From 61bddc8d224cf956f1f34cbbefea779bf4c77359 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Sep 2018 22:06:01 +0200 Subject: [PATCH 01/82] Reaktor url-title: fix writePython usage --- krebs/5pkgs/simple/Reaktor/plugins.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index 2ccc1c8e9..6f59ad1de 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -120,7 +120,7 @@ rec { url-title = (buildSimpleReaktorPlugin "url-title" { pattern = "^.*(?Phttp[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$"; path = with pkgs; [ curl perl ]; - script = pkgs.writePython3 "url-title" { deps = [ "beautifulsoup4" "lxml" ]; } '' + script = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } '' import cgi import sys import urllib.request From d99bbadf37b04cd1f5efb1e04d5996ef7dfd969a Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Sep 2018 02:52:58 +0200 Subject: [PATCH 02/82] ma home-manager: init --- makefu/2configs/home-manager/cli.nix | 12 +++++++ makefu/2configs/home-manager/default.nix | 7 ++++ makefu/2configs/home-manager/desktop.nix | 31 ++++++++++++++++ makefu/2configs/home-manager/mail.nix | 46 ++++++++++++++++++++++++ 4 files changed, 96 insertions(+) create mode 100644 makefu/2configs/home-manager/cli.nix create mode 100644 makefu/2configs/home-manager/default.nix create mode 100644 makefu/2configs/home-manager/desktop.nix create mode 100644 makefu/2configs/home-manager/mail.nix diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix new file mode 100644 index 000000000..1efc4d2bf --- /dev/null +++ b/makefu/2configs/home-manager/cli.nix @@ -0,0 +1,12 @@ +{ + home-manager.users.makefu = { + services.gpg-agent = { + defaultCacheTtl = 900; + maxCacheTtl = 7200; + defaultCacheTtlSsh = 3600; + maxCacheTtlSsh = 86400; + enableSshSupport = true; + }; + programs.fzf.enable = true; # alt-c + }; +} diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix new file mode 100644 index 000000000..e75ee6262 --- /dev/null +++ b/makefu/2configs/home-manager/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + + ]; + home-manager.users.makefu = { + }; +} diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix new file mode 100644 index 000000000..c2f854d47 --- /dev/null +++ b/makefu/2configs/home-manager/desktop.nix @@ -0,0 +1,31 @@ +{pkgs, ... }: { + home-manager.users.makefu = { + programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; + services.network-manager-applet.enable = true; + services.blueman-applet.enable = true; + services.pasystray.enable = true; + + systemd.user.services.network-manager-applet.Service.Environment = '' + XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache + ''; + systemd.user.services.clipit = { + Unit = { + Description = "clipboard manager"; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + + Service = { + Environment = '' + XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache + ''; + ExecStart = "${pkgs.clipit}/bin/clipit"; + Restart = "on-abort"; + }; + }; + }; +} diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix new file mode 100644 index 000000000..ce7ae4f4d --- /dev/null +++ b/makefu/2configs/home-manager/mail.nix @@ -0,0 +1,46 @@ +{ + home-manager.users.makefu = { + accounts.email.accounts.syntaxfehler = { + address = "felix.richter@syntax-fehler.de"; + userName = "Felix.Richter@syntax-fehler.de"; + imap = { + host = "syntax-fehler.de"; + tls = { + enable = true; + }; + }; + smtp = { + host = "syntax-fehler.de"; + tls = { + enable = true; + }; + }; + msmtp.enable = true; + notmuch.enable = true; + offlineimap = { + enable = true; + postSyncHookCommand = "notmuch new"; + extraConfig.remote = { + holdconnectionopen = true; + idlefolders = "['INBOX']"; + }; + }; + primary = true; + realName = "Felix Richter"; + passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg"; + }; + programs.offlineimap.enable = true; + programs.offlineimap.extraConfig = { + mbnames = { + filename = "~/.mutt/muttrc.mailboxes"; + header = "'mailboxes '"; + peritem = "'+%(accountname)s/%(foldername)s'"; + sep = "' '"; + footer = "'\\n'"; + }; + general = { + ui = "TTY.TTYUI"; + }; + }; + }; +} From ddfce29ec614320ba95d236f45ff67c52e56feb3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Sep 2018 02:53:18 +0200 Subject: [PATCH 03/82] ma x.r: use home-manager --- makefu/1systems/x/config.nix | 4 ++++ makefu/1systems/x/source.nix | 1 + makefu/krops.nix | 11 ++++++++--- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 97d11fbd3..66d904512 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -7,6 +7,10 @@ [ # base + + + + diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index 75af3255b..050fd39f7 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -6,5 +6,6 @@ unstable = true; mic92 = true; clever_kexec = true; + home-manager = true; # torrent = true; } diff --git a/makefu/krops.nix b/makefu/krops.nix index f8ea6f7ef..ddb4afece 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -20,12 +20,11 @@ nms = false; arm6 = false; clever_kexec = false; + home-manager = false; } // import (./. + "/1systems/${name}/source.nix"); source = { test }: lib.evalSource [ { - # nixos-18.03 @ 2018-08-06 - # + do_sqlite3 ruby: 55a952be5b5 - # + exfat-nofuse bump: ee6a5296a35 + # nixos-18.09 @ 2018-09-18 # + uhub/sqlite: 5dd7610401747 nixpkgs = if test || host-src.full then { git.ref = nixpkgs-src.rev; @@ -70,6 +69,12 @@ ref = "30fdd53"; }; }) + (lib.mkIf ( host-src.home-manager ) { + home-manager.git = { + url = https://github.com/rycee/home-manager; + ref = "6eea2a4"; + }; + }) ]; in { From 7a372f24920354a25773dc1713d65c1387e45500 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 21 Sep 2018 15:30:25 +0200 Subject: [PATCH 04/82] ma pkgs.pavumeter: init not worth it --- makefu/5pkgs/pavumeter/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 makefu/5pkgs/pavumeter/default.nix diff --git a/makefu/5pkgs/pavumeter/default.nix b/makefu/5pkgs/pavumeter/default.nix new file mode 100644 index 000000000..b1822530a --- /dev/null +++ b/makefu/5pkgs/pavumeter/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchurl, libusb, libtool, autoconf, pkgconfig, git, +gettext, automake, libxml2 +, autoreconfHook +, lynx +, gtkmm2 +, libpulseaudio +, gnome2 +, libsigcxx +}: +stdenv.mkDerivation rec { + pname = "pavumeter"; + name = "${pname}-${version}"; + version = "0.9.3"; + + src = fetchurl { + url = "http://0pointer.de/lennart/projects/${pname}/${name}.tar.gz"; + sha256 = "0yq67w8j8l1xsv8pp37bylax22npd6msbavr6pb25yvyq825i3gx"; + }; + + buildInputs = [ gtkmm2 libpulseaudio gnome2.gnome_icon_theme ]; + nativeBuildInputs = [ pkgconfig autoreconfHook lynx ]; + + meta = { + description = "PulseAudio volumene meter"; + homepage = http://0pointer.de/lennart/projects/pavumeter; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} From 0cea8b73ca86ec0ffc3b97cd08724d38c809a659 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 21 Sep 2018 17:00:29 +0200 Subject: [PATCH 05/82] nixpkgs: a37638d -> d16a7ab --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index a9a0f6634..a3612fa7a 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "a37638d46706610d12c9747614fd1b8f8d35ad48", - "date": "2018-08-30T21:03:26+02:00", - "sha256": "0rsdkk4z7pkqr2mw0pq7i6fkqs7gbi5kral3c8smm9bw104sn8v7", + "rev": "d16a7abceb72aac85e0deb8c45fbcb7127baf628", + "date": "2018-09-20T18:31:51-05:00", + "sha256": "0byf6rlwwy70v2sdfmv7mnwd0kvxmlq0pi8ijghg0mcfhcqibgh7", "fetchSubmodules": true } From 806dd39bd14119f17a954540195e4aa835527e21 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 23 Sep 2018 20:17:36 +0200 Subject: [PATCH 06/82] ma pkgs.airdcpp-webclient: WIP --- makefu/5pkgs/airdcpp-webclient/default.nix | 63 ++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 makefu/5pkgs/airdcpp-webclient/default.nix diff --git a/makefu/5pkgs/airdcpp-webclient/default.nix b/makefu/5pkgs/airdcpp-webclient/default.nix new file mode 100644 index 000000000..5e13b2347 --- /dev/null +++ b/makefu/5pkgs/airdcpp-webclient/default.nix @@ -0,0 +1,63 @@ +{ stdenv, fetchFromGitHub +, cmake +, nodejs +, git +, miniupnpc +, boost +, leveldb +, openssl +, geoip +, libmaxminddb +, websocketpp +, libnatpmp +, tbb +, bzip2 +, zlib +, pkgconfig +, python +}: +stdenv.mkDerivation rec { + name = "airdcpp-webclient-${version}"; + version = "2.3.0"; + + src = fetchFromGitHub { + owner = "airdcpp-web"; + repo = "airdcpp-webclient"; + rev = version; + sha256 = "1k07ggfw2vq1cs7smykkgkqd8wayamlw1g1mnijjvza4f3zbvihp"; + }; + + nativeBuildInputs = [ cmake git nodejs pkgconfig python ]; + preConfigure ='' + echo pkgconfig: $PKG_CONFIG_PATH + # sed -i s/find_package/pkg_search_module/ CMakeLists.txt + ''; + buildInput = [ miniupnpc boost leveldb openssl geoip websocketpp libmaxminddb libnatpmp tbb bzip2 zlib]; + cmakeFlags = [ + "-DLIBMAXMINDDB_ROOT_DIR=${libmaxminddb}" + "-DBZIP2_INCLUDE_DIR=${bzip2}/include" + "-DBZIP2_LIBRARIES=${bzip2}/lib" + "-DZLIB_INCLUDE_DIR=${zlib}/include" + "-DZLIB_LIBRARY=${zlib}/lib" + "-DOPENSSL_CRYPTO_LIBRARY=${openssl}/lib" + "-DOPENSSL_INCLUDE_DIR=${openssl}/include" + "-DMINIUPNP_LIBRARY=${miniupnpc}/lib" + "-DMINIUPNP_INCLUDE_DIR=${miniupnpc}/include" + "-DLevelDB_LIBRARY=${leveldb}/lib" + "-DLevelDB_INCLUDE_DIR=${leveldb}/include" + "-DLibNatpmp_INCLUDE_DIR=${libnatpmp}/include" + "-DLibNatpmp_LIBRARY=${libnatpmp}/lib" + "-DBoost_INCLUDE_DIR=${boost.dev}/include" + "-DBoost_LIBRARY=${boost}/lib" + "-DWebsocketpp_INCLUDE_DIR=${websocketpp}/include" + "-DWebsocketpp_LIBRARY=${websocketpp}/lib" + ]; + + meta = with stdenv.lib; { + description = "dcpp client"; + homepage = http://fixme; + license = licenses.gpl3; + maintainers = with maintainers; [ makefu ]; + platforms = with platforms; linux; + }; +} From c7c6b7e504beed811e3d83bda0016412372be670 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 23 Sep 2018 22:32:37 +0200 Subject: [PATCH 07/82] ma airdcpp module: init --- makefu/3modules/airdcpp.nix | 118 +++++++++++++++++++++ makefu/5pkgs/airdcpp-webclient/default.nix | 60 +++-------- 2 files changed, 130 insertions(+), 48 deletions(-) create mode 100644 makefu/3modules/airdcpp.nix diff --git a/makefu/3modules/airdcpp.nix b/makefu/3modules/airdcpp.nix new file mode 100644 index 000000000..aeb77785e --- /dev/null +++ b/makefu/3modules/airdcpp.nix @@ -0,0 +1,118 @@ +{ config, lib, pkgs, ... }: +with import ; #genid +let + cfg = config.makefu.airdcpp; + + out = { + options.makefu.airdcpp = api; + config = lib.mkIf cfg.enable imp; + }; + + api = with types;{ + enable = mkEnableOption "airdcpp"; + + package = mkOption { + type = package; + default = pkgs.airdcpp-webclient; + }; + + user = mkOption { + description = '' + user which will run udpt. if kept default a new user will be created + ''; + type = str; + default = "airdcpp"; + }; + + stateDir = mkOption { + description = '' + directory for storing state (pid,config) + ''; + type = str; + default = "/var/lib/airdcpp"; + }; + web = mkOption { + type = submodule ( { config, ... }: { + options = { + port = mkOption { + description = ''web-ui port + + NOTE: once the initial config had been written to the state directory it will not be replaced + ''; + type = int; + default = 5600; + }; + # TODO: tlsPort + # TODO: at least one user + users = mkOption { + type = attrsOf (submodule ( { config, ... }: { + options = { + password = mkOption { + description = "password of user"; + type = str; + }; + permissions = mkOption { + description = "user permissions"; + type = str; + default = "admin"; + }; + }; + })); + }; + }; + }); + }; + initialConfigFile = mkOption { + description = '' + path inital configuration if none exists + ''; + type = nullOr path; + default = null; + }; + }; + + imp = let + genUsers = users: concatMapStringsSep "\n" (user: '''' ) + (mapAttrsToList (name: val: val // { inherit name; }) users); + configFile = if (cfg.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" '' + + + + + + + ${genUsers cfg.web.users} + + + '' else cfg.initialConfigFile; + in { + systemd.services.airdcpp = { + description = "airdcpp webui"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartIfChanged = true; + serviceConfig = { + Type = "simple"; + ExecStartPre = pkgs.writeDash "prepare-env" '' + d=${cfg.stateDir}/WebServer.xml + test -e $d || install -m700 -o${cfg.user} ${configFile} $d + ''; + PermissionsStartOnly = true; + ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid"; + PrivateTmp = true; + WorkingDirectory = cfg.stateDir; + User = "${cfg.user}"; + }; + }; + users = lib.mkIf (cfg.user == "airdcpp") { + users.airdcpp = { + uid = genid "airdcpp"; + home = cfg.stateDir; + createHome = true; + }; + groups.airdcpp.gid = genid "airdcpp"; + }; + }; +in +out + diff --git a/makefu/5pkgs/airdcpp-webclient/default.nix b/makefu/5pkgs/airdcpp-webclient/default.nix index 5e13b2347..361a7da65 100644 --- a/makefu/5pkgs/airdcpp-webclient/default.nix +++ b/makefu/5pkgs/airdcpp-webclient/default.nix @@ -1,60 +1,24 @@ -{ stdenv, fetchFromGitHub -, cmake -, nodejs -, git -, miniupnpc -, boost -, leveldb -, openssl -, geoip -, libmaxminddb -, websocketpp -, libnatpmp -, tbb -, bzip2 -, zlib -, pkgconfig -, python +{ stdenv, fetchurl }: stdenv.mkDerivation rec { name = "airdcpp-webclient-${version}"; version = "2.3.0"; - - src = fetchFromGitHub { - owner = "airdcpp-web"; - repo = "airdcpp-webclient"; - rev = version; - sha256 = "1k07ggfw2vq1cs7smykkgkqd8wayamlw1g1mnijjvza4f3zbvihp"; + + src = fetchurl { + url = http://web-builds.airdcpp.net/stable/airdcpp_2.3.0_webui-2.3.0_64-bit_portable.tar.gz; + sha256 = "0yvcl0nc70fghc7vfsgvbpryi5q97arld8adql4way4qa0mdnyv1"; }; - nativeBuildInputs = [ cmake git nodejs pkgconfig python ]; - preConfigure ='' - echo pkgconfig: $PKG_CONFIG_PATH - # sed -i s/find_package/pkg_search_module/ CMakeLists.txt + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + mkdir -p $out/{share,bin} + cp -r * $out/share + ln -s $out/share/airdcppd $out/bin/ ''; - buildInput = [ miniupnpc boost leveldb openssl geoip websocketpp libmaxminddb libnatpmp tbb bzip2 zlib]; - cmakeFlags = [ - "-DLIBMAXMINDDB_ROOT_DIR=${libmaxminddb}" - "-DBZIP2_INCLUDE_DIR=${bzip2}/include" - "-DBZIP2_LIBRARIES=${bzip2}/lib" - "-DZLIB_INCLUDE_DIR=${zlib}/include" - "-DZLIB_LIBRARY=${zlib}/lib" - "-DOPENSSL_CRYPTO_LIBRARY=${openssl}/lib" - "-DOPENSSL_INCLUDE_DIR=${openssl}/include" - "-DMINIUPNP_LIBRARY=${miniupnpc}/lib" - "-DMINIUPNP_INCLUDE_DIR=${miniupnpc}/include" - "-DLevelDB_LIBRARY=${leveldb}/lib" - "-DLevelDB_INCLUDE_DIR=${leveldb}/include" - "-DLibNatpmp_INCLUDE_DIR=${libnatpmp}/include" - "-DLibNatpmp_LIBRARY=${libnatpmp}/lib" - "-DBoost_INCLUDE_DIR=${boost.dev}/include" - "-DBoost_LIBRARY=${boost}/lib" - "-DWebsocketpp_INCLUDE_DIR=${websocketpp}/include" - "-DWebsocketpp_LIBRARY=${websocketpp}/lib" - ]; meta = with stdenv.lib; { - description = "dcpp client"; + # to start it: airdcpp -p= -c= --configure + description = "dcpp client (statically precompiled)"; homepage = http://fixme; license = licenses.gpl3; maintainers = with maintainers; [ makefu ]; From d6345a8b05f6882f8349edddf29c103926c134bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Sep 2018 23:31:47 +0200 Subject: [PATCH 08/82] ci: notify on build start --- krebs/3modules/buildbot/master.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index a02f3645d..209dbe980 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -82,6 +82,7 @@ let irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}", channels=${builtins.toJSON cfg.irc.channels}, notify_events={ + 'started': 1, 'success': 1, 'failure': 1, 'exception': 1, From f23f483a8f282445aa2558ae1a820b43863e8a70 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Sep 2018 23:49:43 +0200 Subject: [PATCH 09/82] buildbot slave: remove obsolete garbage deletion --- krebs/3modules/buildbot/slave.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index fba585448..544f9c4e0 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -160,8 +160,6 @@ let # TODO: maybe also prepare buildbot.tac? ExecStartPre = pkgs.writeDash "buildbot-master-init" '' set -efux - #remove garbage from old versions - rm -rf ${workdir} mkdir -p ${workdir}/info cp ${buildbot-slave-init} ${workdir}/buildbot.tac echo ${contact} > ${workdir}/info/admin From 1996b597480ab45bbd15c0d7095921ced7a9e9ab Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 00:36:56 +0200 Subject: [PATCH 10/82] ma airdcpp module: pre-configure shares --- makefu/3modules/airdcpp.nix | 170 +++++++++++++++++++++++++++--------- 1 file changed, 131 insertions(+), 39 deletions(-) diff --git a/makefu/3modules/airdcpp.nix b/makefu/3modules/airdcpp.nix index aeb77785e..5250ee67a 100644 --- a/makefu/3modules/airdcpp.nix +++ b/makefu/3modules/airdcpp.nix @@ -23,6 +23,12 @@ let type = str; default = "airdcpp"; }; + extraGroups = mkOption { + description = ''extra groups for the user (only for default user)''; + type = listOf str; + default = []; + example = [ "nginx" ]; + }; stateDir = mkOption { description = '' @@ -31,50 +37,108 @@ let type = str; default = "/var/lib/airdcpp"; }; - web = mkOption { - type = submodule ( { config, ... }: { - options = { - port = mkOption { - description = ''web-ui port - - NOTE: once the initial config had been written to the state directory it will not be replaced - ''; - type = int; - default = 5600; + dcpp = { + Nick = mkOption { + description = '' + Nick Name for connection + ''; + type = str; + default = "kevin"; + }; + InPort = mkOption { + description = "Input Port"; + type = int; + default = 16849; + }; + UDPPort = mkOption { + description = "UDP open Port"; + type = int; + default = 16849; + }; + TLSPort = mkOption { + description = "TLS open Port"; + type = int; + default = 16869; + }; + DownloadSpeed = mkOption { + description = "Total Download Speed in Mbps/s"; + type = str; + default = "100"; + }; + UploadSpeed = mkOption { + description = "Total Upload Speed in Mbp/s"; + type = str; + default = "100"; + }; + shares = mkOption { + default = {}; + type = attrsOf (submodule ( { config, ... }: { + options = { + path = mkOption { + description = "path to the share"; + type = str; + }; + incoming = mkOption { + description = "incoming"; + type = bool; + default = false; + }; }; - # TODO: tlsPort - # TODO: at least one user - users = mkOption { - type = attrsOf (submodule ( { config, ... }: { - options = { - password = mkOption { - description = "password of user"; - type = str; - }; - permissions = mkOption { - description = "user permissions"; - type = str; - default = "admin"; - }; - }; - })); - }; - }; - }); + })); + }; + initialConfigFile = mkOption { + description = '' + path inital DCPlusPlus.xml configuration if none exists + ''; + type = nullOr path; + default = null; + }; }; - initialConfigFile = mkOption { - description = '' - path inital configuration if none exists - ''; - type = nullOr path; - default = null; + web = { + port = mkOption { + description = ''web-ui port + + NOTE: once the initial config had been written to the state directory it will not be replaced + ''; + type = int; + default = 5600; + }; + initialConfigFile = mkOption { + description = '' + path inital WebServer.xml configuration if none exists + ''; + type = nullOr path; + default = null; + }; + # TODO: tlsPort + users = mkOption { + type = attrsOf (submodule ( { config, ... }: { + options = { + password = mkOption { + description = "password of user"; + type = str; + }; + permissions = mkOption { + description = "user permissions"; + type = str; + default = "admin"; + }; + }; + })); + }; }; }; imp = let - genUsers = users: concatMapStringsSep "\n" (user: '''' ) + genUsers = users: concatMapStringsSep "\n" (user: + '''' ) (mapAttrsToList (name: val: val // { inherit name; }) users); - configFile = if (cfg.