Merge remote-tracking branch 'prism/master'

2020-06-16 20:03:01 +02:00 · 2020-06-16 20:03:01 +02:00 · 15d1fb2627
commit 15d1fb2627
parent eb60b27e2b bde301139d
15 changed files with 170 additions and 51 deletions
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@ -565,6 +565,42 @@ in {
      ci = false;
      syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
    };
+    morpheus = {
+      cores = 1;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.0.19";
+          ip6.addr = r6 "012f";
+          aliases = [
+            "morpheus.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY
+            T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN
+            /Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh
+            S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz
+            Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR
+            bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI
+            Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz
+            sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+
+            VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j
+            3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA
+            U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ==
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+        wiregrill = {
+          ip6.addr = w6 "012f";
+          aliases = [
+            "morpheus.w"
+          ];
+          wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY=";
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
+    };
    hilum = {
      cores = 1;
      nets = {
--- a/krebs/5pkgs/simple/fzfmenu/default.nix
+++ b/krebs/5pkgs/simple/fzfmenu/default.nix
--- a/krebs/5pkgs/simple/kpaste/default.nix
+++ b/krebs/5pkgs/simple/kpaste/default.nix
@ -1,6 +1,6 @@
 { curl, gnused, writeDashBin }:

 writeDashBin "kpaste" ''
-  ${curl}/bin/curl -sS http://p.r --data-binary @- |
-  ${gnused}/bin/sed '$ {p;s/\<r\>/krebsco.de/}'
+  ${curl}/bin/curl -sS http://p.r --data-binary @"''${1:--}" |
+  ${gnused}/bin/sed '$ {p;s|http://p.r|https://p.krebsco.de|}'
 ''
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@ -1,7 +1,7 @@
 {
  "url": "https://github.com/NixOS/nixpkgs-channels",
-  "rev": "48723f48ab92381f0afd50143f38e45cf3080405",
-  "date": "2020-05-22T11:40:20+02:00",
-  "sha256": "0h3b3l867j3ybdgimfn76lw7w6yjhszd5x02pq5827l659ihcf53",
+  "rev": "e2bb73ce5f786b83e984b80199112f86b8a6cc9d",
+  "date": "2020-06-07T23:11:12+02:00",
+  "sha256": "0mpcdwhippvgsj3kj8vw35dgz94dnzgxgsfqqzcfpmvnzjc23vk7",
  "fetchSubmodules": false
 }
--- a/lass/1systems/morpheus/config.nix
+++ b/lass/1systems/morpheus/config.nix
@ -0,0 +1,25 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  imports = [
+    <stockholm/lass>
+    <stockholm/lass/2configs/retiolum.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.morpheus;
+
+  networking.wireless.enable = false;
+  networking.networkmanager.enable = true;
+
+  services.logind.lidSwitch = "ignore";
+  services.logind.lidSwitchDocked = "ignore";
+
+  environment.systemPackages = with pkgs; [
+    gitAndTools.hub
+    nix-review
+    firefox
+  ];
+
+  services.openssh.forwardX11 = true;
+  programs.x2goserver.enable = true;
+}
--- a/lass/1systems/morpheus/physical.nix
+++ b/lass/1systems/morpheus/physical.nix
@ -0,0 +1,47 @@
+{
+  imports = [
+    ./config.nix
+    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+  ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.efiInstallAsRemovable = true;
+  boot.loader.grub.device = "nodev";
+
+  networking.hostId = "06442b9a";
+
+  fileSystems."/" = {
+    device = "/dev/pool/root";
+    fsType = "btrfs";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/1F60-17C6";
+    fsType = "vfat";
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/pool/home";
+    fsType = "btrfs";
+  };
+
+  fileSystems."/tmp" = {
+    device = "tmpfs";
+    fsType = "tmpfs";
+    options = ["nosuid" "nodev" "noatime"];
+  };
+  boot.initrd.luks = {
+    cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+    devices =  [{
+       name = "luksroot";
+       device = "/dev/nvme0n1p3";
+    }];
+  };
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
+  '';
+}
--- a/lass/2configs/hass/default.nix
+++ b/lass/2configs/hass/default.nix
@ -14,6 +14,7 @@ with import ./lib.nix { inherit lib; };
    { predicate = "-i docker0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
    { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass
    { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass
+    { predicate = "-i wiregrill -p tcp --dport 8123"; target = "ACCEPT"; } # hass
  ];

  services.home-assistant = {
--- a/lass/2configs/hass/lib.nix
+++ b/lass/2configs/hass/lib.nix
@ -99,7 +99,7 @@ rec {
          conditions = [
            {
              condition = "template";
-              value_template = "{{ trigger.to_state.attributes.illuminance < 13000 }}";
+              value_template = "{{ trigger.to_state.attributes.illuminance < 7500 }}";
            }
            {
              condition = "template";
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@ -1,7 +1,7 @@
 { config, pkgs, ... }:

