Merge branch 'staging/jeschli' of prism.r:stockholm into staging/jeschli

This commit is contained in:
jeschli 2018-03-20 15:37:44 +01:00
commit 01358d3947
96 changed files with 1482 additions and 763 deletions

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
/.graveyard
/TODO
result

View File

@ -3,12 +3,13 @@
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
# bln config file
{
imports =
[ # Include the results of the hardware scan.
<stockholm/jeschli>
<stockholm/jeschli/2configs/virtualbox.nix>
<stockholm/jeschli/2configs/urxvt.nix>
./hardware-configuration.nix
# ./dcso-vpn.nix
];
@ -16,10 +17,18 @@
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
jeschliFontSize = 20;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
environment.shellAliases = {
n = "nix-shell";
gd = "cd /home/jeschli/go/src/gitlab.dcso.lolcat";
gh = "cd /home/jeschli/go/src/github.com";
gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
gh = "cd /home/markus/go/src/github.com";
stocki = pkgs.writeDash "deploy" ''
cd ~/stockholm
LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"'
@ -33,6 +42,7 @@
nixpkgs.config.allowUnfree = true;
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
environment.systemPackages = with pkgs; [
termite
# system helper
ag
copyq
@ -57,6 +67,7 @@
chromium
google-chrome
# programming languages
elmPackages.elm
go
gcc
ghc

View File

@ -79,6 +79,8 @@
jetbrains.goland
# document viewer
zathura
# xorg
xorg.xbacklight
];
# Some programs need SUID wrappers, can be configured further or are

View File

@ -40,6 +40,16 @@
};
};
}
{
services.taskserver = {
enable = true;
fqdn = "enklave.r";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "jeschli" ];
};
networking.firewall.allowedTCPPorts = [ 53589 ];
}
];
krebs.build.host = config.krebs.hosts.enklave;

View File

@ -0,0 +1,10 @@
{
services.taskserver = {
enable = true;
fqdn = "enklave.r";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "jeschli" ];
};
networking.firewall.allowedTCPPorts = [ 53589 ];
}

View File

@ -4,6 +4,7 @@ with import <stockholm/lib>;
imports = [
./vim.nix
./retiolum.nix
./zsh.nix
<stockholm/lass/2configs/security-workarounds.nix>
{
environment.variables = {

View File

@ -1,19 +1,23 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
options.jeschliFontSize = mkOption {
type = types.int;
default = 12;
};
config = {
services.urxvtd.enable = true;
krebs.xresources.enable = true;
krebs.xresources.resources.urxvt = ''
*foreground: rgb:a8/a8/a8
*background: rgb:00/00/00
*faceName: DejaVu Sans Mono
*faceSize: 12
*faceSize: ${toString config.jeschliFontSize}
*color0: rgb:00/00/00
*color1: rgb:a8/00/00
*color2: rgb:00/a8/00
*color3: rgb:a8/54/00
*color4: rgb:00/00/a8
*color4: rgb:26/8b/d2
*color5: rgb:a8/00/a8
*color6: rgb:00/a8/a8
*color7: rgb:a8/a8/a8
@ -28,7 +32,8 @@ with import <stockholm/lib>;
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*font: xft:DejaVu Sans Mono:pixelsize=12
URXvt*faceSize: 12
URxvt*font: xft:DejaVu Sans Mono:pixelsize=${toString config.jeschliFontSize}
URXvt*faceSize: ${toString config.jeschliFontSize}
'';
};
}

View File

@ -27,6 +27,9 @@ in {
name = "vim";
vimrcConfig.customRC = let
colorscheme = ''colorscheme molokai'';
highlightTrailingWhiteSpaces = ''
au Syntax * syn match Garbage containedin=ALL /\s\+$/
'';
setStatements = ''
set autowrite
set clipboard=unnamedplus
@ -42,6 +45,7 @@ in {
remapStatements = ''
imap jk <Esc>
map gr :GoRun<Enter> " Map gr to execute go run
map tt :GoTest<Enter> " Map tt to execute go test
map nf :NERDTreeToggle<CR>
nnoremap <C-TAB> <c-w><c-w>
nnoremap <S-TAB> :bnext<CR>
@ -74,11 +78,12 @@ in {
'';
in ''
${colorscheme}
${highlightTrailingWhiteSpaces}
${remapStatements}
${setStatements}
${settingsForElm}
${settingsForGo}
" I dont know what this line is about
" dont expand tabs in go files and show it with four whitespaces.
autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;

138
jeschli/2configs/zsh.nix Normal file
View File

@ -0,0 +1,138 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [ pkgs.fzf ];
programs.zsh = {
enable = true;
shellInit = ''
#disable config wizard
zsh-newuser-install() { :; }
'';
interactiveShellInit = ''
setopt autocd extendedglob
bindkey -e
#history magic
bindkey "" up-line-or-local-history
bindkey "" down-line-or-local-history
up-line-or-local-history() {
zle set-local-history 1
zle up-line-or-history
zle set-local-history 0
}
zle -N up-line-or-local-history
down-line-or-local-history() {
zle set-local-history 1
zle down-line-or-history
zle set-local-history 0
}
zle -N down-line-or-local-history
setopt share_history
setopt hist_ignore_dups
# setopt inc_append_history
bindkey '^R' history-incremental-search-backward
#C-x C-e open line in editor
autoload -z edit-command-line
zle -N edit-command-line
bindkey "^X^E" edit-command-line
#fzf inclusion
source ${pkgs.fzf}/share/fzf/completion.zsh
source ${pkgs.fzf}/share/fzf/key-bindings.zsh
#completion magic
autoload -Uz compinit
compinit
zstyle ':completion:*' menu select
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
rev = "master";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
}}/LS_COLORS)
#beautiful colors
alias ls='ls --color'
# zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
bindkey "[7~" beginning-of-line
bindkey "[8~" end-of-line
bindkey "Oc" emacs-forward-word
bindkey "Od" emacs-backward-word
#aliases
alias ll='ls -l'
alias la='ls -la'
#fancy window title magic
'';
promptInit = ''
# TODO: figure out why we need to set this here
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
SAVEHIST=$HISTSIZE
autoload -U promptinit
promptinit
p_error='%(?..%F{red}%?%f )'
t_error='%(?..%? )'
case $UID in
0)
p_username='%F{red}root%f'
t_username='root'
;;
1337)
p_username=""
t_username=""
;;
*)
p_username='%F{blue}%n%f'
t_username='%n'
;;
esac
if test -n "$SSH_CLIENT"; then
p_hostname='@%F{magenta}%M%f '
t_hostname='@%M '
else
p_hostname=""
t_hostname=""
fi
#check if in nix shell
if test -n "$buildInputs"; then
p_nixshell='%F{green}[s]%f '
t_nixshell='[s] '
else
p_nixshell=""
t_nixshell=""
fi
PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ "
TITLE="$t_error$t_username$t_hostname$t_nixshell%~"
case $TERM in
(*xterm* | *rxvt*)
function precmd {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED\007"
}
# This is seen while the shell waits for a command to complete.
function preexec {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
}
;;
esac
'';
};
users.defaultUserShell = "/run/current-system/sw/bin/zsh";
}

View File

@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot"
else "jeschli";
_file = <stockholm> + "/jeschli/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in
evalSource (toString _file) [
{
@ -17,6 +22,7 @@ in
jeschli = "${getEnv "HOME"}/secrets/${name}";
};
stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
override
]

View File

@ -8,6 +8,7 @@ with import <stockholm/lib>;
krebs.go = {
enable = true;
};
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts.go = {

View File

@ -14,7 +14,6 @@ with import <stockholm/lib>;
boot = {
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
kernelParams = [ "acpi_backlight=none" ];
};

View File

@ -233,6 +233,7 @@ let
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
"192.30.252.*"
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
@ -240,9 +241,12 @@ let
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
"18.195.85.27"
"13.229.188.59"
"13.250.177.223"
"18.194.104.89"
"18.195.85.27"
"35.159.8.160"
"52.74.223.119"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};

View File

@ -551,6 +551,32 @@ with import <stockholm/lib>;
};
};
};
dpdkm = {
ci = false;
external = true;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
ip6.addr = "42:4992:6a6d:900::1";
aliases = [ "dpdkm.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
xerxes = {
cores = 2;
nets = rec {
@ -624,6 +650,10 @@ with import <stockholm/lib>;
mail = "lass@xerxes.r";
pubkey = builtins.readFile ./ssh/xerxes.rsa;
};
lass-daedalus = {
mail = "lass@daedalus.r";
pubkey = builtins.readFile ./ssh/daedalus.rsa;
};
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};

