Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse Source
This commit is contained in:
tv 2021-06-10 21:42:06 +02:00
commit 0e6e8b7188
104 changed files with 722 additions and 470 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
krebs/2configs/ergo.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [
6667
];
krebs.ergo = {
enable = true;
};
}

2
krebs/2configs/hw/x220.nix
View File

@ -22,8 +22,6 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau pkgs.vaapiVdpau
]; ];
security.rngd.enable = mkDefault true;
services.xserver = { services.xserver = {
videoDriver = "intel"; videoDriver = "intel";
}; };

1
krebs/2configs/reaktor2.nix
View File

@ -119,6 +119,7 @@ in {
users.users.reaktor2 = { users.users.reaktor2 = {
uid = genid_uint31 "reaktor2"; uid = genid_uint31 "reaktor2";
home = stateDir; home = stateDir;
isSystemUser = true;
}; };
krebs.reaktor2 = { krebs.reaktor2 = {

1
krebs/2configs/shack/muell_mail.nix
View File

@ -12,6 +12,7 @@ let
in { in {
users.users.muell_mail = { users.users.muell_mail = {
inherit home; inherit home;
isSystemUser = true;
createHome = true; createHome = true;
}; };
systemd.services.muell_mail = { systemd.services.muell_mail = {

1
krebs/2configs/shack/muellshack.nix
View File

@ -13,6 +13,7 @@ let
in { in {
users.users.muellshack = { users.users.muellshack = {
inherit home; inherit home;
isSystemUser = true;
createHome = true; createHome = true;
}; };
services.nginx.virtualHosts."muell.shack" = { services.nginx.virtualHosts."muell.shack" = {

1
krebs/2configs/shack/node-light.nix
View File

@ -14,6 +14,7 @@ in {
networking.firewall.allowedUDPPorts = [ 2342 ]; networking.firewall.allowedUDPPorts = [ 2342 ];
users.users.node-light = { users.users.node-light = {
inherit home; inherit home;
isSystemUser = true;
createHome = true; createHome = true;
}; };
services.nginx.virtualHosts."lounge.light.shack" = { services.nginx.virtualHosts."lounge.light.shack" = {

5
krebs/2configs/shack/powerraw.nix
View File

@ -14,7 +14,10 @@ let
in { in {
# receive response from light.shack / standby.shack # receive response from light.shack / standby.shack
networking.firewall.allowedUDPPorts = [ 11111 ]; networking.firewall.allowedUDPPorts = [ 11111 ];
users.users.powermeter.extraGroups = [ "dialout" ]; users.users.powermeter = {
extraGroups = [ "dialout" ];
isSystemUser = true;
};
# we make sure that usb-ttl has the correct permissions # we make sure that usb-ttl has the correct permissions
# creates /dev/powerraw # creates /dev/powerraw

1
krebs/2configs/shack/s3-power.nix
View File

@ -14,6 +14,7 @@ in {
users.users.s3_power = { users.users.s3_power = {
inherit home; inherit home;
createHome = true; createHome = true;
isSystemUser = true;
}; };
systemd.services.s3-power = { systemd.services.s3-power = {
startAt = "daily"; startAt = "daily";

1
krebs/2configs/shack/shackDNS.nix
View File

@ -30,6 +30,7 @@ in {
users.users.shackDNS = { users.users.shackDNS = {
inherit home; inherit home;
createHome = true; createHome = true;
isSystemUser = true;
}; };
services.nginx.virtualHosts."leases.shack" = { services.nginx.virtualHosts."leases.shack" = {
locations."/" = { locations."/" = {

2
krebs/2configs/shack/share.nix
View File

@ -1,7 +1,7 @@
{config, ... }:{ {config, ... }:{
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest; #effectively systemUser
group = "share"; group = "share";
description = "smb guest user"; description = "smb guest user";
home = "/home/share"; home = "/home/share";

10
krebs/2configs/wiki.nix
View File

@ -4,9 +4,9 @@ let
setupGit = '' setupGit = ''
export PATH=${makeBinPath [ pkgs.git ]} export PATH=${makeBinPath [ pkgs.git ]}
export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.services.gollum.stateDir}/.ssh/id_ed25519'
repo='git@localhost:wiki' repo='git@localhost:wiki'
cd ${config.krebs.gollum.stateDir} cd ${config.services.gollum.stateDir}
if ! url=$(git config remote.origin.url); then if ! url=$(git config remote.origin.url); then
git remote add origin "$repo" git remote add origin "$repo"
elif test "$url" != "$repo"; then elif test "$url" != "$repo"; then
@ -27,7 +27,7 @@ let
in in
{ {
krebs.gollum = { services.gollum = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
@ -36,6 +36,8 @@ in
''; '';
}; };
systemd.services.gollum.environment.LC_ALL = "en_US.UTF-8";
networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -87,7 +89,7 @@ in
}; };
krebs.secret.files.gollum = { krebs.secret.files.gollum = {
path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519"; path = "${config.services.gollum.stateDir}/.ssh/id_ed25519";
owner = { name = "gollum"; }; owner = { name = "gollum"; };
source-path = "${<secrets/gollum.id_ed25519>}"; source-path = "${<secrets/gollum.id_ed25519>}";
}; };

1
krebs/3modules/airdcpp.nix
View File

@ -268,6 +268,7 @@ let
uid = genid "airdcpp"; uid = genid "airdcpp";
home = cfg.stateDir; home = cfg.stateDir;
createHome = true; createHome = true;
isSystemUser = true;
inherit (cfg) extraGroups; inherit (cfg) extraGroups;
}; };
groups.airdcpp.gid = genid "airdcpp"; groups.airdcpp.gid = genid "airdcpp";

1
krebs/3modules/bepasty-server.nix
View File

@ -146,6 +146,7 @@ let
uid = genid_uint31 "bepasty"; uid = genid_uint31 "bepasty";
group = "bepasty"; group = "bepasty";
home = "/var/lib/bepasty-server"; home = "/var/lib/bepasty-server";
isSystemUser = true;
}; };
users.extraGroups.bepasty = { users.extraGroups.bepasty = {
gid = genid_uint31 "bepasty"; gid = genid_uint31 "bepasty";

2
krebs/3modules/brockman.nix
View File

@ -12,7 +12,7 @@ in {
users.extraUsers.brockman = { users.extraUsers.brockman = {
home = "/var/lib/brockman"; home = "/var/lib/brockman";
createHome = true; createHome = true;
isNormalUser = false; isSystemUser = true;
uid = genid_uint31 "brockman"; uid = genid_uint31 "brockman";
}; };

1
krebs/3modules/buildbot/master.nix
View File

@ -322,6 +322,7 @@ let
description = "Buildbot Master"; description = "Buildbot Master";
home = cfg.workDir; home = cfg.workDir;
createHome = false; createHome = false;
isSystemUser = true;
}; };
users.extraGroups.buildbotMaster = { users.extraGroups.buildbotMaster = {

1
krebs/3modules/buildbot/slave.nix
View File

@ -131,6 +131,7 @@ let
description = "Buildbot Slave"; description = "Buildbot Slave";
home = cfg.workDir; home = cfg.workDir;
createHome = false; createHome = false;
isSystemUser = true;
}; };
users.extraGroups.buildbotSlave = { users.extraGroups.buildbotSlave = {

2
krebs/3modules/default.nix
View File

@ -20,6 +20,7 @@ let
./ci.nix ./ci.nix
./current.nix ./current.nix
./dns.nix ./dns.nix
./ergo.nix
./exim.nix ./exim.nix
./exim-retiolum.nix ./exim-retiolum.nix
./exim-smarthost.nix ./exim-smarthost.nix
@ -28,7 +29,6 @@ let
./github-known-hosts.nix ./github-known-hosts.nix
./git.nix ./git.nix
./go.nix ./go.nix
./gollum.nix
./hidden-ssh.nix ./hidden-ssh.nix
./hosts.nix ./hosts.nix
./htgen.nix ./htgen.nix

136
krebs/3modules/ergo.nix Normal file
View File

@ -0,0 +1,136 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkEnableOption mkIf mkOption types;
inherit (pkgs) coreutils ergo;
cfg = config.krebs.ergo;
configFile = pkgs.writeText "ergo.conf" (builtins.toJSON cfg.config);
in
{
###### interface
options = {
krebs.ergo = {
enable = mkEnableOption "Ergo IRC daemon";
config = mkOption {
type = (pkgs.formats.json {}).type;
description = ''
Ergo IRC daemon configuration file.
'';
default = {
network = {
name = "krebstest";
};
server = {
name = "${config.networking.hostName}.r";
listeners = {
":6667" = {};
};
casemapping = "permissive";
enforce-utf = true;
lookup-hostnames = false;
ip-cloaking = {
enabled = false;
};
forward-confirm-hostnames = false;
check-ident = false;
relaymsg = {
enabled = false;
};
max-sendq = "1M";
ip-limits = {
count = false;
throttle = false;
};
};
datastore = {
path = "${cfg.statedir}/ircd.db";
};
accounts = {
authentication-enabled = true;
registration = {
enabled = true;
email-verification = {
enabled = false;
};
};
};
channels = {
default-modes = "+nt";
};
limits = {
nicklen = 32;
identlen = 20;
channellen = 64;
awaylen = 390;
kicklen = 390;
topiclen = 390;
};
};
};
statedir = mkOption {
type = types.path;
default = "/var/lib/ergo";
description = ''
Location of the state directory of ergo.
'';
};
user = mkOption {
type = types.str;
default = "ergo";
description = ''
Ergo IRC daemon user.
'';
};
group = mkOption {
type = types.str;
default = "ergo";
description = ''
Ergo IRC daemon group.
'';
};
};
};
###### implementation
config = mkIf cfg.enable ({
users.users.${cfg.user} = {
description = "Ergo IRC daemon user";
uid = config.ids.uids.ircd;
group = cfg.group;
};
users.groups.${cfg.group} = {
gid = config.ids.gids.ircd;
};
systemd.tmpfiles.rules = [
"d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -"
];
systemd.services.ergo = {
description = "Ergo IRC daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStartPre = "${ergo}/bin/ergo initdb --conf ${configFile}";
ExecStart = "${ergo}/bin/ergo run --conf ${configFile}";
Group = cfg.group;
User = cfg.user;
};
};
});
}

