Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branches 'gum/master' and 'prism/master'

Browse Source
This commit is contained in:
tv 2017-05-16 23:32:10 +02:00
commit 1181cd4424
58 changed files with 696 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
krebs/3modules/default.nix
View File

@ -34,10 +34,10 @@ let
./Reaktor.nix ./Reaktor.nix
./realwallpaper.nix ./realwallpaper.nix
./retiolum-bootstrap.nix ./retiolum-bootstrap.nix
./retiolum.nix
./rtorrent.nix ./rtorrent.nix
./secret.nix ./secret.nix
./setuid.nix ./setuid.nix
./tinc.nix
./tinc_graphs.nix ./tinc_graphs.nix
./urlwatch.nix ./urlwatch.nix
./repo-sync.nix ./repo-sync.nix

30
krebs/3modules/lass/default.nix
View File

@ -10,7 +10,7 @@ with import <stockholm/lib>;
internet = { internet = {
ip4.addr = "144.76.172.188"; ip4.addr = "144.76.172.188";
aliases = [ aliases = [
"dishfire.internet" "dishfire.i"
]; ];
ssh.port = 45621; ssh.port = 45621;
}; };
@ -42,7 +42,7 @@ with import <stockholm/lib>;
internet = { internet = {
ip4.addr = "104.233.79.118"; ip4.addr = "104.233.79.118";
aliases = [ aliases = [
"echelon.internet" "echelon.i"
]; ];
ssh.port = 45621; ssh.port = 45621;
}; };
@ -82,9 +82,8 @@ with import <stockholm/lib>;
internet = { internet = {
ip4.addr = "213.239.205.240"; ip4.addr = "213.239.205.240";
aliases = [ aliases = [
"prism.internet" "prism.i"
"paste.i" "paste.i"
"paste.internet"
]; ];
ssh.port = 45621; ssh.port = 45621;
}; };
@ -132,7 +131,7 @@ with import <stockholm/lib>;
internet = { internet = {
ip4.addr = "104.167.113.104"; ip4.addr = "104.167.113.104";
aliases = [ aliases = [
"cloudkrebs.internet" "cloudkrebs.i"
]; ];
ssh.port = 45621; ssh.port = 45621;
}; };
@ -302,6 +301,27 @@ with import <stockholm/lib>;
iso = { iso = {
cores = 1; cores = 1;
}; };
sokrateslaptop = {
nets = {
retiolum = {
ip4.addr = "10.243.142.104";
ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc";
aliases = [
"sokrateslaptop.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
}; };
users = { users = {
lass = { lass = {

26
krebs/3modules/makefu/default.nix
View File

@ -26,6 +26,31 @@ with import <stockholm/lib>;
}; };
}; };
}; };
studio = rec {
cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
nets = {
retiolum = {
ip4.addr = "10.243.227.163";
ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6";
aliases = [
"studio.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
fileleech = rec { fileleech = rec {
cores = 4; cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
@ -449,6 +474,7 @@ with import <stockholm/lib>;
nets = rec { nets = rec {
internet = { internet = {
ip4.addr = "188.68.40.19"; ip4.addr = "188.68.40.19";
ip6.addr = "2a03:4000:17:2df::1";
aliases = [ aliases = [
"gum.i" "gum.i"
]; ];

48
krebs/3modules/retiolum.nix → krebs/3modules/tinc.nix
View File

@ -17,6 +17,27 @@ let
in { in {
enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; };
enableLegacy = mkEnableOption "/etc/tinc/${netname}";
confDir = mkOption {
type = types.package;
default = pkgs.linkFarm "${netname}-etc-tinc"
(mapAttrsToList (name: path: { inherit name path; }) {
"hosts" = tinc.config.hostsPackage;
"tinc.conf" = pkgs.writeText "${netname}-tinc.conf" ''
Name = ${tinc.config.host.name}
Interface = ${netname}
${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo}
PrivateKeyFile = ${tinc.config.privkey.path}
Port = ${toString tinc.config.host.nets.${netname}.tinc.port}
${tinc.config.extraConfig}
'';
"tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
${tinc.config.iproutePackage}/sbin/ip link set ${netname} up
${tinc.config.tincUp}
'';
});
};
host = mkOption { host = mkOption {
type = types.host; type = types.host;
@ -175,29 +196,16 @@ let
} }
) config.krebs.tinc; ) config.krebs.tinc;
environment.etc = mapAttrs' (netname: cfg:
nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy {
source = cfg.confDir;
})
) config.krebs.tinc;
systemd.services = mapAttrs (netname: cfg: systemd.services = mapAttrs (netname: cfg:
let let
tinc = cfg.tincPackage; tinc = cfg.tincPackage;
iproute = cfg.iproutePackage; iproute = cfg.iproutePackage;
confDir = let
namePathPair = name: path: { inherit name path; };
in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair {
"hosts" = cfg.hostsPackage;
"tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
Name = ${cfg.host.name}
Interface = ${netname}
${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
PrivateKeyFile = ${cfg.privkey.path}
Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port}
${cfg.extraConfig}
'';
"tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
${iproute}/sbin/ip link set ${netname} up
${cfg.tincUp}
'';
}
);
in { in {
description = "Tinc daemon for ${netname}"; description = "Tinc daemon for ${netname}";
after = [ "network.target" ]; after = [ "network.target" ];
@ -206,7 +214,7 @@ let
path = [ tinc iproute ]; path = [ tinc iproute ];
serviceConfig = rec { serviceConfig = rec {
Restart = "always"; Restart = "always";
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
SyslogIdentifier = netname; SyslogIdentifier = netname;
}; };
} }

8
krebs/5pkgs/Reaktor/scripts/sed-plugin.py
View File

@ -3,14 +3,16 @@
# Usage: # Usage:
# _from=krebs state_dir=. python sed-plugin.py 'dick butt' # _from=krebs state_dir=. python sed-plugin.py 'dick butt'
# _from=krebs state_dir=. python sed-plugin.py 's/t/l/g' # _from=krebs state_dir=. python sed-plugin.py 's/t/l/g'
## dick bull # > dick bull
import shelve import shelve
from os import environ from os import environ
from os.path import join from os.path import join
from sys import argv from sys import argv
import re
d = shelve.open(join(environ['state_dir'], 'sed-plugin.shelve'), writeback=True) d = shelve.open(join(environ['state_dir'], 'sed-plugin.shelve'), writeback=True)
usr = environ['_from'] usr = environ['_from']
import re
def is_regex(line): def is_regex(line):
myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$') myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$')
@ -27,7 +29,7 @@ if is_regex(line):
if p.returncode: if p.returncode:
print("something went wrong when trying to process your regex: {}".format(se.decode())) print("something went wrong when trying to process your regex: {}".format(se.decode()))
ret = so.decode() ret = so.decode()
print("\x1b[1m{}\x1b[0m meinte: {}".format(usr,ret.strip())) print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
if ret: if ret:
d[usr] = ret d[usr] = ret