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" '' + genShares = shares: concatMapStringsSep "\n" (share: + ''${share.path}'' ) + (mapAttrsToList (name: val: val // { inherit name; }) shares); + webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" '' @@ -84,7 +148,32 @@ let ${genUsers cfg.web.users} - '' else cfg.initialConfigFile; + '' else cfg.web.initialConfigFile; + dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" '' + + + + ${cfg.dcpp.Nick} + ${cfg.package.version} + ${toString cfg.dcpp.InPort} + ${toString cfg.dcpp.UDPPort} + ${toString cfg.dcpp.TLSPort} + 0 + 0 + 1 + 0 + 0 + 1 + ${cfg.dcpp.DownloadSpeed} + ${cfg.dcpp.UploadSpeed} + + + ${genShares cfg.dcpp.shares} + + + + + '' else cfg.dcpp.initialConfigFile; in { systemd.services.airdcpp = { description = "airdcpp webui"; @@ -95,7 +184,9 @@ let Type = "simple"; ExecStartPre = pkgs.writeDash "prepare-env" '' d=${cfg.stateDir}/WebServer.xml - test -e $d || install -m700 -o${cfg.user} ${configFile} $d + test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d + d=${cfg.stateDir}/DCPlusPlus.xml + test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d ''; PermissionsStartOnly = true; ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid"; @@ -109,6 +200,7 @@ let uid = genid "airdcpp"; home = cfg.stateDir; createHome = true; + inherit (cfg) extraGroups; }; groups.airdcpp.gid = genid "airdcpp"; }; From f473c1f7893abb4d7f299d5cf7d0f382086cba9e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Sep 2018 09:05:53 +0200 Subject: [PATCH 11/82] buildbot-classic: 0.8.17 -> 0.8.18 --- krebs/5pkgs/simple/buildbot-classic/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 4fae6256d..665b36ab4 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -2,7 +2,7 @@ python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; - version = "0.8.17"; + version = "0.8.18"; namePrefix = ""; patches = []; @@ -10,7 +10,7 @@ python2Packages.buildPythonApplication rec { owner = "krebs"; repo = "buildbot-classic"; rev = version; - sha256 = "0yn0n37rs2bhz9q0simnvyzz5sfrpqhbdm6pdj6qk7sab4y6xbq8"; + sha256 = "0b4y3n9zd2gdy8xwk1vpvs4n9fbg72vi8mx4ydgijwngcmdqkjmq"; }; postUnpack = "sourceRoot=\${sourceRoot}/master"; From 3285aefea4f8cadb389e4cc96c2621dc9b7e8b14 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 11:16:16 +0200 Subject: [PATCH 12/82] ma airdcpp module: add hubs --- makefu/3modules/airdcpp.nix | 73 +++++++++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 7 deletions(-) diff --git a/makefu/3modules/airdcpp.nix b/makefu/3modules/airdcpp.nix index 5250ee67a..6709f0238 100644 --- a/makefu/3modules/airdcpp.nix +++ b/makefu/3modules/airdcpp.nix @@ -37,6 +37,51 @@ let type = str; default = "/var/lib/airdcpp"; }; + hubs = mkOption { + type = attrsOf (submodule ( { config, ... }: { + options = { + Nick = mkOption { + description = '' + Nick Name for hub + ''; + type = str; + default = cfg.Nick; + }; + Password = mkOption { + description = '' + Password to be used + + WARNING: will be stored in plain text in /nix/store + ''; + type = str; + default = ""; + }; + Server = mkOption { + description = '' + URL to the hub (must be provided) + ''; + type = str; + }; + AutoConnect = mkOption { + description = '' + automatically connect to the hub + ''; + type = bool; + default = false; + }; + }; + })); + description = "hubs which should be configured via Favorites.xml, + Options are only used if no initial Favorites.xml file is provided and none exists"; + default = {}; + }; + initialFavoritesConfigFile = mkOption { + description = '' + path inital Favorites.xml configuration if none exists + ''; + type = nullOr path; + default = null; + }; dcpp = { Nick = mkOption { description = '' @@ -133,11 +178,6 @@ let genUsers = users: concatMapStringsSep "\n" (user: '''' ) (mapAttrsToList (name: val: val // { inherit name; }) users); - genShares = shares: concatMapStringsSep "\n" (share: - ''${share.path}'' ) - (mapAttrsToList (name: val: val // { inherit name; }) shares); webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" '' @@ -149,16 +189,33 @@ let '' else cfg.web.initialConfigFile; + genHubs = hubs: concatMapStringsSep "\n" (hub: + '''' ) + (mapAttrsToList (name: val: val // { inherit name; }) cfg.hubs); + favoritesConfigFile = if (cfg.initialFavoritesConfigFile == null) then + builtins.trace "warning: airdcpp hub passwords are stored in plain text" pkgs.writeText "initial-config" '' + + + + ${genHubs cfg.hubs} + + + '' else cfg.initialFavoritesConfigFile; + genShares = shares: concatMapStringsSep "\n" (share: + ''${share.path}'' ) + (mapAttrsToList (name: val: val // { inherit name; }) shares); dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" '' ${cfg.dcpp.Nick} - ${cfg.package.version} ${toString cfg.dcpp.InPort} ${toString cfg.dcpp.UDPPort} ${toString cfg.dcpp.TLSPort} - 0 0 1 0 @@ -187,6 +244,8 @@ let test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d d=${cfg.stateDir}/DCPlusPlus.xml test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d + d=${cfg.stateDir}/Favorites.xml + test -e $d || install -m700 -o${cfg.user} ${favoritesConfigFile} $d ''; PermissionsStartOnly = true; ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid"; From 7afd90f7452e9936e96910bebbfd32c94308e8eb Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 11:26:53 +0200 Subject: [PATCH 13/82] ma secrets: add more dummy secrets --- makefu/0tests/data/secrets/airdcpp-makefu.pw | 0 makefu/0tests/data/secrets/krebshub.pw | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 makefu/0tests/data/secrets/airdcpp-makefu.pw create mode 100644 makefu/0tests/data/secrets/krebshub.pw diff --git a/makefu/0tests/data/secrets/airdcpp-makefu.pw b/makefu/0tests/data/secrets/airdcpp-makefu.pw new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/krebshub.pw b/makefu/0tests/data/secrets/krebshub.pw new file mode 100644 index 000000000..e69de29bb From b1c9bcf85c7cb0d3f02554d9a8d7045f1a16bd2c Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 14:15:08 +0200 Subject: [PATCH 14/82] ma airdcpp.mod: remove newlines from passwords --- makefu/3modules/airdcpp.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/3modules/airdcpp.nix b/makefu/3modules/airdcpp.nix index 6709f0238..342052e70 100644 --- a/makefu/3modules/airdcpp.nix +++ b/makefu/3modules/airdcpp.nix @@ -55,6 +55,7 @@ let ''; type = str; default = ""; + apply = lib.removeSuffix "\n"; }; Server = mkOption { description = '' @@ -162,6 +163,7 @@ let password = mkOption { description = "password of user"; type = str; + apply = lib.removeSuffix "\n"; }; permissions = mkOption { description = "user permissions"; From 31b0fe6f69077b56f167f388df5afe5ae26d0b8f Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 14:20:23 +0200 Subject: [PATCH 15/82] ma airdcpp: init --- makefu/2configs/dcpp/airdcpp.nix | 48 ++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 makefu/2configs/dcpp/airdcpp.nix diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix new file mode 100644 index 000000000..44940812d --- /dev/null +++ b/makefu/2configs/dcpp/airdcpp.nix @@ -0,0 +1,48 @@ +{ config, ... }: +{ + makefu.airdcpp = { + enable = true; + extraGroups = [ "download" ]; + web.port = 5600; + web.users.makefu.password = builtins.readFile ; # watch out for newline! + hubs."krebshub" = + { Nick = "makefu-${config.krebs.build.host.name}"; + Password = builtins.readFile ; + Server = "adcs://hub.nsupdate.info:411"; + AutoConnect = true; + }; + dcpp = { + shares = { + # Incoming must be writeable! + incoming = { path = config.makefu.dl-dir + "/dcpp"; incoming = true; }; + audiobooks.path = config.makefu.dl-dir + "/audiobooks"; + }; + Nick = "makefu"; + DownloadSpeed = "1000"; + UploadSpeed = "1000"; + }; + }; + networking.firewall.allowedTCPPorts = + [ config.makefu.airdcpp.dcpp.InPort + config.makefu.airdcpp.dcpp.TLSPort + ]; + networking.firewall.allowedUDPPorts = [ config.makefu.airdcpp.dcpp.UDPPort ]; + + services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" = + { proxyPass = "http://localhost:${toString config.makefu.airdcpp.web.port}/"; + + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + gzip_types text/plain application/javascript; + + # Proxy websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + ''; + }; + +} From cc9d7b63f23c9383f68420c0c936a0b581850e28 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 14:21:20 +0200 Subject: [PATCH 16/82] ma nextgum: enable airdcpp --- makefu/1systems/nextgum/config.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix index db22cf9b8..64516fa98 100644 --- a/makefu/1systems/nextgum/config.nix +++ b/makefu/1systems/nextgum/config.nix @@ -25,11 +25,12 @@ in { - + # # services + # sharing @@ -73,6 +74,7 @@ in { # # + # @@ -94,6 +96,7 @@ in { + # ## Temporary: From 49e0ae20c9ac96c3f2e12e0faf6d2bd7e9348d61 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 14:34:27 +0200 Subject: [PATCH 17/82] ma modules: add airdcpp --- makefu/3modules/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index f06ce3d53..963649c63 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,17 +2,18 @@ _: { imports = [ - ./state.nix - ./populate.nix + ./airdcpp.nix ./awesome-extra.nix ./deluge.nix ./forward-journal.nix ./opentracker.nix ./ps3netsrv.nix ./logging-config.nix + ./populate.nix ./sane-extra.nix ./server-config.nix ./snapraid.nix + ./state.nix ./torrent.nix ./udpt.nix ]; From 796ad2c5c8ed67a4ece5a78e8e9cd5e1fbfe4e9e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 14:34:50 +0200 Subject: [PATCH 18/82] ma state.mod: put activation logic into module --- makefu/3modules/state.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/makefu/3modules/state.nix b/makefu/3modules/state.nix index 461b90152..a87f438fe 100644 --- a/makefu/3modules/state.nix +++ b/makefu/3modules/state.nix @@ -6,4 +6,11 @@ description = "state which is currently scattered on the machine"; default = []; }; + + config.system.activationScripts.state = lib.optionalString (config.state != []) '' + cat << EOF + This machine is burdened with state: + ${lib.concatMapStringsSep "\n" (d: "* ${d}") config.state} + EOF + ''; } From 20c69c0386df4606af544342d7de6638356572a3 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 23:32:28 +0200 Subject: [PATCH 19/82] treewide: makefu.airdcpp -> krebs.airdcpp --- {makefu => krebs}/3modules/airdcpp.nix | 10 +++++----- krebs/3modules/default.nix | 1 + .../5pkgs/simple}/airdcpp-webclient/default.nix | 0 makefu/2configs/dcpp/airdcpp.nix | 14 +++++++------- makefu/3modules/default.nix | 1 - 5 files changed, 13 insertions(+), 13 deletions(-) rename {makefu => krebs}/3modules/airdcpp.nix (96%) rename {makefu/5pkgs => krebs/5pkgs/simple}/airdcpp-webclient/default.nix (100%) diff --git a/makefu/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix similarity index 96% rename from makefu/3modules/airdcpp.nix rename to krebs/3modules/airdcpp.nix index 342052e70..8c72680f3 100644 --- a/makefu/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: with import ; #genid let - cfg = config.makefu.airdcpp; + cfg = config.krebs.airdcpp; out = { - options.makefu.airdcpp = api; + options.krebs.airdcpp = api; config = lib.mkIf cfg.enable imp; }; @@ -18,7 +18,7 @@ let user = mkOption { description = '' - user which will run udpt. if kept default a new user will be created + user which will run airdcpp. if kept default a new user will be created ''; type = str; default = "airdcpp"; @@ -195,7 +195,7 @@ let '''' ) - (mapAttrsToList (name: val: val // { inherit name; }) cfg.hubs); + (mapAttrsToList (name: val: val // { inherit name; }) hubs); favoritesConfigFile = if (cfg.initialFavoritesConfigFile == null) then builtins.trace "warning: airdcpp hub passwords are stored in plain text" pkgs.writeText "initial-config" '' @@ -206,7 +206,7 @@ let '' else cfg.initialFavoritesConfigFile; genShares = shares: concatMapStringsSep "\n" (share: - ''${share.path}'' ) (mapAttrsToList (name: val: val // { inherit name; }) shares); diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 82ae3b02e..43375ed53 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./airdcpp.nix ./announce-activation.nix ./apt-cacher-ng.nix ./backup.nix diff --git a/makefu/5pkgs/airdcpp-webclient/default.nix b/krebs/5pkgs/simple/airdcpp-webclient/default.nix similarity index 100% rename from makefu/5pkgs/airdcpp-webclient/default.nix rename to krebs/5pkgs/simple/airdcpp-webclient/default.nix diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix index 44940812d..fe05effd9 100644 --- a/makefu/2configs/dcpp/airdcpp.nix +++ b/makefu/2configs/dcpp/airdcpp.nix @@ -1,6 +1,6 @@ { config, ... }: { - makefu.airdcpp = { + krebs.airdcpp = { enable = true; extraGroups = [ "download" ]; web.port = 5600; @@ -14,8 +14,8 @@ dcpp = { shares = { # Incoming must be writeable! - incoming = { path = config.makefu.dl-dir + "/dcpp"; incoming = true; }; - audiobooks.path = config.makefu.dl-dir + "/audiobooks"; + incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; }; + audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks"; }; Nick = "makefu"; DownloadSpeed = "1000"; @@ -23,13 +23,13 @@ }; }; networking.firewall.allowedTCPPorts = - [ config.makefu.airdcpp.dcpp.InPort - config.makefu.airdcpp.dcpp.TLSPort + [ config.krebs.airdcpp.dcpp.InPort + config.krebs.airdcpp.dcpp.TLSPort ]; - networking.firewall.allowedUDPPorts = [ config.makefu.airdcpp.dcpp.UDPPort ]; + networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ]; services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" = - { proxyPass = "http://localhost:${toString config.makefu.airdcpp.web.port}/"; + { proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/"; extraConfig = '' proxy_set_header Host $host; diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 963649c63..7146174fb 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,7 +2,6 @@ _: { imports = [ - ./airdcpp.nix ./awesome-extra.nix ./deluge.nix ./forward-journal.nix From ceb153423553c6a8005f34017d019e50b54a1259 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 23:33:07 +0200 Subject: [PATCH 20/82] pkgs.airdcpp-webclient: add which to wrapper --- krebs/5pkgs/simple/airdcpp-webclient/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/airdcpp-webclient/default.nix b/krebs/5pkgs/simple/airdcpp-webclient/default.nix index 361a7da65..2bc6cdca9 100644 --- a/krebs/5pkgs/simple/airdcpp-webclient/default.nix +++ b/krebs/5pkgs/simple/airdcpp-webclient/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl +{ stdenv, fetchurl, makeWrapper, which }: stdenv.mkDerivation rec { name = "airdcpp-webclient-${version}"; @@ -13,8 +13,9 @@ stdenv.mkDerivation rec { installPhase = '' mkdir -p $out/{share,bin} cp -r * $out/share - ln -s $out/share/airdcppd $out/bin/ + makeWrapper $out/share/airdcppd $out/bin/airdcppd --prefix PATH ${which}/bin ''; + nativeBuildInputs = [ makeWrapper ]; meta = with stdenv.lib; { # to start it: airdcpp -p= -c= --configure From 7c4412574ac95d1c463e6c4c8c6b4da2dbea45ed Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 23:33:42 +0200 Subject: [PATCH 21/82] ma: move ssh pubkeys to files --- krebs/3modules/makefu/default.nix | 26 +++++++++++-------- krebs/3modules/makefu/ssh/exco.pub | 1 + krebs/3modules/makefu/ssh/makefu.android.pub | 1 + krebs/3modules/makefu/ssh/makefu.bob.pub | 1 + krebs/3modules/makefu/ssh/makefu.omo.pub | 1 + .../makefu/ssh/makefu.remote-builder.pub | 1 + krebs/3modules/makefu/ssh/makefu.tempx.pub | 1 + krebs/3modules/makefu/ssh/makefu.tsp.pub | 1 + krebs/3modules/makefu/ssh/makefu.vbob.pub | 1 + krebs/3modules/makefu/ssh/makefu.x.pub | 1 + krebs/3modules/makefu/ssh/ulrich.pub | 1 + 11 files changed, 25 insertions(+), 11 deletions(-) create mode 100644 krebs/3modules/makefu/ssh/exco.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.android.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.bob.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.omo.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.remote-builder.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.tempx.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.tsp.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.vbob.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.x.pub create mode 100644 krebs/3modules/makefu/ssh/ulrich.pub diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 454f9bc65..e2e017cf5 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -4,7 +4,9 @@ with import ; ## generate keys with: # tinc generate-keys # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host -{ +let + pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); +in { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { cake = rec { cores = 4; @@ -590,6 +592,7 @@ with import ; "cache.gum.r" "logs.makefu.r" "stats.makefu.r" + "dcpp.nextgum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -654,6 +657,7 @@ with import ; "wiki.gum.r" "blog.makefu.r" "blog.gum.r" + "dcpp.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -1099,48 +1103,48 @@ with import ; users = rec { makefu = { mail = "makefu@x.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x"; + pubkey = pub-for "makefu.x"; pgp.pubkeys.default = builtins.readFile ./pgp/default.asc; pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc; }; makefu-omo = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch"; + pubkey = pub-for "makefu.omo"; }; makefu-tsp = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp"; + pubkey = pub-for "makefu.tsp"; }; makefu-vbob = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob"; + pubkey = pub-for "makefu.vbob"; }; makefu-tempx = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum"; + pubkey = pub-for "makefu.tempx"; }; makefu-android = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x"; + pubkey = pub-for "makefu.android"; }; makefu-remote-builder = { inherit (makefu) mail pgp; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild"; + pubkey = pub-for "makefu.remote-builder"; }; makefu-bob = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD"; + pubkey = pub-for "makefu.bob"; }; ciko = { mail = "wieczorek.stefan@googlemail.com"; }; ulrich = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de"; + pubkey = pub-for "ulrich"; mail = "shackspace.de@myvdr.de"; }; exco = { mail = "dickbutt@excogitation.de"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de"; + pubkey = pub-for "exco"; }; }; } diff --git a/krebs/3modules/makefu/ssh/exco.pub b/krebs/3modules/makefu/ssh/exco.pub new file mode 100644 index 000000000..cab884c0c --- /dev/null +++ b/krebs/3modules/makefu/ssh/exco.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de diff --git a/krebs/3modules/makefu/ssh/makefu.android.pub b/krebs/3modules/makefu/ssh/makefu.android.pub new file mode 100644 index 000000000..2bef2442a --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.android.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x diff --git a/krebs/3modules/makefu/ssh/makefu.bob.pub b/krebs/3modules/makefu/ssh/makefu.bob.pub new file mode 100644 index 000000000..bc8718978 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.bob.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD diff --git a/krebs/3modules/makefu/ssh/makefu.omo.pub b/krebs/3modules/makefu/ssh/makefu.omo.pub new file mode 100644 index 000000000..5567040fb --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.omo.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch diff --git a/krebs/3modules/makefu/ssh/makefu.remote-builder.pub b/krebs/3modules/makefu/ssh/makefu.remote-builder.pub new file mode 100644 index 000000000..ad49f380a --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.remote-builder.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild diff --git a/krebs/3modules/makefu/ssh/makefu.tempx.pub b/krebs/3modules/makefu/ssh/makefu.tempx.pub new file mode 100644 index 000000000..48d90040f --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.tempx.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum diff --git a/krebs/3modules/makefu/ssh/makefu.tsp.pub b/krebs/3modules/makefu/ssh/makefu.tsp.pub new file mode 100644 index 000000000..9a9c9b6f8 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.tsp.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp diff --git a/krebs/3modules/makefu/ssh/makefu.vbob.pub b/krebs/3modules/makefu/ssh/makefu.vbob.pub new file mode 100644 index 000000000..c49714e24 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.vbob.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob diff --git a/krebs/3modules/makefu/ssh/makefu.x.pub b/krebs/3modules/makefu/ssh/makefu.x.pub new file mode 100644 index 000000000..74b130f56 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.x.