From 21cbde1a0b2352a98a53efb8f131e9e9a6ed0866 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Feb 2017 18:36:23 +0100 Subject: [PATCH 01/78] m 5 awesomecfg: make taglist clickable --- makefu/5pkgs/awesomecfg/full.cfg | 88 +++++++++++++++++++------------- 1 file changed, 52 insertions(+), 36 deletions(-) diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index d780e2a03..8036e5765 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -101,6 +101,7 @@ browser = "firefox" -- I suggest you to remap Mod4 to another key using xmodmap or other tools. -- However, you can use another modifier like Mod1, but it may interact with others. modkey = "@modkey@" +-- modkey = "Mod4" -- Table of layouts to cover with awful.layout.inc, order matters. awful.layout.layouts = @@ -116,10 +117,24 @@ awful.layout.layouts = -- awful.layout.suit.spiral.dwindle, awful.layout.suit.max, awful.layout.suit.max.fullscreen, --- awful.layout.suit.magnifier, + awful.layout.suit.magnifier, awful.layout.suit.corner.nw } -- }}} +-- {{{ Helper Functions +local function client_menu_toggle_fn() + local instance = nil + + return function () + if instance and instance.wibox.visible then + instance:hide() + instance = nil + else + instance = awful.menu.clients({ theme = { width = 250 } }) + end + end +end +-- }}} -- {{{ Wallpaper if beautiful.wallpaper then @@ -166,50 +181,51 @@ mytextclock = wibox.widget.textclock() -- Create a wibox for each screen and add it mywibox = {} mylayoutbox = {} -mytaglist = {} -mytaglist.buttons = awful.util.table.join( - awful.button({ }, 1, awful.tag.viewonly), - awful.button({ modkey }, 1, awful.client.movetotag), + +-- Create a wibox for each screen and add it +local taglist_buttons = awful.util.table.join( + awful.button({ }, 1, function(t) t:view_only() end), + awful.button({ modkey }, 1, function(t) + if client.focus then + client.focus:move_to_tag(t) + end + end), awful.button({ }, 3, awful.tag.viewtoggle), - awful.button({ modkey }, 3, awful.client.toggletag), - awful.button({ }, 4, function(t) awful.tag.viewnext(awful.tag.getscreen(t)) end), - awful.button({ }, 5, function(t) awful.tag.viewprev(awful.tag.getscreen(t)) end) - ) -mytasklist = {} -mytasklist.buttons = awful.util.table.join( + awful.button({ modkey }, 3, function(t) + if client.focus then + client.focus:toggle_tag(t) + end + end), + awful.button({ }, 4, function(t) awful.tag.viewnext(t.screen) end), + awful.button({ }, 5, function(t) awful.tag.viewprev(t.screen) end) + ) + +local tasklist_buttons = awful.util.table.join( awful.button({ }, 1, function (c) - if c == client.focus then - c.minimized = true - else - -- Without this, the following - -- :isvisible() makes no sense - c.minimized = false - if not c:isvisible() then - awful.tag.viewonly(c:tags()[1]) - end - -- This will also un-minimize - -- the client, if needed - client.focus = c - c:raise() - end - end), - awful.button({ }, 3, function () - if instance then - instance:hide() - instance = nil - else - instance = awful.menu.clients({ width=250 }) - end - end), + if c == client.focus then + c.minimized = true + else + -- Without this, the following + -- :isvisible() makes no sense + c.minimized = false + if not c:isvisible() and c.first_tag then + c.first_tag:view_only() + end + -- This will also un-minimize + -- the client, if needed + client.focus = c + c:raise() + end + end), + awful.button({ }, 3, client_menu_toggle_fn()), awful.button({ }, 4, function () awful.client.focus.byidx(1) - if client.focus then client.focus:raise() end end), awful.button({ }, 5, function () awful.client.focus.byidx(-1) - if client.focus then client.focus:raise() end end)) + local function set_wallpaper(s) -- Wallpaper if beautiful.wallpaper then From 268e43841d1e44fd73d2e1f5bd3635bda0cabdb8 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Feb 2017 18:37:15 +0100 Subject: [PATCH 02/78] k 3 makefu: introduce -bob, add logging to wry,gum --- krebs/3modules/makefu/default.nix | 4 ++++ makefu/1systems/gum.nix | 3 ++- makefu/1systems/wry.nix | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 1e63a26e2..8d2dbfa12 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -920,6 +920,10 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum"; }; + makefu-bob = { + inherit (makefu) mail pgp; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD"; + }; ciko = { mail = "wieczorek.stefan@googlemail.com"; }; diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 18dc644fd..910493026 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -35,6 +35,7 @@ in { # ../2configs/opentracker.nix ../2configs/logging/central-stats-client.nix + ../2configs/logging/central-logging-client.nix ]; services.smartd.devices = [ { device = "/dev/sda";} ]; @@ -64,7 +65,7 @@ in { # access users.users = { root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; - makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; + makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; }; # Chat diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 9fd329d10..2457ab92e 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -25,6 +25,7 @@ in { # collectd ../2configs/logging/central-stats-client.nix + ../2configs/logging/central-logging-client.nix ../2configs/tinc/retiolum.nix # ../2configs/torrent.nix From 920436365aafe5d02153f2c16919d2a4c5644aaa Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 9 Feb 2017 15:32:37 +0100 Subject: [PATCH 03/78] l 2 websites: enable ipv6 on all sites --- lass/2configs/websites/lassulus.nix | 10 ++++++++-- lass/2configs/websites/util.nix | 8 +++++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 024d2eeb2..3a8979427 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -110,7 +110,10 @@ in { ''; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; sslCertificateKey = "/var/lib/acme/lassul.us/key.pem"; }; @@ -123,7 +126,10 @@ in { root /var/lib/acme/acme-challenges; ''; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; }; diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 6e236ab63..d596e9db9 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -17,7 +17,10 @@ rec { services.nginx.virtualHosts.${domain} = { enableACME = true; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; serverAliases = domains; locations."/".extraConfig = '' root /srv/http/${domain}; @@ -35,6 +38,7 @@ rec { serverAliases = domains; extraConfig = '' listen 80; + listen [::]:80; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; @@ -148,6 +152,8 @@ rec { serverAliases = domains; extraConfig = '' listen 80; + listen [::]:80; + root /srv/http/${domain}/; index index.php; access_log /tmp/nginx_acc.log; From 137c49b847a896009972a3fa7ad2f60358c0a643 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 9 Feb 2017 16:57:45 +0100 Subject: [PATCH 04/78] l 1 mors: add ipfs testing stuff --- lass/1systems/mors.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a5eaaed9d..d0f835c64 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -126,6 +126,10 @@ with import ; # }; # }; #} + { + #ipfs-testing + services.ipfs.enable = true; + } ]; krebs.build.host = config.krebs.hosts.mors; From 51761c3b9ba7c994e269328ab68e71318c9fbc34 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 9 Feb 2017 16:57:54 +0100 Subject: [PATCH 05/78] l 2: allow ipv6-icmp --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index d1810c00c..2441f1b74 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -202,6 +202,7 @@ with import ; filter.INPUT.rules = [ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } From 118084afe153e07d22184f14de3d8fb333231387 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 9 Feb 2017 22:32:42 +0100 Subject: [PATCH 06/78] n 2: update nixpkgs --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 9d73afbe0..27a845bd5 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "6b28bd0daf00b8e5e370a04347844cb8614138ff"; + ref = "d2cd8a0"; }; } From b381a8b54701378c5d92f1b9c11dd4d3c8deaf93 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 9 Feb 2017 23:06:49 +0100 Subject: [PATCH 07/78] k 3 nin: add cgit alias for onondaga --- krebs/3modules/nin/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix index 3231c0e23..d5d13cd1a 100644 --- a/krebs/3modules/nin/default.nix +++ b/krebs/3modules/nin/default.nix @@ -38,6 +38,8 @@ with import ; aliases = [ "onondaga.retiolum" "onondaga.r" + "cgit.onondaga.r" + "cgit.onondaga.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- From a947c088b3cb996abc9eb3cb89ffbf7efb0c196c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Feb 2017 10:33:44 +0100 Subject: [PATCH 08/78] l 2 nixpkgs: f7b7d8e -> 6651c72 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index aef9dd8b4..ad39848b6 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "f7b7d8e"; + ref = "6651c72"; }; } From 9f90562662f7fffa4aa97c704dd5d27325dbe9b7 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Feb 2017 19:47:36 +0100 Subject: [PATCH 09/78] m 1 x: test dnscrypt --- makefu/1systems/x.nix | 6 +++--- makefu/2configs/dnscrypt.nix | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 makefu/2configs/dnscrypt.nix diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index adbf372ab..08da92068 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -10,9 +10,10 @@ ../2configs/main-laptop.nix ../2configs/laptop-utils.nix ../2configs/laptop-backup.nix + ../2configs/dnscrypt.nix # testing - ../2configs/openvpn/vpngate.nix + # ../2configs/openvpn/vpngate.nix #../2configs/temp/share-samba.nix # ../2configs/mediawiki.nix # ../2configs/wordpress.nix @@ -26,7 +27,6 @@ #../2configs/elchos/stats.nix #../2configs/elchos/test/ftpservers.nix - ../2configs/laptop-backup.nix # ../2configs/tinc/siem.nix #../2configs/torrent.nix # temporary modules @@ -59,7 +59,7 @@ # hardware specifics are in here ../2configs/hw/tp-x230.nix ../2configs/hw/rtl8812au.nix - ../2configs/hw/bcm4352.nix + # mount points ../2configs/fs/sda-crypto-root-home.nix diff --git a/makefu/2configs/dnscrypt.nix b/makefu/2configs/dnscrypt.nix new file mode 100644 index 000000000..d810456f3 --- /dev/null +++ b/makefu/2configs/dnscrypt.nix @@ -0,0 +1,6 @@ +{ + services.dnscrypt-proxy.enable = true; + networking.extraResolvconfConf = '' + name_servers='127.0.0.1' + ''; +} From 444c3ee42485b97184ad8b457474b61326d6a013 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Feb 2017 20:13:45 +0100 Subject: [PATCH 10/78] k 3 m: re-indent --- krebs/3modules/makefu/default.nix | 255 +++++++++++++++--------------- 1 file changed, 126 insertions(+), 129 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 8d2dbfa12..650f7b7a2 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -5,50 +5,50 @@ with import ; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { drop = rec { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.177.9"; - ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce"; - aliases = [ - "drop.