15
krebs/5pkgs/goify/default.nix
View File

@ -1,17 +1,18 @@
{ pkgs, ... }: { pkgs, ... }:
pkgs.writeDashBin "goify" '' pkgs.writeBashBin "goify" ''
set -euf set -euf
GO_HOST=''${GO_HOST:-go} GO_HOST=''${GO_HOST:-go}
while read line; do while read line; do
echo "$line" | sed -E 's|https?://\S*|\n&\n|g' | while read word; do echo "$line" | sed 's|https\?://\S*|\n&\n|g' | while read word; do
if echo "$word" | grep -Eq ^https?:; then if echo "$word" | grep -q '^https\?:'; then
${pkgs.curl}/bin/curl -Ss -F uri="$word" http://"$GO_HOST" | tr -d '\r' ${pkgs.curl}/bin/curl -Ss -F uri="$word" http://"$GO_HOST" \
| tr -d '\r'
else else
echo "$word"; echo "$word"
fi; fi
done | sed '/^$/d' | tr '\n' ' '; echo; done | grep . | tr '\n' ' '; echo
done done
'' ''

18
krebs/5pkgs/haskell-overrides/news.nix Normal file
View File

@ -0,0 +1,18 @@
{ mkDerivation, base, bloomfilter, bytestring, feed, fetchgit, lens
, stdenv, wreq
}:
mkDerivation {
pname = "news";
version = "1.0.0";
src = fetchgit {
url = "http://cgit.lassul.us/news";
sha256 = "1n3ffr2a5irr5aly0y7qsafag3kxvyyh077ayk0vdwbd0s9hvnjs";
rev = "c3eb2c0a1a34fc41e18d0bc99b1c4dc73aa6eb20";
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
base bloomfilter bytestring feed lens wreq
];
license = stdenv.lib.licenses.mit;
}

4
krebs/5pkgs/weechat/default.nix
View File

@ -21,12 +21,12 @@ let
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "1.7.1"; version = "1.8";
name = "weechat-${version}"; name = "weechat-${version}";
src = fetchurl { src = fetchurl {
url = "http://weechat.org/files/src/weechat-${version}.tar.bz2"; url = "http://weechat.org/files/src/weechat-${version}.tar.bz2";
sha256 = "1020m1lsm8lg9n0dlxgp2wbn9b0r11g8r0namnzi2x6gvxn7iyf0"; sha256 = "10km0437lg9ms6f16h20s89l2w9f9g597rykybxb16s95ql48z08";
}; };
outputs = [ "out" "doc" ]; outputs = [ "out" "doc" ];

1
lass/1systems/helios.nix
View File

@ -48,6 +48,7 @@ with import <stockholm/lib>;
maven maven
arandr arandr
libreoffice libreoffice
mpv
]; ];
} }
#{ #{

1
lass/1systems/iso.nix
View File

@ -7,7 +7,6 @@ with import <stockholm/lib>;
../../krebs ../../krebs
../3modules ../3modules
../5pkgs ../5pkgs
../2configs/binary-cache/client.nix
../2configs/mc.nix ../2configs/mc.nix
../2configs/nixpkgs.nix ../2configs/nixpkgs.nix
../2configs/vim.nix ../2configs/vim.nix

2
lass/1systems/prism.nix
View File

@ -256,7 +256,7 @@ in {
{ {
krebs.Reaktor.coders = { krebs.Reaktor.coders = {
nickname = "Reaktor|lass"; nickname = "Reaktor|lass";
channels = [ "#coders" ]; channels = [ "#coders" "#germany" ];
extraEnviron = { extraEnviron = {
REAKTOR_HOST = "irc.hackint.org"; REAKTOR_HOST = "irc.hackint.org";
}; };

47
lass/2configs/buildbot-standalone.nix
View File

@ -92,7 +92,6 @@ in {
nixshell = [ nixshell = [
"nix-shell", "nix-shell",
"-I", "stockholm=.", "-I", "stockholm=.",
"-I", "nixpkgs=/var/src/nixpkgs",
"-p" "-p"
] + deps + [ "--run" ] ] + deps + [ "--run" ]
@ -107,11 +106,9 @@ in {
for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
addShell(f,name="build-{}".format(i),env=env_shared, addShell(f,name="build-{}".format(i),env=env_shared,
command=nixshell + \ command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
make \ make NIX_PATH=$HOME/$LOGNAME test method=build \
test \ target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=build \
system={}".format(i) system={}".format(i)
] ]
) )
@ -119,11 +116,9 @@ in {
for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
addShell(f,name="build-{}".format(i),env=env_lass, addShell(f,name="build-{}".format(i),env=env_lass,
command=nixshell + \ command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
make \ make NIX_PATH=$HOME/$LOGNAME test method=build \
test \ target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=build \
system={}".format(i) system={}".format(i)
] ]
) )
@ -131,11 +126,9 @@ in {
for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: for i in [ "x", "wry", "vbob", "wbob", "shoney" ]:
addShell(f,name="build-{}".format(i),env=env_makefu, addShell(f,name="build-{}".format(i),env=env_makefu,
command=nixshell + \ command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
make \ make NIX_PATH=$HOME/$LOGNAME test method=build \
test \ target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=build \
system={}".format(i) system={}".format(i)
] ]
) )
@ -143,11 +136,9 @@ in {
for i in [ "hiawatha", "onondaga" ]: for i in [ "hiawatha", "onondaga" ]:
addShell(f,name="build-{}".format(i),env=env_nin, addShell(f,name="build-{}".format(i),env=env_nin,
command=nixshell + \ command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
make \ make NIX_PATH=$HOME/$LOGNAME test method=build \
test \ target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=build \
system={}".format(i) system={}".format(i)
] ]
) )
@ -211,7 +202,7 @@ in {
]: ]:
addShell(f,name="build-{}".format(i),env=env_lass, addShell(f,name="build-{}".format(i),env=env_lass,
command=nixshell + \ command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
make system=prism pkgs.{}".format(i)]) make system=prism pkgs.{}".format(i)])
bu.append(util.BuilderConfig(name="build-pkgs", bu.append(util.BuilderConfig(name="build-pkgs",
@ -255,7 +246,7 @@ in {
options.lass.build-ssh-privkey = mkOption { options.lass.build-ssh-privkey = mkOption {
type = types.secret-file; type = types.secret-file;
default = { default = {
path = "${config.users.users.buildbotworker.home}/ssh.privkey"; path = "${config.users.users.buildbotworker.home}/.ssh/id_rsa";
owner = { inherit (config.users.users.buildbotworker ) name uid;}; owner = { inherit (config.users.users.buildbotworker ) name uid;};
source-path = toString <secrets> + "/build.ssh.key"; source-path = toString <secrets> + "/build.ssh.key";
}; };
@ -263,16 +254,10 @@ in {
config.krebs.secret.files = { config.krebs.secret.files = {
build-ssh-privkey = config.lass.build-ssh-privkey; build-ssh-privkey = config.lass.build-ssh-privkey;
}; };
config.users.users = { config.users.users.buildbotworker = {
build = {
name = "build";
uid = genid "build";
home = "/home/build";
useDefaultShell = true; useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP"
]; ];
}; };
};
} }

