Merge branch 'master' of prism.r:stockholm
This commit is contained in:
commit
35fdfbe5cc
@ -21,5 +21,4 @@
|
|||||||
|
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
environment.variables.NIX_REMOTE = "daemon";
|
|
||||||
}
|
}
|
||||||
|
@ -115,6 +115,11 @@ let
|
|||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
|
users.users.reaktor2 = {
|
||||||
|
uid = genid_uint31 "reaktor2";
|
||||||
|
home = stateDir;
|
||||||
|
};
|
||||||
|
|
||||||
krebs.reaktor2 = {
|
krebs.reaktor2 = {
|
||||||
freenode = {
|
freenode = {
|
||||||
hostname = "irc.freenode.org";
|
hostname = "irc.freenode.org";
|
||||||
|
@ -2,10 +2,10 @@
|
|||||||
|
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
let
|
let
|
||||||
gunicorn = pkgs.pythonPackages.gunicorn;
|
gunicorn = pkgs.python27Packages.gunicorn;
|
||||||
bepasty = pkgs.bepasty;
|
bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; };
|
||||||
gevent = pkgs.pythonPackages.gevent;
|
gevent = pkgs.python27Packages.gevent;
|
||||||
python = pkgs.pythonPackages.python;
|
python = pkgs.python27Packages.python;
|
||||||
cfg = config.krebs.bepasty;
|
cfg = config.krebs.bepasty;
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
|
@ -108,10 +108,12 @@ let
|
|||||||
name=str(new_step),
|
name=str(new_step),
|
||||||
command=[
|
command=[
|
||||||
"${pkgs.writeDash "build-stepper.sh" ''
|
"${pkgs.writeDash "build-stepper.sh" ''
|
||||||
set -efu
|
set -xefu
|
||||||
profile=${shell.escape profileRoot}/$build_name
|
profile=${shell.escape profileRoot}/$build_name
|
||||||
result=$("$build_script")
|
result=$("$build_script")
|
||||||
${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
|
if [ -n "$result" ]; then
|
||||||
|
${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
|
||||||
|
fi
|
||||||
''}"
|
''}"
|
||||||
],
|
],
|
||||||
env={
|
env={
|
||||||
|
@ -39,6 +39,7 @@ let
|
|||||||
./nixpkgs.nix
|
./nixpkgs.nix
|
||||||
./on-failure.nix
|
./on-failure.nix
|
||||||
./os-release.nix
|
./os-release.nix
|
||||||
|
./permown.nix
|
||||||
./per-user.nix
|
./per-user.nix
|
||||||
./power-action.nix
|
./power-action.nix
|
||||||
./Reaktor.nix
|
./Reaktor.nix
|
||||||
|
13
krebs/3modules/external/default.nix
vendored
13
krebs/3modules/external/default.nix
vendored
@ -429,6 +429,17 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ada = {
|
||||||
|
owner = config.krebs.users.filly;
|
||||||
|
nets = {
|
||||||
|
wiregrill = {
|
||||||
|
aliases = [ "ada.w" ];
|
||||||
|
wireguard = {
|
||||||
|
pubkey = "+t0j9j7TZqvSFPzgunnON/ArXVGpMS/L3DldpanLoUk=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
ciko = {
|
ciko = {
|
||||||
@ -464,6 +475,8 @@ in {
|
|||||||
};
|
};
|
||||||
miaoski = {
|
miaoski = {
|
||||||
};
|
};
|
||||||
|
filly = {
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,6 +20,7 @@ in {
|
|||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
cache IN A ${nets.internet.ip4.addr}
|
cache IN A ${nets.internet.ip4.addr}
|
||||||
|
p IN A ${nets.internet.ip4.addr}
|
||||||
paste IN A ${nets.internet.ip4.addr}
|
paste IN A ${nets.internet.ip4.addr}
|
||||||
prism IN A ${nets.internet.ip4.addr}
|
prism IN A ${nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
@ -38,6 +39,7 @@ in {
|
|||||||
io 60 IN NS ions.lassul.us.
|
io 60 IN NS ions.lassul.us.
|
||||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
@ -239,6 +241,7 @@ in {
|
|||||||
secure = true;
|
secure = true;
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
|
||||||
|
syncthing.id = "AU5RTWC-HXNMDRT-TN4ZHXY-JMQ6EQB-4ZPOZL7-AICZMCZ-LNS2XXQ-DGTI2Q6";
|
||||||
};
|
};
|
||||||
icarus = {
|
icarus = {
|
||||||
cores = 2;
|
cores = 2;
|
||||||
|
102
krebs/3modules/permown.nix
Normal file
102
krebs/3modules/permown.nix
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
with import <stockholm/lib>;
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
|
||||||
|
options.krebs.permown = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||||
|
options = {
|
||||||
|
directory-mode = mkOption {
|
||||||
|
default = "=rwx";
|
||||||
|
type = types.str; # TODO
|
||||||
|
};
|
||||||
|
file-mode = mkOption {
|
||||||
|
default = "=rw";
|
||||||
|
type = types.str; # TODO
|
||||||
|
};
|
||||||
|
group = mkOption {
|
||||||
|
apply = x: if x == null then "" else x;
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.groupname;
|
||||||
|
};
|
||||||
|
owner = mkOption {
|
||||||
|
type = types.username;
|
||||||
|
};
|
||||||
|
path = mkOption {
|
||||||
|
default = config._module.args.name;
|
||||||
|
type = types.absolute-pathname;
|
||||||
|
};
|
||||||
|
umask = mkOption {
|
||||||
|
default = "0027";
|
||||||
|
type = types.file-mode;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
};
|
||||||
|
|
||||||
|
config = let
|
||||||
|
plans = attrValues config.krebs.permown;
|
||||||
|
in mkIf (plans != []) {
|
||||||
|
|
||||||
|
system.activationScripts.permown = let
|
||||||
|
mkdir = plan: /* sh */ ''
|
||||||
|
${pkgs.coreutils}/bin/mkdir -p ${shell.escape plan.path}
|
||||||
|
'';
|
||||||
|
in concatMapStrings mkdir plans;
|
||||||
|
|
||||||
|
systemd.services = genAttrs' plans (plan: {
|
||||||
|
name = "permown.${replaceStrings ["/"] ["_"] plan.path}";
|
||||||
|
value = {
|
||||||
|
environment = {
|
||||||
|
DIR_MODE = plan.directory-mode;
|
||||||
|
FILE_MODE = plan.file-mode;
|
||||||
|
OWNER_GROUP = "${plan.owner}:${plan.group}";
|
||||||
|
ROOT_PATH = plan.path;
|
||||||
|
};
|
||||||
|
path = [
|
||||||
|
pkgs.coreutils
|
||||||
|
pkgs.findutils
|
||||||
|
pkgs.inotifyTools
|
||||||
|
];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = pkgs.writeDash "permown" ''
|
||||||
|
set -efu
|
||||||
|
|
||||||
|
find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} +
|
||||||
|
find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} +
|
||||||
|
find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +
|
||||||
|
|
||||||
|
paths=/tmp/paths
|
||||||
|
rm -f "$paths"
|
||||||
|
mkfifo "$paths"
|
||||||
|
|
||||||
|
inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" > "$paths" &
|
||||||
|
inotifywaitpid=$!
|
||||||
|
|
||||||
|
trap cleanup EXIT
|
||||||
|
cleanup() {
|
||||||
|
kill "$inotifywaitpid"
|
||||||
|
}
|
||||||
|
|
||||||
|
while read -r path; do
|
||||||
|
if test -d "$path"; then
|
||||||
|
cleanup
|
||||||
|
exec "$0" "$@"
|
||||||
|
fi
|
||||||
|
chown -h "$OWNER_GROUP" "$path"
|
||||||
|
if test -f "$path"; then
|
||||||
|
chmod "$FILE_MODE" "$path"
|
||||||
|
fi
|
||||||
|
done < "$paths"
|
||||||
|
'';
|
||||||
|
PrivateTemp = true;
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = 10;
|
||||||
|
UMask = plan.umask;
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
|
});
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
@ -78,7 +78,7 @@ let
|
|||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = pkgs.writeDash "generate-wallpaper" ''
|
ExecStart = pkgs.writeDash "generate-wallpaper" ''
|
||||||
set -xeuf
|
set -euf
|
||||||
|
|
||||||
# usage: getimg FILENAME URL
|
# usage: getimg FILENAME URL
|
||||||
fetch() {
|
fetch() {
|
||||||
|
@ -21,8 +21,8 @@ let
|
|||||||
default = config._module.args.name;
|
default = config._module.args.name;
|
||||||
};
|
};
|
||||||
envp = mkOption {
|
envp = mkOption {
|
||||||
type = types.attrsOf types.str;
|
type = types.nullOr (types.attrsOf types.str);
|
||||||
default = {};
|
default = null;
|
||||||
};
|
};
|
||||||
filename = mkOption {
|
filename = mkOption {
|
||||||
type = mkOptionType {
|
type = mkOptionType {
|
||||||
|
@ -10,7 +10,7 @@ let
|
|||||||
addresses = peer.addresses;
|
addresses = peer.addresses;
|
||||||
}) cfg.peers;
|
}) cfg.peers;
|
||||||
|
|
||||||
folders = map (folder: {
|
folders = mapAttrsToList ( _: folder: {
|
||||||
inherit (folder) path id type;
|
inherit (folder) path id type;
|
||||||
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
|
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
|
||||||
rescanIntervalS = folder.rescanInterval;
|
rescanIntervalS = folder.rescanInterval;
|
||||||
@ -81,17 +81,18 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
folders = mkOption {
|
folders = mkOption {
|
||||||
default = [];
|
default = {};
|
||||||
type = types.listOf (types.submodule ({ config, ... }: {
|
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
path = mkOption {
|
path = mkOption {
|
||||||
type = types.absolute-pathname;
|
type = types.absolute-pathname;
|
||||||
|
default = config._module.args.name;
|
||||||
};
|
};
|
||||||
|
|
||||||
id = mkOption {
|
id = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = config.path;
|
default = config._module.args.name;
|
||||||
};
|
};
|
||||||
|
|
||||||
peers = mkOption {
|
peers = mkOption {
|
||||||
@ -133,8 +134,16 @@ in
|
|||||||
|
|
||||||
systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
|
systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
|
||||||
preStart = ''
|
preStart = ''
|
||||||
${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"}
|
${optionalString (cfg.cert != null) ''
|
||||||
${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"}
|
cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem
|
||||||
|
chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem
|
||||||
|
chmod 400 ${config.services.syncthing.dataDir}/cert.pem
|
||||||
|
''}
|
||||||
|
${optionalString (cfg.key != null) ''
|
||||||
|
cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem
|
||||||
|
chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem
|
||||||
|
chmod 400 ${config.services.syncthing.dataDir}/key.pem
|
||||||
|
''}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -10,6 +10,10 @@ with import <stockholm/lib>;
|
|||||||
version = "2.2.0";
|
version = "2.2.0";
|
||||||
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
|
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
|
||||||
};
|
};
|
||||||
|
"19.03" = {
|
||||||
|
version = "2.2.0";
|
||||||
|
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
|
||||||
|
};
|
||||||
}.${versions.majorMinor nixpkgsVersion};
|
}.${versions.majorMinor nixpkgsVersion};
|
||||||
|
|
||||||
in mkDerivation {
|
in mkDerivation {
|
||||||
|
@ -15,6 +15,11 @@ with import <stockholm/lib>;
|
|||||||
rev = "refs/tags/v${cfg.version}";
|
rev = "refs/tags/v${cfg.version}";
|
||||||
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
|
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
|
||||||
};
|
};
|
||||||
|
"19.03" = {
|
||||||
|
version = "0.4.1-tv1";
|
||||||
|
rev = "refs/tags/v${cfg.version}";
|
||||||
|
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
|
||||||
|
};
|
||||||
}.${versions.majorMinor nixpkgsVersion};
|
}.${versions.majorMinor nixpkgsVersion};
|
||||||
|
|
||||||
in mkDerivation {
|
in mkDerivation {
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
{ curl, writeDashBin }:
|
{ curl, gnused, writeDashBin }:
|
||||||
|
|
||||||
writeDashBin "kpaste" ''
|
writeDashBin "kpaste" ''
|
||||||
exec ${curl}/bin/curl -sS http://p.r --data-binary @-
|
${curl}/bin/curl -sS http://p.r --data-binary @- |
|
||||||
|
${gnused}/bin/sed '$ {p;s/\<r\>/krebsco.de/}'
|
||||||
''
|
''
|
||||||
|
@ -1,6 +1,12 @@
|
|||||||
{ writeDashBin, bepasty-client-cli }:
|
{ bepasty-client-cli, gnused, writeDashBin }:
