Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse Source
This commit is contained in:
makefu 2016-06-23 17:04:07 +02:00
commit 271a59b1d6
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
21 changed files with 681 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
krebs/3modules/lass/default.nix
View File

@ -108,36 +108,17 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_rsa>; ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
}; };
fastpoke = { domsen-nas = {
nets = rec { nets = rec {
internet = { internet = {
ip4.addr = "193.22.164.36";
aliases = [ aliases = [
"fastpoke.internet" "domsen-nas.internet"
]; ];
}; ip4.addr = "87.138.180.167";
retiolum = { ssh.port = 2223;
via = internet;
ip4.addr = "10.243.253.152";
ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00";
aliases = [
"fastpoke.retiolum"
"fastpoke.r"
"cgit.fastpoke.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
-----END RSA PUBLIC KEY-----
'';
}; };
}; };
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b"; ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs=";
}; };
cloudkrebs = { cloudkrebs = {
cores = 1; cores = 1;

3
lass/1systems/mors.nix
View File

@ -26,11 +26,10 @@
../2configs/teamviewer.nix ../2configs/teamviewer.nix
../2configs/libvirt.nix ../2configs/libvirt.nix
../2configs/fetchWallpaper.nix ../2configs/fetchWallpaper.nix
../2configs/cbase.nix ../2configs/c-base.nix
../2configs/mail.nix ../2configs/mail.nix
../2configs/krebs-pass.nix ../2configs/krebs-pass.nix
../2configs/umts.nix ../2configs/umts.nix
#../2configs/buildbot-standalone.nix
{ {
#risk of rain port #risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [

11
lass/2configs/baseX.nix
View File

@ -8,7 +8,13 @@ in {
#./urxvt.nix #./urxvt.nix
./xserver ./xserver
./mpv.nix ./mpv.nix
#./pulse.nix
./power-action.nix
]; ];
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
users.extraUsers.mainUser.extraGroups = [ "audio" ]; users.extraUsers.mainUser.extraGroups = [ "audio" ];
@ -16,11 +22,6 @@ in {
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
programs.ssh.startAgent = false; programs.ssh.startAgent = false;
security.setuidPrograms = [ "slock" ]; security.setuidPrograms = [ "slock" ];

61
lass/2configs/buildbot-standalone.nix
View File

@ -1,6 +1,14 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
{
krebs.buildbot.master = let with config.krebs.lib;
let
sshWrapper = pkgs.writeDash "ssh-wrapper" ''
${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@"
'';
in {
config.krebs.buildbot.master = let
stockholm-mirror-url = http://cgit.prism/stockholm ; stockholm-mirror-url = http://cgit.prism/stockholm ;
in { in {
slaves = { slaves = {
@ -44,11 +52,15 @@
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
# TODO: get nixpkgs/stockholm paths from krebs # TODO: get nixpkgs/stockholm paths from krebs
env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true"} env = {
"LOGNAME": "lass",
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
}
# prepare nix-shell # prepare nix-shell
# the dependencies which are used by the test script # the dependencies which are used by the test script
deps = [ "gnumake", "jq", "nix", "rsync" ] deps = [ "gnumake", "jq", "nix", "rsync", "proot" ]
# TODO: --pure , prepare ENV in nix-shell command: # TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE # SSL_CERT_FILE,LOGNAME,NIX_REMOTE
nixshell = ["nix-shell", nixshell = ["nix-shell",
@ -68,12 +80,12 @@
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
addShell(f,name="build-{}".format(i),env=env, addShell(f,name="build-{}".format(i),env=env,
command=nixshell + \ command=nixshell + \
["nix-build \ ["make \
--show-trace --no-out-link \ test \
-I nixos-config=./lass/1systems/{}.nix \ ssh=${sshWrapper} \
-I secrets=./lass/2configs/tests/dummy-secrets \ target=build@localhost:${config.users.users.build.home}/testbuild \
-I stockholm=. \ method=build \
-A config.system.build.toplevel".format(i)]) system={}".format(i)])
bu.append(util.BuilderConfig(name="build-all", bu.append(util.BuilderConfig(name="build-all",
slavenames=slavenames, slavenames=slavenames,
@ -115,7 +127,7 @@
}; };
}; };
krebs.buildbot.slave = { config.krebs.buildbot.slave = {
enable = true; enable = true;
masterhost = "localhost"; masterhost = "localhost";
username = "testslave"; username = "testslave";
@ -125,7 +137,7 @@
NIX_PATH="nixpkgs=/var/src/nixpkgs"; NIX_PATH="nixpkgs=/var/src/nixpkgs";
}; };
}; };
krebs.iptables = { config.krebs.iptables = {
tables = { tables = {
filter.INPUT.rules = [ filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8010"; target = "ACCEPT"; } { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
@ -133,4 +145,29 @@
]; ];
}; };
}; };
#ssh workaround for make test
options.lass.build-ssh-privkey = mkOption {
type = types.secret-file;
default = {
path = "${config.users.users.buildbotSlave.home}/ssh.privkey";
owner = { inherit (config.users.users.buildbotSlave ) name uid;};
source-path = toString <secrets> + "/build.ssh.key";
};
};
config.krebs.secret.files = {
build-ssh-privkey = config.lass.build-ssh-privkey;
};
config.users.users = {
build = {
name = "build";
uid = genid "build";
home = "/home/build";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors"
];
};
};
} }

