Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master' (despite bad style)

Browse Source
This commit is contained in:
tv 2018-05-09 11:07:27 +02:00
commit 3f3c12dcd0
77 changed files with 1405 additions and 786 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
jeschli/1systems/bln/config.nix
View File

@ -1,13 +1,15 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
# bln config file # bln config file
{ {
imports = imports = [
[ <stockholm/jeschli> ./hardware-configuration.nix
<stockholm/jeschli/2configs/virtualbox.nix> <stockholm/jeschli>
<stockholm/jeschli/2configs/urxvt.nix> <stockholm/jeschli/2configs/virtualbox.nix>
<stockholm/jeschli/2configs/emacs.nix> <stockholm/jeschli/2configs/urxvt.nix>
./hardware-configuration.nix <stockholm/jeschli/2configs/emacs.nix>
]; <stockholm/jeschli/2configs/xdg.nix>
<stockholm/jeschli/2configs/xserver>
];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
@ -91,18 +93,17 @@
services.printing.drivers = [ pkgs.postscript-lexmark ]; services.printing.drivers = [ pkgs.postscript-lexmark ];
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.windowManager.xmonad.enable = true; # services.xserver.windowManager.xmonad.enable = true;
services.xserver.windowManager.xmonad.enableContribAndExtras = true; # services.xserver.windowManager.xmonad.enableContribAndExtras = true;
services.xserver.displayManager.sddm.enable = true; # services.xserver.displayManager.sddm.enable = true;
services.xserver.dpi = 100; # services.xserver.dpi = 100;
fonts.fontconfig.dpi = 100; # fonts.fontconfig.dpi = 100;
users.extraUsers.jeschli = { users.extraUsers.jeschli = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["docker" "vboxusers"]; extraGroups = ["docker" "vboxusers" "audio"];
uid = 1000; uid = 1000;
}; };
@ -122,15 +123,17 @@
# DCSO Certificates # DCSO Certificates
security.pki.certificateFiles = [ security.pki.certificateFiles = [
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
]; ];
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
krebs.build.host = config.krebs.hosts.bln; krebs.build.host = config.krebs.hosts.bln;
} }

2
jeschli/1systems/bln/hardware-configuration.nix
View File

@ -30,4 +30,6 @@
nix.maxJobs = lib.mkDefault 8; nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = "powersave"; powerManagement.cpuFreqGovernor = "powersave";
hardware.pulseaudio.enable = true;
} }

30
jeschli/1systems/brauerei/config.nix
View File

@ -6,6 +6,8 @@
./hardware-configuration.nix ./hardware-configuration.nix
<stockholm/jeschli/2configs/urxvt.nix> <stockholm/jeschli/2configs/urxvt.nix>
<stockholm/jeschli/2configs/emacs.nix> <stockholm/jeschli/2configs/emacs.nix>
<stockholm/jeschli/2configs/xdg.nix>
<stockholm/jeschli/2configs/xserver>
]; ];
krebs.build.host = config.krebs.hosts.brauerei; krebs.build.host = config.krebs.hosts.brauerei;
@ -57,7 +59,6 @@
terminator terminator
tmux tmux
wget wget
# rxvt_unicode
# editors # editors
emacs emacs
# internet # internet
@ -65,6 +66,7 @@
chromium chromium
google-chrome google-chrome
# programming languages # programming languages
exercism
go go
gcc gcc
ghc ghc
@ -73,6 +75,9 @@
# go tools # go tools
golint golint
gotools gotools
# rust
cargo
rustc
# dev tools # dev tools
gnumake gnumake
jetbrains.pycharm-professional jetbrains.pycharm-professional
@ -105,8 +110,8 @@
# services.printing.enable = true; # services.printing.enable = true;
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver.enable = true; # services.xserver.enable = true;
services.xserver.layout = "us"; # services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e"; # services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support. # Enable touchpad support.
@ -115,18 +120,18 @@
# Enable the KDE Desktop Environment. # Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true; # services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true; # services.xserver.desktopManager.plasma5.enable = true;
services.xserver.displayManager.sddm.enable = true; # services.xserver.displayManager.sddm.enable = true;
services.xserver.windowManager.xmonad.enable = true; # services.xserver.windowManager.xmonad.enable = true;
services.xserver.windowManager.xmonad.enableContribAndExtras = true; # services.xserver.windowManager.xmonad.enableContribAndExtras = true;
# #
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.extraUsers.jeschli = { users.extraUsers.jeschli = { # TODO: define as krebs.users
isNormalUser = true; isNormalUser = true;
uid = 1000; uid = 1000;
}; };
users.extraUsers.jamie = { users.extraUsers.jamie = {
isNormalUser = true; isNormalUser = true;
uid = 1001; uid = 1001; # TODO genid
}; };
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
@ -139,4 +144,11 @@
# should. # should.
system.stateVersion = "17.09"; # Did you read the comment? system.stateVersion = "17.09"; # Did you read the comment?
hardware.trackpoint = {
enable = true;
sensitivity = 220;
speed = 0;
emulateWheel = true;
};
} }

31
jeschli/2configs/emacs.nix
View File

@ -31,6 +31,7 @@ let
(scroll-bar-mode -1) ; Disable scroll bar (scroll-bar-mode -1) ; Disable scroll bar
(setq inhibit-startup-screen t) ; Disable startup screen with graphics (setq inhibit-startup-screen t) ; Disable startup screen with graphics
(setq-default indent-tabs-mode nil) ; Use spaces instead of tabs (setq-default indent-tabs-mode nil) ; Use spaces instead of tabs
(setq default-tab-width 2) ; Two spaces is a tab
(setq tab-width 2) ; Four spaces is a tab (setq tab-width 2) ; Four spaces is a tab
(setq visible-bell nil) ; Disable annoying visual bell graphic (setq visible-bell nil) ; Disable annoying visual bell graphic
(setq ring-bell-function 'ignore) ; Disable super annoying audio bell (setq ring-bell-function 'ignore) ; Disable super annoying audio bell
@ -45,30 +46,26 @@ let
(setq org-agenda-files (quote ("~/projects/notes"))) (setq org-agenda-files (quote ("~/projects/notes")))
) )
''; '';
emacsFile = '' recentFiles = ''
${packageRepos} (recentf-mode 1)
${windowCosmetics} (setq recentf-max-menu-items 25)
(custom-set-variables (global-set-key "\C-x\ \C-r" 'recentf-open-files)
;; custom-set-variables was added by Custom.
;; If you edit it by hand, you could mess it up, so be careful.
;; Your init file should contain only one such instance.
;; If there is more than one, they won't work right.
'(inhibit-startup-screen t)
'(org-agenda-files nil)
'(package-selected-packages
(quote
(smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme))))
${orgMode}
''; '';
dotEmacs = pkgs.writeText "dot-emacs" emacsFile; dotEmacs = pkgs.writeText "dot-emacs" ''
emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ ${packageRepos}
${orgMode}
${recentFiles}
${windowCosmetics}
'';
emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
epkgs.melpaStablePackages.magit epkgs.melpaStablePackages.magit
epkgs.melpaPackages.mmm-mode epkgs.melpaPackages.mmm-mode
epkgs.melpaPackages.nix-mode epkgs.melpaPackages.nix-mode
epkgs.melpaPackages.go-mode epkgs.melpaPackages.go-mode
epkgs.melpaPackages.google-this
]); ]);
myEmacs = pkgs.writeDashBin "my-emacs" '' myEmacs = pkgs.writeDashBin "my-emacs" ''
exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} "$@"
''; '';
in { in {
environment.systemPackages = [ environment.systemPackages = [

14
jeschli/2configs/xdg.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
systemd.tmpfiles.rules = let
forUsers = flip map users;
isUser = { name, group, ... }:
name == "root" || hasSuffix "users" group;
users = filter isUser (mapAttrsToList (_: id) config.users.users);
in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -");
}

27
jeschli/2configs/xserver/Xmodmap.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
pkgs.writeText "Xmodmap" ''
!keycode 66 = Caps_Lock
!remove Lock = Caps_Lock
clear Lock
! caps lock
keycode 66 = Mode_switch
keycode 13 = 4 dollar EuroSign cent
keycode 30 = u U udiaeresis Udiaeresis
keycode 32 = o O odiaeresis Odiaeresis
keycode 38 = a A adiaeresis Adiaeresis
keycode 39 = s S ssharp
keycode 33 = p P Greek_pi Greek_PI
keycode 46 = l L Greek_lambda Greek_LAMBDA
keycode 54 = c C cacute Cacute
! BULLET OPERATOR
keycode 17 = 8 asterisk U2219
keycode 27 = r R r U211D
''

56
jeschli/2configs/xserver/Xresources.nix Normal file
View File

@ -0,0 +1,56 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
pkgs.writeText "Xresources" /* xdefaults */ ''
Xcursor.theme: aero-large-drop
Xcursor.size: 128
Xft.dpi: 144
URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}"
URxvt*eightBitInput: false
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
URxvt*scrollBar: false
URxvt*background: #050505
URxvt*foreground: #d0d7d0
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
URxvt*jumpScroll: true
URxvt*allowSendEvents: false
URxvt*charClass: 33:48,37:48,45-47:48,64:48,38:48,61:48,63:48
URxvt*cutNewline: False
URxvt*cutToBeginningOfLine: False
URxvt*color0: #232342
URxvt*color3: #c07000
URxvt*color4: #4040c0
URxvt*color7: #c0c0c0
URxvt*color8: #707070
URxvt*color9: #ff6060
URxvt*color10: #70ff70
URxvt*color11: #ffff70
URxvt*color12: #7070ff
URxvt*color13: #ff50ff
URxvt*color14: #70ffff
URxvt*color15: #ffffff
URxvt*iso14755: False
URxvt*urgentOnBell: True
URxvt*visualBell: True
! ref https://github.com/muennich/urxvt-perls
URxvt*perl-ext: default,url-select
URxvt*keysym.M-u: perl:url-select:select_next
URxvt*url-select.underline: true
URxvt*colorUL: #4682B4
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt*saveLines: 10000
root-urxvt*background: #230000
root-urxvt*foreground: #e0c0c0
root-urxvt*BorderColor: #400000
root-urxvt*color0: #800000
''