|
||||||
|
|
||||||
# TODO use `pkgs.exec` instead?
|
|
||||||
writeDashBin "krebspaste" ''
|
writeDashBin "krebspaste" ''
|
||||||
exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g'
|
${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" |
|
||||||
|
${gnused}/bin/sed '
|
||||||
|
$ {
|
||||||
|
s/$/\/+inline/
|
||||||
|
p
|
||||||
|
s/\<r\>/krebsco.de/
|
||||||
|
}
|
||||||
|
'
|
||||||
''
|
''
|
||||||
|
27
krebs/5pkgs/simple/qrscan.nix
Normal file
27
krebs/5pkgs/simple/qrscan.nix
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
{ coreutils, gnused, writeDashBin, zbar }:
|
||||||
|
|
||||||
|
writeDashBin "qrscan" ''
|
||||||
|
set -efu
|
||||||
|
|
||||||
|
tmpdir=$(${coreutils}/bin/mktemp --tmpdir -d qrscan.XXXXXXXX)
|
||||||
|
codefile=$tmpdir/code
|
||||||
|
|
||||||
|
cleanup() {
|
||||||
|
${coreutils}/bin/rm "$codefile"
|
||||||
|
${coreutils}/bin/rmdir "$tmpdir"
|
||||||
|
}
|
||||||
|
|
||||||
|
${coreutils}/bin/mkfifo "$codefile"
|
||||||
|
|
||||||
|
${zbar}/bin/zbarcam > "$codefile" &
|
||||||
|
zbarcampid=$!
|
||||||
|
|
||||||
|
exec < "$codefile"
|
||||||
|
while read -r code; do
|
||||||
|
code=$(printf %s "$code" | ${gnused}/bin/sed -n 's/^QR-Code://p')
|
||||||
|
if test -n "$code"; then
|
||||||
|
${coreutils}/bin/kill "$zbarcampid"
|
||||||
|
echo "$code"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
''
|
@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs-channels",
|
"url": "https://github.com/NixOS/nixpkgs-channels",
|
||||||
"rev": "222950952f15f6b1e9f036b80440b597f23e652d",
|
"rev": "8ea36d732567c80b2d11eb029e10400fe85ca786",
|
||||||
"date": "2019-04-05T10:07:50+02:00",
|
"date": "2019-04-18T22:37:03+01:00",
|
||||||
"sha256": "1hfchhy8vlc333sglabk1glkcnv4mrnarm9j4havqn7g5ri68vrd",
|
"sha256": "1d59i55qwqd76n2d0hr1si26q333ydizkd91h8lfczb00xnr5pqn",
|
||||||
"fetchSubmodules": false
|
"fetchSubmodules": false
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,7 @@ dir=$(dirname $0)
|
|||||||
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||||
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
|
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
|
||||||
--url https://github.com/NixOS/nixpkgs-channels \
|
--url https://github.com/NixOS/nixpkgs-channels \
|
||||||
--rev refs/heads/nixos-18.09' \
|
--rev refs/heads/nixos-19.03' \
|
||||||
> $dir/nixpkgs.json
|
> $dir/nixpkgs.json
|
||||||
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||||
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
|
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
|
||||||
|
@ -9,17 +9,12 @@ with import <stockholm/lib>;
|
|||||||
|
|
||||||
<stockholm/lass/2configs/blue.nix>
|
<stockholm/lass/2configs/blue.nix>
|
||||||
<stockholm/lass/2configs/syncthing.nix>
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
|
<stockholm/lass/2configs/sync/decsync.nix>
|
||||||
|
<stockholm/lass/2configs/sync/weechat.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.blue;
|
krebs.build.host = config.krebs.hosts.blue;
|
||||||
|
|
||||||
krebs.syncthing.folders = [
|
|
||||||
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
|
||||||
];
|
|
||||||
lass.ensure-permissions = [
|
|
||||||
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
environment.shellAliases = {
|
environment.shellAliases = {
|
||||||
deploy = pkgs.writeDash "deploy" ''
|
deploy = pkgs.writeDash "deploy" ''
|
||||||
set -eu
|
set -eu
|
||||||
|
@ -4,5 +4,4 @@
|
|||||||
];
|
];
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
environment.variables.NIX_REMOTE = "daemon";
|
|
||||||
}
|
}
|
||||||
|
@ -27,6 +27,12 @@ with import <stockholm/lib>;
|
|||||||
enable = true;
|
enable = true;
|
||||||
systemWide = true;
|
systemWide = true;
|
||||||
};
|
};
|
||||||
|
programs.chromium = {
|
||||||
|
enable = true;
|
||||||
|
extensions = [
|
||||||
|
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
|
||||||
|
];
|
||||||
|
};
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
pavucontrol
|
pavucontrol
|
||||||
#firefox
|
#firefox
|
||||||
@ -40,7 +46,7 @@ with import <stockholm/lib>;
|
|||||||
wine
|
wine
|
||||||
geeqie
|
geeqie
|
||||||
vlc
|
vlc
|
||||||
minecraft
|
zsnes
|
||||||
];
|
];
|
||||||
nixpkgs.config.firefox.enableAdobeFlash = true;
|
nixpkgs.config.firefox.enableAdobeFlash = true;
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
|
@ -8,20 +8,13 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||||
<stockholm/lass/2configs/mail.nix>
|
<stockholm/lass/2configs/mail.nix>
|
||||||
|
|
||||||
#<stockholm/lass/2configs/blue.nix>
|
|
||||||
<stockholm/lass/2configs/syncthing.nix>
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
|
<stockholm/lass/2configs/sync/decsync.nix>
|
||||||
|
<stockholm/lass/2configs/sync/weechat.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.green;
|
krebs.build.host = config.krebs.hosts.green;
|
||||||
|
|
||||||
krebs.syncthing.folders = [
|
|
||||||
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
|
||||||
];
|
|
||||||
lass.ensure-permissions = [
|
|
||||||
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
|
|
||||||
#networking.nameservers = [ "1.1.1.1" ];
|
#networking.nameservers = [ "1.1.1.1" ];
|
||||||
|
|
||||||
#time.timeZone = "Europe/Berlin";
|
#time.timeZone = "Europe/Berlin";
|
||||||
|
@ -4,5 +4,4 @@
|
|||||||
];
|
];
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
environment.variables.NIX_REMOTE = "daemon";
|
|
||||||
}
|
}
|
||||||
|
@ -20,6 +20,7 @@
|
|||||||
<stockholm/lass/2configs/syncthing.nix>
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
<stockholm/lass/2configs/nfs-dl.nix>
|
<stockholm/lass/2configs/nfs-dl.nix>
|
||||||
<stockholm/lass/2configs/prism-share.nix>
|
<stockholm/lass/2configs/prism-share.nix>
|
||||||
|
<stockholm/lass/2configs/ssh-cryptsetup.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.icarus;
|
krebs.build.host = config.krebs.hosts.icarus;
|
||||||
|
@ -6,7 +6,6 @@ with import <stockholm/lib>;
|
|||||||
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
|
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
|
||||||
<stockholm/krebs>
|
<stockholm/krebs>
|
||||||
<stockholm/lass/3modules>
|
<stockholm/lass/3modules>
|
||||||
<stockholm/lass/5pkgs>
|
|
||||||
<stockholm/lass/2configs/mc.nix>
|
<stockholm/lass/2configs/mc.nix>
|
||||||
<stockholm/lass/2configs/vim.nix>
|
<stockholm/lass/2configs/vim.nix>
|
||||||
{
|
{
|
||||||
@ -40,9 +39,10 @@ with import <stockholm/lib>;
|
|||||||
networking.hostName = "lass-iso";
|
networking.hostName = "lass-iso";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs;
|
||||||
krebs.enable = true;
|
krebs.enable = true;
|
||||||
krebs.build.user = config.krebs.users.lass;
|
krebs.build.user = config.krebs.users.lass;
|
||||||
krebs.build.host = config.krebs.hosts.iso;
|
krebs.build.host = {};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
@ -174,11 +174,13 @@ with import <stockholm/lib>;
|
|||||||
user = "lass";
|
user = "lass";
|
||||||
};
|
};
|
||||||
windowManager.default = "xmonad";
|
windowManager.default = "xmonad";
|
||||||
windowManager.session = [{
|
windowManager.session = let
|
||||||
|
xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; };
|
||||||
|
in [{
|
||||||
name = "xmonad";
|
name = "xmonad";
|
||||||
start = ''
|
start = ''
|
||||||
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
|
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
|
||||||
${pkgs.xmonad-lass}/bin/xmonad &
|
${xmonad-lass}/bin/xmonad &
|
||||||
waitPID=$!
|
waitPID=$!
