From b4580347a657de5be97c59e8f8edc6cebde04c26 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 26 Oct 2017 20:41:16 +0200 Subject: [PATCH 01/63] ma pkgs.internetarchive: init --- makefu/5pkgs/internetarchive/default.nix | 32 ++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 makefu/5pkgs/internetarchive/default.nix diff --git a/makefu/5pkgs/internetarchive/default.nix b/makefu/5pkgs/internetarchive/default.nix new file mode 100644 index 000000000..b661aeeed --- /dev/null +++ b/makefu/5pkgs/internetarchive/default.nix @@ -0,0 +1,32 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python3Packages; +buildPythonPackage rec { + pname = "internetarchive"; + version = "1.7.3"; + name = "${pname}-${version}"; + propagatedBuildInputs = [ + requests + jsonpatch + docopt + clint + six + schema + backports_csv + ]; + + # check only works when cloned from git repo + doCheck = false; + checkInputs = [ + pytest + responses + ]; + + prePatch = '' + sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py + ''; + + src = fetchPypi { + inherit pname version; + sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g"; + }; +} From 346ba71f9c7e170583e8f3aa10575d1b260b2b3d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 27 Oct 2017 10:32:42 +0200 Subject: [PATCH 02/63] ma pkgs.slog: init --- makefu/5pkgs/slog/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 makefu/5pkgs/slog/default.nix diff --git a/makefu/5pkgs/slog/default.nix b/makefu/5pkgs/slog/default.nix new file mode 100644 index 000000000..a4dc33d28 --- /dev/null +++ b/makefu/5pkgs/slog/default.nix @@ -0,0 +1,20 @@ +{ pkgs, stdenv, fetchFromGitHub }: + +## Posix shell logging, use with: +# . $(command -v slog.sh) +stdenv.mkDerivation rec { + name = "slog-${version}"; + version = "2017-10-27"; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "slog"; + rev = "50367c3"; + sha256 = "16wlh8xz430101lrxmgl2wangbbhvyj4pg8k5aibnh76sgj6x77r"; + }; + + installPhase = '' + mkdir -p $out/bin + install -m755 slog.sh $out/bin + ''; +} From 2e39f7b3d1805346e067bdc7236bd7dfe87381a2 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 27 Oct 2017 11:07:19 +0200 Subject: [PATCH 03/63] mv makefu/{slog,internetarchive} krebs/ --- .../5pkgs/simple/internetarchive/default.nix | 38 +++++++++++++++++++ .../5pkgs/simple}/slog/default.nix | 8 +++- makefu/5pkgs/internetarchive/default.nix | 32 ---------------- 3 files changed, 45 insertions(+), 33 deletions(-) create mode 100644 krebs/5pkgs/simple/internetarchive/default.nix rename {makefu/5pkgs => krebs/5pkgs/simple}/slog/default.nix (76%) delete mode 100644 makefu/5pkgs/internetarchive/default.nix diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix new file mode 100644 index 000000000..f5e1bbff3 --- /dev/null +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -0,0 +1,38 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python3Packages; +buildPythonPackage rec { + pname = "internetarchive"; + version = "1.7.3"; + name = "${pname}-${version}"; + propagatedBuildInputs = [ + requests + jsonpatch + docopt + clint + six + schema + backports_csv + ]; + +# check only works when cloned from git repo + doCheck = false; + checkInputs = [ + pytest + responses + ]; + + prePatch = '' + sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py + ''; + + src = fetchPypi { + inherit pname version; + sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g"; + }; + + meta = with stdenv.lib; { + description = "python library and cli for uploading files to internet archive"; + license = licenses.agpl3; + }; + +} diff --git a/makefu/5pkgs/slog/default.nix b/krebs/5pkgs/simple/slog/default.nix similarity index 76% rename from makefu/5pkgs/slog/default.nix rename to krebs/5pkgs/simple/slog/default.nix index a4dc33d28..c74a2ad80 100644 --- a/makefu/5pkgs/slog/default.nix +++ b/krebs/5pkgs/simple/slog/default.nix @@ -1,6 +1,6 @@ { pkgs, stdenv, fetchFromGitHub }: -## Posix shell logging, use with: +## use with: # . $(command -v slog.sh) stdenv.mkDerivation rec { name = "slog-${version}"; @@ -17,4 +17,10 @@ stdenv.mkDerivation rec { mkdir -p $out/bin install -m755 slog.sh $out/bin ''; + + meta = with stdenv.lib; { + description = "POSIX shell logging"; + license = licenses.mit; + }; + } diff --git a/makefu/5pkgs/internetarchive/default.nix b/makefu/5pkgs/internetarchive/default.nix deleted file mode 100644 index b661aeeed..000000000 --- a/makefu/5pkgs/internetarchive/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, fetchFromGitHub, ... }: -with pkgs.python3Packages; -buildPythonPackage rec { - pname = "internetarchive"; - version = "1.7.3"; - name = "${pname}-${version}"; - propagatedBuildInputs = [ - requests - jsonpatch - docopt - clint - six - schema - backports_csv - ]; - - # check only works when cloned from git repo - doCheck = false; - checkInputs = [ - pytest - responses - ]; - - prePatch = '' - sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py - ''; - - src = fetchPypi { - inherit pname version; - sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g"; - }; -} From 0ed8f933f6baf26e43e632ada61ec4367d956033 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 2 Nov 2017 14:26:50 +0100 Subject: [PATCH 04/63] wolf.r: add extra mibs for telegraf --- krebs/1systems/wolf/config.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 21ae20ea0..4d0c0ffa5 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -26,9 +26,13 @@ in { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate - #systemd.services.telegraf.environment = { - # "MIBDIRS" : ""; # extra mibs like ADSL - #}; + systemd.services.telegraf.environment = { + MIBDIRS = pkgs.fetchgit { + url = "http://git.shackspace.de/makefu/modem-mibs.git"; + sha256 = + "a4244aa43ddd6e3ef9e64bb80f4ee952f68232aa008d3da9c78e3b627e5675c8"; + }; # extra mibs like ADSL + }; services.telegraf = { enable = true; extraConfig = { From 0f2fe8b6f5306976da3f230ea350f2f6596fe3f5 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 2 Nov 2017 14:27:23 +0100 Subject: [PATCH 05/63] ma: update gum ip --- krebs/3modules/makefu/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 401cba97a..acd4184c0 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -545,8 +545,8 @@ with import ; }; nets = rec { internet = { - ip4.addr = "188.68.40.19"; - ip6.addr = "2a03:4000:17:2df::1"; + ip4.addr = "185.194.143.140"; + ip6.addr = "2a03:4000:1c:43f::1"; aliases = [ "gum.i" ]; From 7c146a105a81bb543c68445b98d746c628d62eed Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 2 Nov 2017 14:27:55 +0100 Subject: [PATCH 06/63] ma gum.r: update hw specifics --- makefu/1systems/gum/config.