0
lass/2configs/cbase.nix → lass/2configs/c-base.nix
View File

7
lass/2configs/default.nix
View File

@ -59,12 +59,13 @@ with config.krebs.lib;
user = config.krebs.users.lass; user = config.krebs.users.lass;
source = mapAttrs (_: mkDefault) ({ source = mapAttrs (_: mkDefault) ({
nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix"; nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
secrets = secrets = if getEnv "dummy_secrets" == "true"
if getEnv "dummy_secrets" == "true"
then toString <stockholm/lass/2configs/tests/dummy-secrets> then toString <stockholm/lass/2configs/tests/dummy-secrets>
else "/home/lass/secrets/${config.krebs.build.host.name}"; else "/home/lass/secrets/${config.krebs.build.host.name}";
#secrets-common = "/home/lass/secrets/common"; #secrets-common = "/home/lass/secrets/common";
stockholm = "/home/lass/stockholm"; stockholm = if getEnv "dummy_secrets" == "true"
then "/var/lib/buildbot/slave/build-all/build"
else "/home/lass/stockholm";
} // optionalAttrs config.krebs.build.host.secure { } // optionalAttrs config.krebs.build.host.secure {
#secrets-master = "/home/lass/secrets/master"; #secrets-master = "/home/lass/secrets/master";
}); });

1
lass/2configs/exim-smarthost.nix
View File

@ -29,6 +29,7 @@ with config.krebs.lib;
{ from = "finanzamt@lassul.us"; to = lass.mail; } { from = "finanzamt@lassul.us"; to = lass.mail; }
{ from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
{ from = "netzclub@lassul.us"; to = lass.mail; } { from = "netzclub@lassul.us"; to = lass.mail; }
{ from = "nebenan@lassul.us"; to = lass.mail; }
]; ];
system-aliases = [ system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; } { from = "mailer-daemon"; to = "postmaster"; }

7
lass/2configs/mail.nix
View File

@ -10,8 +10,9 @@ let
account default: prism account default: prism
''; '';
msmtp = pkgs.writeDashBin "msmtp" '' msmtp = pkgs.writeBashBin "msmtp" ''
exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \
${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
''; '';
muttrc = pkgs.writeText "muttrc" '' muttrc = pkgs.writeText "muttrc" ''
@ -42,7 +43,7 @@ let
set nm_record = yes set nm_record = yes
set nm_record_tags = "-inbox me archive" set nm_record_tags = "-inbox me archive"
set virtual_spoolfile=yes # enable virtual folders set virtual_spoolfile=yes # enable virtual folders
set sendmail="msmtp" # enables parsing of outgoing mail set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail
set use_from=yes set use_from=yes
set envelope_from=yes set envelope_from=yes

2
lass/2configs/nixpkgs.nix
View File

@ -3,6 +3,6 @@
{ {
krebs.build.source.nixpkgs = { krebs.build.source.nixpkgs = {
url = https://github.com/lassulus/nixpkgs; url = https://github.com/lassulus/nixpkgs;
rev = "f215f9e91e07473e61c9302aaa312c7350e98f0e"; rev = "7d932301fe1d98a1ef1872a7124e8809279def74";
}; };
} }