|
||||||
'';
|
'';
|
||||||
}];
|
}];
|
||||||
|
@ -8,6 +8,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/blue-host.nix>
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
<stockholm/lass/2configs/syncthing.nix>
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
|
<stockholm/lass/2configs/green-host.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.networkmanager.enable = true;
|
networking.networkmanager.enable = true;
|
||||||
|
@ -30,4 +30,12 @@ with import <stockholm/lib>;
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
services.xserver.desktopManager.default = "none";
|
||||||
|
services.xserver.displayManager.lightdm.autoLogin = {
|
||||||
|
enable = true;
|
||||||
|
user = "lass";
|
||||||
|
timeout = 5;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -26,6 +26,8 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/syncthing.nix>
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
<stockholm/lass/2configs/otp-ssh.nix>
|
<stockholm/lass/2configs/otp-ssh.nix>
|
||||||
<stockholm/lass/2configs/c-base.nix>
|
<stockholm/lass/2configs/c-base.nix>
|
||||||
|
<stockholm/lass/2configs/sync/decsync.nix>
|
||||||
|
<stockholm/lass/2configs/sync/weechat.nix>
|
||||||
<stockholm/lass/2configs/br.nix>
|
<stockholm/lass/2configs/br.nix>
|
||||||
<stockholm/lass/2configs/ableton.nix>
|
<stockholm/lass/2configs/ableton.nix>
|
||||||
<stockholm/lass/2configs/starcraft.nix>
|
<stockholm/lass/2configs/starcraft.nix>
|
||||||
@ -36,27 +38,26 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/blue-host.nix>
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
<stockholm/lass/2configs/network-manager.nix>
|
<stockholm/lass/2configs/network-manager.nix>
|
||||||
<stockholm/lass/2configs/nfs-dl.nix>
|
<stockholm/lass/2configs/nfs-dl.nix>
|
||||||
<stockholm/lass/2configs/hardening.nix>
|
#<stockholm/lass/2configs/hardening.nix>
|
||||||
{
|
{
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
#risk of rain
|
#risk of rain
|
||||||
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
|
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
|
||||||
#chromecast
|
|
||||||
{ predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; }
|
|
||||||
#quake3
|
#quake3
|
||||||
{ predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; }
|
{ predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; }
|
||||||
{ predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; }
|
{ predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
krebs.syncthing.folders = [
|
krebs.syncthing.folders."the_playlist" = {
|
||||||
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
path = "/home/lass/tmp/the_playlist";
|
||||||
{ id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
|
peers = [ "mors" "phone" "prism" ];
|
||||||
];
|
};
|
||||||
lass.ensure-permissions = [
|
krebs.permown."/home/lass/tmp/the_playlist" = {
|
||||||
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
owner = "lass";
|
||||||
{ folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
|
group = "syncthing";
|
||||||
];
|
umask = "0007";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
lass.umts = {
|
lass.umts = {
|
||||||
@ -92,6 +93,7 @@ with import <stockholm/lib>;
|
|||||||
pkgs.ovh-zone
|
pkgs.ovh-zone
|
||||||
pkgs.bank
|
pkgs.bank
|
||||||
pkgs.adb-sync
|
pkgs.adb-sync
|
||||||
|
pkgs.transgui
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
@ -135,6 +137,18 @@ with import <stockholm/lib>;
|
|||||||
(pkgs.writeDashBin "btc-kraken" ''
|
(pkgs.writeDashBin "btc-kraken" ''
|
||||||
${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]'
|
${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]'
|
||||||
'')
|
'')
|
||||||
|
(pkgs.writeDashBin "krebsco.de" ''
|
||||||
|
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
||||||
|
${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json
|
||||||
|
OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import
|
||||||
|
${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
|
||||||
|
'')
|
||||||
|
(pkgs.writeDashBin "lassul.us" ''
|
||||||
|
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
||||||
|
${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json
|
||||||
|
OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us
|
||||||
|
${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
|
||||||
|
'')
|
||||||
];
|
];
|
||||||
|
|
||||||
#TODO: fix this shit
|
#TODO: fix this shit
|
||||||
|
@ -413,6 +413,42 @@ with import <stockholm/lib>;
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
{ #macos mounting of yellow
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i wiregrill -p tcp --dport 139"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i wiregrill -p udp --dport 137"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i wiregrill -p udp --dport 138"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
users.users.smbguest = {
|
||||||
|
name = "smbguest";
|
||||||
|
uid = config.ids.uids.smbguest;
|
||||||
|
description = "smb guest user";
|
||||||
|
home = "/home/share";
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
services.samba = {
|
||||||
|
enable = true;
|
||||||
|
enableNmbd = true;
|
||||||
|
shares = {
|
||||||
|
download = {
|
||||||
|
path = "/var/download/finished";
|
||||||
|
"read only" = "yes";
|
||||||
|
browseable = "yes";
|
||||||
|
"guest ok" = "yes";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
guest account = smbguest
|
||||||
|
map to guest = bad user
|
||||||
|
# disable printing
|
||||||
|
load printers = no
|
||||||
|
printing = bsd
|
||||||
|
printcap name = /dev/null
|
||||||
|
disable spoolss = yes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.prism;
|
krebs.build.host = config.krebs.hosts.prism;
|
||||||
|
@ -4,5 +4,4 @@
|
|||||||
];
|
];
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
environment.variables.NIX_REMOTE = "daemon";
|
|
||||||
}
|
}
|
||||||
|
@ -15,6 +15,8 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/bitcoin.nix>
|
<stockholm/lass/2configs/bitcoin.nix>
|
||||||
<stockholm/lass/2configs/backup.nix>
|
<stockholm/lass/2configs/backup.nix>
|
||||||
<stockholm/lass/2configs/blue-host.nix>
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
|
<stockholm/lass/2configs/green-host.nix>
|
||||||
|
<stockholm/lass/2configs/ssh-cryptsetup.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.shodan;
|
krebs.build.host = config.krebs.hosts.shodan;
|
||||||
|
@ -8,6 +8,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/blue-host.nix>
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
<stockholm/lass/2configs/power-action.nix>
|
<stockholm/lass/2configs/power-action.nix>
|
||||||
<stockholm/lass/2configs/syncthing.nix>
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
|
<stockholm/lass/2configs/green-host.nix>
|
||||||
{
|
{
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
services.xserver.desktopManager.xfce.enable = true;
|
services.xserver.desktopManager.xfce.enable = true;
|
||||||
|
@ -31,6 +31,7 @@ with import <stockholm/lib>;
|
|||||||
download-dir = "/var/download/finished";
|
download-dir = "/var/download/finished";
|
||||||
incomplete-dir = "/var/download/incoming";
|
incomplete-dir = "/var/download/incoming";
|
||||||
incomplete-dir-enable = true;
|
incomplete-dir-enable = true;
|
||||||
|
message-level = 1;
|
||||||
umask = "002";
|
umask = "002";
|
||||||
rpc-whitelist-enabled = false;
|
rpc-whitelist-enabled = false;
|
||||||
rpc-host-whitelist-enabled = false;
|
rpc-host-whitelist-enabled = false;
|
||||||
|
@ -4,5 +4,4 @@
|
|||||||
];
|
];
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
environment.variables.NIX_REMOTE = "daemon";
|
|
||||||
}
|
}
|
||||||
|
@ -9,6 +9,7 @@ in {
|
|||||||
./power-action.nix
|
./power-action.nix
|
||||||
./copyq.nix
|
./copyq.nix
|
||||||
./urxvt.nix
|
./urxvt.nix
|
||||||
|
./xdg-open.nix
|
||||||
{
|
{
|
||||||
hardware.pulseaudio = {
|
hardware.pulseaudio = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -100,6 +100,9 @@ with import <stockholm/lib>;
|
|||||||
{ from = "box@lassul.us"; to = lass.mail; }
|
{ from = "box@lassul.us"; to = lass.mail; }
|
||||||
{ from = "paloalto@lassul.us"; to = lass.mail; }
|
{ from = "paloalto@lassul.us"; to = lass.mail; }
|
||||||
{ from = "subtitles@lassul.us"; to = lass.mail; }
|
{ from = "subtitles@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "lobsters@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "fysitech@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "threema@lassul.us"; to = lass.mail; }
|
||||||
];
|
];
|
||||||
system-aliases = [
|
system-aliases = [
|
||||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||||
|
82
lass/2configs/green-host.nix
Normal file
82
lass/2configs/green-host.nix
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass/2configs/container-networking.nix>
|
||||||
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
|
{ #hack for already defined
|
||||||
|
systemd.services."container@green".reloadIfChanged = mkForce false;
|
||||||
|
systemd.services."container@green".preStart = ''
|
||||||
|
${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green '
|
||||||
|
'';
|
||||||
|
systemd.services."container@green".postStop = ''
|
||||||
|
set -x
|
||||||
|
${pkgs.umount}/bin/umount /var/lib/containers/green
|
||||||
|
ls -la /dev/mapper/control
|
||||||
|
${pkgs.devicemapper}/bin/dmsetup ls
|
||||||
|
${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.syncthing.folders."/var/lib/sync-containers".peers = [ "icarus" "skynet" "littleT" "shodan" ];
|
||||||
|
krebs.permown."/var/lib/sync-containers" = {
|
||||||
|
owner = "root";
|
||||||
|
group = "syncthing";
|
||||||
|
umask = "0007";
|
||||||
|
};
|
||||||
|
|
||||||
|
system.activationScripts.containerPermissions = ''
|
||||||
|
mkdir -p /var/lib/containers
|
||||||
|
chmod 711 /var/lib/containers
|
||||||
|
'';
|
||||||
|
|
||||||
|
containers.green = {
|
||||||
|
config = { ... }: {
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.git
|
||||||
|
pkgs.rxvt_unicode.terminfo
|
||||||
|
];
|
||||||
|
services.openssh.enable = true;
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
autoStart = false;
|
||||||
|
enableTun = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.233.2.15";