View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgF3311cZ/JV7lOzo/Crmy6pi0oBYu5klbTb8lU/Yic55XVRyYFtm+KGrNvqkcFgOx803aS7jogJ1N6HCdUAaEl5MzlkOX++h97ihZ/NeQZKDjYEEQYl4ElmIbCRiddpDm0HVX1OGSCtUzhlyDHJ8ieMCb+QVNrpwovlQnp53c/+Z6rGSZWgBMrzP7stlw+XjC1Alhi1M5L+bJfroa7cEcF+J5ZN+J2mWSmkPiQ6+iuk9zRkc5ELO1Vz4MsLoeKwbJrz+uuNVsY7u070pHtsLwbAsYU5vOWJeN/vtEwy51SY/so30FowvivTD9jIJ0xcmAdC56XjWaxttKuqUVBjJqhwqsUI6+AxLESekFXzkfghmG+AJPPkb2pvpVF3k0Ivn14bFBuFv0T2qPHq68Fs19WLTZn+dK3V+RfVkI6bEZaMOUezyBv59yFEY42wMISPw53jkaWqKIxyGCBECi3XlbeQ61FkwE9TElSY+NmoeMu6jPWw7XGDY4Jt6mtKiYu3hVqI5pg4hq3bxB8r2W7LnkDiYfArbzwmrc2zAmgJtY60/Pcwq7hP3LSDEuDDc4gYgpkLNwHjs+CLWqpbQffCFv+oOZj8G92if+dMBOUSBCr6FDqH6wLxZp2cfhud0p/0kLz09nv/PcRohOHdaQSEW7OAhJ5kgg3DuxhwUwOf/3UX5iLvm4WwE/mb7Iki4U3AENKHUWQ7TOrXcQq9AJX57e9CTI+N4phtzp9qur8vjVl2OpYl2Qb/0yQSGM+4wQ/nM4acePMk80oXLb3OJBlPp0CswzoI7kFBD0TUOnFTCkrJWPaZhgjQXyvCzgFKAvXgqWy4riczqLhdBAhc1vT3a18HsqKXE3mhJa6Kjl6r/ZQaDl2zw7uLmWTHhGuUI9w487L36extGuC3Tv8zEvu2UHqhdEcaSDzRQYcv1kRobfhTWjzFHzdA97Kkc+HuFfJk3MzchsjCxqIuDP4r5YauMBMHAIsUlP7Ar/t29WreAGJbCCd2oulkFL+P+8Sp6SksMMhKQvuRcj74n6BETfailv64z2FjT+qzkCsr/gzvWD08EJRZUCpidX2WfMoL396nBf+EgwhFykqoFg2jlJJ7Vggod8CSHUSeBkslhNk/tkv4y+NnsAIgNluVZlxIeKj1UgazohSNQVRHozs2lkuK0Ytl4TsFrE0X3ar7LpwEVvCLj3eh2kg4kNKNN/vOwWxvMlF9uCBq5FUHaBCst/OXeigjfGZ0ZK5iHsZN+R/iIlG+3V3VN1Rm29aPJPSuAgwl/lfPUfUP5c8QiwnDgdHqMi7VcuCpEtcTLjqDHBssqosRTLodcIZY6qLepm5kQgJ2FfcTPi+ZwT3Z/IFH6p/H7NeVbb8rVYeF/zqDJiWbI+gDy0xFnGgOLpFSBdHq679FjtjZk7Exgz3rVD+QsoSB8VYVOSqpHB1LQyQ2qBry+33CNpxlX5GaaLx5sbEKEguaJ+9R7Mbf8zQMa8EAXhqoT96kIj66IEk= lass@daedalus

View File

@ -1 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgEuFS5MwYQRF+0MKAQvyv6O+0ky0QnOKGMVZgFXE4g2JrByTCXQAeQmyJquM1wl9IRD63res8ZguMoAz2PkHfNbRSSsR7pH/G3DaJRl0VGf14zO3bjBbogQ45j1Bwxi78h44SDmuBAkp0t76ca16kWGhwEVt03+8sqmbLV90RjHZlrFw2sDgTu35SDz1q/ZzkdyFP3xSIBUnsQD64qRLMx64yLcBp0uu2h7gBBCVyA1T+VR3Nc1yIOyv0nUaqEHz+CDATtFlgGTgT6cCXoIPN0QAuIa3pDxt7htD/POsWuFbpbqrBQVcgun5s3J5X0OmNyoqGqqubcycvuYipZUjBCxyTb7RxCqj2oR8alSaeGZm64I0VSGX/iSCtXKaEJqBbxwNUgDH6B2oUeZbRwgPl/SG8vBku1oKzt/36IBoY8HttcosqLkfTquyyO7KVtOBu04geCmmiqJpSV4j5iYMxvrD0AQ3JJmrcbzUYoCGxlYO19TPsa+Ybhn/E8suach75+DIPj5LacYAh9Wjirw67Kg5QyYEt8XGTR2xxF78CFi0JGBRcyorPfFPLznmVntqJLe6dGNL3njgdD0Ocz8V5ktk1pjY5D2nG8GXfd45NQl2QjTLYnYX4dGuudBXth0nEJMv/MRHZrXVViIqwazdq4mA5z1Yu4Tb3l17d2cAZobzdut6JuZbd7itXAPIiY0vEWXr8lpEuE8Uz9mz8aPxZlhmHSXvNcwhq+i2+cFO8OPwUGbnE2cAHpymlQ3aDRgpptAIMU2LjIAblqsvA72asJpuRqu7ZOoy0vVRCOhktIzZXWR9hF5/CM/7NZ5skvHzYlmgkvnuu4jDDGusF32Zyiip0WJg+Iijqe8VpOqCup5UEF5QG32yQwaZDrKd71hq7Z1xNe0vEPN8yCxpes8hWafYY9m8YRrUduDVlOon7SzmdU76RPn2oF6udCGP7A/hEeRiwrDaRuIwchh99Xw3LioxXNzLYB1aXd+yKuZyhW+witC20ISdyZz7JPIrb49JCGH8FtbcDzD1B8Xd1By34POfhxriSr9UG5Hj9LGbA3/aKMOajZdcbrKXorUrKdhAuZv1z4rjW5iwYgXF2G/nseeCOw+DPEcB3GexsyCTUzSjJ6fy3Aqlzppwttx5MfkbNhPZWRCfDX3i0g8e0aFlgvlj99aGgUQeEpYg8peZhe1lxl25Ftc0R7pYmXPDeCY1yWxZiXZ3YtVVr43c/FEaQHXfkZ2I+t5lG6CmgJhhYjUry5Sx4/NgfBvpmU22cIBWNmyTn9q3gDFmeoIiTwlF654K7NnsWrdKr2L2fGI10Xe/J/GYkkzX39e5bToQPXh23gUfIr7faYEPBsVU/SaEkWNHojzf/NKjPT0utvlFr0HqnFYSdk4wpWzcrhii7E/UhgKvpA/k2Vlj4ZhkejfZXQWxRbJzejkVSJcUGim+Dt1WUZJXVOgEkJ3WA6z+ha2FN2sBDdvRKlad55aelvRrbu3/vPzEuE= lass@icarus

View File

@ -503,6 +503,7 @@ with import <stockholm/lib>;
# ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [
"wbob.r"
"hydra.wbob.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -1038,6 +1039,10 @@ with import <stockholm/lib>;
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
};
makefu-remote-builder = {
inherit (makefu) mail pgp;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild";
};
makefu-bob = {
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";

View File

@ -5,7 +5,11 @@ let
nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})";
nixos-pretty-name = "NixOS ${nixos-version}";
stockholm-version-id = maybeEnv "STOCKHOLM_VERSION" "unknown";
stockholm-version-id = let
eval = tryEval (removeSuffix "\n" (readFile <stockholm-version>));
in
if eval.success then eval.value else "unknown";
stockholm-version = "${stockholm-version-id}";
stockholm-pretty-name = "stockholm ${stockholm-version}";

View File

@ -18,10 +18,10 @@ let
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
origin = mkOption {
type = types.git-source;
type = types.source-types.git;
};
mirror = mkOption {
type = types.git-source;
type = types.source-types.git;
};
};
config = {
@ -31,7 +31,7 @@ let
}));
};
latest = mkOption {
type = types.nullOr types.git-source;
type = types.nullOr types.source-types.git;
default = null;
};
timerConfig = mkOption {

View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, makeDesktopItem
{ stdenv, fetchurl
, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm
, openjdk
, mesa, openal
@ -7,23 +7,12 @@ with stdenv.lib;
assert useAlsa -> alsaOss != null;
let
desktopItem = makeDesktopItem {
name = "minecraft";
exec = "minecraft";
icon = "minecraft";
comment = "A sandbox-building game";
desktopName = "Minecraft";
genericName = "minecraft";
categories = "Game;";
};
in stdenv.mkDerivation {
stdenv.mkDerivation {
name = "ftb";
src = fetchurl {
url = "http://ftb.cursecdn.com/FTB2/launcher/FTB_Launcher.jar";
sha256 = "10ga4jgyfsj5dy4rj2rla0fpnfpnxv8r3bmxpqpwn7fsry4il79v";
sha256 = "0pyh83hhni97ryvz6yy8lyiagjrlx67cwr780s2bja92rxc1sqpj";
};
phases = "installPhase";
@ -36,6 +25,7 @@ in stdenv.mkDerivation {
cat > $out/bin/ftb << EOF
#!${stdenv.shell}
export _JAVA_AWT_WM_NONREPARENTING=1
export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]}
${if useAlsa then "${alsaOss}/bin/aoss" else "" } \
${jre}/bin/java -jar $out/ftb.jar
@ -43,9 +33,6 @@ in stdenv.mkDerivation {
chmod +x $out/bin/ftb
mkdir -p $out/share/applications
ln -s ${desktopItem}/share/applications/* $out/share/applications/
${openjdk}/bin/jar xf $out/ftb.jar favicon.png
'';
}

View File

@ -16,12 +16,12 @@ in
stdenv.mkDerivation rec {
name = "populate";
version = "2.1.0";
version = "2.3.0";
src = fetchgit {
url = http://cgit.ni.krebsco.de/populate;
rev = "refs/tags/v${version}";
sha256 = "0cr50y6h6nps0qgpmi01h0z9wzpv2704y5zgx2salk1grkmvcfmh";
sha256 = "05zr132k1s3a1cc879lvhb83hax7dbfmsbrnxmh7dxjcdg3yhxd7";
};
phases = [

View File

@ -216,7 +216,6 @@
init.env = pkgs.writeText "init.env" /* sh */ ''
export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${cmds.get-version})}"
export quiet
export system
@ -251,7 +250,6 @@
"$target_user@$target_host" -p "$target_port" \
cd "$target_path/stockholm" \; \
NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \
STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \
nix-shell --run "$(${pkgs.quote}/bin/quote "
${lib.concatStringsSep " " (lib.mapAttrsToList
(name: opt: /* sh */

View File

@ -2,13 +2,13 @@
python3Packages.buildPythonApplication rec {
name = "urlwatch-${version}";
version = "2.7";
version = "2.8";
src = fetchFromGitHub {
owner = "thp";
repo = "urlwatch";
rev = version;
sha256 = "0fx964z73yv08b1lpymmjsigf6929zx9ax5bp34rcf2c5gk11l5m";
sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4";
};
propagatedBuildInputs = with python3Packages; [

View File

@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot"
else "krebs";
_file = <stockholm> + "/krebs/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in
evalSource (toString _file) [
{
@ -16,9 +21,10 @@ in
};
};
stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "b222a0713f4a689519686421b3fbf5ca0c9bd3da"; # nixos-17.09 @ 2018-01-23
ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27
};
}
override