27
krebs/3modules/external/default.nix vendored
View File

@ -589,6 +589,32 @@ in {
}; };
}; };
}; };
nxnv = {
owner = config.krebs.users.rtjure;
nets = {
retiolum = {
ip4.addr = "10.243.122.127";
aliases = [
"nxnv.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB
ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt
NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp
wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt
1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT
eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy
S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/
9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN
ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW
45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila
jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
ada = { ada = {
owner = config.krebs.users.filly; owner = config.krebs.users.filly;
nets = { nets = {
@ -675,6 +701,7 @@ in {
1T6DILDF71H92PNylujKSPA0CKI160xJ61Xy/T6MYl5u0+RblAgYr77o5HJwmXCe 1T6DILDF71H92PNylujKSPA0CKI160xJ61Xy/T6MYl5u0+RblAgYr77o5HJwmXCe
jFrCu3SKUIlJWYHWE8yNoR+VVYeXakbDFYE3KpVyBDG+ljUbia+Oel8CAwEAAQ== jFrCu3SKUIlJWYHWE8yNoR+VVYeXakbDFYE3KpVyBDG+ljUbia+Oel8CAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = 3IKIoZqg0jm9+pOOka2FEtihx0y8qAdJqKTuRfJtMpK
''; '';
}; };
}; };

93
krebs/3modules/external/mic92.nix vendored
View File

@ -39,6 +39,7 @@ in {
DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764 DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764
UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ== UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = 6VktF9Fg9E0hCW5g+rwGnrPACPSx/8vkl+hPNaFYeND
''; '';
}; };
}; };
@ -72,6 +73,7 @@ in {
UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn
cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ== cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = qnJmS6W7QSKG3mjW1kPnHGeVmKzhGkyP9xBLGwH5XvD
''; '';
}; };
}; };
@ -148,6 +150,7 @@ in {
IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7 IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7
awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ== awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = ikUmx5IC1dvfaHFhpZM9xotwF2LH6EkvpcPTRm6TjeD
''; '';
}; };
}; };
@ -240,10 +243,10 @@ in {
61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = 7J1JgVyiy540akMdd/kONta0fMHSl5+FQJ1QhN84TzP
''; '';
tinc.subnets = [ tinc.subnets = [
# ohorn lan
"fd42:4492:6a6d:500:8526:2adf:7451:8bbb"
# docker network # docker network
"42:0000:002b:1605:3::/80" "42:0000:002b:1605:3::/80"
]; ];
@ -269,21 +272,26 @@ in {
''; '';
}; };
}; };
anindya = { aendernix = {
owner = config.krebs.users.mic92; owner = config.krebs.users.mic92;
nets.retiolum = { nets.retiolum = {
ip4.addr = "10.243.29.191"; ip4.addr = "10.243.29.172";
aliases = [ aliases = [
"anindya.r" "aendernix.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA8yWr01WlmM4RYuJdxvzvfdN3C5T3DOknWvK7U3y92HYgtQfYtZwu MIICCgKCAgEAt/dCDTvJU5jugP+5pk2CNM8X6cOnFonJv2eS253nsmKI97T9FSUa
+J8r1fpTsdIS8wKdSEqz7Mjhb1JabJBB1fv/2mkAF4V/gkMbP0jqZ6QQL29kgkNP QDt417MoqAJNEeZw7o4ve1fmdZmtfKgmXYdDJi2HSJCJoKY6FUgVOKevtzGg4akl
aI/+zG1yh4kEDgSn843J6XnTsJ/4Na2zmbVP1iIIQYMXyh+meWsBVR6DKV5ighjz 4mKTy2z59CxyIbA41MHyLq18W3NLabQ41NpWGBRt9jvHQpZfd+wI8t5IIzdvFrKo
4h3wKbuMmDrS50aTk8ahgWoiqcE2DTUMeprw4SIL+RTepmsCINQtAJui5Ys6AAbK JSOFRbzEBL5//Hc3N/443cUg4IMyDBTemS7/jaZ2/Mn+PVZAdoIPLEZjFeWewmTF
ab6gxMzRH2txLBcTfSrbqTX3qHZHLlB9Ai5FEItWqMBxquD6OCxn8DNU+5LgGpt1 Jd8Bsc2thzAREYHYnawhq3PLJSebMJd91pCdkD0NB0i59VKORcQTFady3fzE9+w4
Z37SI1U0c4uu1oo7kOSx6wYP2ZVOatys6QIDAQAB RSTqAdBTUDuxzU/B8g1dp89/qW+fVPiFuB5Pf7D9t2DgxTDAeSXMiId/4Hwa0B1G
QCnCedz0Qk2UdId16BTS8DSq8Pd9fawU6qCmPY6ahSiw5ZQ6odMvDISb480cKj41
pslLjhIItTk3WEs8MwnQCzweNABuCK7GzT7CNaYm3f9pznBlOB+KfoZ6mrlzKkEK
u+gFJXTFym0ZF0wheXO7FCJ1jp4LFHqKGS3zWQyT7isjLsbcQzpOe8/FdiFlQvlG
vltL+5JjcahAMHc/ba+pRa5rSy8ebqf68fg4jlkT94Za13bCIHdK5w7eAXR3s/9z
H2wZmhvajUIZAxQSgFUy+7kKWOIkWqFkGPIdmbdwTaHC88OWshvRv8ECAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
@ -356,6 +364,7 @@ in {
4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM 4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM
mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ== mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = emKq1mfkW4/aCoCwmeFU3DtppKs+KsTvd9YGoFkFgdC
''; '';
}; };
}; };
@ -381,8 +390,6 @@ in {
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
# ohorn lan
tinc.subnets = [ "fd42:4492:6a6d:500::/64" ];
}; };
}; };
}; };
@ -410,6 +417,7 @@ in {
74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG 74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG
67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB 67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = Z5+fArxMfP8oLqlHpXadkGc9ROOPHBqugAMD2czmNlJ
''; '';
}; };
}; };
@ -417,6 +425,11 @@ in {
bill = { bill = {
owner = config.krebs.users.mic92; owner = config.krebs.users.mic92;
nets = rec { nets = rec {
internet = {
ip4.addr = "131.159.38.191";
ip6.addr = "2a09:80c0:38::191";
aliases = [ "bill.i" ];
};
retiolum = { retiolum = {
addrs = [ addrs = [
config.krebs.hosts.bill.nets.retiolum.ip4.addr config.krebs.hosts.bill.nets.retiolum.ip4.addr
@ -426,13 +439,19 @@ in {
aliases = [ "bill.r" ]; aliases = [ "bill.r" ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzg0wJuDvsbflRKSJ7+ug9y7Gn+BH3CR44fuCPZpWmIcGIUbA6rXj MIICCgKCAgEAvzM5dWPpmzzmogjuZC5boNvz+MJcIO0WnE9IINBY+CLSw5ZpNDVB
CD8pF5heOvXNCFlEip2wqTkaCJPnUs3x8BRtORmD6OxDdmqt0xH54u7CixKzrPp9 b97EG0Irs92OLJ5eesdPdF5LIyfFcFHOpPN+NdVEfLDWpFZVgOYh4BRy5+JdEk6O
GIQydv+ZsGA2z3aDbmBydRPDIvYGhW68FJn10qlGRjCZ5zCl1eVEZ/wMddFXc0B8 ybcxLFIdgBHxahd3W27FxXC1ALu/AInAA2b4rwYoNBi23idj8+wtL4MJldkr5QaQ
KDbxh7qOkjXon6EOGACVbnrnUR3F1GsIvCxX0cCDrO0P8XHwwsZiAfUwXYkiqw7t sx8VQxIMy1xY4AbKcHdOt/nMrPoU6GnE9ObdcLys5cGUl/7Vc0NAMK6RrFQo+jfn
zPcty6Bbr34mSJbb9cFb/qQlfPWT0HVgo+Q65HVkr/64o/9tTyREZcj1dk5PpEPE 2N0uWA1hZPAfZEEKP91xiOiRSx15WG3q9R/rqPmBh6l+rdPyWdRKcPVndCzVDrgw
bt7PGlOF1oPZpVFQh8S+NviHTtqrvkuISQIDAQAB WWPcR9A9Yzr0ZrpEIHOfrDOqb2Ur1HlrXHZRpt55IYOKwC7ZimZzKkMj7zl1t2Rq
nC07IJS7OI38amgLI0PSFI/Mx+mAPdYjd0fDcp8q7reOL63QT7cbrOw+cyOzNzGb
I7U7QaHaA2unOa1EYj5Ocd6jI1IyHqQe9FkUqgTaDVU44U3WEo/KY6FZfhqSPPHs
PsFzMj9nOWUGUr0cAn7DloIfNL49voO1C4HaiEvvhbSFIT/8suq3JznFxmP/q+Ph
qYbXI/LXzU2Ln1Abiu9m1OfxTmEOlH9C54zyUvkAfhjcD2/aZWc76g06Oj2L6kZ6
EC9Ku7Hk37rVOgZjtXUjuf3eUAvImknQ/JMRM3YDQgmu4iU0tJ1UnqkCAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = bN+knMGCqK+HkdOucynEXxeqGFOS2u8oWLRDV/gNIZI
''; '';
}; };
}; };
@ -440,6 +459,11 @@ in {
nardole = { nardole = {
owner = config.krebs.users.mic92; owner = config.krebs.users.mic92;
nets = rec { nets = rec {
internet = {
ip4.addr = "131.159.102.2";
ip6.addr = "2a09:80c0:102::2";
aliases = [ "nardole.i" ];
};
retiolum = { retiolum = {
addrs = [ addrs = [
config.krebs.hosts.nardole.nets.retiolum.ip4.addr config.krebs.hosts.nardole.nets.retiolum.ip4.addr
@ -449,13 +473,19 @@ in {
aliases = [ "nardole.r" ]; aliases = [ "nardole.r" ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA05JzZLPH4+t2X8TI1nYsv4WCQ/OUmuMy9YbKUIRITE2EVA+x47Cf MIICCgKCAgEAyYIN9FYtTmJTXUlBO4QYp9J7SZbglMEq0QCMpF9xQvCqJHl+C1vm
qdYPucWUpF7ap1rykxHBcPnmORO/NjAymlt25FDyyYQ2uWm17VE7P7jefAUnX7xj NzAswlhbaK5J1spi6+zUXtYJEVQyP1xesDlVm9G+hntS7woEWtuLO7VUL9whWINb
80Rt7aWCXfldQuRAbza35G+Kl50Y6ydkZYkKCbyQ8fMhuzNp6Wn/pAJD3yr+zdka mO0OmYIEaWTMPIOKPTgc3tYsUhk7dw962/6I81JQczCHg1z2ItsRho/Kwi/Jo2Gj
AsIoir9Ut9/9CKayRqGF+zaIf2Lj7nl5GL8bCAVJydU98GjlnXt7iuaWCt0H7NiK jnPJQoRek45+xIzlf9Jx38ntioTQIaLuSw7/lplT1cHNcefLje8FQmVEojY79Ijc
FWOjkGhAUlQI9I6l+5ELWClpyk5X+isfbUbYaCCspZJvos+vDE8hJuH5PrH8NuJj 6Ij4b9tPln8eQErw2sANS6kSUOVRnVkfeRW+3a4iRtd8SzXJ+aX5TCsq910Z1+/H
fJv8HrHkcGphn/Nn1TotpHBkyMyE5h6akwIDAQAB ClK91GctU0V11s/m8LCp/Wz+o+4Z89JLxnil/ZS/6NHsaHysQPFPbx0Uh5nASF64
RoWhzp2CSJTC9/UJKdPIpIokMIEGgKjy8Up3nY4yjoUnf6SZfzr4jmXfRmYmVaMp
cCjbMbxBo+MjfXlGRxJAFGkS9zO9/21SEDiWqfOVThg5jbBR/q9ysRGcXndS0ea7
NzsCbU1/0StxxmZLpBRz2MxGSHqlZbwInm9RjsXbCGa32tTiUz8VxjR3LTUMU8AP
xpPLaIo7TIPdkDvCFL+DtXB9lE2PDpnSHbxyXKVKqxmCW1i/+msrBs/gnQ9VjzyA
L1Ip2MBQd+CFUtaj+VdhjfulvpVcpr5e3nZe7cl38qucUp46tbVsJ3UCAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = BA8uWkeHofZb5s9bNy6PjefKNZwemETWAA+Q6okKn1M
''; '';
}; };
}; };
@ -467,7 +497,6 @@ in {
ip4.addr = "10.243.29.171"; ip4.addr = "10.243.29.171";
aliases = [ aliases = [
"rock.r" "rock.r"
"loki.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN PUBLIC KEY----- -----BEGIN PUBLIC KEY-----
@ -518,6 +547,7 @@ in {
W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ
0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = 0O1LrgXAFOuei1NfU0vow+qUfim3htBOyCJvPrQFwHE
''; '';
}; };
}; };
@ -544,9 +574,8 @@ in {
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = bXEnZa/jn2ntL0R4sMsRd7NIoHgzrzUnJ3ReJUQ8iFG
''; '';
# ohorn lan
tinc.subnets = [ "fd42:4492:6a6d:500:f610:15d1:27a3:674b" ];
}; };
}; };
}; };
@ -621,8 +650,8 @@ in {
nets = rec { nets = rec {
internet = { internet = {
# eva.thalheim.io # eva.thalheim.io
ip4.addr = "52.59.172.193"; ip4.addr = "157.90.232.92";
ip6.addr = "2a05:d014:301:a601:ef0e:5434:d814:b8ed"; ip6.addr = "2a01:4f8:1c1c:9a9::1";
aliases = [ "eva.i" ]; aliases = [ "eva.i" ];
}; };
retiolum = { retiolum = {
@ -630,6 +659,7 @@ in {
ip4.addr = "10.243.29.185"; ip4.addr = "10.243.29.185";
aliases = [ aliases = [
"eva.r" "eva.r"
"loki.r"
"prometheus.r" "prometheus.r"
"alertmanager.r" "alertmanager.r"
]; ];
@ -648,6 +678,7 @@ in {
6uuTTsn7s0PYBJDNdccOf1Qt8fqPPgzqUKqeUciHojYDDPTC5KQh5m2PBv4I4iIR 6uuTTsn7s0PYBJDNdccOf1Qt8fqPPgzqUKqeUciHojYDDPTC5KQh5m2PBv4I4iIR
LnKOqNUX7UCqbdaE/tfFRG0CAwEAAQ== LnKOqNUX7UCqbdaE/tfFRG0CAwEAAQ==
-----END PUBLIC KEY----- -----END PUBLIC KEY-----
Ed25519PublicKey = 7rbs+10zzfwOPj5RoS1i/01QXuw7uIHGOHIgsjB2fHK
''; '';
}; };
}; };
@ -671,6 +702,7 @@ in {
EMp7y5QJySmKwJ/XsS6yiHeYXLFwWvfReja/IRFL4RiDSW+6ES4PTEXxoLVDpqgv EMp7y5QJySmKwJ/XsS6yiHeYXLFwWvfReja/IRFL4RiDSW+6ES4PTEXxoLVDpqgv
KF44qim4UBabCMTPVtZcU3Rr+ufBALKJCwIDAQAB KF44qim4UBabCMTPVtZcU3Rr+ufBALKJCwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = PmZ8i6lB0Ij/d8qjA0y3QI2rMAlrTZn1ES/hUSNNWMP
''; '';
}; };
}; };
@ -699,6 +731,7 @@ in {
fuXAsh5UbnE5kt6vKL5aducScatyd5FRkNumKG5ji26eZR4lZmXn380JLDInV4n7 fuXAsh5UbnE5kt6vKL5aducScatyd5FRkNumKG5ji26eZR4lZmXn380JLDInV4n7
SODZL2fQFBnSD1wTWcq9Q/luPh4FitzJUZzHexvNxR/KBZycZJtdVw8CAwEAAQ== SODZL2fQFBnSD1wTWcq9Q/luPh4FitzJUZzHexvNxR/KBZycZJtdVw8CAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
Ed25519PublicKey = pjCpkZToBUBbjUNVMWfYJePZ6g7m7Ccr9WedfKEFsXD
''; '';
}; };
}; };