|
||||||
|
localAddress = "10.233.2.16";
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [
|
||||||
|
(pkgs.writeDashBin "start-green" ''
|
||||||
|
set -fu
|
||||||
|
CONTAINER='green'
|
||||||
|
IMAGE='/var/lib/sync-containers/green.img'
|
||||||
|
|
||||||
|
${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null
|
||||||
|
if [ "$?" -ne 0 ]; then
|
||||||
|
${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER"
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir -p /var/lib/containers/"$CONTAINER"
|
||||||
|
|
||||||
|
${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" "
|
||||||
|
if [ "$?" -ne 0 ]; then
|
||||||
|
${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER"
|
||||||
|
fi
|
||||||
|
|
||||||
|
STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER")
|
||||||
|
if [ "$STATE" = 'down' ]; then
|
||||||
|
${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER"
|
||||||
|
fi
|
||||||
|
ping -c1 green.r
|
||||||
|
if [ "$?" -ne 0 ]; then
|
||||||
|
${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch
|
||||||
|
fi
|
||||||
|
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
}
|
@ -30,8 +30,7 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.logind.extraConfig = ''
|
services.logind.lidSwitch = "ignore";
|
||||||
HandleLidSwitch=ignore
|
services.logind.lidSwitchDocked = "ignore";
|
||||||
'';
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -233,8 +233,4 @@ in {
|
|||||||
tag-new-mails
|
tag-new-mails
|
||||||
tag-old-mails
|
tag-old-mails
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = opkgs: {
|
|
||||||
notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; }));
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
@ -10,6 +10,16 @@ with import <stockholm/lib>;
|
|||||||
proxy_pass http://localhost:9081;
|
proxy_pass http://localhost:9081;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
services.nginx.virtualHosts.paste-readonly = {
|
||||||
|
serverAliases = [ "p.krebsco.de" ];
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
if ($request_method != GET) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://localhost:9081;
|
||||||
|
'';
|
||||||
|
};
|
||||||
krebs.htgen.paste = {
|
krebs.htgen.paste = {
|
||||||
port = 9081;
|
port = 9081;
|
||||||
script = toString [
|
script = toString [
|
||||||
|
@ -21,7 +21,7 @@ with import <stockholm/lib>;
|
|||||||
shares = {
|
shares = {
|
||||||
incoming = {
|
incoming = {
|
||||||
path = "/mnt/prism";
|
path = "/mnt/prism";
|
||||||
"read only" = "no";
|
"read only" = "yes";
|
||||||
browseable = "yes";
|
browseable = "yes";
|
||||||
"guest ok" = "yes";
|
"guest ok" = "yes";
|
||||||
};
|
};
|
||||||
|
@ -10,7 +10,7 @@ let
|
|||||||
source-password = import <secrets/icecast-source-pw>;
|
source-password = import <secrets/icecast-source-pw>;
|
||||||
|
|
||||||
add_random = pkgs.writeDashBin "add_random" ''
|
add_random = pkgs.writeDashBin "add_random" ''
|
||||||
${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)"
|
${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls the_playlist/music | grep '\.ogg$' | shuf -n1)"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
skip_track = pkgs.writeDashBin "skip_track" ''
|
skip_track = pkgs.writeDashBin "skip_track" ''
|
||||||
@ -57,8 +57,11 @@ in {
|
|||||||
services.mpd = {
|
services.mpd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = "radio";
|
group = "radio";
|
||||||
musicDirectory = "/home/radio/the_playlist/music";
|
musicDirectory = "/home/radio/music";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
log_level "default"
|
||||||
|
auto_update "yes"
|
||||||
|
|
||||||
audio_output {
|
audio_output {
|
||||||
type "shout"
|
type "shout"
|
||||||
encoding "lame"
|
encoding "lame"
|
||||||
@ -245,4 +248,13 @@ in {
|
|||||||
alias ${html};
|
alias ${html};
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
krebs.syncthing.folders."the_playlist" = {
|
||||||
|
path = "/home/radio/music/the_playlist";
|
||||||
|
peers = [ "mors" "phone" "prism" ];
|
||||||
|
};
|
||||||
|
krebs.permown."/home/radio/music/the_playlist" = {
|
||||||
|
owner = "radio";
|
||||||
|
group = "syncthing";
|
||||||
|
umask = "0002";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
17
lass/2configs/ssh-cryptsetup.nix
Normal file
17
lass/2configs/ssh-cryptsetup.nix
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
boot.initrd = {
|
||||||
|
network = {
|
||||||
|
enable = true;
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
authorizedKeys = with config.krebs.users; [
|
||||||
|
config.krebs.users.lass-mors.pubkey
|
||||||
|
config.krebs.users.lass-blue.pubkey
|
||||||
|
config.krebs.users.lass-shodan.pubkey
|
||||||
|
config.krebs.users.lass-icarus.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
11
lass/2configs/sync/decsync.nix
Normal file
11
lass/2configs/sync/decsync.nix
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{
|
||||||
|
krebs.syncthing.folders.decsync = {
|
||||||
|
path = "/home/lass/decsync";
|
||||||
|
peers = [ "mors" "blue" "green" "phone" ];
|
||||||
|
};
|
||||||
|
krebs.permown."/home/lass/decsync" = {
|
||||||
|
owner = "lass";
|
||||||
|
group = "syncthing";
|
||||||
|
umask = "0007";
|
||||||
|
};
|
||||||
|
}
|
8
lass/2configs/sync/weechat.nix
Normal file
8
lass/2configs/sync/weechat.nix
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{
|
||||||
|
krebs.syncthing.folders."/home/lass/.weechat".peers = [ "blue" "green" "mors" ];
|
||||||
|
krebs.permown."/home/lass/.weechat" = {
|
||||||
|
owner = "lass";
|
||||||
|
group = "syncthing";
|
||||||
|
umask = "0007";
|
||||||
|
};
|
||||||
|
}
|
@ -1,9 +1,10 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }: with import <stockholm/lib>; let
|
||||||
with import <stockholm/lib>;
|
peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
|
||||||
{
|
in {
|
||||||
services.syncthing = {
|
services.syncthing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = "syncthing";
|
group = "syncthing";
|
||||||
|
configDir = "/var/lib/syncthing";
|
||||||
};
|
};
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
|
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
|
||||||
@ -13,17 +14,17 @@ with import <stockholm/lib>;
|
|||||||
enable = true;
|
enable = true;
|
||||||
cert = toString <secrets/syncthing.cert>;
|
cert = toString <secrets/syncthing.cert>;
|
||||||
key = toString <secrets/syncthing.key>;
|
key = toString <secrets/syncthing.key>;
|
||||||
peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
|
peers = peers;
|
||||||
folders = [
|
folders."/home/lass/sync".peers = attrNames peers;
|
||||||
{ path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; }
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
system.activationScripts.syncthing-home = ''
|
system.activationScripts.syncthing-home = ''
|
||||||
${pkgs.coreutils}/bin/chmod a+x /home/lass
|
${pkgs.coreutils}/bin/chmod a+x /home/lass
|
||||||
'';
|
'';
|
||||||
|
|
||||||
lass.ensure-permissions = [
|
krebs.permown."/home/lass/sync" = {
|
||||||
{ folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; }
|
owner = "lass";
|
||||||
];
|
group = "syncthing";
|
||||||
|
umask = "0007";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -119,7 +119,7 @@ in {
|
|||||||
authenticators.PLAIN = ''
|
authenticators.PLAIN = ''
|
||||||
driver = plaintext
|
driver = plaintext
|
||||||
public_name = PLAIN
|
public_name = PLAIN
|
||||||
server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
|
server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
|
||||||
'';
|
'';
|
||||||
authenticators.LOGIN = ''
|
authenticators.LOGIN = ''
|
||||||
driver = plaintext
|
driver = plaintext
|
||||||
@ -237,8 +237,8 @@ in {
|
|||||||
krebs.on-failure.plans.restic-backups-domsen = {};
|
krebs.on-failure.plans.restic-backups-domsen = {};
|
||||||
services.restic.backups.domsen = {
|
services.restic.backups.domsen = {
|
||||||
initialize = true;
|
initialize = true;
|
||||||
extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
|
extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
|
||||||
repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
|
repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
|
||||||
passwordFile = toString <secrets> + "/domsen_backup_pw";
|
passwordFile = toString <secrets> + "/domsen_backup_pw";
|
||||||
timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
|
timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
|
||||||
paths = [
|
paths = [
|
||||||
|
66
lass/2configs/xdg-open.nix
Normal file
66
lass/2configs/xdg-open.nix
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
{ config, pkgs, lib, ... }: with import <stockholm/lib>; let
|
||||||
|
|
||||||
|
xdg-open-wrapper = pkgs.writeDashBin "xdg-open" ''
|
||||||
|
/run/wrappers/bin/sudo -u lass ${xdg-open} "$@"
|
||||||
|
'';
|
||||||
|
|
||||||
|
xdg-open = pkgs.writeBash "xdg-open" ''
|
||||||
|
set -e
|
||||||
|
FILE="$1"
|
||||||
|
mime=
|
||||||
|
|
||||||
|
case "$FILE" in
|
||||||
|
http://*|https://*)
|
||||||
|
mime=text/html
|
||||||
|
;;
|
||||||
|
mailto:*)
|
||||||
|
mime=special/mailaddress
|
||||||
|
;;
|
||||||
|
magnet:*)
|
||||||
|
mime=application/x-bittorrent
|
||||||
|
;;
|
||||||
|
irc:*)
|
||||||
|
mime=x-scheme-handler/irc
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# it’s a file
|
||||||
|
|
||||||
|
# strip possible protocol
|
||||||
|
FILE=''${FILE#file://}
|
||||||
|
mime=''$(file -E --brief --mime-type "$FILE") \
|
||||||
|
|| (echo "$mime" 1>&2; exit 1)
|
||||||
|
# ^ echo the error message of file
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
case "$mime" in
|
||||||
|
special/mailaddress)
|
||||||
|
urxvtc --execute vim "$FILE" ;;
|
||||||
|
${optionalString (hasAttr "browser" config.lass) ''
|
||||||
|
text/html)
|
||||||
|
${config.lass.browser.select}/bin/browser-select "$FILE" ;;
|
||||||
|
text/xml)
|
||||||
|
${config.lass.browser.select}/bin/browser-select "$FILE" ;;
|
||||||
|
''}
|
||||||
|
text/*)
|
||||||
|
urxvtc --execute vim "$FILE" ;;
|
||||||
|
image/*)
|
||||||
|
sxiv "$FILE" ;;
|
||||||
|
application/x-bittorrent)
|
||||||
|
env DISPLAY=:0 transgui "$FILE" ;;
|
||||||
|
application/pdf)
|
||||||
|