144
jeschli/2configs/xserver/default.nix Normal file
View File

@ -0,0 +1,144 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
cfg = {
cacheDir = cfg.dataDir;
configDir = "/var/empty";
dataDir = "/run/xdg/${cfg.user.name}/xmonad";
user = config.krebs.users.jeschli;
};
in {
environment.systemPackages = [
pkgs.font-size
pkgs.gitAndTools.qgit
pkgs.mpv
pkgs.sxiv
pkgs.xdotool
pkgs.xsel
pkgs.zathura
];
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
# TODO dedicated group, i.e. with a single user [per-user-setuid]
# TODO krebs.setuid.slock.path vs /run/wrappers/bin
krebs.setuid.slock = {
filename = "${pkgs.slock}/bin/slock";
group = "wheel";
envp = {
DISPLAY = ":${toString config.services.xserver.display}";
USER = cfg.user.name;
};
};
services.xserver = {
# Don't install feh into systemPackages
# refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
desktopManager.session = mkForce [];
enable = true;
display = 11;
tty = 11;
dpi = 200;
videoDrivers = [ "nvidia" ];
synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
};
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
XMONAD_CACHE_DIR = cfg.cacheDir;
XMONAD_CONFIG_DIR = cfg.configDir;
XMONAD_DATA_DIR = cfg.dataDir;
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} &
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
wait
'';
# XXX JSON is close enough :)
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
"dashboard" # we start here
"stockholm"
"pycharm"
"chromium"
"iRC"
"git"
"hipbird"
]);
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [
"\${XMONAD_CACHE_DIR}"
"\${XMONAD_CONFIG_DIR}"
"\${XMONAD_DATA_DIR}"
]}";
ExecStart = "${pkgs.xmonad-jeschli}/bin/xmonad";
ExecStop = "${pkgs.xmonad-jeschli}/bin/xmonad --shutdown";
User = cfg.user.name;
WorkingDirectory = cfg.user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString config.services.xserver.display}"
"vt${toString config.services.xserver.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
];
};
};
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = cfg.user.name;
};
};
}

40
jeschli/2configs/xserver/xserver.conf.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

4
jeschli/2configs/zsh.nix
View File

@ -53,8 +53,8 @@
eval $(dircolors -b ${pkgs.fetchFromGitHub { eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r"; owner = "trapd00r";
repo = "LS_COLORS"; repo = "LS_COLORS";
rev = "master"; rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
}}/LS_COLORS) }}/LS_COLORS)
#beautiful colors #beautiful colors

11
jeschli/5pkgs/default.nix Normal file
View File

@ -0,0 +1,11 @@
with import <stockholm/lib>;
self: super:
# Import files and subdirectories like they are overlays.
foldl' mergeAttrs {}
(map
(name: import (./. + "/${name}") self super)
(filter
(name: name != "default.nix" && !hasPrefix "." name)
(attrNames (readDir ./.))))

24
jeschli/5pkgs/simple/default.nix Normal file
View File

@ -0,0 +1,24 @@
with import <stockholm/lib>;
self: super:
let
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
override = self.callPackage path args;
upstream = optionalAttrs (override ? "name")
(super.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
override ? "name" &&
compareVersions upstream.name override.name != -1
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
else override;
in
listToAttrs
(map
(name: nameValuePair (removeSuffix ".nix" name)
(callPackage (./. + "/${name}") {}))
(filter
(name: name != "default.nix" && !hasPrefix "." name)
(attrNames (readDir ./.))))

296
jeschli/5pkgs/simple/xmonad-jeschli/default.nix Normal file
View File

@ -0,0 +1,296 @@
{ pkgs, ... }:
pkgs.writeHaskell "xmonad-jeschli" {
executables.xmonad = {
extra-depends = [
"containers"
"extra"
"unix"
"X11"
"xmonad"
"xmonad-contrib"
"xmonad-stockholm"
];
text = /* haskell */ ''
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE ScopedTypeVariables #-}
module Main where
import Control.Exception
import Control.Monad.Extra (whenJustM)
import Graphics.X11.ExtraTypes.XF86
import Text.Read (readEither)
import XMonad
import System.IO (hPutStrLn, stderr)
import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv)
import System.Posix.Process (executeFile)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
, removeEmptyWorkspace)
import XMonad.Actions.GridSelect
import XMonad.Actions.CycleWS (toggleWS)
--import XMonad.Actions.CopyWindow ( copy )
import XMonad.Layout.NoBorders ( smartBorders )
import qualified XMonad.StackSet as W
import Data.Map (Map)
import qualified Data.Map as Map
-- TODO import XMonad.Layout.WorkspaceDir
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
-- import XMonad.Layout.Tabbed
--import XMonad.Layout.MouseResizableTile
import XMonad.Layout.Reflect (reflectVert)
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.SetWMName
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
import XMonad.Layout.PerWorkspace (onWorkspace)
--import XMonad.Layout.BinarySpacePartition
--import XMonad.Actions.Submap
import XMonad.Stockholm.Pager
import XMonad.Stockholm.Rhombus
import XMonad.Stockholm.Shutdown
amixerPath :: FilePath
amixerPath = "${pkgs.alsaUtils}/bin/amixer"
urxvtcPath :: FilePath
urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc"
myFont :: String
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
main :: IO ()
main = getArgs >>= \case
["--shutdown"] -> sendShutdownEvent
_ -> mainNoArgs
mainNoArgs :: IO ()
mainNoArgs = do
workspaces0 <- getWorkspaces0
xmonad
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
-- urgencyConfig { remindWhen = Every 1 }
-- $ withUrgencyHook borderUrgencyHook "magenta"
-- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def
{ terminal = urxvtcPath
, modMask = mod4Mask
, keys = myKeys
, workspaces = workspaces0
, layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
--, handleEventHook = handleTimerEvent
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook = do
setWMName "LG3D"
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing)
, normalBorderColor = "#1c1c1c"
, focusedBorderColor = "#f000b0"
, handleEventHook = handleShutdownEvent
}
getWorkspaces0 :: IO [String]
getWorkspaces0 =
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
Left e -> warn (displaySomeException e)
Right p -> try (readFile p) >>= \case
Left e -> warn (displaySomeException e)
Right x -> case readEither x of
Left e -> warn e
Right y -> return y
where
warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
displaySomeException :: SomeException -> String
displaySomeException = displayException
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
forkFile path args env =
xfork (executeFile path False args env) >> return ()
spawnRootTerm :: X ()
spawnRootTerm =
forkFile
urxvtcPath
["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"]
Nothing
spawnTermAt :: String -> X ()
spawnTermAt ws = do
env <- liftIO getEnvironment
let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
forkFile urxvtcPath [] (Just env')
myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
myKeys conf = Map.fromList $
[ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing)
, ((_4S , xK_c ), kill)
, ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing)
, ((_4 , xK_x ), chooseAction spawnTermAt)
, ((_4C , xK_x ), spawnRootTerm)
--, ((_4 , xK_F1 ), withFocused jojo)
--, ((_4 , xK_F1 ), printAllGeometries)
, ((0 , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
, ((_S , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
, ((_C , xK_Print ), toggleWS)
, ((_4 , xK_Print ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] )
-- %! Rotate through the available layout algorithms
, ((_4 , xK_space ), sendMessage NextLayout)
, ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout
---- BinarySpacePartition
--, ((_4 , xK_l), sendMessage $ ExpandTowards R)
--, ((_4 , xK_h), sendMessage $ ExpandTowards L)
--, ((_4 , xK_j), sendMessage $ ExpandTowards D)
--, ((_4 , xK_k), sendMessage $ ExpandTowards U)
--, ((_4S , xK_l), sendMessage $ ShrinkFrom R)
--, ((_4S , xK_h), sendMessage $ ShrinkFrom L)
--, ((_4S , xK_j), sendMessage $ ShrinkFrom D)
--, ((_4S , xK_k), sendMessage $ ShrinkFrom U)
--, ((_4 , xK_n), sendMessage Rotate)
--, ((_4S , xK_n), sendMessage Swap)
---- mouseResizableTile
--, ((_4 , xK_u), sendMessage ShrinkSlave)
--, ((_4 , xK_i), sendMessage ExpandSlave)
-- move focus up or down the window stack
--, ((_4 , xK_m ), windows W.focusMaster)
, ((_4 , xK_j ), windows W.focusDown)
, ((_4 , xK_k ), windows W.focusUp)
-- modifying the window order
, ((_4S , xK_m ), windows W.swapMaster)
, ((_4S , xK_j ), windows W.swapDown)
, ((_4S , xK_k ), windows W.swapUp)
-- resizing the master/slave ratio
, ((_4 , xK_h ), sendMessage Shrink) -- %! Shrink the master area
, ((_4 , xK_l ), sendMessage Expand) -- %! Expand the master area
-- floating layer support
, ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling
-- increase or decrease number of windows in the master area
, ((_4 , xK_comma ), sendMessage $ IncMasterN 1)
, ((_4 , xK_period ), sendMessage $ IncMasterN (-1))
, ((_4 , xK_a ), addWorkspacePrompt def)
, ((_4 , xK_r ), renameWorkspace def)
, ((_4 , xK_Delete ), removeEmptyWorkspace)
, ((_4 , xK_Return ), toggleWS)
--, (0 , xK_Print ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
--, (_4 , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
--, (_4S , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.shift)
--, (_4 , xK_b ) & \k -> (k, goToSelected wGSConfig { gs_navigate = makeGSNav k })
, ((noModMask, xF86XK_AudioLowerVolume), amixer ["sset", "Master", "5%-"])
, ((noModMask, xF86XK_AudioRaiseVolume), amixer ["sset", "Master", "5%+"])
, ((noModMask, xF86XK_AudioMute), amixer ["sset", "Master", "toggle"])
]
where
_4 = mod4Mask
_C = controlMask
_S = shiftMask
_M = mod1Mask
_4C = _4 .|. _C
_4S = _4 .|. _S
_4M = _4 .|. _M
_4CM = _4 .|. _C .|. _M
_4SM = _4 .|. _S .|. _M
amixer args = forkFile amixerPath args Nothing
pagerConfig :: PagerConfig
pagerConfig = def
{ pc_font = myFont
, pc_cellwidth = 256
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
--, pc_borderwidth = 1
--, pc_matchcolor = "#f0b000"
, pc_matchmethod = MatchPrefix
--, pc_colors = pagerWorkspaceColors
, pc_windowColors = windowColors
}
where
windowColors _ _ _ True _ = ("#ef4242","#ff2323")
windowColors wsf m c u wf = do
let y = defaultWindowColors wsf m c u wf
if m == False && wf == True
then ("#402020", snd y)
else y
horseConfig :: RhombusConfig
horseConfig = def
{ rc_font = myFont
, rc_cellwidth = 64
--, rc_cellheight = 36 -- TODO automatically keep screen aspect
--, rc_borderwidth = 1
--, rc_matchcolor = "#f0b000"
, rc_matchmethod = MatchPrefix
--, rc_colors = pagerWorkspaceColors
--, rc_paint = myPaint
}
wGSConfig :: GSConfig Window
wGSConfig = def
{ gs_cellheight = 20
, gs_cellwidth = 192
, gs_cellpadding = 5
, gs_font = myFont
, gs_navigate = navNSearch
}
-- wsGSConfig = def
-- { gs_cellheight = 20
-- , gs_cellwidth = 64
-- , gs_cellpadding = 5
-- , gs_font = myFont
-- , gs_navigate = navNSearch
-- }
-- custom navNSearch
--makeGSNav :: (KeyMask, KeySym) -> TwoD a (Maybe a)
--makeGSNav esc = nav
-- where
-- nav = makeXEventhandler $ shadowWithKeymap keyMap navNSearchDefaultHandler
-- keyMap = Map.fromList
-- [ (esc , cancel)
-- , ((0,xK_Escape) , cancel)
-- , ((0,xK_Return) , select)
-- , ((0,xK_Left) , move (-1, 0) >> nav)
-- , ((0,xK_Right) , move ( 1, 0) >> nav)
-- , ((0,xK_Down) , move ( 0, 1) >> nav)
-- , ((0,xK_Up) , move ( 0,-1) >> nav)
-- , ((0,xK_BackSpace) , transformSearchString (\s -> if (s == "") then "" else init s) >> nav)
-- ]
-- -- The navigation handler ignores unknown key symbols, therefore we const
-- navNSearchDefaultHandler (_,s,_) = do
-- transformSearchString (++ s)
-- nav
(&) :: a -> (a -> c) -> c
(&) = flip ($)
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
allWorkspaceNames ws =
return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
'';
};
}