1
krebs/3modules/fetchWallpaper.nix
View File

@ -57,6 +57,7 @@ let
description = "fetchWallpaper user"; description = "fetchWallpaper user";
home = cfg.stateDir; home = cfg.stateDir;
createHome = true; createHome = true;
isSystemUser = true;
}; };
systemd.timers.fetchWallpaper = { systemd.timers.fetchWallpaper = {

1
krebs/3modules/github-hosts-sync.nix
View File

@ -65,6 +65,7 @@ let
users.users.${user.name} = { users.users.${user.name} = {
inherit (user) uid; inherit (user) uid;
home = cfg.dataDir; home = cfg.dataDir;
isSystemUser = true;
}; };
}; };

112
krebs/3modules/gollum.nix
View File

@ -1,112 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.krebs.gollum;
in
{
options.krebs.gollum = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable the Gollum service.";
};
address = mkOption {
type = types.str;
default = "0.0.0.0";
description = "IP address on which the web server will listen.";
};
port = mkOption {
type = types.int;
default = 4567;
description = "Port on which the web server will run.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Content of the configuration file";
};
mathjax = mkOption {
type = types.bool;
default = false;
description = "Enable support for math rendering using MathJax";
};
allowUploads = mkOption {
type = types.nullOr (types.enum [ "dir" "page" ]);
default = null;
description = "Enable uploads of external files";
};
emoji = mkOption {
type = types.bool;
default = false;
description = "Parse and interpret emoji tags";
};
branch = mkOption {
type = types.str;
default = "master";
example = "develop";
description = "Git branch to serve";
};
stateDir = mkOption {
type = types.path;
default = "/var/lib/gollum";
description = "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup.";
};
};
config = mkIf cfg.enable {
users.users.gollum = {
group = config.users.users.gollum.name;
description = "Gollum user";
home = cfg.stateDir;
createHome = false;
isSystemUser = true;
};
users.groups.gollum = { };
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' - ${config.users.users.gollum.name} ${config.users.groups.gollum.name} - -"
];
systemd.services.gollum = {
description = "Gollum wiki";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.git ];
preStart = ''
# This is safe to be run on an existing repo
git init ${cfg.stateDir}
'';
serviceConfig = {
User = config.users.users.gollum.name;
Group = config.users.groups.gollum.name;
ExecStart = ''
${pkgs.gollum}/bin/gollum \
--port ${toString cfg.port} \
--host ${cfg.address} \
--config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \
--ref ${cfg.branch} \
${optionalString cfg.mathjax "--mathjax"} \
${optionalString cfg.emoji "--emoji"} \
${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \
${cfg.stateDir}
'';
};
};
};
}

1
krebs/3modules/jeschli/default.nix
View File

@ -49,6 +49,7 @@ in {
}; };
}; };
enklave = { enklave = {
ci = false;
nets = rec { nets = rec {
internet = { internet = {
ip4.addr = "88.198.164.182"; ip4.addr = "88.198.164.182";

1
krebs/3modules/realwallpaper.nix
View File

@ -60,6 +60,7 @@ let
uid = genid "realwallpaper"; uid = genid "realwallpaper";
home = cfg.workingDir; home = cfg.workingDir;
createHome = true; createHome = true;
isSystemUser = true;
}; };
}; };

1
krebs/3modules/tinc_graphs.nix
View File

@ -127,6 +127,7 @@ let
users.extraUsers.tinc_graphs = { users.extraUsers.tinc_graphs = {
uid = genid_uint31 "tinc_graphs"; uid = genid_uint31 "tinc_graphs";
home = "/var/spool/tinc_graphs"; home = "/var/spool/tinc_graphs";
isSystemUser = true;
}; };
services.nginx = mkIf cfg.nginx.enable { services.nginx = mkIf cfg.nginx.enable {
enable = mkDefault true; enable = mkDefault true;