zathura "$FILE" ;;
|
||||||
|
inode/directory)
|
||||||
|
sudo -u lass -i urxvtc --execute mc "$FILE" ;;
|
||||||
|
*)
|
||||||
|
# open dmenu and ask for program to open with
|
||||||
|
$(dmenu_path | dmenu) "$FILE";;
|
||||||
|
esac
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
environment.systemPackages = [ xdg-open-wrapper ];
|
||||||
|
|
||||||
|
security.sudo.extraConfig = ''
|
||||||
|
cr ALL=(lass) NOPASSWD: ${xdg-open} *
|
||||||
|
'';
|
||||||
|
}
|
@ -3,7 +3,6 @@ _:
|
|||||||
imports = [
|
imports = [
|
||||||
./dnsmasq.nix
|
./dnsmasq.nix
|
||||||
./ejabberd
|
./ejabberd
|
||||||
./ensure-permissions.nix
|
|
||||||
./folderPerms.nix
|
./folderPerms.nix
|
||||||
./hosts.nix
|
./hosts.nix
|
||||||
./mysql-backup.nix
|
./mysql-backup.nix
|
||||||
|
@ -1,66 +0,0 @@
|
|||||||
{ config, pkgs, ... }: with import <stockholm/lib>;
|
|
||||||
|
|
||||||
let
|
|
||||||
|
|
||||||
cfg = config.lass.ensure-permissions;
|
|
||||||
|
|
||||||
in
|
|
||||||
|
|
||||||
{
|
|
||||||
options.lass.ensure-permissions = mkOption {
|
|
||||||
default = [];
|
|
||||||
type = types.listOf (types.submodule ({
|
|
||||||
options = {
|
|
||||||
|
|
||||||
folder = mkOption {
|
|
||||||
type = types.absolute-pathname;
|
|
||||||
};
|
|
||||||
|
|
||||||
owner = mkOption {
|
|
||||||
# TODO user type
|
|
||||||
type = types.str;
|
|
||||||
default = "root";
|
|
||||||
};
|
|
||||||
|
|
||||||
group = mkOption {
|
|
||||||
# TODO group type
|
|
||||||
type = types.str;
|
|
||||||
default = "root";
|
|
||||||
};
|
|
||||||
|
|
||||||
permission = mkOption {
|
|
||||||
# TODO permission type
|
|
||||||
type = types.str;
|
|
||||||
default = "u+rw,g+rw";
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
}));
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf (cfg != []) {
|
|
||||||
|
|
||||||
system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
|
|
||||||
${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
|
|
||||||
${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
|
|
||||||
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
|
|
||||||
'') cfg;
|
|
||||||
systemd.services =
|
|
||||||
listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
Restart = "always";
|
|
||||||
RestartSec = 10;
|
|
||||||
ExecStart = pkgs.writeDash "ensure-perms" ''
|
|
||||||
${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
|
|
||||||
| while IFS= read -r FILE; do
|
|
||||||
${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
|
|
||||||
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
|
|
||||||
done
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}) cfg)
|
|
||||||
;
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
@ -31,13 +31,24 @@
|
|||||||
session required pam_loginuid.so
|
session required pam_loginuid.so
|
||||||
'';
|
'';
|
||||||
|
|
||||||
security.pam.services.dovecot2.text = ''
|
security.pam.services.dovecot2 = {
|
||||||
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
|
text = ''
|
||||||
auth required pam_permit.so
|
auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
|
||||||
account required pam_permit.so
|
auth required pam_permit.so
|
||||||
session required pam_permit.so
|
account required pam_permit.so
|
||||||
session required pam_env.so envfile=${config.system.build.pamEnvironment}
|
session required pam_permit.so
|
||||||
'';
|
session required pam_env.so envfile=${config.system.build.pamEnvironment}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
security.wrappers.shadow_verify_pam = {
|
||||||
|
source = "${usershadow}/bin/verify_pam";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
security.wrappers.shadow_verify_arg = {
|
||||||
|
source = "${usershadow}/bin/verify_arg";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
usershadow = let {
|
usershadow = let {
|
||||||
@ -46,10 +57,13 @@
|
|||||||
"bytestring"
|
"bytestring"
|
||||||
];
|
];
|
||||||
body = pkgs.writeHaskellPackage "passwords" {
|
body = pkgs.writeHaskellPackage "passwords" {
|
||||||
|
ghc-options = [
|
||||||
|
"-rtsopts"
|
||||||
|
"-Wall"
|
||||||
|
];
|
||||||
executables.verify_pam = {
|
executables.verify_pam = {
|
||||||
extra-depends = deps;
|
extra-depends = deps;
|
||||||
text = ''
|
text = ''
|
||||||
import Data.Monoid
|
|
||||||
import System.IO
|
import System.IO
|
||||||
import Data.Char (chr)
|
import Data.Char (chr)
|
||||||
import System.Environment (getEnv, getArgs)
|
import System.Environment (getEnv, getArgs)
|
||||||
@ -72,7 +86,6 @@
|
|||||||
executables.verify_arg = {
|
executables.verify_arg = {
|
||||||
extra-depends = deps;
|
extra-depends = deps;
|
||||||
text = ''
|
text = ''
|
||||||
import Data.Monoid
|
|
||||||
import System.Environment (getArgs)
|
import System.Environment (getArgs)
|
||||||
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
|
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
|
||||||
import qualified Data.ByteString.Char8 as BS8
|
import qualified Data.ByteString.Char8 as BS8
|
||||||
|
@ -89,7 +89,7 @@ rec {
|
|||||||
|
|
||||||
syncthing.id = mkOption {
|
syncthing.id = mkOption {
|
||||||
# TODO syncthing id type
|
# TODO syncthing id type
|
||||||
type = nullOr string;
|
type = nullOr str;
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -542,21 +542,28 @@ rec {
|
|||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
|
|
||||||
# POSIX.1‐2013, 3.278 Portable Filename Character Set
|
# POSIX.1‐2017, 3.190 Group Name
|
||||||
|
groupname = mkOptionType {
|
||||||
|
name = "POSIX group name";
|
||||||
|
check = filename.check;
|
||||||
|
merge = mergeOneOption;
|
||||||
|
};
|
||||||
|
|
||||||
|
# POSIX.1‐2017, 3.281 Portable Filename
|
||||||
filename = mkOptionType {
|
filename = mkOptionType {
|
||||||
name = "POSIX filename";
|
name = "POSIX portable filename";
|
||||||
check = test "[0-9A-Za-z._][0-9A-Za-z._-]*";
|
check = test "[0-9A-Za-z._][0-9A-Za-z._-]*";
|
||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
|
|
||||||
# POSIX.1‐2013, 3.2 Absolute Pathname
|
# POSIX.1‐2017, 3.2 Absolute Pathname
|
||||||
absolute-pathname = mkOptionType {
|
absolute-pathname = mkOptionType {
|
||||||
name = "POSIX absolute pathname";
|
name = "POSIX absolute pathname";
|
||||||
check = x: isString x && substring 0 1 x == "/" && pathname.check x;
|
check = x: isString x && substring 0 1 x == "/" && pathname.check x;
|
||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
|
|
||||||
# POSIX.1‐2013, 3.267 Pathname
|
# POSIX.1-2017, 3.271 Pathname
|
||||||
pathname = mkOptionType {
|
pathname = mkOptionType {
|
||||||
name = "POSIX pathname";
|
name = "POSIX pathname";
|
||||||
check = x:
|
check = x:
|
||||||
@ -570,9 +577,9 @@ rec {
|
|||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
|
|
||||||
# POSIX.1-2013, 3.431 User Name
|
# POSIX.1-2017, 3.216 Login Name
|
||||||
username = mkOptionType {
|
username = mkOptionType {
|
||||||
name = "POSIX username";
|
name = "POSIX login name";
|
||||||
check = filename.check;
|
check = filename.check;
|
||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
|
@ -6,13 +6,13 @@
|
|||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
<stockholm/makefu>
|
<stockholm/makefu>
|
||||||
|
|
||||||
<stockholm/makefu/2configs/hw/vbox-guest.nix>
|
# <stockholm/makefu/2configs/hw/vbox-guest.nix> # broken since 2019-04-18
|
||||||
#{ # until virtualbox-image is fixed
|
{ # until virtualbox-image is fixed
|
||||||
# imports = [
|
imports = [
|
||||||
# <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||||
# ];
|
];
|
||||||
# boot.loader.grub.device = lib.mkForce "/dev/sda";
|
boot.loader.grub.device = lib.mkForce "/dev/sda";
|
||||||
#}
|
}
|
||||||
<stockholm/makefu/2configs/main-laptop.nix>
|
<stockholm/makefu/2configs/main-laptop.nix>
|
||||||
# <secrets/extra-hosts.nix>
|
# <secrets/extra-hosts.nix>
|
||||||
|
|
||||||
|
@ -11,9 +11,13 @@
|
|||||||
<stockholm/makefu/2configs/home-manager/desktop.nix>
|
<stockholm/makefu/2configs/home-manager/desktop.nix>
|
||||||
<stockholm/makefu/2configs/home-manager/cli.nix>
|
<stockholm/makefu/2configs/home-manager/cli.nix>
|
||||||
<stockholm/makefu/2configs/home-manager/mail.nix>
|
<stockholm/makefu/2configs/home-manager/mail.nix>
|
||||||
|
<stockholm/makefu/2configs/home-manager/taskwarrior.nix>
|
||||||
|
|
||||||
<stockholm/makefu/2configs/main-laptop.nix>
|
<stockholm/makefu/2configs/main-laptop.nix>
|
||||||
<stockholm/makefu/2configs/extra-fonts.nix>
|
<stockholm/makefu/2configs/extra-fonts.nix>
|
||||||
<stockholm/makefu/2configs/tools/all.nix>
|
<stockholm/makefu/2configs/tools/all.nix>
|
||||||
|
{ programs.adb.enable = true; }
|
||||||
|
|
||||||
<stockholm/makefu/2configs/dict.nix>
|
<stockholm/makefu/2configs/dict.nix>
|
||||||
#<stockholm/makefu/3modules/netboot_server.nix>
|
#<stockholm/makefu/3modules/netboot_server.nix>
|
||||||
#{
|
#{
|
||||||
@ -23,7 +27,14 @@
|
|||||||
# };
|
# };
|
||||||
#}
|
#}
|
||||||
|
|
||||||
|
# Restore:
|
||||||
|
# systemctl cat borgbackup-job-state
|
||||||
|
# export BORG_PASSCOMMAND BORG_REPO BORG_RSH
|
||||||
|
# borg list "$BORG_REPO"
|
||||||
|
# mount newroot somewhere && cd somewhere
|
||||||
|
# borg extract "$BORG_REPO::x-state-2019-04-17T01:41:51" --progress # < extract to cwd
|
||||||
<stockholm/makefu/2configs/backup/state.nix>
|
<stockholm/makefu/2configs/backup/state.nix>
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/dnscrypt/client.nix>
|
# <stockholm/makefu/2configs/dnscrypt/client.nix>
|
||||||
<stockholm/makefu/2configs/avahi.nix>
|
<stockholm/makefu/2configs/avahi.nix>
|
||||||
<stockholm/makefu/2configs/support-nixos.nix>
|
<stockholm/makefu/2configs/support-nixos.nix>
|
||||||
@ -46,19 +57,18 @@
|
|||||||
|
|
||||||
# Krebs
|
# Krebs
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||||
<stockholm/makefu/2configs/share/gum-client.nix>
|
# <stockholm/makefu/2configs/share/gum-client.nix>
|
||||||
|
|
||||||
|
|
||||||
# applications
|
# applications
|
||||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||||
<stockholm/makefu/2configs/mail-client.nix>
|
<stockholm/makefu/2configs/mail-client.nix>
|
||||||
<stockholm/makefu/2configs/printer.nix>
|
<stockholm/makefu/2configs/printer.nix>
|
||||||
<stockholm/makefu/2configs/task-client.nix>
|
|
||||||