View File

@ -16,6 +16,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
@ -144,16 +145,39 @@ with import <stockholm/lib>;
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
(pkgs.writeText "minio.cert" ''
-----BEGIN CERTIFICATE-----
MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
-----END CERTIFICATE-----
'')
];
lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ];
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
services.printing.drivers = [ pkgs.postscript-lexmark ];
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
virtualisation.docker.enable = true;
}

View File

@ -31,6 +31,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/c-base.nix>
<stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/ableton.nix>
<stockholm/lass/2configs/dunst.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@ -89,6 +91,10 @@ with import <stockholm/lib>;
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home/virtual" = {
device = "/dev/mapper/pool-virtual";
fsType = "ext4";
};
};
services.udev.extraRules = ''
@ -176,7 +182,7 @@ with import <stockholm/lib>;
echo 'secrets are crypted' >&2
exit 23
else
exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"'
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
fi
'';
predeploy = pkgs.writeDash "predeploy" ''
@ -194,5 +200,6 @@ with import <stockholm/lib>;
nix.package = pkgs.nixUnstable;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ];
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
}

View File

@ -292,11 +292,22 @@ in {
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix>
{
users.users.jeschli = {
uid = genid "jeschli";
isNormalUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey
jeschli-bln.pubkey
jeschli-bolide.pubkey
jeschli-brauerei.pubkey
];
};
krebs.git.rules = [
{
user = with config.krebs.users; [
jeschli
jeschli-bln
jeschli-bolide
jeschli-brauerei
];
repo = [ config.krebs.git.repos.stockholm ];
@ -313,6 +324,18 @@ in {
}
<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
{
services.taskserver = {
enable = true;
fqdn = "lassul.us";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "lass" "android" ];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
];
}
];
krebs.build.host = config.krebs.hosts.prism;

View File

@ -61,4 +61,8 @@ with import <stockholm/lib>;
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
'';
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
}

View File

@ -41,6 +41,7 @@ in {
lass-shodan.pubkey
lass-icarus.pubkey
lass-android.pubkey
lass-helios.pubkey
];
};

View File

@ -2,6 +2,7 @@
with import <stockholm/lib>;
let
user = config.krebs.build.user;
xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; };
in {
imports = [
./mpv.nix
@ -10,6 +11,7 @@ in {
./livestream.nix
./dns-stuff.nix
./urxvt.nix
./network-manager.nix
{
hardware.pulseaudio = {
enable = true;
@ -83,7 +85,6 @@ in {
powertop
push
rxvt_unicode_with-plugins
screengrab
slock
sxiv
timewarrior
@ -98,6 +99,7 @@ in {
zathura
cabal2nix
xephyrify
];
fonts.fonts = with pkgs; [
@ -121,13 +123,13 @@ in {
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
${pkgs.coreutils}/bin/sleep infinity
${pkgs.systemd}/bin/systemctl --user start xmonad
exec ${pkgs.coreutils}/bin/sleep infinity
'';
}];
};
systemd.user.services.xmonad = {
wantedBy = [ "graphical-session.target" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
RXVT_SOCKET = "%t/urxvtd-socket";
@ -135,8 +137,8 @@ in {
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
ExecStart = "${xmonad-lass}/bin/xmonad";
ExecStop = "${xmonad-lass}/bin/xmonad --shutdown";
};
restartIfChanged = false;
};

View File

@ -17,6 +17,7 @@ in {
config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey
config.krebs.users.jeschli-bln.pubkey
config.krebs.users.jeschli-brauerei.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB"
];
@ -44,6 +45,11 @@ in {
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT";}
{ predicate = "-p tcp --dport 9000"; target = "ACCEPT";}
];
krebs.per-user.dev.packages = [
pkgs.go
];
@ -51,4 +57,6 @@ in {
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';
services.minio.enable = true;
}

View File

@ -16,6 +16,8 @@ with import <stockholm/lib>;
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
lass-daedalus.pubkey
lass-helios.pubkey
makefu.pubkey
wine-mors.pubkey
];

277
lass/2configs/dunst.nix Normal file
View File

@ -0,0 +1,277 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
dunstConfig = pkgs.writeText "dunst-config" ''
[global]
font = Iosevka Term 11
# Allow a small subset of html markup:
# <b>bold</b>
# <i>italic</i>
# <s>strikethrough</s>
# <u>underline</u>
#
# For a complete reference see
# <http://developer.gnome.org/pango/stable/PangoMarkupFormat.html>.
# If markup is not allowed, those tags will be stripped out of the
# message.
markup = yes
plain_text = no
# The format of the message. Possible variables are:
# %a appname
# %s summary
# %b body
# %i iconname (including its path)
# %I iconname (without its path)
# %p progress value if set ([ 0%] to [100%]) or nothing
# Markup is allowed
format = "%a\n<b>%s</b>\n%b"
# Sort messages by urgency.
sort = yes
# Show how many messages are currently hidden (because of geometry).
indicate_hidden = yes
# Alignment of message text.
# Possible values are "left", "center" and "right".
alignment = center
# The frequency with wich text that is longer than the notification
# window allows bounces back and forth.
# This option conflicts with "word_wrap".
# Set to 0 to disable.
bounce_freq = 0
# Show age of message if message is older than show_age_threshold
# seconds.
# Set to -1 to disable.
show_age_threshold = 1
# Split notifications into multiple lines if they don't fit into
# geometry.
word_wrap = yes
# Ignore newlines '\n' in notifications.
ignore_newline = no
# Hide duplicate's count and stack them
stack_duplicates = yes
hide_duplicates_count = no
# The geometry of the window:
# [{width}]x{height}[+/-{x}+/-{y}]
# The geometry of the message window.
# The height is measured in number of notifications everything else
# in pixels. If the width is omitted but the height is given
# ("-geometry x2"), the message window expands over the whole screen
# (dmenu-like). If width is 0, the window expands to the longest
# message displayed. A positive x is measured from the left, a
# negative from the right side of the screen. Y is measured from
# the top and down respectevly.
# The width can be negative. In this case the actual width is the
# screen width minus the width defined in within the geometry option.
geometry = "500x10-0+0"
# Shrink window if it's smaller than the width. Will be ignored if
# width is 0.
shrink = no
# The transparency of the window. Range: [0; 100].
# This option will only work if a compositing windowmanager is
# present (e.g. xcompmgr, compiz, etc.).
# transparency = 5
# Don't remove messages, if the user is idle (no mouse or keyboard input)
# for longer than idle_threshold seconds.
# Set to 0 to disable.
idle_threshold = 0
# Which monitor should the notifications be displayed on.
monitor = keyboard
# Display notification on focused monitor. Possible modes are:
# mouse: follow mouse pointer
# keyboard: follow window with keyboard focus
# none: don't follow anything
#
# "keyboard" needs a windowmanager that exports the
# _NET_ACTIVE_WINDOW property.
# This should be the case for almost all modern windowmanagers.
#
# If this option is set to mouse or keyboard, the monitor option
# will be ignored.
follow = none
# Should a notification popped up from history be sticky or timeout
# as if it would normally do.
sticky_history = yes
# Maximum amount of notifications kept in history
history_length = 15
# Display indicators for URLs (U) and actions (A).
show_indicators = no
# The height of a single line. If the height is smaller than the
# font height, it will get raised to the font height.
# This adds empty space above and under the text.
line_height = 3
# Draw a line of "separatpr_height" pixel height between two
# notifications.
# Set to 0 to disable.
separator_height = 1
# Padding between text and separator.
padding = 1
# Horizontal padding.
horizontal_padding = 1
# Define a color for the separator.
# possible values are:
# * auto: dunst tries to find a color fitting to the background;
# * foreground: use the same color as the foreground;
# * frame: use the same color as the frame;
# * anything else will be interpreted as a X color.
separator_color = frame
# Print a notification on startup.
# This is mainly for error detection, since dbus (re-)starts dunst
# automatically after a crash.
startup_notification = true
# dmenu path.
dmenu = ${pkgs.dmenu}/bin/dmenu -p dunst:
# Browser for opening urls in context menu.
browser = /usr/bin/firefox -new-tab
# Align icons left/right/off
icon_position = off
max_icon_size = 80
# Paths to default icons.
icon_folders = /usr/share/icons/Paper/16x16/mimetypes/:/usr/share/icons/Paper/48x48/status/:/usr/share/icons/Paper/16x16/devices/:/usr/share/icons/Paper/48x48/notifications/:/usr/share/icons/Paper/48x48/emblems/
frame_width = 2
frame_color = "#8EC07C"
[shortcuts]
# Shortcuts are specified as [modifier+][modifier+]...key
# Available modifiers are "ctrl", "mod1" (the alt-key), "mod2",
# "mod3" and "mod4" (windows-key).
# Xev might be helpful to find names for keys.
# Close notification.
close = ctrl+space
# Close all notifications.
close_all = ctrl+shift+space
# Redisplay last message(s).
# On the US keyboard layout "grave" is normally above TAB and left
# of "1".
history = ctrl+grave
# Context menu.
context = mod4+u
[urgency_low]
# IMPORTANT: colors have to be defined in quotation marks.
# Otherwise the "#" and following would be interpreted as a comment.
frame_color = "#3B7C87"
foreground = "#3B7C87"
background = "#191311"
#background = "#2B313C"
timeout = 0
[urgency_normal]
frame_color = "#5B8234"
foreground = "#5B8234"
background = "#191311"
#background = "#2B313C"
timeout = 0
[urgency_critical]
frame_color = "#B7472A"
foreground = "#B7472A"
background = "#191311"
#background = "#2B313C"
timeout = 0
# Every section that isn't one of the above is interpreted as a rules to
# override settings for certain messages.
# Messages can be matched by "appname", "summary", "body", "icon", "category",
# "msg_urgency" and you can override the "timeout", "urgency", "foreground",
# "background", "new_icon" and "format".
# Shell-like globbing will get expanded.
#
# SCRIPTING
# You can specify a script that gets run when the rule matches by
# setting the "script" option.
# The script will be called as follows:
# script appname summary body icon urgency
# where urgency can be "LOW", "NORMAL" or "CRITICAL".
#
# NOTE: if you don't want a notification to be displayed, set the format
# to "".
# NOTE: It might be helpful to run dunst -print in a terminal in order
# to find fitting options for rules.
#[espeak]
# summary = "*"
# script = dunst_espeak.sh
#[script-test]
# summary = "*script*"
# script = dunst_test.sh
#[ignore]
# # This notification will not be displayed
# summary = "foobar"
# format = ""
#[signed_on]
# appname = Pidgin
# summary = "*signed on*"
# urgency = low
#
#[signed_off]
# appname = Pidgin
# summary = *signed off*
# urgency = low
#
#[says]
# appname = Pidgin
# summary = *says*
# urgency = critical
#
#[twitter]
# appname = Pidgin
# summary = *twitter.com*
# urgency = normal
#
# vim: ft=cfg
'';
in {
systemd.user.services.dunst = {
wantedBy = [ "graphical-session.target" ];
requires = [ "xmonad.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
serviceConfig = {
SyslogIdentifier = "dunst";
ExecStart = "${pkgs.dunst}/bin/dunst -conf ${dunstConfig}";
Restart = "always";
RestartSec = "15s";
StartLimitBurst = 0;
};
};
}