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl - 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI - GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW - 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C - Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT - F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.177.9"; + ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce"; + aliases = [ + "drop.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl + 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI + GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW + 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C + Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT + F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; + }; }; fileleech = rec { - cores = 4; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; - nets = { - retiolum = { - ip4.addr = "10.243.113.98"; - ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; - aliases = [ - "fileleech.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF - 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K - YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait - nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z - e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V - UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + cores = 4; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; + nets = { + retiolum = { + ip4.addr = "10.243.113.98"; + ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; + aliases = [ + "fileleech.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF + 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K + YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait + nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z + e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V + UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; + }; }; pnp = { @@ -123,16 +123,16 @@ with import ; aliases = [ "ossim.siem" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl - RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL - cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand - mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd - dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL - WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB - -----END RSA PUBLIC KEY----- - ''; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl + RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL + cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand + mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd + dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL + WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; }; @@ -169,7 +169,7 @@ with import ; XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== -----END RSA PUBLIC KEY----- - ''; + ''; }; }; }; @@ -228,16 +228,15 @@ with import ; "vbob.retiolum" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr - 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI - AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP - hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o - Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s - AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB - -----END RSA PUBLIC KEY----- - - ''; + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr + 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI + AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP + hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o + Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s + AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; ssh.privkey.path = ; @@ -278,7 +277,7 @@ with import ; DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; }; }; }; @@ -353,7 +352,7 @@ with import ; ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; aliases = [ "filepimp.retiolum" - "filepimp.r" + "filepimp.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -364,7 +363,7 @@ with import ; UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; }; }; }; @@ -389,15 +388,15 @@ with import ; "stats.makefu.r" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM - ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn - sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm - s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6 - GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6 - 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB - -----END RSA PUBLIC KEY----- - ''; + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM + ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn + sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm + s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6 + GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6 + 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; ssh.privkey.path = ; @@ -428,18 +427,18 @@ with import ; ip4.addr = "10.243.214.15"; ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; aliases = [ - "wbob.retiolum" + "wbob.retiolum" ]; tinc.pubkey = '' ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e -QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal -cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8 -khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs -rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9 -TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ------END RSA PUBLIC KEY----- -''; + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e + QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal + cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8 + khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs + rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9 + TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; }; @@ -487,7 +486,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; }; }; ssh.privkey.path = ; @@ -538,7 +537,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5 uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; }; }; }; @@ -551,8 +550,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ip4.addr = "10.243.83.237"; ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101"; aliases = [ - "sdev.retiolum" - "sdev.r" + "sdev.retiolum" + "sdev.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -569,7 +568,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; - # non-stockholm +# non-stockholm flap = rec { cores = 1; @@ -602,7 +601,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; }; }; }; @@ -819,32 +818,30 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; tcac-0-1 = rec { - cores = 1; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1 - "; - nets = { - retiolum = { - ip4.addr = "10.243.144.142"; - ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278"; - aliases = [ - "tcac-0-1.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j - 7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs - zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO - Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs - QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl - HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + cores = 1; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1 + "; + nets = { + retiolum = { + ip4.addr = "10.243.144.142"; + ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278"; + aliases = [ + "tcac-0-1.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j + 7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs + zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO + Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs + QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl + HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; + }; }; - - } // { # hosts only maintained in stockholm, not owned by me muhbaasu = rec { owner = config.krebs.users.root; @@ -878,23 +875,23 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB tpsw = { cores = 2; owner = config.krebs.users.ciko; # main laptop - nets = { - retiolum = { - ip4.addr = "10.243.183.236"; - ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c"; - aliases = [ "tpsw.r" "tpsw.retiolum" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ - Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML - WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl - OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM - 0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd - pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB - -----END RSA PUBLIC KEY----- - ''; + nets = { + retiolum = { + ip4.addr = "10.243.183.236"; + ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c"; + aliases = [ "tpsw.r" "tpsw.retiolum" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ + Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML + WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl + OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM + 0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd + pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; }; - }; }; }; users = rec { From a3e7e4f2baa1cc8d8180c50fd530ff0ea2cc0086 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Feb 2017 20:25:06 +0100 Subject: [PATCH 11/78] k 3 {m,l}: mv paste.krebsco.de --- krebs/3modules/lass/default.nix | 10 +++++++++- krebs/3modules/makefu/default.nix | 3 --- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0b67abd11..6ab8ede56 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -73,13 +73,21 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; }; - prism = { + prism = rec { cores = 4; + extraZones = { + "krebsco.de" = '' + prism IN A ${nets.internet.ip4.addr} + paste IN A ${nets.internet.ip4.addr} + ''; + }; nets = rec { internet = { ip4.addr = "213.239.205.240"; aliases = [ "prism.internet" + "paste.i" + "paste.internet" ]; ssh.port = 45621; }; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 650f7b7a2..489f62b65 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -290,7 +290,6 @@ with import ; wry IN A ${nets.internet.ip4.addr} io IN NS wry.krebsco.de. graphs IN A ${nets.internet.ip4.addr} - paste 60 IN A ${nets.internet.ip4.addr} tinc IN A ${nets.internet.ip4.addr} ''; }; @@ -299,9 +298,7 @@ with import ; ip4.addr = "104.233.87.86"; aliases = [ "wry.i" - "paste.i" "wry.internet" - "paste.internet" ]; }; retiolum = { From bf8a886c20887d39d856854b1e9186657543c400 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Feb 2017 21:29:34 +0100 Subject: [PATCH 12/78] k 3 l: update lass@icarus ssh key --- krebs/3modules/lass/ssh/icarus.rsa | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/ssh/icarus.rsa b/krebs/3modules/lass/ssh/icarus.rsa index da99fcfdf..e3cb74081 100644 --- a/krebs/3modules/lass/ssh/icarus.rsa +++ b/krebs/3modules/lass/ssh/icarus.rsa @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus From baf325a8d8542dd6fef6cc7b97fd3211c5b174f5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Feb 2017 22:30:46 +0100 Subject: [PATCH 13/78] l 2: add dnscrypt as default --- lass/2configs/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 2441f1b74..2292b5ce3 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -62,6 +62,12 @@ with import ; pkgs.pythonPackages.python ]; } + { + services.dnscrypt-proxy.enable = true; + networking.extraResolvconfConf = '' + name_servers='127.0.0.1' + ''; + } ]; networking.hostName = config.krebs.build.host.name; From bfcf167c38925f5e12619d7afe8565d7df03194b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 09:44:18 +0100 Subject: [PATCH 14/78] l: remove obsolete page --- lass/1systems/prism.nix | 1 - lass/2configs/websites/wohnprojekt-rhh.de.nix | 23 ------------------- 2 files changed, 24 deletions(-) delete mode 100644 lass/2configs/websites/wohnprojekt-rhh.de.nix diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index c0c22a0de..5c6a59c7b 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -164,7 +164,6 @@ in { } { imports = [ - ../2configs/websites/wohnprojekt-rhh.de.nix ../2configs/websites/domsen.nix ../2configs/websites/lassulus.nix ]; diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix deleted file mode 100644 index 0c409ca87..000000000 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - inherit (import ) - genid - ; - inherit (import {inherit lib pkgs;}) - ssl - servePage - ; -in { - imports = [ - ( ssl [ "wohnprojekt-rhh.de" ]) - ( servePage [ "wohnprojekt-rhh.de" ]) - ]; - - users.users.laura = { - home = "/srv/http/wohnprojekt-rhh.de"; - createHome = true; - useDefaultShell = true; - }; -} - From 632b194ad35ad49e3e09935c66f1ae52f93e34f4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 14:31:26 +0100 Subject: [PATCH 15/78] add krebs.monit --- krebs/3modules/default.nix | 1 + krebs/3modules/monit.nix | 116 +++++++++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) create mode 100644 krebs/3modules/monit.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e0810ab63..f336c966f 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -22,6 +22,7 @@ let ./go.nix ./iptables.nix ./kapacitor.nix + ./monit.nix ./newsbot-js.nix ./nginx.nix ./nixpkgs.nix diff --git a/krebs/3modules/monit.nix b/krebs/3modules/monit.nix new file mode 100644 index 000000000..5191a1754 --- /dev/null +++ b/krebs/3modules/monit.nix @@ -0,0 +1,116 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with import ; + +let + cfg = config.krebs.monit; + + out = { + options.krebs.monit = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "monit"; + http = { + enable = mkEnableOption "monit http server"; + port = mkOption { + type = types.int; + default = 9093; + }; + user = mkOption { + type = types.str; + default = "krebs"; + }; + pass = mkOption { + type = types.str; + default = "bob"; + }; + }; + user = mkOption { + type = types.user; + default = { + name = "monit"; + }; + }; + group = mkOption { + type = types.group; + default = { + name = "monitor"; + }; + }; + extraConfig = mkOption { + type = types.attrs; + default = {}; + }; + alarms = mkOption { + default = {}; + type = with types; attrsOf (submodule { + options = { + test = mkOption { + type = path; + }; + alarm = mkOption { + type = path; + }; + interval = mkOption { + type = str; + default = "10"; + }; + }; + }); + }; + }; + + imp = let + configFile = pkgs.writeText "monit.cfg" '' + ${optionalString cfg.http.enable '' + set httpd port ${toString cfg.http.port} + allow ${cfg.http.user}:${cfg.http.pass} + ''} + set daemon 10 + + ${concatStringsSep "\n" (mapAttrsToList (name: alarm: '' + check program ${name} with path "${alarm.test}" + every 10 cycles + if status != 0 then exec "${alarm.alarm}" + '') cfg.alarms)} + ''; + in { + environment.etc = [ + { + source = configFile; + target = "monit.conf"; + mode = "0400"; + uid = config.users.users.${cfg.user.name}.uid; + } + ]; + users = { + groups.${cfg.group.name} = { + inherit (cfg.group) name gid; + }; + users.${cfg.user.name} = { + inherit (cfg.user) home name uid; + createHome = true; + group = cfg.group.name; + }; + }; + + systemd.services.monit = { + description = "monit"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + User = cfg.user.name; + ExecStart = "${pkgs.monit}/bin/monit -I -c /etc/monit.conf"; + # Monit should restart when the config changes + ExecStartPre = "${pkgs.coreutils}/bin/echo ${configFile}"; + }; + }; + }; +in out From fe46163e586b2b19126fffd1a7710e1b61349389 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 14:32:00 +0100 Subject: [PATCH 16/78] l 2 monitoring: add monit-alarms --- lass/2configs/monitoring/monit-alarms.nix | 34 +++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 lass/2configs/monitoring/monit-alarms.nix diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix new file mode 100644 index 000000000..a85738538 --- /dev/null +++ b/lass/2configs/monitoring/monit-alarms.nix @@ -0,0 +1,34 @@ +{pkgs, config, ...}: +with import ; +let + echoToIrc = msg: + pkgs.writeDash "echo_irc" '' + set -euf + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + ni.r 6667 prism-alarm \#retiolum "${msg}" >/dev/null + ''; + +in { + krebs.monit = { + enable = true; + http.enable = true; + alarms.nirwanabluete = { + test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'"; + alarm = echoToIrc "test nirwanabluete failed"; + }; + alarms.ubik = { + test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'"; + alarm = echoToIrc "test ubik failed"; + }; + alarms.hfos = { + test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; + alarm = echoToIrc "test hfos failed"; + }; + alarms.cac-panel = { + test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'"; + alarm = echoToIrc "test cac-panel failed"; + }; + }; +} + From 045fe83273e1849354d63fdfe955e98f48673c91 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 14:33:47 +0100 Subject: [PATCH 17/78] l 3 monit: implement alarm interval --- krebs/3modules/monit.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/monit.nix b/krebs/3modules/monit.nix index 5191a1754..4d4066ae4 100644 --- a/krebs/3modules/monit.nix +++ b/krebs/3modules/monit.nix @@ -73,7 +73,7 @@ let ${concatStringsSep "\n" (mapAttrsToList (name: alarm: '' check program ${name} with path "${alarm.test}" - every 10 cycles + every ${alarm.interval} cycles if status != 0 then exec "${alarm.alarm}" '') cfg.alarms)} ''; From 8281365719165547a08cadc37b2c3ff08a119846 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 16:16:01 +0100 Subject: [PATCH 18/78] l 1 mors: add krebszones --- lass/1systems/mors.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index d0f835c64..1ad9cd4bd 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -130,6 +130,11 @@ with import ; #ipfs-testing services.ipfs.enable = true; } + { + environment.systemPackages = [ + pkgs.krebszones + ]; + } ]; krebs.build.host = config.krebs.hosts.mors; From 024ea6d7f9e6cbca2fe2d5e171cec1d65929258b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 16:44:21 +0100 Subject: [PATCH 19/78] k 5 buildbot: update to 0.9.4 --- krebs/5pkgs/buildbot/default.nix | 8 ++--- krebs/5pkgs/buildbot/irc_messages.patch | 40 ------------------------- krebs/5pkgs/buildbot/worker.nix | 4 +-- 3 files changed, 5 insertions(+), 47 deletions(-) delete mode 100644 krebs/5pkgs/buildbot/irc_messages.patch diff --git a/krebs/5pkgs/buildbot/default.nix b/krebs/5pkgs/buildbot/default.nix index 2e14b6b63..37eea5fd9 100644 --- a/krebs/5pkgs/buildbot/default.nix +++ b/krebs/5pkgs/buildbot/default.nix @@ -3,10 +3,10 @@ pythonPackages.buildPythonApplication (rec { name = "${pname}-${version}"; pname = "buildbot"; - version = "0.9.1"; + version = "0.9.4"; src = fetchurl { url = "mirror://pypi/b/${pname}/${name}.tar.gz"; - sha256 = "1kk4dlkk4rznwid9xykq2lbzksvkcr4r5kmz9hgh5hswdzv8bwx9"; + sha256 = "0wklrn4fszac9wi8zw3vbsznwyff6y57cz0i81zvh46skb6n3086"; }; doCheck = false; buildInputs = with pythonPackages; [ @@ -22,6 +22,7 @@ pythonPackages.buildPythonApplication (rec { pylint astroid pyflakes + pyjwt ]; propagatedBuildInputs = with pythonPackages; [ @@ -55,9 +56,6 @@ pythonPackages.buildPythonApplication (rec { ] ++ plugins; - patchPhase = '' - patch -p1 < ${./irc_messages.patch} - ''; preInstall = '' # writes out a file that can't be read properly sed -i.bak -e '69,84d' buildbot/test/unit/test_www_config.py diff --git a/krebs/5pkgs/buildbot/irc_messages.patch b/krebs/5pkgs/buildbot/irc_messages.patch deleted file mode 100644 index ab8597dbd..000000000 --- a/krebs/5pkgs/buildbot/irc_messages.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/buildbot/reporters/words.py b/master/buildbot/reporters/words.py -index a65147b..bf44118 100644 ---- a/buildbot/reporters/words.py -+++ b/buildbot/reporters/words.py -@@ -550,14 +550,15 @@ class Contact(service.AsyncService): - - if self.useRevisions: - revisions = yield self.getRevisionsForBuild(build) -- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \ -+ r = "Build %s containing revision(s) [%s] is complete: %s" % \ - (builderName, ','.join(revisions), results[0]) - else: -- r = "Hey! build %s #%d is complete: %s" % \ -+ r = "Build %s #%d is complete: %s" % \ - (builderName, buildNumber, results[0]) - - r += ' [%s]' % maybeColorize(build['state_string'], - results[1], self.useColors) -+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber) - self.send(r) - - # FIXME: where do we get the list of changes for a build ? -@@ -622,14 +623,15 @@ class Contact(service.AsyncService): - results = self.getResultsDescriptionAndColor(build['results']) - if self.useRevisions: - revisions = yield self.getRevisionsForBuild(build) -- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \ -+ r = "Build %s containing revision(s) [%s] is complete: %s" % \ - (builder_name, ','.join(revisions), results[0]) - else: -- r = "Hey! build %s #%d is complete: %s" % \ -+ r = "Build %s #%d is complete: %s" % \ - (builder_name, buildnum, results[0]) - - r += ' [%s]' % maybeColorize(build['state_string'], - results[1], self.useColors) -+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber) - self.send(r) - - # FIXME: where do we get the base_url? Then do we use the build Link to diff --git a/krebs/5pkgs/buildbot/worker.nix b/krebs/5pkgs/buildbot/worker.nix index c100de5d2..34e526858 100644 --- a/krebs/5pkgs/buildbot/worker.nix +++ b/krebs/5pkgs/buildbot/worker.nix @@ -2,12 +2,12 @@ pythonPackages.buildPythonApplication (rec { name = "${pname}-${version}"; pname = "buildbot-worker"; - version = "0.9.1"; + version = "0.9.4"; doCheck = false; src = fetchurl { url = "mirror://pypi/b/${pname}/${name}.tar.gz"; - sha256 = "00p9l1qz6mx12npjwsycp8f9a8f2har15ig79pfsg8z7a7yw93hx"; + sha256 = "0rdrr8x7sn2nxl51p6h9ad42s3c28lb6sys84zrg0d7fm4zhv7hj"; }; buildInputs = with pythonPackages; [ setuptoolsTrial mock ]; From 0c7740b6e47cf77e155cdd7fc1ae4c0f187e45bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 17:17:44 +0100 Subject: [PATCH 20/78] l 1 mors: remove dead icinga code --- lass/1systems/mors.nix | 50 ------------------------------------------ 1 file changed, 50 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 1ad9cd4bd..bffb08ad3 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -76,56 +76,6 @@ with import ; { services.redis.enable = true; } - #{ - # #gitit magic - # imports = [ ]; - # services.gitit = { - # enable = true; - # haskellPackages = pkgs.haskell.packages.ghc7103; - # }; - #} - #{ - # lass.icinga2 = { - # enable = true; - # configFiles = [ - # '' - # template Service "generic-service" { - # max_check_attempts = 3 - # check_interval = 5m - # retry_interval = 1m - # enable_perfdata = true - # } - # apply Service "ping4" { - # } - # '' - # ]; - # }; - # services.mysql = { - # enable = true; - # package = pkgs.mariadb; - # rootPassword = "/mysql_rootPassword"; - # }; - # lass.icingaweb2 = { - # enable = true; - # initialRootPasswordHash = "$1$HpWDCehI$ITbAoyfOB6HEN1ftooxZq0"; - # resources = { - # icinga2db = { - # type = "mysql"; - # host = "localhost"; - # user = "icingaweb2"; - # db = "icinga"; - # passfile = ; - # }; - # icingaweb2db = { - # type = "mysql"; - # host = "localhost"; - # user = "icingaweb2"; - # db = "icingaweb2"; - # passfile = ; - # }; - # }; - # }; - #} { #ipfs-testing services.ipfs.enable = true; From 08973e5e00cf27b0548c4924ab4afe1768d79217 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 17:17:55 +0100 Subject: [PATCH 21/78] l 1 prism: import monit-alarms --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 5c6a59c7b..a62b5cd75 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -44,6 +44,7 @@ in { ../2configs/hfos.nix ../2configs/makefu-sip.nix ../2configs/monitoring/server.nix + ../2configs/monitoring/monit-alarms.nix { imports = [ ../2configs/bepasty.nix From 6dabaf5afef5767eedbaadcba8e3e06e46c645a4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 20:56:34 +0100 Subject: [PATCH 22/78] l 2 monit: add radio test --- lass/2configs/monitoring/monit-alarms.nix | 40 ++++++++++++++--------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix index a85738538..d14275c17 100644 --- a/lass/2configs/monitoring/monit-alarms.nix +++ b/lass/2configs/monitoring/monit-alarms.nix @@ -13,21 +13,31 @@ in { krebs.monit = { enable = true; http.enable = true; - alarms.nirwanabluete = { - test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'"; - alarm = echoToIrc "test nirwanabluete failed"; - }; - alarms.ubik = { - test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'"; - alarm = echoToIrc "test ubik failed"; - }; - alarms.hfos = { - test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; - alarm = echoToIrc "test hfos failed"; - }; - alarms.cac-panel = { - test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'"; - alarm = echoToIrc "test cac-panel failed"; + alarms = { + nirwanabluete = { + test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'"; + alarm = echoToIrc "test nirwanabluete failed"; + }; + ubik = { + test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'"; + alarm = echoToIrc "test ubik failed"; + }; + hfos = { + test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; + alarm = echoToIrc "test hfos failed"; + }; + cac-panel = { + test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'"; + alarm = echoToIrc "test cac-panel failed"; + }; + radio = { + test = pkgs.writeBash "check_stream" '' + ${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \ + | ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \ + | ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}" + ''; + alarm = echoToIrc "test radio failed"; + }; }; }; } From e7f12c4d865c5556b408a8301de6e2eabb39165b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 20:58:29 +0100 Subject: [PATCH 23/78] l 2 monit: open monit port to retiolum --- lass/2configs/monitoring/monit-alarms.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix index d14275c17..063fadb1b 100644 --- a/lass/2configs/monitoring/monit-alarms.nix +++ b/lass/2configs/monitoring/monit-alarms.nix @@ -40,5 +40,9 @@ in { }; }; }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } + ]; } From 4e8d61d8f74e547c6718d55b13ae1d5eb2287bfd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Feb 2017 13:20:14 +0100 Subject: [PATCH 24/78] l 2 hfos: forward https from localhost --- lass/2configs/hfos.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index 7d4d544aa..a4020dade 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -32,4 +32,8 @@ with import ; { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } ]; + + krebs.iptables.tables.nat.OUTPUT.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; } + ]; } From 1afea851af96c54bf011c46f207cc2f9629c6fc1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Feb 2017 00:04:08 +0100 Subject: [PATCH 25/78] k 3 fetchWallpaper: use user service --- krebs/3modules/fetchWallpaper.nix | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 29c4f50e9..8db8be771 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -21,13 +21,14 @@ let OnCalendar = "*:00,10,20,30,40,50"; }; }; + # TODO find a better default stateDir stateDir = mkOption { type = types.str; - default = "/var/lib/wallpaper"; + default = "./wallpaper"; }; display = mkOption { type = types.str; - default = ":11"; + default = ":0"; }; unitConfig = mkOption { type = types.attrsOf types.str; @@ -51,35 +52,29 @@ let mkdir -p ${shell.escape cfg.stateDir} cd ${shell.escape cfg.stateDir} (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || : - feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper + feh --no-fehbg --bg-scale wallpaper ''; imp = { - users.users.fetchWallpaper = { - name = "fetchWallpaper"; - uid = genid "fetchWallpaper"; - description = "fetchWallpaper user"; - home = cfg.stateDir; - createHome = true; - }; - - systemd.timers.fetchWallpaper = { + systemd.user.timers.fetchWallpaper = { description = "fetch wallpaper timer"; wantedBy = [ "timers.target" ]; timerConfig = cfg.timerConfig; }; - systemd.services.fetchWallpaper = { + systemd.user.services.fetchWallpaper = { description = "fetch wallpaper"; - after = [ "network.target" ]; + after = [ "network.target" "graphical.target" ]; + wants = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; path = with pkgs; [ curl feh + coreutils ]; environment = { - URL = cfg.url; DISPLAY = cfg.display; }; restartIfChanged = true; @@ -87,7 +82,6 @@ let serviceConfig = { Type = "simple"; ExecStart = fetchWallpaperScript; - User = "fetchWallpaper"; }; unitConfig = cfg.unitConfig; From 1b5196f4fdc8dc32fb771d518f08a769329b5fd9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Feb 2017 00:07:36 +0100 Subject: [PATCH 26/78] l 2: add copyq.nix --- lass/2configs/copyq.nix | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 lass/2configs/copyq.nix diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix new file mode 100644 index 000000000..0616c4025 --- /dev/null +++ b/lass/2configs/copyq.nix @@ -0,0 +1,38 @@ +{ config, pkgs, ... }: +with import ; +let + copyqConfig = pkgs.writeDash "copyq-config" '' + ${pkgs.copyq}/bin/copyq config check_clipboard true + ${pkgs.copyq}/bin/copyq config check_selection true + ${pkgs.copyq}/bin/copyq config copy_clipboard true + ${pkgs.copyq}/bin/copyq config copy_selection true + + ${pkgs.copyq}/bin/copyq config activate_closes true + ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 + ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard + ${pkgs.copyq}/bin/copyq config disable_tray true + ${pkgs.copyq}/bin/copyq config hide_tabs true + ${pkgs.copyq}/bin/copyq config hide_toolbar true + ${pkgs.copyq}/bin/copyq config item_popup_interval true + ${pkgs.copyq}/bin/copyq config maxitems 1000 + ${pkgs.copyq}/bin/copyq config move true + ${pkgs.copyq}/bin/copyq config text_wrap true + ''; +in { + systemd.user.services.copyq = { + after = [ "graphical.target" ]; + wants = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + SyslogIdentifier = "copyq"; + ExecStart = "${pkgs.copyq}/bin/copyq"; + ExecStartPost = copyqConfig; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + }; + }; +} From 679ccce6bd5feef4edd7533a67536836f7b7aa26 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Feb 2017 00:05:38 +0100 Subject: [PATCH 27/78] l 2: use upstream xserver --- lass/2configs/baseX.nix | 54 +++++---- lass/2configs/fetchWallpaper.nix | 4 - lass/2configs/xserver/Xresources.nix | 66 ----------- lass/2configs/xserver/default.nix | 147 ------------------------- lass/2configs/xserver/xserver.conf.nix | 40 ------- lass/5pkgs/xmonad-lass.nix | 22 +--- 6 files changed, 28 insertions(+), 305 deletions(-) delete mode 100644 lass/2configs/xserver/Xresources.nix delete mode 100644 lass/2configs/xserver/default.nix delete mode 100644 lass/2configs/xserver/xserver.conf.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2933ca0e4..539fdc875 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -1,13 +1,13 @@ { config, pkgs, ... }: - +with import ; let - mainUser = config.users.extraUsers.mainUser; + user = config.krebs.build.user; in { imports = [ - ./xserver ./mpv.nix ./power-action.nix ./screenlock.nix + ./copyq.nix { hardware.pulseaudio = { enable = true; @@ -66,37 +66,31 @@ in { youtube-tools rxvt_unicode - #window manager stuff - #haskellPackages.xmobar - #haskellPackages.yeganesh - #dmenu2 - #xlibs.fontschumachermisc ]; - #fonts.fonts = [ - # pkgs.xlibs.fontschumachermisc - #]; + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; - #services.xserver = { - # enable = true; + services.xserver = { + enable = true; - # windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [ - # X11-xshape - # ]; - # windowManager.xmonad.enable = true; - # windowManager.xmonad.enableContribAndExtras = true; - # windowManager.default = "xmonad"; - # desktopManager.default = "none"; - # desktopManager.xterm.enable = false; - # displayManager.slim.enable = true; - # displayManager.auto.enable = true; - # displayManager.auto.user = mainUser.name; + desktopManager.xterm.enable = false; + displayManager.slim.enable = true; + windowManager.session = [{ + name = "xmonad"; + start = '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: + ${pkgs.xmonad-lass}/bin/xmonad & + waitPID=$! + ''; + }]; - # layout = "us"; - # xkbModel = "evdev"; - # xkbVariant = "altgr-intl"; - # xkbOptions = "caps:backspace"; - #}; + layout = "us"; + xkbModel = "evdev"; + xkbVariant = "altgr-intl"; + xkbOptions = "caps:backspace"; + }; services.logind.extraConfig = '' HandleLidSwitch=ignore @@ -107,4 +101,6 @@ in { twoFingerScroll = true; accelFactor = "0.035"; }; + + services.urxvtd.enable = true; } diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index 29f321994..971be9588 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -9,9 +9,5 @@ in { url = "prism/wallpaper.png"; maxTime = 10; }; - systemd.services.fetchWallpaper = { - after = [ "xmonad.service" ]; - wantedBy = [ "xmonad.service" ]; - }; } diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix deleted file mode 100644 index 3049774f8..000000000 --- a/lass/2configs/xserver/Xresources.