize = 35 * 1024;
# fileSystems."/media/share" = {
# fsType = "vboxsf";
# device = "share";
# options = [ "rw" "uid=9001" "gid=9001" ];
# };
# }
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
# ];
# fileSystems."/nix" = {
# device ="/dev/disk/by-label/nixstore";
# fsType = "ext4";
# };
# }
# base gui # base gui
# <stockholm/makefu/2configs/main-laptop.nix> # <stockholm/makefu/2configs/main-laptop.nix>
@ -75,14 +54,8 @@
]; ];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>); networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
nixpkgs.config.allowUnfree = true;
# allow vbob to deploy self # allow vbob to deploy self
users.extraUsers = { users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
environment.shellAliases = { environment.shellAliases = {
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
@ -94,16 +67,18 @@
ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
''; '';
# for forticlient
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[ environment.systemPackages = with pkgs;[
fortclientsslvpn ppp xclip fortclientsslvpn ppp xclip
get get
logstash logstash
# docker
#devpi-web #devpi-web
#devpi-client #devpi-client
ansible ansible
]; ];
# virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
@ -111,6 +86,6 @@
80 80
8010 8010
]; ];
# required for qemu
systemd.services."serial-getty@ttyS0".enable = true; systemd.services."serial-getty@ttyS0".enable = true;
} }

View File

@ -18,7 +18,7 @@ in {
<stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix> <stockholm/makefu/2configs/mqtt.nix>
# <stockholm/makefu/2configs/gui/wbob-kiosk.nix> <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/stats/client.nix> <stockholm/makefu/2configs/stats/client.nix>
@ -29,8 +29,69 @@ in {
# <stockholm/makefu/2configs/vncserver.nix> # <stockholm/makefu/2configs/vncserver.nix>
# Services # Services
<stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/hydra/stockholm.nix>
<stockholm/makefu/2configs/share/wbob.nix> <stockholm/makefu/2configs/share/wbob.nix>
(let
musicDirectory = "/data/music";
in {
services.mpd = {
enable = true;
inherit musicDirectory;
# dataDir = "/home/anders/.mpd";
network.listenAddress = "any";
extraConfig = ''
audio_output {
type "pulse"
name "Local MPD"
server "127.0.0.1"
}
'';
};
# open because of truestedInterfaces
# networking.firewall.allowedTCPPorts = [ 6600 4713 ];
services.samba.shares.music = {
path = musicDirectory;
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
sound.enable = true;
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
tcp = {
enable = true;
anonymousClients.allowAll = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ];
};
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
load-module module-intended-roles
load-module module-position-event-sounds
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
load-module module-switch-on-connect
# may be required for "system-wide" pulse to connect to bluetooth
#module-bluez5-device
#module-bluez5-discover
'';
};
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
})
# Sensors # Sensors
<stockholm/makefu/2configs/stats/telegraf> <stockholm/makefu/2configs/stats/telegraf>
@ -147,7 +208,10 @@ in {
boot.loader.grub.device = rootdisk; boot.loader.grub.device = rootdisk;
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.kernelModules = [ "kvm-intel"
"snd-seq" "snd-rawmidi"
];
fileSystems = { fileSystems = {
"/" = { "/" = {
device = rootdisk + "-part1"; device = rootdisk + "-part1";
@ -174,66 +238,4 @@ in {
serverAddress = "x.r"; serverAddress = "x.r";
}; };
}; };
security.wrappers.fping = {
source = "${pkgs.fping}/bin/fping";
setuid = true;
};
services.smokeping = {
enable = true;
targetConfig = ''
probe = FPing
menu = Top
title = Network Latency Grapher
remark = Welcome to this SmokePing website.
+ network
menu = Net latency
title = Network latency (ICMP pings)
++ google
probe = FPing
host = google.de
++ webde
probe = FPing
host = web.de
+ services
menu = Service latency
title = Service latency (DNS, HTTP)
++ HTTP
menu = HTTP latency
title = Service latency (HTTP)
+++ webdeping
probe = EchoPingHttp
host = web.de
+++ googwebping
probe = EchoPingHttp
host = google.de
#+++ webwww
#probe = Curl
#host = web.de
#+++ googwebwww
#probe = Curl
#host = google.de
'';
probeConfig = ''
+ FPing
binary = /run/wrappers/bin/fping
+ EchoPingHttp
pings = 5
url = /
#+ Curl
## probe-specific variables
#binary = ${pkgs.curl}/bin/curl
#step = 60
## a default for this target-specific variable
#urlformat = http://%host%/
'';
};
} }