View File

@ -11,7 +11,6 @@ with import <stockholm/lib>;
primary_hostname = "lassul.us";
sender_domains = [
"lassul.us"
"aidsballs.de"
];
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
@ -59,6 +58,26 @@ with import <stockholm/lib>;
{ from = "coinexchange@lassul.us"; to = lass.mail; }
{ from = "verwaltung@lassul.us"; to = lass.mail; }
{ from = "gearbest@lassul.us"; to = lass.mail; }
{ from = "binance@lassul.us"; to = lass.mail; }
{ from = "bitfinex@lassul.us"; to = lass.mail; }
{ from = "alternate@lassul.us"; to = lass.mail; }
{ from = "redacted@lassul.us"; to = lass.mail; }
{ from = "mytaxi@lassul.us"; to = lass.mail; }
{ from = "pizza@lassul.us"; to = lass.mail; }
{ from = "robinhood@lassul.us"; to = lass.mail; }
{ from = "drivenow@lassul.us"; to = lass.mail; }
{ from = "aws@lassul.us"; to = lass.mail; }
{ from = "reddit@lassul.us"; to = lass.mail; }
{ from = "banggood@lassul.us"; to = lass.mail; }
{ from = "immoscout@lassul.us"; to = lass.mail; }
{ from = "gmail@lassul.us"; to = lass.mail; }
{ from = "amazon@lassul.us"; to = lass.mail; }
{ from = "humblebundle@lassul.us"; to = lass.mail; }
{ from = "meetup@lassul.us"; to = lass.mail; }
{ from = "gebfrei@lassul.us"; to = lass.mail; }
{ from = "github@lassul.us"; to = lass.mail; }
{ from = "ovh@lassul.us"; to = lass.mail; }
{ from = "hetzner@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

View File

@ -10,9 +10,13 @@ let
echelon = "197";
cloudkrebs = "119";
};
urgent = [
"\\blass@mors\\b"
];
in {
environment.systemPackages = [
(pkgs.writeDashBin "logf" ''
export LOGF_URGENT=${pkgs.writeJSON "urgent" urgent}
export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors}
${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)}
'')

View File

@ -21,13 +21,46 @@ let
'';
mailboxes = {
wireguard = [ "wireguard@lists.zx2c4" ];
c-base = [ "c-base.org" ];
security = [ "seclists.org" "security" "bugtraq" ];
nix-devel = [ "nix-devel@googlegroups.com" ];
shack = [ "shackspace.de" ];
c-base = [ "to:c-base.org" ];
coins = [
"to:btce@lassul.us"
"to:coinbase@lassul.us"
"to:polo@lassul.us"
"to:bitwala@lassul.us"
"to:payeer@lassul.us"
"to:gatehub@lassul.us"
"to:bitfinex@lassul.us"
"to:binance@lassul.us"
"to:bitcoin.de@lassul.us"
"to:robinhood@lassul.us"
];
dezentrale = [ "to:dezentrale.space" ];
dhl = [ "to:dhl@lassul.us" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
nix-devel = [ "to:nix-devel@googlegroups.com" ];
patreon = [ "to:patreon@lassul.us" ];
paypal = [ "to:paypal@lassul.us" ];
ptl = [ "to:ptl@posttenebraslab.ch" ];
retiolum = [ "to:lass@mors.r" ];
security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ];
shack = [ "to:shackspace.de" ];
steam = [ "to:steam@lassul.us" ];
tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ];
wireguard = [ "to:wireguard@lists.zx2c4" ];
zzz = [ "to:pizza@lassul.us" "to:spam@krebsco.de" ];
};
tag-new-mails = pkgs.writeDashBin "nm-tag-init" ''
${pkgs.notmuch}/bin/notmuch new
${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
'';
tag-old-mails = pkgs.writeDashBin "nm-tag-old" ''
${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
'';
muttrc = pkgs.writeText "muttrc" ''
# gpg
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
@ -80,16 +113,15 @@ let
# V
''} %r |"
virtual-mailboxes \
"Unread" "notmuch://?query=tag:unread"\
"INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\
${concatMapStringsSep "\n" (i: ''${" "}"${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)}
"BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\
"TODO" "notmuch://?query=tag:TODO"\
"Starred" "notmuch://?query=tag:*"\
"Archive" "notmuch://?query=tag:archive"\
"Sent" "notmuch://?query=tag:sent"\
"Junk" "notmuch://?query=tag:junk"
virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)}
virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
virtual-mailboxes "Starred" "notmuch://?query=tag:*"
virtual-mailboxes "Archive" "notmuch://?query=tag:archive"
virtual-mailboxes "Sent" "notmuch://?query=tag:sent"
virtual-mailboxes "Junk" "notmuch://?query=tag:junk"
virtual-mailboxes "All" "notmuch://?query=*"
tag-transforms "junk" "k" \
"unread" "u" \
@ -163,5 +195,7 @@ in {
mutt
pkgs.much
pkgs.notmuch
tag-new-mails
tag-old-mails
];
}

View File

@ -17,5 +17,6 @@
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
];
}

View File

@ -0,0 +1,24 @@
{ pkgs, lib, ... }:
{
networking.wireless.enable = lib.mkForce false;
systemd.services.modemmanager = {
description = "ModemManager";
after = [ "network-manager.service" ];
bindsTo = [ "network-manager.service" ];
wantedBy = [ "network-manager.service" ];
serviceConfig = {
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
PrivateTmp = true;
Restart = "always";
RestartSec = "5";
};
};
networking.networkmanager.enable = true;
users.users.mainUser = {
extraGroups = [ "networkmanager" ];
packages = with pkgs; [
gnome3.gnome_keyring gnome3.dconf
];
};
}

View File

@ -0,0 +1,6 @@
{
boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ];
services.udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="adm", MODE="0666", SYMLINK+="rtl_sdr"
'';
}

View File

@ -6,6 +6,9 @@ let
environment.systemPackages = [
(hiPrio vim)
pkgs.python35Packages.flake8
(pkgs.writeDashBin "govet" ''
go vet "$@"
'')
];
environment.etc.vimrc.source = vimrc;
@ -68,6 +71,9 @@ let
let g:syntastic_python_checkers=['flake8']
let g:syntastic_python_flake8_post_args='--ignore=E501'
let g:go_metalinter_autosave = 1
let g:go_metalinter_deadline = "10s"
nmap <esc>q :buffer
nmap <M-q> :buffer

View File

@ -32,7 +32,6 @@ rec {
let
domain = head domains;
in {
services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
enableSSL = true;

View File

@ -19,23 +19,8 @@ in {
pkgs.wine
];
};
wine64 = {
name = "wine64";
description = "user for running wine in 64bit";
home = "/home/wine64";
useDefaultShell = true;
extraGroups = [
"audio"
"video"
];
createHome = true;
packages = [
(pkgs.wine.override { wineBuild = "wineWow"; })
];
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(wine) NOPASSWD: ALL
${mainUser.name} ALL=(wine64) NOPASSWD: ALL
'';
}

View File

@ -50,16 +50,15 @@
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
#beautiful colors
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
rev = "master";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
}}/LS_COLORS)
#beautiful colors
alias ls='ls --color'
# zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
bindkey "[7~" beginning-of-line
@ -109,7 +108,7 @@
fi
#check if in nix shell
if test -n "$buildInputs"; then
if test -n "$IN_NIX_SHELL"; then
p_nixshell='%F{green}[s]%f '
t_nixshell='[s] '
else

View File

@ -33,6 +33,11 @@ let
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${xcfg.displayManager.sessionCommands}
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
fi
export DBUS_SESSION_BUS_ADDRESS
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
wait
'';
@ -74,6 +79,7 @@ let
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
];
User = user.name;
};
};
krebs.xresources.resources.dpi = ''

View File

@ -23,6 +23,7 @@ import XMonad
import qualified XMonad.StackSet as W
import Control.Monad.Extra (whenJustM)
import Data.List (isInfixOf)
import Data.Monoid (Endo)
import System.Environment (getArgs, lookupEnv)
import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1)
@ -36,7 +37,7 @@ import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
import XMonad.Layout.NoBorders (smartBorders)
@ -44,9 +45,20 @@ import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Util.NamedWindows (getName)
import XMonad.Util.Run (safeSpawn)
import XMonad.Stockholm.Shutdown
data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
instance UrgencyHook LibNotifyUrgencyHook where
urgencyHook LibNotifyUrgencyHook w = do
name <- getName w
Just idx <- fmap (W.findTag w) $ gets windowset
safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx]
myTerm :: FilePath
myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc"
@ -61,7 +73,7 @@ main = getArgs >>= \case
main' :: IO ()
main' = do
xmonad $ ewmh
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ withUrgencyHook LibNotifyUrgencyHook
$ def
{ terminal = myTerm
, modMask = mod4Mask
@ -80,11 +92,12 @@ myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeAll . concat $
[ [ title =? t --> doFloat | t <- myTitleFloats]
, [ className =? c --> doFloat | c <- myClassFloats ] ]
where
myTitleFloats = [] -- for the KDE "open link" popup from konsole
myTitleFloats = []
myClassFloats = ["Pinentry"] -- for gpg passphrase entry
@ -130,12 +143,21 @@ myKeyMap =
, ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
, ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" ''
export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
''}")
, ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1")
, ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
--, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
--, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
--, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView))
]
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()