1
krebs/3modules/urlwatch.nix
View File

@ -193,6 +193,7 @@ let
inherit (user) uid; inherit (user) uid;
home = cfg.dataDir; home = cfg.dataDir;
createHome = true; createHome = true;
isSystemUser = true;
}; };
}; };

9
krebs/5pkgs/simple/buildbot-classic/default.nix
View File

@ -1,6 +1,9 @@
{ pkgs, fetchFromGitHub, python2Packages, git, ... }: { pkgs, fetchFromGitHub, python2Packages, git, ... }: let
python2Packages.buildPythonApplication rec { # we need the old sqlparse since the new one is python2 incompatible
sqlparse = python2Packages.callPackage ./sqlparse.nix {};
in python2Packages.buildPythonApplication rec {
name = "buildbot-classic-${version}"; name = "buildbot-classic-${version}";
version = "0.8.18"; version = "0.8.18";
namePrefix = ""; namePrefix = "";
@ -18,7 +21,7 @@ python2Packages.buildPythonApplication rec {
python2Packages.jinja2 python2Packages.jinja2
python2Packages.twisted python2Packages.twisted
python2Packages.dateutil python2Packages.dateutil
python2Packages.sqlalchemy_migrate (python2Packages.sqlalchemy_migrate.override { sqlparse = sqlparse; })
python2Packages.pysqlite python2Packages.pysqlite
pkgs.coreutils pkgs.coreutils
]; ];

34
krebs/5pkgs/simple/buildbot-classic/sqlparse.nix Normal file
View File

@ -0,0 +1,34 @@
{ stdenv
, buildPythonPackage
, fetchPypi
, pytest
, isPy3k
}:
buildPythonPackage rec {
pname = "sqlparse";
version = "0.3.1";
src = fetchPypi {
inherit pname version;
sha256 = "e162203737712307dfe78860cc56c8da8a852ab2ee33750e33aeadf38d12c548";
};
checkInputs = [ pytest ];
checkPhase = ''
py.test
'';
# Package supports 3.x, but tests are clearly 2.x only.
doCheck = !isPy3k;
meta = with stdenv.lib; {
description = "Non-validating SQL parser for Python";
longDescription = ''
Provides support for parsing, splitting and formatting SQL statements.
'';
homepage = "https://github.com/andialbrecht/sqlparse";
license = licenses.bsd3;
};
}

3
krebs/5pkgs/simple/realwallpaper/default.nix
View File

@ -9,8 +9,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
gnused gnused
file file
findutils findutils
grib2json imagemagick6
imagemagick
inkscape inkscape
jq jq
nomads-cloud nomads-cloud

62
krebs/5pkgs/simple/solanum/default.nix
View File

@ -1,62 +0,0 @@
{ lib, stdenv
, fetchFromGitHub
, autoreconfHook
, pkg-config
, bison
, flex
, openssl
, sqlite
, lksctp-tools
}:
stdenv.mkDerivation rec {
pname = "solanum";
version = "unstable-2021-04-27";
src = fetchFromGitHub {
owner = "solanum-ircd";
repo = pname;
rev = "3ff5a12e75662e9a642f2a4364797bd361eb0925";
sha256 = "14ywmfdv8cncbyg08y2qdis00kwg8lvhkcgj185is67smh0qf88f";
};
patches = [
./dont-create-logdir.patch
];
configureFlags = [
"--enable-epoll"
"--enable-ipv6"
"--enable-openssl=${openssl.dev}"
"--with-program-prefix=solanum-"
"--localstatedir=/var/lib"
"--with-rundir=/run"
"--with-logdir=/var/log"
] ++ lib.optionals (stdenv.isLinux) [
"--enable-sctp=${lksctp-tools.out}/lib"
];
nativeBuildInputs = [
autoreconfHook
bison
flex
pkg-config
];
buildInputs = [
openssl
sqlite
];
doCheck = !stdenv.isDarwin;
enableParallelBuilding = true;
meta = with lib; {
description = "An IRCd for unified networks";
homepage = "https://github.com/solanum-ircd/solanum";
license = licenses.gpl2Only;
maintainers = with maintainers; [ hexa ];
platforms = platforms.unix;
};
}

14
krebs/5pkgs/simple/solanum/dont-create-logdir.patch
View File

@ -1,14 +0,0 @@
diff --git a/Makefile.am b/Makefile.am
index 19e7b396..21093521 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -35,9 +35,6 @@ include/serno.h:
echo '#define DATECODE 0UL' >>include/serno.h; \
fi
-install-data-hook:
- test -d ${DESTDIR}${logdir} || mkdir -p ${DESTDIR}${logdir}
-
install-exec-hook:
rm -f ${DESTDIR}${libdir}/*.la
rm -f ${DESTDIR}${moduledir}/*.la

8
krebs/nixpkgs-unstable.json
View File

@ -1,9 +1,9 @@
{ {
"url": "https://github.com/NixOS/nixpkgs", "url": "https://github.com/NixOS/nixpkgs",
"rev": "7a1fbc38a4b538450ac0d42aec8a3e513b4d723e", "rev": "fbfb79400a08bf754e32b4d4fc3f7d8f8055cf94",
"date": "2021-05-16T12:16:31+02:00", "date": "2021-06-06T04:54:09-03:00",
"path": "/nix/store/iq2sy65gmwad2prm8lcdh6k5f7ywxci5-nixpkgs", "path": "/nix/store/51dsmanfc179xy70kn2rl0qvg45cn6qr-nixpkgs",
"sha256": "0jg8dilsw0gr4jfshkk3wd50gddd11hvd836fxkw43m6m47885p7", "sha256": "0pgyx1l1gj33g5i9kwjar7dc3sal2g14mhfljcajj8bqzzrbc3za",
"fetchSubmodules": false, "fetchSubmodules": false,
"deepClone": false, "deepClone": false,
"leaveDotGit": false "leaveDotGit": false

8
krebs/nixpkgs.json
View File

@ -1,9 +1,9 @@
{ {
"url": "https://github.com/NixOS/nixpkgs", "url": "https://github.com/NixOS/nixpkgs",
"rev": "33824cdf8e4fec30c5b9ddc91b18991c3c375227", "rev": "60cce7e5e1fdf62421ef6d4184ee399b46209366",
"date": "2021-05-18T19:08:44-04:00", "date": "2021-06-09T01:18:50-04:00",
"path": "/nix/store/s3f1q2a5hn60jdnz8h66z7yahrmzifin-nixpkgs", "path": "/nix/store/fixgn194626rb7gf99l9jaqm0hbqn2ix-nixpkgs",
"sha256": "1sad0x998k3iid2vp57kv4skvf90yh4gbs61dv3p45c2qi3sql46", "sha256": "100xrb925cana1kfd0c7gwkjjalq891vfgr0rn1gl9j8gp3l3gx6",
"fetchSubmodules": false, "fetchSubmodules": false,
"deepClone": false, "deepClone": false,
"leaveDotGit": false "leaveDotGit": false

2
krebs/update-nixpkgs.sh
View File

@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \ --url https://github.com/NixOS/nixpkgs \
--rev refs/heads/nixos-20.09' \ --rev refs/heads/nixos-21.05' \
> $dir/nixpkgs.json > $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"

44
lass/1systems/coaxmetal/config.nix
View File

@ -16,38 +16,54 @@
<stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/wine.nix> <stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/nfs-dl.nix> # <stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/pass.nix> <stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/mail.nix> <stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/xonsh.nix>
<stockholm/lass/2configs/review.nix>
<stockholm/lass/2configs/dunst.nix>
# <stockholm/krebs/2configs/ircd.nix>
]; ];
krebs.build.host = config.krebs.hosts.coaxmetal; krebs.build.host = config.krebs.hosts.coaxmetal;
environment.shellAliases = { environment.systemPackages = with pkgs; [
deploy = pkgs.writeDash "deploy" '' brain
bank
l-gen-secrets
(pkgs.writeDashBin "deploy" ''
set -eu set -eu
export SYSTEM="$1" export SYSTEM="$1"
$(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
''; '')
usb-tether-on = pkgs.writeDash "usb-tether-on" '' (pkgs.writeDashBin "usb-tether-on" ''
adb shell su -c service call connectivity 33 i32 1 s16 text adb shell su -c service call connectivity 33 i32 1 s16 text
''; '')
usb-tether-off = pkgs.writeDash "usb-tether-off" '' (pkgs.writeDashBin "usb-tether-off" ''
adb shell su -c service call connectivity 33 i32 0 s16 text adb shell su -c service call connectivity 33 i32 0 s16 text
''; '')
}; ];
programs.adb.enable = true; programs.adb.enable = true;
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
powerOnBoot = true; powerOnBoot = true;
# config.General.Disable = "Headset";
extraConfig = ''
[General]
Disable = Headset
'';
}; };
hardware.pulseaudio.package = pkgs.pulseaudioFull; hardware.pulseaudio.package = pkgs.pulseaudioFull;
lass.browser.config = {
dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; };
fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
};
nix.trustedUsers = [ "root" "lass" ];
services.tor = {
enable = true;
client.enable = true;
};
} }

1
lass/1systems/coaxmetal/physical.nix
View File

@ -7,6 +7,7 @@
networking.hostId = "e0c335ea"; networking.hostId = "e0c335ea";
boot.zfs.requestEncryptionCredentials = true; boot.zfs.requestEncryptionCredentials = true;
boot.zfs.enableUnstable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;

1
lass/1systems/daedalus/config.nix
View File

@ -19,6 +19,7 @@ with import <stockholm/lib>;
"networkmanager" "networkmanager"
]; ];
useDefaultShell = true; useDefaultShell = true;
isNormalUser = true;
}; };
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false; networking.wireless.enable = mkForce false;

2
lass/1systems/green/config.nix
View File

@ -23,7 +23,7 @@ with import <stockholm/lib>;
users.users.mainUser.openssh.authorizedKeys.keys = [ users.users.mainUser.openssh.authorizedKeys.keys = [
config.krebs.users.lass-android.pubkey config.krebs.users.lass-android.pubkey
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel
]; ];
krebs.bindfs = { krebs.bindfs = {