41
lass/2configs/power-action.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, pkgs, ... }:
let
suspend = pkgs.writeDash "suspend" ''
${pkgs.systemd}/bin/systemctl suspend
'';
speak = text:
pkgs.writeDash "speak" ''
${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}"
'';
in {
lass.power-action = {
enable = true;
plans.low-battery = {
upperLimit = 30;
lowerLimit = 25;
charging = false;
action = pkgs.writeDash "warn-low-battery" ''
${speak "power level low"}
'';
};
plans.suspend = {
upperLimit = 10;
lowerLimit = 0;
charging = false;
action = pkgs.writeDash "suspend-wrapper" ''
/var/setuid-wrappers/sudo ${suspend}
'';
};
};
users.users.power-action.extraGroups = [
"audio"
];
security.sudo.extraConfig = ''
${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend}
'';
}

96
lass/2configs/pulse.nix Normal file
View File

@ -0,0 +1,96 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
let
pkg = pkgs.pulseaudioLight;
runDir = "/run/pulse";
alsaConf = pkgs.writeText "asound.conf" ''
ctl_type.pulse {
libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_ctl_pulse.so;
}
pcm_type.pulse {
libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_pcm_pulse.so;
}
ctl.!default {
type pulse
}
pcm.!default {
type pulse
}
'';
clientConf = pkgs.writeText "client.conf" ''
autospawn=no
default-server = unix:${runDir}/socket
'';
daemonConf = pkgs.writeText "daemon.conf" ''
exit-idle-time=0
flat-volumes = no
default-fragments = 4
default-fragment-size-msec = 25
'';
configFile = pkgs.writeText "default.pa" ''
.include ${pkg}/etc/pulse/default.pa
load-module ${toString [
"module-native-protocol-unix"
"auth-anonymous=1"
"socket=${runDir}/socket"
]}
'';
in
{
environment = {
etc = {
"asound.conf".source = alsaConf;
# XXX mkForce is not strong enough (and neither is mkOverride) to create
# /etc/pulse/client.conf, see pulseaudio-hack below for a solution.
#"pulse/client.conf" = mkForce { source = clientConf; };
#"pulse/client.conf".source = mkForce clientConf;
"pulse/default.pa".source = configFile;
"pulse/daemon.pa".source = daemonConf;
};
systemPackages = [
pkg
] ++ optionals config.services.xserver.enable [
pkgs.pavucontrol
];
};
# Allow PulseAudio to get realtime priority using rtkit.
security.rtkit.enable = true;
system.activationScripts.pulseaudio-hack = ''
ln -fns ${clientConf} /etc/pulse/client.conf
'';
systemd.services.pulse = {
wantedBy = [ "sound.target" ];
before = [ "sound.target" ];
environment = {
PULSE_RUNTIME_PATH = "${runDir}/home";
};
serviceConfig = {
ExecStart = "${pkg}/bin/pulseaudio";
ExecStartPre = pkgs.writeDash "pulse-start" ''
install -o pulse -g audio -m 0750 -d ${runDir}
install -o pulse -g audio -m 0700 -d ${runDir}/home
'';
PermissionsStartOnly = "true";
User = "pulse";
};
};
users = {
groups.pulse.gid = config.users.users.pulse.uid;
users.pulse = {
uid = genid "pulse";
group = "pulse";
extraGroups = [ "audio" ];
home = "${runDir}/home";
};
};
}

10
lass/2configs/radio.nix
View File

@ -54,10 +54,6 @@ in {
mpc_cli mpc_cli
]; ];
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
services.mpd = { services.mpd = {
enable = true; enable = true;
group = "radio"; group = "radio";
@ -66,7 +62,7 @@ in {
audio_output { audio_output {
type "shout" type "shout"
encoding "ogg" encoding "ogg"
name "my cool stream" name "the_playlist"
host "localhost" host "localhost"
port "8000" port "8000"
mount "/radio.ogg" mount "/radio.ogg"
@ -83,7 +79,7 @@ in {
# Optional Parameters # Optional Parameters
user "source" user "source"
# description "here is my long description" # description "here is my long description"
# genre "jazz" genre "good music"
} # end of audio_output } # end of audio_output
''; '';
@ -138,7 +134,7 @@ in {
restartIfChanged = true; restartIfChanged = true;
serviceConfig = { serviceConfig = {
ExecStart = "${autoAdd} 100"; ExecStart = "${autoAdd} 150";
}; };
}; };