View File

@ -40,7 +40,7 @@ with import <stockholm/lib>;
# Virtualization # Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/virtualbox.nix> # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
{ {
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [ 8080 ];
networking.nat = { networking.nat = {
@ -59,8 +59,9 @@ with import <stockholm/lib>;
# Hardware # Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix> <stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/rtl8812au.nix> # <stockholm/makefu/2configs/hw/tpm.nix>
<stockholm/makefu/2configs/hw/wwan.nix> # <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix> <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix> # <stockholm/makefu/2configs/rad1o.nix>
@ -77,18 +78,82 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix> # <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/lanparty/samba.nix> # <stockholm/makefu/2configs/lanparty/samba.nix>
# <stockholm/makefu/2configs/lanparty/mumble-server.nix> # <stockholm/makefu/2configs/lanparty/mumble-server.nix>
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
{
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.0.2/24" ];
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
peers = [
{
# gum
endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820";
allowedIPs = [ "10.244.0.0/24" ];
publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
}
#{
# # vbob
# allowedIPs = [ "10.244.0.3/32" ];
# publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
#}
];
};
}
{ # bluetooth+pulse config
# for blueman-applet
users.users.makefu.packages = [
pkgs.blueman
];
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
support32Bit = true;
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
load-module module-intended-roles
load-module module-position-event-sounds
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-switch-on-connect
'';
};
# presumably a2dp Sink
# Enable profile:
## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
hardware.bluetooth.extraConfig = '';
[general]
Enable=Source,Sink,Media,Socket
'';
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
}
{ # auto-mounting
services.udisks2.enable = true;
services.devmon.enable = true;
# services.gnome3.gvfs.enable = true;
users.users.makefu.packages = with pkgs;[
gvfs pcmanfm lxmenu-data
];
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
}
]; ];
makefu.server.primary-itf = "wlp3s0"; makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true; makefu.full-populate = true;
makefu.umts.apn = "web.vodafone.de";
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ pkgs.passwdqc-utils ];
# configure pulseAudio to provide a HDMI sink as well # configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ]; networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
@ -104,4 +169,11 @@ with import <stockholm/lib>;
''; '';
# hard dependency because otherwise the device will not be unlocked # hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
nix.package = pkgs.nixUnstable;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
nixpkgs.overlays = [ (import <python/overlay.nix>) ];
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
} }

View File

@ -0,0 +1,34 @@
{ config, lib, pkgs, buildPythonPackage, ... }:
with import <stockholm/lib>;
let
pkg = pkgs.ampel;
home = "/var/lib/ampel";
sec = "${toString <secrets>}/google-muell.json";
ampelsec = "${home}/google-muell.json";
esp = "192.168.1.23";
sleepval = "1800";
in {
users.users.ampel = {
uid = genid "ampel";
createHome = true;
isSystemUser = true;
inherit home;
};
systemd.services.google-muell-ampel = {
description = "Send led change to rgb cubes";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "ampel";
ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
cp ${sec} ${ampelsec}
chown ampel ${ampelsec}
'';
ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
PermissionsStartOnly = true;
Restart = "always";
RestartSec = 10;
PrivateTmp = true;
};
};
}

View File

@ -2,25 +2,7 @@
let let
mq = "192.168.8.11"; mq = "192.168.8.11";
pkg = pkgs.ampel;
pkg = pkgs.python3Packages.buildPythonPackage {
name = "ampel-master";
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "531741b";
sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
};
propagatedBuildInputs = with pkgs.python3Packages; [
docopt
paho-mqtt
requests
pytz
influxdb
httplib2
google_api_python_client
];
};
in { in {
systemd.services.led-fader = { systemd.services.led-fader = {
description = "Send led change to message queue"; description = "Send led change to message queue";

View File

@ -1,6 +1,18 @@
{ lib, pkgs, config, ... }: { lib, pkgs, config, ... }:
with lib; with lib;
# imperative in config.php:
# #local memcache:
# 'memcache.local' => '\\OC\\Memcache\\APCu',
# #local locking:
# 'memcache.locking' => '\\OC\\Memcache\\Redis',
# 'redis' =>
# array (
# 'host' => 'localhost',
# 'port' => 6379,
# ),
let let
# TODO: copy-paste from lass/2/websites/util.nix # TODO: copy-paste from lass/2/websites/util.nix
serveCloud = domains: serveCloud = domains:
@ -124,20 +136,48 @@ let
env[PATH] = ${lib.makeBinPath [ pkgs.php ]} env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
catch_workers_output = yes catch_workers_output = yes
''; '';
services.phpfpm.phpOptions = ''
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
display_errors = on
display_startup_errors = on
always_populate_raw_post_data = -1
error_reporting = E_ALL | E_STRICT
html_errors = On
date.timezone = "Europe/Berlin"
# extension=${pkgs.phpPackages.memcached}/lib/php/extensions/memcached.so
extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
'';
}; };
in { in {
imports = [ imports = [
( serveCloud [ "o.euer.krebsco.de" ] ) ( serveCloud [ "o.euer.krebsco.de" ] )
]; ];
services.mysql = { # TODO: currently nextcloud uses sqlite services.redis.enable = true;
services.mysql = {
enable = false; enable = false;
package = pkgs.mariadb; package = pkgs.mariadb;
rootPassword = config.krebs.secret.files.mysql_rootPassword.path; rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
}; initialDatabases = [
services.mysqlBackup = { # Or use writeText instead of literalExample?
enable = false; #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
databases = [ "nextcloud" ]; {
name = "nextcloud";
schema = pkgs.writeText "nextcloud.sql"
''
create user if not exists 'nextcloud'@'localhost' identified by 'password';
grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
'';
}
];
}; };
# dataDir is only defined after mysql is enabled # dataDir is only defined after mysql is enabled
# krebs.secret.files.mysql_rootPassword = { # krebs.secret.files.mysql_rootPassword = {