View File

@ -1,40 +1,39 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
self: super: let
{
nixpkgs.config.packageOverrides = rec {
acronym = pkgs.callPackage ./acronym/default.nix {};
dpass = pkgs.callPackage ./dpass {};
firefoxPlugins = {
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
};
init = pkgs.callPackage ./init/default.nix args;
logify = pkgs.callPackage ./logify/default.nix {};
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
pop = pkgs.callPackage ./pop/default.nix {};
q = pkgs.callPackage ./q {};
rs = pkgs.callPackage ./rs/default.nix {};
urban = pkgs.callPackage ./urban/default.nix {};
xml2json = pkgs.callPackage ./xml2json/default.nix {};
xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; };
yt-next = pkgs.callPackage ./yt-next/default.nix {};
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
override = super.callPackage path args;
upstream = optionalAttrs (override ? "name")
(super.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
override ? "name" &&
compareVersions upstream.name override.name != -1
then
trace
"Upstream `${upstream.name}' gets overridden by `${override.name}'."
override
else override;
bank = pkgs.writeDashBin "bank" ''
subdirsOf = path:
mapAttrs (name: _: path + "/${name}")
(filterAttrs (_: eq "directory") (readDir path));
in {
bank = self.writeDashBin "bank" ''
tmp=$(mktemp)
${pkgs.pass}/bin/pass show hledger > $tmp
${pkgs.hledger}/bin/hledger --file=$tmp "$@"
${pkgs.pass}/bin/pass show hledger | if ${pkgs.diffutils}/bin/diff $tmp -; then
${self.pass}/bin/pass show hledger > $tmp
${self.hledger}/bin/hledger --file=$tmp "$@"
${self.pass}/bin/pass show hledger | if ${self.diffutils}/bin/diff $tmp -; then
exit 0
else
${pkgs.coreutils}/bin/cat $tmp | ${pkgs.pass}/bin/pass insert -m hledger
${self.coreutils}/bin/cat $tmp | ${self.pass}/bin/pass insert -m hledger
fi
${pkgs.coreutils}/bin/rm $tmp
${self.coreutils}/bin/rm $tmp
'';
screengrab = pkgs.writeDashBin "screengrab" ''
resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')"
${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1
'';
};
rtl8814au = callPackage ./custom/rtl8814au { kernel = self.linux; };
}
// mapAttrs (_: flip callPackage {})
(filterAttrs (_: dir: pathExists (dir + "/default.nix"))
(subdirsOf ./.))

View File

@ -0,0 +1,42 @@
{ writeDashBin, writeHaskell, coreutils, xorg, virtualgl, ... }:
let
minimalXmonad = writeHaskell "minimalXmonad" {
executables.xmonad = {
extra-depends = [
"containers"
"xmonad"
];
text = /* haskell */ ''
module Main where
import XMonad
import qualified Data.Map as Map
main :: IO ()
main = do
xmonad def
{ workspaces = [ "1" ]
, layoutHook = myLayoutHook
, keys = myKeys
, normalBorderColor = "#000000"
, focusedBorderColor = "#000000"
}
myLayoutHook = Full
myKeys _ = Map.fromList []
'';
};
};
in writeDashBin "xephyrify" ''
NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1)
echo "using DISPLAY $NDISPLAY"
${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY &
XEPHYR_PID=$!
DISPLAY=$NDISPLAY ${minimalXmonad}/bin/xmonad &
XMONAD_PID=$!
DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@"
kill $XMONAD_PID
kill $XEPHYR_PID
''

View File

@ -1,9 +1,9 @@
_:
{ pkgs, ... }:
{
imports = [
../krebs
./2configs
./3modules
./5pkgs
];
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
}

View File

@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot"
else "lass";
_file = <stockholm> + "/lass/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in
evalSource (toString _file) [
{
@ -17,6 +22,7 @@ in
};
};
stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
override
]

View File

@ -2,7 +2,7 @@
let
inherit (lib)
all any concatMapStringsSep concatStringsSep const filter flip
all any attrNames concatMapStringsSep concatStringsSep const filter flip
genid hasSuffix head isInt isString length mergeOneOption mkOption
mkOptionType optional optionalAttrs optionals range splitString
stringLength substring test testString typeOf;
@ -231,61 +231,58 @@ rec {
source = submodule ({ config, ... }: {
options = {
type = let
types = [
"file"
"git"
"pass"
"symlink"
];
known-types = attrNames source-types;
type-candidates = filter (k: config.${k} != null) known-types;
in mkOption {
type = enum types;
default = let
cands = filter (k: config.${k} != null) types;
in
if length cands == 1
then head cands
default = if length type-candidates == 1
then head type-candidates
else throw "cannot determine type";
type = enum known-types;
};
file = let
file-path = (file-source.getSubOptions "FIXME").path.type;
in mkOption {
type = nullOr (either file-source file-path);
default = null;
file = mkOption {
apply = x:
if file-path.check x
if absolute-pathname.check x
then { path = x; }
else x;
default = null;
type = nullOr (either absolute-pathname source-types.file);
};
git = mkOption {
type = nullOr git-source;
default = null;
type = nullOr source-types.git;
};
pass = mkOption {
type = nullOr pass-source;
default = null;
type = nullOr source-types.pass;
};
symlink = let
symlink-target = (symlink-source.getSubOptions "FIXME").target.type;
in mkOption {
type = nullOr (either symlink-source symlink-target);
pipe = mkOption {
apply = x:
if absolute-pathname.check x
then { command = x; }
else x;
default = null;
type = nullOr (either absolute-pathname source-types.pipe);
};
symlink = mkOption {
type = nullOr (either pathname source-types.symlink);
default = null;
apply = x:
if symlink-target.check x
if pathname.check x
then { target = x; }
else x;
};
};
});
file-source = submodule {
source-types = {
file = submodule {
options = {
path = mkOption {
type = absolute-pathname;
};
};
};
git-source = submodule {
git = submodule {
options = {
ref = mkOption {
type = str; # TODO types.git.ref
@ -295,8 +292,7 @@ rec {
};
};
};
pass-source = submodule {
pass = submodule {
options = {
dir = mkOption {
type = absolute-pathname;
@ -306,8 +302,14 @@ rec {
};
};
};
symlink-source = submodule {
pipe = submodule {
options = {
command = mkOption {
type = absolute-pathname;
};
};
};
symlink = submodule {
options = {
target = mkOption {
type = pathname; # TODO relative-pathname
@ -315,6 +317,7 @@ rec {
};
};
};
suffixed-str = suffs:
mkOptionType {

View File

@ -148,6 +148,11 @@ in {
allowedIPs = [ "10.244.0.5/32" ];
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
}
{
# workr
allowedIPs = [ "10.244.0.6/32" ];
publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
}
];
};
}

View File

@ -19,22 +19,24 @@ let
# __FRONT_
# |* d0 |
# | |
# |* d3 |
# |* d1 |
# | |
# |* d3 |
# | |
# |* |
# |* d2 |
# | * r0 |
# | * |
# | * |
# |_______|
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
# all physical disks
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ];
dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
allDisks = [ rootDisk ] ++ dataDisks;
in {
imports =
@ -68,6 +70,8 @@ in {
<stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
# security
@ -116,7 +120,6 @@ in {
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
virtualisation.docker.enable = true;
makefu.ps3netsrv = {
enable = true;
servedir = "/media/cryptX/emu/ps3";
@ -126,6 +129,7 @@ in {
makefu.snapraid = {
enable = true;
# TODO: 3 is not protected
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
@ -150,6 +154,7 @@ in {
in cryptMount "crypt0"
// cryptMount "crypt1"
// cryptMount "crypt2"
// cryptMount "crypt3"
// { "/media/cryptX" = {
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]);
fsType = "mergerfs";
@ -178,6 +183,7 @@ in {
(usbkey "crypt0" cryptDisk0)
(usbkey "crypt1" cryptDisk1)
(usbkey "crypt2" cryptDisk2)
(usbkey "crypt3" cryptDisk3)
];
};
loader.grub.device = lib.mkForce rootDisk;

View File

@ -5,32 +5,35 @@
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
# <stockholm/makefu/2configs/hw/vbox-guest.nix>
{ # until virtualbox-image is fixed
imports = [
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
];
boot.loader.grub.device = "/dev/sda";
}
<stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix>
# environment
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
];
# workaround for https://github.com/NixOS/nixpkgs/issues/16641
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
nixpkgs.config.allowUnfree = true;
# allow sdev to deploy self
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
# corefonts
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[
ppp xclip
get
passwdqc-utils
docker
gnupg
populate
(pkgs.writeScriptBin "tor-browser" ''
@ -39,18 +42,11 @@
'')
];
virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [
25
80
8010
];
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = [ "rw" "uid=9001" "gid=9001" ];
};
}

View File

@ -8,30 +8,9 @@
{
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
boot.loader.grub.device = "/dev/sda";
virtualisation.virtualbox.guest.enable = true;
}
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
# ];
# virtualbox.baseImageSize = 35 * 1024;
# fileSystems."/media/share" = {
# fsType = "vboxsf";
# device = "share";
# options = [ "rw" "uid=9001" "gid=9001" ];
# };
# }
# {
# imports = [
# <stockholm/makefu/2configs/hw/vbox-guest.nix>
# <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
# ];
# fileSystems."/nix" = {
# device ="/dev/disk/by-label/nixstore";
# fsType = "ext4";
# };
# }
# base gui
# <stockholm/makefu/2configs/main-laptop.nix>
@ -75,14 +54,8 @@
];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
nixpkgs.config.allowUnfree = true;
# allow vbob to deploy self
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
environment.shellAliases = {
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
@ -94,16 +67,18 @@
ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
'';
# for forticlient
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[
fortclientsslvpn ppp xclip
get
logstash
# docker
#devpi-web
#devpi-client
ansible
];
# virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [
@ -111,6 +86,6 @@
80
8010
];
# required for qemu
systemd.services."serial-getty@ttyS0".enable = true;
}