463
lass/2configs/vim.nix
View File

@ -1,158 +1,351 @@
{ config, pkgs, ... }: { config, lib, pkgs, ... }:
with config.krebs.lib;
let let
customPlugins = { out = {
mustang2 = pkgs.vimUtils.buildVimPlugin {
name = "Mustang2";
src = pkgs.fetchFromGitHub {
owner = "croaker";
repo = "mustang-vim";
rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
};
};
unimpaired = pkgs.vimUtils.buildVimPlugin {
name = "unimpaired-vim";
src = pkgs.fetchFromGitHub {
owner = "tpope";
repo = "vim-unimpaired";
rev = "11dc568dbfd7a56866a4354c737515769f08e9fe";
sha256 = "1an941j5ckas8l3vkfhchdzjwcray16229rhv3a1d4pbxifwshi8";
};
};
brogrammer = pkgs.vimUtils.buildVimPlugin {
name = "brogrammer";
src = pkgs.fetchFromGitHub {
owner = "marciomazza";
repo = "vim-brogrammer-theme";
rev = "3e412d8e8909d8d89eb5a4cbe955b5bc0833a3c3";
sha256 = "0am1qk8ls74z5ipgf9viacayq08y9i9vd7sxxiivwgsjh2ancbv6";
};
};
file-line = pkgs.vimUtils.buildVimPlugin {
name = "file-line";
src = pkgs.fetchFromGitHub {
owner = "bogado";
repo = "file-line";
rev = "f9ffa1879ad84ce4a386110446f395bc1795b72a";
sha256 = "173n47w9zd01rcyrrmm194v79xq7d1ggzr19n1lsxrqfgr2c1rvk";
};
};
};
in {
environment.systemPackages = [ environment.systemPackages = [
(pkgs.vim_configurable.customize { vim
name = "vim"; ];
vimrcConfig.customRC = '' environment.etc.vimrc.source = vimrc;
set nocompatible
set t_Co=16 environment.variables.EDITOR = mkForce "vim";
syntax on environment.variables.VIMINIT = ":so /etc/vimrc";
" TODO autoload colorscheme file };
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
pkgs.vimPlugins.Gundo
pkgs.vimPlugins.Syntastic
pkgs.vimPlugins.undotree
(pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchgit {
url = git://github.com/bogado/file-line;
rev = "refs/tags/1.0";
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
};
})
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "hack";
in {
name = "vim-color-${name}-1.0.2";
destination = "/colors/${name}.vim";
text = /* vim */ ''
set background=dark set background=dark
colorscheme brogrammer hi clear
filetype off if exists("syntax_on")
filetype plugin indent on syntax clear
endif
imap <F1> <nop> let colors_name = ${toJSON name}
set mouse=a hi Normal ctermbg=235
set ruler hi Comment ctermfg=242
set showmatch hi Constant ctermfg=062
set backspace=2 hi Identifier ctermfg=068
set visualbell hi Function ctermfg=041
set encoding=utf8 hi Statement ctermfg=167
set showcmd hi PreProc ctermfg=167
set wildmenu hi Type ctermfg=041
hi Delimiter ctermfg=251
hi Special ctermfg=062
set title hi Garbage ctermbg=088
set titleold= hi TabStop ctermbg=016
set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} hi Todo ctermfg=174 ctermbg=NONE
hi NixCode ctermfg=148
hi NixData ctermfg=149
hi NixQuote ctermfg=150
hi diffNewFile ctermfg=207
hi diffFile ctermfg=207
hi diffLine ctermfg=207
hi diffSubname ctermfg=207
hi diffAdded ctermfg=010
hi diffRemoved ctermfg=009
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "vim";
in {
name = "vim-syntax-${name}-1.0.0";
destination = "/syntax/${name}.vim";
text = /* vim */ ''
${concatMapStringsSep "\n" (s: /* vim */ ''
syn keyword vimColor${s} ${s}
\ containedin=ALLBUT,vimComment,vimLineComment
hi vimColor${s} ctermfg=${s}
'') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "showsyntax";
in {
name = "vim-plugin-${name}-1.0.0";
destination = "/plugin/${name}.vim";
text = /* vim */ ''
if exists('g:loaded_showsyntax')
finish
endif