View File

@ -28,6 +28,7 @@ let
init-stockholm = { init-stockholm = {
cgit.desc = "Init stuff for stockholm"; cgit.desc = "Init stuff for stockholm";
}; };
hydra-stockholm = { };
}; };
priv-repos = mapAttrs make-priv-repo { priv-repos = mapAttrs make-priv-repo {

View File

@ -48,13 +48,14 @@ in
fonts = [ pkgs.terminus_font ]; fonts = [ pkgs.terminus_font ];
}; };
environment.systemPackages = with pkgs;[ users.users.${mainUser} = {
extraGroups = [ "audio" ];
packages = with pkgs;[
pavucontrol pavucontrol
xlockmore xlockmore
rxvt_unicode-with-plugins rxvt_unicode-with-plugins
firefox
]; ];
users.extraUsers.${mainUser}.extraGroups = [ "audio" ]; };
hardware.pulseaudio = { hardware.pulseaudio = {
enable = true; enable = true;

View File

@ -1,11 +1,13 @@
{ lib, ... }: { pkgs, lib, ... }:
{ {
imports = [ imports = [
./base.nix ./base.nix
]; ];
users.users.makefu.packages = [ pkgs.chromium ];
services.xserver = { services.xserver = {
layout = lib.mkForce "de"; layout = lib.mkForce "de";
xkbVariant = lib.mkForce "";
windowManager = lib.mkForce { windowManager = lib.mkForce {
awesome.enable = false; awesome.enable = false;
@ -16,7 +18,7 @@
# xrandrHeads = [ "HDMI1" "HDMI2" ]; # xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms # prevent screen from turning off, disable dpms
displayManager.sessionCommands = '' displayManager.sessionCommands = ''
xset s off -dpms xset -display :0 s off -dpms
xrandr --output HDMI2 --right-of HDMI1 xrandr --output HDMI2 --right-of HDMI1
''; '';
}; };

View File

@ -0,0 +1,37 @@
{ pkgs, lib, ... }:
{
users.users.makefu = {
extraGroups = [ "networkmanager" ];
packages = with pkgs;[
networkmanagerapplet
gnome3.gnome_keyring gnome3.dconf
];
};
networking.wireless.enable = lib.mkForce false;
systemd.services.modemmanager = {
description = "ModemManager";
after = [ "network-manager.service" ];
bindsTo = [ "network-manager.service" ];
wantedBy = [ "network-manager.service" ];
serviceConfig = {
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
PrivateTmp = true;
Restart = "always";
RestartSec = "5";
};
};
networking.networkmanager.enable = true;
# TODO: put somewhere else
services.xserver.displayManager.sessionCommands = ''
${pkgs.clipit}/bin/clipit &
${pkgs.networkmanagerapplet}/bin/nm-applet &
'';
# nixOSUnstable
# networking.networkmanager.wifi = {
# powersave = true;
# scanRandMacAddress = true;
# };
}

View File

@ -0,0 +1,16 @@
{ lib, ...}:
{
## Guest Extensions are currently broken
imports = [
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
];
virtualisation.virtualbox.guest.enable = true;
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
};
# virtualbox.baseImageSize = 35 * 1024;
}

View File

@ -1,8 +0,0 @@
_:
{
makefu.umts = {
enable = true;
modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
};
}

View File

@ -0,0 +1,34 @@
# iterative:
# $ hydra-create-user krebs --password derp --role admin
# curl 'http://hydra.wbob.r/project/.new' -X PUT -H 'Host: hydra.wbob.r' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: redirect_to=%252F; hydra_session=abcdefghijklmnopqrstuvwxyz' -H 'Connection: keep-alive' --data 'enabled=on&visible=on&name=stockholm&displayname=Stockholm&description=make+all+systems+into+1systems&homepage=https%3A%2F%2Fkrebsco.de&owner=krebs&declfile=spec.json&decltype=git&declvalue=http%3A%2F%2Fcgit.euer.krebsco.de%2Fhydra-stockholm'
{
# TODO postgres backup
services.postgresql.enable = true;
services.hydra = {
enable = true;
hydraURL = "http://hydra.wbob.r"; # externally visible URL
notificationSender = "hydra@wbob.r";
# you will probably also want, otherwise *everything* will be built from scratch
useSubstitutes = true;
port = 3030;
buildMachinesFiles = [];
};
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts."hydra.wbob.r" = {
locations."/" = {
proxyPass = "http://localhost:3030/";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
}