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -pkgs.writeText "Xresources" '' - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* - - ! ref https://github.com/muennich/urxvt-perls - URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl - URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select - URxvt.url-select.underline: true - URxvt.keysym.M-u: perl:url-select:select_next - URxvt.keysym.M-Escape: perl:keyboard-select:activate - URxvt.keysym.M-s: perl:keyboard-select:search - - URxvt.intensityStyles: false - - URxvt*background: #050505 - ! URxvt*background: #041204 - - !URxvt.depth: 32 - !URxvt*background: rgba:0500/0500/0500/cccc - - ! URxvt*background: #080810 - URxvt*foreground: #d0d7d0 - ! URxvt*background: black - ! URxvt*foreground: white - ! URxvt*background: rgb:00/00/40 - ! URxvt*foreground: rgb:a0/a0/d0 - ! XTerm*cursorColor: rgb:00/00/60 - URxvt*cursorColor: #f042b0 - URxvt*cursorColor2: #f0b000 - URxvt*cursorBlink: off - ! URxvt*cursorUnderline: true - ! URxvt*highlightColor: #232323 - ! URxvt*highlightTextColor: #b0ffb0 - - URxvt*.pointerBlank: true - URxvt*.pointerBlankDelay: 987654321 - URxvt*.pointerColor: #f042b0 - URxvt*.pointerColor2: #050505 - - ! URxvt*color0: #000000 - ! URxvt*color1: #c00000 - ! URxvt*color2: #80c070 - URxvt*color3: #c07000 - ! URxvt*color4: #0000c0 - URxvt*color4: #4040c0 - ! URxvt*color5: #c000c0 - ! URxvt*color6: #008080 - URxvt*color7: #c0c0c0 - - URxvt*color8: #707070 - URxvt*color9: #ff6060 - URxvt*color10: #70ff70 - URxvt*color11: #ffff70 - URxvt*color12: #7070ff - URxvt*color13: #ff50ff - URxvt*color14: #70ffff - URxvt*color15: #ffffff - -'' diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix deleted file mode 100644 index cba4db766..000000000 --- a/lass/2configs/xserver/default.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ config, pkgs, ... }@args: -with import ; -let - user = config.krebs.build.user; - - copyqConfig = pkgs.writeDash "copyq-config" '' - ${pkgs.copyq}/bin/copyq config check_clipboard true - ${pkgs.copyq}/bin/copyq config check_selection true - ${pkgs.copyq}/bin/copyq config copy_clipboard true - ${pkgs.copyq}/bin/copyq config copy_selection true - - ${pkgs.copyq}/bin/copyq config activate_closes true - ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 - ${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard - ${pkgs.copyq}/bin/copyq config disable_tray true - ${pkgs.copyq}/bin/copyq config hide_tabs true - ${pkgs.copyq}/bin/copyq config hide_toolbar true - ${pkgs.copyq}/bin/copyq config item_popup_interval true - ${pkgs.copyq}/bin/copyq config maxitems 1000 - ${pkgs.copyq}/bin/copyq config move true - ${pkgs.copyq}/bin/copyq config text_wrap true - ''; -in { - - environment.systemPackages = [ - pkgs.gitAndTools.qgit - pkgs.mpv - pkgs.sxiv - pkgs.xsel - pkgs.zathura - ]; - - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; - - services.xserver = { - enable = true; - display = 11; - tty = 11; - - synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; - - layout = "us"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; - }; - - systemd.services.display-manager.enable = false; - - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - - XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & - ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} & - ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & - wait - ''; - - XMONAD_STATE = "/tmp/xmonad.state"; - - # XXX JSON is close enough :) - XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ - "dashboard" # we start here - ]); - }; - serviceConfig = { - SyslogIdentifier = "xmonad"; - ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; - ExecStop = pkgs.writeScript "xmonad-stop" '' - #! /bin/sh - ${pkgs.xmonad-lass}/bin/xmonad --shutdown - ${pkgs.coreutils}/bin/sleep 2s - ''; - User = user.name; - WorkingDirectory = user.home; - }; - }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" - ]; - reloadIfChanged = true; - environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); - }; - serviceConfig = { - SyslogIdentifier = "xserver"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = toString [ - "${pkgs.xorg.xorgserver}/bin/X" - ":${toString config.services.xserver.display}" - "vt${toString config.services.xserver.tty}" - "-config ${import ./xserver.conf.nix args}" - "-logfile /dev/null -logverbose 0 -verbose 3" - "-nolisten tcp" - "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" - ]; - }; - }; - - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - SyslogIdentifier = "urxvtd"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; - }; - - systemd.services.copyq = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - }; - serviceConfig = { - SyslogIdentifier = "copyq"; - ExecStart = "${pkgs.copyq}/bin/copyq"; - ExecStartPost = copyqConfig; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; - }; -} diff --git a/lass/2configs/xserver/xserver.conf.nix b/lass/2configs/xserver/xserver.conf.nix deleted file mode 100644 index 6f34e0150..000000000 --- a/lass/2configs/xserver/xserver.conf.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -let - cfg = config.services.xserver; -in - -pkgs.stdenv.mkDerivation { - name = "xserver.conf"; - - xfs = optionalString (cfg.useXFS != false) - ''FontPath "${toString cfg.useXFS}"''; - - inherit (cfg) config; - - buildCommand = - '' - echo 'Section "Files"' >> $out - echo $xfs >> $out - - for i in ${toString config.fonts.fonts}; do - if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then - for j in $(find $i -name fonts.dir); do - echo " FontPath \"$(dirname $j)\"" >> $out - done - fi - done - - for i in $(find ${toString cfg.modules} -type d); do - if test $(echo $i/*.so* | wc -w) -ne 0; then - echo " ModulePath \"$i\"" >> $out - fi - done - - echo 'EndSection' >> $out - - echo "$config" >> $out - ''; -} diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index dd4d8803c..22ec7efa9 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -22,7 +22,7 @@ import XMonad import qualified XMonad.StackSet as W import Control.Exception import Data.List (isInfixOf) -import System.Environment (getArgs, withArgs, getEnv) +import System.Environment (getArgs, withArgs) import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) import Text.Read (readEither) @@ -60,21 +60,17 @@ main = getArgs >>= \case mainNoArgs :: IO () mainNoArgs = do - workspaces0 <- getWorkspaces0 xmonad' $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def { terminal = urxvtcPath , modMask = mod4Mask - , workspaces = workspaces0 , layoutHook = smartBorders $ myLayoutHook , manageHook = placeHook (smart (1,0)) <+> floatNextHook - , startupHook = do - path <- liftIO (getEnv "XMONAD_STARTUP_HOOK") - forkFile path [] Nothing , normalBorderColor = "#1c1c1c" , focusedBorderColor = "#f000b0" , handleEventHook = handleShutdownEvent + , workspaces = [ "dashboard" ] } `additionalKeysP` myKeyMap myLayoutHook = defLayout @@ -84,7 +80,7 @@ myLayoutHook = defLayout xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () xmonad' conf = do - path <- getEnv "XMONAD_STATE" + let path = "/tmp/xmonad.state" try (readFile path) >>= \case Right content -> do hPutStrLn stderr ("resuming from " ++ path) @@ -93,18 +89,6 @@ xmonad' conf = do hPutStrLn stderr (displaySomeException e) xmonad conf -getWorkspaces0 :: IO [String] -getWorkspaces0 = - try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case - Left e -> warn (displaySomeException e) - Right p -> try (readFile p) >>= \case - Left e -> warn (displaySomeException e) - Right x -> case readEither x of - Left e -> warn e - Right y -> return y - where - warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return [] - displaySomeException :: SomeException -> String displaySomeException = displayException From 47a4df4558803937823e3c671153bda372d60de5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Feb 2017 00:06:15 +0100 Subject: [PATCH 28/78] l 2: use #noise on ni for noisy stuff --- lass/2configs/buildbot-standalone.nix | 2 +- lass/2configs/monitoring/monit-alarms.nix | 2 +- lass/2configs/monitoring/server.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index cd11254d6..2bd3e9914 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -216,7 +216,7 @@ in { enable = true; nick = "buildbot-lass"; server = "ni.r"; - channels = [ { channel = "retiolum"; } ]; + channels = [ { channel = "retiolum"; } { channel = "noise"; } ]; allowForce = true; }; }; diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix index 063fadb1b..05d64c049 100644 --- a/lass/2configs/monitoring/monit-alarms.nix +++ b/lass/2configs/monitoring/monit-alarms.nix @@ -6,7 +6,7 @@ let set -euf export LOGNAME=prism-alarm ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 prism-alarm \#retiolum "${msg}" >/dev/null + ni.r 6667 prism-alarm \#noise "${msg}" >/dev/null ''; in { diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index bbae4511e..b6ccf9cc1 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -29,7 +29,7 @@ with import ; data="$(${pkgs.jq}/bin/jq -r .message)" export LOGNAME=prism-alarm ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null + ni.r 6667 prism-alarm \#noise "$data" >/dev/null ''; in { enable = true; From f959d410b60ef7fe7b99546e18f0b473c1a8ac42 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Feb 2017 00:06:38 +0100 Subject: [PATCH 29/78] l 2: disable dark blue folders --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 2292b5ce3..8100a433f 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -161,6 +161,7 @@ with import ; shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion complete -d cd + LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS ''; promptInit = '' if test $UID = 0; then From 66cb7e01eb9b7bf9d4348b31fa38492270fa8ec0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Feb 2017 00:06:57 +0100 Subject: [PATCH 30/78] l 2 hw tp-x220: disable touchpad by default --- lass/2configs/hw/tp-x220.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix index d551cd44e..1e75271ca 100644 --- a/lass/2configs/hw/tp-x220.nix +++ b/lass/2configs/hw/tp-x220.nix @@ -48,4 +48,9 @@ with import ; ]; security.rngd.enable = true; + + services.xserver.synaptics = { + enable = true; + additionalOptions = ''Option "TouchpadOff" "1"''; + }; } From 43d6c89dd68a6c2cda969d716ff381bd47c0545d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Feb 2017 13:15:58 +0100 Subject: [PATCH 31/78] l 2 screenlock: use DISPLAY :0 --- lass/2configs/screenlock.