# <stockholm/makefu/2configs/syncthing.nix>
|
# <stockholm/makefu/2configs/syncthing.nix>
|
||||||
|
|
||||||
# Virtualization
|
# Virtualization
|
||||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
# <stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||||
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
|
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
|
||||||
#{
|
#{
|
||||||
# networking.firewall.allowedTCPPorts = [ 8080 ];
|
# networking.firewall.allowedTCPPorts = [ 8080 ];
|
||||||
@ -71,35 +81,43 @@
|
|||||||
# Services
|
# Services
|
||||||
<stockholm/makefu/2configs/git/brain-retiolum.nix>
|
<stockholm/makefu/2configs/git/brain-retiolum.nix>
|
||||||
<stockholm/makefu/2configs/tor.nix>
|
<stockholm/makefu/2configs/tor.nix>
|
||||||
<stockholm/makefu/2configs/vpn/vpngate.nix>
|
# <stockholm/makefu/2configs/vpn/vpngate.nix>
|
||||||
# <stockholm/makefu/2configs/buildbot-standalone.nix>
|
# <stockholm/makefu/2configs/buildbot-standalone.nix>
|
||||||
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
|
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
|
||||||
<stockholm/makefu/2configs/remote-build/gum.nix>
|
# <stockholm/makefu/2configs/remote-build/gum.nix>
|
||||||
{ nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
|
# { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
|
||||||
|
|
||||||
|
<stockholm/makefu/2configs/binary-cache/gum.nix>
|
||||||
|
<stockholm/makefu/2configs/binary-cache/lass.nix>
|
||||||
|
|
||||||
# Hardware
|
# Hardware
|
||||||
<stockholm/makefu/2configs/hw/tp-x230.nix>
|
<stockholm/makefu/2configs/hw/tp-x230.nix>
|
||||||
<stockholm/makefu/2configs/hw/mceusb.nix>
|
# <stockholm/makefu/2configs/hw/mceusb.nix>
|
||||||
<stockholm/makefu/2configs/hw/malduino_elite.nix>
|
|
||||||
# <stockholm/makefu/2configs/hw/tpm.nix>
|
# <stockholm/makefu/2configs/hw/tpm.nix>
|
||||||
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
|
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
|
||||||
<stockholm/makefu/2configs/hw/network-manager.nix>
|
<stockholm/makefu/2configs/hw/network-manager.nix>
|
||||||
<stockholm/makefu/2configs/hw/stk1160.nix>
|
# <stockholm/makefu/2configs/hw/stk1160.nix>
|
||||||
<stockholm/makefu/2configs/hw/irtoy.nix>
|
# <stockholm/makefu/2configs/hw/irtoy.nix>
|
||||||
|
# <stockholm/makefu/2configs/hw/malduino_elite.nix>
|
||||||
<stockholm/makefu/2configs/hw/switch.nix>
|
<stockholm/makefu/2configs/hw/switch.nix>
|
||||||
<stockholm/makefu/2configs/hw/bluetooth.nix>
|
<stockholm/makefu/2configs/hw/bluetooth.nix>
|
||||||
# <stockholm/makefu/2configs/hw/rad1o.nix>
|
# <stockholm/makefu/2configs/hw/rad1o.nix>
|
||||||
<stockholm/makefu/2configs/hw/smartcard.nix>
|
<stockholm/makefu/2configs/hw/smartcard.nix>
|
||||||
|
|
||||||
|
{
|
||||||
|
services.upower.enable = true;
|
||||||
|
users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
|
||||||
|
}
|
||||||
|
|
||||||
# Filesystem
|
# Filesystem
|
||||||
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
|
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
|
||||||
|
|
||||||
# Security
|
# Security
|
||||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||||
{ programs.adb.enable = true; }
|
|
||||||
# temporary
|
# temporary
|
||||||
{ services.redis.enable = true; }
|
# { services.redis.enable = true; }
|
||||||
<stockholm/makefu/2configs/pyload.nix>
|
# <stockholm/makefu/2configs/pyload.nix>
|
||||||
# <stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
# <stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||||
# <stockholm/makefu/2configs/nginx/rompr.nix>
|
# <stockholm/makefu/2configs/nginx/rompr.nix>
|
||||||
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
||||||
@ -136,6 +154,9 @@
|
|||||||
makefu.server.primary-itf = "wlp3s0";
|
makefu.server.primary-itf = "wlp3s0";
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
nixpkgs.config.oraclejdk.accept_license = true;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# configure pulseAudio to provide a HDMI sink as well
|
# configure pulseAudio to provide a HDMI sink as well
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
@ -163,7 +184,6 @@
|
|||||||
"/home/makefu/.ssh/"
|
"/home/makefu/.ssh/"
|
||||||
"/home/makefu/.zsh_history"
|
"/home/makefu/.zsh_history"
|
||||||
"/home/makefu/.bash_history"
|
"/home/makefu/.bash_history"
|
||||||
"/home/makefu/.zshrc"
|
|
||||||
"/home/makefu/bin"
|
"/home/makefu/bin"
|
||||||
"/home/makefu/.gnupg"
|
"/home/makefu/.gnupg"
|
||||||
"/home/makefu/.imapfilter"
|
"/home/makefu/.imapfilter"
|
||||||
@ -171,6 +191,7 @@
|
|||||||
"/home/makefu/docs"
|
"/home/makefu/docs"
|
||||||
"/home/makefu/.password-store"
|
"/home/makefu/.password-store"
|
||||||
"/home/makefu/.secrets-pass"
|
"/home/makefu/.secrets-pass"
|
||||||
|
"/home/makefu/.config/syncthing"
|
||||||
];
|
];
|
||||||
|
|
||||||
services.syncthing.user = lib.mkForce "makefu";
|
services.syncthing.user = lib.mkForce "makefu";
|
||||||
|
13
makefu/2configs/binary-cache/gum.nix
Normal file
13
makefu/2configs/binary-cache/gum.nix
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
|
||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
nix = {
|
||||||
|
binaryCaches = [
|
||||||
|
"https://cache.euer.krebsco.de/"
|
||||||
|
];
|
||||||
|
binaryCachePublicKeys = [
|
||||||
|
"gum:iIXIFlCAotib+MgI3V/i3HMlFXiVYOT/jfP0y54Zuvg="
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
@ -19,9 +19,10 @@
|
|||||||
};
|
};
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts.nix-serve = {
|
virtualHosts."cache.euer.krebsco.de" = {
|
||||||
serverAliases = [ "cache.gum.r"
|
forceSSL = true;
|
||||||
"cache.euer.krebsco.de"
|
enableACME = true;
|
||||||
|
serverAliases = [ # "cache.gum.r"
|
||||||
"cache.gum.krebsco.de"
|
"cache.gum.krebsco.de"
|
||||||
];
|
];
|
||||||
locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
|
locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
|
||||||
|
@ -5,14 +5,40 @@
|
|||||||
entity_id = "group.team";
|
entity_id = "group.team";
|
||||||
from = "not_home";
|
from = "not_home";
|
||||||
to = "home";
|
to = "home";
|
||||||
|
for.seconds = 30;
|
||||||
};
|
};
|
||||||
action = {
|
action = [
|
||||||
service = "homeassistant.turn_on";
|
{
|
||||||
entity_id = [
|
service = "homeassistant.turn_on";
|
||||||
"switch.fernseher"
|
entity_id = [
|
||||||
"switch.feuer"
|
"switch.fernseher"
|
||||||
];
|
"switch.feuer"
|
||||||
};
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
service = "media_player.kodi_call_method";
|
||||||
|
data = {
|
||||||
|
entity_id = "media_player.kodi";
|
||||||
|
method = "Player.Open";
|
||||||
|
item.partymode = "music";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
service = "tts.google_say";
|
||||||
|
entity_id = "media_player.kodi";
|
||||||
|
data = {
|
||||||
|
message = "Willkommen in deinem Lieblingsbüro";
|
||||||
|
language = "de";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
service = "notify.telegrambot";
|
||||||
|
data = {
|
||||||
|
title = "Bureau Startup";
|
||||||
|
message = "Willkommen {{ trigger.platform }}";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
}
|
}
|
||||||
{ alias = "Turn off Fernseher after last in group left";
|
{ alias = "Turn off Fernseher after last in group left";
|
||||||
trigger = [
|
trigger = [
|
||||||
@ -42,7 +68,7 @@
|
|||||||
service = "notify.telegrambot";
|
service = "notify.telegrambot";
|
||||||
data = {
|
data = {
|
||||||
title = "Bureau Shutdown";
|
title = "Bureau Shutdown";
|
||||||
message = "All devices are turned off due to {{ trigger.platform }} - {{ trigger }}";
|
message = "All devices are turned off due to {{ trigger.platform }}";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
31
makefu/2configs/bureautomation/automation/hass-restart.nix
Normal file
31
makefu/2configs/bureautomation/automation/hass-restart.nix
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
[
|
||||||
|
{ alias = "State on HA start-up";
|
||||||
|
trigger = {
|
||||||
|
platform = "homeassistant";
|
||||||
|
event = "start";
|
||||||
|
};
|
||||||
|
action = [
|
||||||
|
# Startup State
|
||||||
|
{ service = "mqtt.publish";
|
||||||
|
data = {
|
||||||
|
topic = "/bam/sonoffs/cmnd/state";
|
||||||
|
payload = "";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
# Firmware Version
|
||||||
|
{ service = "mqtt.publish";
|
||||||
|
data = {
|
||||||
|
topic = "/bam/sonoffs/cmnd/status";
|
||||||
|
payload = "2";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
# Will trigger restart of all devices!
|
||||||
|
#{ service = "mqtt.publish";
|
||||||
|
# data = {
|
||||||
|
# topic = "sonoffs/cmnd/SetOption59"; # configure sending state on power change
|
||||||
|
# payload = "1";
|
||||||
|
# };
|
||||||
|
#}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
]
|
@ -1,43 +1,35 @@
|
|||||||
[
|
[
|
||||||
{
|
# TODO: trigger if it is before dusk and somebody arives but nachtlichter are
|
||||||
alias = "Turn off Nachtlicht on sunrise";
|
# off from last day
|
||||||
trigger =
|
# TODO: do not have nachtlicht turned on at night
|
||||||
{
|
{
|
||||||
platform = "sun";
|
alias = "Turn on Nachtlicht at dusk"; # when it gets dim
|
||||||
event = "sunrise";
|
trigger =
|
||||||
};
|
{ platform = "numeric_state";
|
||||||
action =
|
entity_id = "sun.sun";
|
||||||
{
|
value_template = "{{ state.attributes.elevation }}";
|
||||||
service = "homeassistant.turn_off";
|
below = 10;
|
||||||
entity_id = [ "group.nachtlicht" ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
};
|
||||||
alias = "Turn on Nachtlicht on motion and dusk";
|
action =
|
||||||
trigger =
|
{ service = "homeassistant.turn_on";
|
||||||
{
|
entity_id = [ "group.nachtlicht" ];
|
||||||
platform = "state";
|
};
|
||||||
entity_id = "binary_sensor.motion";
|
}
|
||||||
to = "on";
|
{
|
||||||
};
|
alias = "Turn off Nachtlicht at dawn";
|
||||||
condition = # 'when dark'
|
trigger =
|
||||||
{
|
{ platform = "sun";
|
||||||
condition = "or";
|
event = "sunrise";
|
||||||
conditions = [
|
offset = "01:30:00"; # on dawn
|
||||||
{ condition = "sun";
|
};
|
||||||
after = "sunset";
|
# TODO: when somebody is still in the buero
|
||||||
after_offset = "-00:45:00"; # on dusk
|
# condition =
|
||||||
}
|