View File

@ -5,5 +5,5 @@
mosh mosh
]; ];
# boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
} }

View File

@ -9,8 +9,8 @@
# owncloudclient # owncloudclient
(pkgs.writeScriptBin "prepare-pulseaudio" '' (pkgs.writeScriptBin "prepare-pulseaudio" ''
pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming" pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming"
pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1 pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream
pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1 pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream
darkice -c ~/lol.conf darkice -c ~/lol.conf
'') '')
]; ];

View File

@ -34,7 +34,7 @@ in {
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack
http://www.iozone.org/src/current/ http://www.iozone.org/src/current/
{ {
@ -51,6 +51,8 @@ in {
"embray/d2to1" "embray/d2to1"
"dorimanx/exfat-nofuse" "dorimanx/exfat-nofuse"
"rapid7/metasploit-framework" "rapid7/metasploit-framework"
"GothenburgBitFactory/taskserver"
"GothenburgBitFactory/taskwarrior"
]; ];
}; };
} }

View File

@ -29,15 +29,7 @@ let
nixpkgs.config.packageOverrides = pkgs: rec { nixpkgs.config.packageOverrides = pkgs: rec {
awesome = pkgs.stdenv.lib.overrideDerivation pkgs.awesome (oldAttrs : { awesome = pkgs.stdenv.lib.overrideDerivation pkgs.awesome (oldAttrs : {
postFixup = let postFixup = let
rclua = pkgs.substituteAll { rclua = cfg.baseConfig.override { inherit (cfg) modkey; };
src = cfg.baseConfig;
modkey = cfg.modkey;
# inherit (cfg) modkey;
amixer = "${pkgs.alsaUtils}/bin/amixer";
xlock = "${pkgs.xlockmore}/bin/xlock";
xbacklight = "${pkgs.xorg.xbacklight}/bin/xbacklight";
};
in "cp ${rclua} $out/etc/xdg/awesome/rc.lua"; in "cp ${rclua} $out/etc/xdg/awesome/rc.lua";
}); });
}; };

View File

@ -14,8 +14,6 @@ _:
./snapraid.nix ./snapraid.nix
./torrent.nix ./torrent.nix
./udpt.nix ./udpt.nix
./umts.nix
./wvdial.nix
]; ];
} }

View File

@ -1,84 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs-channels";
rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
}) {};
wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
# TODO: currently it is only netzclub
umts-bin = pkgs.writeScriptBin "umts" ''
#!/bin/sh
set -euf
systemctl start umts
trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
journalctl -xfu umts
'';
wvdial-defaults = ''
Phone = *99***1#
Dial Command = ATDT
Modem = ${cfg.modem-device}
Baud = 460800
Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
Modem Type = Analog Modem
Username = netzclub
Password = netzclub
Stupid Mode = 1
Idle Seconds = 0'';
cfg = config.makefu.umts;
out = {
options.makefu.umts = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "umts";
modem-device = mkOption {
default = "/dev/ttyUSB0";
type = types.str;
description = ''
path to modem device, use <filename>/dev/serial/by-id/...</filename>
to avoid race conditions.
'';
};
apn = mkOption {
default = "pinternet.interkom.de";
type = types.str;
description = ''
apn to use for dailing
'';
};
};
imp = {
environment.shellAliases = {
umts = "sudo ${umts-bin}/bin/umts";
};
environment.systemPackages = [ ];
environment.wvdial.dialerDefaults = wvdial-defaults;
systemd.services.umts = {
description = "UMTS wvdial Service";
serviceConfig = {
Type = "simple";
Restart = "always";
RestartSec = "10s";
ExecStart = "${wvdial}/bin/wvdial -n";
};
};
};
in out

View File

@ -1,71 +0,0 @@
# Global configuration for wvdial.
{ config, lib, pkgs, ... }:
with lib;
let
configFile = ''
[Dialer Defaults]
PPPD PATH = ${pkgs.ppp}/sbin/pppd
${config.environment.wvdial.dialerDefaults}
'';
cfg = config.environment.wvdial;
in
{
###### interface
options = {
environment.wvdial = {
dialerDefaults = mkOption {
default = "";
type = types.str;
example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
description = ''
Contents of the "Dialer Defaults" section of
<filename>/etc/wvdial.conf</filename>.
'';
};
pppDefaults = mkOption {
default = ''
noipdefault
usepeerdns
defaultroute
persist
noauth
'';
type = types.str;
description = "Default ppp settings for wvdial.";
};
};
};
###### implementation
config = mkIf (cfg.dialerDefaults != "") {
environment = {
etc =
[
{ source = pkgs.writeText "wvdial.conf" configFile;
target = "wvdial.conf";
}
{ source = pkgs.writeText "wvdial" cfg.pppDefaults;
target = "ppp/peers/wvdial";
}
];
};
};
}