6
jeschli/default.nix
View File

@ -1,9 +1,9 @@
_: { pkgs, ... }:
{ {
imports = [ imports = [
../krebs ../krebs
./2configs ./2configs
# ./3modules
# ./5pkgs
]; ];
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
} }

41
krebs/1systems/hope/config.nix
View File

@ -1,41 +0,0 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: let
ip = config.krebs.build.host.nets.internet.ip4.addr;
bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
in {
imports = [
<stockholm/krebs>
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
<stockholm/krebs/2configs/secret-passwords.nix>
{
users.extraUsers = {
satan = {
name = "satan";
uid = 1338;
home = "/home/satan";
group = "users";
createHome = true;
useDefaultShell = true;
initialPassword = "test";
};
};
}
];
krebs.build.host = config.krebs.hosts.hope;
networking = let
address = config.krebs.build.host.nets.internet.ip4.addr;
in {
defaultGateway = bestGuessGateway address;
interfaces.enp2s1.ip4 = singleton {
inherit address;
prefixLength = 24;
};
nameservers = ["8.8.8.8"];
};
}

3
krebs/1systems/hope/source.nix
View File

@ -1,3 +0,0 @@
import <stockholm/krebs/source.nix> {
name = "hope";
}

1
krebs/1systems/hotdog/config.nix
View File

@ -21,4 +21,5 @@
boot.isContainer = true; boot.isContainer = true;
networking.useDHCP = false; networking.useDHCP = false;
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm"; krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
environment.variables.NIX_REMOTE = "daemon";
} }

22
krebs/1systems/onebutton/config.nix
View File

@ -1,33 +1,34 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
# :l <nixpkgs>
# builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
imports = [ imports = [
<stockholm/krebs> <stockholm/krebs>
<stockholm/krebs/2configs> <stockholm/krebs/2configs>
{ # minimal disk usage { # flag to rebuild everything yourself:
environment.noXlibs = true; # environment.noXlibs = true;
# minimal disk usage
nix.gc.automatic = true; nix.gc.automatic = true;
nix.gc.dates = "03:10"; nix.gc.dates = "03:10";
programs.info.enable = false; documentation.man.enable = false;
programs.man.enable = false; documentation.info.enable = false;
services.journald.extraConfig = "SystemMaxUse=50M";
services.nixosManual.enable = false; services.nixosManual.enable = false;
services.journald.extraConfig = "SystemMaxUse=50M";
} }
]; ];
krebs.build.host = config.krebs.hosts.onebutton; krebs.build.host = config.krebs.hosts.onebutton;
# NixOS wants to enable GRUB by default # NixOS wants to enable GRUB by default
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf # Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true; boot.loader.generic-extlinux-compatible.enable = true;
# !!! If your board is a Raspberry Pi 1, select this:
boot.kernelPackages = pkgs.linuxPackages_rpi; boot.kernelPackages = pkgs.linuxPackages_rpi;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
# !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
# boot.kernelParams = ["cma=32M"];
fileSystems = { fileSystems = {
"/boot" = { "/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT"; device = "/dev/disk/by-label/NIXOS_BOOT";
@ -41,4 +42,7 @@
swapDevices = [ { device = "/swapfile"; size = 1024; } ]; swapDevices = [ { device = "/swapfile"; size = 1024; } ];
services.openssh.enable = true; services.openssh.enable = true;
networking.wireless.enable = true;
hardware.enableRedistributableFirmware = true;
} }

3
krebs/2configs/news-spam.nix
View File

@ -2,6 +2,7 @@
{ {
krebs.newsbot-js.news-spam = { krebs.newsbot-js.news-spam = {
urlShortenerHost = "go.lassul.us";
feeds = pkgs.writeText "feeds" '' feeds = pkgs.writeText "feeds" ''
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews [SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews [SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
@ -120,7 +121,7 @@
[SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews [SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
[SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews [SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews
[SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews [SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
[SPAM]shackspace|http://blog.shackspace.de/?feed=rss2|#snews [SPAM]shackspace|http://shackspace.de/atom.xml|#snews
[SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews [SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
[SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews [SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
[SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews [SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews

2
krebs/2configs/news.nix
View File

@ -11,7 +11,7 @@
painload|https://github.com/krebscode/painload/commits/master.atom|#news painload|https://github.com/krebscode/painload/commits/master.atom|#news
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
shackspace|http://blog.shackspace.de/?feed=rss2|#news shackspace|http://shackspace.de/atom.xml|#news
tinc|http://tinc-vpn.org/news/index.rss|#news tinc|http://tinc-vpn.org/news/index.rss|#news
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
weechat|http://dev.weechat.org/feed/atom|#news weechat|http://dev.weechat.org/feed/atom|#news

85
krebs/2configs/shack/worlddomination.nix
View File

@ -2,8 +2,56 @@
with import <stockholm/lib>; with import <stockholm/lib>;
let let
pkg = pkgs.stdenv.mkDerivation {
name = "worlddomination-2018-04-21";
src = pkgs.fetchgit {
url = "https://github.com/shackspace/worlddomination/";
rev = "1b32403b9";
sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i";
};
buildInputs = [
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
docopt
LinkHeader
aiocoap
grequests
paramiko
python
]))
];
installPhase = ''
install -m755 -D backend/push_led.py $out/bin/push-led
install -m755 -D backend/loop_single.py $out/bin/loop-single
# copy the provided file to the package
install -m755 -D backend/wd.lst $out/${wdpath}
'';
};
pythonPackages = pkgs.python3Packages; pythonPackages = pkgs.python3Packages;
# https://github.com/chrysn/aiocoap # https://github.com/chrysn/aiocoap
grequests = pythonPackages.buildPythonPackage rec {
pname = "grequests";
version = "0.3.1";
name = "${pname}-${version}";
src = pkgs.fetchFromGitHub {
owner = "kennethreitz";
repo = "grequests";
rev = "d1e70eb";
sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc";
};
doCheck = false;
propagatedBuildInputs = with pythonPackages; [ requests gevent ];
meta = with lib;{
description = "Asynchronous HTTP requests";
homepage = https://github.com/kennethreitz/grequests;
license = with licenses; [ bsd2 ];
maintainers = with maintainers; [ matejc ];
};
};
aiocoap = pythonPackages.buildPythonPackage { aiocoap = pythonPackages.buildPythonPackage {
name = "aiocoap-0.3"; name = "aiocoap-0.3";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
@ -25,32 +73,9 @@ let
description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
}; };
}; };
pkg = pkgs.stdenv.mkDerivation {
name = "worlddomination-2017-06-10";
src = pkgs.fetchgit {
url = "https://github.com/shackspace/worlddomination/";
rev = "72fc9b5";
sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf";
};
buildInputs = [
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
docopt
LinkHeader
aiocoap
requests
paramiko
python
]))
];
installPhase = ''
install -m755 -D backend/push_led.py $out/bin/push-led
install -m755 -D backend/loop_single.py $out/bin/loop-single
# copy the provided file to the package
install -m755 -D backend/wd.lst $out/${wdpath}
'';
};
wdpath = "/usr/worlddomination/wd.lst"; wdpath = "/usr/worlddomination/wd.lst";
esphost = "10.42.24.7"; # esp8266 esphost = "10.42.24.7"; # esp8266
afrihost = "10.42.25.201"; # africa
timeout = 10; # minutes timeout = 10; # minutes
in { in {
systemd.services.worlddomination = { systemd.services.worlddomination = {
@ -64,4 +89,16 @@ in {
PermissionsStartOnly = true; PermissionsStartOnly = true;
}; };
}; };
systemd.services.worlddomination-africa = {
description = "run worlddomination africa";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody"; # TODO separate user
ExecStart = "${pkg}/bin/push-led ${afrihost} ${pkg}/${wdpath} loop ${toString timeout}";
Restart = "always";
PrivateTmp = true;
PermissionsStartOnly = true;
};
};
} }

