Merge remote-tracking branch 'gum/master'

This commit is contained in:
tv 2017-03-05 17:01:57 +01:00
commit 23a79b8fb0
26 changed files with 266 additions and 143 deletions

View File

@ -3,7 +3,7 @@ let
byid = dev: "/dev/disk/by-id/" + dev; byid = dev: "/dev/disk/by-id/" + dev;
part1 = disk: disk + "-part1"; part1 = disk: disk + "-part1";
rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890"; rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
primary-interface = "enp2s0"; # c8:cb:b8:cf:e4:dc primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc
# N54L Chassis: # N54L Chassis:
# ____________________ # ____________________
# |______FRONT_______| # |______FRONT_______|

View File

@ -8,7 +8,7 @@
[ # base [ # base
../. ../.
../2configs/main-laptop.nix ../2configs/main-laptop.nix
../2configs/laptop-utils.nix ../2configs/tools/all.nix
../2configs/laptop-backup.nix ../2configs/laptop-backup.nix
../2configs/dnscrypt.nix ../2configs/dnscrypt.nix
@ -46,7 +46,7 @@
../2configs/mail-client.nix ../2configs/mail-client.nix
../2configs/printer.nix ../2configs/printer.nix
../2configs/virtualization.nix ../2configs/virtualization.nix
../2configs/virtualization-virtualbox.nix # ../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix ../2configs/wwan.nix
../2configs/rad1o.nix ../2configs/rad1o.nix
@ -64,8 +64,10 @@
../2configs/fs/sda-crypto-root-home.nix ../2configs/fs/sda-crypto-root-home.nix
]; ];
makefu.server.primary-itf = "wlp2s0";
makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true; makefu.full-populate = true;
makefu.umts.apn = "web.vodafone.de";
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
krebs.nginx = { krebs.nginx = {
@ -74,6 +76,7 @@
servers.default.server-names = [ "_" ]; servers.default.server-names = [ "_" ];
}; };
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;

View File

@ -82,7 +82,7 @@ in
URxvt.perl-ext: default,url-select URxvt.perl-ext: default,url-select
URxvt.keysym.M-u: perl:url-select:select_next URxvt.keysym.M-u: perl:url-select:select_next
URxvt.url-select.launcher: chromium URxvt.url-select.launcher: firefox -new-tab
URxvt.url-select.underline: true URxvt.url-select.underline: true
URxvt.searchable-scrollback: CM-s URxvt.searchable-scrollback: CM-s
''; '';

View File

@ -22,7 +22,7 @@ with import <stockholm/lib>;
user = config.krebs.users.makefu; user = config.krebs.users.makefu;
source = let source = let
inherit (config.krebs.build) host user; inherit (config.krebs.build) host user;
ref = "f66d782"; # unstable @ 2017-02-04 ref = "53a2baa"; # unstable @ 2017-02-28
in { in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{ {
@ -145,21 +145,21 @@ with import <stockholm/lib>;
tinc = pkgs.tinc_pre; tinc = pkgs.tinc_pre;
}; };
services.cron.enable = false; networking.timeServers = [
services.nscd.enable = false;
services.ntp.enable = false;
services.timesyncd.enable = true;
services.ntp.servers = [
"pool.ntp.org" "pool.ntp.org"
"time.windows.com" "time.windows.com"
"time.apple.com" "time.apple.com"
"time.nist.gov" "time.nist.gov"
]; ];
nix.extraOptions = '' nix.extraOptions = ''
auto-optimise-store = true auto-optimise-store = true
''; '';
security.setuidPrograms = [ "sendmail" ]; security.wrappers.sendmail = {
source = "${pkgs.exim}/bin/sendmail";
setuid = true;
};
services.journald.extraConfig = '' services.journald.extraConfig = ''
SystemMaxUse=1G SystemMaxUse=1G
RuntimeMaxUse=128M RuntimeMaxUse=128M

View File

@ -131,11 +131,15 @@ in {
( serveCloud [ "o.euer.krebsco.de" ] ) ( serveCloud [ "o.euer.krebsco.de" ] )
]; ];
services.mysql = { services.mysql = { # TODO: currently nextcloud uses sqlite
enable = true; enable = false;
package = pkgs.mariadb; package = pkgs.mariadb;
rootPassword = config.krebs.secret.files.mysql_rootPassword.path; rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
}; };
services.mysqlBackup = {
enable = false;
databases = [ "nextcloud" ];
};
krebs.secret.files.mysql_rootPassword = { krebs.secret.files.mysql_rootPassword = {
path = "${config.services.mysql.dataDir}/mysql_rootPassword"; path = "${config.services.mysql.dataDir}/mysql_rootPassword";