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index e769b1e22..667804bf0 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -2,16 +2,22 @@ with import ; let - external-mac = "3a:66:48:8e:82:b2"; + # hw-specific + external-mac = "2a:c5:6e:d2:fc:7f"; + main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + external-gw = "185.194.140.1"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static external-ip = config.krebs.build.host.nets.internet.ip4.addr; external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; - external-gw = "188.68.40.1"; external-gw6 = "fe80::1"; external-netmask = 22; external-netmask6 = 64; - ext-if = "et0"; # gets renamed on the fly internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + ext-if = "et0"; # gets renamed on the fly in { imports = [ @@ -19,6 +25,7 @@ in { # + # From 0c4460731a457c03a1716a74c57cdcf54df5c99b Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 2 Nov 2017 14:29:11 +0100 Subject: [PATCH 07/63] ma pkgs.pwqgen-ger: add archive.org mirror --- makefu/5pkgs/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index e99aa696b..80a453ddc 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -31,7 +31,10 @@ in { }); pwqgen-ger = callPackage { wordset-file = super.pkgs.fetchurl { - url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ; + urls = [ + https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c + https://archive.org/download/nixos-stockholm-tarballs/pviar5j1gxiqcf3l34b4n2pil06xc8zf-wordset_4k.c + ]; sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; }; }; From 4f94853b616dce3410a7b28d37757c659deb50a6 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 2 Nov 2017 14:29:31 +0100 Subject: [PATCH 08/63] ma source: bump to 2017-11-02 --- makefu/source.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 8c880a8e2..0e5bd1a93 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,9 +11,8 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "809cf38"; # unstable @ 2017-10-07 + ref = "e4d07bd"; # unstable @ 2017-11-02 # + ruby stuff (2f0b17e4be9,55a952be5b5) - # + mitmproxy fix (360a5efd,ef52c95b) in evalSource (toString _file) [ From c25ece931d4b9e0f76330563345b9a54965363c7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 2 Nov 2017 16:28:25 +0100 Subject: [PATCH 09/63] rtorrent module: replace legacy commands --- krebs/3modules/rtorrent.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index 472accef9..b7ef824b5 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -38,12 +38,12 @@ let ${optionalString (cfg.enableXMLRPC ) '' # prepare socket and set permissions. rtorrent user is part of group nginx # TODO: configure a shared torrent group - execute_nothrow = rm,${cfg.xmlrpc-socket} + execute.nothrow = rm,${cfg.xmlrpc-socket} scgi_local = ${cfg.xmlrpc-socket} schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"ug+w,o=\",${cfg.xmlrpc-socket}" ''} - system.file_allocate.set = ${if cfg.preAllocate then "yes" else "no"} + system.file.allocate.set = ${if cfg.preAllocate then "yes" else "no"} # Prepare systemd logging log.open_file = "rtorrent-systemd", ${systemd-logfile} From 59753e735d76eeb26d7ba7f5c6584da43d72b6ff Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 2 Nov 2017 23:26:19 +0100 Subject: [PATCH 10/63] l helios.r: add office related stuff --- lass/1systems/helios/config.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 70aa3832d..c64789d8d 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -105,6 +105,8 @@ with import ; { output = "DP-2"; primary = true; } ]; + networking.hostName = lib.mkForce "BLN02NB0162"; + security.pki.certificateFiles = [ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) @@ -117,4 +119,12 @@ with import ; ]; lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; + + programs.adb.enable = true; + users.users.mainUser.extraGroups = [ "adbusers" ]; + + services.printing = { + enable = true; + drivers = [ pkgs.postscript-lexmark ]; + }; } From b5c3361aefe16cdf632c87353927470c982e47e7 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 3 Nov 2017 08:28:53 +0100 Subject: [PATCH 11/63] ma source: add nixpkgs cherry-picked fixes --- makefu/source.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 0e5bd1a93..9efdadf09 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,8 +11,11 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "e4d07bd"; # unstable @ 2017-11-02 - # + ruby stuff (2f0b17e4be9,55a952be5b5) + ref = "a0f7ced"; # unstable @ 2017-11-02 + # + ruby stuff: 2f0b17e4be9 55a952be5b5 + # + jsbeautifier: c60bee3 + # + mitmproxy fix: a0f7cedfae31 + # + synergy fix: 5e6c76bc1 in evalSource (toString _file) [ From 886bd92d8b7620454ab2e701e1c1c1d20cf73b6d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 3 Nov 2017 09:11:36 +0100 Subject: [PATCH 12/63] ma source: add snapraid fix --- makefu/source.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index 9efdadf09..992e4070b 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,11 +11,12 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "a0f7ced"; # unstable @ 2017-11-02 + ref = "e3d14bb"; # unstable @ 2017-11-02 # + ruby stuff: 2f0b17e4be9 55a952be5b5 # + jsbeautifier: c60bee3 # + mitmproxy fix: a0f7cedfae31 # + synergy fix: 5e6c76bc1 + # + snapraid fix: e3d14bb1 in evalSource (toString _file) [ From 6cff70a8a56bba51d0c1ae718107e04c0df36fbc Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 3 Nov 2017 13:26:32 +0100 Subject: [PATCH 13/63] ma pkgs.u3-tool: now in upstream --- makefu/5pkgs/u3_tool/default.nix | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 makefu/5pkgs/u3_tool/default.nix diff --git a/makefu/5pkgs/u3_tool/default.nix b/makefu/5pkgs/u3_tool/default.nix deleted file mode 100644 index e8c5573a8..000000000 --- a/makefu/5pkgs/u3_tool/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - proj = "u3-tool"; - name = "${proj}-${version}"; - version = "0.3"; - - enableParallelBuilding = true; - - src = fetchurl { - url = "mirror://sourceforge/${proj}/${name}.tar.gz"; - sha256 = "1p9c9kibd1pdbdfa0nd0i3n7bvzi3xg0chm38jg3xfl8gsn0390f"; - }; - - meta = { - description = "Tool for controlling the special features of a 'U3 smart drive' USB Flash disk."; - homepage = https://sourceforge.net/projects/u3-tool/ ; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; - }; -} From 8574f0f177c004031a4282d121931caab62158ad Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 3 Nov 2017 13:29:14 +0100 Subject: [PATCH 14/63] ma lancache-dns: add storage server names --- makefu/2configs/lanparty/lancache-dns.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/lanparty/lancache-dns.nix b/makefu/2configs/lanparty/lancache-dns.nix index 4b4ebf0a0..f03fe8773 100644 --- a/makefu/2configs/lanparty/lancache-dns.nix +++ b/makefu/2configs/lanparty/lancache-dns.nix @@ -21,6 +21,13 @@ let stateDir = "/var/lib/unbound"; user = "unbound"; upstream-server = "8.8.8.8"; + local_ip = "192.168.1.10"; + extra-config = pkgs.writeText "local.conf" '' + server: + local-data: "piratebox. A ${local-ip}" + local-data: "store. A ${local-ip}" + local-data: "share. A ${local-ip}" + ''; in { services.unbound = { enable = true; @@ -29,6 +36,7 @@ in { forwardAddresses = [ upstream-server ]; extraConfig = '' include: "${stateDir}/lancache/*.conf" + include: "${extra-config}" ''; }; services.dnscrypt-proxy.enable = lib.mkForce false; @@ -42,7 +50,8 @@ in { path = [ pkgs.gawk pkgs.iproute pkgs.gnused ]; script = '' set -xeu - current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}') + # current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}') + current_ip=${local_ip} old_ip=10.1.1.250 mkdir -p ${stateDir} rm -rvf ${stateDir}/lancache From a98010b11c68863feaa6ff30943ef21d39a59980 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 3 Nov 2017 14:46:31 +0100 Subject: [PATCH 15/63] ma lancache-dns: fix local-ip variable --- makefu/2configs/lanparty/lancache-dns.