View File

@ -18,7 +18,7 @@ in {
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
# <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/stats/client.nix>
@ -29,8 +29,69 @@ in {
# <stockholm/makefu/2configs/vncserver.nix>
# Services
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/hydra/stockholm.nix>
<stockholm/makefu/2configs/share/wbob.nix>
(let
musicDirectory = "/data/music";
in {
services.mpd = {
enable = true;
inherit musicDirectory;
# dataDir = "/home/anders/.mpd";
network.listenAddress = "any";
extraConfig = ''
audio_output {
type "pulse"
name "Local MPD"
server "127.0.0.1"
}
'';
};
# open because of truestedInterfaces
# networking.firewall.allowedTCPPorts = [ 6600 4713 ];
services.samba.shares.music = {
path = musicDirectory;
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
sound.enable = true;
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
tcp = {
enable = true;
anonymousClients.allowAll = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ];
};
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
load-module module-intended-roles
load-module module-position-event-sounds
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
load-module module-switch-on-connect
# may be required for "system-wide" pulse to connect to bluetooth
#module-bluez5-device
#module-bluez5-discover
'';
};
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
})
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
@ -147,7 +208,10 @@ in {
boot.loader.grub.device = rootdisk;
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.kernelModules = [ "kvm-intel"
"snd-seq" "snd-rawmidi"
];
fileSystems = {
"/" = {
device = rootdisk + "-part1";
@ -174,66 +238,4 @@ in {
serverAddress = "x.r";
};
};
security.wrappers.fping = {
source = "${pkgs.fping}/bin/fping";
setuid = true;
};
services.smokeping = {
enable = true;
targetConfig = ''
probe = FPing
menu = Top
title = Network Latency Grapher
remark = Welcome to this SmokePing website.
+ network
menu = Net latency
title = Network latency (ICMP pings)
++ google
probe = FPing
host = google.de
++ webde
probe = FPing
host = web.de
+ services
menu = Service latency
title = Service latency (DNS, HTTP)
++ HTTP
menu = HTTP latency
title = Service latency (HTTP)
+++ webdeping
probe = EchoPingHttp
host = web.de
+++ googwebping
probe = EchoPingHttp
host = google.de
#+++ webwww
#probe = Curl
#host = web.de
#+++ googwebwww
#probe = Curl
#host = google.de
'';
probeConfig = ''
+ FPing
binary = /run/wrappers/bin/fping
+ EchoPingHttp
pings = 5
url = /
#+ Curl
## probe-specific variables
#binary = ${pkgs.curl}/bin/curl
#step = 60
## a default for this target-specific variable
#urlformat = http://%host%/
'';
};
}

View File

@ -40,7 +40,7 @@ with import <stockholm/lib>;
# Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
# <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
{
networking.firewall.allowedTCPPorts = [ 8080 ];
networking.nat = {
@ -59,8 +59,9 @@ with import <stockholm/lib>;
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/wwan.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix>
@ -77,18 +78,82 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/lanparty/samba.nix>
# <stockholm/makefu/2configs/lanparty/mumble-server.nix>
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
{
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.0.2/24" ];
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
peers = [
{
# gum
endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820";
allowedIPs = [ "10.244.0.0/24" ];
publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
}
#{
# # vbob
# allowedIPs = [ "10.244.0.3/32" ];
# publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
#}
];
};
}
{ # bluetooth+pulse config
# for blueman-applet
users.users.makefu.packages = [
pkgs.blueman
];
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
support32Bit = true;
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
load-module module-intended-roles
load-module module-position-event-sounds
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-switch-on-connect
'';
};
# presumably a2dp Sink
# Enable profile:
## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
hardware.bluetooth.extraConfig = '';
[general]
Enable=Source,Sink,Media,Socket
'';
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
}
{ # auto-mounting
services.udisks2.enable = true;
services.devmon.enable = true;
# services.gnome3.gvfs.enable = true;
users.users.makefu.packages = with pkgs;[
gvfs pcmanfm lxmenu-data
];
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
}
];
makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
makefu.umts.apn = "web.vodafone.de";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ pkgs.passwdqc-utils ];
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
@ -104,4 +169,11 @@ with import <stockholm/lib>;
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
nix.package = pkgs.nixUnstable;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
nixpkgs.overlays = [ (import <python/overlay.nix>) ];
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
}

View File

@ -0,0 +1,34 @@
{ config, lib, pkgs, buildPythonPackage, ... }:
with import <stockholm/lib>;
let
pkg = pkgs.ampel;
home = "/var/lib/ampel";
sec = "${toString <secrets>}/google-muell.json";
ampelsec = "${home}/google-muell.json";
esp = "192.168.1.23";
sleepval = "1800";
in {
users.users.ampel = {
uid = genid "ampel";
createHome = true;
isSystemUser = true;
inherit home;
};
systemd.services.google-muell-ampel = {
description = "Send led change to rgb cubes";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "ampel";
ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
cp ${sec} ${ampelsec}
chown ampel ${ampelsec}
'';
ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
PermissionsStartOnly = true;
Restart = "always";
RestartSec = 10;
PrivateTmp = true;
};
};
}

View File

@ -2,25 +2,7 @@
let
mq = "192.168.8.11";
pkg = pkgs.python3Packages.buildPythonPackage {
name = "ampel-master";
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "531741b";
sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
};
propagatedBuildInputs = with pkgs.python3Packages; [
docopt
paho-mqtt
requests
pytz
influxdb
httplib2
google_api_python_client
];
};
pkg = pkgs.ampel;
in {
systemd.services.led-fader = {
description = "Send led change to message queue";

View File

@ -1,6 +1,18 @@
{ lib, pkgs, config, ... }:
with lib;
# imperative in config.php:
# #local memcache:
# 'memcache.local' => '\\OC\\Memcache\\APCu',
# #local locking:
# 'memcache.locking' => '\\OC\\Memcache\\Redis',
# 'redis' =>
# array (
# 'host' => 'localhost',
# 'port' => 6379,
# ),
let
# TODO: copy-paste from lass/2/websites/util.nix
serveCloud = domains:
@ -124,20 +136,48 @@ let
env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
catch_workers_output = yes
'';
services.phpfpm.phpOptions = ''
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
display_errors = on
display_startup_errors = on
always_populate_raw_post_data = -1
error_reporting = E_ALL | E_STRICT
html_errors = On
date.timezone = "Europe/Berlin"
# extension=${pkgs.phpPackages.memcached}/lib/php/extensions/memcached.so
extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
'';
};
in {
imports = [
( serveCloud [ "o.euer.krebsco.de" ] )
];
services.mysql = { # TODO: currently nextcloud uses sqlite
services.redis.enable = true;
services.mysql = {
enable = false;
package = pkgs.mariadb;
rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
};
services.mysqlBackup = {
enable = false;
databases = [ "nextcloud" ];
initialDatabases = [
# Or use writeText instead of literalExample?
#{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
{
name = "nextcloud";
schema = pkgs.writeText "nextcloud.sql"
''
create user if not exists 'nextcloud'@'localhost' identified by 'password';
grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
'';
}
];
};
# dataDir is only defined after mysql is enabled
# krebs.secret.files.mysql_rootPassword = {

View File

@ -28,6 +28,7 @@ let
init-stockholm = {
cgit.desc = "Init stuff for stockholm";
};
hydra-stockholm = { };
};
priv-repos = mapAttrs make-priv-repo {

View File

@ -48,13 +48,14 @@ in
fonts = [ pkgs.terminus_font ];
};
environment.systemPackages = with pkgs;[
users.users.${mainUser} = {
extraGroups = [ "audio" ];
packages = with pkgs;[
pavucontrol
xlockmore
rxvt_unicode-with-plugins
firefox
];
users.extraUsers.${mainUser}.extraGroups = [ "audio" ];
};
hardware.pulseaudio = {
enable = true;

View File

@ -1,11 +1,13 @@
{ lib, ... }:
{ pkgs, lib, ... }:
{
imports = [
./base.nix
];
users.users.makefu.packages = [ pkgs.chromium ];
services.xserver = {
layout = lib.mkForce "de";
xkbVariant = lib.mkForce "";
windowManager = lib.mkForce {
awesome.enable = false;
@ -16,7 +18,7 @@
# xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms
displayManager.sessionCommands = ''
xset s off -dpms
xset -display :0 s off -dpms
xrandr --output HDMI2 --right-of HDMI1
'';
};

View File

@ -0,0 +1,37 @@
{ pkgs, lib, ... }:
{
users.users.makefu = {
extraGroups = [ "networkmanager" ];
packages = with pkgs;[
networkmanagerapplet
gnome3.gnome_keyring gnome3.dconf
];
};
networking.wireless.enable = lib.mkForce false;
systemd.services.modemmanager = {
description = "ModemManager";
after = [ "network-manager.service" ];
bindsTo = [ "network-manager.service" ];
wantedBy = [ "network-manager.service" ];
serviceConfig = {
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
PrivateTmp = true;
Restart = "always";
RestartSec = "5";
};
};
networking.networkmanager.enable = true;
# TODO: put somewhere else
services.xserver.displayManager.sessionCommands = ''
${pkgs.clipit}/bin/clipit &
${pkgs.networkmanagerapplet}/bin/nm-applet &
'';
# nixOSUnstable
# networking.networkmanager.wifi = {
# powersave = true;
# scanRandMacAddress = true;
# };
}

View File

@ -0,0 +1,16 @@
{ lib, ...}:
{
## Guest Extensions are currently broken
imports = [
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
];
virtualisation.virtualbox.guest.enable = true;
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
};
# virtualbox.baseImageSize = 35 * 1024;
}

View File

@ -1,8 +0,0 @@
_:
{
makefu.umts = {
enable = true;
modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
};
}