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/makefu/ssh/ulrich.pub new file mode 100644 index 000000000..88313ee7c --- /dev/null +++ b/krebs/3modules/makefu/ssh/ulrich.pub @@ -0,0 +1 @@ +AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de From c409536433f2b0bcb1b71117387c2f72525c79dd Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 23:34:30 +0200 Subject: [PATCH 22/82] ma 2/default: pull out minimal config into minimal.nix --- makefu/2configs/default.nix | 117 ++++++------------------------------ makefu/2configs/minimal.nix | 88 +++++++++++++++++++++++++++ 2 files changed, 106 insertions(+), 99 deletions(-) create mode 100644 makefu/2configs/minimal.nix diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 6192a92a5..61cba86d9 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -10,14 +10,27 @@ with import ; } ./editor/vim.nix ./binary-cache/nixos.nix + ./minimal.nix ]; + # users are super important + users.users = { + root = { + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; + makefu = { + uid = 9001; + group = "users"; + home = "/home/makefu"; + createHome = true; + useDefaultShell = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; + }; + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - programs.command-not-found.enable = false; - - nix.package = pkgs.nixUnstable; - nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; @@ -27,90 +40,23 @@ with import ; build.user = config.krebs.users.makefu; }; - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - makefu = { - uid = 9001; - group = "users"; - home = "/home/makefu"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "wheel" - ]; - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - }; - networking.hostName = config.krebs.build.host.name; - nix.maxJobs = 2; - nix.buildCores = config.krebs.build.host.cores; - time.timeZone = "Europe/Berlin"; - - programs.ssh = { - startAgent = false; - }; - services.openssh.enable = true; - nix.useSandbox = true; - - users.mutableUsers = false; boot.tmpOnTmpfs = true; - - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; - nix.nixPath = [ "/var/src" ]; - environment.variables = let - ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - in { - NIX_PATH = mkForce "/var/src"; - EDITOR = mkForce "vim"; - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; environment.systemPackages = with pkgs; [ jq git - get gnumake rxvt_unicode.terminfo htop ]; - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - - PYTHONSTARTUP="~/.pythonrc"; - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - ''; - - promptInit = '' - case $UID in - 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; - 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; - *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; + programs.bash.enableCompletion = true; environment.shellAliases = { # TODO: see .aliases @@ -126,12 +72,6 @@ with import ; tinc = pkgs.tinc_pre; }; - networking.timeServers = [ - "pool.ntp.org" - "time.windows.com" - "time.apple.com" - "time.nist.gov" - ]; nix.extraOptions = '' auto-optimise-store = true @@ -145,26 +85,5 @@ with import ; SystemMaxUse=1G RuntimeMaxUse=128M ''; - # Enable IPv6 Privacy Extensions - boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; - # suppress chrome autit event messages - security.audit = { - rules = [ - "-a task,never" - ]; - }; - system.activationScripts.state = optionalString (config.state != []) '' - cat << EOF - This machine is burdened with state: - ${concatMapStringsSep "\n" (d: "* ${d}") config.state} - EOF - ''; } diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix new file mode 100644 index 000000000..d764e5624 --- /dev/null +++ b/makefu/2configs/minimal.nix @@ -0,0 +1,88 @@ +{ lib, pkgs, config, ... }: +# minimal subset of sane configuration for stockholm +{ + # nobody needs this + programs.command-not-found.enable = false; + + # the only true timezone (even after the the removal of DST) + time.timeZone = "Europe/Berlin"; + + networking.hostName = config.krebs.build.host.name; + nix.buildCores = config.krebs.build.host.cores; + + # we use gpg if necessary (or nothing at all) + programs.ssh.startAgent = false; + + # all boxes look the same + nix.useSandbox = true; + # we configure users via nix + users.mutableUsers = false; + + # sane firewalling + networking.firewall.rejectPackets = true; + networking.firewall.allowPing = true; + + # openssh all the way down + services.openssh.enable = true; + + # we use stockholm via populate + nix.nixPath = [ "/var/src" ]; + + environment.variables = let + ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + in { + NIX_PATH = lib.mkForce "/var/src"; + EDITOR = lib.mkForce "vim"; + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + + programs.bash = { + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + ''; + + promptInit = '' + case $UID in + 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; + 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; + *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; + esac + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + # trust the cool guys + networking.timeServers = [ + "pool.ntp.org" + "time.nist.gov" + ]; + + # the only locale you will ever need + i18n = { + consoleKeyMap = "us"; + defaultLocale = "en_US.UTF-8"; + }; + + # suppress chrome autit event messages + security.audit = { + rules = [ + "-a task,never" + ]; + }; + + # Enable IPv6 Privacy Extensions + boot.kernel.sysctl = { + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; +} From 230630729c15d81f3f7f722bc9e83015dd30738b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 25 Sep 2018 10:35:31 +0200 Subject: [PATCH 23/82] airdcpp.mod: add DownloadDirectory --- krebs/3modules/airdcpp.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 8c72680f3..1633840f7 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -84,6 +84,7 @@ let default = null; }; dcpp = { + # entries in DCPlusPlus.xml Nick = mkOption { description = '' Nick Name for connection @@ -116,6 +117,11 @@ let type = str; default = "100"; }; + DownloadDirectory = mkOption { + description = "Directory, where new files will be saved into"; + type = str; + default = "${cfg.stateDir}/Download"; + }; shares = mkOption { default = {}; type = attrsOf (submodule ( { config, ... }: { @@ -218,6 +224,7 @@ let ${toString cfg.dcpp.InPort} ${toString cfg.dcpp.UDPPort} ${toString cfg.dcpp.TLSPort} + ${cfg.dcpp.DownloadDirectory} 0 1 0 From 89cb8c98e9a2b472f4f4c873dae8ed2e2433b0d1 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 25 Sep 2018 12:11:22 +0200 Subject: [PATCH 24/82] ma default.nix: nextgum -> backup.makefu.r --- krebs/3modules/makefu/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e2e017cf5..e2152ea1a 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -592,6 +592,7 @@ in { "cache.gum.r" "logs.makefu.r" "stats.makefu.r" + "backup.makefu.r" "dcpp.nextgum.r" ]; tinc.pubkey = '' From a374a452112ba962ab90e45b6b0f27b3a1330e4f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 Sep 2018 14:53:53 +0200 Subject: [PATCH 25/82] l radio: show recent tracks at https://radio.lassul.us/recent --- lass/2configs/radio.nix | 81 ++++++++++++++++++++++++++++++----------- 1 file changed, 59 insertions(+), 22 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index a83d51f1d..fb7ae01b6 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -131,6 +131,30 @@ in { }; }; + systemd.services.radio-recent = let + recentlyPlayed = pkgs.writeDash "recentlyPlayed" '' + LIMIT=1000 #how many tracks to keep in the history + HISTORY_FILE=/tmp/played + while :; do + ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null + ${pkgs.mpc_cli}/bin/mpc current -f %file% + done | while read track; do + echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" + echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" + done + ''; + in { + description = "radio recently played"; + after = [ "mpd.service" "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + + serviceConfig = { + ExecStart = recentlyPlayed; + }; + }; + krebs.Reaktor.playlist = { nickname = "the_playlist|r"; channels = [ @@ -157,27 +181,40 @@ in { }) ]; }; - services.nginx.virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let - html = pkgs.writeText "index.html" '' - - - - - lassulus playlist - - -
- -
-
- -
- - - + services.nginx = { + enable = true; + virtualHosts."radio.lassul.us" = { + forceSSL = true; + enableACME = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:8000; + ''; + locations."/recent".extraConfig = '' + alias /tmp/played; + ''; + }; + virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let + html = pkgs.writeText "index.html" '' + + + + + lassulus playlist + + +
+ +
+
+ +
+ + + + ''; + in '' + default_type "text/html"; + alias ${html}; ''; - in '' - default_type "text/html"; - alias ${html}; - ''; + }; } From 3216875c5b216ec9af1a8abbd634a47ba4c25638 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 25 Sep 2018 19:37:36 +0200 Subject: [PATCH 26/82] jeschli xmonad: pc_cellwidth 256 -> 100 --- jeschli/5pkgs/simple/xmonad-jeschli/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix index 88856021c..4ebd98f09 100644 --- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix +++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix @@ -222,7 +222,7 @@ myKeys conf = Map.fromList $ pagerConfig :: PagerConfig pagerConfig = def { pc_font = myFont - , pc_cellwidth = 256 + , pc_cellwidth = 100 --, pc_cellheight = 36 -- TODO automatically keep screen aspect --, pc_borderwidth = 1 --, pc_matchcolor = "#f0b000" From 4386b9a140a2a7dd9019037bfb2ac4b02ab3e658 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 25 Sep 2018 19:39:04 +0200 Subject: [PATCH 27/82] jeschli system: remove bln --- jeschli/1systems/bln/config.nix | 173 ------------------ jeschli/1systems/bln/dcso-vpn.nix | 44 ----- .../1systems/bln/hardware-configuration.nix | 35 ---- jeschli/1systems/bln/source.nix | 4 - 4 files changed, 256 deletions(-) delete mode 100644 jeschli/1systems/bln/config.nix delete mode 100644 jeschli/1systems/bln/dcso-vpn.nix delete mode 100644 jeschli/1systems/bln/hardware-configuration.nix delete mode 100644 jeschli/1systems/bln/source.nix diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix deleted file mode 100644 index 6e3c3bec8..000000000 --- a/jeschli/1systems/bln/config.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, pkgs, ... }: -# bln config file -{ - imports = [ - ./hardware-configuration.nix - - - - - - -# - - ]; - -# boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot"; - boot.loader.grub = { - devices = [ "nodev" ]; - efiSupport = true; - enable = true; - extraEntries = '' - menuentry "Debian" { - insmod ext2 - insmod chain - chainloader /EFI/debian/grubx64.efi - } - ''; - version = 2; - }; - - jeschliFontSize = 20; - - environment.shellAliases = { - n = "nix-shell"; - gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; - gh = "cd /home/markus/go/src/github.com"; - stocki = pkgs.writeDash "deploy" '' - cd ~/stockholm - LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' - ''; - }; - networking.hostName = lib.mkForce "BLN02NB0232"; - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # Setup Packages - nixpkgs.config.allowUnfree = true; - environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; - environment.systemPackages = with pkgs; [ - termite - # system helper - ag - copyq - dmenu - git - tig - i3lock - keepass - networkmanagerapplet - rsync - terminator - tmux - wget - rxvt_unicode - # editors - emacs - # databases - sqlite - # internet - thunderbird - chromium - google-chrome - # programming languages - elmPackages.elm - go - gcc - ghc - python35 - python35Packages.pip - # go tools - golint - gotools - # dev tools - gnumake - jetbrains.pycharm-professional - jetbrains.webstorm - jetbrains.goland - jetbrains.datagrip - texlive.combined.scheme-full - pandoc - redis - vagrant - # document viewer - zathura - - samba - ]; - - - programs.bash.enableCompletion = true; - programs.vim.defaultEditor = true; - - services.openssh.enable = true; - - # Enable CUPS to print documents. - services.printing.enable = true; - services.printing.drivers = [ pkgs.postscript-lexmark ]; - - services.redis.enable = true; - - services.xserver = { - - desktopManager.session = lib.mkForce []; - - enable = true; - display = 11; - tty = 11; - - dpi = 200; - - videoDrivers = [ "nvidia" ]; - synaptics = { - enable = false; - }; - - }; - - - users.extraUsers.jeschli = { - isNormalUser = true; - extraGroups = ["docker" "vboxusers" "audio"]; - uid = 1000; - }; - - system.stateVersion = "17.09"; - # Gogland Debugger workaround - # nixpkgs.config.packageOverrides = super: { - # idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { - # postFixup = '' - # interp="$(cat $NIX_CC/nix-support/dynamic-linker)" - # patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv - # chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv - # ''; - # }); - # }; - - virtualisation.docker.enable = true; - - # DCSO Certificates - security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; }) - - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; }) - ]; - - - hardware.bluetooth.enable = true; - krebs.build.host = config.krebs.hosts.bln; - - networking.interfaces.enp0s31f6.ipv4.addresses = [ - { address = "10.99.23.2"; prefixLength = 24; } - ]; - -} diff --git a/jeschli/1systems/bln/dcso-vpn.nix b/jeschli/1systems/bln/dcso-vpn.nix deleted file mode 100644 index 0a5623bf0..000000000 --- a/jeschli/1systems/bln/dcso-vpn.nix +++ /dev/null @@ -1,44 +0,0 @@ -with import ; -{ ... }: - -{ - - users.extraUsers = { - dcsovpn = rec { - name = "dcsovpn"; - uid = genid "dcsovpn"; - description = "user for running dcso openvpn"; - home = "/home/${name}"; - }; - }; - - users.extraGroups.dcsovpn.gid = genid "dcsovpn"; - - services.openvpn.servers = { - dcso = { - config = '' - client - dev tun - tun-mtu 1356 - mssfix - proto udp - float - remote 217.111.55.41 1194 - nobind - user dcsovpn - group dcsovpn - persist-key - persist-tun - ca ${toString } - cert ${toString } - key ${toString } - verb 3 - mute 20 - auth-user-pass ${toString } - route-method exe - route-delay 2 - ''; - updateResolvConf = true; - }; - }; -} diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix deleted file mode 100644 index 35f0b3bca..000000000 --- a/jeschli/1systems/bln/hardware-configuration.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d"; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/927E-01A0"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = "powersave"; - - hardware.pulseaudio.enable = true; -} diff --git a/jeschli/1systems/bln/source.nix b/jeschli/1systems/bln/source.nix deleted file mode 100644 index 0864fd90c..000000000 --- a/jeschli/1systems/bln/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "bln"; - secure = true; -} From b605a12d5b3c1ba3fa19ea06231b185d0b5e29a4 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 25 Sep 2018 19:45:44 +0200 Subject: [PATCH 28/82] jeschli brauerei: krops deploy --- jeschli/1systems/brauerei/config.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 4cd544a66..3d21b9e2e 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -37,6 +37,11 @@ cd ~/stockholm exec nix-shell -I stockholm="$PWD" --run 'deploy --system="brauerei"' ''; + deploy = pkgs.writeDash "deploy" '' + set -eu + export SYSTEM="$1" + $(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + ''; }; environment.systemPackages = with pkgs; [ From f922d5947acc3151619ec06962197a800d3138eb Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 25 Sep 2018 19:48:29 +0200 Subject: [PATCH 29/82] jeschli brauerei: dev user for jeschli and lass --- jeschli/1systems/brauerei/config.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 3d21b9e2e..0c01b7948 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -143,6 +143,14 @@ isNormalUser = true; uid = 1001; # TODO genid }; + users.users.dev = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" + ]; + }; + users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" From ab41311a506ddacc908d97ef4e5ef89e2ca29a43 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 25 Sep 2018 20:42:19 +0200 Subject: [PATCH 30/82] nix-writers: 3.0.0 -> 3.1.0 --- submodules/nix-writers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/nix-writers b/submodules/nix-writers index c27a9416e..0660cc1a1 160000 --- a/submodules/nix-writers +++ b/submodules/nix-writers @@ -1 +1 @@ -Subproject commit c27a9416e8ee04d708b11b48f8cf1a055c0cc079 +Subproject commit 0660cc1a1169e799bda356c6fadb245a96345816 From 6cf8b42c0bf5b256db0bcd3c051c528052cfe5b2 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 25 Sep 2018 21:00:47 +0200 Subject: [PATCH 31/82] krebs: remove bln --- krebs/3modules/jeschli/default.nix | 37 ------------------------------ 1 file changed, 37 deletions(-) diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index ab8fe097d..c0cb601bc 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -7,43 +7,6 @@ with import ; owner = config.krebs.users.jeschli; ci = true; }) { - bln = { - nets = { - retiolum = { - ip4.addr = "10.243.27.28"; - ip6.addr = "42::28"; - aliases = [ - "bln.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEAwoN2f6iyQ1Wnk4rZVqhovny8VpwWvC9buE+NoedRaxmWmA5QIP02 - BLwTWFKnbiKOQiYN+a4m/JKs0fFOjYCa2EKhqWWKwdEIN4wJTq8zrjzIaa2rdz+8 - tamE+8rSYDE+RbJ6Gs3SUDfwcxJT6FXCi3JYoirdhAssLSwTf9d5IsfXvkKMabky - FpY9Im51utmIR8UmYL4Ti7dEaOxif+5Hgl1LuitC8e2IIZJhXJprK9tJk9J0LRWt - PUM31IG1+A2hNBzs5hferLmmwFvYF1sJ22NtFepxVyOLaLcLEFKWHyU+14qEMSgL - acsu0lgVZ4A1TY6vVBmawfVCzUzRfalNIty1x+qDA4MB1RQ4W7ivWCjd/+wirSyc - BLxCvriXRdUwPIRoHy0kNMmS83HGm2iv2IrHUrcH8lyJvMys216J2lCF2arRVnBn - lArObfR3mXgd/YoANmZ4cinLAjLCjCjXfOe39+pvTFph6WnDt4gOO+tQlnCk19Fa - NoiK1THcuZiFVE+4CAXVmstNqYKSMgw+Upw7/t6iUzur98iwKpcicomhJjGVVtbg - 2iDf4lYVrUyb7iPns2T4EzAuHk7iESktEASU5creSbWYRu/4uyhuNlUoiCpVOEKg - H9jkrLlCpQGv/GmgdH9oj35Dsv5TINauCT2jjWV65wcKAlvyafy5UtLyF4HBRHaM - 2xyxC9gxr8bmeOFyOnHVJQvpkeLxyaRp/VppjCTzr82TQvpZd5a+tISIbDGfqX1o - cEyPsowb3KHNtW9DqRBp+80fPGnQHsNjVXbJb37wjpnR/ePg/XyENbZF/OQEsjqt - bki8hZQXKJAFyx1bq/2A1q4ocx7JlJKynL4szG1unHbSPKNH2OOVvoezuP7e+lXU - gnzrSbe9lPIOp4Vu1HjWOi6tNWZFoZrSHVIK+VGxm+wm/HoS+Enj4Yq+vRvU3luv - UllR5KHHK2970RbFEUE0zaVMZjQn5KgJjFXfqfrCztp0wZ5CQo+tRFPq35llaIQ2 - 0WyT2IZlxt1Xr2IpOM0DpO4SJnivZT/wdZN7upzsUPf4a9suztpA3KcKAKqH0OM5 - fv2/LXspc73vACAOZ9qDJnwp8bFrMOaQdAL1oPpOLB3yYTDA3E20IAQ6OKoSy1Nl - B4coqo1gBCcMrWwVFYAuc5J4itXJ0SSj67+WUnuDzPm88LI3g+AO0r1m6k6YdA58 - SeNxYPMLYNLRg86rsjKjXu+QyvBsd04O/QvIxpTFCtdjbUXNS1H4++/inYZSwWPp - U0lN9erLJbwr4WqU/Mn6J+jKijXwmCSiF5if5baszMsOL/0u9yFt6OcaLyehE3sJ - eAo00n9phSna0lxtbtRnh/Gd4D7rFcX33wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; brauerei = { nets = { retiolum = { From 7a0d3121be1ae433a612ad77e9bb693a66aed41c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Sep 2018 00:22:27 +0200 Subject: [PATCH 32/82] ma nextgum/hardware-config: dm-raid is required to boot raid1 lvm --- makefu/1systems/nextgum/hardware-config.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix index 944210701..bfe29b46c 100644 --- a/makefu/1systems/nextgum/hardware-config.nix +++ b/makefu/1systems/nextgum/hardware-config.nix @@ -41,11 +41,12 @@ in { boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.devices = [ main-disk ]; + boot.initrd.kernelModules = [ "dm-raid" ]; boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ]; + boot.kernelModules = [ "kvm-intel" ]; hardware.enableRedistributableFirmware = true; fileSystems."/" = { device = "/dev/mapper/nixos-root"; @@ -59,6 +60,10 @@ in { device = "/dev/mapper/nixos-download"; fsType = "ext4"; }; + fileSystems."/var/lib/borgbackup" = { + device = "/dev/mapper/nixos-backup"; + fsType = "ext4"; + }; fileSystems."/boot" = { device = "/dev/sda2"; fsType = "vfat"; @@ -79,8 +84,12 @@ in { #vgcreate nixos /dev/sda3 /dev/sdb1 #lvcreate -L 120G -m 1 -n root nixos #lvcreate -L 50G -m 1 -n lib nixos - #lvcreate -L 50G -n download nixos + #lvcreate -L 100G -n download nixos + #lvcreate -L 100G -n backup nixos #mkfs.ext4 /dev/mapper/nixos-root + #mkfs.ext4 /dev/mapper/nixos-lib + #mkfs.ext4 /dev/mapper/nixos-download + #mkfs.ext4 /dev/mapper/nixos-borgbackup #mount /dev/mapper/nixos-root /mnt #mkdir /mnt/boot #mount /dev/sda2 /mnt/boot From 56f80ba7a8397c7d9c057d3d81327ee932dcf4d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 26 Sep 2018 17:27:30 +0200 Subject: [PATCH 33/82] Reaktor: 0.6.0 -> 0.6.1 --- krebs/5pkgs/simple/Reaktor/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix index a9566087f..b66e2b22c 100644 --- a/krebs/5pkgs/simple/Reaktor/default.nix +++ b/krebs/5pkgs/simple/Reaktor/default.nix @@ -2,7 +2,7 @@ python3Packages.buildPythonPackage rec { name = "Reaktor-${version}"; - version = "0.6.0"; + version = "0.6.1"; doCheck = false; @@ -14,7 +14,7 @@ python3Packages.buildPythonPackage rec { owner = "krebs"; repo = "Reaktor"; rev = version; - sha256 = "0nsnv1rixmlg5wkb74b4f5bycb42b9rp4b14hijh558hbsa1b9am"; + sha256 = "0mw2zizv8p264zqqrnb5qyx7szldcza5ma190292a1qlasyg1b4m"; }; meta = { homepage = http://krebsco.de/; From deac0b64c09882ee70240e1fa538d7d64e7e8181 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 29 Sep 2018 23:19:02 +0200 Subject: [PATCH 34/82] buildbot-stockholm: test krops --- krebs/2configs/buildbot-stockholm.