View File

@ -9,20 +9,28 @@ with import <stockholm/lib>;
kernelModules = [ kernelModules = [
"kvm-intel" "kvm-intel"
"thinkpad_ec" "thinkpad_ec"
# "acpi_call" "acpi_call"
# "thinkpad_acpi" # "thinkpad_acpi"
# "tpm-rng" # "tpm-rng"
]; ];
extraModulePackages = [ extraModulePackages = [
# config.boot.kernelPackages.acpi_call config.boot.kernelPackages.acpi_call
]; ];
# support backlight adjustment
kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ];
}; };
# configured media keys inside awesomerc
# sound.mediaKeys.enable = true;
hardware.bluetooth.enable = true;
services.acpid.enable = true; services.acpid.enable = true;
hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
services.xserver = { services.xserver = {
videoDriver = "intel"; videoDriver = "intel";
deviceSection = '' deviceSection = ''
Option "AccelMethod" "sna" Option "AccelMethod" "sna"
Option "Backlight" "intel_backlight"
''; '';
}; };
# no entropy source working # no entropy source working

View File

@ -1,65 +0,0 @@
{ pkgs, ... }:
# tools i use when actually working with the host.
# package version will now be maintained by nix-rebuild
#
# essentially `nix-env -q` of the main user
# TODO: split gui and non-gui
{
nixpkgs.config.firefox = {
enableAdobeFlash = true;
};
krebs.per-user.makefu.packages = with pkgs; [
# core
at_spi2_core
acpi
bc
exif
file
ntfs3g
pv
proot
sshpass
unzip
unrar
usbutils
zip
# dev
python35Packages.virtualenv
# gui
chromium
clipit
feh
firefox
keepassx
pcmanfm
skype
mirage
tightvnc
gnome3.dconf
vlc
virtmanager
wireshark
xdotool
# sectools
aria2
pythonPackages.binwalk-full
dnsmasq
iodine
mtr
nmap
# stuff
cac-api
cac-panel
krebspaste
ledger
pass
];
}

View File

@ -5,10 +5,9 @@ let
collectd-port = 25826; collectd-port = 25826;
influx-port = 8086; influx-port = 8086;
grafana-port = 3000; # TODO nginx forward grafana-port = 3000; # TODO nginx forward
db = "collectd_db";
logging-interface = config.makefu.server.primary-itf;
in { in {
imports = [
../../../lass/3modules/kapacitor.nix
];
services.grafana.enable = true; services.grafana.enable = true;
services.grafana.addr = "0.0.0.0"; services.grafana.addr = "0.0.0.0";
@ -27,11 +26,11 @@ in {
collectd = [{ collectd = [{
enabled = true; enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db"; typesdb = "${pkgs.collectd}/share/collectd/types.db";
database = "collectd_db"; database = db;
port = collectd-port; port = collectd-port;
}]; }];
}; };
lass.kapacitor = krebs.kapacitor =
let let
echoToIrc = pkgs.writeDash "echo_irc" '' echoToIrc = pkgs.writeDash "echo_irc" ''
set -euf set -euf
@ -43,7 +42,8 @@ in {
in { in {
enable = true; enable = true;
alarms = { alarms = {
cpu_deadman = '' cpu_deadman.database = db;
cpu_deadman.text = ''
var data = batch var data = batch
|query(${"'''"} |query(${"'''"}
SELECT mean("value") AS mean SELECT mean("value") AS mean
@ -68,5 +68,8 @@ in {
iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
''; '';
} }

View File

@ -14,7 +14,8 @@ in {
./base-gui.nix ./base-gui.nix
./fetchWallpaper.nix ./fetchWallpaper.nix
./zsh-user.nix ./zsh-user.nix
./laptop-utils.nix ./tools/core.nix
./tools/core-gui.nix
]; ];
users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
@ -60,7 +61,7 @@ in {
sleep 1 sleep 1
'') '')
[ 5 4 3 2 1 ]} [ 5 4 3 2 1 ]}
/var/setuid-wrappers/sudo ${pkgs.systemd}/bin/systemctl suspend /var/run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl suspend
''; '';
}; };
}; };