let g:loaded_showsyntax = 0
fu! ShowSyntax()
let id = synID(line("."), col("."), 1)
let name = synIDattr(id, "name")
let transName = synIDattr(synIDtrans(id),"name")
if name != transName
let name .= " (" . transName . ")"
endif
echo "Syntax: " . name
endfu
command! -n=0 -bar ShowSyntax :call ShowSyntax()
'';
})))
];
dirs = {
backupdir = "$HOME/.cache/vim/backup";
swapdir = "$HOME/.cache/vim/swap";
undodir = "$HOME/.cache/vim/undo";
};
files = {
viminfo = "$HOME/.cache/vim/info";
};
mkdirs = let
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
in assert out != ""; out;
alldirs = attrValues dirs ++ map dirOf (attrValues files);
in unique (sort lessThan alldirs);
vim = pkgs.writeDashBin "vim" ''
set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
exec ${pkgs.neovim}/bin/nvim "$@"
'';
vimrc = pkgs.writeText "vimrc" ''
set nocompatible
set autoindent set autoindent
set backspace=indent,eol,start
set ttyfast set backup
set backupdir=${dirs.backupdir}/
set directory=${dirs.swapdir}//
set hlsearch
set incsearch
set mouse=a
set noruler
set pastetoggle=<INS> set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I
set showcmd
set showmatch
set ttimeoutlen=0
set undodir=${dirs.undodir}
set undofile
set undolevels=1000000
set undoreload=1000000
set viminfo='20,<1000,s100,h,n${files.viminfo}
set visualbell
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
set wildmenu
set wildmode=longest,full
set et ts=2 sts=2 sw=2
" Force Saving Files that Require Root Permission filetype plugin indent on
command! W silent w !sudo tee "%" >/dev/null
nnoremap <C-c> :q<Return> set t_Co=256
colorscheme hack
syntax on
au Syntax * syn match Garbage containedin=ALL /\s\+$/
\ | syn match TabStop containedin=ALL /\t\+/
\ | syn keyword Todo containedin=ALL TODO
au BufRead,BufNewFile *.hs so ${hs.vim}
au BufRead,BufNewFile *.nix so ${nix.vim}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
"Syntastic config
let g:syntastic_python_checkers=['flake8']
nmap <esc>q :buffer
nmap <M-q> :buffer
cnoremap <C-A> <Home>
noremap <C-c> :q<cr>
vnoremap < <gv vnoremap < <gv
vnoremap > >gv vnoremap > >gv
nmap <esc>q :buffer nnoremap <esc>[5^ :tabp<cr>
nnoremap <esc>[6^ :tabn<cr>
nnoremap <esc>[5@ :tabm -1<cr>
nnoremap <esc>[6@ :tabm +1<cr>
nnoremap <f1> :tabp<cr>
nnoremap <f2> :tabn<cr>
inoremap <f1> <esc>:tabp<cr>
inoremap <f2> <esc>:tabn<cr>
"Tabwidth " <C-{Up,Down,Right,Left>
set ts=2 sts=2 sw=2 et noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
" create Backup/tmp/undo dirs noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
function! InitBackupDir() noremap <esc>Od <nop> | noremap! <esc>Od <nop>
let l:parent = $HOME . '/.vim/' " <[C]S-{Up,Down,Right,Left>
let l:backup = l:parent . 'backups/' noremap <esc>[a <nop> | noremap! <esc>[a <nop>
let l:tmpdir = l:parent . 'tmp/' noremap <esc>[b <nop> | noremap! <esc>[b <nop>
let l:undodi = l:parent . 'undo/' noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
if !isdirectory(l:parent) vnoremap u <nop>
call mkdir(l:parent)
endif
if !isdirectory(l:backup)
call mkdir(l:backup)
endif
if !isdirectory(l:tmpdir)
call mkdir(l:tmpdir)
endif
if !isdirectory(l:undodi)
call mkdir(l:undodi)
endif
endfunction
call InitBackupDir()
" Backups & Files
set backup
set backupdir=~/.vim/backups
set directory=~/.vim/tmp//
set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
set undodir=$HOME/.vim/undo
set undofile
" highlight whitespaces
highlight ExtraWhitespace ctermbg=red guibg=red