 {
-  krebs.per-user.lass.packages = with pkgs; [
+  users.users.lass.packages = with pkgs; [
    (pass.withExtensions (ext: [ ext.pass-otp ]))
    gnupg
  ];
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@ -127,7 +127,6 @@ let

  extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
    pkgs.vimPlugins.ack-vim
-    pkgs.vimPlugins.Gundo
    pkgs.vimPlugins.undotree
    pkgs.vimPlugins.vim-go
    pkgs.vimPlugins.fzf-vim
@ -155,26 +154,26 @@ let

        let colors_name = ${toJSON name}

-        hi Normal       ctermbg=235
-        hi Comment      ctermfg=242
-        hi Constant     ctermfg=062
-        hi Identifier   ctermfg=068
+        hi Normal       ctermbg=016
+        hi Comment      ctermfg=255
+        hi Constant     ctermfg=229
+        hi Identifier   ctermfg=123
        hi Function     ctermfg=041
        hi Statement    ctermfg=167
        hi PreProc      ctermfg=167
-        hi Type         ctermfg=041
+        hi Type         ctermfg=046
        hi Delimiter    ctermfg=251
-        hi Special      ctermfg=062
+        hi Special      ctermfg=146

-        hi Garbage      ctermbg=088
-        hi TabStop      ctermbg=016
-        hi NBSP         ctermbg=094
+        hi Garbage      ctermbg=124
+        hi TabStop      ctermbg=020
+        hi NBSP         ctermbg=056
        hi NarrowNBSP   ctermbg=097
        hi Todo         ctermfg=174 ctermbg=NONE

-        hi NixCode      ctermfg=148
+        hi NixCode      ctermfg=190
        hi NixData      ctermfg=149
-        hi NixQuote     ctermfg=150
+        hi NixQuote     ctermfg=119

        hi diffNewFile  ctermfg=207
        hi diffFile     ctermfg=207
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@ -11,19 +11,26 @@ in {
      ./hw/omo.nix
      #./hw/tsp.nix
      <stockholm/makefu>
-      { environment.systemPackages = with pkgs;[ tmux picocom ];}
+      <stockholm/makefu/2configs/headless.nix>
      <stockholm/makefu/2configs/support-nixos.nix>
+      <stockholm/makefu/2configs/nur.nix>
+
      <stockholm/makefu/2configs/zsh-user.nix>
+      <stockholm/makefu/2configs/home-manager>
+      <stockholm/makefu/2configs/home-manager/cli.nix>
+      <stockholm/makefu/2configs/editor/neovim>
+
+
      <stockholm/makefu/2configs/backup/state.nix>
      <stockholm/makefu/2configs/exim-retiolum.nix>
      # <stockholm/makefu/2configs/smart-monitor.nix>
      <stockholm/makefu/2configs/mail-client.nix>
      <stockholm/makefu/2configs/mosh.nix>
      <stockholm/makefu/2configs/tools/core.nix>
+      <stockholm/makefu/2configs/tools/dev.nix>
      <stockholm/makefu/2configs/tools/desktop.nix>
      <stockholm/makefu/2configs/tools/mobility.nix>
      { environment.systemPackages = [ pkgs.esniper ]; }
-      # <stockholm/makefu/2configs/disable_v6.nix>
      #<stockholm/makefu/2configs/graphite-standalone.nix>
      #<stockholm/makefu/2configs/share-user-sftp.nix>

@ -108,7 +115,7 @@ in {
    ];
  makefu.full-populate =  true;
  nixpkgs.config.allowUnfree = true;
-  krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
+  krebs.rtorrent = {
    downloadDir = lib.mkForce "/media/cryptX/torrent";
    extraConfig = ''
      upload_rate = 500
--- a/makefu/1systems/omo/hw/omo.nix
+++ b/makefu/1systems/omo/hw/omo.nix
@ -80,18 +80,19 @@ in {
  boot = {
    initrd.luks = {
      devices = let
-        usbkey = name: device: {
-          inherit name device keyFile;
+        usbkey = device: {
+          inherit device keyFile;
          keyFileSize = 4096;
          allowDiscards = true;
        };
-      in [
-        (usbkey "luksroot" rootPartition)
-        (usbkey "crypt0" cryptDisk0)
-        (usbkey "crypt1" cryptDisk1)
-        (usbkey "crypt2" cryptDisk2)
-        (usbkey "crypt3" cryptDisk3)
-      ];
+      in
+      {
+        luksroot = usbkey rootPartition;
+        crypt0 = usbkey  cryptDisk0;
+        crypt1 = usbkey  cryptDisk1;
+        crypt2 = usbkey  cryptDisk2;
+        crypt3 = usbkey  cryptDisk3;
+      };
    };
    loader.grub.device = lib.mkForce rootDisk;