View File

@ -0,0 +1,27 @@
{ lib, pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;buildPythonPackage rec {
name = "ampel-${version}";
version = "0.2";
propagatedBuildInputs = [
docopt
paho-mqtt
requests
pytz
influxdb
httplib2
google_api_python_client
];
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "d8a0250";
sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f";
};
meta = {
homepage = http://cgit.euer.krebsco.de/ampel;
description = "change colors of rgb cubes";
license = lib.licenses.asl20;
};
}

View File

@ -1,7 +1,24 @@
_: { pkgs
, lib
, alsaUtils
, xlockmore
, xbacklight
, modkey?"Mod4"
, ... }:
{ {
# replace: @amixer@ @xlock@ @xbacklight@ # replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@
full = ./full.cfg; full = lib.makeOverridable pkgs.substituteAll {
kiosk = ./kiosk.lua; name = "awesome_full_config";
inherit alsaUtils xlockmore xbacklight modkey;
isExecutable = false;
src = ./full.cfg;
};
kiosk = lib.makeOverridable pkgs.substituteAll {
name = "awesome_kiosk_config";
inherit alsaUtils xlockmore xbacklight modkey;
isExecutable = false;
src = ./kiosk.lua;
};
} }

View File

@ -365,22 +365,22 @@ globalkeys = awful.util.table.join(
{description = "restore minimized", group = "client"}), {description = "restore minimized", group = "client"}),
awful.key({ }, "XF86MonBrightnessUp", function () awful.key({ }, "XF86MonBrightnessUp", function ()
awful.util.spawn("@xbacklight@ -inc 5", false) end), awful.util.spawn("@xbacklight@/bin/xbacklight -inc 5", false) end),
awful.key({ }, "XF86MonBrightnessDown", function () awful.key({ }, "XF86MonBrightnessDown", function ()
awful.util.spawn("@xbacklight@ -dec 5", false) end), awful.util.spawn("@xbacklight@/bin/xbacklight -dec 5", false) end),
awful.key({ }, "XF86AudioRaiseVolume", function () awful.key({ }, "XF86AudioRaiseVolume", function ()
awful.util.spawn("@amixer@ set Master 5%+", false) end), awful.util.spawn("@alsaUtils@/bin/amixer set Master 5%+", false) end),
awful.key({ }, "XF86AudioLowerVolume", function () awful.key({ }, "XF86AudioLowerVolume", function ()
awful.util.spawn("@amixer@ set Master 5%-", false) end), awful.util.spawn("@alsaUtils@/bin/amixer set Master 5%-", false) end),
awful.key({ }, "XF86AudioMute", function () awful.key({ }, "XF86AudioMute", function ()
awful.util.spawn("@amixer@ -q -D default sset Master toggle", false) end), awful.util.spawn("@alsaUtils@/bin/amixer -q -D default sset Master toggle", false) end),
-- Prompt -- Prompt
awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end, awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end,
{description = "run prompt", group = "launcher"}), {description = "run prompt", group = "launcher"}),
awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@xlock@ -mode blank") end), awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end),
awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@xlock@ -mode blank") end), awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end),
awful.key({ modkey }, "x", awful.key({ modkey }, "x",
function () function ()