#{
|
||||||
{ condition = "sun";
|
#};
|
||||||
before = "sunrise";
|
action =
|
||||||
}
|
{ service = "homeassistant.turn_off";
|
||||||
];
|
entity_id = [ "group.nachtlicht" ];
|
||||||
};
|
};
|
||||||
action =
|
}
|
||||||
{
|
|
||||||
service = "homeassistant.turn_on";
|
|
||||||
entity_id = [ "group.nachtlicht" ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
|
@ -20,6 +20,9 @@ let
|
|||||||
mosquitto_pub -t /bam/$topic/cmnd/POWER -m OFF
|
mosquitto_pub -t /bam/$topic/cmnd/POWER -m OFF
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
|
imports = [
|
||||||
|
./ota.nix
|
||||||
|
];
|
||||||
services.logstash = {
|
services.logstash = {
|
||||||
package = pkgs.logstash5;
|
package = pkgs.logstash5;
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -6,6 +6,7 @@ in {
|
|||||||
state = [ "/var/lib/hass/known_devices.yaml" ];
|
state = [ "/var/lib/hass/known_devices.yaml" ];
|
||||||
services.home-assistant = {
|
services.home-assistant = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
package = pkgs.home-assistant.override { python3 = pkgs.python36; };
|
||||||
config = {
|
config = {
|
||||||
homeassistant = {
|
homeassistant = {
|
||||||
name = "Bureautomation";
|
name = "Bureautomation";
|
||||||
@ -13,8 +14,14 @@ in {
|
|||||||
latitude = "48.8265";
|
latitude = "48.8265";
|
||||||
longitude = "9.0676";
|
longitude = "9.0676";
|
||||||
elevation = 303;
|
elevation = 303;
|
||||||
|
auth_providers = [
|
||||||
|
{ type = "homeassistant";}
|
||||||
|
{ type = "legacy_api_password";}
|
||||||
|
{ type = "trusted_networks";
|
||||||
|
# allow_bypass_login = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
mqtt = {
|
mqtt = {
|
||||||
broker = "localhost";
|
broker = "localhost";
|
||||||
port = 1883;
|
port = 1883;
|
||||||
@ -79,7 +86,8 @@ in {
|
|||||||
sensor =
|
sensor =
|
||||||
(import ./sensor/espeasy.nix) ++
|
(import ./sensor/espeasy.nix) ++
|
||||||
((import ./sensor/outside.nix) {inherit lib;}) ++
|
((import ./sensor/outside.nix) {inherit lib;}) ++
|
||||||
(import ./sensor/influxdb.nix);
|
(import ./sensor/influxdb.nix) ++
|
||||||
|
(import ./sensor/tasmota_firmware.nix);
|
||||||
|
|
||||||
camera =
|
camera =
|
||||||
(import ./camera/verkehrskamera.nix);
|
(import ./camera/verkehrskamera.nix);
|
||||||
@ -89,12 +97,22 @@ in {
|
|||||||
# (import ./person/team.nix );
|
# (import ./person/team.nix );
|
||||||
|
|
||||||
frontend = { };
|
frontend = { };
|
||||||
http = { };
|
http = {
|
||||||
|
# TODO: https://github.com/home-assistant/home-assistant/issues/16149
|
||||||
|
api_password = "sistemas";
|
||||||
|
trusted_networks = [
|
||||||
|
"127.0.0.1/32"
|
||||||
|
"192.168.8.0/24"
|
||||||
|
"::1/128"
|
||||||
|
"fd00::/8"
|
||||||
|
];
|
||||||
|
};
|
||||||
conversation = {};
|
conversation = {};
|
||||||
history = {};
|
history = {};
|
||||||
logbook = {};
|
logbook = {};
|
||||||
tts = [ { platform = "google";} ];
|
tts = [ { platform = "google";} ];
|
||||||
recorder = {};
|
recorder = {};
|
||||||
|
sun = {};
|
||||||
telegram_bot = [
|
telegram_bot = [
|
||||||
(builtins.fromJSON
|
(builtins.fromJSON
|
||||||
(builtins.readFile <secrets/hass/telegram-bot.json>))
|
(builtins.readFile <secrets/hass/telegram-bot.json>))
|
||||||
@ -156,8 +174,10 @@ in {
|
|||||||
outside = [
|
outside = [
|
||||||
# "sensor.ditzingen_pm10"
|
# "sensor.ditzingen_pm10"
|
||||||
# "sensor.ditzingen_pm25"
|
# "sensor.ditzingen_pm25"
|
||||||
|
"sensor.dark_sky_icon"
|
||||||
"sensor.dark_sky_temperature"
|
"sensor.dark_sky_temperature"
|
||||||
"sensor.dark_sky_humidity"
|
"sensor.dark_sky_humidity"
|
||||||
|
"sensor.dark_sky_uv_index"
|
||||||
# "sensor.dark_sky_pressure"
|
# "sensor.dark_sky_pressure"
|
||||||
"sensor.dark_sky_hourly_summary"
|
"sensor.dark_sky_hourly_summary"
|
||||||
"device_tracker.router"
|
"device_tracker.router"
|
||||||
@ -169,6 +189,7 @@ in {
|
|||||||
# home-assistant
|
# home-assistant
|
||||||
automation = (import ./automation/bureau-shutdown.nix) ++
|
automation = (import ./automation/bureau-shutdown.nix) ++
|
||||||
(import ./automation/nachtlicht.nix) ++
|
(import ./automation/nachtlicht.nix) ++
|
||||||
|
(import ./automation/hass-restart.nix) ++
|
||||||
(import ./automation/10h_timer.nix);
|
(import ./automation/10h_timer.nix);
|
||||||
device_tracker = (import ./device_tracker/openwrt.nix );
|
device_tracker = (import ./device_tracker/openwrt.nix );
|
||||||
};
|
};
|
||||||
|
@ -20,7 +20,7 @@ let
|
|||||||
payload_not_available= "Offline";
|
payload_not_available= "Offline";
|
||||||
# brightness
|
# brightness
|
||||||
brightness_state_topic = "/bam/${topic}/tele/STATE";
|
brightness_state_topic = "/bam/${topic}/tele/STATE";
|
||||||
brightness_value_template = "{{value_json.Dimmer}}";
|
brightness_value_template = "{{value_json.Dimmer|default(100)}}";
|
||||||
brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
|
brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
|
||||||
brightness_scale = 100;
|
brightness_scale = 100;
|
||||||
# color
|
# color
|
||||||
@ -30,9 +30,8 @@ let
|
|||||||
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
|
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
|
||||||
# effects
|
# effects
|
||||||
effect_state_topic = "/bam/${topic}/tele/STATE";
|
effect_state_topic = "/bam/${topic}/tele/STATE";
|
||||||
effects_value_template = "{{value_json.Scheme}}";
|
effects_value_template = "{{value_json.Scheme|default(0)}}";
|
||||||
effect_command_topic = "/bam/${topic}/cmnd/Scheme";
|
effect_command_topic = "/bam/${topic}/cmnd/Scheme";
|
||||||
effect_value_template = "{{ value_json.Scheme }}";
|
|
||||||
effect_list = [
|
effect_list = [
|
||||||
0 # single color for LED light
|
0 # single color for LED light
|
||||||
1 # start wake up sequence (same as Wakeup)
|
1 # start wake up sequence (same as Wakeup)
|
||||||
|
15
makefu/2configs/bureautomation/ota.nix
Normal file
15
makefu/2configs/bureautomation/ota.nix
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
{
|
||||||
|
# mosquitto_pub -t /bam/sonoffs/cmnd/OtaUrl -m "http://192.168.8.11/sonoff.bin"
|
||||||
|
# mosquitto_pub -t /bam/sonoffs/cmnd/upgrade -m "6.5.0"
|
||||||
|
# wget https://github.com/arendst/Sonoff-Tasmota/releases/download/v6.5.0/sonoff.bin
|
||||||
|
# wget https://github.com/arendst/Sonoff-Tasmota/releases/download/v6.5.0/sonoff-minimal.bin
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."192.168.8.11" = {
|
||||||
|
root = "/var/www/tasmota";
|
||||||
|
extraConfig = ''
|
||||||
|
autoindex on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
16
makefu/2configs/bureautomation/sensor/tasmota_firmware.nix
Normal file
16
makefu/2configs/bureautomation/sensor/tasmota_firmware.nix
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
let
|
||||||
|
tasmota_firmware = topic:
|
||||||
|
{ platform = "mqtt";
|
||||||
|
name = "${topic} Firmware";
|
||||||
|
state_topic = "/bam/${topic}/stat/STATUS2";
|
||||||
|
availability_topic = "/bam/${topic}/tele/LWT";
|
||||||
|
value_template = "v{{value_json.StatusFWR.Version}}";
|
||||||
|
payload_available= "Online";
|
||||||
|
payload_not_available= "Offline";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
map tasmota_firmware [
|
||||||
|
"plug" "plug2" "plug3" "plug4" "plug5"
|
||||||
|
"status1" "status2" "buslicht"
|
||||||
|
"rfbridge"
|
||||||
|
]
|
@ -23,9 +23,9 @@ let
|
|||||||
in {
|
in {
|
||||||
system.activationScripts."prepare-nextcloud-${domain}" = ''
|
system.activationScripts."prepare-nextcloud-${domain}" = ''
|
||||||
if test ! -e ${root} ;then
|
if test ! -e ${root} ;then
|
||||||
echo "copying latest ${pkgs.owncloud.name} release to ${root}"
|
echo "copying latest ${pkgs.nextcloud.name} release to ${root}"
|
||||||
mkdir -p $(dirname "${root}")
|
mkdir -p $(dirname "${root}")
|
||||||
cp -r ${pkgs.owncloud} "${root}"
|
cp -r ${pkgs.nextcloud} "${root}"
|
||||||
chown -R nginx:nginx "${root}"
|
chown -R nginx:nginx "${root}"
|
||||||
chmod 770 "${root}"
|
chmod 770 "${root}"
|
||||||
fi
|
fi
|
||||||
|
@ -2,7 +2,9 @@
|
|||||||
imports = [
|
imports = [
|
||||||
<home-manager/nixos>
|
<home-manager/nixos>
|
||||||
];
|
];
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
home-manager.users.makefu = {
|
home-manager.users.makefu = {
|
||||||
|
home.stateVersion = "19.03";
|
||||||
};
|
};
|
||||||
environment.variables = {
|
environment.variables = {
|
||||||
GTK_DATA_PREFIX = "/run/current-system/sw";
|
GTK_DATA_PREFIX = "/run/current-system/sw";
|
||||||
|
@ -5,7 +5,10 @@
|
|||||||
home-manager.users.makefu = {
|
home-manager.users.makefu = {
|
||||||
systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.networkmanagerapplet}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
|
systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.networkmanagerapplet}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
|
||||||
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
|
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
|
||||||
programs.firefox.enable = true;
|
programs.firefox = {
|
||||||
|
enable = true;
|
||||||
|
enableIcedTea = true;
|
||||||
|
};
|
||||||
programs.obs-studio.enable = true;
|
programs.obs-studio.enable = true;
|
||||||
xdg.enable = true;
|
xdg.enable = true;
|
||||||
services.network-manager-applet.enable = true;
|
services.network-manager-applet.enable = true;
|
||||||
@ -20,7 +23,6 @@
|
|||||||
filenamePattern=%F_%T_shot
|
filenamePattern=%F_%T_shot
|
||||||
'';
|
'';
|
||||||
|
|
||||||
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
|
|
||||||
programs.chromium = {
|
programs.chromium = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extensions = [
|
extensions = [
|
||||||
|
4
makefu/2configs/home-manager/recording.nix
Normal file
4
makefu/2configs/home-manager/recording.nix
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
{pkgs, ... }:
|
||||||
|
{
|
||||||
|
home-manager.users.makefu.programs.obs-studio.enable = true;
|
||||||
|
}
|
@ -3,6 +3,12 @@ let
|
|||||||
loc = "/home/makefu/.task";
|
loc = "/home/makefu/.task";
|
||||||
in {
|
in {
|
||||||
state = [ "${loc}/keys" ];
|
state = [ "${loc}/keys" ];
|
||||||
|
environment.shellAliases = {
|
||||||
|
tshack = "task tags:shack";
|
||||||
|
tkrebs = "task tags:krebs";