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index d10fb7203..5784f2cdc 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -22,6 +22,12 @@ "http://cgit.ni.r/disko" "http://cgit.prism.r/disko" ]; + krops.urls = [ + "http://cgit.hotdog.r/krops" + "http://cgit.ni.r/krops" + "http://cgit.prism.r/krops" + "https://git.ingolf-wagner.de/krebs/krops.git" + ]; nix_writers.urls = [ "http://cgit.hotdog.r/nix-writers" "http://cgit.ni.r/nix-writers" From a86a6761f784fbfa68cd400cd84d08ddfb9aa066 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 29 Sep 2018 23:40:32 +0200 Subject: [PATCH 35/82] ma pkgs.4nxci: init --- makefu/5pkgs/4nxci/default.nix | 52 ++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 makefu/5pkgs/4nxci/default.nix diff --git a/makefu/5pkgs/4nxci/default.nix b/makefu/5pkgs/4nxci/default.nix new file mode 100644 index 000000000..3aba3be45 --- /dev/null +++ b/makefu/5pkgs/4nxci/default.nix @@ -0,0 +1,52 @@ +{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }: +let + + mymbedtls = lib.overrideDerivation mbedtls (old: rec { + name = "mbedtls-${version}"; + version = "2.13.0"; + src = fetchFromGitHub { + owner = "ARMmbed"; + repo = "mbedtls"; + rev = name; + sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j"; + }; + buildInputs = old.buildInputs ++ [ python2 ]; + postConfigure = '' + perl scripts/config.pl set MBEDTLS_CMAC_C + ''; + doCheck = false; + + }); +in stdenv.mkDerivation rec { + name = "4nxci-${version}"; + version = "1.30"; + + src = fetchFromGitHub { + owner = "The-4n"; + repo = "4NXCI"; + rev = "v${version}"; + sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh"; + }; + + buildPhase = '' + cp config.mk.template config.mk + sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile + sed -i 's#\(LIBDIR =\).*#\1${mymbedtls}/lib#' Makefile + make 4nxci + ''; + + installPhase = '' + install -m755 -D 4nxci $out/bin/4nxci + ''; + + #preInstall = '' + # mkdir -p $out/bin + #''; + + buildInputs = [ mymbedtls ]; + + meta = { + description = "convert xci to nsp"; + license = lib.licenses.isc; + }; +} From 0a17a244962778ef1597ac5749fb66d886053dd8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 4 Oct 2018 12:36:23 +0200 Subject: [PATCH 36/82] l mors.r: add adb-sync to pkgs --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 69954a3e9..d3fb441a8 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -77,6 +77,7 @@ with import ; environment.systemPackages = [ pkgs.ovh-zone pkgs.bank + pkgs.adb-sync ]; } { From 1ca261eb502780a77d3059f54128720a2ed58e6a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 18:33:03 +0200 Subject: [PATCH 37/82] l prism.r: remove radio.lassul.us --- lass/1systems/prism/config.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f83721070..bf7de6fc5 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -291,16 +291,6 @@ with import ; ]; } { - services.nginx = { - enable = true; - virtualHosts."radio.lassul.us" = { - forceSSL = true; - enableACME = true; - locations."/".extraConfig = '' - proxy_pass http://localhost:8000; - ''; - }; - }; } { lass.nichtparasoup.enable = true; From c2442a231dc76a5a9b4bad20631d2732220052c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 18:33:21 +0200 Subject: [PATCH 38/82] l: add ccc@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 846000a3a..6ef3c8595 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -89,6 +89,7 @@ with import ; { from = "cis@lassul.us"; to = lass.mail; } { from = "afra@lassul.us"; to = lass.mail; } { from = "ksp@lassul.us"; to = lass.mail; } + { from = "ccc@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From d25204e852f314d3044c37f4e3472d5d376e5c1c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 18:33:36 +0200 Subject: [PATCH 39/82] l git: add nixos-generators --- lass/2configs/git.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 97def9df3..253c56e48 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -62,6 +62,10 @@ let cgit.desc = "high level writers for nix"; cgit.section = "software"; }; + nixos-generators = { + cgit.desc = "custom image builders"; + cgit.section = "software"; + }; nixpkgs = { cgit.desc = "nixpkgs fork"; cgit.section = "configuration"; From d3660625e1aab1daa321ad7c13b39398e4aa3771 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 18:35:29 +0200 Subject: [PATCH 40/82] l radio: add mors to authorizedKeys --- lass/2configs/radio.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index fb7ae01b6..bf6855804 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -36,8 +36,9 @@ in { home = "/home/${name}"; useDefaultShell = true; createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-mors.pubkey ]; }; }; From f9595d16f95800db745bb9e1175d339e216941c0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 18:44:49 +0200 Subject: [PATCH 41/82] nixpkgs: d16a7ab -> 6a3f5bc (18.09) --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index a3612fa7a..c9854fabd 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "d16a7abceb72aac85e0deb8c45fbcb7127baf628", - "date": "2018-09-20T18:31:51-05:00", - "sha256": "0byf6rlwwy70v2sdfmv7mnwd0kvxmlq0pi8ijghg0mcfhcqibgh7", + "rev": "6a3f5bcb061e1822f50e299f5616a0731636e4e7", + "date": "2018-10-05T18:33:19-04:00", + "sha256": "1ib96has10v5nr6bzf7v8kw7yzww8zanxgw2qi1ll1sbv6kj6zpd", "fetchSubmodules": true } From 96c3bdb8f49d04daf9363b41f56b2121c75e7af7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 19:15:05 +0200 Subject: [PATCH 42/82] l baseX: remove deprecated nix-repl --- lass/2configs/baseX.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 95aac2d18..e8a2539f3 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -71,7 +71,6 @@ in { lm_sensors ncdu nix-index - nix-repl nmap pavucontrol powertop From bc4daadeff27a7491bf2db4887c76375900b0726 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 19:16:54 +0200 Subject: [PATCH 43/82] remove pass --- krebs/5pkgs/simple/pass/default.nix | 121 ------------------ .../5pkgs/simple/pass/no-darwin-getopt.patch | 9 -- krebs/5pkgs/simple/pass/rofi-pass.nix | 57 --------- .../set-correct-program-name-for-sleep.patch | 69 ---------- 4 files changed, 256 deletions(-) delete mode 100644 krebs/5pkgs/simple/pass/default.nix delete mode 100644 krebs/5pkgs/simple/pass/no-darwin-getopt.patch delete mode 100644 krebs/5pkgs/simple/pass/rofi-pass.nix delete mode 100644 krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch diff --git a/krebs/5pkgs/simple/pass/default.nix b/krebs/5pkgs/simple/pass/default.nix deleted file mode 100644 index c2fe0e1d7..000000000 --- a/krebs/5pkgs/simple/pass/default.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ stdenv, lib, fetchurl, fetchFromGitHub -, coreutils, gnused, getopt, git, tree, gnupg, which, procps, qrencode -, makeWrapper - -, pass-otp - -, xclip ? null, xdotool ? null, dmenu ? null -, x11Support ? !stdenv.isDarwin -, tombPluginSupport ? false, tomb -}: - -with lib; - -assert x11Support -> xclip != null - && xdotool != null - && dmenu != null; - -let - plugins = map (p: (fetchFromGitHub { - owner = "roddhjav"; - repo = "pass-${p.name}"; - inherit (p) rev sha256; - })) - ([ - { name = "import"; - rev = "491935bd275f29ceac2b876b3a288011d1ce31e7"; - sha256 = "02mbh05ab8h7kc30hz718d1d1vkjz43b96c7p0xnd92610d2q66q"; } - { name = "update"; - rev = "cf576c9036fd18efb9ed29e0e9f811207b556fde"; - sha256 = "1hhbrg6a2walrvla6q4cd3pgrqbcrf9brzjkb748735shxfn52hd"; } - ] ++ stdenv.lib.optional tombPluginSupport { - name = "tomb"; - rev = "3368134898a42c1b758fabac625ec240e125c6be"; - sha256 = "0qqmxfg4w3r088qhlkhs44036mya82vjflsjjhw2hk8y0wd2i6ds"; } - ); - -in stdenv.mkDerivation rec { - version = "1.7.2"; - name = "password-store-${version}"; - - src = fetchurl { - url = "http://git.zx2c4.com/password-store/snapshot/${name}.tar.xz"; - sha256 = "1sl0d7nc85c6c2bmmmyb8rpmn47vhkj831l153mjlkawjvhwas27"; - }; - - patches = [ ./set-correct-program-name-for-sleep.patch - ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; - - nativeBuildInputs = [ makeWrapper ]; - - installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ]; - - postInstall = '' - # plugins - ${stdenv.lib.concatStringsSep "\n" (map (plugin: '' - pushd ${plugin} - PREFIX=$out make install - popd - '') plugins)} - - ln -s \ - ${pass-otp}/lib/password-store/extensions/otp.bash \ - $out/lib/password-store/extensions/ - - ln -s \ - ${pass-otp}/share/man/man1/pass-otp.1.gz \ - $out/share/man/man1/ - - # Install Emacs Mode. NOTE: We can't install the necessary - # dependencies (s.el and f.el) here. The user has to do this - # himself. - mkdir -p "$out/share/emacs/site-lisp" - cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/" - '' + optionalString x11Support '' - cp "contrib/dmenu/passmenu" "$out/bin/" - ''; - - wrapperPath = with stdenv.lib; makeBinPath ([ - coreutils - getopt - git - gnupg - gnused - tree - which - qrencode - ] ++ optional tombPluginSupport tomb - ++ optional stdenv.isLinux procps - ++ ifEnable x11Support [ dmenu xclip xdotool ]); - - postFixup = '' - # Fix program name in --help - substituteInPlace $out/bin/pass \ - --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass" - - # Ensure all dependencies are in PATH - wrapProgram $out/bin/pass \ - --prefix PATH : "${wrapperPath}" - '' + stdenv.lib.optionalString x11Support '' - # We just wrap passmenu with the same PATH as pass. It doesn't - # need all the tools in there but it doesn't hurt either. - wrapProgram $out/bin/passmenu \ - --prefix PATH : "$out/bin:${wrapperPath}" - ''; - - meta = with stdenv.lib; { - description = "Stores, retrieves, generates, and synchronizes passwords securely"; - homepage = https://www.passwordstore.org/; - license = licenses.gpl2Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz ]; - platforms = platforms.unix; - - longDescription = '' - pass is a very simple password store that keeps passwords inside gpg2 - encrypted files inside a simple directory tree residing at - ~/.password-store. The pass utility provides a series of commands for - manipulating the password store, allowing the user to add, remove, edit, - synchronize, generate, and manipulate passwords. - ''; - }; -} diff --git a/krebs/5pkgs/simple/pass/no-darwin-getopt.patch b/krebs/5pkgs/simple/pass/no-darwin-getopt.patch deleted file mode 100644 index e8f7e138f..000000000 --- a/krebs/5pkgs/simple/pass/no-darwin-getopt.patch +++ /dev/null @@ -1,9 +0,0 @@ -diff -Naur password-store-1.6.5-orig/src/platform/darwin.sh password-store-1.6.5/src/platform/darwin.sh ---- password-store-1.6.5-orig/src/platform/darwin.sh 2015-01-28 16:43:02.000000000 +0000 -+++ password-store-1.6.5/src/platform/darwin.sh 2015-02-15 16:09:02.000000000 +0000 -@@ -31,5 +31,4 @@ - mount -t hfs -o noatime -o nobrowse "$DARWIN_RAMDISK_DEV" "$SECURE_TMPDIR" || die "Error: could not mount filesystem on ramdisk." - } - --GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt" - SHRED="srm -f -z" diff --git a/krebs/5pkgs/simple/pass/rofi-pass.nix b/krebs/5pkgs/simple/pass/rofi-pass.nix deleted file mode 100644 index 61f51973e..000000000 --- a/krebs/5pkgs/simple/pass/rofi-pass.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ stdenv, fetchFromGitHub, pass, rofi, coreutils, utillinux, xdotool, gnugrep -, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper -}: - -stdenv.mkDerivation rec { - name = "rofi-pass-${version}"; - version = "1.5.3"; - - src = fetchFromGitHub { - owner = "carnager"; - repo = "rofi-pass"; - rev = version; - sha256 = "1fn1j2rf3abc5qb44zfc8z8ffw6rva4xfp7597hwr1g3szacazpq"; - }; - - buildInputs = [ makeWrapper ]; - - dontBuild = true; - - installPhase = '' - mkdir -p $out/bin - cp -a rofi-pass $out/bin/rofi-pass - - mkdir -p $out/share/doc/rofi-pass/ - cp -a config.example $out/share/doc/rofi-pass/config.example - ''; - - wrapperPath = with stdenv.lib; makeBinPath [ - coreutils - findutils - gawk - gnugrep - gnused - libnotify - pass - pwgen - rofi - utillinux - xclip - xdotool - ]; - - fixupPhase = '' - patchShebangs $out/bin - - wrapProgram $out/bin/rofi-pass \ - --prefix PATH : "${wrapperPath}" - ''; - - meta = { - description = "A script to make rofi work with password-store"; - homepage = https://github.com/carnager/rofi-pass; - maintainers = with stdenv.lib.maintainers; [ the-kenny garbas ]; - license = stdenv.lib.licenses.gpl3; - platforms = with stdenv.lib.platforms; linux; - }; -} diff --git a/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch b/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch deleted file mode 100644 index 782e06e20..000000000 --- a/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 25b44e00ed5df8ffe2782d38ad5cd9f514379599 Mon Sep 17 00:00:00 2001 -From: "Andrew R. M" -Date: Sat, 8 Apr 2017 13:50:01 -0400 -Subject: [PATCH] Patch the clip() function to work even when using - single-binary coreutils - ---- - src/password-store.sh | 4 ++-- - src/platform/cygwin.sh | 4 ++-- - src/platform/darwin.sh | 4 ++-- - 3 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/password-store.sh b/src/password-store.sh -index 6a4172d..4dbd6b8 100755 ---- a/src/password-store.sh -+++ b/src/password-store.sh -@@ -155,11 +155,11 @@ clip() { - # variable. Specifically, it cannot store nulls nor (non-trivally) store - # trailing new lines. - local sleep_argv0="password store sleep on display $DISPLAY" -- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 -+ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 - local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)" - echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" - ( -- ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" ) -+ ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") ) - local now="$(xclip -o -selection "$X_SELECTION" | base64)" - [[ $now != $(echo -n "$1" | base64) ]] && before="$now" - -diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh -index 6e5dd86..f3574c4 100644 ---- a/src/platform/cygwin.sh -+++ b/src/platform/cygwin.sh -@@ -3,11 +3,11 @@ - - clip() { - local sleep_argv0="password store sleep on display $DISPLAY" -- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 -+ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 - local before="$(base64 < /dev/clipboard)" - echo -n "$1" > /dev/clipboard - ( -- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) -+ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) - local now="$(base64 < /dev/clipboard)" - [[ $now != $(echo -n "$1" | base64) ]] && before="$now" - echo "$before" | base64 -d > /dev/clipboard -diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh -index 86eb325..deb04c4 100644 ---- a/src/platform/darwin.sh -+++ b/src/platform/darwin.sh -@@ -3,11 +3,11 @@ - - clip() { - local sleep_argv0="password store sleep for user $(id -u)" -- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 -+ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 - local before="$(pbpaste | openssl base64)" - echo -n "$1" | pbcopy - ( -- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) -+ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) - local now="$(pbpaste | openssl base64)" - [[ $now != $(echo -n "$1" | openssl base64) ]] && before="$now" - echo "$before" | openssl base64 -d | pbcopy --- -2.12.2 - From 9f66fcc63a2d1dba5598e17d7b25ba4df53988cf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 19:32:25 +0200 Subject: [PATCH 44/82] force xserver values --- jeschli/1systems/brauerei/config.nix | 4 ++-- tv/2configs/xserver/default.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 0c01b7948..4ba888e39 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -121,8 +121,8 @@ desktopManager.session = lib.mkForce []; enable = true; - display = 11; - tty = 11; + display = lib.mkForce 11; + tty = lib.mkForce 11; dpi = 144; diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 6ef8a8768..e33b431da 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -42,8 +42,8 @@ in { desktopManager.session = mkForce []; enable = true; - display = 11; - tty = 11; + display = mkForce 11; + tty = mkForce 11; synaptics = { enable = true; From e7eab7bd54a69ddf6f71adf9d2796070ee154f8e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 21:49:36 +0200 Subject: [PATCH 45/82] l vim: remove unstable_nixpkgs hack --- lass/2configs/vim.nix | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 823d9a8ca..f757e5044 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -2,12 +2,6 @@ with import ; let - unstable_nixpkgs = import (pkgs.fetchFromGitHub { - owner = "NixOS"; - repo = "nixpkgs"; - rev = "a8c71037e041725d40fbf2f3047347b6833b1703"; - sha256 = "1z4cchcw7qgjhy0x6mnz7iqvpswc2nfjpdynxc54zpm66khfrjqw"; - }) {}; out = { environment.systemPackages = [ (hiPrio vim) @@ -15,7 +9,7 @@ let (pkgs.writeDashBin "govet" '' go vet "$@" '') - (hiPrio (unstable_nixpkgs.python3.withPackages (ps: [ + (hiPrio (pkgs.python3.withPackages (ps: [ ps.python-language-server ps.pyls-isort ]))) @@ -135,7 +129,7 @@ let pkgs.vimPlugins.undotree pkgs.vimPlugins.vim-go pkgs.vimPlugins.fzf-vim - unstable_nixpkgs.vimPlugins.LanguageClient-neovim + pkgs.vimPlugins.LanguageClient-neovim (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; src = pkgs.fetchFromGitHub { From 27ade7dcbcc4f9b0f249f5f4621b37d017c3faeb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 21:57:04 +0200 Subject: [PATCH 46/82] l games: remove (broken) dwarf fortress --- lass/2configs/games.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 81f53bf69..17c3cf3be 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -57,7 +57,6 @@ let in { environment.systemPackages = with pkgs; [ - (dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; }) doom1 doom2 vdoom1 From 1f23af4309d077a4a98c2ad8539db12d062842a5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 22:10:26 +0200 Subject: [PATCH 47/82] l mors.r: use stable nix --- lass/1systems/mors/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index d3fb441a8..6d65b58c2 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -144,7 +144,6 @@ with import ; OnCalendar = "00:37"; }; - nix.package = pkgs.nixUnstable; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; From 43f5473ddc6dc1a26e1dd26085113e357274987a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 21:49:36 +0200 Subject: [PATCH 48/82] l vim: remove unstable_nixpkgs hack --- lass/2configs/vim.nix | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 823d9a8ca..f757e5044 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -2,12 +2,6 @@ with import ; let - unstable_nixpkgs = import (pkgs.fetchFromGitHub { - owner = "NixOS"; - repo = "nixpkgs"; - rev = "a8c71037e041725d40fbf2f3047347b6833b1703"; - sha256 = "1z4cchcw7qgjhy0x6mnz7iqvpswc2nfjpdynxc54zpm66khfrjqw"; - }) {}; out = { environment.systemPackages = [ (hiPrio vim) @@ -15,7 +9,7 @@ let (pkgs.writeDashBin "govet" '' go vet "$@" '') - (hiPrio (unstable_nixpkgs.python3.withPackages (ps: [ + (hiPrio (pkgs.python3.withPackages (ps: [ ps.python-language-server ps.pyls-isort ]))) @@ -135,7 +129,7 @@ let pkgs.vimPlugins.undotree pkgs.vimPlugins.vim-go pkgs.vimPlugins.fzf-vim - unstable_nixpkgs.vimPlugins.LanguageClient-neovim + pkgs.vimPlugins.LanguageClient-neovim (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; src = pkgs.fetchFromGitHub { From 0e0df32d9a84b5c79dab7e3ba47cb7bbe8a9ab0b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 21:57:04 +0200 Subject: [PATCH 49/82] l games: remove (broken) dwarf fortress --- lass/2configs/games.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 81f53bf69..17c3cf3be 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -57,7 +57,6 @@ let in { environment.systemPackages = with pkgs; [ - (dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; }) doom1 doom2 vdoom1 From 921473db45c83c192d3b72a7e326715b9652abbf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 22:10:26 +0200 Subject: [PATCH 50/82] l mors.r: use stable nix --- lass/1systems/mors/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index d3fb441a8..6d65b58c2 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -144,7 +144,6 @@ with import ; OnCalendar = "00:37"; }; - nix.package = pkgs.nixUnstable; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; From 5962e2378a70c7a4f4bcee2131064b0f80f8ade3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 22:32:40 +0200 Subject: [PATCH 51/82] l vim: remove flake8 --- lass/2configs/vim.