--- a/makefu/1systems/omo/source.nix
+++ b/makefu/1systems/omo/source.nix
@ -2,4 +2,5 @@
  name="omo";
  torrent = true;
  unstable = true;
+  home-manager = true;
 }
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@ -5,11 +5,15 @@ let
    url = "https://github.com/${name}/releases.atom";
    filter = "grepi:(<updated|<media.thumbnail)";
  };
+  lidl = url: {
+    inherit url;
+    filter = "grepi:<!-- sf";
+  };
 in {
  krebs.urlwatch = {
    enable = true;
    mailto = config.krebs.users.makefu.mail;
-    onCalendar = "*-*-* 05:00:00";
+    onCalendar = "*-*-* 03,15:13:37";
    hooksFile = ./hook.py;
    urls = [
      ## nixpkgs maintenance
@ -30,7 +34,6 @@ in {
      https://pypi.python.org/simple/pyserial/
      https://pypi.python.org/simple/semantic_version/
      # weird shit
-      http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
      http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
      https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack

@ -40,18 +43,23 @@ in {
        url = https://newellrubbermaid.secure.force.com/dymopkb/articles/en_US/FAQ/Dymo-Drivers-and-Downloads/?l=en_US&c=Segment:Dymo&fs=Search&pn=1 ;
        filter = "grep:Software/Linux/dymo-cups-drivers";
      }
+
+      # shopping
+      ( lidl https://www.lidl.de/de/parkside-nass-trockensauger-pnts-1500-d5/p303117 )
+
      # TODO: dymo cups
    ] ++ map grss [
      "amadvance/snapraid"
      "radare/radare2"
      "ovh/python-ovh"
      "embray/d2to1"
-      "Mic92/vicious"
+      "vicious-widgets/vicious"
      "embray/d2to1"
      "dorimanx/exfat-nofuse"
      "rapid7/metasploit-framework"
      "GothenburgBitFactory/taskserver"
      "GothenburgBitFactory/taskwarrior"
+      "mhagger/cvs2svn"
    ];
  };
 }
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@ -243,7 +243,7 @@ awful.screen.connect_for_each_screen(function(s)
    set_wallpaper(s)

    -- Each screen has its own tag table.
-    awful.tag({ "tmp", "news", "www", "im", "work1","work2","net","misc","remote" }, s, awful.layout.layouts[1])
+    awful.tag({ "tmp", "ssh", "www", "im", "mail","work","net","misc","remote" }, s, awful.layout.layouts[1])

    -- Create a promptbox for each screen
    s.mypromptbox = awful.widget.prompt()
@ -486,14 +486,12 @@ awful.rules.rules = {
                     focus = awful.client.focus.filter,
                     keys = clientkeys,
                     buttons = clientbuttons } },
-    { rule = { class = "MPlayer" },
-      properties = { floating = true } },
+    --{ rule = { class = "MPlayer" },
+    --  properties = { floating = true } },
    { rule = { class = "pinentry" },
      properties = { floating = true } },
-    { rule = { class = "gimp" },
-      properties = { floating = true } },
-    { rule = { class = "Anamnesis" },
-      properties = { floating = true } },
+    --{ rule = { class = "gimp" },
+    --  properties = { floating = true } },
    -- Set Firefox to always map on tags number 2 of screen 1.
    -- { rule = { class = "Firefox" },
    --   properties = { tag = tags[1][2] } },
@ -571,16 +569,12 @@ local os = {

 -- {{{ autostart
 do
-  local cmds =
-  {
-    -- "@networkmanagerapplet@/bin/nm-applet",
-    -- "@blueman@/bin/blueman-applet",
-    -- "@clipit@/bin/clipit"
-  }
-
-  for _,i in pairs(cmds) do
-    awful.util.spawn(i)
-  end
+  awful.spawn("urxvt", { tag = tags[1] }) # dev shell
+  awful.spawn("urxvt -e mosh makefu@gum.i", { tag = tags[2] })
+  awful.spawn("firefox", { tag = tags[3] })
+  awful.spawn("telegram-desktop", { tag = tags[4] })
+  awful.spawn("signal-desktop", { tag = tags[4] })
+  awful.spawn("urxvt -e mutt", { tag = tags[5] })
 end

 -- }}}