11
lass/1systems/icarus/physical.nix
View File

@ -45,16 +45,5 @@
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
''; '';
services.thinkfan.enable = true;
services.thinkfan.levels = ''
(0, 0, 55)
(1, 48, 60)
(2, 50, 61)
(3, 52, 63)
(6, 60, 85)
(7, 80, 90)
(127, 89, 32767)
'';
services.logind.lidSwitch = "ignore"; services.logind.lidSwitch = "ignore";
} }

1
lass/1systems/prism/config.nix
View File

@ -345,6 +345,7 @@ with import <stockholm/lib>;
home = "/var/download"; home = "/var/download";
useDefaultShell = true; useDefaultShell = true;
uid = genid "download"; uid = genid "download";
isSystemUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [ openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey lass.pubkey
lass-android.pubkey lass-android.pubkey

1
lass/1systems/uriel/config.nix
View File

@ -23,6 +23,7 @@ with import <stockholm/lib>;
"networkmanager" "networkmanager"
]; ];
useDefaultShell = true; useDefaultShell = true;
isNormalUser = true;
}; };
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
hardware.pulseaudio = { hardware.pulseaudio = {

5
lass/1systems/xerxes/config.nix
View File

@ -81,11 +81,6 @@
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
powerOnBoot = true; powerOnBoot = true;
# config.General.Disable = "Headset";
extraConfig = ''
[General]
Disable = Headset
'';
}; };
hardware.pulseaudio.package = pkgs.pulseaudioFull; hardware.pulseaudio.package = pkgs.pulseaudioFull;
# hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" ''

27
lass/2configs/bitcoin.nix
View File

@ -4,12 +4,6 @@ let
mainUser = config.users.extraUsers.mainUser; mainUser = config.users.extraUsers.mainUser;
in { in {
krebs.per-user.bch.packages = [
pkgs.electron-cash
];
krebs.per-user.bitcoin.packages = [
pkgs.electrum
];
users.extraUsers = { users.extraUsers = {
bch = { bch = {
name = "bch"; name = "bch";
@ -17,6 +11,8 @@ in {
home = "/home/bch"; home = "/home/bch";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
packages = [ pkgs.electron-cash ];
isNormalUser = true;
}; };
bitcoin = { bitcoin = {
name = "bitcoin"; name = "bitcoin";
@ -24,10 +20,25 @@ in {
home = "/home/bitcoin"; home = "/home/bitcoin";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
packages = [ pkgs.electrum ];
isNormalUser = true;
};
monero = {
name = "monero";
description = "user for monero stuff";
home = "/home/monero";
useDefaultShell = true;
createHome = true;
packages = [
pkgs.monero
pkgs.monero-gui
];
isNormalUser = true;
}; };
}; };
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL ${mainUser.name} ALL=(bch) ALL
${mainUser.name} ALL=(bch) NOPASSWD: ALL ${mainUser.name} ALL=(bitcoin) ALL
${mainUser.name} ALL=(monero) ALL
''; '';
} }

1
lass/2configs/ciko.nix
View File

@ -10,6 +10,7 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
]; ];
isNormalUser = true;
}; };
system.activationScripts.user-shadow = '' system.activationScripts.user-shadow = ''

5
lass/2configs/default.nix
View File

@ -32,6 +32,7 @@ with import <stockholm/lib>;
group = "users"; group = "users";
createHome = true; createHome = true;
useDefaultShell = true; useDefaultShell = true;
isNormalUser = true;
extraGroups = [ extraGroups = [
"audio" "audio"
"fuse" "fuse"
@ -88,9 +89,7 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true; services.timesyncd.enable = mkForce true;
systemd.tmpfiles.rules = [ boot.tmpOnTmpfs = true;
"d /tmp 1777 root root - -"
];
# multiple-definition-problem when defining environment.variables.EDITOR # multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = '' environment.extraInit = ''

1
lass/2configs/elster.nix
View File

@ -12,6 +12,7 @@ in {
useDefaultShell = true; useDefaultShell = true;
extraGroups = []; extraGroups = [];
createHome = true; createHome = true;
isNormalUser = true;
}; };
}; };
krebs.per-user.elster.packages = [ krebs.per-user.elster.packages = [

1
lass/2configs/games.nix
View File

@ -78,6 +78,7 @@ in {
# vdoomserver # vdoomserver
retroarchBare retroarchBare
]; ];
isNormalUser = true;
}; };
}; };

2
lass/2configs/gg23.nix
View File

@ -8,6 +8,8 @@ with import <stockholm/lib>;
prefixLength = 24; prefixLength = 24;
}]; }];
networking.domain = "gg23";
services.dhcpd4 = { services.dhcpd4 = {
enable = true; enable = true;
interfaces = [ "int0" ]; interfaces = [ "int0" ];

1
lass/2configs/htop.nix
View File

@ -3,7 +3,6 @@
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
security.hideProcessInformation = true;
nixpkgs.config.packageOverrides = super: { nixpkgs.config.packageOverrides = super: {
htop = pkgs.symlinkJoin { htop = pkgs.symlinkJoin {
name = "htop"; name = "htop";

2
lass/2configs/pass.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
users.users.lass.packages = with pkgs; [ users.users.mainUser.packages = with pkgs; [
(pass.withExtensions (ext: [ ext.pass-otp ])) (pass.withExtensions (ext: [ ext.pass-otp ]))
gnupg gnupg
]; ];

9
lass/2configs/power-action.nix
View File

@ -32,9 +32,12 @@ in {
user = "lass"; user = "lass";
}; };
users.users.power-action.extraGroups = [ users.users.power-action = {
"audio" isNormalUser = true;
]; extraGroups = [
"audio"
];
};
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend} ${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend}

35
lass/2configs/radio.nix
View File

@ -4,7 +4,6 @@ with import <stockholm/lib>;
let let
name = "radio"; name = "radio";
mainUser = config.users.extraUsers.mainUser;
music_dir = "/home/radio/music"; music_dir = "/home/radio/music";
@ -84,6 +83,17 @@ let
}' }'
''; '';
set_irc_topic = pkgs.writeDash "set_irc_topic" ''
${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \
-H content-type:application/json \
-d "$(${pkgs.jq}/bin/jq -n \
--arg text "$1" '{
command:"TOPIC",
params:["#the_playlist",$text]
}'
)"
'';
write_to_irc = pkgs.writeDash "write_to_irc" '' write_to_irc = pkgs.writeDash "write_to_irc" ''
${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \ ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \
-H content-type:application/json \ -H content-type:application/json \
@ -128,11 +138,25 @@ in {
services.mpd = { services.mpd = {
enable = true; enable = true;
group = "radio"; user = "radio";
musicDirectory = "${music_dir}"; musicDirectory = "${music_dir}";
dataDir = "/home/radio/state"; # TODO create this somwhere
extraConfig = '' extraConfig = ''
log_level "default" log_level "default"
auto_update "yes" auto_update "yes"
volume_normalization "yes"
audio_output {
type "httpd"
name "lassulus radio mp3"
encoder "lame" # optional
port "8002"
quality "5.0" # do not define if bitrate is defined
# bitrate "128" # do not define if quality is defined
format "44100:16:2"
always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
tags "yes" # httpd supports sending tags to listening streams.
}
audio_output { audio_output {
type "httpd" type "httpd"
@ -152,6 +176,7 @@ in {
tables = { tables = {
filter.INPUT.rules = [ filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 8002"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 8001"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 8001"; target = "ACCEPT"; }
]; ];
}; };
@ -200,10 +225,10 @@ in {
${pkgs.mpc_cli}/bin/mpc idle player > /dev/null ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null
${pkgs.mpc_cli}/bin/mpc current -f %file% ${pkgs.mpc_cli}/bin/mpc current -f %file%
done | while read track; do done | while read track; do
listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | wc -l) listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | grep '^mptcp' | wc -l)
echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE"
echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
${write_to_irc} "playing: $track listeners: $listeners" ${set_irc_topic} "playing: $track listeners: $listeners"
done done
''; '';
in { in {
@ -349,7 +374,7 @@ in {
}; };
services.syncthing.declarative.folders."the_playlist" = { services.syncthing.declarative.folders."the_playlist" = {
path = "/home/radio/music/the_playlist"; path = "/home/radio/music/the_playlist";
devices = [ "mors" "phone" "prism" "xerxes" ]; devices = [ "mors" "phone" "prism" ];
}; };
krebs.permown."/home/radio/music/the_playlist" = { krebs.permown."/home/radio/music/the_playlist" = {
owner = "radio"; owner = "radio";

14
lass/2configs/review.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
in {
users.users.review = {
isNormalUser = true;
packages = [ pkgs.nixpkgs-review ];
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(review) NOPASSWD: ALL
'';
}