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index f757e5044..855c30b3e 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -5,7 +5,6 @@ let out = { environment.systemPackages = [ (hiPrio vim) - pkgs.python35Packages.flake8 (pkgs.writeDashBin "govet" '' go vet "$@" '') From c61802ec9b8d979ea6d59f5299f3197f25186528 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Oct 2018 23:59:50 +0200 Subject: [PATCH 52/82] l xmonad: fix minimize with xmonad-contrib 0.15 --- lass/5pkgs/custom/xmonad-lass/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 3bff9d450..087d54eca 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -31,6 +31,7 @@ import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch) +import XMonad.Actions.Minimize (minimizeWindow, maximizeWindow, withLastMinimized) import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) @@ -39,7 +40,7 @@ import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) -import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) +import XMonad.Layout.Minimize (minimize) import XMonad.Layout.NoBorders (smartBorders) import XMonad.Layout.SimplestFloat (simplestFloat) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) @@ -135,7 +136,7 @@ myKeyMap = , ("M4-C-v", withWorkspace autoXPConfig (windows . copy)) , ("M4-m", withFocused minimizeWindow) - , ("M4-S-m", sendMessage RestoreNextMinimizedWin) + , ("M4-S-m", withLastMinimized maximizeWindow) , ("M4-q", windowPromptGoto infixAutoXPConfig) , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig) From 4c2a785d220bc9069546ac3fbe0cdc08262534c9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 00:06:50 +0200 Subject: [PATCH 53/82] buildbot: use dateutil --- krebs/5pkgs/simple/buildbot-classic/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 665b36ab4..c127d2987 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -17,7 +17,7 @@ python2Packages.buildPythonApplication rec { propagatedBuildInputs = [ python2Packages.jinja2 python2Packages.twisted - python2Packages.dateutil_1_5 + python2Packages.dateutil python2Packages.sqlalchemy_migrate python2Packages.pysqlite pkgs.coreutils From 10597a47723ae3161ddd0cc1fda1bd4ed136ded8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 00:39:21 +0200 Subject: [PATCH 54/82] j brauerei.r: force lightdm off --- jeschli/1systems/brauerei/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 0c01b7948..3ec2b5c27 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -119,6 +119,8 @@ # Don't install feh into systemPackages # refs desktopManager.session = lib.mkForce []; + displayManager.lightdm.enable = lib.mkForce false; + displayManager.job.execCmd = lib.mkForce "derp"; enable = true; display = 11; From ea82a695cf7895bd607cec4b5b80f3f90e736ce1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 00:22:41 +0200 Subject: [PATCH 55/82] l reaktor-coders: RIP rup --- lass/2configs/reaktor-coders.nix | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 44d8984d7..7cdcdf20c 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -63,24 +63,6 @@ with import ; -e "@kind $1" ''; }) - (buildSimpleReaktorPlugin "random-unicorn-porn" { - pattern = "^!rup$$"; - script = pkgs.writePython2 "rup" {} '' - t1 = """ - _. - ;=',_ () - 8===D~~ S" .--`|| - sS \__ || - __.' ( \-->|| - _=/ _./-\/ || - 8===D~~ ((\( /-' -'l || - ) |/ \\ (_)) - \\ \\ - '~ '~ - """ - print(t1) - ''; - }) (buildSimpleReaktorPlugin "ping" { pattern = "^!ping (?P.*)$$"; script = pkgs.writeDash "ping" '' From 999f9112ed1d045955384d7cc0b939aa1968aba4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 12:09:32 +0200 Subject: [PATCH 56/82] repo-sync: remove deprecated isPy --- krebs/5pkgs/simple/repo-sync/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix index 8393cd79f..66f220ba6 100644 --- a/krebs/5pkgs/simple/repo-sync/default.nix +++ b/krebs/5pkgs/simple/repo-sync/default.nix @@ -3,7 +3,6 @@ with python3Packages; buildPythonPackage rec { name = "repo-sync-${version}"; version = "0.2.7"; - disabled = isPy26 || isPy27; propagatedBuildInputs = [ docopt GitPython From 2e42b38329850ff5306bb5f5b963bf6cc0c34683 Mon Sep 17 00:00:00 2001 From: jeschli Date: Fri, 5 Oct 2018 14:04:27 +0200 Subject: [PATCH 57/82] j brauerei: +luis @ dev tmux --- jeschli/1systems/brauerei/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 3ec2b5c27..98db60e4f 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -149,6 +149,7 @@ isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" ]; }; From 94a074f7c3f696a93a497177a4c134cb0fc70342 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 16:49:08 +0200 Subject: [PATCH 58/82] krops: init submodule --- .gitmodules | 3 +++ submodules/krops | 1 + 2 files changed, 4 insertions(+) create mode 160000 submodules/krops diff --git a/.gitmodules b/.gitmodules index c96fec739..f35a9250d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "submodules/nix-writers"] path = submodules/nix-writers url = http://cgit.krebsco.de/nix-writers +[submodule "submodules/krops"] + path = submodules/krops + url = https://cgit.krebsco.de/krops diff --git a/submodules/krops b/submodules/krops new file mode 160000 index 000000000..e2b296542 --- /dev/null +++ b/submodules/krops @@ -0,0 +1 @@ +Subproject commit e2b29654251367545700154ffbac806705dd04c0 From 90b2cb7bd975eadca9356f5bfe446bfac241f87b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 17:08:01 +0200 Subject: [PATCH 59/82] krops: import from submodules --- krebs/krops.nix | 5 +---- makefu/krops.nix | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/krebs/krops.nix b/krebs/krops.nix index 864cc8066..89354c1ea 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -1,9 +1,6 @@ { name }: rec { - krops = builtins.fetchGit { - url = https://cgit.krebsco.de/krops/; - rev = "c46166d407c7d246112f13346621a3fbdb25889e"; - }; + krops = ../submodules/krops; lib = import "${krops}/lib"; diff --git a/makefu/krops.nix b/makefu/krops.nix index ddb4afece..4f55915af 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -1,8 +1,5 @@ { config ? config, name, target ? name }: let - krops = builtins.fetchGit { - url = https://cgit.krebsco.de/krops/; - rev = "4e466eaf05861b47365c5ef46a31a188b70f3615"; - }; + krops = ../submodules/krops; nixpkgs-src = lib.importJSON ./nixpkgs.json; lib = import "${krops}/lib"; From c84b92f30cd4758cc213e0d5ca9ebfa91588851f Mon Sep 17 00:00:00 2001 From: jeschli Date: Sun, 7 Oct 2018 16:42:45 +0200 Subject: [PATCH 60/82] j emacs: remove melpaPackages.mmm-mode --- jeschli/2configs/emacs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 3bd2dbfc4..5fc887477 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -67,7 +67,6 @@ let emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ epkgs.melpaPackages.evil epkgs.melpaStablePackages.magit - epkgs.melpaPackages.mmm-mode epkgs.melpaPackages.nix-mode epkgs.melpaPackages.go-mode epkgs.melpaPackages.google-this From dee4da76caf04cc80ba7b60d75451c581bc053f1 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Oct 2018 16:37:06 +0200 Subject: [PATCH 61/82] tv: systemPackages += git-crypt --- tv/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 2ccab3d09..d9ddc90d0 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -143,6 +143,7 @@ with import ; environment.systemPackages = [ pkgs.get pkgs.git + pkgs.git-crypt pkgs.git-preview pkgs.hashPassword pkgs.htop From 62314e64c259bc6bae39e2bd29ecec2c5e5ea262 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 20:57:53 +0200 Subject: [PATCH 62/82] remove nin --- krebs/3modules/default.nix | 1 - krebs/3modules/nin/default.nix | 111 ------ lass/1systems/prism/config.nix | 8 - nin/0tests/dummysecrets/hashedPasswords.nix | 1 - nin/0tests/dummysecrets/ssh.id_ed25519 | 0 nin/1systems/axon/config.nix | 132 -------- nin/1systems/hiawatha/config.nix | 126 ------- nin/1systems/onondaga/config.nix | 23 -- nin/2configs/ableton.nix | 20 -- nin/2configs/copyq.nix | 38 --- nin/2configs/default.nix | 173 ---------- nin/2configs/games.nix | 70 ---- nin/2configs/git.nix | 60 ---- nin/2configs/im.nix | 19 -- nin/2configs/retiolum.nix | 28 -- nin/2configs/skype.nix | 27 -- nin/2configs/termite.nix | 22 -- nin/2configs/vim.nix | 355 -------------------- nin/2configs/weechat.nix | 21 -- nin/default.nix | 7 - nin/krops.nix | 35 -- 21 files changed, 1277 deletions(-) delete mode 100644 krebs/3modules/nin/default.nix delete mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix delete mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519 delete mode 100644 nin/1systems/axon/config.nix delete mode 100644 nin/1systems/hiawatha/config.nix delete mode 100644 nin/1systems/onondaga/config.nix delete mode 100644 nin/2configs/ableton.nix delete mode 100644 nin/2configs/copyq.nix delete mode 100644 nin/2configs/default.nix delete mode 100644 nin/2configs/games.nix delete mode 100644 nin/2configs/git.nix delete mode 100644 nin/2configs/im.nix delete mode 100644 nin/2configs/retiolum.nix delete mode 100644 nin/2configs/skype.nix delete mode 100644 nin/2configs/termite.nix delete mode 100644 nin/2configs/vim.nix delete mode 100644 nin/2configs/weechat.nix delete mode 100644 nin/default.nix delete mode 100644 nin/krops.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6307649e3..e8c5e0457 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -111,7 +111,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./nin { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix deleted file mode 100644 index 1531a2c89..000000000 --- a/krebs/3modules/nin/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, ... }: - -with import ; - -{ - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.nin; - ci = true; - }) { - hiawatha = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.132.96"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; - aliases = [ - "hiawatha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o - Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB - iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E - UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr - lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ - yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; - }; - axon= { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.134.66"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; - aliases = [ - "axon.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo - glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj - KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH - L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j - VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY - PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN - X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh - m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp - OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT - LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H - /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK - MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w - 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm - ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 - 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF - 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt - 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj - FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl - buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p - hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG - yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi - ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; - }; - onondaga = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.132.55"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; - aliases = [ - "onondaga.r" - "cgit.onondaga.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR - OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu - htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH - xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO - kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn - hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; - }; - - }; - users = { - nin = { - mail = "nin@axon.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; - }; - nin_h = { - mail = "nin@hiawatha.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; - }; - }; -} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bf7de6fc5..808f35b24 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -57,13 +57,6 @@ with import ; config.krebs.users.makefu.pubkey ]; }; - users.users.nin = { - uid = genid "nin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; @@ -119,7 +112,6 @@ with import ; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey ]; }; autoStart = true; diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix deleted file mode 100644 index 0967ef424..000000000 --- a/nin/0tests/dummysecrets/hashedPasswords.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 deleted file mode 100644 index e69de29bb..000000000 diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix deleted file mode 100644 index 5e81afdbd..000000000 --- a/nin/1systems/axon/config.nix +++ /dev/null @@ -1,132 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - - - #../2configs/copyq.nix - - - - - - ]; - - krebs.build.host = config.krebs.hosts.axon; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/pool/root"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices.crypted.device = "/dev/sda2"; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver = { - enable = true; - - displayManager.lightdm.enable = true; - }; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - atom - chromium - firefox - git - htop - keepassx - lmms - networkmanagerapplet - openvpn - python - ruby - steam - taskwarrior - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xhost}/bin/xhost + local: - ''; - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix deleted file mode 100644 index a09eed958..000000000 --- a/nin/1systems/hiawatha/config.nix +++ /dev/null @@ -1,126 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - - - #../2configs/copyq.nix - - - - - ]; - - krebs.build.host = config.krebs.hosts.hiawatha; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/home" = - { device = "/dev/fam/home"; - }; - - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - fileSystems."/home/nin/.local/share/Steam" = { - device = "/dev/fam/steam"; - }; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - firefox - git - lmms - networkmanagerapplet - python - steam - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix deleted file mode 100644 index 3cd0773ae..000000000 --- a/nin/1systems/onondaga/config.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - ]; - - krebs.build.host = config.krebs.hosts.onondaga; - - boot.isContainer = true; - networking.useDHCP = false; - - time.timeZone = "Europe/Amsterdam"; - - services.openssh.enable = true; -} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix deleted file mode 100644 index 343a9089d..000000000 --- a/nin/2configs/ableton.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, ... }: let - mainUser = config.users.extraUsers.nin; -in { - users.users= { - ableton = { - isNormalUser = true; - extraGroups = [ - "audio" - "video" - ]; - packages = [ - pkgs.wine - pkgs.winetricks - ]; - }; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(ableton) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix deleted file mode 100644 index 0616c4025..000000000 --- a/nin/2configs/copyq.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, ... }: -with import ; -let - copyqConfig = pkgs.writeDash "copyq-config" '' - ${pkgs.copyq}/bin/copyq config check_clipboard true - ${pkgs.copyq}/bin/copyq config check_selection true - ${pkgs.copyq}/bin/copyq config copy_clipboard true - ${pkgs.copyq}/bin/copyq config copy_selection true - - ${pkgs.copyq}/bin/copyq config activate_closes true - ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 - ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard - ${pkgs.copyq}/bin/copyq config disable_tray true - ${pkgs.copyq}/bin/copyq config hide_tabs true - ${pkgs.copyq}/bin/copyq config hide_toolbar true - ${pkgs.copyq}/bin/copyq config item_popup_interval true - ${pkgs.copyq}/bin/copyq config maxitems 1000 - ${pkgs.copyq}/bin/copyq config move true - ${pkgs.copyq}/bin/copyq config text_wrap true - ''; -in { - systemd.user.services.copyq = { - after = [ "graphical.target" ]; - wants = [ "graphical.target" ]; - wantedBy = [ "default.target" ]; - environment = { - DISPLAY = ":0"; - }; - serviceConfig = { - SyslogIdentifier = "copyq"; - ExecStart = "${pkgs.copyq}/bin/copyq"; - ExecStartPost = copyqConfig; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - }; - }; -} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix deleted file mode 100644 index 62f499a2d..000000000 --- a/nin/2configs/default.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -{ - imports = [ - ../2configs/vim.nix - - - { - users.extraUsers = - mapAttrs (_: h: { hashedPassword = h; }) - (import ); - } - { - users.users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - nin = { - name = "nin"; - uid = 1337; - home = "/home/nin"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "audio" - "fuse" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - }; - } - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { - environment.variables = { - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - }) - ]; - - networking.hostName = config.krebs.build.host.name; - nix.maxJobs = config.krebs.build.host.cores; - - krebs = { - enable = true; - search-domain = "r"; - build = { - user = config.krebs.users.nin; - }; - }; - - nix.useSandbox = true; - - users.mutableUsers = false; - - services.timesyncd.enable = true; - - #why is this on in the first place? - services.nscd.enable = false; - - boot.tmpOnTmpfs = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - ''; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - gs = "git status"; - }; - - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - proot - pavucontrol - populate - p7zip - termite - unzip - unrar - hashPassword - ]; - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' - else - PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - krebs.iptables = { - enable = true; - tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; - }; - - networking.dhcpcd.extraConfig = '' - noipv4ll - ''; -} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix deleted file mode 100644 index 15e17238d..000000000 --- a/nin/2configs/games.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; - vdoom = pkgs.writeDash "vdoom" '' - ${pkgs.zandronum}/bin/zandronum \ - -fov 120 \ - "$@" - ''; - doom = pkgs.writeDash "doom" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ - "$@" - ''; - doom1 = pkgs.writeDashBin "doom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - doom2 = pkgs.writeDashBin "doom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - vdoom1 = pkgs.writeDashBin "vdoom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - vdoom2 = pkgs.writeDashBin "vdoom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - - doomservercfg = pkgs.writeText "doomserver.cfg" '' - skill 7 - #survival true - #sv_maxlives 4 - #sv_norespawn true - #sv_weapondrop true - no_jump true - #sv_noweaponspawn true - sv_sharekeys true - sv_survivalcountdowntime 1 - sv_noteamselect true - sv_updatemaster false - #sv_coop_loseinventory true - #cl_startasspectator false - #lms_spectatorview false - ''; - - vdoomserver = pkgs.writeDashBin "vdoomserver" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - - ${pkgs.zandronum}/bin/zandronum-server \ - +exec ${doomservercfg} \ - "$@" - ''; - -in { - environment.systemPackages = with pkgs; [ - dwarf_fortress - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - - hardware.pulseaudio.support32Bit = true; - -} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix deleted file mode 100644 index aed4a9f48..000000000 --- a/nin/2configs/git.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -let - - out = { - services.nginx.enable = true; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = public-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - stockholm = { - cgit.desc = "take all the computers hostage, they'll love you!"; - }; - }; - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = [ nin nin_h ]; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix deleted file mode 100644 index b078dbd53..000000000 --- a/nin/2configs/im.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -{ - environment.systemPackages = with pkgs; [ - (pkgs.writeDashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - ssh chat@onondaga - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - ]; -} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix deleted file mode 100644 index 821e3cc00..000000000 --- a/nin/2configs/retiolum.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: - -{ - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } - ]; - }; - }; - - krebs.tinc.retiolum = { - enable = true; - connectTo = [ - "prism" - "pigstarter" - "gum" - "flap" - ]; - }; - - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; -} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix deleted file mode 100644 index 621dfae82..000000000 --- a/nin/2configs/skype.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - mainUser = config.users.extraUsers.nin; - inherit (import ) genid; - -in { - users.extraUsers = { - skype = { - name = "skype"; - uid = genid "skype"; - description = "user for running skype"; - home = "/home/skype"; - useDefaultShell = true; - extraGroups = [ "audio" "video" ]; - createHome = true; - }; - }; - - krebs.per-user.skype.packages = [ - pkgs.skype - ]; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(skype) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix deleted file mode 100644 index 942446b01..000000000 --- a/nin/2configs/termite.