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/lanparty/lancache-dns.nix b/makefu/2configs/lanparty/lancache-dns.nix index f03fe8773..5d90d1a99 100644 --- a/makefu/2configs/lanparty/lancache-dns.nix +++ b/makefu/2configs/lanparty/lancache-dns.nix @@ -24,9 +24,9 @@ let local_ip = "192.168.1.10"; extra-config = pkgs.writeText "local.conf" '' server: - local-data: "piratebox. A ${local-ip}" - local-data: "store. A ${local-ip}" - local-data: "share. A ${local-ip}" + local-data: "piratebox. A ${local_ip}" + local-data: "store. A ${local_ip}" + local-data: "share. A ${local_ip}" ''; in { services.unbound = { From 328f9ffdac31e164ca34cadb5db3065ba0456686 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 3 Nov 2017 14:46:54 +0100 Subject: [PATCH 16/63] ma lanparty/samba: add new writeable share --- makefu/2configs/lanparty/samba.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index de834ab16..32a656ad7 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -10,9 +10,16 @@ }; services.samba = { enable = true; + enableNmbd = true; shares = { - share-home = { + lanparty = { path = "/data/lanparty/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + share = { + path = "/data/lanparty/share"; "read only" = "no"; browseable = "yes"; "guest ok" = "yes"; From 111c94fe61e5c47f3af04e38b6d804ee43ca8e98 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Nov 2017 11:48:37 +0100 Subject: [PATCH 17/63] l nixpkgs: 6a0a00d -> e53e9a2 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 4849cadcc..738504228 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "6a0a00d"; + ref = "e53e9a2"; }; secrets.file = getAttr builder { buildbot = toString ; From 5a25b91d1d0b2380371ead7fee04e33bfa0814af Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Nov 2017 10:47:36 +0100 Subject: [PATCH 18/63] ma tools: add lsof --- makefu/2configs/tools/core.nix | 37 +++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 8a15ae2e7..eced961be 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -5,38 +5,43 @@ # # essentially `nix-env -q` of the main user { - krebs.per-user.makefu.packages = with pkgs; [ + environment.systemPackages = with pkgs; [ at_spi2_core acpi bc rsync exif file + lsof + which + # fs - ntfs3g + cifs-utils dosfstools + ntfs3g + smartmontools + + # io pv sshpass usbutils p7zip hdparm - inetutils - ncftp - mutt - tcpdump - sysstat - which - weechat - wol - tmux - iftop - mkpasswd - # storage - smartmontools - cifs-utils + # net wget curl + inetutils + ncftp + tcpdump + sysstat + wol + iftop + + mkpasswd + mutt + weechat + tmux # stockholm git From 9f8aa6abaedf8cbf3ce40548b1e52ac45c469c38 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Nov 2017 10:48:14 +0100 Subject: [PATCH 19/63] ma lancache-dns: refactor --- makefu/2configs/lanparty/lancache-dns.nix | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/makefu/2configs/lanparty/lancache-dns.nix b/makefu/2configs/lanparty/lancache-dns.nix index 5d90d1a99..498162d13 100644 --- a/makefu/2configs/lanparty/lancache-dns.nix +++ b/makefu/2configs/lanparty/lancache-dns.nix @@ -1,6 +1,17 @@ { pkgs, lib, config, ... }: with import ; let + upstream-server = "8.8.8.8"; + local_ip = "192.168.10.10"; + + extra-config = pkgs.writeText "local.conf" '' + server: + local-data: "piratebox. A ${local_ip}" + local-data: "store. A ${local_ip}" + local-data: "share. A ${local_ip}" + ''; + + # see https://github.com/zeropingheroes/lancache for full docs lancache-dns = pkgs.stdenv.mkDerivation rec { name = "lancache-dns-2017-06-28"; @@ -11,8 +22,9 @@ let rev = "420aa62"; sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m"; }; + phases = [ "unpackPhase" "installPhase" ]; - # here we can chance to edit `includes/proxy-cache-paths.conf` + # here we have the chance to edit `includes/proxy-cache-paths.conf` installPhase = '' mkdir -p $out cp -r * $out/ @@ -20,14 +32,6 @@ let }; stateDir = "/var/lib/unbound"; user = "unbound"; - upstream-server = "8.8.8.8"; - local_ip = "192.168.1.10"; - extra-config = pkgs.writeText "local.conf" '' - server: - local-data: "piratebox. A ${local_ip}" - local-data: "store. A ${local_ip}" - local-data: "share. A ${local_ip}" - ''; in { services.unbound = { enable = true; From 7184c979931af91187617d5b7d7c513e892b17a4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Nov 2017 10:48:31 +0100 Subject: [PATCH 20/63] ma lancache: make statedir a variable --- makefu/2configs/lanparty/lancache.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/lanparty/lancache.nix b/makefu/2configs/lanparty/lancache.nix index 3df2e3f59..bcacf2e15 100644 --- a/makefu/2configs/lanparty/lancache.nix +++ b/makefu/2configs/lanparty/lancache.nix @@ -17,15 +17,21 @@ let installPhase = '' mkdir -p $out cp -r * $out/ + rm $out/caches-enabled/* sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \ -e '1 idaemon off;' \ + -e 's#/var/lancache#${cfg.statedir}#g' \ $out/nginx.conf + sed -i -e 's#/var/lancache#${cfg.statedir}#g' \ + $out/*/*.conf + ln -s $out/caches-available/* $out/caches-enabled/ ''; }; cfg = { + statedir = "/data/cache"; + group = "nginx-lancache"; user = "nginx-lancache"; - statedir = "/var/lancache"; package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{ configureFlags = old.configureFlags ++ [ "--with-http_slice_module" @@ -43,6 +49,7 @@ in { preStart = '' mkdir -p ${cfg.statedir} && cd ${cfg.statedir} + chmod 700 ${cfg.statedir} PATH_CACHE=$PATH_BASE/cache PATH_LOGS=$PATH_BASE/logs From c8ab30951e9780a2bfd10bcb987c46e95d6b93a0 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Nov 2017 10:49:11 +0100 Subject: [PATCH 21/63] ma lanparty/samba: update path --- makefu/2configs/lanparty/samba.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 32a656ad7..4176d7b35 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -19,7 +19,7 @@ "guest ok" = "yes"; }; share = { - path = "/data/lanparty/share"; + path = "/data/incoming"; "read only" = "no"; browseable = "yes"; "guest ok" = "yes"; From a55be6a344f000aaa86eec32dc84be6c4ab32708 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Nov 2017 10:49:33 +0100 Subject: [PATCH 22/63] ma tools: use upstream u3-tool --- makefu/2configs/tools/sec.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 817cd9ead..3dc02937d 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -13,6 +13,6 @@ thc-hydra borgbackup ledger - u3_tool + u3-tool ]; } From 4fa4ee36ee5b9d3d15aa826007dd648e7cd5860e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Nov 2017 10:49:47 +0100 Subject: [PATCH 23/63] ma lanparty: add mumble-server --- makefu/2configs/lanparty/mumble-server.