45
lass/2configs/websites/domsen.nix
View File

@ -170,6 +170,7 @@ in {
home = "/home/UBIK-SFTP"; home = "/home/UBIK-SFTP";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.xanf = { users.users.xanf = {
@ -178,6 +179,7 @@ in {
home = "/home/xanf"; home = "/home/xanf";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.domsen = { users.users.domsen = {
@ -185,8 +187,9 @@ in {
description = "maintenance acc for domsen"; description = "maintenance acc for domsen";
home = "/home/domsen"; home = "/home/domsen";
useDefaultShell = true; useDefaultShell = true;
extraGroups = [ "nginx" "download" ]; extraGroups = [ "syncthing" "download" "xanf" ];
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.bruno = { users.users.bruno = {
@ -194,6 +197,7 @@ in {
home = "/home/bruno"; home = "/home/bruno";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.jla-trading = { users.users.jla-trading = {
@ -201,6 +205,7 @@ in {
home = "/home/jla-trading"; home = "/home/jla-trading";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.jms = { users.users.jms = {
@ -208,6 +213,7 @@ in {
home = "/home/jms"; home = "/home/jms";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.ms = { users.users.ms = {
@ -215,6 +221,7 @@ in {
home = "/home/ms"; home = "/home/ms";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.testuser = { users.users.testuser = {
@ -222,20 +229,23 @@ in {
home = "/home/testuser"; home = "/home/testuser";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.akayguen = { #users.users.akayguen = {
uid = genid_uint31 "akayguen"; # uid = genid_uint31 "akayguen";
home = "/home/akayguen"; # home = "/home/akayguen";
useDefaultShell = true; # useDefaultShell = true;
createHome = true; # createHome = true;
}; # isNormalUser = true;
#};
users.users.bui = { users.users.bui = {
uid = genid_uint31 "bui"; uid = genid_uint31 "bui";
home = "/home/bui"; home = "/home/bui";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.klabusterbeere = { users.users.klabusterbeere = {
@ -243,6 +253,7 @@ in {
home = "/home/klabusterbeere"; home = "/home/klabusterbeere";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.kasia = { users.users.kasia = {
@ -250,6 +261,7 @@ in {
home = "/home/kasia"; home = "/home/kasia";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.XANF_TEAM = { users.users.XANF_TEAM = {
@ -258,6 +270,25 @@ in {
home = "/home/XANF_TEAM"; home = "/home/XANF_TEAM";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
};
users.users.dif = {
uid = genid_uint31 "dif";
home = "/home/dif";
useDefaultShell = true;
extraGroups = [ "xanf" ];
createHome = true;
isNormalUser = true;
};
users.users.lavafilms = {
uid = genid_uint31 "lavafilms";
home = "/home/lavafilms";
useDefaultShell = true;
extraGroups = [ "xanf" ];
createHome = true;
isNormalUser = true;
}; };
users.groups.xanf = {}; users.groups.xanf = {};

1
lass/2configs/websites/lassulus.nix
View File

@ -97,6 +97,7 @@ in {
home = "/srv/http/lassul.us"; home = "/srv/http/lassul.us";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isSystemUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [ openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey lass.pubkey
lass-mors.pubkey lass-mors.pubkey

3
lass/2configs/wine.nix
View File

@ -14,8 +14,9 @@ in {
]; ];
createHome = true; createHome = true;
packages = [ packages = [
pkgs.wineMinimal pkgs.wineWowPackages.stable
]; ];
isNormalUser = true;
}; };
}; };
security.sudo.extraConfig = '' security.sudo.extraConfig = ''

7
lass/2configs/xonsh.nix Normal file
View File

@ -0,0 +1,7 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [
pkgs.xonsh
pkgs.xonsh2
];
}

13
lass/3modules/browsers.nix
View File

@ -5,7 +5,9 @@ let
cfg = config.lass.browser; cfg = config.lass.browser;
browserScripts = { browserScripts = {
chromium = "${pkgs.chromium}/bin/chromium"; brave = "${pkgs.brave}/bin/brave";
chrome = "${pkgs.google-chrome}/bin/chrome";
chromium = "${pkgs.ungoogled-chromium}/bin/chromium";
firefox = "${pkgs.firefox.override { firefox = "${pkgs.firefox.override {
extraNativeMessagingHosts = [ pkgs.tridactyl-native ]; extraNativeMessagingHosts = [ pkgs.tridactyl-native ];
}}/bin/firefox"; }}/bin/firefox";
@ -14,8 +16,9 @@ let
browser-select = let browser-select = let
sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
(filter (x: ! x.value.hidden)
(mapAttrsToList (name: value: { inherit name value; }) (mapAttrsToList (name: value: { inherit name value; })
cfg.config); cfg.config));
in if (lib.length sortedPaths) > 1 then in if (lib.length sortedPaths) > 1 then
pkgs.writeScriptBin "browser-select" '' pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
@ -48,6 +51,10 @@ in {
type = types.str; type = types.str;
default = config._module.args.name; default = config._module.args.name;
}; };
hidden = mkOption {
type = types.bool;
default = false;
};
precedence = mkOption { precedence = mkOption {
type = types.int; type = types.int;
default = 0; default = 0;
@ -58,7 +65,7 @@ in {
}; };
browser = mkOption { browser = mkOption {
type = types.enum (attrNames browserScripts); type = types.enum (attrNames browserScripts);
default = "chromium"; default = "brave";
}; };
groups = mkOption { groups = mkOption {
type = types.listOf types.str; type = types.listOf types.str;

1
lass/3modules/xjail.nix
View File

@ -147,6 +147,7 @@ with import <stockholm/lib>;
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
extraGroups = cfg.groups; extraGroups = cfg.groups;
isNormalUser = true;
} }
) config.lass.xjail; ) config.lass.xjail;

22
lass/5pkgs/tdlib-purple/default.nix
View File

@ -1,6 +1,24 @@
{ stdenv, fetchFromGitHub, cmake, tdlib, pidgin, libwebp, libtgvoip } : { stdenv, pkgs, fetchFromGitHub, cmake, pidgin, libwebp, libtgvoip } :
stdenv.mkDerivation rec { let
tdlib = stdenv.mkDerivation rec {
version = "1.6.0";
pname = "tdlib";
src = fetchFromGitHub {
owner = "tdlib";
repo = "td";
rev = "v${version}";
sha256 = "0zlzpl6fgszg18kwycyyyrnkm255dvc6fkq0b0y32m5wvwwl36cv";
};
buildInputs = with pkgs; [ gperf openssl readline zlib ];
nativeBuildInputs = [ pkgs.cmake ];
};
in stdenv.mkDerivation rec {
pname = "tdlib-purple"; pname = "tdlib-purple";
version = "0.7.8"; version = "0.7.8";

56
lass/5pkgs/xonsh2/default.nix Normal file
View File

@ -0,0 +1,56 @@
{ lib, stdenv
, fetchFromGitHub
, python39Packages
, glibcLocales
, coreutils
, git
, extraInputs ? []
}: let
python3Packages = python39Packages;
in python3Packages.buildPythonApplication rec {
pname = "xonsh2";
version = "master";
# fetch from github because the pypi package ships incomplete tests
src = fetchFromGitHub {
owner = "anki-code";
repo = "xonsh2";
rev = "bd96fcdce9319ab6b90c7d9ac47d2249b61144d0";
sha256 = "0b632rac8macfp2mmvhh1f34cf1m5qfpjajwnf676qk7jzn79vx6";
};
LC_ALL = "en_US.UTF-8";
postPatch = ''
sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' scripts/xon.sh
find scripts -name 'xonsh*' -exec sed -i -e "s|env -S|env|" {} \;
find -name "*.xsh" | xargs sed -ie 's|/usr/bin/env|${coreutils}/bin/env|'
patchShebangs .
'';
doCheck = false;
checkPhase = ''
HOME=$TMPDIR pytest -k 'not test_repath_backslash and not test_os and not test_man_completion and not test_builtins and not test_main and not test_ptk_highlight and not test_pyghooks'
HOME=$TMPDIR pytest -k 'test_builtins or test_main' --reruns 5
HOME=$TMPDIR pytest -k 'test_ptk_highlight'
'';
checkInputs = [ python3Packages.pytest python3Packages.pytest-rerunfailures glibcLocales git ];
propagatedBuildInputs = with python3Packages; [ ply prompt_toolkit pygments ] ++ extraInputs;
meta = with lib; {
description = "A Python-ish, BASHwards-compatible shell";
homepage = "https://xon.sh/";
# changelog = "https://github.com/xonsh/xonsh/releases/tag/${version}";
license = licenses.bsd3;
platforms = platforms.all;
};
passthru = {
shellPath = "/bin/xonsh2";
};
}

3
makefu/1systems/gum/config.nix
View File

@ -126,6 +126,9 @@ in {
<stockholm/makefu/2configs/wireguard/server.nix> <stockholm/makefu/2configs/wireguard/server.nix>
<stockholm/makefu/2configs/wireguard/wiregrill.nix> <stockholm/makefu/2configs/wireguard/wiregrill.nix>
{ # recent changes mediawiki bot
networking.firewall.allowedUDPPorts = [ 5005 5006 ];
}
# Removed until move: no extra mails # Removed until move: no extra mails
# <stockholm/makefu/2configs/urlwatch> # <stockholm/makefu/2configs/urlwatch>
# Removed until move: avoid letsencrypt ban # Removed until move: avoid letsencrypt ban

5
makefu/1systems/omo/config.nix
View File

@ -43,7 +43,6 @@ in {
<stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/desktop.nix> <stockholm/makefu/2configs/tools/desktop.nix>
<stockholm/makefu/2configs/tools/mobility.nix> <stockholm/makefu/2configs/tools/mobility.nix>
{ environment.systemPackages = [ pkgs.esniper ]; }
#<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix> #<stockholm/makefu/2configs/share-user-sftp.nix>
@ -97,7 +96,7 @@ in {
<stockholm/makefu/2configs/home/airsonic.nix> <stockholm/makefu/2configs/home/airsonic.nix>
<stockholm/makefu/2configs/home/photoprism.nix> <stockholm/makefu/2configs/home/photoprism.nix>
<stockholm/makefu/2configs/home/metube.nix> # <stockholm/makefu/2configs/home/metube.nix>
<stockholm/makefu/2configs/home/ham> <stockholm/makefu/2configs/home/ham>
<stockholm/makefu/2configs/home/zigbee2mqtt> <stockholm/makefu/2configs/home/zigbee2mqtt>
{ {
@ -141,6 +140,7 @@ in {
]; ];
makefu.full-populate = true; makefu.full-populate = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
users.users.share.isNormalUser = true;
users.groups.share = { users.groups.share = {
gid = (import <stockholm/lib>).genid "share"; gid = (import <stockholm/lib>).genid "share";
members = [ "makefu" "misa" ]; members = [ "makefu" "misa" ];
@ -152,6 +152,7 @@ in {
users.users.misa = { users.users.misa = {
uid = 9002; uid = 9002;
name = "misa"; name = "misa";
isNormalUser = true;
}; };
zramSwap.enable = true; zramSwap.enable = true;

2
makefu/1systems/x/config.nix
View File

@ -130,7 +130,7 @@
# Virtualization # Virtualization
# <stockholm/makefu/2configs/virtualisation/libvirt.nix> # <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/virtualisation/docker.nix>
# <stockholm/makefu/2configs/virtualisation/virtualbox.nix> <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
#{ #{
# networking.firewall.allowedTCPPorts = [ 8080 ]; # networking.firewall.allowedTCPPorts = [ 8080 ];
# networking.nat = { # networking.nat = {