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = [ - pkgs.termite - ]; - - krebs.per-user.nin.packages = let - termitecfg = pkgs.writeTextFile { - name = "termite-config"; - destination = "/etc/xdg/termite/config"; - text = '' - [colors] - foreground = #d0d7d0 - background = #000000 - ''; - }; - in [ - termitecfg - ]; - -} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix deleted file mode 100644 index 7b5d37611..000000000 --- a/nin/2configs/vim.nix +++ /dev/null @@ -1,355 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - out = { - environment.systemPackages = [ - vim - pkgs.pythonPackages.flake8 - ]; - - environment.etc.vimrc.source = vimrc; - - environment.variables.EDITOR = mkForce "vim"; - environment.variables.VIMINIT = ":so /etc/vimrc"; - }; - - vimrc = pkgs.writeText "vimrc" '' - set nocompatible - - set autoindent - set backspace=indent,eol,start - set backup - set backupdir=${dirs.backupdir}/ - set directory=${dirs.swapdir}// - set hlsearch - set incsearch - set laststatus=2 - set mouse=a - set noruler - set pastetoggle= - set runtimepath=${extra-runtimepath},$VIMRUNTIME - set shortmess+=I - set showcmd - set showmatch - set ttimeoutlen=0 - set undodir=${dirs.undodir} - set undofile - set undolevels=1000000 - set undoreload=1000000 - set viminfo='20,<1000,s100,h,n${files.viminfo} - set visualbell - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - set wildmode=longest,full - - set et ts=2 sts=2 sw=2 - - filetype plugin indent on - - set t_Co=256 - colorscheme hack - syntax on - - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - \ | syn match TabStop containedin=ALL /\t\+/ - \ | syn keyword Todo containedin=ALL TODO - - au BufRead,BufNewFile *.hs so ${hs.vim} - - au BufRead,BufNewFile *.nix so ${nix.vim} - - au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - - "Syntastic config - let g:syntastic_python_checkers=['flake8'] - - nmap q :buffer - nmap :buffer - - cnoremap - - noremap :q - vnoremap < >gv - - nnoremap [5^ :tabp - nnoremap [6^ :tabn - nnoremap [5@ :tabm -1 - nnoremap [6@ :tabm +1 - - nnoremap :tabp - nnoremap :tabn - inoremap :tabp - inoremap :tabn - - " - noremap Oa | noremap! Oa - noremap Ob | noremap! Ob - noremap Oc | noremap! Oc - noremap Od | noremap! Od - " <[C]S-{Up,Down,Right,Left> - noremap [a | noremap! [a - noremap [b | noremap! [b - noremap [c | noremap! [c - noremap [d | noremap! [d - vnoremap u - ''; - - extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - pkgs.vimPlugins.Syntastic - pkgs.vimPlugins.undotree - pkgs.vimPlugins.airline - (pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchgit { - url = git://github.com/bogado/file-line; - rev = "refs/tags/1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "hack"; - in { - name = "vim-color-${name}-1.0.2"; - destination = "/colors/${name}.vim"; - text = /* vim */ '' - set background=dark - hi clear - if exists("syntax_on") - syntax clear - endif - - let colors_name = ${toJSON name} - - hi Normal ctermbg=235 - hi Comment ctermfg=242 - hi Constant ctermfg=062 - hi Identifier ctermfg=068 - hi Function ctermfg=041 - hi Statement ctermfg=167 - hi PreProc ctermfg=167 - hi Type ctermfg=041 - hi Delimiter ctermfg=251 - hi Special ctermfg=062 - - hi Garbage ctermbg=088 - hi TabStop ctermbg=016 - hi Todo ctermfg=174 ctermbg=NONE - - hi NixCode ctermfg=148 - hi NixData ctermfg=149 - hi NixQuote ctermfg=150 - - hi diffNewFile ctermfg=207 - hi diffFile ctermfg=207 - hi diffLine ctermfg=207 - hi diffSubname ctermfg=207 - hi diffAdded ctermfg=010 - hi diffRemoved ctermfg=009 - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "vim"; - in { - name = "vim-syntax-${name}-1.0.0"; - destination = "/syntax/${name}.vim"; - text = /* vim */ '' - ${concatMapStringsSep "\n" (s: /* vim */ '' - syn keyword vimColor${s} ${s} - \ containedin=ALLBUT,vimComment,vimLineComment - hi vimColor${s} ctermfg=${s} - '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "showsyntax"; - in { - name = "vim-plugin-${name}-1.0.0"; - destination = "/plugin/${name}.vim"; - text = /* vim */ '' - if exists('g:loaded_showsyntax') - finish - endif - let g:loaded_showsyntax = 0 - - fu! ShowSyntax() - let id = synID(line("."), col("."), 1) - let name = synIDattr(id, "name") - let transName = synIDattr(synIDtrans(id),"name") - if name != transName - let name .= " (" . transName . ")" - endif - echo "Syntax: " . name - endfu - - command! -n=0 -bar ShowSyntax :call ShowSyntax() - ''; - }))) - ]; - - dirs = { - backupdir = "$HOME/.cache/vim/backup"; - swapdir = "$HOME/.cache/vim/swap"; - undodir = "$HOME/.cache/vim/undo"; - }; - files = { - viminfo = "$HOME/.cache/vim/info"; - }; - - mkdirs = let - dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); - in assert out != ""; out; - alldirs = attrValues dirs ++ map dirOf (attrValues files); - in unique (sort lessThan alldirs); - - vim = pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - exec ${pkgs.vim}/bin/vim "$@" - ''; - - - hs.vim = pkgs.writeText "hs.vim" '' - syn region String start=+\[[[:alnum:]]*|+ end=+|]+ - - hi link ConId Identifier - hi link VarId Identifier - hi link hsDelimiter Delimiter - ''; - - nix.vim = pkgs.writeText "nix.vim" '' - setf nix - - " Ref - syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ - syn match NixINT /\<[0-9]\+\>/ - syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ - syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ - syn region NixSTRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - syn region NixIND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - - syn match NixOther /[():/;=.,?\[\]]/ - - syn match NixCommentMatch /\(^\|\s\)#.*/ - syn region NixCommentRegion start="/\*" end="\*/" - - hi link NixCode Statement - hi link NixData Constant - hi link NixComment Comment - - hi link NixCommentMatch NixComment - hi link NixCommentRegion NixComment - hi link NixID NixCode - hi link NixINT NixData - hi link NixPATH NixData - hi link NixHPATH NixData - hi link NixSPATH NixData - hi link NixURI NixData - hi link NixSTRING NixData - hi link NixIND_STRING NixData - - hi link NixEnter NixCode - hi link NixOther NixCode - hi link NixQuote NixData - - syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings - syn cluster nix_ind_strings contains=NixIND_STRING - syn cluster nix_strings contains=NixSTRING - - ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let - startAlts = filter isString [ - ''/\* ${lang} \*/'' - extraStart - ]; - sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; - in /* vim */ '' - syn include @nix_${lang}_syntax syntax/${lang}.vim - unlet b:current_syntax - - syn match nix_${lang}_sigil - \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X - \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING - \ transparent - - syn region nix_${lang}_region_STRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn region nix_${lang}_region_IND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn cluster nix_ind_strings - \ add=nix_${lang}_region_IND_STRING - - syn cluster nix_strings - \ add=nix_${lang}_region_STRING - - syn cluster nix_has_dollar_curly - \ add=@nix_${lang}_syntax - '') { - c = {}; - cabal = {}; - haskell = {}; - sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - vim.extraStart = - ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; - })} - - " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. - syn clear shVarAssign - - syn region nixINSIDE_DOLLAR_CURLY - \ matchgroup=NixEnter - \ start="[$]{" - \ end="}" - \ contains=TOP - \ containedin=@nix_has_dollar_curly - \ transparent - - syn region nix_inside_curly - \ matchgroup=NixEnter - \ start="{" - \ end="}" - \ contains=TOP - \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly - \ transparent - - syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /\\./he=s+1 - \ containedin=@nix_strings - \ contained - - syn sync fromstart - - let b:current_syntax = "nix" - - set isk=@,48-57,_,192-255,-,' - set bg=dark - ''; -in -out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix deleted file mode 100644 index 6c0fb313e..000000000 --- a/nin/2configs/weechat.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ) genid; -in { - krebs.per-user.chat.packages = with pkgs; [ - mosh - weechat - tmux - ]; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; -} diff --git a/nin/default.nix b/nin/default.nix deleted file mode 100644 index c31d6d949..000000000 --- a/nin/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: -{ - imports = [ - ../krebs - ./2configs - ]; -} diff --git a/nin/krops.nix b/nin/krops.nix deleted file mode 100644 index d0074840a..000000000 --- a/nin/krops.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ name }: let - inherit (import ../krebs/krops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - krebs-source - { - nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; - secrets = if test then { - file = toString ./0tests/dummysecrets; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.krops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - target = "root@${name}/var/src"; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) - test = { target }: pkgs.krops.writeTest "${name}-test" { - inherit target; - source = source { test = true; }; - }; -} From 23f82cdd0f6929174a09613176e1a1211fb639c9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Oct 2018 23:46:15 +0200 Subject: [PATCH 63/82] nixpkgs: 862fb52 -> 21293d2 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index c9854fabd..1a40afe8b 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "6a3f5bcb061e1822f50e299f5616a0731636e4e7", - "date": "2018-10-05T18:33:19-04:00", - "sha256": "1ib96has10v5nr6bzf7v8kw7yzww8zanxgw2qi1ll1sbv6kj6zpd", - "fetchSubmodules": true + "rev": "21293d2576ac6c041b8c26cd05664e54038dfcf2", + "date": "2018-10-08T17:04:13+02:00", + "sha256": "0qx9kg11dp3v7mmbf23qrg9q4qnwd0v6ccq952armb11ykj7jzif", + "fetchSubmodules": false } From a9997572cf733e9416fc086a7f5a8e41807084b8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Oct 2018 23:47:23 +0200 Subject: [PATCH 64/82] update-channel.sh: follow 18.09 --- krebs/update-channel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/update-channel.sh b/krebs/update-channel.sh index 47d3f29c4..7f24cd31a 100755 --- a/krebs/update-channel.sh +++ b/krebs/update-channel.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs-channels \ - --rev refs/heads/nixos-18.03' \ + --rev refs/heads/nixos-18.09' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" From 685dd36289f1db0d4c430fb9af89b68310007820 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Oct 2018 13:41:06 +0200 Subject: [PATCH 65/82] Reaktor: 0.6.1 -> 0.6.2 --- krebs/5pkgs/simple/Reaktor/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix index b66e2b22c..3ef9ffb7d 100644 --- a/krebs/5pkgs/simple/Reaktor/default.nix +++ b/krebs/5pkgs/simple/Reaktor/default.nix @@ -2,7 +2,7 @@ python3Packages.buildPythonPackage rec { name = "Reaktor-${version}"; - version = "0.6.1"; + version = "0.6.2"; doCheck = false; @@ -14,7 +14,7 @@ python3Packages.buildPythonPackage rec { owner = "krebs"; repo = "Reaktor"; rev = version; - sha256 = "0mw2zizv8p264zqqrnb5qyx7szldcza5ma190292a1qlasyg1b4m"; + sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m"; }; meta = { homepage = http://krebsco.de/; From 84e8732832fb21e248b100b53c0d5d7df45d0d91 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Oct 2018 13:48:52 +0200 Subject: [PATCH 66/82] force test in krops.nix --- jeschli/krops.nix | 1 + krebs/krops.nix | 1 + lass/krops.nix | 1 + makefu/krops.nix | 1 + tv/krops.nix | 1 + 5 files changed, 5 insertions(+) diff --git a/jeschli/krops.nix b/jeschli/krops.nix index 34f3aaa53..d45d57c63 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -29,6 +29,7 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; diff --git a/krebs/krops.nix b/krebs/krops.nix index 89354c1ea..763e76b83 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -54,6 +54,7 @@ # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; diff --git a/lass/krops.nix b/lass/krops.nix index 4e045c6db..13b10e253 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -29,6 +29,7 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; diff --git a/makefu/krops.nix b/makefu/krops.nix index 4f55915af..27b7b04ef 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -83,6 +83,7 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target ? target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; diff --git a/tv/krops.nix b/tv/krops.nix index 231486ab7..e922630f7 100644 --- a/tv/krops.nix +++ b/tv/krops.nix @@ -16,6 +16,7 @@ # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "tv-krops-${name}-ci" { + force = true; inherit source target; }; From 939da486052ca435df45b3d46979a7f0ab3e1b57 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Oct 2018 13:53:53 +0200 Subject: [PATCH 67/82] ci.nix: test every host in seperate folder --- ci.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci.nix b/ci.nix index 6d2378759..6f4b89b08 100644 --- a/ci.nix +++ b/ci.nix @@ -16,6 +16,6 @@ let ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts; build = host: owner: - ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";}); + ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build/${host}";}); in mapAttrs (n: h: build n h.owner.name) ci-systems From 239a31abd02a84f04eb062b9ad0348ec424a58c9 Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 9 Oct 2018 21:09:42 +0200 Subject: [PATCH 68/82] Revert "remove nin" This reverts commit 62314e64c259bc6bae39e2bd29ecec2c5e5ea262. --- krebs/3modules/default.nix | 1 + krebs/3modules/nin/default.nix | 111 ++++++ lass/1systems/prism/config.nix | 8 + nin/0tests/dummysecrets/hashedPasswords.nix | 1 + nin/0tests/dummysecrets/ssh.id_ed25519 | 0 nin/1systems/axon/config.nix | 132 ++++++++ nin/1systems/hiawatha/config.nix | 126 +++++++ nin/1systems/onondaga/config.nix | 23 ++ nin/2configs/ableton.nix | 20 ++ nin/2configs/copyq.nix | 38 +++ nin/2configs/default.nix | 173 ++++++++++ nin/2configs/games.nix | 70 ++++ nin/2configs/git.nix | 60 ++++ nin/2configs/im.nix | 19 ++ nin/2configs/retiolum.nix | 28 ++ nin/2configs/skype.nix | 27 ++ nin/2configs/termite.nix | 22 ++ nin/2configs/vim.nix | 355 ++++++++++++++++++++ nin/2configs/weechat.nix | 21 ++ nin/default.nix | 7 + nin/krops.nix | 35 ++ 21 files changed, 1277 insertions(+) create mode 100644 krebs/3modules/nin/default.nix create mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix create mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519 create mode 100644 nin/1systems/axon/config.nix create mode 100644 nin/1systems/hiawatha/config.nix create mode 100644 nin/1systems/onondaga/config.nix create mode 100644 nin/2configs/ableton.nix create mode 100644 nin/2configs/copyq.nix create mode 100644 nin/2configs/default.nix create mode 100644 nin/2configs/games.nix create mode 100644 nin/2configs/git.nix create mode 100644 nin/2configs/im.nix create mode 100644 nin/2configs/retiolum.nix create mode 100644 nin/2configs/skype.nix create mode 100644 nin/2configs/termite.nix create mode 100644 nin/2configs/vim.nix create mode 100644 nin/2configs/weechat.nix create mode 100644 nin/default.nix create mode 100644 nin/krops.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e8c5e0457..6307649e3 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -111,6 +111,7 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } + { krebs = import ./nin { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix new file mode 100644 index 000000000..1531a2c89 --- /dev/null +++ b/krebs/3modules/nin/default.nix @@ -0,0 +1,111 @@ +{ config, ... }: + +with import ; + +{ + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.nin; + ci = true; + }) { + hiawatha = { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.132.96"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; + aliases = [ + "hiawatha.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o + Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB + iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E + UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr + lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ + yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; + }; + axon= { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.134.66"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; + aliases = [ + "axon.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo + glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj + KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH + L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j + VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY + PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN + X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh + m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp + OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT + LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H + /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK + MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w + 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm + ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 + 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF + 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt + 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj + FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl + buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p + hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG + yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi + ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; + }; + onondaga = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.132.55"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; + aliases = [ + "onondaga.r" + "cgit.onondaga.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR + OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu + htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH + xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO + kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn + hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; + }; + + }; + users = { + nin = { + mail = "nin@axon.r"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; + }; + nin_h = { + mail = "nin@hiawatha.r"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; + }; + }; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 808f35b24..bf7de6fc5 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -57,6 +57,13 @@ with import ; config.krebs.users.makefu.pubkey ]; }; + users.users.nin = { + uid = genid "nin"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; @@ -112,6 +119,7 @@ with import ; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.nin.pubkey ]; }; autoStart = true; diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/nin/0tests/dummysecrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 new file mode 100644 index 000000000..e69de29bb diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix new file mode 100644 index 000000000..5e81afdbd --- /dev/null +++ b/nin/1systems/axon/config.nix @@ -0,0 +1,132 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + + #../2configs/copyq.nix + + + + + + ]; + + krebs.build.host = config.krebs.hosts.axon; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/pool/root"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices.crypted.device = "/dev/sda2"; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver = { + enable = true; + + displayManager.lightdm.enable = true; + }; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.systemPackages = with pkgs; [ + atom + chromium + firefox + git + htop + keepassx + lmms + networkmanagerapplet + openvpn + python + ruby + steam + taskwarrior + thunderbird + vim + virtmanager + ]; + + nixpkgs.config = { + + allowUnfree = true; + + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + services.xserver.displayManager.sessionCommands = '' + ${pkgs.xorg.xhost}/bin/xhost + local: + ''; + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix new file mode 100644 index 000000000..a09eed958 --- /dev/null +++ b/nin/1systems/hiawatha/config.nix @@ -0,0 +1,126 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + + #../2configs/copyq.nix + + + + + ]; + + krebs.build.host = config.krebs.hosts.hiawatha; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/home" = + { device = "/dev/fam/home"; + }; + + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + fileSystems."