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/screenlock.nix b/lass/2configs/screenlock.nix index 237127f69..b5bc4ee2a 100644 --- a/lass/2configs/screenlock.nix +++ b/lass/2configs/screenlock.nix @@ -5,7 +5,7 @@ before = [ "sleep.target" ]; wantedBy = [ "sleep.target" ]; environment = { - DISPLAY = ":${toString config.services.xserver.display}"; + DISPLAY = ":0"; }; serviceConfig = { SyslogIdentifier = "screenlock"; From 6a3700da3ce6675cdb600f841007cea923e78454 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Feb 2017 19:40:04 +0100 Subject: [PATCH 32/78] k 3 fetchWallpaper: use $HOME as default --- krebs/3modules/fetchWallpaper.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 8db8be771..d5f2d0b69 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -24,7 +24,7 @@ let # TODO find a better default stateDir stateDir = mkOption { type = types.str; - default = "./wallpaper"; + default = "$HOME/wallpaper"; }; display = mkOption { type = types.str; @@ -49,8 +49,8 @@ let fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" '' set -euf - mkdir -p ${shell.escape cfg.stateDir} - cd ${shell.escape cfg.stateDir} + mkdir -p ${cfg.stateDir} + cd ${cfg.stateDir} (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || : feh --no-fehbg --bg-scale wallpaper ''; From a5cc6741418e9915613a8f9f99a7aae700cac3c3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Feb 2017 19:40:25 +0100 Subject: [PATCH 33/78] k 3 fetchWallpaper: remove deprecated after target --- krebs/3modules/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index d5f2d0b69..3d6a285c3 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -64,7 +64,7 @@ let }; systemd.user.services.fetchWallpaper = { description = "fetch wallpaper"; - after = [ "network.target" "graphical.target" ]; + after = [ "graphical.target" ]; wants = [ "graphical.target" ]; wantedBy = [ "default.target" ]; From ef8dbbe206d2eae5a160b4a4a85f0b947cd85e08 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 17 Feb 2017 16:04:41 +0100 Subject: [PATCH 34/78] l 1 prism: run repo-sync more often --- lass/1systems/prism.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index a62b5cd75..81520ad5f 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -215,7 +215,7 @@ in { } { krebs.repo-sync.timerConfig = { - OnUnitInactiveSec = "5min"; + OnUnitInactiveSec = "3min"; RandomizedDelaySec = "2min"; }; } From 763b9b4688bcd6719a5f4f6f5c59bcc56204e6e2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 17 Feb 2017 16:12:12 +0100 Subject: [PATCH 35/78] l 2 vim: enable ruler --- lass/2configs/vim.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index c3eac8f38..4d6dfe366 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -25,7 +25,7 @@ let set hlsearch set incsearch set mouse=a - set noruler + set ruler set pastetoggle= set runtimepath=${extra-runtimepath},$VIMRUNTIME set shortmess+=I From ada1147bb69e0dec79c0b0fcf2c64c7df4576ad2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2017 14:29:49 +0100 Subject: [PATCH 36/78] k 3 fetchWallpaper: remove obsolete targets --- krebs/3modules/fetchWallpaper.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 3d6a285c3..e226a9060 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -64,8 +64,6 @@ let }; systemd.user.services.fetchWallpaper = { description = "fetch wallpaper"; - after = [ "graphical.target" ]; - wants = [ "graphical.target" ]; wantedBy = [ "default.target" ]; path = with pkgs; [ From d4445947aeacf9f133eaad375106cd1cfad84e25 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2017 14:30:21 +0100 Subject: [PATCH 37/78] l 1 shodan: setup hfos monitoring --- lass/1systems/shodan.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 232e91d90..82622d154 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -42,6 +42,26 @@ with import ; pkgs.python27Packages.python ]; } + { + krebs.monit = let + echoToIrc = msg: + pkgs.writeDash "echo_irc" '' + set -euf + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null + ''; + in { + enable = true; + http.enable = true; + alarms = { + hfos = { + test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; + alarm = echoToIrc "test hfos failed"; + }; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.shodan; From 5829d6726070b037d5698faedb77fa79b311c9f2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2017 14:30:49 +0100 Subject: [PATCH 38/78] l 2 hfos: run krebs-iptables after libvirtd --- lass/2configs/hfos.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index a4020dade..dcd50dd7b 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -36,4 +36,6 @@ with import ; krebs.iptables.tables.nat.OUTPUT.rules = [ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; } ]; + + systemd.services.krebs-iptables.after = [ "libvirtd.service" ]; } From af93c8cba606813007bab84e8d1d8d822764333a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2017 14:31:15 +0100 Subject: [PATCH 39/78] l 2 monitoring monit: use hostname in irc alarm --- lass/2configs/monitoring/monit-alarms.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix index 05d64c049..9333ef9d2 100644 --- a/lass/2configs/monitoring/monit-alarms.nix +++ b/lass/2configs/monitoring/monit-alarms.nix @@ -6,7 +6,7 @@ let set -euf export LOGNAME=prism-alarm ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 prism-alarm \#noise "${msg}" >/dev/null + ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null ''; in { From 5b3b825a520a13052f39ab209234a7451c8f8539 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2017 14:31:49 +0100 Subject: [PATCH 40/78] l 2 monitoring monit: remove hfos test --- lass/2configs/monitoring/monit-alarms.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix index 9333ef9d2..65b91a745 100644 --- a/lass/2configs/monitoring/monit-alarms.nix +++ b/lass/2configs/monitoring/monit-alarms.nix @@ -22,10 +22,6 @@ in { test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'"; alarm = echoToIrc "test ubik failed"; }; - hfos = { - test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; - alarm = echoToIrc "test hfos failed"; - }; cac-panel = { test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'"; alarm = echoToIrc "test cac-panel failed"; From cf64d51cc5e9b06a6fef68b2f60738b15a522e2e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2017 18:20:30 +0100 Subject: [PATCH 41/78] l 1 shodan: open monit port --- lass/1systems/shodan.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 82622d154..dca616936 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -61,6 +61,9 @@ with import ; }; }; }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } + ]; } ]; From d7a20e7ab8e1374ff34ff98b9c5764a9a8a44b82 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2017 18:21:00 +0100 Subject: [PATCH 42/78] l 2 games: remove obsolete marinevoice pack --- lass/2configs/games.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 1bcb8c676..5ff314260 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -11,7 +11,6 @@ let DOOM_DIR=''${DOOM_DIR:-~/doom/} ${vdoom} \ -file $DOOM_DIR/lib/brutalv20.pk3 \ - -file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \ "$@" ''; doom1 = pkgs.writeDashBin "doom1" '' From 9c686779e840eeddc6a74106b0a98362d5d1705b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2017 18:21:30 +0100 Subject: [PATCH 43/78] l 2 games: add vdoomserver executeable --- lass/2configs/games.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 5ff314260..e47cf22c3 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -30,6 +30,31 @@ let ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" ''; + doomservercfg = pkgs.writeText "doomserver.cfg" '' + skill 7 + #survival true + #sv_maxlives 4 + #sv_norespawn true + #sv_weapondrop true + no_jump true + #sv_noweaponspawn true + sv_sharekeys true + sv_survivalcountdowntime 1 + sv_noteamselect true + sv_updatemaster false + #sv_coop_loseinventory true + #cl_startasspectator false + #lms_spectatorview false + ''; + + vdoomserver = pkgs.writeDashBin "vdoomserver" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + + ${pkgs.zandronum-bin}/bin/zandronum-server \ + +exec ${doomservercfg} \ + "$@" + ''; + in { environment.systemPackages = with pkgs; [ dwarf_fortress @@ -37,6 +62,7 @@ in { doom2 vdoom1 vdoom2 + vdoomserver ]; users.extraUsers = { From 437dea4e645778a691f0292f86d98d50a605ffdd Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2017 18:22:06 +0100 Subject: [PATCH 44/78] l 2 games: open up doom port --- lass/2configs/games.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index e47cf22c3..58051560a 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -81,4 +81,8 @@ in { security.sudo.extraConfig = '' ${mainUser.name} ALL=(games) NOPASSWD: ALL ''; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 10666"; target = "ACCEPT"; } + ]; } From f7db5dbe10419bc8a2bb6540512d2c47722fae6d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2017 18:23:33 +0100 Subject: [PATCH 45/78] k 5: add zandronum-bin 3.0 --- krebs/5pkgs/zandronum-bin/default.nix | 83 +++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 krebs/5pkgs/zandronum-bin/default.nix diff --git a/krebs/5pkgs/zandronum-bin/default.nix b/krebs/5pkgs/zandronum-bin/default.nix new file mode 100644 index 000000000..e97f46add --- /dev/null +++ b/krebs/5pkgs/zandronum-bin/default.nix @@ -0,0 +1,83 @@ +{ stdenv +, atk +, bzip2 +, cairo +, fetchurl +, fluidsynth +, fontconfig +, freetype +, gdk_pixbuf +, glib +, gtk2 +, libjpeg_turbo +, mesa_glu +, mesa_noglu +, openssl +, pango +, SDL +, zlib +, makeWrapper +}: + +stdenv.mkDerivation rec { + name = "zandronum-3.0"; + + src = fetchurl { + url = "http://zandronum.com/downloads/testing/3.0/ZandroDev3.0-170205-2117linux-x86_64.tar.bz2"; + sha256 = "17vrzk0m5b17sp3sqcg57r7812ma97lp3qxn9hmd39fwl1z40fz3"; + }; + + libPath = stdenv.lib.makeLibraryPath [ + atk + bzip2 + cairo + fluidsynth + fontconfig + freetype + gdk_pixbuf + glib + gtk2 + libjpeg_turbo + mesa_glu + mesa_noglu + openssl + pango + SDL + stdenv.cc.cc + zlib + ]; + + nativeBuildInputs = [ makeWrapper ]; + + phases = [ "unpackPhase" "installPhase" ]; + + sourceRoot = "."; + + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/share/zandronum + cp *.so *.pk3 zandronum zandronum-server $out/share/zandronum + + patchelf \ + --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \ + --set-rpath $libPath:$out/share/zandronum \ + $out/share/zandronum/zandronum + patchelf \ + --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \ + --set-rpath $libPath \ + $out/share/zandronum/zandronum-server + + # If we don't set absolute argv0, zandronum.wad file is not found. + makeWrapper $out/share/zandronum/zandronum $out/bin/zandronum + makeWrapper $out/share/zandronum/zandronum-server $out/bin/zandronum-server + ''; + + meta = { + homepage = http://zandronum.com/; + description = "Multiplayer oriented port, based off Skulltag, for Doom and Doom II by id Software. Binary version for online play"; + maintainers = [ stdenv.lib.maintainers.lassulus ]; + # Binary version has different version string than source code version. + license = stdenv.lib.licenses.unfreeRedistributable; + platforms = [ "x86_64-linux" ]; + }; +} From 8d8f26db46a739f6eb7d78a2cbd23ef8fc4e10d5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2017 21:57:48 +0100 Subject: [PATCH 46/78] l 2 git: also start nginx --- lass/2configs/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index bdd65ce09..3e1b2c6e3 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -5,6 +5,7 @@ with import ; let out = { + services.nginx.enable = true; krebs.git = { enable = true; cgit = { From 953b7f0a8e99ee5925276001d1eeacbc54cb6d36 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2017 21:58:13 +0100 Subject: [PATCH 47/78] l 2: add xresources.nix --- lass/2configs/baseX.nix | 1 + lass/2configs/xresources.nix | 54 ++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 lass/2configs/xresources.