1
lass/2configs/default.nix
View File

@ -150,6 +150,7 @@ with import <stockholm/lib>;
untilport untilport
usbutils usbutils
logify logify
goify
#unpack stuff #unpack stuff
p7zip p7zip

4
lass/2configs/git.nix
View File

@ -30,6 +30,10 @@ let
rules = concatMap make-rules (attrValues repos); rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo { public-repos = mapAttrs make-public-repo {
news = {
cgit.desc = "take a rss feed and a timeout and print it to stdout";
cgit.section = "software";
};
stockholm = { stockholm = {
cgit.desc = "take all the computers hostage, they'll love you!"; cgit.desc = "take all the computers hostage, they'll love you!";
cgit.section = "configuration"; cgit.section = "configuration";

2
lass/2configs/ircd.nix
View File

@ -94,6 +94,8 @@
general { general {
#maybe we want ident someday? #maybe we want ident someday?
disable_auth = yes; disable_auth = yes;
throttle_duration = 1;
throttle_count = 1000;
}; };
''; '';
}; };

2
lass/2configs/mpv.nix
View File

@ -34,7 +34,7 @@ let
down = moveToDir "Y" "./down"; down = moveToDir "Y" "./down";
in { in {
krebs.per-user.lass.packages = [ environment.systemPackages = [
mpv mpv
]; ];
} }

35
lass/2configs/newsbot-js.nix
View File

@ -3,19 +3,17 @@
let let
newsfile = pkgs.writeText "feeds" '' newsfile = pkgs.writeText "feeds" ''
aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news
aktuelle_themen|http://bundestag.de/service/rss/Bundestag_Aktuelle_Themen.rss|#news #bundestag
allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#news allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#news
anon|http://anoninsiders.net/feed/|#news
antirez|http://antirez.com/rss|#news antirez|http://antirez.com/rss|#news
arbor|http://feeds2.feedburner.com/asert/|#news arbor|http://feeds2.feedburner.com/asert/|#news
archlinux|http://www.archlinux.org/feeds/news/|#news archlinux|http://www.archlinux.org/feeds/news/|#news
ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
augustl|http://augustl.com/atom.xml|#news augustl|http://augustl.com/atom.xml|#news
bbc|http://feeds.bbci.co.uk/news/rss.xml|#news bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#news
bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag
bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag
bdt_pressemitteilungen|http://bundestag.de/service/rss/Bundestag_Presse.rss|#news #bundestag bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news
bdt_wd|http://bundestag.de/service/rss/Bundestag_WD.rss|#news #bundestag
bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial
c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news
cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news
@ -30,9 +28,7 @@ let
chan_b|https://boards.4chan.org/b/index.rss|#brainfuck chan_b|https://boards.4chan.org/b/index.rss|#brainfuck
chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck
chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck
cna|http://www.channelnewsasia.com/starterkit/servlet/cna/rss/home.xml|#news
coinspotting|http://coinspotting.com/rss|#news #financial coinspotting|http://coinspotting.com/rss|#news #financial
cryptanalysis|https://cryptanalys.is/rss.php|#news
cryptocoinsnews|http://www.cryptocoinsnews.com/feed/|#news #financial cryptocoinsnews|http://www.cryptocoinsnews.com/feed/|#news #financial
cryptogon|http://www.cryptogon.com/?feed=rss2|#news cryptogon|http://www.cryptogon.com/?feed=rss2|#news
csm|http://rss.csmonitor.com/feeds/csm|#news csm|http://rss.csmonitor.com/feeds/csm|#news
@ -52,12 +48,9 @@ let
fars|http://www.farsnews.com/rss.php|#news #test fars|http://www.farsnews.com/rss.php|#news #test
faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news
faz_politik|http://www.faz.net/rss/aktuell/politik/|#news faz_politik|http://www.faz.net/rss/aktuell/politik/|#news
faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news #financial faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news
fbi|http://www.fbi.gov/homepage/RSS|#news #bullerei fbi|https://www.fbi.gov/news/rss.xml|#news
fbi_news|http://www.fbi.gov/news/news_blog/rss.xml|#news fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news
fbi_press|http://www.fbi.gov/news/current/rss.xml|#news #bullerei
fbi_stories|http://www.fbi.gov/news/stories/all-stories/rss.xml|#news #bullerei
fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news #financial
fefe|http://blog.fefe.de/rss.xml|#news fefe|http://blog.fefe.de/rss.xml|#news
forbes|http://www.forbes.com/forbes/feed2/|#news forbes|http://www.forbes.com/forbes/feed2/|#news
forbes_realtime|http://www.forbes.com/real-time/feed2/|#news forbes_realtime|http://www.forbes.com/real-time/feed2/|#news
@ -65,18 +58,18 @@ let
geheimorganisation|http://geheimorganisation.org/feed/|#news geheimorganisation|http://geheimorganisation.org/feed/|#news
GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news
gmanet|http://www.gmanetwork.com/news/rss/news|#news gmanet|http://www.gmanetwork.com/news/rss/news|#news
golem|http://www.golem.de/rss.php?feed=RSS1.0|#news golem|https://rss.golem.de/rss.php|#news
google|http://news.google.com/?output=rss|#news google|http://news.google.com/?output=rss|#news
greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news
guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news
gulli|http://ticker.gulli.com/rss/|#news gulli|http://ticker.gulli.com/rss/|#news
handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial
heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news heise|https://www.heise.de/newsticker/heise-atom.xml|#news
hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
hindu|http://www.thehindu.com/?service=rss|#news hindu|http://www.thehindu.com/?service=rss|#news
ign|http://feeds.ign.com/ign/all|#news ign|http://feeds.ign.com/ign/all|#news
independent|http://www.independent.com/rss/headlines/|#news independent|http://www.independent.com/rss/headlines/|#news
indymedia|http://de.indymedia.org/RSS/newswire.xml|#news indymedia|https://de.indymedia.org/rss.xml|#news
info_libera|http://www.informationliberation.com/rss.xml|#news info_libera|http://www.informationliberation.com/rss.xml|#news
klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#news klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#news
korea_herald|http://www.koreaherald.com/rss_xml.php|#news korea_herald|http://www.koreaherald.com/rss_xml.php|#news
@ -123,11 +116,11 @@ let
sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news
shackspace|http://shackspace.de/?feed=rss2|#news shackspace|http://shackspace.de/?feed=rss2|#news
shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news
sky_busi|http://news.sky.com/feeds/rss/business.xml|#news sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#news
sky_pol|http://news.sky.com/feeds/rss/politics.xml|#news sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#news
sky_strange|http://news.sky.com/feeds/rss/strange.xml|#news sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#news
sky_tech|http://news.sky.com/feeds/rss/technology.xml|#news sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#news
sky_world|http://news.sky.com/feeds/rss/world.xml|#news sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#news
slashdot|http://rss.slashdot.org/Slashdot/slashdot|#news slashdot|http://rss.slashdot.org/Slashdot/slashdot|#news
slate|http://feeds.slate.com/slate|#news slate|http://feeds.slate.com/slate|#news
spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news
@ -138,7 +131,7 @@ let
stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news
sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news
sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news #financial sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news #financial
sz_wissen|http://suche.sueddeutsche.de/rss/Wissen|#news sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#news
tagesschau|http://www.tagesschau.de/newsticker.rdf|#news tagesschau|http://www.tagesschau.de/newsticker.rdf|#news
taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news
telegraph_finance|http://www.telegraph.co.uk/finance/rss|#news #financial telegraph_finance|http://www.telegraph.co.uk/finance/rss|#news #financial