/home/nin/.local/share/Steam" = { + device = "/dev/fam/steam"; + }; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver.enable = true; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.systemPackages = with pkgs; [ + firefox + git + lmms + networkmanagerapplet + python + steam + thunderbird + vim + virtmanager + ]; + + nixpkgs.config = { + + allowUnfree = true; + + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix new file mode 100644 index 000000000..3cd0773ae --- /dev/null +++ b/nin/1systems/onondaga/config.nix @@ -0,0 +1,23 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + + ]; + + krebs.build.host = config.krebs.hosts.onondaga; + + boot.isContainer = true; + networking.useDHCP = false; + + time.timeZone = "Europe/Amsterdam"; + + services.openssh.enable = true; +} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix new file mode 100644 index 000000000..343a9089d --- /dev/null +++ b/nin/2configs/ableton.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: let + mainUser = config.users.extraUsers.nin; +in { + users.users= { + ableton = { + isNormalUser = true; + extraGroups = [ + "audio" + "video" + ]; + packages = [ + pkgs.wine + pkgs.winetricks + ]; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(ableton) NOPASSWD: ALL + ''; +} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix new file mode 100644 index 000000000..0616c4025 --- /dev/null +++ b/nin/2configs/copyq.nix @@ -0,0 +1,38 @@ +{ config, pkgs, ... }: +with import ; +let + copyqConfig = pkgs.writeDash "copyq-config" '' + ${pkgs.copyq}/bin/copyq config check_clipboard true + ${pkgs.copyq}/bin/copyq config check_selection true + ${pkgs.copyq}/bin/copyq config copy_clipboard true + ${pkgs.copyq}/bin/copyq config copy_selection true + + ${pkgs.copyq}/bin/copyq config activate_closes true + ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 + ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard + ${pkgs.copyq}/bin/copyq config disable_tray true + ${pkgs.copyq}/bin/copyq config hide_tabs true + ${pkgs.copyq}/bin/copyq config hide_toolbar true + ${pkgs.copyq}/bin/copyq config item_popup_interval true + ${pkgs.copyq}/bin/copyq config maxitems 1000 + ${pkgs.copyq}/bin/copyq config move true + ${pkgs.copyq}/bin/copyq config text_wrap true + ''; +in { + systemd.user.services.copyq = { + after = [ "graphical.target" ]; + wants = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + SyslogIdentifier = "copyq"; + ExecStart = "${pkgs.copyq}/bin/copyq"; + ExecStartPost = copyqConfig; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + }; + }; +} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix new file mode 100644 index 000000000..62f499a2d --- /dev/null +++ b/nin/2configs/default.nix @@ -0,0 +1,173 @@ +{ config, lib, pkgs, ... }: + +with import ; +{ + imports = [ + ../2configs/vim.nix + + + { + users.extraUsers = + mapAttrs (_: h: { hashedPassword = h; }) + (import ); + } + { + users.users = { + root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey + ]; + }; + nin = { + name = "nin"; + uid = 1337; + home = "/home/nin"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "audio" + "fuse" + ]; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey + ]; + }; + }; + } + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { + environment.variables = { + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + }) + ]; + + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores; + + krebs = { + enable = true; + search-domain = "r"; + build = { + user = config.krebs.users.nin; + }; + }; + + nix.useSandbox = true; + + users.mutableUsers = false; + + services.timesyncd.enable = true; + + #why is this on in the first place? + services.nscd.enable = false; + + boot.tmpOnTmpfs = true; + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; + + # multiple-definition-problem when defining environment.variables.EDITOR + environment.extraInit = '' + EDITOR=vim + ''; + + nixpkgs.config.allowUnfree = true; + + environment.shellAliases = { + gs = "git status"; + }; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + proot + pavucontrol + populate + p7zip + termite + unzip + unrar + hashPassword + ]; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' + else + PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + krebs.iptables = { + enable = true; + tables = { + nat.PREROUTING.rules = [ + { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } + ]; + nat.OUTPUT.rules = [ + { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } + ]; + filter.INPUT.policy = "DROP"; + filter.FORWARD.policy = "DROP"; + filter.INPUT.rules = [ + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } + { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } + { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } + ]; + }; + }; + + networking.dhcpcd.extraConfig = '' + noipv4ll + ''; +} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix new file mode 100644 index 000000000..15e17238d --- /dev/null +++ b/nin/2configs/games.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + vdoom = pkgs.writeDash "vdoom" '' + ${pkgs.zandronum}/bin/zandronum \ + -fov 120 \ + "$@" + ''; + doom = pkgs.writeDash "doom" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} \ + -file $DOOM_DIR/lib/brutalv20.pk3 \ + "$@" + ''; + doom1 = pkgs.writeDashBin "doom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + doom2 = pkgs.writeDashBin "doom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + vdoom1 = pkgs.writeDashBin "vdoom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + vdoom2 = pkgs.writeDashBin "vdoom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + + doomservercfg = pkgs.writeText "doomserver.cfg" '' + skill 7 + #survival true + #sv_maxlives 4 + #sv_norespawn true + #sv_weapondrop true + no_jump true + #sv_noweaponspawn true + sv_sharekeys true + sv_survivalcountdowntime 1 + sv_noteamselect true + sv_updatemaster false + #sv_coop_loseinventory true + #cl_startasspectator false + #lms_spectatorview false + ''; + + vdoomserver = pkgs.writeDashBin "vdoomserver" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + + ${pkgs.zandronum}/bin/zandronum-server \ + +exec ${doomservercfg} \ + "$@" + ''; + +in { + environment.systemPackages = with pkgs; [ + dwarf_fortress + doom1 + doom2 + vdoom1 + vdoom2 + vdoomserver + ]; + + hardware.pulseaudio.support32Bit = true; + +} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix new file mode 100644 index 000000000..aed4a9f48 --- /dev/null +++ b/nin/2configs/git.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let + + out = { + services.nginx.enable = true; + krebs.git = { + enable = true; + cgit = { + settings = { + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + }; + }; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = public-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + stockholm = { + cgit.desc = "take all the computers hostage, they'll love you!"; + }; + }; + + make-public-repo = name: { cgit ? {}, ... }: { + inherit cgit name; + public = true; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = [ nin nin_h ]; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix new file mode 100644 index 000000000..b078dbd53 --- /dev/null +++ b/nin/2configs/im.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: +with import ; +{ + environment.systemPackages = with pkgs; [ + (pkgs.writeDashBin "im" '' + export PATH=${makeSearchPath "bin" (with pkgs; [ + tmux + gnugrep + weechat + ])} + ssh chat@onondaga + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + ]; +} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix new file mode 100644 index 000000000..821e3cc00 --- /dev/null +++ b/nin/2configs/retiolum.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } + { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + ]; + }; + }; + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "pigstarter" + "gum" + "flap" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; +} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix new file mode 100644 index 000000000..621dfae82 --- /dev/null +++ b/nin/2configs/skype.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.users.extraUsers.nin; + inherit (import ) genid; + +in { + users.extraUsers = { + skype = { + name = "skype"; + uid = genid "skype"; + description = "user for running skype"; + home = "/home/skype"; + useDefaultShell = true; + extraGroups = [ "audio" "video" ]; + createHome = true; + }; + }; + + krebs.per-user.skype.packages = [ + pkgs.skype + ]; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(skype) NOPASSWD: ALL + ''; +} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix new file mode 100644 index 000000000..942446b01 --- /dev/null +++ b/nin/2configs/termite.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = [ + pkgs.termite + ]; + + krebs.per-user.nin.packages = let + termitecfg = pkgs.writeTextFile { + name = "termite-config"; + destination = "/etc/xdg/termite/config"; + text = '' + [colors] + foreground = #d0d7d0 + background = #000000 + ''; + }; + in [ + termitecfg + ]; + +} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix new file mode 100644 index 000000000..7b5d37611 --- /dev/null +++ b/nin/2configs/vim.nix @@ -0,0 +1,355 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + out = { + environment.systemPackages = [ + vim + pkgs.pythonPackages.flake8 + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + }; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set laststatus=2 + set mouse=a + set noruler + set pastetoggle= + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + vnoremap < >gv + + nnoremap [5^ :tabp + nnoremap [6^ :tabn + nnoremap [5@ :tabm -1 + nnoremap [6@ :tabm +1 + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + + " + noremap Oa | noremap! Oa + noremap Ob | noremap! Ob + noremap Oc | noremap! Oc + noremap Od | noremap! Od + " <[C]S-{Up,Down,Right,Left> + noremap [a | noremap! [a + noremap [b | noremap! [b + noremap [c | noremap! [c + noremap [d | noremap! [d + vnoremap u + ''; + + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + pkgs.vimPlugins.airline + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchgit { + url = git://github.com/bogado/file-line; + rev = "refs/tags/1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) + ]; + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + ''; + + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + set bg=dark + ''; +in +out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix new file mode 100644 index 000000000..6c0fb313e --- /dev/null +++ b/nin/2configs/weechat.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import ) genid; +in { + krebs.per-user.chat.packages = with pkgs; [ + mosh + weechat + tmux + ]; + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; +} diff --git a/nin/default.nix b/nin/default.nix new file mode 100644 index 000000000..c31d6d949 --- /dev/null +++ b/nin/default.nix @@ -0,0 +1,7 @@ +_: +{ + imports = [ + ../krebs + ./2configs + ]; +} diff --git a/nin/krops.nix b/nin/krops.nix new file mode 100644 index 000000000..d0074840a --- /dev/null +++ b/nin/krops.nix @@ -0,0 +1,35 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./0tests/dummysecrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) + test = { target }: pkgs.krops.writeTest "${name}-test" { + inherit target; + source = source { test = true; }; + }; +} From 67dc10646904d8286ad0a4ac8fecda99893827fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Oct 2018 21:12:36 +0200 Subject: [PATCH 69/82] Revert "remove nin" This reverts commit 62314e64c259bc6bae39e2bd29ecec2c5e5ea262. --- krebs/3modules/default.nix | 1 + krebs/3modules/nin/default.nix | 111 ++++++ lass/1systems/prism/config.nix | 8 + nin/0tests/dummysecrets/hashedPasswords.nix | 1 + nin/0tests/dummysecrets/ssh.id_ed25519 | 0 nin/1systems/axon/config.nix | 132 ++++++++ nin/1systems/hiawatha/config.nix | 126 +++++++ nin/1systems/onondaga/config.nix | 23 ++ nin/2configs/ableton.nix | 20 ++ nin/2configs/copyq.nix | 38 +++ nin/2configs/default.nix | 173 ++++++++++ nin/2configs/games.nix | 70 ++++ nin/2configs/git.nix | 60 ++++ nin/2configs/im.nix | 19 ++ nin/2configs/retiolum.nix | 28 ++ nin/2configs/skype.nix | 27 ++ nin/2configs/termite.nix | 22 ++ nin/2configs/vim.nix | 355 ++++++++++++++++++++ nin/2configs/weechat.nix | 21 ++ nin/default.nix | 7 + nin/krops.nix | 35 ++ 21 files changed, 1277 insertions(+) create mode 100644 krebs/3modules/nin/default.nix create mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix create mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519 create mode 100644 nin/1systems/axon/config.nix create mode 100644 nin/1systems/hiawatha/config.nix create mode 100644 nin/1systems/onondaga/config.nix create mode 100644 nin/2configs/ableton.nix create mode 100644 nin/2configs/copyq.nix create mode 100644 nin/2configs/default.nix create mode 100644 nin/2configs/games.nix create mode 100644 nin/2configs/git.nix create mode 100644 nin/2configs/im.nix create mode 100644 nin/2configs/retiolum.nix create mode 100644 nin/2configs/skype.nix create mode 100644 nin/2configs/termite.nix create mode 100644 nin/2configs/vim.nix create mode 100644 nin/2configs/weechat.nix create mode 100644 nin/default.nix create mode 100644 nin/krops.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e8c5e0457..6307649e3 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -111,6 +111,7 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } + { krebs = import ./nin { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix new file mode 100644 index 000000000..1531a2c89 --- /dev/null +++ b/krebs/3modules/nin/default.nix @@ -0,0 +1,111 @@ +{ config, ... }: + +with import ; + +{ + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.nin; + ci = true; + }) { + hiawatha = { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.132.96"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; + aliases = [ + "hiawatha.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o + Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB + iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E + UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr + lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ + yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; + }; + axon= { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.134.66"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; + aliases = [ + "axon.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo + glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj + KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH + L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j + VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY + PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN + X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh + m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp + OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT + LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H + /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK + MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w + 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm + ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 + 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF + 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt + 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj + FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl + buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p + hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG + yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi + ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; + }; + onondaga = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.132.55"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; + aliases = [ + "onondaga.r" + "cgit.onondaga.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR + OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu + htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH + xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO + kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn + hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; + }; + + }; + users = { + nin = { + mail = "nin@axon.r"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; + }; + nin_h = { + mail = "nin@hiawatha.r"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; + }; + }; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 808f35b24..bf7de6fc5 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -57,6 +57,13 @@ with import ; config.krebs.users.makefu.pubkey ]; }; + users.users.nin = { + uid = genid "nin"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; @@ -112,6 +119,7 @@ with import ; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.nin.pubkey ]; }; autoStart = true; diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/nin/0tests/dummysecrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 new file mode 100644 index 000000000..e69de29bb diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix new file mode 100644 index 000000000..5e81afdbd --- /dev/null +++ b/nin/1systems/axon/config.nix @@ -0,0 +1,132 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + + #../2configs/copyq.nix + + + + + + ]; + + krebs.build.host = config.krebs.hosts.axon; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/pool/root"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices.crypted.device = "/dev/sda2"; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver = { + enable = true; + + displayManager.lightdm.enable = true; + }; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.systemPackages = with pkgs; [ + atom + chromium + firefox + git + htop + keepassx + lmms + networkmanagerapplet + openvpn + python + ruby + steam + taskwarrior + thunderbird + vim + virtmanager + ]; + + nixpkgs.config = { + + allowUnfree = true; + + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + services.xserver.displayManager.sessionCommands = '' + ${pkgs.xorg.xhost}/bin/xhost + local: + ''; + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix new file mode 100644 index 000000000..a09eed958 --- /dev/null +++ b/nin/1systems/hiawatha/config.nix @@ -0,0 +1,126 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + + #../2configs/copyq.nix + + + + + ]; + + krebs.build.host = config.krebs.hosts.hiawatha; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/home" = + { device = "/dev/fam/home"; + }; + + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + fileSystems."/home/nin/.local/share/Steam" = { + device = "/dev/fam/steam"; + }; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver.enable = true; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.systemPackages = with pkgs; [ + firefox + git + lmms + networkmanagerapplet + python + steam + thunderbird + vim + virtmanager + ]; + + nixpkgs.config = { + + allowUnfree = true; + + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix new file mode 100644 index 000000000..3cd0773ae --- /dev/null +++ b/nin/1systems/onondaga/config.nix @@ -0,0 +1,23 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + + ]; + + krebs.build.host = config.krebs.hosts.onondaga; + + boot.isContainer = true; + networking.useDHCP = false; + + time.timeZone = "Europe/Amsterdam"; + + services.openssh.enable = true; +} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix new file mode 100644 index 000000000..343a9089d --- /dev/null +++ b/nin/2configs/ableton.