View File

@ -48,15 +48,8 @@ in {
browseable = "yes"; browseable = "yes";
"guest ok" = "yes"; "guest ok" = "yes";
}; };
crypt0-rw = { media-rw = {
path = "/media/crypt0/"; path = "/media/";
"read only" = "no";
browseable = "yes";
"guest ok" = "no";
"valid users" = "makefu";
};
crypt1-rw = {
path = "/media/crypt1/";
"read only" = "no"; "read only" = "no";
browseable = "yes"; browseable = "yes";
"guest ok" = "no"; "guest ok" = "no";

View File

@ -5,6 +5,7 @@
enable = true; enable = true;
drivers = [ drivers = [
pkgs.samsungUnifiedLinuxDriver pkgs.samsungUnifiedLinuxDriver
pkgs.dymo-cups-drivers
]; ];
}; };

View File

@ -0,0 +1,11 @@
{
imports = [
./core.nix
./core-gui.nix
./dev.nix
./extra-gui.nix
./games.nix
./media.nix
./sec.nix
];
}

View File

@ -0,0 +1,24 @@
{ pkgs, ... }:
{
nixpkgs.config.firefox = {
enableAdobeFlash = true;
};
krebs.per-user.makefu.packages = with pkgs; [
chromium
clipit
feh
firefox
keepassx
pcmanfm
skype
mirage
tightvnc
gnome3.dconf
wireshark
xdotool
xorg.xbacklight
scrot
];
}

View File

@ -0,0 +1,46 @@
{ pkgs, ... }:
# tools i use when actually working with the host.
# package version will now be maintained by nix-rebuild
#
# essentially `nix-env -q` of the main user
{
krebs.per-user.makefu.packages = with pkgs; [
at_spi2_core
acpi
bc
rsync
exif
file
ntfs3g
pv
proot
sshpass
populate
usbutils
p7zip
hdparm
inetutils
ncftp
mutt
tcpdump
sysstat
which
weechat
curl
wget
wol
tmux
smartmontools
cifs-utils
iftop
taskwarrior
mplayer
cac-api
cac-panel
krebspaste
ledger
pass
];
}

View File

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs;[
nodemcu-uploader
esptool
python35Packages.virtualenv
flashrom
];
}

View File

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs;[
inkscape
gimp
skype
virtmanager
synergy
saleae-logic
];
}

View File

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
steam
];
}

View File

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
kodi
streamripper
youtube-dl
calibre
vlc
mumble
];
}

View File

@ -0,0 +1,15 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
aria2
# mitmproxy
pythonPackages.binwalk-full
dnsmasq
iodine
mtr
nmap
msf
thc-hydra
];
}

View File

@ -16,6 +16,9 @@
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://github.com/amadvance/snapraid/releases.atom https://github.com/amadvance/snapraid/releases.atom
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
https://api.github.com/repos/embray/d2to1/tags
https://api.github.com/repos/dorimanx/exfat-nofuse/commits
https://api.github.com/repos/dorimanx/exfat-nofuse/tags
]; ];
}; };
} }

View File

@ -26,7 +26,7 @@ let
Dial Command = ATDT Dial Command = ATDT
Modem = ${cfg.modem-device} Modem = ${cfg.modem-device}
Baud = 460800 Baud = 460800
Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0
Init2 = ATZ Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0 ISDN = 0
@ -54,6 +54,13 @@ let
to avoid race conditions. to avoid race conditions.
''; '';
}; };
apn = mkOption {
default = "pinternet.interkom.de";
type = types.str;
description = ''
apn to use for dailing
'';
};
}; };
imp = { imp = {

View File

@ -364,6 +364,10 @@ globalkeys = awful.util.table.join(
end, end,
{description = "restore minimized", group = "client"}), {description = "restore minimized", group = "client"}),
awful.key({ }, "XF86MonBrightnessUp", function ()
awful.util.spawn("xbacklight -inc 5", false) end),
awful.key({ }, "XF86MonBrightnessDown", function ()
awful.util.spawn("xbacklight -dec 5", false) end),
awful.key({ }, "XF86AudioRaiseVolume", function () awful.key({ }, "XF86AudioRaiseVolume", function ()
awful.util.spawn("amixer set Master 5%+", false) end), awful.util.spawn("amixer set Master 5%+", false) end),