|
||||||
|
thome = "task tags:home";
|
||||||
|
t = "task project: ";
|
||||||
|
};
|
||||||
home-manager.users.makefu.programs.taskwarrior = {
|
home-manager.users.makefu.programs.taskwarrior = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dataLocation = loc;
|
dataLocation = loc;
|
||||||
|
@ -67,6 +67,7 @@
|
|||||||
home-manager.users.makefu.programs.zsh.shellAliases = {
|
home-manager.users.makefu.programs.zsh.shellAliases = {
|
||||||
cat = "bat";
|
cat = "bat";
|
||||||
catn = "${pkgs.coreutils}/bin/cat";
|
catn = "${pkgs.coreutils}/bin/cat";
|
||||||
|
ncat = "${pkgs.coreutils}/bin/cat";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
@ -108,6 +108,7 @@ in {
|
|||||||
];
|
];
|
||||||
|
|
||||||
services.home-assistant = {
|
services.home-assistant = {
|
||||||
|
package = pkgs.home-assistant.override { python3 = pkgs.python36; };
|
||||||
config = {
|
config = {
|
||||||
homeassistant = {
|
homeassistant = {
|
||||||
name = "Home"; time_zone = "Europe/Berlin";
|
name = "Home"; time_zone = "Europe/Berlin";
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./tpm.nix
|
./tpm.nix
|
||||||
@ -19,7 +18,6 @@ with import <stockholm/lib>;
|
|||||||
hardware.cpu.intel.updateMicrocode = true;
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
zramSwap.numDevices = 2;
|
|
||||||
|
|
||||||
# enable synaptics so we can easily disable the touchpad
|
# enable synaptics so we can easily disable the touchpad
|
||||||
# enable the touchpad with `synclient TouchpadOff=0`
|
# enable the touchpad with `synclient TouchpadOff=0`
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
{
|
{
|
||||||
nixpkgs.config.android_sdk.accept_license = true;
|
nixpkgs.config.android_sdk.accept_license = true;
|
||||||
users.users.makefu.packages = with pkgs; [
|
users.users.makefu.packages = with pkgs; [
|
||||||
mitmproxy
|
# mitmproxy
|
||||||
nmap
|
nmap
|
||||||
msf
|
msf
|
||||||
drozer
|
drozer
|
||||||
|
@ -10,7 +10,8 @@
|
|||||||
keepassx
|
keepassx
|
||||||
pcmanfm
|
pcmanfm
|
||||||
evince
|
evince
|
||||||
mirage
|
# replacement for mirage:
|
||||||
|
sxiv
|
||||||
tightvnc
|
tightvnc
|
||||||
gnome3.dconf
|
gnome3.dconf
|
||||||
xdotool
|
xdotool
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
vlc
|
vlc
|
||||||
mumble
|
mumble
|
||||||
mplayer
|
mplayer
|
||||||
quodlibet # exfalso
|
# quodlibet # exfalso
|
||||||
|
|
||||||
plowshare
|
plowshare
|
||||||
streamripper
|
streamripper
|
||||||
|
17
makefu/5pkgs/nixpkgs-pytools/default.nix
Normal file
17
makefu/5pkgs/nixpkgs-pytools/default.nix
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
{pkgs, fetchFromGitHub}:
|
||||||
|
with pkgs.python3.pkgs;
|
||||||
|
|
||||||
|
buildPythonPackage rec {
|
||||||
|
pname = "nixpkgs-pytools";
|
||||||
|
version = "1.0.0-dev";
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "nix-community";
|
||||||
|
repo = pname;
|
||||||
|
rev = "593443b5689333cad3b6fa5b42e96587df68b0f8";
|
||||||
|
sha256 = "1cjpngr1rn5q59a1krgmpq2qm96wbiirc8yf1xmm21p3mskb2db4";
|
||||||
|
};
|
||||||
|
propagatedBuildInputs = [
|
||||||
|
jinja2 setuptools
|
||||||
|
];
|
||||||
|
checkInputs = [ black ];
|
||||||
|
}
|
@ -3,12 +3,12 @@ with pkgs.python3.pkgs;
|
|||||||
|
|
||||||
buildPythonPackage rec {
|
buildPythonPackage rec {
|
||||||
pname = "prison-break";
|
pname = "prison-break";
|
||||||
version = "0.1.0";
|
version = "1.0.0";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "makefu";
|
owner = "makefu";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = "5eed6371e151e716faafa054e005bd98d77b4b5d";
|
rev = "1.0.0";
|
||||||
sha256 = "170zs9grbgkx83ghg6pm13v7vhi604y44j550ypp2x26nidaw63j";
|
sha256 = "0ab42z6qr42vz4fc077irn9ykrrylagx1dzlw8dqcanf49dxd961";
|
||||||
};
|
};
|
||||||
propagatedBuildInputs = [
|
propagatedBuildInputs = [
|
||||||
docopt
|
docopt
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config ? config, name, target ? name }: let
|
{ config ? config, name, target ? name }: let
|
||||||
krops = ../submodules/krops;
|
krops = ../submodules/krops;
|
||||||
nixpkgs-src = lib.importJSON ./nixpkgs.json;
|
nixpkgs-src = lib.importJSON ../krebs/nixpkgs.json;
|
||||||
|
|
||||||
lib = import "${krops}/lib";
|
lib = import "${krops}/lib";
|
||||||
pkgs = import "${krops}/pkgs" {};
|
pkgs = import "${krops}/pkgs" {};
|
||||||
@ -20,10 +20,6 @@
|
|||||||
} // import (./. + "/1systems/${name}/source.nix");
|
} // import (./. + "/1systems/${name}/source.nix");
|
||||||
source = { test }: lib.evalSource [
|
source = { test }: lib.evalSource [
|
||||||
{
|
{
|
||||||
# nixos-18.09 @ 2018-09-18
|
|
||||||
# + uhub/sqlite: 5dd7610401747
|
|
||||||
# + hovercraft: 7134801b17d72
|
|
||||||
# + PR#53934: eac6797380af1
|
|
||||||
nixpkgs = if host-src.arm6 then {
|
nixpkgs = if host-src.arm6 then {
|
||||||
# TODO: we want to track the unstable channel
|
# TODO: we want to track the unstable channel
|
||||||
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
|
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
|
||||||
@ -31,7 +27,7 @@
|
|||||||
derivation = ''
|
derivation = ''
|
||||||
with import <nixpkgs> {};
|
with import <nixpkgs> {};
|
||||||
pkgs.fetchFromGitHub {
|
pkgs.fetchFromGitHub {
|
||||||
owner = "makefu";
|
owner = "nixos";
|
||||||
repo = "nixpkgs";
|
repo = "nixpkgs";
|
||||||
rev = "${nixpkgs-src.rev}";
|
rev = "${nixpkgs-src.rev}";
|
||||||
sha256 = "${nixpkgs-src.sha256}";
|
sha256 = "${nixpkgs-src.sha256}";
|
||||||
@ -75,7 +71,7 @@
|
|||||||
(lib.mkIf ( host-src.home-manager ) {
|
(lib.mkIf ( host-src.home-manager ) {
|
||||||
home-manager.git = {
|
home-manager.git = {
|
||||||
url = https://github.com/rycee/home-manager;
|
url = https://github.com/rycee/home-manager;
|
||||||
ref = "4aa07c3";
|
ref = "ff602cb906e3dd5d5f89c7c1d0fae65bc67119a0";
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
@ -3,7 +3,6 @@
|
|||||||
pkgs.haskellPackages.much
|
pkgs.haskellPackages.much
|
||||||
pkgs.msmtp
|
pkgs.msmtp
|
||||||
pkgs.notmuch
|
pkgs.notmuch
|
||||||
pkgs.pythonPackages.alot
|
|
||||||
pkgs.qprint
|
pkgs.qprint
|
||||||
pkgs.w3m
|
pkgs.w3m
|
||||||
];
|
];
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
{ config, lib, pkgs, pkgs_i686, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
let
|
let
|
||||||
pkg = pkgs.pulseaudioLight;
|
pkg = pkgs.pulseaudioLight;
|
||||||
runDir = "/run/pulse";
|
runDir = "/run/pulse";
|
||||||
|
|
||||||
|
pkgs_i686 = pkgs.pkgsi686Linux;
|
||||||
|
|
||||||
support32Bit =
|
support32Bit =
|
||||||
pkgs.stdenv.isx86_64 &&
|
pkgs.stdenv.isx86_64 &&
|
||||||
pkgs_i686.alsaLib != null &&
|
pkgs_i686.alsaLib != null &&
|
||||||
|
@ -45,10 +45,9 @@ foldl' mergeAttrs {}
|
|||||||
self.callPackage ./compat/18.03/pass {
|
self.callPackage ./compat/18.03/pass {
|
||||||
pass-otp = self.callPackage ./compat/18.03/pass-otp {};
|
pass-otp = self.callPackage ./compat/18.03/pass-otp {};
|
||||||
};
|
};
|
||||||
"18.09" =
|
}.${versions.majorMinor nixpkgsVersion} or
|
||||||
super.pass.withExtensions (ext: [
|
super.pass.withExtensions (ext: [
|
||||||
ext.pass-otp
|
ext.pass-otp
|
||||||
]);
|
]);
|
||||||
}.${versions.majorMinor nixpkgsVersion};
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -51,13 +51,19 @@ let
|
|||||||
src =
|
src =
|
||||||
if stdenv.system == "i686-linux" then
|
if stdenv.system == "i686-linux" then
|
||||||
fetchurl {
|
fetchurl {
|
||||||
url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x86.deb.tar.gz";
|
urls = [
|
||||||
sha256 = "16xv1pdfm2ryis815fawb7zqg6c4swww726g272ssx044r5dp80r";
|
"https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x86/imagescan-bundle-debian-9-3.55.0.x86.deb.tar.gz"
|
||||||
|
"http://ni.r/~tv/mirrors/epson/imagescan-bundle-debian-9-3.55.0.x86.deb.tar.gz"
|
||||||
|
];
|
||||||
|
sha256 = "12syk4y8z22hm9r1lgxqp81vd24jbqgmq83b7yiyqfd4wfxb6k3s";
|
||||||
}
|
}
|
||||||
else if stdenv.system == "x86_64-linux" then
|
else if stdenv.system == "x86_64-linux" then
|
||||||
fetchurl {
|
fetchurl {
|
||||||
url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x64.deb.tar.gz";
|
urls = [
|
||||||
sha256 = "0zik35h2jwrvkwcmq55wc72imidwdnmn1bayhypzhjcz61rasjg2";
|
"https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-3.55.0.x64.deb.tar.gz"
|
||||||
|
"http://ni.r/~tv/mirrors/epson/imagescan-bundle-debian-9-3.55.0.x64.deb.tar.gz"
|
||||||
|
];
|
||||||
|
sha256 = "1wp372hqhzdar6ldxy7s9js2s872x8c5nwq3608dwg9gca11ppc5";
|
||||||
}
|
}
|
||||||
else throw "${name} is not supported on ${stdenv.system} (only i686-linux and x86_64 linux are supported)";
|
else throw "${name} is not supported on ${stdenv.system} (only i686-linux and x86_64 linux are supported)";
|
||||||
|
|
||||||
@ -92,7 +98,7 @@ let
|
|||||||
license = stdenv.lib.licenses.eapl;
|
license = stdenv.lib.licenses.eapl;
|
||||||
maintainers = [ stdenv.lib.maintainers.tv ];
|
maintainers = [ stdenv.lib.maintainers.tv ];
|
||||||
platforms = stdenv.lib.platforms.linux;
|
platforms = stdenv.lib.platforms.linux;
|
||||||
version = "1.1.0";
|
version = "1.1.2";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -102,8 +108,11 @@ stdenv.mkDerivation rec {
|
|||||||
name = "utsushi-${meta.version}";
|
name = "utsushi-${meta.version}";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "http://support.epson.net/linux/src/scanner/imagescanv3/debian/imagescan_${meta.version}.orig.tar.gz";
|
urls = [
|
||||||
sha256 = "1gmiimwkcyzbkfr25vzqczjhgh90fgxd96agbnkpf9gah1mpd6qj";
|
"http://support.epson.net/linux/src/scanner/imagescanv3/debian/imagescan_${meta.version}.orig.tar.gz"
|
||||||
|
"http://ni.r/~tv/mirrors/epson/imagescan_${meta.version}.orig.tar.gz"
|
||||||
|
];
|
||||||
|
sha256 = "0xwl4xp07cigslbi1qc52jsjvxcyvjlx54g812mn7211p01v2h4l";
|
||||||
};
|
};
|
||||||
|
|
||||||
preConfigure = ''
|
preConfigure = ''
|
||||||
@ -203,6 +212,6 @@ stdenv.mkDerivation rec {
|
|||||||
license = stdenv.lib.licenses.gpl3;
|
license = stdenv.lib.licenses.gpl3;
|
||||||
maintainers = [ stdenv.lib.maintainers.tv ];
|
maintainers = [ stdenv.lib.maintainers.tv ];
|
||||||
platforms = stdenv.lib.platforms.linux;
|
platforms = stdenv.lib.platforms.linux;
|
||||||
version = "3.54.0";
|
version = "3.55.0";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user