32
krebs/3modules/krebs/default.nix
View File

@ -30,38 +30,6 @@ let
}); });
in { in {
hosts = { hosts = {
hope = {
ci = true;
owner = config.krebs.users.krebs;
nets = {
internet = {
ip4.addr = "45.62.225.18";
aliases = [
"hope.i"
];
ssh.port = 45621;
};
retiolum = {
ip4.addr = "10.243.77.4";
ip6.addr = "42:0:0:0:0:0:77:4";
aliases = [
"hope.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
};
hotdog = { hotdog = {
ci = true; ci = true;
owner = config.krebs.users.krebs; owner = config.krebs.users.krebs;

95
krebs/3modules/lass/default.nix
View File

@ -9,6 +9,7 @@ with import <stockholm/lib>;
hosts = mapAttrs (_: recursiveUpdate { hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass; owner = config.krebs.users.lass;
ci = true; ci = true;
monitoring = true;
}) { }) {
dishfire = { dishfire = {
cores = 4; cores = 4;
@ -43,39 +44,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
}; };
echelon = {
cores = 2;
nets = rec {
internet = {
ip4.addr = "64.137.242.41";
aliases = [
"echelon.i"
];
ssh.port = 45621;
};
retiolum = {
via = internet;
ip4.addr = "10.243.206.103";
ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763";
aliases = [
"echelon.r"
"cgit.echelon.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
};
prism = rec { prism = rec {
cores = 4; cores = 4;
extraZones = { extraZones = {
@ -86,14 +54,18 @@ with import <stockholm/lib>;
"lassul.us" = '' "lassul.us" = ''
$TTL 3600 $TTL 3600
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300) @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
60 IN NS ns16.ovh.net. 60 IN NS ns16.ovh.net.
60 IN NS dns16.ovh.net. 60 IN NS dns16.ovh.net.
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT v=spf1 mx a:lassul.us -all
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
io 60 IN NS ions.lassul.us. default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
''; '';
}; };
nets = rec { nets = rec {
@ -149,6 +121,7 @@ with import <stockholm/lib>;
}; };
domsen-nas = { domsen-nas = {
ci = false; ci = false;
monitoring = false;
external = true; external = true;
nets = rec { nets = rec {
internet = { internet = {
@ -161,6 +134,7 @@ with import <stockholm/lib>;
}; };
}; };
uriel = { uriel = {
monitoring = false;
cores = 1; cores = 1;
nets = { nets = {
gg23 = { gg23 = {
@ -399,10 +373,12 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
}; };
iso = { iso = {
monitoring = false;
ci = false; ci = false;
cores = 1; cores = 1;
}; };
sokrateslaptop = { sokrateslaptop = {
monitoring = false;
ci = false; ci = false;
external = true; external = true;
nets = { nets = {
@ -426,6 +402,7 @@ with import <stockholm/lib>;
}; };
}; };
turingmachine = { turingmachine = {
monitoring = false;
ci = false; ci = false;
external = true; external = true;
nets = { nets = {
@ -454,6 +431,7 @@ with import <stockholm/lib>;
}; };
}; };
eddie = { eddie = {
monitoring = false;
ci = false; ci = false;
external = true; external = true;
nets = rec { nets = rec {
@ -494,6 +472,7 @@ with import <stockholm/lib>;
}; };
}; };
borg = { borg = {
monitoring = false;
ci = false; ci = false;
external = true; external = true;
nets = { nets = {
@ -521,6 +500,7 @@ with import <stockholm/lib>;
}; };
}; };
inspector = { inspector = {
monitoring = false;
ci = false; ci = false;
external = true; external = true;
nets = rec { nets = rec {
@ -552,6 +532,7 @@ with import <stockholm/lib>;
}; };
}; };
dpdkm = { dpdkm = {
monitoring = false;
ci = false; ci = false;
external = true; external = true;
nets = rec { nets = rec {
@ -659,6 +640,37 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
}; };
red = {
monitoring = false;
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.0.13";
ip6.addr = "42:0:0:0:0:0:0:12ed";
aliases = [
"red.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
};
}; };
users = { users = {
lass = { lass = {
@ -686,6 +698,7 @@ with import <stockholm/lib>;
lass-icarus = { lass-icarus = {
mail = "lass@icarus.r"; mail = "lass@icarus.r";
pubkey = builtins.readFile ./ssh/icarus.rsa; pubkey = builtins.readFile ./ssh/icarus.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/icarus.pgp;
}; };
lass-xerxes = { lass-xerxes = {
mail = "lass@xerxes.r"; mail = "lass@xerxes.r";

51
krebs/3modules/lass/pgp/icarus.pgp Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFpqAGEBEADWiwVYVFXuK9kM7Y1XFL70jb2ZAZBRIpcZF81URMDFhm6ulvHq
fEhXTpiKKmfnv5Mz6r6wAWLJFKOKZuEvg8NwplRrlBHMkR3iEx4+7sP/dVey7U6f
+gI61ytFHTOKr52gstPVdXO3xhNmdrAI1hFuF2DxoXKloz8tPP92dZcCdm7+5C+2
KSYEBrIp/Zv1cjkbAFwek5y4ut65sBh/VM+RhSLbqwzyCxwfBE9QAJdIEiSmChql
Lcz6CToYrdXhOY0ykx+QhT092k/6Xh66JeZ63WVHGrF+SSabq5NNcbWi7EISioHd
N6JXZmbXMpS/BxgMe145e3mWnd3KOSeOxaiORqev8VOycjRQJfSm8Ky+GtWIyxp7
rwEHbY8vlG2X9RMW5UxVmSRPWLykZoX0Xvmnrpwcohb5WdkuCp9NjqF0gDswU8do
bCqASfeWBvJAQkoAlMLU7YH+ymmeQcSVdLy4Jpv1fk5FocQBihTBnC1+ztt7Rm8m
8VGEpH1h174/z4Xn+bCkRZqopl9GlvpilLT8m8N8jdL7QLZJlQwrHVtima8Rg3XZ
TriW1Ha/NxHZ8nN7pbisqXHCrJB0szzu++yVeQ7Ebr7HA0tIHqDhqVR0s6a1g5AX
JYI8vCErowhvPf+BVCUYfmh5dJAY6tt9zrvCneaZ7ogPzOH9kRnZXYi7ZQARAQAB
tBZpY2FydXMgPGxhc3NAaWNhcnVzLnI+iQJOBBMBCAA4FiEEbimq9dgDayT9DrQy
FSODpr2bDFMFAlpqAGECGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQFSOD
pr2bDFNVohAAiY6Pp4whrAIKwNkzqLkUl2SyQCVSGOce906jthKSixdfaUORZPdD
AnyYUmPyVpWxKYjZl7IfmDDo7D6m21tP8FxCRK8/oYAtz3uRK5b5sb0/5YR77O9+
s65sNhU8jiHetUEHQ0Z9UJKfm1DpanJ37uIhVcye8BC8OuSD0v0s+hZ+2ZaN1qdn
qqCkujAILxOWo1ZDqpXfHaV11AotzlgyYmxlXzClsLB0SGhU7HUZesKETn3JUmrV
88kkpug8gn9MpTSPDIWsTeNUWpNhqdDRA+2TUygtpQSKzJC8sdkFaWkMrH3cF6wA
BZ+4tS2mRMQWq9BNMK+xnkWPvYO9e6v4ddXtlcVgGTUhSo+opCXza3dcXE5Xbv8x
a1T5HJSV0HQPTrlAUoXZveu7ZgYVO5SOTCm1jBNKX8WCmvO6yJRalxo9N/d6gswq
tKAGm9tlXpTXnG6tvebmSxjzjVwjbQMDJGy4Cj4bw0GGCdapDFrPidUDY/INmU7D
TWtNsAJlJRuu7ddxIVTspZ7rmDBAOhYzXxGuU3ntZFTiFm9BpCmHYWpeQ5EKuxhJ
mgxzC9wKDoS8NRKwt5ak/mX0vpXkJjF2Lrza0wCAZ1ZYWFNaehEwhNT51s9kZIi3
w1v2z8xmu7VDq/n2sMRtMe7MVIOh1Nu7l/5Uqeb+EYnEc1NGZsFxcYK5Ag0EWmoA
YQEQALMaaF9HeDpeqDjDpxanjjIz4YXMZoMkXwrLS/Rn2mobG5lJzxU+1AkwXxTD
K45A0YHWsnAH1S8V9Gx+NlUMS/S/m9BruSXNohUKARIJLbltEM/EufOThjgfhW0Y
cLorZ1kOSZvORR9+Ctuq/RcvGFwyLB/4OpcGHUezTIcAkLUo0lKPS4HtT2ogSUIx
UstAMwEOSQIDR6sDDiS0BXNdlkKK6daLpH+snQMGP+ILAyRHGu1MlYkACDQZa5aP
9vpany7zC9Ls7vaewCevZCUJfs00VF72pdCRdBV8oPQqwPfhS+uSCV58WwWCqHTq
8PtxCVVzQdngOvScRvjrijtzlseyyTW3w9DPoDsQ16oM3y0kcnnv2hdfTVuv4+YK
9fVRIrWEAlU3cxud7iws9+vUO9GwyWy+epFLiCgNgJR/RVIIjcHUExn/XAcFStjw
QtW+3BxjYmdJpsh5wvmMJSMZDJFMEdKYPm4RI7ZfKVwl6yFeJt3hNkLxxF7k2fXB
84pIvl03hXA3tRQ5t46wS7L2EPlWT00+MCraczvbIS+SX1nCp4ZXLBs0YmicioBS
Os0zEtVs+80eWMf86MTT7YLwre4t+QRbM/RyIvJFTqBT3ad7/7ZMyEuVJBwDJlpx
LGwZGa6zwnbzcf8Us4kAIRzQoK8VOg/xC/ymJYCk3oJCKD9RABEBAAGJAjYEGAEI
ACAWIQRuKar12ANrJP0OtDIVI4OmvZsMUwUCWmoAYQIbDAAKCRAVI4OmvZsMU1vw
EACDJDmZR5BIPxwr9+1Z5ZgT7XcBUbu4F2w84J3xqCUYqcti6I4lSMtxfw94crMp
HoexOVOhvoTneIliv0a4ZSu84u4CGoFn4M7RA0Ka1SVvbuasXf57sVwRptXjr3LL
f/0olra5rkIyZbsvKm0g2N/bfmCfmtOClFDst2yK/FovW5PJBRx2mT38qBhHG8j2
P7zG0/vO846FxjAGvOMGlEVGmN+R9BeecomOKsKgvUbsycAwzZi/2vWAUGbJBYjx
Yd+K8wjPE8g5CumxaLSH/dlY/0BOZygjank+aHLrwMtNnplYVJmmqDhdbgwN6DDk
cCQNLQyk61IdhtZ7UzJyFTkXnXiirrO4WzL6GJjunNzvcTUAU5vNiG+2he1GdxZF
WiLRrcC+oIMWVST8fNRwJZU+Ibw/UIfEV/rHau0fJlxZatks7Qd8gjxSHIyElUVj
CYrizbFPZ85IhkCirX2tvhycK/nseAYjDuJkJIp3Io0sl3cQ9M8Kx790LUbYzNC4
bZn8vA1YwTr1ny3+vEhMhaaVSTeVrWYV8023kwzcLRWra7F1hJcc9+LNmqHvXR67
uBW2KPIrXKrjJmGkMVBSrf9PJu5jNfvCWOntck7C7xOWoUcgyt3uTpP7FkHVdolh
HFNPouS3w0HoB20zdCpmyFNs6Rjhey2r5JIttd6ATVRVYA==
=gJia
-----END PGP PUBLIC KEY BLOCK-----