View File

@ -0,0 +1,34 @@
# iterative:
# $ hydra-create-user krebs --password derp --role admin
# curl 'http://hydra.wbob.r/project/.new' -X PUT -H 'Host: hydra.wbob.r' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: redirect_to=%252F; hydra_session=abcdefghijklmnopqrstuvwxyz' -H 'Connection: keep-alive' --data 'enabled=on&visible=on&name=stockholm&displayname=Stockholm&description=make+all+systems+into+1systems&homepage=https%3A%2F%2Fkrebsco.de&owner=krebs&declfile=spec.json&decltype=git&declvalue=http%3A%2F%2Fcgit.euer.krebsco.de%2Fhydra-stockholm'
{
# TODO postgres backup
services.postgresql.enable = true;
services.hydra = {
enable = true;
hydraURL = "http://hydra.wbob.r"; # externally visible URL
notificationSender = "hydra@wbob.r";
# you will probably also want, otherwise *everything* will be built from scratch
useSubstitutes = true;
port = 3030;
buildMachinesFiles = [];
};
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts."hydra.wbob.r" = {
locations."/" = {
proxyPass = "http://localhost:3030/";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
}

View File

@ -5,5 +5,5 @@
mosh
];
# boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}

View File

@ -9,8 +9,8 @@
# owncloudclient
(pkgs.writeScriptBin "prepare-pulseaudio" ''
pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming"
pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1
pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1
pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream
pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream
darkice -c ~/lol.conf
'')
];

View File

@ -34,7 +34,7 @@ in {
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack
http://www.iozone.org/src/current/
{
@ -51,6 +51,8 @@ in {
"embray/d2to1"
"dorimanx/exfat-nofuse"
"rapid7/metasploit-framework"
"GothenburgBitFactory/taskserver"
"GothenburgBitFactory/taskwarrior"
];
};
}

View File

@ -29,15 +29,7 @@ let
nixpkgs.config.packageOverrides = pkgs: rec {
awesome = pkgs.stdenv.lib.overrideDerivation pkgs.awesome (oldAttrs : {
postFixup = let
rclua = pkgs.substituteAll {
src = cfg.baseConfig;
modkey = cfg.modkey;
# inherit (cfg) modkey;
amixer = "${pkgs.alsaUtils}/bin/amixer";
xlock = "${pkgs.xlockmore}/bin/xlock";
xbacklight = "${pkgs.xorg.xbacklight}/bin/xbacklight";
};
rclua = cfg.baseConfig.override { inherit (cfg) modkey; };
in "cp ${rclua} $out/etc/xdg/awesome/rc.lua";
});
};

View File

@ -14,8 +14,6 @@ _:
./snapraid.nix
./torrent.nix
./udpt.nix
./umts.nix
./wvdial.nix
];
}

View File

@ -1,84 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs-channels";
rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
}) {};
wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
# TODO: currently it is only netzclub
umts-bin = pkgs.writeScriptBin "umts" ''
#!/bin/sh
set -euf
systemctl start umts
trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
journalctl -xfu umts
'';
wvdial-defaults = ''
Phone = *99***1#
Dial Command = ATDT
Modem = ${cfg.modem-device}
Baud = 460800
Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
Modem Type = Analog Modem
Username = netzclub
Password = netzclub
Stupid Mode = 1
Idle Seconds = 0'';
cfg = config.makefu.umts;
out = {
options.makefu.umts = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "umts";
modem-device = mkOption {
default = "/dev/ttyUSB0";
type = types.str;
description = ''
path to modem device, use <filename>/dev/serial/by-id/...</filename>
to avoid race conditions.
'';
};
apn = mkOption {
default = "pinternet.interkom.de";
type = types.str;
description = ''
apn to use for dailing
'';
};
};
imp = {
environment.shellAliases = {
umts = "sudo ${umts-bin}/bin/umts";
};
environment.systemPackages = [ ];
environment.wvdial.dialerDefaults = wvdial-defaults;
systemd.services.umts = {
description = "UMTS wvdial Service";
serviceConfig = {
Type = "simple";
Restart = "always";
RestartSec = "10s";
ExecStart = "${wvdial}/bin/wvdial -n";
};
};
};
in out

View File

@ -1,71 +0,0 @@
# Global configuration for wvdial.
{ config, lib, pkgs, ... }:
with lib;
let
configFile = ''
[Dialer Defaults]
PPPD PATH = ${pkgs.ppp}/sbin/pppd
${config.environment.wvdial.dialerDefaults}
'';
cfg = config.environment.wvdial;
in
{
###### interface
options = {
environment.wvdial = {
dialerDefaults = mkOption {
default = "";
type = types.str;
example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
description = ''
Contents of the "Dialer Defaults" section of
<filename>/etc/wvdial.conf</filename>.
'';
};
pppDefaults = mkOption {
default = ''
noipdefault
usepeerdns
defaultroute
persist
noauth
'';
type = types.str;
description = "Default ppp settings for wvdial.";
};
};
};
###### implementation
config = mkIf (cfg.dialerDefaults != "") {
environment = {
etc =
[
{ source = pkgs.writeText "wvdial.conf" configFile;
target = "wvdial.conf";
}
{ source = pkgs.writeText "wvdial" cfg.pppDefaults;
target = "ppp/peers/wvdial";
}
];
};
};
}

View File

@ -0,0 +1,27 @@
{ lib, pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;buildPythonPackage rec {
name = "ampel-${version}";
version = "0.2";
propagatedBuildInputs = [
docopt
paho-mqtt
requests
pytz
influxdb
httplib2
google_api_python_client
];
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "d8a0250";
sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f";
};
meta = {
homepage = http://cgit.euer.krebsco.de/ampel;
description = "change colors of rgb cubes";
license = lib.licenses.asl20;
};
}

View File

@ -1,7 +1,24 @@
_:
{ pkgs
, lib
, alsaUtils
, xlockmore
, xbacklight
, modkey?"Mod4"
, ... }:
{
# replace: @amixer@ @xlock@ @xbacklight@
full = ./full.cfg;
kiosk = ./kiosk.lua;
# replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@
full = lib.makeOverridable pkgs.substituteAll {
name = "awesome_full_config";
inherit alsaUtils xlockmore xbacklight modkey;
isExecutable = false;
src = ./full.cfg;
};
kiosk = lib.makeOverridable pkgs.substituteAll {
name = "awesome_kiosk_config";
inherit alsaUtils xlockmore xbacklight modkey;
isExecutable = false;
src = ./kiosk.lua;
};
}

View File

@ -365,22 +365,22 @@ globalkeys = awful.util.table.join(
{description = "restore minimized", group = "client"}),
awful.key({ }, "XF86MonBrightnessUp", function ()
awful.util.spawn("@xbacklight@ -inc 5", false) end),
awful.util.spawn("@xbacklight@/bin/xbacklight -inc 5", false) end),
awful.key({ }, "XF86MonBrightnessDown", function ()
awful.util.spawn("@xbacklight@ -dec 5", false) end),
awful.util.spawn("@xbacklight@/bin/xbacklight -dec 5", false) end),
awful.key({ }, "XF86AudioRaiseVolume", function ()
awful.util.spawn("@amixer@ set Master 5%+", false) end),
awful.util.spawn("@alsaUtils@/bin/amixer set Master 5%+", false) end),
awful.key({ }, "XF86AudioLowerVolume", function ()
awful.util.spawn("@amixer@ set Master 5%-", false) end),
awful.util.spawn("@alsaUtils@/bin/amixer set Master 5%-", false) end),
awful.key({ }, "XF86AudioMute", function ()
awful.util.spawn("@amixer@ -q -D default sset Master toggle", false) end),
awful.util.spawn("@alsaUtils@/bin/amixer -q -D default sset Master toggle", false) end),
-- Prompt
awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end,
{description = "run prompt", group = "launcher"}),
awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@xlock@ -mode blank") end),
awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@xlock@ -mode blank") end),
awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end),
awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end),
awful.key({ modkey }, "x",
function ()

View File

@ -1,3 +0,0 @@
{}:
{
}

View File

@ -1,6 +1,9 @@
{ lib, stdenv, fetchFromGitHub, fetchgit, libusb, libtool, autoconf, pkgconfig, git,
gettext, automake, libxml2 , qmake,
qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }:
gettext, automake, libxml2
, autoreconfHook
, qmake4Hook
, qmake
, qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }:
let
libvitamtp = stdenv.mkDerivation rec {
name = "libvitamtp-${version}";
@ -13,8 +16,8 @@ let
sha256 = "09c9f7gqpyicfpnhrfb4r67s2hci6hh31bzmqlpds4fywv5mzaf8";
};
buildInputs = [ libusb libxml2 libtool autoconf automake gettext pkgconfig ];
preConfigure = "sh ./autogen.sh";
buildInputs = [ libusb libxml2 libtool autoconf automake gettext pkgconfig
autoreconfHook ];
meta = {
description = "Content Manager Assistant for the PS Vita";
@ -26,40 +29,29 @@ let
};
in stdenv.mkDerivation rec {
name = "qcma-${version}";
version = "0.3.13";
version = "8e6cafedc0f47733f33323f829624e3fc847a176";
src = fetchgit {
url = "git://github.com/codestation/qcma.git";
rev = "refs/tags/v"+version;
leaveDotGit = true;
sha256 = "164abjwlw2nw2i30wlwpsavz1zjkp6a14yprvinma5hflkw4yj6i";
src = fetchFromGitHub {
owner = "codestation";
repo = "qcma";
rev = version;
sha256 = "1l95kx3x4pf5iwmwigbch5c6n2h27lls5qiy4xh15v59p5442yw5";
};
preConfigure = ''
lrelease common/resources/translations/*.ts
'';
# TODO: manually adding qtbase and qtmultimedia to the library path is shit,
# this should be done somewhere before when building the project, idk.
installPhase = ''
make INSTALL_ROOT="$(out)" install
for i in qcma qcma_cli; do
wrapQtProgram $out/bin/$i --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [
qtbase qtmultimedia ]}
done
'';
enableParallelBuilding = true;
buildInputs = [ gdk_pixbuf ffmpeg libnotify libvitamtp git qtmultimedia qtbase ];
nativeBuildInputs = [ qmake qttools pkgconfig ];
nativeBuildInputs = [ qttools pkgconfig qmake ];
meta = {
description = "Content Manager Assistant for the PS Vita";
homepage = https://github.com/codestation/qcma;
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux;
broken = true;
maintainers = with stdenv.lib.maintainers; [ makefu ];
};
}