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: let + mainUser = config.users.extraUsers.nin; +in { + users.users= { + ableton = { + isNormalUser = true; + extraGroups = [ + "audio" + "video" + ]; + packages = [ + pkgs.wine + pkgs.winetricks + ]; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(ableton) NOPASSWD: ALL + ''; +} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix new file mode 100644 index 000000000..0616c4025 --- /dev/null +++ b/nin/2configs/copyq.nix @@ -0,0 +1,38 @@ +{ config, pkgs, ... }: +with import ; +let + copyqConfig = pkgs.writeDash "copyq-config" '' + ${pkgs.copyq}/bin/copyq config check_clipboard true + ${pkgs.copyq}/bin/copyq config check_selection true + ${pkgs.copyq}/bin/copyq config copy_clipboard true + ${pkgs.copyq}/bin/copyq config copy_selection true + + ${pkgs.copyq}/bin/copyq config activate_closes true + ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 + ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard + ${pkgs.copyq}/bin/copyq config disable_tray true + ${pkgs.copyq}/bin/copyq config hide_tabs true + ${pkgs.copyq}/bin/copyq config hide_toolbar true + ${pkgs.copyq}/bin/copyq config item_popup_interval true + ${pkgs.copyq}/bin/copyq config maxitems 1000 + ${pkgs.copyq}/bin/copyq config move true + ${pkgs.copyq}/bin/copyq config text_wrap true + ''; +in { + systemd.user.services.copyq = { + after = [ "graphical.target" ]; + wants = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + SyslogIdentifier = "copyq"; + ExecStart = "${pkgs.copyq}/bin/copyq"; + ExecStartPost = copyqConfig; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + }; + }; +} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix new file mode 100644 index 000000000..62f499a2d --- /dev/null +++ b/nin/2configs/default.nix @@ -0,0 +1,173 @@ +{ config, lib, pkgs, ... }: + +with import ; +{ + imports = [ + ../2configs/vim.nix + + + { + users.extraUsers = + mapAttrs (_: h: { hashedPassword = h; }) + (import ); + } + { + users.users = { + root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey + ]; + }; + nin = { + name = "nin"; + uid = 1337; + home = "/home/nin"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "audio" + "fuse" + ]; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey + ]; + }; + }; + } + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { + environment.variables = { + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + }) + ]; + + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores; + + krebs = { + enable = true; + search-domain = "r"; + build = { + user = config.krebs.users.nin; + }; + }; + + nix.useSandbox = true; + + users.mutableUsers = false; + + services.timesyncd.enable = true; + + #why is this on in the first place? + services.nscd.enable = false; + + boot.tmpOnTmpfs = true; + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; + + # multiple-definition-problem when defining environment.variables.EDITOR + environment.extraInit = '' + EDITOR=vim + ''; + + nixpkgs.config.allowUnfree = true; + + environment.shellAliases = { + gs = "git status"; + }; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + proot + pavucontrol + populate + p7zip + termite + unzip + unrar + hashPassword + ]; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' + else + PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + krebs.iptables = { + enable = true; + tables = { + nat.PREROUTING.rules = [ + { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } + ]; + nat.OUTPUT.rules = [ + { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } + ]; + filter.INPUT.policy = "DROP"; + filter.FORWARD.policy = "DROP"; + filter.INPUT.rules = [ + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } + { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } + { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } + ]; + }; + }; + + networking.dhcpcd.extraConfig = '' + noipv4ll + ''; +} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix new file mode 100644 index 000000000..15e17238d --- /dev/null +++ b/nin/2configs/games.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + vdoom = pkgs.writeDash "vdoom" '' + ${pkgs.zandronum}/bin/zandronum \ + -fov 120 \ + "$@" + ''; + doom = pkgs.writeDash "doom" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} \ + -file $DOOM_DIR/lib/brutalv20.pk3 \ + "$@" + ''; + doom1 = pkgs.writeDashBin "doom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + doom2 = pkgs.writeDashBin "doom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + vdoom1 = pkgs.writeDashBin "vdoom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + vdoom2 = pkgs.writeDashBin "vdoom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + + doomservercfg = pkgs.writeText "doomserver.cfg" '' + skill 7 + #survival true + #sv_maxlives 4 + #sv_norespawn true + #sv_weapondrop true + no_jump true + #sv_noweaponspawn true + sv_sharekeys true + sv_survivalcountdowntime 1 + sv_noteamselect true + sv_updatemaster false + #sv_coop_loseinventory true + #cl_startasspectator false + #lms_spectatorview false + ''; + + vdoomserver = pkgs.writeDashBin "vdoomserver" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + + ${pkgs.zandronum}/bin/zandronum-server \ + +exec ${doomservercfg} \ + "$@" + ''; + +in { + environment.systemPackages = with pkgs; [ + dwarf_fortress + doom1 + doom2 + vdoom1 + vdoom2 + vdoomserver + ]; + + hardware.pulseaudio.support32Bit = true; + +} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix new file mode 100644 index 000000000..aed4a9f48 --- /dev/null +++ b/nin/2configs/git.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let + + out = { + services.nginx.enable = true; + krebs.git = { + enable = true; + cgit = { + settings = { + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + }; + }; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = public-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + stockholm = { + cgit.desc = "take all the computers hostage, they'll love you!"; + }; + }; + + make-public-repo = name: { cgit ? {}, ... }: { + inherit cgit name; + public = true; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = [ nin nin_h ]; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix new file mode 100644 index 000000000..b078dbd53 --- /dev/null +++ b/nin/2configs/im.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: +with import ; +{ + environment.systemPackages = with pkgs; [ + (pkgs.writeDashBin "im" '' + export PATH=${makeSearchPath "bin" (with pkgs; [ + tmux + gnugrep + weechat + ])} + ssh chat@onondaga + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + ]; +} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix new file mode 100644 index 000000000..821e3cc00 --- /dev/null +++ b/nin/2configs/retiolum.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } + { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + ]; + }; + }; + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "pigstarter" + "gum" + "flap" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; +} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix new file mode 100644 index 000000000..621dfae82 --- /dev/null +++ b/nin/2configs/skype.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.users.extraUsers.nin; + inherit (import ) genid; + +in { + users.extraUsers = { + skype = { + name = "skype"; + uid = genid "skype"; + description = "user for running skype"; + home = "/home/skype"; + useDefaultShell = true; + extraGroups = [ "audio" "video" ]; + createHome = true; + }; + }; + + krebs.per-user.skype.packages = [ + pkgs.skype + ]; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(skype) NOPASSWD: ALL + ''; +} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix new file mode 100644 index 000000000..942446b01 --- /dev/null +++ b/nin/2configs/termite.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = [ + pkgs.termite + ]; + + krebs.per-user.nin.packages = let + termitecfg = pkgs.writeTextFile { + name = "termite-config"; + destination = "/etc/xdg/termite/config"; + text = '' + [colors] + foreground = #d0d7d0 + background = #000000 + ''; + }; + in [ + termitecfg + ]; + +} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix new file mode 100644 index 000000000..7b5d37611 --- /dev/null +++ b/nin/2configs/vim.nix @@ -0,0 +1,355 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + out = { + environment.systemPackages = [ + vim + pkgs.pythonPackages.flake8 + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + }; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set laststatus=2 + set mouse=a + set noruler + set pastetoggle= + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + vnoremap < >gv + + nnoremap [5^ :tabp + nnoremap [6^ :tabn + nnoremap [5@ :tabm -1 + nnoremap [6@ :tabm +1 + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + + " + noremap Oa | noremap! Oa + noremap Ob | noremap! Ob + noremap Oc | noremap! Oc + noremap Od | noremap! Od + " <[C]S-{Up,Down,Right,Left> + noremap [a | noremap! [a + noremap [b | noremap! [b + noremap [c | noremap! [c + noremap [d | noremap! [d + vnoremap u + ''; + + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + pkgs.vimPlugins.airline + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchgit { + url = git://github.com/bogado/file-line; + rev = "refs/tags/1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) + ]; + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + ''; + + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + set bg=dark + ''; +in +out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix new file mode 100644 index 000000000..6c0fb313e --- /dev/null +++ b/nin/2configs/weechat.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import ) genid; +in { + krebs.per-user.chat.packages = with pkgs; [ + mosh + weechat + tmux + ]; + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; +} diff --git a/nin/default.nix b/nin/default.nix new file mode 100644 index 000000000..c31d6d949 --- /dev/null +++ b/nin/default.nix @@ -0,0 +1,7 @@ +_: +{ + imports = [ + ../krebs + ./2configs + ]; +} diff --git a/nin/krops.nix b/nin/krops.nix new file mode 100644 index 000000000..d0074840a --- /dev/null +++ b/nin/krops.nix @@ -0,0 +1,35 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./0tests/dummysecrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) + test = { target }: pkgs.krops.writeTest "${name}-test" { + inherit target; + source = source { test = true; }; + }; +} From 0fdcfd126a7b0bf9fa340d0a4c624cf71e3689af Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Oct 2018 22:38:04 +0200 Subject: [PATCH 70/82] nin krops: force test --- nin/krops.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nin/krops.nix b/nin/krops.nix index d0074840a..fef8cc38b 100644 --- a/nin/krops.nix +++ b/nin/krops.nix @@ -29,6 +29,7 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; From 6789205a6da67d62dcd406e6db63d0eced9ef4f0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 10 Oct 2018 20:13:07 +0200 Subject: [PATCH 71/82] l vim: show damned NBSP --- lass/2configs/vim.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 855c30b3e..4f7bd4437 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -63,6 +63,8 @@ let au Syntax * syn match Garbage containedin=ALL /\s\+$/ \ | syn match TabStop containedin=ALL /\t\+/ \ | syn keyword Todo containedin=ALL TODO + \ | syn match NBSP '\%xa0' + \ | syn match NarrowNBSP '\%u202F' au BufRead,BufNewFile *.hs so ${hs.vim} @@ -165,6 +167,8 @@ let hi Garbage ctermbg=088 hi TabStop ctermbg=016 + hi NBSP ctermbg=094 + hi NarrowNBSP ctermbg=097 hi Todo ctermfg=174 ctermbg=NONE hi NixCode ctermfg=148 From 540ac38dcfa7208e1d2af6fc45a39064702c0c02 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 10 Oct 2018 20:14:05 +0200 Subject: [PATCH 72/82] nin games: remove dwarf_fortress --- nin/2configs/games.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix index 15e17238d..4c4f0c3a0 100644 --- a/nin/2configs/games.nix +++ b/nin/2configs/games.nix @@ -57,7 +57,6 @@ let in { environment.systemPackages = with pkgs; [ - dwarf_fortress doom1 doom2 vdoom1 From 031a832b5c378cc86385fcd37a1252e75d876fbc Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 11 Oct 2018 22:02:12 +0200 Subject: [PATCH 73/82] l: add eve.r --- krebs/3modules/lass/default.nix | 38 +++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 7d9ef5075..6b4dc3f17 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -494,6 +494,44 @@ with import ; }; }; }; + eve = { + monitoring = false; + ci = false; + external = true; + nets = rec { + internet = { + # eve.thalheim.io + ip4.addr = "188.68.39.17"; + ip6.addr = "2a03:4000:13:31e::1"; + aliases = [ "eve.i" ]; + }; + retiolum = rec { + via = internet; + addrs = [ + ip4.addr + ip6.addr + ]; + ip4.addr = "10.243.29.174"; + ip6.addr = "42:4992:6a6d:a00::1"; + aliases = [ "eve.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH + XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 + 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk + 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI + +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 + dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW + pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP + c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi + YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI + 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 + Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; xerxes = { cores = 2; nets = rec { From 1ed73d2d9092375bd50f41da4aee51b6ce57072b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 18 Oct 2018 17:45:25 +0200 Subject: [PATCH 74/82] nixpkgs: 21293d2 -> 81f5c26 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 1a40afe8b..60307e694 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "21293d2576ac6c041b8c26cd05664e54038dfcf2", - "date": "2018-10-08T17:04:13+02:00", - "sha256": "0qx9kg11dp3v7mmbf23qrg9q4qnwd0v6ccq952armb11ykj7jzif", + "rev": "81f5c2698a87c65b4970c69d472960c574ea0db4", + "date": "2018-10-17T20:48:45-04:00", + "sha256": "0p4x9532d3qlbykyyq8zk62k8py9mxd1s7zgbv54zmv597rs5y35", "fetchSubmodules": false } From fbf7b22971eeed8683326388bd9fc5bd9d361b2a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Oct 2018 15:32:38 +0200 Subject: [PATCH 75/82] l git: add go & newsbot-js --- lass/2configs/git.nix | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 253c56e48..c5b5c01fb 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -50,14 +50,30 @@ let cgit.desc = "take a description of your disk layout and produce a format script"; cgit.section = "software"; }; + go = { + cgit.desc = "url shortener"; + cgit.section = "software"; + }; krebspage = { cgit.desc = "homepage of krebs"; cgit.section = "configuration"; }; + krops = { + cgit.desc = "krebs deployment"; + cgit.section = "software"; + }; news = { cgit.desc = "take a rss feed and a timeout and print it to stdout"; cgit.section = "software"; }; + newsbot-js = { + cgit.desc = "print rss feeds to irc channels"; + cgit.section = "software"; + }; + nix-user-chroot = { + cgit.desc = "Fork of nix-user-chroot by lethalman"; + cgit.section = "software"; + }; nix-writers = { cgit.desc = "high level writers for nix"; cgit.section = "software"; @@ -85,14 +101,6 @@ let cgit.desc = "Good Music collection + tools"; cgit.section = "art"; }; - nix-user-chroot = { - cgit.desc = "Fork of nix-user-chroot by lethalman"; - cgit.section = "software"; - }; - krops = { - cgit.desc = "krebs deployment"; - cgit.section = "software"; - }; xmonad-stockholm = { cgit.desc = "krebs xmonad modules"; cgit.section = "configuration"; From 2861c374a49b4b3045577243fa32af048e9b50f1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Oct 2018 15:43:02 +0200 Subject: [PATCH 76/82] l prism.r: use new physical.nix --- lass/1systems/prism/physical.nix | 96 +++++++++++++++----------------- 1 file changed, 44 insertions(+), 52 deletions(-) diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 83f127c22..56348d0ab 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -3,27 +3,39 @@ imports = [ ./config.nix { - networking.interfaces.et0.ipv4.addresses = [ - { - address = config.krebs.build.host.nets.internet.ip4.addr; + boot.kernelParams = [ "net.ifnames=0" ]; + networking = { + defaultGateway = "46.4.114.225"; + # Use google's public DNS server + nameservers = [ "8.8.8.8" ]; + interfaces.eth0 = { + ipAddress = "46.4.114.247"; prefixLength = 27; - } - { - address = "46.4.114.243"; - prefixLength = 27; - } - ]; - networking.defaultGateway = "46.4.114.225"; - networking.nameservers = [ - "8.8.8.8" - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" - ''; + }; + }; + # TODO use this network config + #networking.interfaces.et0.ipv4.addresses = [ + # { + # address = config.krebs.build.host.nets.internet.ip4.addr; + # prefixLength = 27; + # } + # { + # address = "46.4.114.243"; + # prefixLength = 27; + # } + #]; + #networking.defaultGateway = "46.4.114.225"; + #networking.nameservers = [ + # "8.8.8.8" + #]; + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" + #''; } { imports = [ ]; + networking.hostId = "fb4173ea"; boot.loader.grub = { devices = [ "/dev/sda" @@ -40,45 +52,25 @@ boot.kernelModules = [ "kvm-intel" ]; - fileSystems."/" = { - device = "/dev/pool/nix_root"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - fileSystems."/var/download" = { - device = "/dev/pool/download"; - fsType = "ext4"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/http"; - fsType = "ext4"; - }; - - fileSystems."/home" = { - device = "/dev/pool/home"; - fsType = "ext4"; - }; - - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - - swapDevices = [ - { label = "swap1"; } - { label = "swap2"; } - ]; - sound.enable = false; nixpkgs.config.allowUnfree = true; time.timeZone = "Europe/Berlin"; + + fileSystems."/" = { + device = "rpool/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "rpool/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d"; + fsType = "ext4"; + }; + } ]; From fbf45bca1f13696019386144d5796cca80bb0351 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Oct 2018 15:43:39 +0200 Subject: [PATCH 77/82] l mail: add notmuch to pkgs --- lass/2configs/mail.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9246abfed..e50689254 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -210,6 +210,7 @@ in { environment.systemPackages = [ msmtp mutt + pkgs.notmuch pkgs.much tag-new-mails tag-old-mails From 9aaa04783aa3eb339822f2fe80353758fa433ff9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Oct 2018 15:43:58 +0200 Subject: [PATCH 78/82] l urxvt: fix saveLines --- lass/2configs/urxvt.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix index fa63ddf25..82f3fb2e6 100644 --- a/lass/2configs/urxvt.nix +++ b/lass/2configs/urxvt.nix @@ -5,7 +5,7 @@ with import ; services.urxvtd.enable = true; krebs.xresources.resources.urxvt = '' - URxvt*SaveLines: 1000000 + URxvt.saveLines: 100000 URxvt*scrollBar: false URxvt*urgentOnBell: true URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select From 55439da05492618e190d7fad361fd550c50619e8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Oct 2018 15:44:33 +0200 Subject: [PATCH 79/82] l websites domsen: ensure databases & users exist --- lass/2configs/websites/domsen.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index e1c1313ea..828cab95f 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -66,6 +66,12 @@ in { ]) ]; + services.mysql.ensureDatabases = [ "ubikmedia_de" "o_ubikmedia_de" ]; + services.mysql.ensureUsers = [ + { ensurePermissions = { "ubikmedia_de.*" = "ALL"; }; name = "nginx"; } + { ensurePermissions = { "o_ubikmedia_de.*" = "ALL"; }; name = "nginx"; } + ]; + services.nginx.virtualHosts."ubikmedia.de".locations."/piwika".extraConfig = '' try_files $uri $uri/ /index.php?$args; ''; From 153648682697aafe89ef7eb69805ae8e6a25bc39 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Oct 2018 15:45:09 +0200 Subject: [PATCH 80/82] l websites lassulus: add lass-mors to auhtorized keys --- lass/2configs/websites/lassulus.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 4c29831a2..b72b20928 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -145,8 +145,9 @@ in { home = "/srv/http/lassul.us"; useDefaultShell = true; createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-mors.pubkey ]; }; } From fc799f61f17014e61f5bd602c5e44f7412660c28 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Oct 2018 15:45:38 +0200 Subject: [PATCH 81/82] l krops: add optional target argument to deploy --- lass/krops.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/krops.nix b/lass/krops.nix index 13b10e253..a898164c3 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -22,9 +22,9 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.krops.writeDeploy "${name}-deploy" { + deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" { source = source { test = false; }; - target = "root@${name}/var/src"; + inherit target; }; # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) From 24f4e8dcf0eca55378fa018a9ed980625222653d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Oct 2018 15:47:06 +0200 Subject: [PATCH 82/82] l xjail: use sudo again until fixed --- lass/3modules/xjail.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 5b450ed42..974e11c6e 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -120,10 +120,13 @@ with import ; ${pkgs.coreutils}/bin/kill $WM_PID ${pkgs.coreutils}/bin/kill $XEPHYR_PID ''; + # TODO fix xephyr which doesn't honor resizes anymore sudo_ = pkgs.writeDash "${cfg.name}-sudo" (if cfg.vglrun then '' /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@" '' else '' - /var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@" + #/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@" + /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@" + ''); vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" '' DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@" @@ -163,7 +166,7 @@ with import ; lass.xjail-bins = mapAttrs' (name: cfg: nameValuePair name (pkgs.writeScriptBin cfg.name '' - ${scripts.${name}.existing} "$@" + ${scripts.${name}.sudo} "$@" '') ) config.lass.xjail; };