1
krebs/3modules/makefu/default.nix
View File

@ -539,6 +539,7 @@ with import <stockholm/lib>;
dl.euer IN A ${nets.internet.ip4.addr} dl.euer IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
graph IN A ${nets.internet.ip4.addr} graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr}

1
krebs/3modules/newsbot-js.nix
View File

@ -93,6 +93,7 @@ let
User = "newsbot-js"; User = "newsbot-js";
Restart = "always"; Restart = "always";
ExecStart = "${newsbot.package}/bin/newsbot"; ExecStart = "${newsbot.package}/bin/newsbot";
WatchdogSec = "86400";
}; };
} }
) cfg; ) cfg;

2
krebs/kops.nix
View File

@ -13,7 +13,7 @@
krebs-source = { krebs-source = {
nixpkgs.git = { nixpkgs.git = {
ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3"; ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7";
url = https://github.com/NixOS/nixpkgs; url = https://github.com/NixOS/nixpkgs;
}; };
stockholm.file = toString ../.; stockholm.file = toString ../.;

2
lass/1systems/cabal/config.nix
View File

@ -13,9 +13,9 @@
<stockholm/lass/2configs/browsers.nix> <stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix> <stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/games.nix> <stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/AP.nix>
]; ];
krebs.build.host = config.krebs.hosts.cabal; krebs.build.host = config.krebs.hosts.cabal;

2
lass/1systems/daedalus/config.nix
View File

@ -8,9 +8,9 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/boot/coreboot.nix> <stockholm/lass/2configs/boot/coreboot.nix>
<stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/games.nix> <stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/backup.nix>
{ {
# bubsy config # bubsy config
users.users.bubsy = { users.users.bubsy = {

50
lass/1systems/echelon/config.nix
View File

@ -1,50 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
ip = config.krebs.build.host.nets.internet.ip4.addr;
in {
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/git.nix>
{
networking.interfaces.enp2s1.ip4 = [
{
address = ip;
prefixLength = 24;
}
];
networking.defaultGateway = getDefaultGateway ip;
networking.nameservers = [
"8.8.8.8"
];
}
{
sound.enable = false;
}
{
users.extraUsers = {
satan = {
name = "satan";
uid = 1338;
home = "/home/satan";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com"
];
};
};
}
];
krebs.build.host = config.krebs.hosts.echelon;
}

36
lass/1systems/helios/config.nix
View File

@ -17,6 +17,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/dcso-dev.nix> <stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix> <stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
{ # automatic hardware detection { # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
@ -137,35 +138,14 @@ with import <stockholm/lib>;
networking.hostName = lib.mkForce "BLN02NB0162"; networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [ security.pki.certificateFiles = [
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
(pkgs.writeText "minio.cert" ''
-----BEGIN CERTIFICATE-----
MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
-----END CERTIFICATE-----
'')
]; ];
programs.adb.enable = true; programs.adb.enable = true;

12
lass/1systems/icarus/config.nix
View File

@ -14,9 +14,10 @@
<stockholm/lass/2configs/browsers.nix> <stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix> <stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/games.nix> <stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/wine.nix>
]; ];
krebs.build.host = config.krebs.hosts.icarus; krebs.build.host = config.krebs.hosts.icarus;
@ -33,4 +34,13 @@
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
''; '';
environment.systemPackages = with pkgs; [
macchanger
dpass
];
services.redshift = {
enable = true;
provider = "geoclue2";
};
} }

2
lass/1systems/littleT/config.nix
View File

@ -8,7 +8,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/boot/stock-x220.nix> <stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/backups.nix> <stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/steam.nix>
{ {
users.users.blacky = { users.users.blacky = {

11
lass/1systems/mors/config.nix
View File

@ -33,10 +33,13 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/ableton.nix> <stockholm/lass/2configs/ableton.nix>
<stockholm/lass/2configs/dunst.nix> <stockholm/lass/2configs/dunst.nix>
<stockholm/lass/2configs/rtl-sdr.nix> <stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
{ {
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
#chromecast
{ predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; }
]; ];
} }
{ {
@ -140,6 +143,8 @@ with import <stockholm/lib>;
dpass dpass
dnsutils dnsutils
woeusb
l-gen-secrets
generate-secrets generate-secrets
(pkgs.writeDashBin "btc-coinbase" '' (pkgs.writeDashBin "btc-coinbase" ''
${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
@ -186,6 +191,10 @@ with import <stockholm/lib>;
programs.adb.enable = true; programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
services.redshift = {
enable = true;
provider = "geoclue2";
};
lass.restic = genAttrs [ lass.restic = genAttrs [
"daedalus" "daedalus"

96
lass/1systems/prism/config.nix
View File

@ -104,6 +104,7 @@ in {
]; ];
} }
{ # TODO make new hfos.nix out of this vv { # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = { users.users.riot = {
uid = genid "riot"; uid = genid "riot";
isNormalUser = true; isNormalUser = true;
@ -189,26 +190,6 @@ in {
localAddress = "10.233.2.2"; localAddress = "10.233.2.2";
}; };
} }
{
#kaepsele
systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
containers.kaepsele = {
config = { ... }: {
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
tv.pubkey
];
};
autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.3";
localAddress = "10.233.2.4";
};
}
{ {
#onondaga #onondaga
systemd.services."container@onondaga".reloadIfChanged = mkForce false; systemd.services."container@onondaga".reloadIfChanged = mkForce false;
@ -237,13 +218,12 @@ in {
<stockholm/lass/2configs/repo-sync.nix> <stockholm/lass/2configs/repo-sync.nix>
<stockholm/lass/2configs/binary-cache/server.nix> <stockholm/lass/2configs/binary-cache/server.nix>
<stockholm/lass/2configs/iodined.nix> <stockholm/lass/2configs/iodined.nix>
<stockholm/lass/2configs/monitoring/server.nix>
<stockholm/lass/2configs/monitoring/monit-alarms.nix>
<stockholm/lass/2configs/paste.nix> <stockholm/lass/2configs/paste.nix>
<stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/reaktor-coders.nix> <stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix> <stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix> <stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
{ # quasi bepasty.nix { # quasi bepasty.nix
imports = [ imports = [
<stockholm/lass/2configs/bepasty.nix> <stockholm/lass/2configs/bepasty.nix>
@ -324,6 +304,78 @@ in {
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
]; ];
} }
<stockholm/lass/2configs/go.nix>
{
environment.systemPackages = [ pkgs.cryptsetup ];
systemd.services."container@red".reloadIfChanged = mkForce false;
containers.red = {
config = { ... }: {
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.3";
localAddress = "10.233.2.4";
};
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
enableACME = true;
addSSL = true;
locations."/" = {
extraConfig = ''
proxy_set_header Host rote-allez-fraktion.de;
proxy_pass http://10.233.2.4;
'';
};
};
}
{
imports = [ <stockholm/lass/2configs/backup.nix> ];
lass.restic = genAttrs [
"daedalus"
"icarus"
"littleT"
"mors"
"shodan"
"skynet"
] (dest: {
dirs = [
"/home/chat/.weechat"
"/bku/sql_dumps"
];
passwordFile = (toString <secrets>) + "/restic/${dest}";
repo = "sftp:backup@${dest}.r:/backups/prism";
extraArguments = [
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
];
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
});
}
{
users.users.download.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
];
}
{
lass.nichtparasoup.enable = true;
services.nginx = {
enable = true;
virtualHosts."lol.lassul.us" = {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:5001;
'';
};
};
}
]; ];
krebs.build.host = config.krebs.hosts.prism; krebs.build.host = config.krebs.hosts.prism;

31
lass/1systems/red/config.nix Normal file
View File

@ -0,0 +1,31 @@
with import <stockholm/lib>;
{ config, lib, pkgs, ... }:
let
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
servephpBB
;
in
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/websites>
<stockholm/lass/2configs/websites/sqlBackup.nix>
(servephpBB [ "rote-allez-fraktion.de" ])
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
];
krebs.build.host = config.krebs.hosts.red;
boot.isContainer = true;
networking.useDHCP = false;
services.nginx.enable = true;
environment.variables.NIX_REMOTE = "daemon";
environment.systemPackages = [
pkgs.mk_sql_pair
];
}