match ExtraWhitespace /\s\+$/
autocmd BufWinEnter * match ExtraWhitespace /\s\+$/
autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@<!$/
autocmd InsertLeave * match ExtraWhitespace /\s\+$/
autocmd BufWinLeave * call clearmatches()
"ft specific stuff
autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
"esc timeout
set timeoutlen=1000 ttimeoutlen=0
"foldfunctions
inoremap <F9> <C-O>za
nnoremap <F9> za
onoremap <F9> <C-C>za
vnoremap <F9> zf
''; '';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; hs.vim = pkgs.writeText "hs.vim" ''
vimrcConfig.vam.pluginDictionaries = [ syn region String start=+\[[[:alnum:]]*|+ end=+|]+
{ names = [
"brogrammer"
"file-line"
"Gundo"
]; }
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];
}) hi link ConId Identifier
hi link VarId Identifier
hi link hsDelimiter Delimiter
'';
nix.vim = pkgs.writeText "nix.vim" ''
setf nix
" Ref <nix/src/libexpr/lexer.l>
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
syn match NixINT /\<[0-9]\+\>/
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
syn region NixSTRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
syn region NixIND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
syn match NixOther /[():/;=.,?\[\]]/
syn match NixCommentMatch /\(^\|\s\)#.*/
syn region NixCommentRegion start="/\*" end="\*/"
hi link NixCode Statement
hi link NixData Constant
hi link NixComment Comment
hi link NixCommentMatch NixComment
hi link NixCommentRegion NixComment
hi link NixID NixCode
hi link NixINT NixData
hi link NixPATH NixData
hi link NixHPATH NixData
hi link NixSPATH NixData
hi link NixURI NixData
hi link NixSTRING NixData
hi link NixIND_STRING NixData
hi link NixEnter NixCode
hi link NixOther NixCode
hi link NixQuote NixData
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
syn cluster nix_ind_strings contains=NixIND_STRING
syn cluster nix_strings contains=NixSTRING
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
startAlts = filter isString [
''/\* ${lang} \*/''
extraStart
]; ];
} sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
in /* vim */ ''
syn include @nix_${lang}_syntax syntax/${lang}.vim
unlet b:current_syntax
syn match nix_${lang}_sigil
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
\ transparent
syn region nix_${lang}_region_STRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn region nix_${lang}_region_IND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn cluster nix_ind_strings
\ add=nix_${lang}_region_IND_STRING
syn cluster nix_strings
\ add=nix_${lang}_region_STRING
syn cluster nix_has_dollar_curly
\ add=@nix_${lang}_syntax
'') {
c = {};
cabal = {};
haskell = {};
sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
vim.extraStart =
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
})}
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
syn clear shVarAssign
syn region nixINSIDE_DOLLAR_CURLY
\ matchgroup=NixEnter
\ start="[$]{"
\ end="}"
\ contains=TOP
\ containedin=@nix_has_dollar_curly
\ transparent
syn region nix_inside_curly
\ matchgroup=NixEnter
\ start="{"
\ end="}"
\ contains=TOP
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
\ transparent
syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
\ containedin=@nix_ind_strings
\ contained
syn match NixQuote /\\./he=s+1
\ containedin=@nix_strings
\ contained
syn sync fromstart
let b:current_syntax = "nix"
set isk=@,48-57,_,192-255,-,'
'';
in
out