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 makefu/2configs/lanparty/mumble-server.nix diff --git a/makefu/2configs/lanparty/mumble-server.nix b/makefu/2configs/lanparty/mumble-server.nix new file mode 100644 index 000000000..5b9631cd1 --- /dev/null +++ b/makefu/2configs/lanparty/mumble-server.nix @@ -0,0 +1,12 @@ +{ config, ... }: +{ + networking.firewall.allowedTCPPorts = [ 64738 ]; + networking.firewall.allowedUDPPorts = [ 64738 ]; + services.murmur = { + enable = true; + welcometext = "Welcome to the LANest Party mumble server"; + bonjour = true; + hostName = "0.0.0.0"; + sendVersion = true; + }; +} From 6d2bcf3929e1a01f22f11fbe93dbfb47d68f9311 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Nov 2017 10:50:42 +0100 Subject: [PATCH 24/63] ma darth: use for lan partying --- makefu/1systems/darth/config.nix | 41 +++++++++----------------------- 1 file changed, 11 insertions(+), 30 deletions(-) diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix index 7accb13d3..046c1574c 100644 --- a/makefu/1systems/darth/config.nix +++ b/makefu/1systems/darth/config.nix @@ -2,6 +2,8 @@ with import ; let + # all the good stuff resides in /data + byid = dev: "/dev/disk/by-id/" + dev; rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN"; bootPart = rootDisk + "-part1"; @@ -21,44 +23,23 @@ in { - + # - # SIEM - # - # {services.tinc.networks.siem = { - # name = "sdarth"; - # extraConfig = "ConnectTo = sjump"; - # }; - # } - - # { - # makefu.forward-journal = { - # enable = true; - # src = "10.8.10.2"; - # dst = "10.8.10.6"; - # }; - # } - - ## Sharing - # - #{ - # services.samba.shares = { - # isos = { - # path = "/data/isos/"; - # "read only" = "yes"; - # browseable = "yes"; - # "guest ok" = "yes"; - # }; - # }; - #} + + # lan party + + + + + ]; #networking.firewall.enable = false; makefu.server.primary-itf = "enp0s25"; - krebs.hidden-ssh.enable = true; + # krebs.hidden-ssh.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; From f45a5057aa6584177064622ba13f53e59238dae8 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Nov 2017 10:52:06 +0100 Subject: [PATCH 25/63] ma lanparty/lancache-dns: add documentation --- makefu/2configs/lanparty/lancache-dns.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/2configs/lanparty/lancache-dns.nix b/makefu/2configs/lanparty/lancache-dns.nix index 498162d13..c9da7c4c4 100644 --- a/makefu/2configs/lanparty/lancache-dns.nix +++ b/makefu/2configs/lanparty/lancache-dns.nix @@ -2,6 +2,8 @@ with import ; let upstream-server = "8.8.8.8"; + # make sure the router pins the ip address to the deployed host + # and set it as dns server ( dhcp option 6,192.168.10.10 ) local_ip = "192.168.10.10"; extra-config = pkgs.writeText "local.conf" '' From bf7d2f52fd36b47bad03bd85451eb12c79c3a7ae Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Nov 2017 10:54:44 +0100 Subject: [PATCH 26/63] ma tsp.r: is now acer aspire timeline 1810tz --- makefu/1systems/tsp/config.nix | 42 ++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix index 75a11d3a7..7b751e514 100644 --- a/makefu/1systems/tsp/config.nix +++ b/makefu/1systems/tsp/config.nix @@ -1,20 +1,20 @@ # # # -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { imports = [ # Include the results of the hardware scan. - + + # hardware specifics are in here # imports tp-x2x0.nix - + # - - + # @@ -22,9 +22,41 @@ ]; # not working in vm krebs.build.host = config.krebs.hosts.tsp; + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + boot.loader.grub.copyKernels = true; networking.firewall.allowedTCPPorts = [ 25 ]; + # acer aspire + networking.wireless.enable = lib.mkDefault true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.cpu.intel.updateMicrocode = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + services.tlp.enable = true; + services.tlp.extraConfig = '' + # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery + START_CHARGE_THRESH_BAT0=67 + STOP_CHARGE_THRESH_BAT0=100 + + + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=ondemand + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 + ''; + + powerManagement.resumeCommands = '' + ${pkgs.rfkill}/bin/rfkill unblock all + ''; + } From 36ad27a8ad1032afb57f765f5ef7701e7de7ab6b Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Nov 2017 10:55:09 +0100 Subject: [PATCH 27/63] ma backup: also backup /var/download from gum --- makefu/2configs/backup.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 166365ba0..a4d02af6b 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -31,6 +31,19 @@ in { krebs.backup.plans = { # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; + gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )// + { + dst.path = "/media/cryptX/backup/gum/var-download"; + dst.host = defaultBackupServer; + startAt = "19:00"; + }; + gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )// + { + dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de"; + dst.host = defaultBackupServer; + + startAt = "05:00"; + }; # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/"; }; environment.systemPackages = [ From dd2a4f2094636dd6bb2e6825591d3d8b5f4b3ccf Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 9 Nov 2017 17:08:58 +0100 Subject: [PATCH 28/63] l audit: RIP --- lass/2configs/audit.nix | 9 --------- lass/2configs/default.nix | 1 - 2 files changed, 10 deletions(-) delete mode 100644 lass/2configs/audit.nix diff --git a/lass/2configs/audit.nix b/lass/2configs/audit.nix deleted file mode 100644 index 644741a5b..000000000 --- a/lass/2configs/audit.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - security.audit = { - rules = [ - "-a task,never" - ]; - }; -} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 180647a6d..f8b750093 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,7 +2,6 @@ with import ; { imports = [ - ../2configs/audit.nix ../2configs/binary-cache/client.nix ../2configs/gc.nix ../2configs/mc.nix From 8d54af35d2a55814d8eb1bcc1dccd2405fe207c0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Nov 2017 17:54:14 +0100 Subject: [PATCH 29/63] l nixpkgs: e53e9a2 -> 0c5a587 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 738504228..d0f77573d 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "e53e9a2"; + ref = "0c5a587"; }; secrets.file = getAttr builder { buildbot = toString ; From bc1dbd6d0ab121682c67dae85711ccab027401ae Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Nov 2017 18:28:40 +0100 Subject: [PATCH 30/63] nixpkgs: 07ca7b6 -> 0c5a587 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 09edc817b..39a388e03 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "07ca7b64d2ff2fa7a79e4eab1aba70ff746fed8c"; # nixos-17.09 @ 2017-10-02 + ref = "0c5a587eeba5302ff87e494baefd2f14f4e19bee"; # nixos-17.09 @ 2017-11-10 }; } From 407d92e9a1a74ae275ede8fbfd9a31c7b7810afd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 01:55:15 +0100 Subject: [PATCH 31/63] wolf.r: fix modem-mibs hash --- krebs/1systems/wolf/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 4d0c0ffa5..0b21c0b6c 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -30,7 +30,7 @@ in MIBDIRS = pkgs.fetchgit { url = "http://git.shackspace.de/makefu/modem-mibs.git"; sha256 = - "a4244aa43ddd6e3ef9e64bb80f4ee952f68232aa008d3da9c78e3b627e5675c8"; + "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k"; }; # extra mibs like ADSL }; services.telegraf = { From 77626cee1c64320a41aa2014e1db8a5b8204c646 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 12:55:20 +0100 Subject: [PATCH 32/63] l daedalus.r: add some pkgs --- lass/1systems/daedalus/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 7b90ebb63..bc5d8f0f2 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -37,6 +37,9 @@ with import ; networkmanagerapplet libreoffice audacity + zathura + skype + wine ]; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; From dd49d83e143e56fea90a0c2d388a25047156ec3c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 12:58:45 +0100 Subject: [PATCH 33/63] l daedalus.r: enable login as bitcoin user --- lass/1systems/daedalus/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index bc5d8f0f2..6674b3db5 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -55,8 +55,10 @@ with import ; name = "bitcoin"; description = "user for bitcoin stuff"; home = "/home/bitcoin"; + isNormalUser = true; useDefaultShell = true; createHome = true; + extraGroups = [ "audio" ]; }; }; security.sudo.extraConfig = '' From 0d257a925bf936d2bd08ab2b04e0ab2762f289f0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 12:59:30 +0100 Subject: [PATCH 34/63] l helios.r: add umts --- lass/1systems/helios/config.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c64789d8d..46ea9ebd8 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -68,6 +68,16 @@ with import ; repo = [ config.krebs.git.repos.stockholm ]; perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ]; } + { + lass.umts = { + enable = true; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09"; + initstrings = '' + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + ''; + }; + } ]; # Use the systemd-boot EFI boot loader. From 8ccfefb51f8eb4601025fee5e6bd9971dd032f9e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 12:59:45 +0100 Subject: [PATCH 35/63] l helios.r: add monitor config --- lass/1systems/helios/config.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 46ea9ebd8..0f0dd7dd9 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -110,11 +110,16 @@ with import ; services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.xrandrHeads = [ - { output = "DP-0.8"; } - { output = "DP-4"; monitorConfig = ''Option "Rotate" "right"''; } { output = "DP-2"; primary = true; } + { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; } + { output = "DP-0"; } ]; + services.xserver.displayManager.sessionCommands = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal + ${pkgs.systemd}/bin/systemctl start xresources.service + ''; + networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ From 8ca59b00fc157abf3fbcbfe179e52816047ac65d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:00:03 +0100 Subject: [PATCH 36/63] l helios.r: minimize printing config --- lass/1systems/helios/config.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 0f0dd7dd9..a3429f479 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -138,8 +138,6 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" ]; - services.printing = { - enable = true; - drivers = [ pkgs.postscript-lexmark ]; - }; + services.printing.drivers = [ pkgs.postscript-lexmark ]; + } From f758f8cb07f0c2922ba00e06c6a59135c39a613a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:01:59 +0100 Subject: [PATCH 37/63] l mors.r: import br.nix from lass --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6a61ce1fa..800a27689 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -29,7 +29,7 @@ with import ; - + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ From d310705ed6364fadb67366d5224d73d421a0b58c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:02:21 +0100 Subject: [PATCH 38/63] l: add dnsutils to pkgs --- lass/1systems/mors/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 800a27689..acb5f2476 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -135,6 +135,8 @@ with import ; macchanger dpass + + dnsutils ]; #TODO: fix this shit From 3f6c5603a243cc8846d60fcfa1df60ca40052646 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:02:48 +0100 Subject: [PATCH 39/63] l mors.r: enable adb debugging --- lass/1systems/mors/config.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index acb5f2476..fee43f8cd 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -194,4 +194,8 @@ with import ; exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate' ''; }; + + #nix.package = pkgs.nixUnstable; + programs.adb.enable = true; + users.users.mainUser.extraGroups = [ "adbusers" ]; } From 31ff38649c1bb7f80e6b59232d312fc546c3290b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:03:50 +0100 Subject: [PATCH 40/63] l prism.r: fix onondaga container ip --- lass/1systems/prism/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a0bc1b900..639c4301e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -220,8 +220,8 @@ in { }; enableTun = true; privateNetwork = true; - hostAddress = "10.233.2.4"; - localAddress = "10.233.2.5"; + hostAddress = "10.233.2.5"; + localAddress = "10.233.2.6"; }; } From da362e792dcc11416e0e1b5aaf94232b652b2a51 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:04:42 +0100 Subject: [PATCH 41/63] l baseX: add screengrab to pkgs --- lass/2configs/baseX.nix | 13 ++++++------- lass/5pkgs/default.nix | 2 ++ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index a8bb8693f..1638264d9 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -74,21 +74,20 @@ in { pavucontrol powertop push + rxvt_unicode + screengrab slock sxiv + termite xclip xorg.xbacklight xorg.xhost xsel + youtube-tools + yt-next zathura - mpv-poll - yt-next - - youtube-tools - - rxvt_unicode - termite + cabal2nix ]; fonts.fonts = with pkgs; [ diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index d04833255..e0775f076 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -20,5 +20,7 @@ xml2json = pkgs.callPackage ./xml2json/default.nix {}; xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; }; yt-next = pkgs.callPackage ./yt-next/default.nix {}; + + screengrab = pkgs.writeDashBin "screengrab" "${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -s 1024x768 -i :0.0 -c:v huffyuv $1"; }; } From ad3e2a7401d8be4e85fa055b0602f757b113f92d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:16:52 +0100 Subject: [PATCH 42/63] l exim: add aliexpress & business addresses --- lass/2configs/exim-smarthost.