3
lass/1systems/echelon/source.nix → lass/1systems/red/source.nix
View File

@ -1,3 +1,4 @@
import <stockholm/lass/source.nix> { import <stockholm/lass/source.nix> {
name = "echelon"; name = "red";
secure = true;
} }

2
lass/1systems/shodan/config.nix
View File

@ -15,9 +15,9 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/browsers.nix> <stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix> <stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/wine.nix> <stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
]; ];
krebs.build.host = config.krebs.hosts.shodan; krebs.build.host = config.krebs.hosts.shodan;

1
lass/1systems/skynet/config.nix
View File

@ -9,7 +9,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/retiolum.nix>
#<stockholm/lass/2configs/exim-retiolum.nix> #<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/backups.nix>
{ {
# discordius config # discordius config
services.xserver.enable = true; services.xserver.enable = true;

6
lass/1systems/xerxes/source.nix
View File

@ -2,10 +2,4 @@ with import <stockholm/lib>;
import <stockholm/lass/source.nix> { import <stockholm/lass/source.nix> {
name = "xerxes"; name = "xerxes";
secure = true; secure = true;
override = {
nixpkgs.git = mkForce {
url = https://github.com/lassulus/nixpkgs;
ref = "3eccd0b";
};
};
} }

77
lass/2configs/AP.nix Normal file
View File

@ -0,0 +1,77 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
wifi = "wlp0s29u1u2";
in {
boot.extraModulePackages = [
pkgs.linuxPackages.rtl8814au
];
networking.networkmanager.unmanaged = [ wifi ];
systemd.services.hostapd = {
description = "hostapd wireless AP";
path = [ pkgs.hostapd ];
wantedBy = [ "network.target" ];
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
serviceConfig = {
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
interface=${wifi}
hw_mode=a
channel=36
ieee80211d=1
country_code=DE
ieee80211n=1
ieee80211ac=1
wmm_enabled=1
# 5ghz
ssid=krebsing
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=aidsballz
''}";
Restart = "always";
};
};
networking.interfaces.${wifi}.ipv4.addresses = [
{ address = "10.99.0.1"; prefixLength = 24; }
];
services.dhcpd4 = {
enable = true;
interfaces = [ wifi ];
extraConfig = ''
option subnet-mask 255.255.255.0;
option routers 10.99.0.1;
option domain-name-servers 1.1.1.1, 8.8.8.8;
subnet 10.99.0.0 netmask 255.255.255.0 {
range 10.99.0.100 10.99.0.200;
}
'';
};
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
{ v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; }
{ v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; }
{ v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
{ v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
#TODO find out what this is about?
{ v6 = false; predicate = "-s 10.99.0.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
{ v6 = false; predicate = "-s 10.99.0.0/24 -d 255.255.255.255"; target = "RETURN"; }
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24"; target = "MASQUERADE"; }
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
];
}

20
lass/2configs/backup.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, ... }:
with import <stockholm/lib>;
{
fileSystems = {
"/backups" = {
device = "/dev/pool/backup";
fsType = "ext4";
};
};
users.users.backup = {
useDefaultShell = true;
home = "/backups";
createHome = true;
openssh.authorizedKeys.keys = with config.krebs.hosts; [
mors.ssh.pubkey
prism.ssh.pubkey
];
};
}

173
lass/2configs/backups.nix
View File

@ -1,173 +0,0 @@
{ config, lib, ... }:
with import <stockholm/lib>;
{
# TODO add timerConfig to krebs.backup and randomize startup
# TODO define plans more abstract
krebs.backup.plans = {
} // mapAttrs (_: recursiveUpdate {
snapshots = {
daily = { format = "%Y-%m-%d"; retain = 7; };
weekly = { format = "%YW%W"; retain = 4; };
monthly = { format = "%Y-%m"; retain = 12; };
yearly = { format = "%Y"; };
};
}) {
dishfire-http-prism = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
startAt = "03:00";
};
dishfire-http-icarus = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-http"; };
startAt = "03:10";
};
dishfire-http-mors = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
startAt = "03:05";
};
dishfire-http-shodan = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-http"; };
startAt = "03:10";
};
dishfire-sql-prism = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
startAt = "03:15";
};
dishfire-sql-icarus = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-sql"; };
startAt = "03:25";
};
dishfire-sql-mors = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
startAt = "03:20";
};
dishfire-sql-shodan = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-sql"; };
startAt = "03:25";
};
prism-bitlbee-icarus = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-bitlbee"; };
startAt = "03:25";
};
prism-bitlbee-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
startAt = "03:25";
};
prism-bitlbee-shodan = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-bitlbee"; };
startAt = "03:25";
};
prism-chat-icarus = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-chat"; };
startAt = "03:35";
};
prism-chat-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
startAt = "03:30";
};
prism-chat-shodan = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-chat"; };
startAt = "03:35";
};
prism-sql-icarus = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-sql_dumps"; };
startAt = "03:45";
};
prism-sql-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
startAt = "03:40";
};
prism-sql-shodan = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-sql_dumps"; };
startAt = "03:45";
};
prism-http-icarus = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-http"; };
startAt = "03:55";
};
prism-http-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
startAt = "03:50";
};
prism-http-shodan = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-http"; };
startAt = "03:55";
};
icarus-home-mors = {
method = "pull";
src = { host = config.krebs.hosts.icarus; path = "/home"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/icarus-home"; };
startAt = "05:00";
};
icarus-home-shodan = {
method = "push";
src = { host = config.krebs.hosts.icarus; path = "/home"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/icarus-home"; };
startAt = "05:00";
};
mors-home-icarus = {
method = "push";
src = { host = config.krebs.hosts.mors; path = "/home"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/mors-home"; };
startAt = "05:00";
};
mors-home-shodan = {
method = "push";
src = { host = config.krebs.hosts.mors; path = "/home"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; };
startAt = "05:00";
};
shodan-home-icarus = {
method = "pull";
src = { host = config.krebs.hosts.shodan; path = "/home"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/shodan-home"; };
startAt = "04:00";
};
shodan-home-mors = {
method = "pull";
src = { host = config.krebs.hosts.shodan; path = "/home"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/shodan-home"; };
startAt = "04:00";
};
};
}

2
lass/2configs/baseX.nix
View File

@ -9,7 +9,6 @@ in {
./power-action.nix ./power-action.nix
./copyq.nix ./copyq.nix
./livestream.nix ./livestream.nix
./dns-stuff.nix
./urxvt.nix ./urxvt.nix
./network-manager.nix ./network-manager.nix
{ {
@ -75,6 +74,7 @@ in {
gi gi
git-preview git-preview
gitAndTools.qgit gitAndTools.qgit
gnome3.dconf
lm_sensors lm_sensors
mpv-poll mpv-poll
much much

10
lass/2configs/bitcoin.nix
View File

@ -10,9 +10,6 @@ in {
krebs.per-user.bitcoin.packages = [ krebs.per-user.bitcoin.packages = [
pkgs.electrum pkgs.electrum
]; ];
krebs.per-user.ethereum.packages = [
pkgs.go-ethereum
];
users.extraUsers = { users.extraUsers = {
bch = { bch = {
name = "bch"; name = "bch";
@ -28,13 +25,6 @@ in {
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
}; };
ethereum = {
name = "ethereum";
description = "user for ethereum stuff";
home = "/home/ethereum";
useDefaultShell = true;
createHome = true;
};
}; };
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL

1
lass/2configs/dcso-dev.nix
View File

@ -9,6 +9,7 @@ in {
dev = { dev = {
name = "dev"; name = "dev";
uid = genid "dev"; uid = genid "dev";
extraGroups = [ "docker" ];
description = "user for collaborative development"; description = "user for collaborative development";
home = "/home/dev"; home = "/home/dev";
useDefaultShell = true; useDefaultShell = true;

3
lass/2configs/default.nix
View File

@ -6,10 +6,9 @@ with import <stockholm/lib>;
./gc.nix ./gc.nix
./mc.nix ./mc.nix
./vim.nix ./vim.nix
./monitoring/client.nix ./monitoring/node-exporter.nix
./zsh.nix ./zsh.nix
./htop.nix ./htop.nix
./backups.nix
./security-workarounds.nix ./security-workarounds.nix
{ {
users.extraUsers = users.extraUsers =

16
lass/2configs/dns-stuff.nix
View File

@ -1,16 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
services.dnscrypt-proxy = {
enable = true;
localAddress = "127.1.0.1";
customResolver = {
address = config.krebs.hosts.gum.nets.internet.ip4.addr;
port = 15251;
name = "2.dnscrypt-cert.euer.krebsco.de";
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
};
};
services.resolved.enable = true;
services.resolved.fallbackDns = [ "127.1.0.1" ];
}

1
lass/2configs/exim-smarthost.nix
View File

@ -79,6 +79,7 @@ with import <stockholm/lib>;
{ from = "ovh@lassul.us"; to = lass.mail; } { from = "ovh@lassul.us"; to = lass.mail; }
{ from = "hetzner@lassul.us"; to = lass.mail; } { from = "hetzner@lassul.us"; to = lass.mail; }
{ from = "allygator@lassul.us"; to = lass.mail; } { from = "allygator@lassul.us"; to = lass.mail; }
{ from = "immoscout@lassul.us"; to = lass.mail; }
]; ];
system-aliases = [ system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; } { from = "mailer-daemon"; to = "postmaster"; }

2
lass/2configs/gc.nix
View File

@ -3,6 +3,6 @@
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
nix.gc = { nix.gc = {
automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ]; automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
}; };
} }