2
lass/2configs/nixpkgs.nix
View File

@ -3,6 +3,6 @@
{ {
krebs.build.source.nixpkgs.git = { krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs; url = https://cgit.lassul.us/nixpkgs;
ref = "aa03833"; ref = "2bb9c1c";
}; };
} }

6
lass/2configs/radio.nix
View File

@ -145,6 +145,12 @@ in {
script = "${print_current}/bin/print_current"; script = "${print_current}/bin/print_current";
pattern = "^current$"; pattern = "^current$";
}) })
(buildSimpleReaktorPlugin "suggest" {
script = "${pkgs.writeDash "suggest" ''
echo "$@" >> $HOME/playlist_suggest
''}";
pattern = "^suggest: (?P<args>.*)$";
})
]; ];
}; };
services.nginx.virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let services.nginx.virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let

2
lass/2configs/retiolum.nix
View File

@ -5,7 +5,6 @@
krebs.iptables = { krebs.iptables = {
tables = { tables = {
filter.INPUT.rules = [ filter.INPUT.rules = [
{ predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
{ predicate = "-p udp --dport tinc"; target = "ACCEPT"; } { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
]; ];
@ -13,6 +12,7 @@
}; };
krebs.tinc.retiolum = { krebs.tinc.retiolum = {
enableLegacy = true;
enable = true; enable = true;
connectTo = [ connectTo = [
"prism" "prism"

3
lass/2configs/websites/lassulus.nix
View File

@ -80,6 +80,9 @@ in {
locations."= /retiolum-hosts.tar.bz2".extraConfig = '' locations."= /retiolum-hosts.tar.bz2".extraConfig = ''
alias ${config.krebs.tinc.retiolum.hostsArchive}; alias ${config.krebs.tinc.retiolum.hostsArchive};
''; '';
locations."= /retiolum.hosts".extraConfig = ''
alias ${pkgs.retiolum-hosts};
'';
locations."/tinc".extraConfig = '' locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external; alias ${config.krebs.tinc_graphs.workingDir}/external;
''; '';

4
lass/2configs/wine.nix
View File

@ -4,10 +4,10 @@ let
mainUser = config.users.extraUsers.mainUser; mainUser = config.users.extraUsers.mainUser;
in { in {
environment.systemPackages = with pkgs; [ krebs.per-user.wine.packages = with pkgs; [
wineUnstable wineUnstable
]; ];
users.extraUsers = { users.users= {
wine = { wine = {
name = "wine"; name = "wine";
description = "user for running wine"; description = "user for running wine";

1
lass/3modules/default.nix
View File

@ -5,6 +5,7 @@ _:
./folderPerms.nix ./folderPerms.nix
./hosts.nix ./hosts.nix
./mysql-backup.nix ./mysql-backup.nix
./news.nix
./umts.nix ./umts.nix
./usershadow.nix ./usershadow.nix
./xresources.nix ./xresources.nix