View File

@ -1,38 +1,35 @@
{ pkgs, ... }: { pkgs, ... }:
let with import <stockholm/lib>;
inherit (pkgs) callPackage;
in
{ {
nixpkgs.config.packageOverrides = rec { nixpkgs.config.packageOverrides = oldpkgs: let
acdcli = callPackage ./acdcli {};
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
override = pkgs.callPackage path args;
upstream = optionalAttrs (override ? "name")
(oldpkgs.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
override ? "name" &&
compareVersions upstream.name override.name != -1
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
else override;
in {}
// mapAttrs (_: flip callPackage {})
(filterAttrs (_: dir: pathExists (dir + "/default.nix"))
(subdirsOf ./.))
// {
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
awesomecfg = callPackage ./awesomecfg {};
bintray-upload = callPackage ./bintray-upload {};
debmirror = callPackage ./debmirror {};
inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client; inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client;
elchhub = callPackage ./elchhub {};
f3 = callPackage ./f3 {};
farpd = callPackage ./farpd {};
git-xlsx-textconv = callPackage ./git-xlsx-textconv {};
mergerfs = callPackage ./mergerfs {};
mycube-flask = callPackage ./mycube-flask {};
nodemcu-uploader = callPackage ./nodemcu-uploader {}; nodemcu-uploader = callPackage ./nodemcu-uploader {};
ps3netsrv = callPackage ./ps3netsrv {};
pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils { pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils {
wordset-file = pkgs.fetchurl { wordset-file = pkgs.fetchurl {
url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ; url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ;
sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
}; };
}; };
qcma = pkgs.qt5.callPackage ./qcma {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
skytraq-logger = callPackage ./skytraq-logger {};
taskserver = callPackage ./taskserver {};
udpt = callPackage ./udpt {};
wol = callPackage ./wol {};
snapraid = callPackage ./snapraid {};
}; };
} }

View File

@ -0,0 +1,17 @@
{ stdenv, lib, pkgs, fetchurl, cups, ... }:
stdenv.mkDerivation rec {
name = "dymo-cups-drivers-${version}";
version = "1.4.0";
src = fetchurl {
url = "http://download.dymo.com/dymo/Software/Download%20Drivers/Linux/Download/${name}.tar.gz";
sha256 = "0wagsrz3q7yrkzb5ws0m5faq68rqnqfap9p98sgk5jl6x7krf1y6";
};
buildInputs = [ cups ];
makeFlags = [ "cupsfilterdir=$(out)/lib/cups/filter" "cupsmodeldir=$(out)/share/cups/model" ];
# acd_cli gets dumped in bin and gets overwritten by fixupPhase
meta = {
description = "Dymo printer drivers";
};
}

View File

@ -0,0 +1,32 @@
{ pkgs, fetchFromGitHub, ... }:
with pkgs.python2Packages;
let
pyaes = buildPythonPackage rec {
name = "pyaes-${version}";
version = "1.6.0";
src = fetchFromGitHub {
owner = "ricmoo";
repo = "pyaes";
rev = "v${version}";
sha256 = "04934a9zgwc8g3qhfrkcfv0bs557paigllnkrnfhp9m1azr3bfqb";
};
doCheck = false;
};
in
buildPythonPackage rec {
name = "esptool-${version}";
version = "2.0beta2";
propagatedBuildInputs = [
pyserial
flake8
ecdsa
pyaes
];
src = fetchFromGitHub {
owner = "themadinventor";
repo = "esptool";
rev = "v${version}";
sha256 = "0n96pyi1k4qlyfqk5k7xpgq8726wz74qvd3gqjg0bpsl3wr7l94i";
};
doCheck = false;
}

View File

@ -1,22 +0,0 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
proj = "wake-on-lan";
name = "wol-${version}";
version = "0.7.1";
enableParallelBuilding = true;
src = fetchurl {
url = "mirror://sourceforge/${proj}/${name}.tar.gz";
sha256 = "08i6l5lr14mh4n3qbmx6kyx7vjqvzdnh3j9yfvgjppqik2dnq270";
};
meta = {
description = "simple wake-on-lan client";
homepage = https://sourceforge.net/projects/wake-on-lan/;
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux;
maintainers = with stdenv.lib.maintainers; [ makefu ];
};
}