14
lass/2configs/git.nix
View File

@ -57,6 +57,16 @@ let
cgit.desc = "Fork of nix-user-chroot my lethalman"; cgit.desc = "Fork of nix-user-chroot my lethalman";
cgit.section = "software"; cgit.section = "software";
}; };
nixos-aws = {
collaborators = [ {
name = "fabio";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
} ];
};
krops = {
cgit.desc = "krebs deployment";
cgit.section = "software";
};
} // mapAttrs make-public-repo-silent { } // mapAttrs make-public-repo-silent {
}; };
@ -70,8 +80,8 @@ let
import <secrets/repos.nix> { inherit config lib pkgs; } import <secrets/repos.nix> { inherit config lib pkgs; }
); );
make-public-repo = name: { cgit ? {}, ... }: { make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: {
inherit cgit name; inherit cgit collaborators name;
public = true; public = true;
hooks = { hooks = {
post-receive = pkgs.git-hooks.irc-announce { post-receive = pkgs.git-hooks.irc-announce {

19
lass/2configs/go.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
{
krebs.go = {
enable = true;
};
services.nginx = {
enable = true;
virtualHosts.go = {
locations."/".extraConfig = ''
proxy_set_header Host go.lassul.us;
proxy_pass http://localhost:1337;
'';
serverAliases = [
"go.lassul.us"
];
};
};
}

5
lass/2configs/mail.nix
View File

@ -206,8 +206,11 @@ in {
msmtp msmtp
mutt mutt
pkgs.much pkgs.much
pkgs.notmuch
tag-new-mails tag-new-mails
tag-old-mails tag-old-mails
]; ];
nixpkgs.config.packageOverrides = opkgs: {
notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; }));
};
} }

26
lass/2configs/monitoring/client.nix
View File

@ -1,26 +0,0 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
{
services.telegraf = {
enable = true;
extraConfig = {
agent.interval = "1s";
outputs = {
influxdb = {
urls = ["http://prism:8086"];
database = "telegraf_db";
user_agent = "telegraf";
};
};
inputs = {
cpu = {
percpu = false;
totalcpu = true;
};
mem = {};
net = {};
};
};
};
}

44
lass/2configs/monitoring/monit-alarms.nix
View File

@ -1,44 +0,0 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
let
echoToIrc = msg:
pkgs.writeDash "echo_irc" ''
set -euf
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
'';
in {
krebs.monit = {
enable = true;
http.enable = true;
alarms = {
nirwanabluete = {
test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
alarm = echoToIrc "test nirwanabluete failed";
};
ubik = {
test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
alarm = echoToIrc "test ubik failed";
};
cac-panel = {
test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
alarm = echoToIrc "test cac-panel failed";
};
radio = {
test = pkgs.writeBash "check_stream" ''
${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
| ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
| ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
'';
alarm = echoToIrc "test radio failed";
};
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
];
}

6
lass/2configs/monitoring/node-exporter.nix
View File

@ -1,7 +1,9 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
networking.firewall.allowedTCPPorts = [ 9100 ]; krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
];
services.prometheus.exporters = { services.prometheus.exporters = {
node = { node = {
enable = true; enable = true;

50
lass/2configs/monitoring/prometheus-server.nix
View File

@ -9,6 +9,12 @@
# useDHCP = true; # useDHCP = true;
#}; #};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; }
];
services = { services = {
prometheus = { prometheus = {
enable = true; enable = true;
@ -124,11 +130,10 @@
static_configs = [ static_configs = [
{ {
targets = [ targets = [
"localhost:9100" ] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts));
]; #labels = {
labels = { # alias = "prometheus.example.com";
alias = "prometheus.example.com"; #};
};
} }
]; ];
} }
@ -159,7 +164,7 @@
]; ];
"webhook_configs" = [ "webhook_configs" = [
{ {
"url" = "https://example.com/prometheus-alerts"; "url" = "http://127.0.0.1:14813/prometheus-alerts";
"send_resolved" = true; "send_resolved" = true;
} }
]; ];
@ -176,4 +181,37 @@
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""} security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
}; };
}; };
services.logstash = {
enable = true;
inputConfig = ''
http {
port => 14813
host => "127.0.0.1"
}
'';
filterConfig = ''
if ([alerts]) {
ruby {
code => '
lines = []
event["alerts"].each {|p|
lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}"
}
event["output"] = lines.join("\n")
'
}
}
'';
outputConfig = ''
file { path => "/tmp/logs.json" codec => "json_lines" }
irc {
channels => [ "#noise" ]
host => "irc.r"
nick => "alarm"
codec => "json_lines"
format => "%{output}"
}
'';
#plugins = [ ];
};
} }

87
lass/2configs/monitoring/server.nix
View File

@ -1,87 +0,0 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
{
services.influxdb.enable = true;
services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":8086";
admin.bind-address = ":8083";
http.log-enabled = false;
monitoring = {
enabled = false;
# write-interval = "24h";
};
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
database = "collectd_db";
port = 25826;
}];
};
krebs.kapacitor =
let
db = "telegraf_db";
echoToIrc = pkgs.writeDash "echo_irc" ''
set -euf
data="$(${pkgs.jq}/bin/jq -r .message)"
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
irc.r 6667 prism-alarm \#noise "$data" >/dev/null
'';
in {
enable = true;
alarms = {
cpu = {
database = db;
text = ''
var data = batch
|query(${"'''"}
SELECT mean("usage_user") AS mean
FROM "${db}"."default"."cpu"
${"'''"})
.period(10m)
.every(1m)
.groupBy('host')
data |alert()
.crit(lambda: "mean" > 90)
.exec('${echoToIrc}')
data |deadman(1.0,5m)
.stateChangesOnly()
.exec('${echoToIrc}')
'';
};
ram = {
database = db;
text = ''
var data = batch
|query(${"'''"}
SELECT mean("used_percent") AS mean
FROM "${db}"."default"."mem"
${"'''"})
.period(10m)
.every(1m)
.groupBy('host')
data |alert()
.crit(lambda: "mean" > 90)
.exec('${echoToIrc}')
'';
};
};
};
services.grafana = {
enable = true;
addr = "0.0.0.0";
auth.anonymous.enable = true;
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
];
}

1
lass/2configs/repo-sync.nix
View File

@ -135,7 +135,6 @@ in {
(sync-retiolum "populate") (sync-retiolum "populate")
(sync-retiolum "stockholm") (sync-retiolum "stockholm")
(sync-retiolum "wai-middleware-time") (sync-retiolum "wai-middleware-time")
(sync-retiolum "web-routes-wai-custom")
(sync-retiolum "xmonad-stockholm") (sync-retiolum "xmonad-stockholm")
]; ];
} }

56
lass/2configs/websites/lassulus.nix
View File

@ -6,66 +6,10 @@ let
genid genid
; ;
servephpBB = domains:
let
domain = head domains;
in {
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
serverAliases = domains;
extraConfig = ''
index index.php;
root /srv/http/${domain}/;
access_log /tmp/nginx_acc.log;
error_log /tmp/nginx_err.log;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
client_max_body_size 100m;
'';
locations."/".extraConfig = ''
try_files $uri $uri/ /index.php?$args;
'';
locations."~ \.php(?:$|/)".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
fastcgi_intercept_errors on;
'';
#Directives to send expires headers and turn off 404 error logging.
locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
access_log off;
log_not_found off;
expires max;
'';
};
services.phpfpm.poolConfigs."${domain}" = ''
listen = /srv/http/${domain}/phpfpm.pool
user = nginx
group = nginx
pm = dynamic
pm.max_children = 25
pm.start_servers = 5
pm.min_spare_servers = 3
pm.max_spare_servers = 20
listen.owner = nginx
listen.group = nginx
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
catch_workers_output = yes
'';
};
in { in {
imports = [ imports = [
./default.nix ./default.nix
../git.nix ../git.nix
(servephpBB [ "rote-allez-fraktion.de" ])
]; ];
security.acme = { security.acme = {

69
lass/2configs/websites/util.nix
View File

@ -16,11 +16,7 @@ rec {
in { in {
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
enableACME = true; enableACME = true;
onlySSL = true; forceSSL = true;
extraConfig = ''
listen 80;
listen [::]:80;
'';
serverAliases = domains; serverAliases = domains;
locations."/".extraConfig = '' locations."/".extraConfig = ''
root /srv/http/${domain}; root /srv/http/${domain};
@ -28,18 +24,68 @@ rec {
}; };
}; };
servephpBB = domains:
let
domain = head domains;
in {
services.nginx.virtualHosts."${domain}" = {
serverAliases = domains;
extraConfig = ''
index index.php;
root /srv/http/${domain}/;
access_log /tmp/nginx_acc.log;
error_log /tmp/nginx_err.log;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
client_max_body_size 100m;
'';
locations."/".extraConfig = ''
try_files $uri $uri/ /index.php?$args;
'';
locations."~ \.php(?:$|/)".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
fastcgi_intercept_errors on;
'';
#Directives to send expires headers and turn off 404 error logging.
locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
access_log off;
log_not_found off;
expires max;
'';
};
services.phpfpm.poolConfigs."${domain}" = ''
listen = /srv/http/${domain}/phpfpm.pool
user = nginx
group = nginx
pm = dynamic
pm.max_children = 25
pm.start_servers = 5
pm.min_spare_servers = 3
pm.max_spare_servers = 20
listen.owner = nginx
listen.group = nginx
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
catch_workers_output = yes
'';
};
serveOwncloud = domains: serveOwncloud = domains:
let let
domain = head domains; domain = head domains;
in { in {
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true; enableACME = true;
onlySSL = true; forceSSL = true;
serverAliases = domains; serverAliases = domains;
extraConfig = '' extraConfig = ''
listen 80;
listen [::]:80;
# Add headers to serve security related headers # Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
@ -148,12 +194,9 @@ rec {
in { in {
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true; enableACME = true;
onlySSL = true; forceSSL = true;
serverAliases = domains; serverAliases = domains;
extraConfig = '' extraConfig = ''
listen 80;
listen [::]:80;
root /srv/http/${domain}/; root /srv/http/${domain}/;
index index.php; index index.php;
access_log /tmp/nginx_acc.log; access_log /tmp/nginx_acc.log;