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 539fdc875..446814c50 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,6 +8,7 @@ in { ./power-action.nix ./screenlock.nix ./copyq.nix + ./xresources.nix { hardware.pulseaudio = { enable = true; diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix new file mode 100644 index 000000000..58f1623b8 --- /dev/null +++ b/lass/2configs/xresources.nix @@ -0,0 +1,54 @@ +{ config, pkgs, ... }: + +with import ; + +let + + xresources = pkgs.writeText "Xresources" '' + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*SaveLines: 4096 + URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + + ! ref https://github.com/muennich/urxvt-perls + URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl + URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select + URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select + URxvt.url-select.underline: true + URxvt.keysym.M-u: perl:url-select:select_next + URxvt.keysym.M-Escape: perl:keyboard-select:activate + URxvt.keysym.M-s: perl:keyboard-select:search + + URxvt.intensityStyles: false + + URxvt*background: #000000 + URxvt*foreground: #d0d7d0 + + URxvt*cursorColor: #f042b0 + URxvt*cursorColor2: #f0b000 + URxvt*cursorBlink: off + + URxvt*.pointerBlank: true + URxvt*.pointerBlankDelay: 987654321 + URxvt*.pointerColor: #f042b0 + URxvt*.pointerColor2: #050505 + ''; + +in { + systemd.user.services.xresources = { + description = "xresources"; + wantedBy = [ "default.target" ]; + + environment = { + DISPLAY = ":0"; + }; + + restartIfChanged = true; + + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; + }; + }; +} From 6b289f8b2cd51d56c84049eab474b3f6a538bd53 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Feb 2017 16:31:52 +0100 Subject: [PATCH 48/78] l 2 baseX: automatically login --- lass/2configs/baseX.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 446814c50..179d5dbe3 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -77,7 +77,13 @@ in { enable = true; desktopManager.xterm.enable = false; - displayManager.slim.enable = true; + desktopManager.default = "none"; + displayManager.lightdm.enable = true; + displayManager.lightdm.autoLogin = { + enable = true; + user = "lass"; + }; + windowManager.default = "xmonad"; windowManager.session = [{ name = "xmonad"; start = '' From 923e6edb155259d198ea5f1742426d3d6b75503b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Feb 2017 16:32:16 +0100 Subject: [PATCH 49/78] l 2 binary-cache: add cache.nixos.org --- lass/2configs/binary-cache/client.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix index 108ff7a1e..9dba5fbfb 100644 --- a/lass/2configs/binary-cache/client.nix +++ b/lass/2configs/binary-cache/client.nix @@ -2,8 +2,14 @@ { nix = { - binaryCaches = ["http://cache.prism.r"]; - binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + binaryCaches = [ + "http://cache.prism.r" + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; }; } From 4aee8108bd8863d52bc23cfd573d68abef0f562a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Feb 2017 16:32:46 +0100 Subject: [PATCH 50/78] l 2 games: open doom port for udp --- lass/2configs/games.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 58051560a..d114a826d 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -84,5 +84,6 @@ in { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 10666"; target = "ACCEPT"; } + { predicate = "-p udp --dport 10666"; target = "ACCEPT"; } ]; } From 20be651e7a8ed0c0cd99d6147331912099f8a7de Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Feb 2017 16:33:00 +0100 Subject: [PATCH 51/78] l 2 xresources: try until success --- lass/2configs/xresources.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix index 58f1623b8..35dbe2044 100644 --- a/lass/2configs/xresources.nix +++ b/lass/2configs/xresources.nix @@ -49,6 +49,7 @@ in { serviceConfig = { Type = "simple"; ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; + Restart = "on-failure"; }; }; } From 9a20022a93c3fc9617fb028582e6f625aca33213 Mon Sep 17 00:00:00 2001 From: nin Date: Wed, 22 Feb 2017 21:35:38 +0100 Subject: [PATCH 52/78] n 2 nixpkgs: d2cd8a0 -> 6651c72 --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 27a845bd5..ad39848b6 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "d2cd8a0"; + ref = "6651c72"; }; } From 8a3515e1a6fa8dfc6b7377a0567426d11774e144 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Feb 2017 16:34:29 +0100 Subject: [PATCH 53/78] l 2: add termite.nix --- lass/2configs/termite.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 lass/2configs/termite.nix diff --git a/lass/2configs/termite.nix b/lass/2configs/termite.nix new file mode 100644 index 000000000..245b89e9c --- /dev/null +++ b/lass/2configs/termite.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: +with import ; + +{ + environment.systemPackages = [ + pkgs.termite + ]; + + krebs.per-user.lass.packages = let + termitecfg = pkgs.writeTextFile { + name = "termite-config"; + destination = "/etc/xdg/termite/config"; + text = '' + [colors] + foreground = #d0d7d0 + background = #000000 + ''; + }; + in [ + termitecfg + ]; +} From 21ccde0d722c49a584486e882e5d4a304468949e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Feb 2017 00:02:06 +0100 Subject: [PATCH 54/78] l 2: add security-workarounds --- lass/2configs/default.nix | 4 ++-- lass/2configs/security-workarounds.nix | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 lass/2configs/security-workarounds.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 8100a433f..5f383a91d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,5 +1,4 @@ -{ config, lib, pkgs, ... }: - +{ config, pkgs, ... }: with import ; { imports = [ @@ -11,6 +10,7 @@ with import ; ../2configs/vim.nix ../2configs/monitoring/client.nix ./backups.nix + ./security-workarounds.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix new file mode 100644 index 000000000..537c8a59b --- /dev/null +++ b/lass/2configs/security-workarounds.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +with import ; +{ + # http://seclists.org/oss-sec/2017/q1/471 + boot.extraModprobeConfig = '' + install dccp /run/current-system/sw/bin/false + ''; +} From 26ccfbc834f0312b9c439c92994982c616008d3f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Feb 2017 17:45:42 +0100 Subject: [PATCH 55/78] l 2 vim: ignore E501 with flake8 --- lass/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 4d6dfe366..4e0af0dc7 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -66,6 +66,7 @@ let "Syntastic config let g:syntastic_python_checkers=['flake8'] + let g:syntastic_python_flake8_post_args='--ignore=E501' nmap q :buffer nmap :buffer From b8949604aae84355d52cdba884f3da919fb67dfb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Feb 2017 17:47:11 +0100 Subject: [PATCH 56/78] l 5 xmonad: use new wallpaper location --- lass/5pkgs/xmonad-lass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 22ec7efa9..bc70417f5 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -95,7 +95,7 @@ displaySomeException = displayException myKeyMap :: [([Char], X ())] myKeyMap = - [ ("M4-", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") + [ ("M4-", spawn "${pkgs.i3lock}/bin/i3lock -i $HOME/wallpaper -f") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") From 836a7186a03623ad34d8c523ae66fc184180a01b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Feb 2017 20:31:42 +0100 Subject: [PATCH 57/78] l 1 prism: use lambdabot from nixpkgs lambdabot is broken with LTS Haskell 8.0 so we use the commit prior --- lass/1systems/prism.nix | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 81520ad5f..1f983da1e 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -247,7 +247,13 @@ in { ]; } { - krebs.Reaktor.coders = { + krebs.Reaktor.coders = let + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + in { nickname = "reaktor-lass"; channels = [ "#coders" ]; extraEnviron = { @@ -263,7 +269,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-pl" { pattern = "^@pl (?P.*)$$"; script = pkgs.writeDash "lambda-pl" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@pl $1" ''; @@ -271,7 +277,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-type" { pattern = "^@type (?P.*)$$"; script = pkgs.writeDash "lambda-type" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@type $1" ''; @@ -279,7 +285,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-let" { pattern = "^@let (?P.*)$$"; script = pkgs.writeDash "lambda-let" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@let $1" ''; @@ -287,7 +293,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-run" { pattern = "^@run (?P.*)$$"; script = pkgs.writeDash "lambda-run" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@run $1" ''; @@ -295,7 +301,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-kind" { pattern = "^@kind (?P.*)$$"; script = pkgs.writeDash "lambda-kind" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@kind $1" ''; @@ -303,7 +309,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-kind" { pattern = "^@kind (?P.*)$$"; script = pkgs.writeDash "lambda-kind" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@kind $1" ''; From 984a21d274089e51ae39f6fb6f2b201f705fe3f1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Feb 2017 20:38:41 +0100 Subject: [PATCH 58/78] l 2 baesX: remove obsolete setuid for xlock --- lass/2configs/baseX.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 179d5dbe3..bca7e93d6 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -33,8 +33,6 @@ in { programs.ssh.startAgent = false; - security.setuidPrograms = [ "slock" ]; - services.printing = { enable = true; drivers = [ pkgs.foomatic_filters ]; From 567668c6c95241a125447765c81d506d651c30a5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Feb 2017 20:39:14 +0100 Subject: [PATCH 59/78] l 2 browsers: use new setuid location --- lass/2configs/browsers.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 88ee70802..6c381863c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -20,7 +20,7 @@ let createChromiumUser = name: extraGroups: let bin = pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ ''; in { users.extraUsers.