6
makefu/1systems/x/x13/default.nix
View File

@ -8,7 +8,7 @@
<nixos-hardware/lenovo/thinkpad/l14/amd> # close enough <nixos-hardware/lenovo/thinkpad/l14/amd> # close enough
# <stockholm/makefu/2configs/hw/tpm.nix> # <stockholm/makefu/2configs/hw/tpm.nix>
<stockholm/makefu/2configs/hw/ssd.nix> <stockholm/makefu/2configs/hw/ssd.nix>
<stockholm/makefu/2configs/hw/xmm7360.nix> # <stockholm/makefu/2configs/hw/xmm7360.nix>
]; ];
boot.zfs.requestEncryptionCredentials = true; boot.zfs.requestEncryptionCredentials = true;
networking.hostId = "f8b8e0a2"; networking.hostId = "f8b8e0a2";
@ -32,5 +32,9 @@
users.groups.video = {}; users.groups.video = {};
users.users.makefu.extraGroups = [ "video" ]; users.users.makefu.extraGroups = [ "video" ];
boot.extraModprobeConfig = ''
options thinkpad_acpi fan_control=1
'';
} }

1
makefu/1systems/x/x13/zfs.nix
View File

@ -13,6 +13,7 @@
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.zfs.enableUnstable = true; # required for 21.05
fileSystems."/" = fileSystems."/" =
{ device = "zroot/root/nixos"; { device = "zroot/root/nixos";
fsType = "zfs"; fsType = "zfs";

1
makefu/2configs/bgt/download.binaergewitter.de.nix
View File

@ -22,6 +22,7 @@ in {
uid = genid "auphonic"; uid = genid "auphonic";
group = "nginx"; group = "nginx";
useDefaultShell = true; useDefaultShell = true;
isSystemUser = true;
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
}; };

4
makefu/2configs/bgt/hidden_service.nix
View File

@ -41,8 +41,8 @@ in
services.tor = { services.tor = {
enable = true; enable = true;
hiddenServices."${name}".map = [ hiddenServices."${name}".map = [
{ port = "80"; } { port = 80; }
# { port = "443"; toHost = "blog.binaergewitter.de"; } # { port = 443; toHost = "blog.binaergewitter.de"; }
]; ];
}; };
} }

2
makefu/2configs/bgt/social-to-irc.nix
View File

@ -13,7 +13,7 @@
channel = "#binaergewitter"; channel = "#binaergewitter";
notifyErrors = false; notifyErrors = false;
irc = { irc = {
host = "irc.freenode.net"; host = "irc.libera.chat";
port = 6667; port = 6667;
}; };
#controller = { #controller = {

2
makefu/2configs/bureautomation/default.nix
View File

@ -6,7 +6,7 @@ in {
imports = [ imports = [
./ota.nix ./ota.nix
./comic-updater.nix ./comic-updater.nix
./puppy-proxy.nix # ./puppy-proxy.nix
./zigbee2mqtt ./zigbee2mqtt

3
makefu/2configs/dcpp/hub.nix
View File

@ -33,10 +33,11 @@ let
uhubDir = "/var/lib/uhub"; uhubDir = "/var/lib/uhub";
in { in {
users.extraUsers."${ddclientUser}" = { users.users."${ddclientUser}" = {
uid = genid "ddclient"; uid = genid "ddclient";
description = "ddclient daemon user"; description = "ddclient daemon user";
home = stateDir; home = stateDir;
isSystemUser = true;
createHome = true; createHome = true;
}; };

1
makefu/2configs/default.nix
View File

@ -23,6 +23,7 @@ with import <stockholm/lib>;
group = "users"; group = "users";
home = "/home/makefu"; home = "/home/makefu";
createHome = true; createHome = true;
isNormalUser = true;
useDefaultShell = true; useDefaultShell = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];

2
makefu/2configs/deployment/dirctator.nix
View File

@ -15,7 +15,7 @@ in {
inputConfig = '' inputConfig = ''
irc { irc {
channels => [ "#krebs", "#afra" ] channels => [ "#krebs", "#afra" ]
host => "irc.freenode.net" host => "irc.hackint.org"
nick => "dirctator" nick => "dirctator"
} }
''; '';

2
makefu/2configs/deployment/owncloud.nix
View File

@ -75,7 +75,7 @@ in {
}; };
}; };
services.redis.enable = true; services.redis.enable = true;
systemd.services.redis.serviceConfig.LimitNOFILE=65536; systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536";
services.postgresql = { services.postgresql = {
enable = true; enable = true;
# Ensure the database, user, and permissions always exist # Ensure the database, user, and permissions always exist

5
makefu/2configs/deployment/rss.euer.krebsco.de.nix
View File

@ -7,6 +7,11 @@ in {
virtualHost = fqdn; virtualHost = fqdn;
selfUrlPath = "https://${fqdn}"; selfUrlPath = "https://${fqdn}";
}; };
nixpkgs.config.permittedInsecurePackages = [
"python2.7-Pillow-6.2.2"
];
systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php"; systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php";
services.postgresql.package = pkgs.postgresql_9_6; services.postgresql.package = pkgs.postgresql_9_6;
state = [ config.services.postgresqlBackup.location ]; state = [ config.services.postgresqlBackup.location ];

2
makefu/2configs/elchos/irc-token.nix
View File

@ -17,7 +17,7 @@ in {
echo "$message" echo "$message"
LOGNAME=sec-announcer LOGNAME=sec-announcer
HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --transient) HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --transient)
IRC_SERVER=irc.freenode.net IRC_SERVER=irc.hackint.org
IRC_PORT=6667 IRC_PORT=6667
IRC_NICK=$HOSTNAME-$$ IRC_NICK=$HOSTNAME-$$
IRC_CHANNEL='#eloop' IRC_CHANNEL='#eloop'

2
makefu/2configs/filepimp-share.nix
View File

@ -6,7 +6,7 @@ let
in { in {
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest; # effectively systemUser
description = "smb guest user"; description = "smb guest user";
home = "/var/empty"; home = "/var/empty";
}; };

10
makefu/2configs/home/ham/automation/fenster_auf.nix
View File

@ -19,8 +19,8 @@ let
[ [
{ {
service = "notify.signal_home"; service = "notify.signal_home";
data = { data_template = {
message= "${name} seit ${toString min} Minuten offen\nBitte einmal checken ob das ok ist :)"; message = "${name} seit ${toString min} Minuten offen und draussen ist es gerade {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte";
}; };
} }
{ {
@ -36,6 +36,7 @@ let
platform = "state"; platform = "state";
entity_id = entity; entity_id = entity;
to = "off"; to = "off";
for.seconds = 10;
} }
]; ];
condition = [ condition = [
@ -61,12 +62,13 @@ let
in { in {
services.home-assistant.config = { services.home-assistant.config = {
input_boolean = { input_boolean = {
badezimmerfinester_lang_offen.name = "Badezimmer lange offen"; badezimmerfenster_lang_offen.name = "Badezimmer lange offen";
duschfenster_lang_offen.name = "Duschfenster lange offen"; duschfenster_lang_offen.name = "Duschfenster lange offen";
}; };
automation = [ automation = [
(fenster_geschlossen_lang "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact") (fenster_geschlossen_lang "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact")
(fenster_geschlossen_lang "Duschfenster" "binary_sensor.badezimmer_fenster_contact") (fenster_geschlossen_lang "Duschfenster" "binary_sensor.dusche_fenster_contact")
(fenster_offen "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact") (fenster_offen "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact")
(fenster_offen "Duschfenster" "binary_sensor.dusche_fenster_contact") (fenster_offen "Duschfenster" "binary_sensor.dusche_fenster_contact")
]; ];

28
makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix
View File

@ -5,22 +5,22 @@ let
}; };
notify_home = message: { notify_home = message: {
service = "notify.signal_home"; service = "notify.signal_home";
data.message = message; data_template.message = message;
}; };
in in
{ {
services.home-assistant.config.automation = services.home-assistant.config.automation =
[ [
{ #{
alias = "Pflanzen Giessen Erinnerung Daily"; # alias = "Pflanzen Giessen Erinnerung Daily";
trigger = { # trigger = {
platform = "time"; # platform = "time";
at = "12:15:00"; # at = "12:15:00";
}; # };
action = [ # action = [
(notify_felix "Es ist Mittagszeit und du kannst ruhig einmal alle Blumen im Zimmer giessen") # (notify_felix "Es ist Mittagszeit und du kannst ruhig einmal alle Blumen im Zimmer giessen")
]; # ];
} #}
{ {
alias = "Pflanzen Giessen Erinnerung Weekly"; alias = "Pflanzen Giessen Erinnerung Weekly";
trigger = { trigger = {
@ -32,7 +32,11 @@ in
weekday = [ "sat" ]; weekday = [ "sat" ];
}; };
action = [ action = [
(notify_home "Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen.") (notify_home
''Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen.
Die Wettervorhersage: {{states.sensor.dark_sky_summary.state}} mit einer Regenwahrscheinlichkeit von {{states.sensor.dark_sky_precip_probability.state}}%.
Aktuell sind es {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte.
Der UV Index liegt bei {{states.sensor.dark_sky_uv_index.state}}'')
]; ];
} }
]; ];

3
makefu/2configs/home/ham/default.nix
View File

@ -180,7 +180,8 @@ in {
frontend = { }; frontend = { };
http = { http = {
use_x_forwarded_for = true; use_x_forwarded_for = true;
server_host = "127.0.0.1"; #server_host = "127.0.0.1";
server_host = "0.0.0.0";
trusted_proxies = [ "127.0.0.1" ]; trusted_proxies = [ "127.0.0.1" ];
#trusted_proxies = [ "192.168.1.0/24" ]; #trusted_proxies = [ "192.168.1.0/24" ];
}; };

5
makefu/2configs/home/metube.nix
View File

@ -26,7 +26,10 @@ in
]; ];
user = "metube"; user = "metube";
}; };
users.users.metube.uid = uid; users.users.metube = {
uid = uid;
isSystemUser = true;
};
systemd.services.docker-metube.serviceConfig = { systemd.services.docker-metube.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";