View File

@ -1,50 +0,0 @@
{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub,
libpcap, libdnet, libevent, readline, autoconf, automake, libtool, zlib, pcre,
libev,
... }:
let
liblcfg = stdenv.mkDerivation rec {
name = "liblcfg-${version}";
version = "750bc90";
src = fetchFromGitHub {
owner = "ThomasAdam";
repo = "liblcfg";
rev = version;
sha256 = "1k3r47p81paw5802jklx9xqbjrxr26pahipxn9nq3177qhxxibkr";
};
buildInputs = with pkgs;[ autoconf automake ];
preConfigure = ''autoreconf -fi'';
sourceRoot = "${name}-src/code";
};
in stdenv.mkDerivation rec {
name = "liblcfg-${version}";
#version = "1.5c"; #original, does not compile due to libc errors
#src = fetchurl {
# url = "http://www.honeyd.org/uploads/honeyd-${version}.tar.gz";
# sha256 = "0vcih16fk5pir5ssfil8x79nvi62faw0xvk8s5klnysv111db1ii";
#};
#version = "64d087c"; # honeyd-1.6.7
# sha256 = "0zhnn13r24y1q494xcfx64vyp84zqk8qmsl41fq2674230bn0p31";
version = "6756787f94c4f1ac53d1e5545d052774a0446c04";
src = fetchFromGitHub {
owner = "rep";
repo = "dionaea";
rev = version;
sha256 = "04zjr9b7x0rqwzgb9gfxq6pclb817gz4qaghdl8xa79bqf9vv2p7";
};
buildInputs = with pkgs;[ libtool automake autoconf ];
configureFlags = [
"--with-liblcfg=${liblcfg}"
"--with-libpcap=${libpcap}"
];
meta = {
homepage = http://www.honeyd.org/;
description = "virtual Honeypots";
license = lib.licenses.gpl2;
};
}

View File

@ -1,63 +0,0 @@
{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub,
libpcap, libdnet, libevent, readline, autoconf, automake, libtool, zlib, pcre,
... }:
stdenv.mkDerivation rec {
name = "farpd-${version}";
version = "0.2";
src = fetchurl {
url = https://launchpad.net/ubuntu/+archive/primary/+files/farpd_0.2.orig.tar.gz ;
sha256 = "1m3pynvynr4vgkwh7z5i0yqlang2y0ph32cys3vbi2hx2apk9abd";
};
buildInputs = with pkgs;[
automake
gnugrep
libpcap
libdnet
pcre
libevent.out # requires .so and .h
readline
autoconf
libtool
zlib
coreutils
python
pythonPackages.pysqlite
];
patches = [
( fetchurl {
url = https://launchpad.net/ubuntu/+archive/primary/+files/farpd_0.2-11.diff.gz;
sha256 = "2c246b37de8aab9c73f955fb77101adefd90637d03f582b9f8ffae2903af2f94";
})
];
# removes user install script from Makefile before automake
#patches = [ ./autoconf.patch ];
preConfigure = ''
autoreconf -fi
substituteInPlace configure \
--replace "dumbnet" "dnet" \
--replace "libpcap.a" "libpcap.so" \
--replace "libevent.a" "libevent.so" \
--replace "net/bpf.h" "pcap/bpf.h"
'';
makeFlags = [ "LIBS=-lz" ];
configureFlags = [
"--with-libpcap=${libpcap}"
"--with-libevent=${libevent}"
"--with-libdnet=${libdnet}"
];
postInstall = ''
mv $out/sbin/arpd $out/sbin/farpd
mv $out/share/man/man8/arpd.8 $out/share/man/man8/farpd.8
'';
meta = {
homepage = https://launchpad.net/ubuntu/+source/farpd/ ;
description = "fake arp";
license = lib.licenses.gpl2;
};
}

View File

@ -11,6 +11,10 @@ python2Packages.buildPythonPackage rec {
propagatedBuildInputs = with python2Packages;
[ python2Packages.pygtk gtk3 python2Packages.pillow ];
# for module in sys.modules.itervalues():
# RuntimeError: dictionary changed size during iteration
doCheck = false;
meta = {
homepage = https://github.com/pyload/pyload;
description = "Free and Open Source download manager written in Python";

View File

@ -22,6 +22,7 @@ stdenv.mkDerivation rec {
meta = {
homepage = https://github.com/ifcaro/Open-PS2-Loader;
description = "open-ps2-loader utils (opl2iso,iso2opl,genvmc)";
license = lib.licenses.afl3;
## not yet in stable
# license = lib.licenses.afl3;
};
}

View File

@ -0,0 +1,27 @@
{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }:
stdenv.mkDerivation rec {
pname = "pfsshell";
version = "64f8c2";
name = "${pname}-${version}";
src = fetchFromGitHub {
owner = "makefu";
repo = "pfsshell";
rev = version;
sha256 = "01lbqf8s91p8id58xa16fp555i03vfycqvhv7qzpnrjy6yvp9dm8";
};
buildInputs = [ ];
makeFlags = [ ];
installPhase = ''
mkdir -p $out/bin
cp pfsshell $out/bin
'';
meta = {
homepage = https://github.com/uyjulian/pfsshell ;
description = "browse and transfer files to/from PFS filesystems";
};
}

View File

@ -1,12 +0,0 @@
{ stdenv }:
stdenv.mkDerivation rec {
name = "programs-db";
src = builtins.fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz ;
phases = [ "unpackPhase" "installPhase" ];
installPhase = ''
cp programs.sqlite $out
'';
}

View File

@ -1,33 +0,0 @@
{ pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;
let
asyncio-irc = buildPythonPackage rec {
name = "asyncio-irc-${version}";
version = "2016-09-02";
src = fetchFromGitHub {
owner = "watchtower";
repo = "asyncirc";
rev = "5384d19";
sha256 = "0xgzdvp0ig0im7r3vbqd3a9rzac0lkk2mvf7y4fw56p8k61df8nv";
};
propagatedBuildInputs = [ blinker ];
};
in
buildPythonPackage rec {
name = "shackie-${version}";
version = "2017-04-24";
propagatedBuildInputs = [
asyncio-irc
beautifulsoup4
lxml
pytz
redis
requests
];
src = fetchFromGitHub {
owner = "shackspace";
repo = "shackie";
rev = "e717ec7";
sha256 = "1ffbjm3x2xcyxl42hfsjs5xg1pm0xsprdi5if9zxa5ycqydmiw3l";
};
}

View File

@ -0,0 +1 @@
{}

View File

@ -13,7 +13,13 @@ let
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
ref = "0f19bee"; # nixos-17.09 @ 2018-01-05
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
# TODO: automate updating of this ref + cherry-picks
ref = "51810e0"; # nixos-17.09 @ 2018-02-14
# + do_sqlite3 ruby: 55a952be5b5
# + signal: 0f19beef3
@ -41,6 +47,7 @@ in
};
stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
(mkIf ( musnix ) {
musnix.git = {

View File

@ -4,6 +4,11 @@ host@{ name, override ? {} }: let
then "buildbot"
else "mv";
_file = <stockholm> + "/mv/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in
evalSource (toString _file) [
{
@ -18,6 +23,7 @@ in
mv = "/home/mv/secrets/${name}";
};
stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
override
]

View File

@ -11,6 +11,7 @@ with lib;
<stockholm/nin>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
#../2configs/copyq.nix
<stockholm/nin/2configs/ableton.nix>
<stockholm/nin/2configs/games.nix>
<stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix>
@ -98,6 +99,9 @@ with lib;
enable = true;
};
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xhost}/bin/xhost + local:
'';
services.xserver.desktopManager.xfce = let
xbindConfig = pkgs.writeText "xbindkeysrc" ''

20
nin/2configs/ableton.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, pkgs, ... }: let
mainUser = config.users.extraUsers.nin;
in {
users.users= {
ableton = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
];
packages = [
pkgs.wine
pkgs.winetricks
];
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(ableton) NOPASSWD: ALL
'';
}

View File

@ -36,17 +36,6 @@ let
make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
channel = "#xxx";
server = "irc.r";
verbose = config.krebs.build.host.name == "onondaga";
# TODO define branches in some kind of option per repo
branches = [ "master" ];
};
};
};
make-rules =

19
nin/2configs/im.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
environment.systemPackages = with pkgs; [
(pkgs.writeDashBin "im" ''
export PATH=${makeSearchPath "bin" (with pkgs; [
tmux
gnugrep
weechat
])}
ssh chat@onondaga
if tmux list-sessions -F\#S | grep -q '^im''$'; then
exec tmux attach -t im
else
exec tmux new -s im weechat
fi
'')
];
}

View File

@ -4,6 +4,11 @@ host@{ name, secure ? false }: let
then "buildbot"
else "nin";
_file = <stockholm> + "/nin/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in
evalSource (toString _file) {
nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
@ -12,8 +17,6 @@ in
nin = "/home/nin/secrets/${name}";
};
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "afe9649";
};
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
}

View File

@ -42,6 +42,9 @@ let {
kirk = {
cgit.desc = "IRC tools";
};
kops = {
cgit.desc = "deployment tools";
};
load-env = {};
loldns = {
cgit.desc = "toy DNS server";
@ -128,11 +131,6 @@ let {
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
} ++
optional (repo.collaborators or [] != []) {
user = repo.collaborators;
repo = [ repo ];

View File

@ -6,6 +6,11 @@ with import <stockholm/lib>;
}@host: let
builder = if dummy_secrets then "buildbot" else "tv";
_file = <stockholm> + "/tv/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in
evalSource (toString _file) [
{
@ -20,6 +25,7 @@ in
tv = "/home/tv/secrets/${name}";
};
stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
(mkIf (builder == "tv") {
secrets-common.file = "/home/tv/secrets/common";