76
lass/3modules/news.nix Normal file
View File

@ -0,0 +1,76 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.lass.news;
out = {
options.lass.news = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "news";
feeds = mkOption {
type = types.listOf (types.submodule { options = {
nick = mkOption {
type = types.str;
};
feedurl = mkOption {
type = types.str;
};
interval = mkOption {
type = types.int;
default = 1000;
};
channels = mkOption {
type = types.listOf types.str;
};
};});
};
user = mkOption {
type = types.user;
default = {
name = "news";
home = "/var/lib/news";
};
};
ircServer = mkOption {
type = types.str;
default = "echelon.r";
description = "to which server the bot should connect";
};
};
imp = {
users.users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
createHome = true;
};
systemd.services = listToAttrs (map (feed:
nameValuePair "news-${feed.nick}" {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
SyslogIdentifier = "news-${feed.nick}";
User = cfg.user.name;
PrivateTmp = true;
Restart = "always";
ExecStart = pkgs.writeDash "news-${feed.nick}" ''
${pkgs.haskellPackages.news}/bin/news '${feed.feedurl}' '${toString feed.interval}' \
| ${pkgs.goify}/bin/goify \
| while :; do
${pkgs.haskellPackages.kirk}/bin/ircout --nick '${feed.nick}' --host '${cfg.ircServer}' \
\${concatStringsSep " \\" feed.channels}
done
'';
};
}
) cfg.feeds);
};
in out

1
lass/5pkgs/default.nix
View File

@ -19,6 +19,7 @@
q = pkgs.callPackage ./q {}; q = pkgs.callPackage ./q {};
rs = pkgs.callPackage ./rs/default.nix {}; rs = pkgs.callPackage ./rs/default.nix {};
urban = pkgs.callPackage ./urban/default.nix {}; urban = pkgs.callPackage ./urban/default.nix {};
xml2json = pkgs.callPackage ./xml2json/default.nix {};
xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; }; xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; };
yt-next = pkgs.callPackage ./yt-next/default.nix {}; yt-next = pkgs.callPackage ./yt-next/default.nix {};
}; };

17
lass/5pkgs/xml2json/default.nix Normal file
View File

@ -0,0 +1,17 @@
{ pkgs, ... }:
let
pp = pkgs.python35Packages;
in pp.buildPythonPackage rec {
name = "xml2json-${version}";
version = "22ffcd";
propagatedBuildInputs = [
pp.simplejson
];
src = pkgs.fetchFromGitHub {
owner = "hay";
repo = "xml2json";
rev = "${version}";
sha256 = "1snjd6q6bk517350gdrl8kkphkra0iaz56i583h2q57ab09r29vc";
};
doCheck = false;
}

11
makefu/1systems/gum.nix
View File

@ -4,8 +4,11 @@ with import <stockholm/lib>;
let let
external-mac = "3a:66:48:8e:82:b2"; external-mac = "3a:66:48:8e:82:b2";
external-ip = config.krebs.build.host.nets.internet.ip4.addr; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
external-gw = "188.68.40.1"; external-gw = "188.68.40.1";
external-gw6 = "fe80::1";
external-netmask = 22; external-netmask = 22;
external-netmask6 = 64;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
in { in {
@ -14,7 +17,7 @@ in {
<nixpkgs/nixos/modules/profiles/qemu-guest.nix> <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/headless.nix ../2configs/headless.nix
../2configs/fs/single-partition-ext4.nix ../2configs/fs/single-partition-ext4.nix
../2configs/smart-monitor.nix # ../2configs/smart-monitor.nix
../2configs/git/cgit-retiolum.nix ../2configs/git/cgit-retiolum.nix
../2configs/backup.nix ../2configs/backup.nix
# ../2configs/mattermost-docker.nix # ../2configs/mattermost-docker.nix
@ -55,7 +58,6 @@ in {
# ../2configs/logging/central-logging-client.nix # ../2configs/logging/central-logging-client.nix
]; ];
services.smartd.devices = [ { device = main-disk;} ];
makefu.dl-dir = "/var/download"; makefu.dl-dir = "/var/download";
@ -134,6 +136,11 @@ in {
address = external-ip; address = external-ip;
prefixLength = external-netmask; prefixLength = external-netmask;
}]; }];
interfaces.et0.ip6 = [{
address = external-ip6;
prefixLength = external-netmask6;
}];
defaultGateway6 = external-gw6;
defaultGateway = external-gw; defaultGateway = external-gw;
nameservers = [ "8.8.8.8" ]; nameservers = [ "8.8.8.8" ];
}; };

75
makefu/1systems/studio.nix Normal file
View File

@ -0,0 +1,75 @@
{ config, pkgs, ... }:
{
imports = [
../.
../2configs/vncserver.nix
../2configs/vim.nix
../2configs/disable_v6.nix
../2configs/jack-on-pulse.nix
../2configs/gui/studio.nix
];
makefu.gui.user = "user"; # we use an extra user
krebs = {
enable = true;
tinc.retiolum.enable = true;
build.host = config.krebs.hosts.studio;
};
networking.firewall.allowedTCPPorts = [ 655 ];
networking.firewall.allowedUDPPorts = [ 655 ];
environment.systemPackages = with pkgs;[
# audio foo
## pulseaudio
pavucontrol
paprefs
pamixer
# extra alsa tools
alsa-hdspconf
alsa-hdspmixer
alsa-hdsploader
# recording
darkice
(mumble.override { jackSupport = true; })
# browsing
firefox
chromium
];
nixpkgs.config.allowUnfree = true;
fonts = {
enableCoreFonts = true;
enableFontDir = true;
enableGhostscriptFonts = true;
fonts = [ ];
};
# ingos favorite display manager
# hardware
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0aeda516-230e-4c54-9e27-13515c2f3f21";
fsType = "ext4";
};
swapDevices = [ { device = "/dev/disk/by-uuid/1914af67-5a8f-41d3-a1c2-211c39605da9"; } ];
users.users.user = {
isNormalUser = true;
extraGroups = [ "wheel" "audio" ];
uid = 1000;
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
};
}

2
makefu/1systems/tsp.nix
View File

@ -7,7 +7,7 @@
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
../. ../.
../2configs/base-gui.nix ../2configs/gui/base.nix
../2configs/fs/sda-crypto-root.nix ../2configs/fs/sda-crypto-root.nix
# hardware specifics are in here # hardware specifics are in here
../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix ../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix

29
makefu/1systems/wbob.nix
View File

@ -2,19 +2,27 @@
let let
rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115"; rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F"; datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F";
user = config.makefu.gui.user;
in { in {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
../. ../.
../2configs/zsh-user.nix ../2configs/zsh-user.nix
../2configs/base-gui.nix
../2configs/tools/core.nix ../2configs/tools/core.nix
../2configs/tools/core-gui.nix ../2configs/tools/core-gui.nix
../2configs/tools/extra-gui.nix ../2configs/tools/extra-gui.nix
../2configs/tools/media.nix ../2configs/tools/media.nix
../2configs/virtualization.nix ../2configs/virtualization.nix
../2configs/tinc/retiolum.nix ../2configs/tinc/retiolum.nix
../2configs/mqtt.nix
../2configs/deployment/led-fader.nix
# ../2configs/gui/wbob-kiosk.nix
../2configs/gui/studio.nix
../2configs/audio/jack-on-pulse.nix
../2configs/audio/realtime-audio.nix
../2configs/vncserver.nix
]; ];
krebs = { krebs = {
@ -24,25 +32,10 @@ in {
swapDevices = [ { device = "/var/swap"; } ]; swapDevices = [ { device = "/var/swap"; } ];
services.xserver = {
layout = lib.mkForce "de";
windowManager = lib.mkForce {
awesome.enable = false;
default = "none";
};
desktopManager.xfce.enable = true;
# xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms
displayManager.sessionCommands = ''
xset s off -dpms
xrandr --output HDMI2 --right-of HDMI1
'';
};
networking.firewall.allowedUDPPorts = [ 655 ]; networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 655 49152 ]; networking.firewall.allowedTCPPorts = [ 655 49152 ];
networking.firewall.trustedInterfaces = [ "enp0s25" ];
#services.tinc.networks.siem = { #services.tinc.networks.siem = {
# name = "display"; # name = "display";
# extraConfig = '' # extraConfig = ''
@ -85,7 +78,7 @@ in {
# TODO: add crypto layer # TODO: add crypto layer
systemd.services."synergy-client" = { systemd.services."synergy-client" = {
environment.DISPLAY = ":0"; environment.DISPLAY = ":0";
serviceConfig.User = "makefu"; serviceConfig.User = user;
}; };
services.synergy = { services.synergy = {

2
makefu/1systems/x.nix
View File

@ -38,6 +38,8 @@ with import <stockholm/lib>;
# ../2configs/temp/sabnzbd.nix # ../2configs/temp/sabnzbd.nix
# development
../2configs/sources
# Krebs # Krebs
# ../2configs/disable_v6.nix # ../2configs/disable_v6.nix

45
makefu/2configs/audio/jack-on-pulse.nix Normal file
View File

@ -0,0 +1,45 @@
{ config, pkgs, ... }:
let
pulse = pkgs.pulseaudioFull;
user = config.makefu.gui.user;
in
{
sound.enable = true;
hardware.pulseaudio = {
enable = true;
package = pulse;
};
environment.systemPackages = with pkgs; [ jack2Full ];
# from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html
systemd.services = {
jackdbus = {
description = "Runs jack, and points pulseaudio at it";
serviceConfig = {
User = user;
Type = "oneshot";
ExecStart = pkgs.writeScript "start_jack.sh" ''
#! ${pkgs.bash}/bin/bash
. ${config.system.build.setEnvironment}
sleep 5 # wait for the gui to load
${pkgs.jack2Full}/bin/jack_control start
sleep 3 # give some time for sources/sinks to be created
${pulse}/bin/pacmd set-default-sink jack_out
${pulse}/bin/pacmd set-default-source jack_in
'';
ExecStop = pkgs.writeScript "stop_jack.sh" ''
#! ${pkgs.bash}/bin/bash
. ${config.system.build.setEnvironment}
${pkgs.jack2Full}/bin/jack_control stop
'';
RemainAfterExit = true;
};
after = [ "display-manager.service" "sound.target" ];
wantedBy = [ "multi-user.target" ];
};
};
}

16
makefu/2configs/audio/realtime-audio.nix Normal file
View File

@ -0,0 +1,16 @@
{ config, pkgs, ... }:
let
user = config.makefu.gui.user;
in
{
imports = [
../sources/musnix.nix # populate musnix
<musnix>
];
musnix.enable = true;
musnix.kernel.optimize = true;
musnix.kernel.realtime = true;
# TODO: musnix.kernel.packages = pkgs.linuxPackages_latest_rt;
users.users."${user}".extraGroups = [ "audio" ];
}

8
makefu/2configs/avahi.nix Normal file
View File

@ -0,0 +1,8 @@
{ pkgs, ...}:
{
services.avahi = {
enable = true;
wideArea = false;
};
environment.systemPackages = [ pkgs.avahi ];
}

5
makefu/2configs/backup.nix
View File

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
let let
# preparation: # preparation:
@ -32,4 +32,7 @@ in {
# wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
}; };
environment.systemPackages = [
pkgs.borgbackup
];
} }

2
makefu/2configs/default.nix
View File

@ -22,7 +22,7 @@ with import <stockholm/lib>;
user = config.krebs.users.makefu; user = config.krebs.users.makefu;
source = let source = let
inherit (config.krebs.build) host user; inherit (config.krebs.build) host user;
ref = "4fac473"; # unstable @ 2017-03-31 + command-not-found ref = "a772c3a"; # unstable @ 2017-05-09 + graceful requests2
in { in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{ {

39
makefu/2configs/deployment/led-fader.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
mq = "192.168.8.11";
pkg = pkgs.stdenv.mkDerivation {
name = "ampel-master";
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "07a6791de368e16cc0864d2676fd255eba522cee";
sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q";
};
buildInputs = [
(pkgs.python35.withPackages (pythonPackages: with pythonPackages; [
docopt
paho-mqtt
]))
];
installPhase = ''
install -m755 -D fade.py $out/bin/fade.py
install -m755 -D ampel.py $out/bin/ampel
install -m755 -D times.json $out/share/times.json
'';
};
in {
systemd.services.led-fader = {
description = "Send led change to message queue";
environment = {
NIX_PATH = "/var/src";
};
wantedBy = [ "multi-user.target" ];
serviceConfig = {
# User = "nobody"; # need a user with permissions to run nix-shell
ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";
PrivateTmp = true;
};
};
}

4
makefu/2configs/deployment/wiki-irc.nix
View File

@ -40,9 +40,9 @@ in {
file { path => "/tmp/logs.json" codec => "json_lines" } file { path => "/tmp/logs.json" codec => "json_lines" }
if [output] { if [output] {
irc { irc {
channels => [ "#krebs" ] channels => [ "#nixos" , "#krebs" ]
host => "irc.freenode.net" host => "irc.freenode.net"
nick => "nixos-wiki" nick => "nixos-users-wiki"
format => "%{output}" format => "%{output}"
} }
} }