View File

@ -1,3 +0,0 @@
{}:
{
}

View File

@ -1,6 +1,9 @@
{ lib, stdenv, fetchFromGitHub, fetchgit, libusb, libtool, autoconf, pkgconfig, git, { lib, stdenv, fetchFromGitHub, fetchgit, libusb, libtool, autoconf, pkgconfig, git,
gettext, automake, libxml2 , qmake, gettext, automake, libxml2
qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }: , autoreconfHook
, qmake4Hook
, qmake
, qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }:
let let
libvitamtp = stdenv.mkDerivation rec { libvitamtp = stdenv.mkDerivation rec {
name = "libvitamtp-${version}"; name = "libvitamtp-${version}";
@ -13,8 +16,8 @@ let
sha256 = "09c9f7gqpyicfpnhrfb4r67s2hci6hh31bzmqlpds4fywv5mzaf8"; sha256 = "09c9f7gqpyicfpnhrfb4r67s2hci6hh31bzmqlpds4fywv5mzaf8";
}; };
buildInputs = [ libusb libxml2 libtool autoconf automake gettext pkgconfig ]; buildInputs = [ libusb libxml2 libtool autoconf automake gettext pkgconfig
preConfigure = "sh ./autogen.sh"; autoreconfHook ];
meta = { meta = {
description = "Content Manager Assistant for the PS Vita"; description = "Content Manager Assistant for the PS Vita";
@ -26,40 +29,29 @@ let
}; };
in stdenv.mkDerivation rec { in stdenv.mkDerivation rec {
name = "qcma-${version}"; name = "qcma-${version}";
version = "0.3.13"; version = "8e6cafedc0f47733f33323f829624e3fc847a176";
src = fetchgit { src = fetchFromGitHub {
url = "git://github.com/codestation/qcma.git"; owner = "codestation";
rev = "refs/tags/v"+version; repo = "qcma";
leaveDotGit = true; rev = version;
sha256 = "164abjwlw2nw2i30wlwpsavz1zjkp6a14yprvinma5hflkw4yj6i"; sha256 = "1l95kx3x4pf5iwmwigbch5c6n2h27lls5qiy4xh15v59p5442yw5";
}; };
preConfigure = '' preConfigure = ''
lrelease common/resources/translations/*.ts lrelease common/resources/translations/*.ts
''; '';
# TODO: manually adding qtbase and qtmultimedia to the library path is shit,
# this should be done somewhere before when building the project, idk.
installPhase = ''
make INSTALL_ROOT="$(out)" install
for i in qcma qcma_cli; do
wrapQtProgram $out/bin/$i --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [
qtbase qtmultimedia ]}
done
'';
enableParallelBuilding = true; enableParallelBuilding = true;
buildInputs = [ gdk_pixbuf ffmpeg libnotify libvitamtp git qtmultimedia qtbase ]; buildInputs = [ gdk_pixbuf ffmpeg libnotify libvitamtp git qtmultimedia qtbase ];
nativeBuildInputs = [ qmake qttools pkgconfig ]; nativeBuildInputs = [ qttools pkgconfig qmake ];
meta = { meta = {
description = "Content Manager Assistant for the PS Vita"; description = "Content Manager Assistant for the PS Vita";
homepage = https://github.com/codestation/qcma; homepage = https://github.com/codestation/qcma;
license = stdenv.lib.licenses.gpl2; license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux; platforms = stdenv.lib.platforms.linux;
broken = true;
maintainers = with stdenv.lib.maintainers; [ makefu ]; maintainers = with stdenv.lib.maintainers; [ makefu ];
}; };
} }

View File

@ -1,50 +0,0 @@
{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub,
libpcap, libdnet, libevent, readline, autoconf, automake, libtool, zlib, pcre,
libev,
... }:
let
liblcfg = stdenv.mkDerivation rec {
name = "liblcfg-${version}";
version = "750bc90";
src = fetchFromGitHub {
owner = "ThomasAdam";
repo = "liblcfg";
rev = version;
sha256 = "1k3r47p81paw5802jklx9xqbjrxr26pahipxn9nq3177qhxxibkr";
};
buildInputs = with pkgs;[ autoconf automake ];
preConfigure = ''autoreconf -fi'';
sourceRoot = "${name}-src/code";
};
in stdenv.mkDerivation rec {
name = "liblcfg-${version}";
#version = "1.5c"; #original, does not compile due to libc errors
#src = fetchurl {
# url = "http://www.honeyd.org/uploads/honeyd-${version}.tar.gz";
# sha256 = "0vcih16fk5pir5ssfil8x79nvi62faw0xvk8s5klnysv111db1ii";
#};
#version = "64d087c"; # honeyd-1.6.7
# sha256 = "0zhnn13r24y1q494xcfx64vyp84zqk8qmsl41fq2674230bn0p31";
version = "6756787f94c4f1ac53d1e5545d052774a0446c04";
src = fetchFromGitHub {
owner = "rep";
repo = "dionaea";
rev = version;
sha256 = "04zjr9b7x0rqwzgb9gfxq6pclb817gz4qaghdl8xa79bqf9vv2p7";
};
buildInputs = with pkgs;[ libtool automake autoconf ];
configureFlags = [
"--with-liblcfg=${liblcfg}"
"--with-libpcap=${libpcap}"
];
meta = {
homepage = http://www.honeyd.org/;
description = "virtual Honeypots";
license = lib.licenses.gpl2;
};
}