2
makefu/2configs/home/zigbee2mqtt/default.nix
View File

@ -20,7 +20,7 @@ in
services.zigbee2mqtt = { services.zigbee2mqtt = {
enable = true; enable = true;
inherit dataDir; inherit dataDir;
config = { settings = {
permit_join = true; permit_join = true;
serial.port = "/dev/cc2531"; serial.port = "/dev/cc2531";
homeassistant = true; homeassistant = true;

2
makefu/2configs/lanparty/samba.nix
View File

@ -3,7 +3,7 @@
networking.firewall.allowedTCPPorts = [ 139 445 ]; networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest; #effectively systemUser
description = "smb guest user"; description = "smb guest user";
home = "/data/lanparty"; home = "/data/lanparty";
createHome = true; createHome = true;

1
makefu/2configs/nsupdate-data.nix
View File

@ -34,6 +34,7 @@ in {
description = "ddclient daemon user"; description = "ddclient daemon user";
home = stateDir; home = stateDir;
createHome = true; createHome = true;
isSystemUser = true;
}; };
systemd.services = { systemd.services = {

15
makefu/2configs/remote-build/slave.nix
View File

@ -1,11 +1,12 @@
{config,...}:{ {config,...}:{
nix.trustedUsers = [ "nixBuild" ]; nix.trustedUsers = [ "nixBuild" ];
users.users.nixBuild = { users.users.nixBuild = {
name = "nixBuild"; name = "nixBuild";
useDefaultShell = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ useDefaultShell = true;
config.krebs.users.buildbotSlave.pubkey openssh.authorizedKeys.keys = [
config.krebs.users.makefu-remote-builder.pubkey config.krebs.users.buildbotSlave.pubkey
]; config.krebs.users.makefu-remote-builder.pubkey
}; ];
};
} }

1
makefu/2configs/share-user-sftp.nix
View File

@ -5,6 +5,7 @@
share = { share = {
uid = 9002; uid = 9002;
home = "/var/empty"; home = "/var/empty";
isNormalUser = true;
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
}; };
}; };

5
makefu/2configs/share/gum.nix
View File

@ -11,7 +11,10 @@ in {
# home = "/var/empty"; # home = "/var/empty";
# }; # };
environment.systemPackages = [ pkgs.samba ]; environment.systemPackages = [ pkgs.samba ];
users.users.download.uid = genid "download"; users.users.download = {
uid = genid "download";
isNormalUser = true;
};
services.samba = { services.samba = {
enable = true; enable = true;
shares = { shares = {

2
makefu/2configs/share/temp-share-samba.nix
View File

@ -9,7 +9,7 @@
networking.firewall.allowedTCPPorts = [ 139 445 ]; networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest; # effectively systemUser
description = "smb guest user"; description = "smb guest user";
home = "/home/share"; home = "/home/share";
createHome = true; createHome = true;

2
makefu/2configs/share/wbob.nix
View File

@ -3,7 +3,7 @@
networking.firewall.allowedTCPPorts = [ 139 445 ]; networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest; # effectively systemUser
description = "smb guest user"; description = "smb guest user";
home = "/home/share"; home = "/home/share";
createHome = true; createHome = true;

1
makefu/2configs/stats/arafetch.nix
View File

@ -23,6 +23,7 @@ in {
uid = genid "arafetch"; uid = genid "arafetch";
inherit home; inherit home;
createHome = true; createHome = true;
isSystemUser = true;
}; };
systemd.services.ara2mqtt = { systemd.services.ara2mqtt = {

2
makefu/2configs/systemdultras/ircbot.nix
View File

@ -11,7 +11,7 @@
config = { config = {
channel = "#systemdultras"; channel = "#systemdultras";
irc = { irc = {
host = "irc.freenode.net"; host = "irc.hackint.org";
port = 6667; port = 6667;
}; };
notifyErrors = false; notifyErrors = false;

2
makefu/2configs/temp/share-samba.nix
View File

@ -1,7 +1,7 @@
{config, ... }:{ {config, ... }:{
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest; # effectively systemUser
group = "share"; group = "share";
description = "smb guest user"; description = "smb guest user";
home = "/var/empty"; home = "/var/empty";

3
makefu/2configs/tools/extra-gui.nix
View File

@ -16,7 +16,10 @@
saleae-logic saleae-logic
gitAndTools.gitFull gitAndTools.gitFull
signal-desktop signal-desktop
element-desktop
# rambox # rambox
vscode vscode
chitubox
]; ];
} }

2
makefu/2configs/tools/media.nix
View File

@ -15,6 +15,6 @@
streamripper streamripper
youtube-dl youtube-dl
pulseeffects pulseeffects-legacy # for pulse
]; ];
} }

2
makefu/2configs/tools/sec.nix
View File

@ -4,7 +4,7 @@
users.users.makefu.packages = with pkgs; [ users.users.makefu.packages = with pkgs; [
aria2 aria2
# mitmproxy # mitmproxy
pythonPackages.binwalk-full python3Packages.binwalk-full
dnsmasq dnsmasq
iodine iodine
mtr mtr

1
makefu/3modules/ps3netsrv.nix
View File

@ -50,6 +50,7 @@ let
# TODO only create if user is ps3netsrv # TODO only create if user is ps3netsrv
users.users.ps3netsrv = { users.users.ps3netsrv = {
uid = genid "ps3netsrv"; uid = genid "ps3netsrv";
isSystemUser = true;
}; };
users.groups.ps3netsrv.gid = genid "ps3netsrv"; users.groups.ps3netsrv.gid = genid "ps3netsrv";
}; };

2
makefu/5pkgs/awesomecfg/full.cfg
View File

@ -489,6 +489,8 @@ awful.rules.rules = {
properties = { tag = tags[4] } }, properties = { tag = tags[4] } },
{ rule = { class = "telegram-desktop" }, { rule = { class = "telegram-desktop" },
properties = { tag = tags[4] } }, properties = { tag = tags[4] } },
{ rule = { class = "element-desktop" },
properties = { tag = tags[4] } },
{ rule = { class = "mutt" }, { rule = { class = "mutt" },
properties = { tag = tags[5] } }, properties = { tag = tags[5] } },
{ rule = { class = "mosh" }, { rule = { class = "mosh" },

67
makefu/5pkgs/chitubox/default.nix Normal file
View File

@ -0,0 +1,67 @@
{ stdenv, autoPatchelfHook, libglvnd
, libgcrypt,zlib,glib,fontconfig,freetype,libdrm
, libxkbcommon
, libpulseaudio
, xlibs
, gst_all_1
, kerberos
, alsaLib
}:
# via https://raw.githubusercontent.com/simon-the-sourcerer-ab/chitubox/main/default.nix
stdenv.mkDerivation rec {
pname = "chitubox";
version = "1.8.1";
src = builtins.fetchTarball {
#url = "https://sac.chitubox.com/software/download.do?softwareId=17839&softwareVersionId=v${version}&fileName=CHITUBOX_V${version}.tar.gz";
url = "https://archive.org/download/chitubox-v-1.8.1.tar/CHITUBOX_V${version}.tar.gz";
sha256 = "08fh8w7s5qvlx6bhdg24g81a7zprq7n8m27w2vdv0cd8j0wixbsx";
};
nativeBuildInputs = [ autoPatchelfHook ];
buildInputs = with xlibs; [ stdenv.cc.cc.lib libglvnd libgcrypt zlib glib fontconfig freetype libdrm
libxkbcommon libpulseaudio kerberos alsaLib
xcbutilwm xcbutilimage xcbutilrenderutil xcbutilkeysyms
gst_all_1.gst-plugins-base gst_all_1.gstreamer
];
buildPhase = ''
mkdir -p bin
mv CHITUBOX bin/chitubox
# Remove unused stuff
rm AppRun
# Place resources where ChiTuBox can expect to find them
mkdir ChiTuBox
mv resource ChiTuBox/
# Configure Qt paths
cat << EOF > bin/qt.conf
[Paths]
Prefix = $out
Plugins = plugins
Imports = qml
Qml2Imports = qml
EOF
'';
installPhase = ''
mkdir -p $out
mv * $out/
'';
autoPatchelfIgnoreMissingDeps=true;
meta = {
description = "A Revolutionary Tool to Change 3D Printing Processes within One Click";
homepage = "https://www.chitubox.com";
license = {
fullName = "ChiTuBox EULA";
shortName = "ChiTuBox";
url = "https://www.chitubox.com";
};
};
}

55
makefu/5pkgs/droidcam/default.nix
View File

@ -1,55 +0,0 @@
{ stdenv, fetchFromGitHub
, pkg-config
, alsaLib
, libjpeg_turbo
, ffmpeg
, libusbmuxd
, speex
, gtk3
, libappindicator-gtk3
}:
stdenv.mkDerivation rec {
pname = "droidcam";
version = "1.6";
src = fetchFromGitHub {
owner = "aramg";
repo = "droidcam";
rev = "v${version}";
sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx";
};
sourceRoot = "source/linux";
nativeBuildInputs = [ pkg-config ];
buildInputs = [
alsaLib
libjpeg_turbo
ffmpeg
libusbmuxd
speex
gtk3
libappindicator-gtk3
];
buildPhase = ''
runHook preBuild
make JPEG_DIR="" JPEG_INCLUDE="" JPEG_LIB="" JPEG="$(pkg-config --libs --cflags libturbojpeg)"
'';
installPhase = ''
runHook preInstall
install -Dm755 "droidcam" "$out/bin/droidcam"
install -Dm755 "droidcam-cli" "$out/bin/droidcam-cli"
install -Dm644 icon2.png "$out/share/pixmaps/droidcam.png"
install -Dm644 README.md "$out/share/licenses/droidcam/LICENSE"
'';
meta = with stdenv.lib; {
description = "A kernel module to create V4L2 loopback devices";
homepage = "https://github.com/aramg/droidcam";
license = licenses.gpl2;
maintainers = [ maintainers.makefu ];
platforms = platforms.linux;
};
}

Some files were not shown because too many files have changed in this diff Show More