1
makefu/2configs/git/cgit-retiolum.nix
View File

@ -19,6 +19,7 @@ let
cgit.desc = "Build new Stockholm hosts"; cgit.desc = "Build new Stockholm hosts";
}; };
cac-api = { }; cac-api = { };
ampel = { };
init-stockholm = { init-stockholm = {
cgit.desc = "Init stuff for stockholm"; cgit.desc = "Init stuff for stockholm";
}; };

4
makefu/2configs/base-gui.nix → makefu/2configs/gui/base.nix
View File

@ -65,7 +65,7 @@ in
cat |derp <<EOF cat |derp <<EOF
XTerm*background: black XTerm*background: black
XTerm*foreground: white XTerm*foreground: white
XTerm*FaceName : xft:xos4 Terminus:pixelsize=14 XTerm*FaceName : xft:xos4 Terminus:pixelsize=11
URxvt*termName: rxvt URxvt*termName: rxvt
URxvt*saveLines: 10000 URxvt*saveLines: 10000
@ -77,7 +77,7 @@ in
URxvt.background: black URxvt.background: black
URxvt.urgentOnBell: true URxvt.urgentOnBell: true
URxvt.visualBell: false URxvt.visualBell: false
URxvt.font : xft:xos4 Terminus:size=12 URxvt.font : xft:xos4 Terminus:size=11
! blue ! blue

22
makefu/2configs/gui/studio.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, lib, ... }:
let
user = config.makefu.gui.user;
in
{
services.xserver.enable = true;
services.xserver.displayManager.sddm = {
enable = true;
autoLogin.enable = true;
autoLogin.user = user;
};
# services.xserver.windowMananger.default = "plasma5";
services.xserver.desktopManager = {
default = "plasma5";
plasma5.enable = true;
};
services.xserver.layout = "us";
services.xserver.xkbVariant = "altgr-intl";
services.xserver.xkbOptions = "ctrl:nocaps";
}

0
makefu/2configs/urxvtd.nix → makefu/2configs/gui/urxvtd.nix
View File

23
makefu/2configs/gui/wbob-kiosk.nix Normal file
View File

@ -0,0 +1,23 @@
{ lib, ... }:
{
imports = [
./base.nix
];
services.xserver = {
layout = lib.mkForce "de";
windowManager = lib.mkForce {
awesome.enable = false;
default = "none";
};
desktopManager.xfce.enable = true;
# xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms
displayManager.sessionCommands = ''
xset s off -dpms
xrandr --output HDMI2 --right-of HDMI1
'';
};
}

2
makefu/2configs/main-laptop.nix
View File

@ -11,7 +11,7 @@ let
user = config.krebs.build.user.name; user = config.krebs.build.user.name;
in { in {
imports = [ imports = [
./base-gui.nix ./gui/base.nix
./fetchWallpaper.nix ./fetchWallpaper.nix
./zsh-user.nix ./zsh-user.nix
./tools/core.nix ./tools/core.nix

7
makefu/2configs/sources/default.nix Normal file
View File

@ -0,0 +1,7 @@
# the builder pc (my laptop) will also require the sources i use to deploy
# other boxes
{
imports = [
./musnix.nix
];
}

6
makefu/2configs/sources/musnix.nix Normal file
View File

@ -0,0 +1,6 @@
{
krebs.build.source.musnix.git = {
url = https://github.com/musnix/musnix.git;
ref = "37a8378";
};
}

1
makefu/2configs/urlwatch.nix
View File

@ -20,6 +20,7 @@
https://api.github.com/repos/dorimanx/exfat-nofuse/commits https://api.github.com/repos/dorimanx/exfat-nofuse/commits
https://api.github.com/repos/dorimanx/exfat-nofuse/tags https://api.github.com/repos/dorimanx/exfat-nofuse/tags
https://api.github.com/repos/radare/radare2/tags https://api.github.com/repos/radare/radare2/tags
https://api.github.com/repos/rapid7/metasploit-framework/tags
]; ];
}; };
} }

62
makefu/2configs/vncserver.nix Normal file
View File

@ -0,0 +1,62 @@
{config,lib,pkgs, ...}:
with lib;
let
pwfile = (toString <secrets>)+ "/vnc-password"; # create with `vncpasswd`
pwtmp = "/tmp/vnc-password";
# nixos-unstable tigervnc is currently broken :\
package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc;
user = config.makefu.gui.user;
vnc_port = 5900;
web_port = 6080;
in {
networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ];
systemd.services = {
terminal-server = {
description = "VNC Terminal Server";
after = [ "display-manager.service" "graphical.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = user;
Restart = "always";
ExecStartPre = pkgs.writeDash "terminal-pre" ''
sleep 5
install -m0700 -o ${user} ${pwfile} ${pwtmp}
'';
ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}";
PermissionsStartOnly = true;
PrivateTmp = true;
};
};
terminal-web = {
description = "noVNC Web Server";
after = [ "terminal-server.service" "graphical.target" "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}";
PrivateTmp = true;
};
};
};
services.nginx.enable = true;
services.nginx.virtualHosts._.locations = {
"/" = {
root = "${pkgs.novnc}";
index = "vnc_auto.html";
};
"/websockify" = {
proxyPass = "http://127.0.0.1:6080/";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# VNC connection timeout
proxy_read_timeout 61s;
# Disable cache
proxy_buffering off;
'';
};
};
}

5
makefu/3modules/server-config.nix
View File

@ -6,5 +6,10 @@ with import <stockholm/lib>;
type = types.str; type = types.str;
description = "Primary interface of the server"; description = "Primary interface of the server";
}; };
options.makefu.gui.user = lib.mkOption {
type = types.str;
description = "GUI user";
default = config.krebs.build.user.name;
};
} }

4
makefu/3modules/taskserver.nix
View File

@ -41,8 +41,8 @@ let
Type = "simple"; Type = "simple";
ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}"; ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
WorkingDirectory = cfg.workingDir; WorkingDirectory = cfg.workingDir;
PrivateTmp = true; # PrivateTmp = true;
InaccessibleDirectories = "/home /boot /opt /mnt /media"; # InaccessibleDirectories = "/home /boot /opt /mnt /media";
User = "taskd"; User = "taskd";
}; };
}; };