View File

@ -1,63 +0,0 @@
{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub,
libpcap, libdnet, libevent, readline, autoconf, automake, libtool, zlib, pcre,
... }:
stdenv.mkDerivation rec {
name = "farpd-${version}";
version = "0.2";
src = fetchurl {
url = https://launchpad.net/ubuntu/+archive/primary/+files/farpd_0.2.orig.tar.gz ;
sha256 = "1m3pynvynr4vgkwh7z5i0yqlang2y0ph32cys3vbi2hx2apk9abd";
};
buildInputs = with pkgs;[
automake
gnugrep
libpcap
libdnet
pcre
libevent.out # requires .so and .h
readline
autoconf
libtool
zlib
coreutils
python
pythonPackages.pysqlite
];
patches = [
( fetchurl {
url = https://launchpad.net/ubuntu/+archive/primary/+files/farpd_0.2-11.diff.gz;
sha256 = "2c246b37de8aab9c73f955fb77101adefd90637d03f582b9f8ffae2903af2f94";
})
];
# removes user install script from Makefile before automake
#patches = [ ./autoconf.patch ];
preConfigure = ''
autoreconf -fi
substituteInPlace configure \
--replace "dumbnet" "dnet" \
--replace "libpcap.a" "libpcap.so" \
--replace "libevent.a" "libevent.so" \
--replace "net/bpf.h" "pcap/bpf.h"
'';
makeFlags = [ "LIBS=-lz" ];
configureFlags = [
"--with-libpcap=${libpcap}"
"--with-libevent=${libevent}"
"--with-libdnet=${libdnet}"
];
postInstall = ''
mv $out/sbin/arpd $out/sbin/farpd
mv $out/share/man/man8/arpd.8 $out/share/man/man8/farpd.8
'';
meta = {
homepage = https://launchpad.net/ubuntu/+source/farpd/ ;
description = "fake arp";
license = lib.licenses.gpl2;
};
}

View File

@ -11,6 +11,10 @@ python2Packages.buildPythonPackage rec {
propagatedBuildInputs = with python2Packages; propagatedBuildInputs = with python2Packages;
[ python2Packages.pygtk gtk3 python2Packages.pillow ]; [ python2Packages.pygtk gtk3 python2Packages.pillow ];
# for module in sys.modules.itervalues():
# RuntimeError: dictionary changed size during iteration
doCheck = false;
meta = { meta = {
homepage = https://github.com/pyload/pyload; homepage = https://github.com/pyload/pyload;
description = "Free and Open Source download manager written in Python"; description = "Free and Open Source download manager written in Python";

View File

@ -22,6 +22,7 @@ stdenv.mkDerivation rec {
meta = { meta = {
homepage = https://github.com/ifcaro/Open-PS2-Loader; homepage = https://github.com/ifcaro/Open-PS2-Loader;
description = "open-ps2-loader utils (opl2iso,iso2opl,genvmc)"; description = "open-ps2-loader utils (opl2iso,iso2opl,genvmc)";
license = lib.licenses.afl3; ## not yet in stable
# license = lib.licenses.afl3;
}; };
} }

View File

@ -0,0 +1,27 @@
{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }:
stdenv.mkDerivation rec {
pname = "pfsshell";
version = "64f8c2";
name = "${pname}-${version}";
src = fetchFromGitHub {
owner = "makefu";
repo = "pfsshell";
rev = version;
sha256 = "01lbqf8s91p8id58xa16fp555i03vfycqvhv7qzpnrjy6yvp9dm8";
};
buildInputs = [ ];
makeFlags = [ ];
installPhase = ''
mkdir -p $out/bin
cp pfsshell $out/bin
'';
meta = {
homepage = https://github.com/uyjulian/pfsshell ;
description = "browse and transfer files to/from PFS filesystems";
};
}

View File

@ -1,12 +0,0 @@
{ stdenv }:
stdenv.mkDerivation rec {
name = "programs-db";
src = builtins.fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz ;
phases = [ "unpackPhase" "installPhase" ];
installPhase = ''
cp programs.sqlite $out
'';
}

View File

@ -1,33 +0,0 @@
{ pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;
let
asyncio-irc = buildPythonPackage rec {
name = "asyncio-irc-${version}";
version = "2016-09-02";
src = fetchFromGitHub {
owner = "watchtower";
repo = "asyncirc";
rev = "5384d19";
sha256 = "0xgzdvp0ig0im7r3vbqd3a9rzac0lkk2mvf7y4fw56p8k61df8nv";
};
propagatedBuildInputs = [ blinker ];
};
in
buildPythonPackage rec {
name = "shackie-${version}";
version = "2017-04-24";
propagatedBuildInputs = [
asyncio-irc
beautifulsoup4
lxml
pytz
redis
requests
];
src = fetchFromGitHub {
owner = "shackspace";
repo = "shackie";
rev = "e717ec7";
sha256 = "1ffbjm3x2xcyxl42hfsjs5xg1pm0xsprdi5if9zxa5ycqydmiw3l";
};
}