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index f9c8f8ebc..763633dd9 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -46,6 +46,8 @@ with import ; { from = "apple@lassul.us"; to = lass.mail; } { from = "coinbase@lassul.us"; to = lass.mail; } { from = "tomtop@lassul.us"; to = lass.mail; } + { from = "aliexpress@lassul.us"; to = lass.mail; } + { from = "business@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From fdc128beb420b5559152e3e6c55c5c7d770e3c1e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:19:36 +0100 Subject: [PATCH 43/63] l vim: modify clipboard handling --- lass/2configs/vim.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 698344b09..f6c736fbc 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -98,8 +98,13 @@ let noremap [c | noremap! [c noremap [d | noremap! [d + " search with ack let g:ackprg = 'ag --vimgrep' cnoreabbrev Ack Ack! + + " copy/paste from/to xclipboard + noremap x "_x + set clipboard=unnamedplus ''; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ From bfd75eb50477aaf2adcab8742e6eabd705abde05 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:22:34 +0100 Subject: [PATCH 44/63] l lassul.us: add /pub --- lass/2configs/websites/lassulus.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 6e185a4d6..1eca2efd7 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -147,6 +147,9 @@ in { in '' alias ${initscript}; ''; + locations."/pub".extraConfig = '' + alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; + ''; }; services.nginx.virtualHosts.cgit = { From aac78c4822aec5c017fb3d072d09e7de64cd15ef Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:23:06 +0100 Subject: [PATCH 45/63] l cgit.lassul.us: fix acme --- lass/2configs/websites/lassulus.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 1eca2efd7..77f0c79e3 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -152,10 +152,24 @@ in { ''; }; + security.acme.certs."cgit.lassul.us" = { + email = "lassulus@gmail.com"; + webroot = "/var/lib/acme/acme-challenges"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + ]; + group = "nginx"; + allowKeysForGroup = true; + }; + + services.nginx.virtualHosts.cgit = { serverName = "cgit.lassul.us"; addSSL = true; - enableACME = true; + sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; }; users.users.blog = { From 3d2b4832ca2f852d9883a007ebe34a830298d77e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:24:15 +0100 Subject: [PATCH 46/63] l xmonad: fix warning --- lass/5pkgs/xmonad-lass.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 12c078940..478686245 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -25,7 +25,6 @@ import Data.List (isInfixOf) import System.Environment (getArgs, withArgs) import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) -import Text.Read (readEither) import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) From 80d7aa5f9c2e881f646f62443e6d2329d9be832d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:31:01 +0100 Subject: [PATCH 47/63] RIP archprism --- krebs/3modules/lass/default.nix | 36 ---- lass/1systems/archprism/config.nix | 328 ----------------------------- lass/1systems/archprism/source.nix | 3 - 3 files changed, 367 deletions(-) delete mode 100644 lass/1systems/archprism/config.nix delete mode 100644 lass/1systems/archprism/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3e03e71cb..f479e6504 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -132,38 +132,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; - archprism = rec { - cores = 4; - nets = rec { - retiolum = { - via = internet; - ip4.addr = "10.243.0.104"; - ip6.addr = "42::fa17"; - aliases = [ - "archprism.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl - kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl - JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I - AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5 - jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j - anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - internet = { - ip4.addr = "213.239.205.240"; - aliases = [ - "archprism.i" - ]; - ssh.port = 45621; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; - }; domsen-nas = { ci = false; external = true; @@ -555,10 +523,6 @@ with import ; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; - archprism-repo-sync = { - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C"; - mail = "lass@prism.r"; - }; prism-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; mail = "lass@prism.r"; diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix deleted file mode 100644 index 6411c423d..000000000 --- a/lass/1systems/archprism/config.nix +++ /dev/null @@ -1,328 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; - -let - ip = config.krebs.build.host.nets.internet.ip4.addr; - -in { - imports = [ - - { - networking.interfaces.et0.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "213.239.205.225"; - networking.nameservers = [ - "8.8.8.8" - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" - ''; - } - - - # - - - - - - - - - - - - - - - # - - - # - #{ - # lass.pyload.enable = true; - #} - { - imports = [ - - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } - { - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - }; - } - { - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/pool/nix"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; - }; - - fileSystems."/var/download" = { - device = "/dev/pool/download"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/http"; - }; - - fileSystems."/srv/o.ubikmedia.de-data" = { - device = "/dev/pool/owncloud-ubik-data"; - }; - - fileSystems."/bku" = { - device = "/dev/pool/bku"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - } - { - sound.enable = false; - } - { - nixpkgs.config.allowUnfree = true; - } - { - #stuff for juhulian - users.extraUsers.juhulian = { - name = "juhulian"; - uid = 1339; - home = "/home/juhulian"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - ]; - } - { - environment.systemPackages = [ - pkgs.perlPackages.Plack - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} - ]; - } - { - time.timeZone = "Europe/Berlin"; - } - { - imports = [ - - - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - services.tor = { - enable = true; - }; - } - { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } - { - imports = [ - - ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - users.users.tv = { - uid = genid "tv"; - inherit (config.krebs.users.tv) home; - group = "users"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; - }; - users.users.makefu = { - uid = genid "makefu"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.makefu.pubkey - ]; - }; - users.users.nin = { - uid = genid "nin"; - inherit (config.krebs.users.nin) home; - group = "users"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - extraGroups = [ - "libvirtd" - ]; - }; - } - { - krebs.repo-sync.timerConfig = { - OnBootSec = "15min"; - OnUnitInactiveSec = "90min"; - RandomizedDelaySec = "30min"; - }; - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; - } - { - lass.usershadow = { - enable = true; - }; - } - #{ - # krebs.Reaktor.prism = { - # nickname = "Reaktor|lass"; - # channels = [ "#retiolum" ]; - # extraEnviron = { - # REAKTOR_HOST = "ni.r"; - # }; - # plugins = with pkgs.ReaktorPlugins; [ - # sed-plugin - # ]; - # }; - #} - { - #stuff for dritter - users.extraUsers.dritter = { - name = "dritter"; - uid = genid "dritter"; - home = "/home/dritter"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" - ]; - }; - } - { - #hotdog - containers.hotdog = { - config = { ... }: { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.1"; - localAddress = "10.233.2.2"; - }; - } - { - #kaepsele - containers.kaepsele = { - config = { ... }: { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - tv.pubkey - ]; - }; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - } - { - #onondaga - containers.onondaga = { - config = { ... }: { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey - ]; - }; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.4"; - localAddress = "10.233.2.5"; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.archprism; -} diff --git a/lass/1systems/archprism/source.nix b/lass/1systems/archprism/source.nix deleted file mode 100644 index 3e96c1d38..000000000 --- a/lass/1systems/archprism/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "archprism"; -} From d050f9a8a99820c2dc64875aa4613af1b4805a15 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Nov 2017 13:54:15 +0100 Subject: [PATCH 48/63] l helios.r: disable git --- lass/1systems/helios/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index a3429f479..eb45d92ec 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -10,7 +10,8 @@ with import ; - + # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined + # { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; From f1a0eb6686a0ab4e64ad8bc9cbed509964efd1d2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Nov 2017 00:16:02 +0100 Subject: [PATCH 49/63] l: add littleT.r --- krebs/3modules/lass/default.nix | 41 ++++++++++++++++ lass/1systems/littleT/config.nix | 84 ++++++++++++++++++++++++++++++++ lass/1systems/littleT/source.nix | 4 ++ 3 files changed, 129 insertions(+) create mode 100644 lass/1systems/littleT/config.nix create mode 100644 lass/1systems/littleT/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index f479e6504..867f1bd34 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -342,6 +342,47 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL"; }; + littleT = { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.133.77"; + ip6.addr = "42:0:0:0:0:0:717:7137"; + aliases = [ + "littleT.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF + /m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY + 1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO + ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G + sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR + M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/ + Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT + +cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY + xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c + aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm + 7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v + k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B + idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ + y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D + SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i + mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH + PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB + ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5 + Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS + 8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt + NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW + 5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; + }; iso = { ci = false; cores = 1; diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix new file mode 100644 index 000000000..7211c78eb --- /dev/null +++ b/lass/1systems/littleT/config.nix @@ -0,0 +1,84 @@ +with import ; +{ config, pkgs, ... }: + +{ + imports = [ + + + + + + + + { + users.users.blacky = { + uid = genid "blacky"; + home = "/home/blacky"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + "video" + ]; + useDefaultShell = true; + }; + networking.networkmanager.enable = true; + networking.wireless.enable = mkForce false; + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + environment.systemPackages = with pkgs; [ + pavucontrol + chromium + hexchat + networkmanagerapplet + vlc + ]; + services.xserver.enable = true; + services.xserver.displayManager.lightdm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.layout = "de"; + users.mutableUsers = mkForce true; + services.xserver.synaptics.enable = true; + } + { + #remote control + environment.systemPackages = with pkgs; [ + x11vnc + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } + ]; + } + ]; + + time.timeZone = "Europe/Berlin"; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + + krebs.build.host = config.krebs.hosts.littleT; + + #fileSystems = { + # "/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + # }; + #}; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + #''; +} diff --git a/lass/1systems/littleT/source.nix b/lass/1systems/littleT/source.nix new file mode 100644 index 000000000..a86b8fd10 --- /dev/null +++ b/lass/1systems/littleT/source.nix @@ -0,0 +1,4 @@ +import { + name = "littleT"; + secure = true; +} From 0bfb105194675e16626d3a2550ac970429317de2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Nov 2017 01:03:27 +0100 Subject: [PATCH 50/63] l prism.r: add /bku --- lass/1systems/prism/config.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 639c4301e..b7f0ea554 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -67,6 +67,11 @@ in { fsType = "ext4"; }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + swapDevices = [ { label = "swap1"; } { label = "swap2"; } From a317cbf45b426e9b48f632720e0ac072286be7ff Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Nov 2017 10:15:11 +0100 Subject: [PATCH 51/63] ma source: bump to 2017-11-14 --- makefu/source.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 992e4070b..d28531824 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,12 +11,8 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "e3d14bb"; # unstable @ 2017-11-02 - # + ruby stuff: 2f0b17e4be9 55a952be5b5 - # + jsbeautifier: c60bee3 - # + mitmproxy fix: a0f7cedfae31 - # + synergy fix: 5e6c76bc1 - # + snapraid fix: e3d14bb1 + ref = "0c0d314"; # unstable @ 2017-11-14 + # + do_sqlite3 ruby: 55a952be5b5 in evalSource (toString _file) [ From 2a9fec0dc846d908d7727e08863c0ba1ead077e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Nov 2017 10:15:30 +0100 Subject: [PATCH 52/63] ma tools/games: add wine --- makefu/2configs/tools/games.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 8e815da5e..8da615963 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -6,5 +6,6 @@ ]; users.users.makefu.packages = with pkgs; [ games-user-env + wine ]; } From 3582dda308a472258853cbec3f2ec7f59c803d7b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Nov 2017 10:15:45 +0100 Subject: [PATCH 53/63] ma tools/dev: add pyserial --- makefu/2configs/tools/dev.