2
makefu/5pkgs/acdcli/default.nix
View File

@ -4,7 +4,7 @@ with python3Packages; buildPythonPackage rec {
name = "acdcli-${version}"; name = "acdcli-${version}";
version = "0.3.2"; version = "0.3.2";
propagatedBuildInputs = [ propagatedBuildInputs = [
dateutil colorama fusepy appdirs requests2 requests_toolbelt six dateutil colorama fusepy appdirs requests requests_toolbelt six
]; ];
src = fetchurl { src = fetchurl {
url = "mirror://pypi/a/acdcli/${name}.tar.gz"; url = "mirror://pypi/a/acdcli/${name}.tar.gz";

4
makefu/5pkgs/alsa-tools/default.nix
View File

@ -1,4 +1,4 @@
{stdenv,alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk}: {stdenv,alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk3}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "alsa-${alsaToolTarget}-${version}"; name = "alsa-${alsaToolTarget}-${version}";
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
sha256 = "1lgvyb81md25s9ciswpdsbibmx9s030kvyylf0673w3kbamz1awl"; sha256 = "1lgvyb81md25s9ciswpdsbibmx9s030kvyylf0673w3kbamz1awl";
}; };
sourceRoot = "${alsaToolsName}/${alsaToolTarget}/"; sourceRoot = "${alsaToolsName}/${alsaToolTarget}/";
buildInputs = [ alsaLib fltk13 gtk ncurses ]; buildInputs = [ alsaLib fltk13 gtk3 ncurses ];
meta = { meta = {
homepage = http://www.alsa-project.org/; homepage = http://www.alsa-project.org/;

2
makefu/5pkgs/bintray-upload/default.nix
View File

@ -10,7 +10,7 @@ pkgs.python3Packages.buildPythonPackage rec {
sha256 = "1401saisk98n5wgw73nwh8hb484vayw5c6dlypxc1fp4ybym4zi9"; sha256 = "1401saisk98n5wgw73nwh8hb484vayw5c6dlypxc1fp4ybym4zi9";
}; };
propagatedBuildInputs = with pkgs.python3Packages; [ requests2 ]; propagatedBuildInputs = with pkgs.python3Packages; [ requests ];
meta = { meta = {
description = "Simple BinTray utility for uploading packages"; description = "Simple BinTray utility for uploading packages";

2
makefu/5pkgs/devpi/default.nix
View File

@ -56,7 +56,7 @@ let
sha256 = "0l3a7iyk596x6pvzg7604lzzi012qszr804fqn6f517zcy1xz23j"; sha256 = "0l3a7iyk596x6pvzg7604lzzi012qszr804fqn6f517zcy1xz23j";
}; };
propagatedBuildInputs = with pkgs.python3Packages; [ requests2 py ]; propagatedBuildInputs = with pkgs.python3Packages; [ requests py ];
meta = { meta = {
homepage = https://bitbucket.org/hpk42/devpi; homepage = https://bitbucket.org/hpk42/devpi;

2
makefu/5pkgs/elchhub/default.nix
View File

@ -16,7 +16,7 @@ in buildPythonPackage rec {
version = "1.0.5"; version = "1.0.5";
propagatedBuildInputs = [ propagatedBuildInputs = [
flask flask
requests2 requests
ftputil ftputil
redis redis
]; ];

41
makefu/5pkgs/novnc/default.nix Normal file
View File

@ -0,0 +1,41 @@
{ stdenv, fetchurl, pkgs }:
# source: https://github.com/hyphon81/Nixtack/blob/master/noVNC/noVNC.nix
let
in
stdenv.mkDerivation rec {
name = "novnc-${version}";
version = "0.6.2";
src = fetchurl {
url = "https://github.com/novnc/noVNC/archive/v${version}.tar.gz";
sha256 = "16ygbdzdmnfg9a26d9il4a6fr16qmq0ix9imfbpzl0drfbj7z8kh";
};
p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify
pkgs.coreutils pkgs.which pkgs.procps ];
# TODO: propagatedBuildInputs does not seem to work with shell scripts
patchPhase = ''
sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh
'';
installPhase = ''
mkdir -p $out/bin
cp utils/launch.sh $out/bin/launch-novnc.sh
chmod +x $out/bin/launch-novnc.sh
mkdir -p $out/images
cp -r images/* $out/images/
mkdir -p $out/include
cp -r include/* $out/include/
cp favicon.ico $out
cp vnc.html $out
cp vnc_auto.html $out
'';
meta = with stdenv.lib; {
homepage = http://novnc.com/info.html;
repositories.git = git://github.com/novnc/noVNC.git;
description = ''
A HTML5 VNC Client
'';
license = licenses.mpl20;
};
}

33
makefu/5pkgs/shackie/default.nix Normal file
View File

@ -0,0 +1,33 @@
{ pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;
let
asyncio-irc = buildPythonPackage rec {
name = "asyncio-irc-${version}";
version = "2016-09-02";
src = fetchFromGitHub {
owner = "watchtower";
repo = "asyncirc";
rev = "5384d19";
sha256 = "0xgzdvp0ig0im7r3vbqd3a9rzac0lkk2mvf7y4fw56p8k61df8nv";
};
propagatedBuildInputs = [ blinker ];
};
in
buildPythonPackage rec {
name = "shackie-${version}";
version = "2017-04-24";
propagatedBuildInputs = [
asyncio-irc
beautifulsoup4
lxml
pytz
redis
requests
];
src = fetchFromGitHub {
owner = "shackspace";
repo = "shackie";
rev = "e717ec7";
sha256 = "1ffbjm3x2xcyxl42hfsjs5xg1pm0xsprdi5if9zxa5ycqydmiw3l";
};
}

2
shared/2configs/default.nix
View File

@ -11,7 +11,7 @@ with import <stockholm/lib>;
nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix";
nixpkgs.git = { nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs; url = https://github.com/NixOS/nixpkgs;
ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 @ 2017-03-03 ref = "22da5d02466ffe465735986d705675982f3646a0"; # nixos-17.03 @ 2017-05-13
}; };
secrets.file = secrets.file =
if getEnv "dummy_secrets" == "true" if getEnv "dummy_secrets" == "true"