View File

@ -0,0 +1 @@
{}

View File

@ -13,7 +13,13 @@ let
then "buildbot" then "buildbot"
else "makefu"; else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
ref = "0f19bee"; # nixos-17.09 @ 2018-01-05 pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
# TODO: automate updating of this ref + cherry-picks
ref = "51810e0"; # nixos-17.09 @ 2018-02-14
# + do_sqlite3 ruby: 55a952be5b5 # + do_sqlite3 ruby: 55a952be5b5
# + signal: 0f19beef3 # + signal: 0f19beef3
@ -41,6 +47,7 @@ in
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
} }
(mkIf ( musnix ) { (mkIf ( musnix ) {
musnix.git = { musnix.git = {

View File

@ -4,6 +4,11 @@ host@{ name, override ? {} }: let
then "buildbot" then "buildbot"
else "mv"; else "mv";
_file = <stockholm> + "/mv/1systems/${name}/source.nix"; _file = <stockholm> + "/mv/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) [ evalSource (toString _file) [
{ {
@ -18,6 +23,7 @@ in
mv = "/home/mv/secrets/${name}"; mv = "/home/mv/secrets/${name}";
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
} }
override override
] ]

View File

@ -11,6 +11,7 @@ with lib;
<stockholm/nin> <stockholm/nin>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix> <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
#../2configs/copyq.nix #../2configs/copyq.nix
<stockholm/nin/2configs/ableton.nix>
<stockholm/nin/2configs/games.nix> <stockholm/nin/2configs/games.nix>
<stockholm/nin/2configs/git.nix> <stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix> <stockholm/nin/2configs/retiolum.nix>
@ -98,6 +99,9 @@ with lib;
enable = true; enable = true;
}; };
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xhost}/bin/xhost + local:
'';
services.xserver.desktopManager.xfce = let services.xserver.desktopManager.xfce = let
xbindConfig = pkgs.writeText "xbindkeysrc" '' xbindConfig = pkgs.writeText "xbindkeysrc" ''

20
nin/2configs/ableton.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, pkgs, ... }: let
mainUser = config.users.extraUsers.nin;
in {
users.users= {
ableton = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
];
packages = [
pkgs.wine
pkgs.winetricks
];
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(ableton) NOPASSWD: ALL
'';
}

View File

@ -36,17 +36,6 @@ let
make-public-repo = name: { cgit ? {}, ... }: { make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name; inherit cgit name;
public = true; public = true;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
channel = "#xxx";
server = "irc.r";
verbose = config.krebs.build.host.name == "onondaga";
# TODO define branches in some kind of option per repo
branches = [ "master" ];
};
};
}; };
make-rules = make-rules =

19
nin/2configs/im.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
environment.systemPackages = with pkgs; [
(pkgs.writeDashBin "im" ''
export PATH=${makeSearchPath "bin" (with pkgs; [
tmux
gnugrep
weechat
])}
ssh chat@onondaga
if tmux list-sessions -F\#S | grep -q '^im''$'; then
exec tmux attach -t im
else
exec tmux new -s im weechat
fi
'')
];
}

View File

@ -4,6 +4,11 @@ host@{ name, secure ? false }: let
then "buildbot" then "buildbot"
else "nin"; else "nin";
_file = <stockholm> + "/nin/1systems/${name}/source.nix"; _file = <stockholm> + "/nin/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) { evalSource (toString _file) {
nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
@ -12,8 +17,6 @@ in
nin = "/home/nin/secrets/${name}"; nin = "/home/nin/secrets/${name}";
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
nixpkgs.git = { stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
url = https://github.com/nixos/nixpkgs; nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
ref = "afe9649";
};
} }

View File

@ -42,6 +42,9 @@ let {
kirk = { kirk = {
cgit.desc = "IRC tools"; cgit.desc = "IRC tools";
}; };
kops = {
cgit.desc = "deployment tools";
};
load-env = {}; load-env = {};
loldns = { loldns = {
cgit.desc = "toy DNS server"; cgit.desc = "toy DNS server";
@ -128,11 +131,6 @@ let {
repo = [ repo ]; repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ]; perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++ } ++
optional repo.public {
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
} ++
optional (repo.collaborators or [] != []) { optional (repo.collaborators or [] != []) {
user = repo.collaborators; user = repo.collaborators;
repo = [ repo ]; repo = [ repo ];

View File

@ -6,6 +6,11 @@ with import <stockholm/lib>;
}@host: let }@host: let
builder = if dummy_secrets then "buildbot" else "tv"; builder = if dummy_secrets then "buildbot" else "tv";
_file = <stockholm> + "/tv/1systems/${name}/source.nix"; _file = <stockholm> + "/tv/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) [ evalSource (toString _file) [
{ {
@ -20,6 +25,7 @@ in
tv = "/home/tv/secrets/${name}"; tv = "/home/tv/secrets/${name}";
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
} }
(mkIf (builder == "tv") { (mkIf (builder == "tv") {
secrets-common.file = "/home/tv/secrets/common"; secrets-common.file = "/home/tv/secrets/common";