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index d3d50c433..46872279a 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -2,7 +2,8 @@ { users.users.makefu.packages = with pkgs;[ - python35Packages.virtualenv + python3Packages.virtualenv + python3Packages.pyserial # embedded gi flashrom From 3b04a5d4da53f076468a1b0bb880490d9a98a697 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Nov 2017 10:16:17 +0100 Subject: [PATCH 54/63] ma tools/core: add binutils --- makefu/2configs/tools/core.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index eced961be..7e9a459c3 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -14,6 +14,7 @@ file lsof which + binutils # fs cifs-utils From 4d51e5ec7740abe4270976c8a0606d50e4e6a8e4 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Nov 2017 10:17:16 +0100 Subject: [PATCH 55/63] ma hosts: cleanup configs --- makefu/1systems/gum/config.nix | 2 +- makefu/1systems/latte/config.nix | 2 +- makefu/1systems/omo/config.nix | 2 +- makefu/1systems/wbob/config.nix | 5 ++++- makefu/1systems/x/config.nix | 7 +++++-- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 667804bf0..98d5d2988 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -83,7 +83,7 @@ in { # # Temporary: - + # ]; makefu.dl-dir = "/var/download"; diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix index 3b06660c6..5352b029f 100644 --- a/makefu/1systems/latte/config.nix +++ b/makefu/1systems/latte/config.nix @@ -18,7 +18,7 @@ in { # Security - + # # Tools diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index a22ff10bd..1d157460b 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -82,7 +82,7 @@ in { # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload # Temporary: - + # ]; makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 3a53b70cb..ac51fd9ca 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -24,9 +24,12 @@ in { # # # - + # Services + + # temporary + # ]; krebs = { diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index f7db75564..1524b485f 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -23,8 +23,6 @@ with import ; # # - # - # # # # @@ -75,6 +73,11 @@ with import ; { programs.adb.enable = true; } + # temporary + # + # + # + # ]; From 80aefebe97c1d102369c42e187a14cef29c52b03 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Nov 2017 10:18:20 +0100 Subject: [PATCH 56/63] cake.r: configure 4 cores --- krebs/3modules/makefu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index acd4184c0..29f188bbe 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -5,7 +5,7 @@ with import ; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { cake = rec { - cores = 1; + cores = 4; ci = false; nets = { retiolum = { From 1cbc2e5aa359e7e9b4b32c9ef75902576347a6d0 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Nov 2017 15:36:50 +0100 Subject: [PATCH 57/63] ma hw/stk1160: rip --- makefu/1systems/x/config.nix | 6 ++++-- makefu/2configs/hw/stk1160.nix | 15 --------------- 2 files changed, 4 insertions(+), 17 deletions(-) delete mode 100644 makefu/2configs/hw/stk1160.nix diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 1524b485f..1dd1a070f 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -62,7 +62,7 @@ with import ; - + # # # Filesystem @@ -87,7 +87,6 @@ with import ; nixpkgs.config.allowUnfree = true; - environment.systemPackages = [ pkgs.passwdqc-utils ]; # configure pulseAudio to provide a HDMI sink as well @@ -105,4 +104,7 @@ with import ; ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + + nix.package = pkgs.nixUnstable; + environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; } diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix deleted file mode 100644 index b3a9e1a5a..000000000 --- a/makefu/2configs/hw/stk1160.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: -{ - # TODO: un-pin linuxPackages somehow - boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; - nixpkgs.config.packageOverrides = pkgs: { - linux_4_9 = pkgs.linux_4_9.override { - extraConfig = '' - MEDIA_ANALOG_TV_SUPPORT y - VIDEO_STK1160_COMMON m - VIDEO_STK1160_AC97 y - VIDEO_STK1160 m - ''; - }; - }; -} From 025542a753f30cb8f58c9e31912a7f6cc93a5a7f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 15 Nov 2017 09:57:31 +0100 Subject: [PATCH 58/63] ma source: bump to latest nixpkgs --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index d28531824..aa49062e9 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,7 +11,7 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "0c0d314"; # unstable @ 2017-11-14 + ref = "6778819"; # unstable @ 2017-11-14 # + do_sqlite3 ruby: 55a952be5b5 in From 7e92e62397ac2bbf5d6f0aaeef495e7955e585e2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Nov 2017 09:45:48 +0100 Subject: [PATCH 59/63] l nixpkgs: 0c5a587 -> 7f6f0c4 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index d0f77573d..f168c4dd2 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0c5a587"; + ref = "7f6f0c4"; }; secrets.file = getAttr builder { buildbot = toString ; From a96a51e9ac6abc7385702bd562fc7c34df65d143 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Nov 2017 17:55:25 +0100 Subject: [PATCH 60/63] hotdog.r: remove krebs reaktor --- krebs/1systems/hotdog/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 4fdb53ae7..73b5377bd 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -13,7 +13,6 @@ - ]; From eec50acfd0055ba7d26fa3b7641b958757100ab9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Nov 2017 17:57:52 +0100 Subject: [PATCH 61/63] l prism.r: import reaktor-krebs --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b7f0ea554..e7849446a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -285,6 +285,7 @@ in { { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } ]; } + ]; krebs.build.host = config.krebs.hosts.prism; From fd1fa4e71ae66e263b245d792e35ec5128fd8399 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Nov 2017 18:02:18 +0100 Subject: [PATCH 62/63] l helios.r: import virtualbox --- lass/1systems/helios/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index eb45d92ec..23307e9a3 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -13,6 +13,7 @@ with import ; # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined # + { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; From 10a96c644898d9498e9f75fa543ebb395ffbca20 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Nov 2017 18:03:30 +0100 Subject: [PATCH 63/63] l mail: don't show security mails --- lass/2configs/mail.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 91127f737..962efaf3f 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -76,6 +76,7 @@ let "INBOX" "notmuch://?query=tag:inbox \ and NOT to:nix-devel\ and NOT to:shackspace\ + and NOT to:security\ and NOT to:c-base" \ "shack" "notmuch://?query=to:shackspace"\ "c-base" "notmuch://?query=to:c-base"\