4
lass/2configs/zsh.nix
View File

@ -54,8 +54,8 @@
eval $(dircolors -b ${pkgs.fetchFromGitHub { eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r"; owner = "trapd00r";
repo = "LS_COLORS"; repo = "LS_COLORS";
rev = "master"; rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
}}/LS_COLORS) }}/LS_COLORS)
alias ls='ls --color' alias ls='ls --color'
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}

1
lass/3modules/default.nix
View File

@ -7,6 +7,7 @@ _:
./hosts.nix ./hosts.nix
./mysql-backup.nix ./mysql-backup.nix
./news.nix ./news.nix
./nichtparasoup.nix
./pyload.nix ./pyload.nix
./restic.nix ./restic.nix
./screenlock.nix ./screenlock.nix

48
lass/3modules/nichtparasoup.nix Normal file
View File

@ -0,0 +1,48 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
options.lass.nichtparasoup = {
enable = mkEnableOption "nichtparasoup funny image page";
config = mkOption {
type = types.str;
default = ''
[General]
Port: 5001
IP: 0.0.0.0
Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25
[Cache]
Images_min_limit: 15
[Logging]
;; possible destinations: file syslog
Destination: syslog
Verbosity: ERROR
[Sites]
SoupIO: everyone
Pr0gramm: new,top
Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,cableporn,cableporn,educationalgifs,EngineeringPorn,forbiddensnacks,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected
NineGag: geeky,wtf,hot,trending
Instagram: nature,wtf
Fourchan: sci
'';
};
};
config = mkIf config.lass.nichtparasoup.enable {
systemd.services.nichtparasoup = {
description = "nichtparasoup";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
ExecStart = "${pkgs.nichtparasoup}/bin/nichtparasoup -c ${pkgs.writeText "config.ini"config.lass.nichtparasoup.config}";
};
};
};
}

2
lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -90,7 +90,7 @@ main' = do
myLayoutHook = defLayout myLayoutHook = defLayout
where where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
floatHooks :: Query (Endo WindowSet) floatHooks :: Query (Endo WindowSet)
floatHooks = composeAll . concat $ floatHooks = composeAll . concat $

15
lass/5pkgs/nichtparasoup/default.nix Normal file
View File

@ -0,0 +1,15 @@
{ stdenv, pkgs, ... }:
let
py = pkgs.python3Packages.python.withPackages (p: [
p.werkzeug
p.beautifulsoup4
]);
src = pkgs.fetchFromGitHub {
owner = "k4cg";
repo = "nichtparasoup";
rev = "c6dcd0d";
sha256 = "10xy20bjdnd5bjv2hf6v5y5wi0mc9555awxkjqf57rk6ngc5w6ss";
};
in pkgs.writeDashBin "nichtparasoup" ''
${py}/bin/python ${src}/nichtparasoup.py "$@"
''

13
lass/5pkgs/nichtparasoup/exception.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/nichtparasoup.py b/nichtparasoup.py
index 9da9a2b..833ca71 100755
--- a/nichtparasoup.py
+++ b/nichtparasoup.py
@@ -211,7 +211,7 @@ def cache_fill_loop():
try:
sources[crawler][site].crawl()
info = Crawler.info()
- except Exception, e:
+ except Exception as e:
logger.error("Error in crawler %s - %s: %s" % (crawler, site, e))
break

8
lib/types.nix
View File

@ -50,6 +50,14 @@ rec {
default = false; default = false;
}; };
monitoring = mkOption {
description = ''
Whether the host should be monitored by monitoring tools like Prometheus.
'';
type = bool;
default = false;
};
owner = mkOption { owner = mkOption {
type = user; type = user;
}; };

1
makefu/1systems/gum/config.nix
View File

@ -62,6 +62,7 @@ in {
## Web ## Web
<stockholm/makefu/2configs/nginx/share-download.nix> <stockholm/makefu/2configs/nginx/share-download.nix>
<stockholm/makefu/2configs/nginx/euer.test.nix> <stockholm/makefu/2configs/nginx/euer.test.nix>
<stockholm/makefu/2configs/nginx/euer.mon.nix>
<stockholm/makefu/2configs/nginx/euer.wiki.nix> <stockholm/makefu/2configs/nginx/euer.wiki.nix>
<stockholm/makefu/2configs/nginx/euer.blog.nix> <stockholm/makefu/2configs/nginx/euer.blog.nix>
# <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix> # <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>

1
makefu/1systems/gum/source.nix
View File

@ -1,4 +1,5 @@
import <stockholm/makefu/source.nix> { import <stockholm/makefu/source.nix> {
name="gum"; name="gum";
torrent = true; torrent = true;
clever_kexec = true;
} }

5
makefu/1systems/omo/config.nix
View File

@ -50,6 +50,7 @@ in {
<stockholm/makefu/2configs/smart-monitor.nix> <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix> <stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/mosh.nix> <stockholm/makefu/2configs/mosh.nix>
<stockholm/makefu/2configs/tools/mobility.nix>
# <stockholm/makefu/2configs/disable_v6.nix> # <stockholm/makefu/2configs/disable_v6.nix>
#<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix> #<stockholm/makefu/2configs/share-user-sftp.nix>
@ -85,7 +86,7 @@ in {
<stockholm/makefu/2configs/sshd-totp.nix> <stockholm/makefu/2configs/sshd-totp.nix>
# <stockholm/makefu/2configs/logging/central-logging-client.nix> # <stockholm/makefu/2configs/logging/central-logging-client.nix>
# <stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/torrent.nix>
# <stockholm/makefu/2configs/elchos/search.nix> # <stockholm/makefu/2configs/elchos/search.nix>
# <stockholm/makefu/2configs/elchos/log.nix> # <stockholm/makefu/2configs/elchos/log.nix>
@ -100,7 +101,7 @@ in {
makefu.full-populate = true; makefu.full-populate = true;
makefu.server.primary-itf = primaryInterface; makefu.server.primary-itf = primaryInterface;
krebs.rtorrent = { krebs.rtorrent = {
downloadDir = lib.mkForce "/media/crypt0/torrent"; downloadDir = lib.mkForce "/media/cryptX/torrent";
extraConfig = '' extraConfig = ''
upload_rate = 200 upload_rate = 200
''; '';

3
makefu/1systems/wbob/config.nix
View File

@ -52,9 +52,10 @@ in {
db = "collectd_db"; db = "collectd_db";
logging-interface = "enp0s25"; logging-interface = "enp0s25";
in { in {
networking.firewall.allowedTCPPorts = [ 3000 ];
services.grafana.enable = true; services.grafana.enable = true;
services.grafana.addr = "0.0.0.0"; services.grafana.addr = "0.0.0.0";
services.influxdb.enable = true; services.influxdb.enable = true;
services.influxdb.extraConfig = { services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name; meta.hostname = config.krebs.build.host.name;

3
makefu/2configs/hw/network-manager.nix
View File

@ -11,9 +11,8 @@
systemd.services.modemmanager = { systemd.services.modemmanager = {
description = "ModemManager"; description = "ModemManager";
after = [ "network-manager.service" ];
bindsTo = [ "network-manager.service" ]; bindsTo = [ "network-manager.service" ];
wantedBy = [ "network-manager.service" ]; wantedBy = [ "network-manager.service" "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.modemmanager}/bin/ModemManager"; ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
PrivateTmp = true; PrivateTmp = true;

26
makefu/2configs/nginx/euer.mon.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
hostname = config.krebs.build.host.name;
user = config.services.nginx.user;
group = config.services.nginx.group;
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in {
services.nginx = {
enable = mkDefault true;
virtualHosts."mon.euer.krebsco.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://wbob.r:3000/";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
}

4
makefu/2configs/tools/core-gui.nix
View File

@ -1,10 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
nixpkgs.config.firefox = {
enableAdobeFlash = true;
};
krebs.per-user.makefu.packages = with pkgs; [ krebs.per-user.makefu.packages = with pkgs; [
chromium chromium
clipit clipit

51
makefu/source.nix
View File

@ -1,14 +1,16 @@
with import <stockholm/lib>; with import <stockholm/lib>;
host@{ name, host@{ name,
override ? {} override ? {}
, secure ? false , secure ? false
, full ? false , full ? false
, torrent ? false , torrent ? false
, hw ? false , hw ? false
, musnix ? false , musnix ? false
, python ? false , python ? false
, unstable ? false #unstable channel checked out , unstable ? false #unstable channel checked out
, mic92 ? false , mic92 ? false
, nms ? false
, clever_kexec ?false
}: }:
let let
builder = if getEnv "dummy_secrets" == "true" builder = if getEnv "dummy_secrets" == "true"
@ -42,11 +44,15 @@ in
file = "/home/makefu/store/${ref}"; file = "/home/makefu/store/${ref}";
}; };
secrets.file = getAttr builder { secrets = getAttr builder {
buildbot = toString <stockholm/makefu/6tests/data/secrets>; buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
makefu = "/home/makefu/secrets/${name}"; makefu.pass = {
inherit name;
dir = "${getEnv "HOME"}/.secrets-pass";
};
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
} }
@ -72,9 +78,12 @@ in
}) })
(mkIf ( torrent ) { (mkIf ( torrent ) {
torrent-secrets.file = getAttr builder { torrent-secrets = getAttr builder {
buildbot = toString <stockholm/makefu/6tests/data/secrets>; buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
makefu = "/home/makefu/secrets/torrent" ; makefu.pass = {
name = "torrent";
dir = "${getEnv "HOME"}/.secrets-pass";
};
}; };
}) })
@ -92,5 +101,19 @@ in
}; };
}) })
(mkIf ( nms ) {
nms.git = {
url = https://github.com/r-raymond/nixos-mailserver;
ref = "v2.1.2";
};
})
(mkIf ( clever_kexec ) {
clever_kexec.git = {
url = https://github.com/cleverca22/nix-tests;
ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7";
};
})
override override
] ]

1
nin/2configs/vim.nix
View File

@ -349,6 +349,7 @@ let
let b:current_syntax = "nix" let b:current_syntax = "nix"
set isk=@,48-57,_,192-255,-,' set isk=@,48-57,_,192-255,-,'
set bg=dark
''; '';
in in
out out