14
lass/2configs/websites/fritz.nix
View File

@ -1,10 +1,10 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib;
let let
inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; }) inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
genid genid
head head
nameValuePair
; ;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
ssl ssl
@ -58,6 +58,18 @@ in {
"ttf_kleinaspach_de" "ttf_kleinaspach_de"
]; ];
#password protect some dirs
krebs.nginx.servers."biostase.de".locations = [
(nameValuePair "/old_biostase.de" ''
auth_basic "Administrator Login";
auth_basic_user_file /srv/http/biostase.de/old_biostase.de/.htpasswd;
'')
(nameValuePair "/mysqldumper" ''
auth_basic "Administrator Login";
auth_basic_user_file /srv/http/biostase.de/mysqldumper/.htpasswd;
'')
];
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.fritz.pubkey config.krebs.users.fritz.pubkey
]; ];

1
lass/3modules/default.nix
View File

@ -4,6 +4,7 @@ _:
./ejabberd ./ejabberd
./folderPerms.nix ./folderPerms.nix
./mysql-backup.nix ./mysql-backup.nix
./power-action.nix
./urxvtd.nix ./urxvtd.nix
./wordpress_nginx.nix ./wordpress_nginx.nix
./xresources.nix ./xresources.nix

93
lass/3modules/power-action.nix Normal file
View File

@ -0,0 +1,93 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
let
cfg = config.lass.power-action;
out = {
options.lass.power-action = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "power-action";
user = mkOption {
type = types.user;
default = {
name = "power-action";
};
};
startAt = mkOption {
type = types.str;
default = "*:0/1";
};
plans = mkOption {
type = with types; attrsOf (submodule {
options = {
charging = mkOption {
type = nullOr bool;
default = null;
description = ''
check for charging status.
null = don't care
true = only if system is charging
false = only if system is discharging
'';
};
upperLimit = mkOption {
type = int;
};
lowerLimit = mkOption {
type = int;
};
action = mkOption {
type = path;
};
};
});
};
};
imp = {
systemd.services.power-action = {
serviceConfig = rec {
ExecStart = startScript;
User = cfg.user.name;
};
startAt = cfg.startAt;
};
users.users.${cfg.user.name} = {
inherit (cfg.user) name uid;
};
};
startScript = pkgs.writeDash "power-action" ''
set -euf
power="$(${powerlvl})"
state="$(${state})"
${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)}
'';
charging_check = plan:
if (plan.charging == null) then "" else
if plan.charging
then ''&& [ "$state" = "true" ]''
else ''&& ! [ "$state" = "true" ]''
;
writeRule = _: plan:
"if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi";
powerlvl = pkgs.writeDash "powerlvl" ''
cat /sys/class/power_supply/BAT0/capacity
'';
state = pkgs.writeDash "state" ''
if [ "$(cat /sys/class/power_supply/BAT0/status)" = "Charging" ]
then echo "true"
else echo "false"
fi
'';
in out

4
lass/5pkgs/default.nix
View File

@ -13,9 +13,7 @@
rs = pkgs.callPackage ./rs/default.nix {}; rs = pkgs.callPackage ./rs/default.nix {};
untilport = pkgs.callPackage ./untilport/default.nix {}; untilport = pkgs.callPackage ./untilport/default.nix {};
urban = pkgs.callPackage ./urban/default.nix {}; urban = pkgs.callPackage ./urban/default.nix {};
xmonad-lass = xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; };
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
pkgs.haskellPackages.callPackage src {};
yt-next = pkgs.callPackage ./yt-next/default.nix {}; yt-next = pkgs.callPackage ./yt-next/default.nix {};
}; };
} }

17
lass/5pkgs/xmonad-lass/Main.hs → lass/5pkgs/xmonad-lass.nix
View File

@ -1,3 +1,15 @@
{ pkgs, ... }:
pkgs.writeHaskell "xmonad-lass" {
executables.xmonad = {
extra-depends = [
"containers"
"unix"
"X11"
"xmonad"
"xmonad-contrib"
"xmonad-stockholm"
];
text = ''
{-# LANGUAGE DeriveDataTypeable #-} -- for XS {-# LANGUAGE DeriveDataTypeable #-} -- for XS
{-# LANGUAGE FlexibleContexts #-} -- for xmonad' {-# LANGUAGE FlexibleContexts #-} -- for xmonad'
{-# LANGUAGE LambdaCase #-} {-# LANGUAGE LambdaCase #-}
@ -147,3 +159,8 @@ gridConfig = def
, gs_navigate = navNSearch , gs_navigate = navNSearch
, gs_font = myFont , gs_font = myFont
} }
'';
};
}

1
lass/5pkgs/xmonad-lass/.gitignore vendored
View File

@ -1 +0,0 @@
/shell.nix

6
lass/5pkgs/xmonad-lass/Makefile
View File

@ -1,6 +0,0 @@
.PHONY: ghci
ghci: shell.nix
nix-shell --command 'exec ghci -Wall'
shell.nix: xmonad.cabal
cabal2nix --shell . > $@

17
lass/5pkgs/xmonad-lass/xmonad.cabal
View File

@ -1,17 +0,0 @@
Author: lass
Build-Type: Simple
Cabal-Version: >= 1.2
License: MIT
Name: xmonad-lass
Version: 0
Executable xmonad
Build-Depends:
base,
containers,
unix,
xmonad,
xmonad-contrib,
xmonad-stockholm
GHC-Options: -Wall -O3 -threaded -rtsopts
Main-Is: Main.hs