${name} = { @@ -43,7 +43,7 @@ let createFirefoxUser = name: extraGroups: let bin = pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ ''; in { users.extraUsers.${name} = { From 8901f987309486c85607e2da02f1d357ff157911 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Feb 2017 20:39:34 +0100 Subject: [PATCH 60/78] l 2 exim-smarthost: use ipv6 addresses of hosts --- lass/2configs/exim-smarthost.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index d120dfcad..360d839db 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -12,7 +12,7 @@ with import ; "lassul.us" "aidsballs.de" ]; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.uriel config.krebs.hosts.helios From 3503876c06f510f99c2184ddbcd57dbb79a3a91f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Feb 2017 20:40:54 +0100 Subject: [PATCH 61/78] l 2 nixpkgs: 6651c72 -> a9584c9 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index ad39848b6..a0ba8116f 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "6651c72"; + ref = "a9584c9"; }; } From 9541497b437d713bb9a9d6ddcaafca190d17d45d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 1 Mar 2017 16:02:35 +0100 Subject: [PATCH 62/78] l 2 websites util: use php56 for owncloud --- lass/2configs/websites/util.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index d596e9db9..f83463bb1 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -32,6 +32,7 @@ rec { let domain = head domains; in { + services.phpfpm.phpPackage = pkgs.php56; services.nginx.virtualHosts."${domain}" = { enableACME = true; enableSSL = true; From f081d1577784f6493bb99919f81c31df3432569a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 1 Mar 2017 16:03:12 +0100 Subject: [PATCH 63/78] l 2 websites util: more power for wordpress --- lass/2configs/websites/util.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index f83463bb1..6d14de731 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -182,10 +182,10 @@ rec { user = nginx group = nginx pm = dynamic - pm.max_children = 5 - pm.start_servers = 2 + pm.max_children = 15 + pm.start_servers = 3 pm.min_spare_servers = 1 - pm.max_spare_servers = 3 + pm.max_spare_servers = 10 listen.owner = nginx listen.group = nginx php_admin_value[error_log] = 'stderr' From d51656224f5fe0b73f13739044c467db9b878387 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 2 Mar 2017 15:15:25 +0100 Subject: [PATCH 64/78] l 2 baseX: install gutenprint for cups --- lass/2configs/baseX.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index bca7e93d6..a8d9b4ff4 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -35,7 +35,10 @@ in { services.printing = { enable = true; - drivers = [ pkgs.foomatic_filters ]; + drivers = [ + pkgs.foomatic_filters + pkgs.gutenprint + ]; }; environment.systemPackages = with pkgs; [ From ee9695482704af0c8371399bdf74045d5723f450 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 2 Mar 2017 15:15:45 +0100 Subject: [PATCH 65/78] l 2 hfos: remove lass pubkey from riot --- lass/2configs/hfos.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index dcd50dd7b..a28a6a5d2 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -8,7 +8,6 @@ with import ; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex" - config.krebs.users.lass.pubkey ]; }; From 7f0dd39a8fa8872c7cc02830ab3b86dc675b8691 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 2 Mar 2017 19:28:52 +0100 Subject: [PATCH 66/78] l 2 nixpkgs: a9584c9 -> 53a2baa --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index a0ba8116f..fbf671874 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "a9584c9"; + ref = "53a2baa"; }; } From 5a9df2cc0b4255e015797993569815787a819529 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:42:44 +0100 Subject: [PATCH 67/78] tv nixpkgs: 5d03aab -> 53a2baa --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index dc26a6c6f..1d3ee3980 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "5d03aab044970e72a9c6cb07dab734c9c2a391e4"; + ref = "53a2baa"; # nixos-unstable (17.03-rc) }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From c5830150d0fd7b66fbf24f6fa58faa021d2aba00 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:43:10 +0100 Subject: [PATCH 68/78] krebs.setuid: update for nixos-unstable --- krebs/3modules/setuid.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 13f981437..c9677fd24 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -73,7 +73,7 @@ let }; imp = { - system.activationScripts."krebs.setuid" = stringAfter [ "setuid" ] + system.activationScripts."krebs.setuid" = stringAfter [ "wrappers" ] (concatMapStringsSep "\n" (getAttr "activate") (attrValues cfg)); }; From e71534f237057dedfcd0cd53bd89afc9ce33f1fc Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:57:52 +0100 Subject: [PATCH 69/78] krebs,tv: /var/setuid-wrappers -> /run/wrappers/bin --- krebs/3modules/exim.nix | 2 +- krebs/3modules/on-failure.nix | 2 +- krebs/3modules/urlwatch.nix | 2 +- tv/2configs/xserver/default.nix | 2 +- tv/5pkgs/xmonad-tv/default.nix | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 1127c0a50..0044f5b32 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -40,7 +40,7 @@ in { etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" '' exim_user = ${cfg.user.name} exim_group = ${cfg.group.name} - exim_path = /var/setuid-wrappers/exim + exim_path = /run/wrappers/bin/exim spool_directory = ${cfg.user.home} ${cfg.config} ''; diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix index 8bb022442..4da303dec 100644 --- a/krebs/3modules/on-failure.nix +++ b/krebs/3modules/on-failure.nix @@ -58,7 +58,7 @@ }; sendmail = mkOption { type = types.str; - default = "/var/setuid-wrappers/sendmail"; + default = "/run/wrappers/bin/sendmail"; }; }; diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index e43f8de4a..126fc33bb 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -178,7 +178,7 @@ let echo To: ${shell.escape cfg.mailto} echo cat changes - } | /var/setuid-wrappers/sendmail -t + } | /run/wrappers/bin/sendmail -t fi ''; }; diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 7dcfecce6..deb929c34 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -18,7 +18,7 @@ in { ]; # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /var/setuid-wrappers + # TODO krebs.setuid.slock.path vs /run/wrappers/bin krebs.setuid.slock = { filename = "${pkgs.slock}/bin/slock"; group = "wheel"; diff --git a/tv/5pkgs/xmonad-tv/default.nix b/tv/5pkgs/xmonad-tv/default.nix index c6a622bd1..5ac8f8372 100644 --- a/tv/5pkgs/xmonad-tv/default.nix +++ b/tv/5pkgs/xmonad-tv/default.nix @@ -132,7 +132,7 @@ spawnRootTerm :: X () spawnRootTerm = forkFile urxvtcPath - ["-name", "root-urxvt", "-e", "/var/setuid-wrappers/su", "-"] + ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"] Nothing spawnTermAt :: String -> X () @@ -143,7 +143,7 @@ spawnTermAt ws = do myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) myKeys conf = Map.fromList $ - [ ((_4 , xK_Escape ), forkFile "/var/setuid-wrappers/slock" [] Nothing) + [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) , ((_4S , xK_c ), kill) , ((_4 , xK_x ), chooseAction spawnTermAt) From cf289c9aec98fcb87e1debeb48f991f0256cdbb1 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 20:02:01 +0100 Subject: [PATCH 70/78] mv,tv: security.setuidPrograms -> security.wrappers --- mv/1systems/stro.nix | 6 +++--- tv/1systems/mu.nix | 8 ++++---- tv/1systems/wu.nix | 6 +++--- tv/1systems/xu.nix | 6 +++--- tv/1systems/zu.nix | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix index e371db788..c8035b88e 100644 --- a/mv/1systems/stro.nix +++ b/mv/1systems/stro.nix @@ -143,9 +143,9 @@ with import ; }; }; - security.setuidPrograms = [ - "sendmail" - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; security.sudo.extraConfig = '' Defaults env_keep+="SSH_CLIENT" diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix index e9a8a131a..fcd0a2178 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu.nix @@ -99,10 +99,10 @@ with import ; programs.ssh.startAgent = false; - security.setuidPrograms = [ - "sendmail" # for cron - "slock" - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + slock.slock = "${pkgs.slock}/bin/slock"; + }; security.pam.loginLimits = [ # for jack diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index a9d7e94eb..4cde8b903 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -157,9 +157,9 @@ with import ; #jack2 ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 974d820d5..4b8fe8da2 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -167,9 +167,9 @@ with import ; gptfdisk ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 59e8b1c7f..194ac2928 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -167,9 +167,9 @@ with import ; gptfdisk ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; From dd30ebef45b63b4c8bb8b586f750ff877f60f565 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 19:49:39 +0100 Subject: [PATCH 71/78] l 2: add livestream.nix --- lass/2configs/baseX.nix | 2 +- lass/2configs/livestream.nix | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 lass/2configs/livestream.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index a8d9b4ff4..275b93f26 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,6 +9,7 @@ in { ./screenlock.nix ./copyq.nix ./xresources.nix + ./livestream.nix { hardware.pulseaudio = { enable = true; @@ -42,7 +43,6 @@ in { }; environment.systemPackages = with pkgs; [ - acpi dic dmenu diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix new file mode 100644 index 000000000..25d54e26d --- /dev/null +++ b/lass/2configs/livestream.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +with import ; + +let + + stream = pkgs.writeDashBin "stream" '' + ${pkgs.python35Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@" + ''; + +in { + environment.systemPackages = [ stream ]; +} From 6344a9ff6a9926364b34a8556e794157b686bd05 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 19:59:36 +0100 Subject: [PATCH 72/78] exim: add primary_host to local_domains --- krebs/3modules/exim-smarthost.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index bda563f8d..0ad952e3b 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -55,7 +55,7 @@ let local_domains = mkOption { type = with types; listOf hostname; - default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases; + default = unique (["localhost" cfg.primary_hostname] ++ config.krebs.build.host.nets.retiolum.aliases); }; relay_from_hosts = mkOption { From 40faf4bdb7aea50c8e298af673b4fd92df0523a8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 20:03:19 +0100 Subject: [PATCH 73/78] l 2 exim-smarthost: set lassul.us as primary --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 360d839db..3353cdac0 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -8,6 +8,7 @@ with import ; dkim = [ { domain = "lassul.us"; } ]; + primary_hostname = "lassul.us"; sender_domains = [ "lassul.us" "aidsballs.de" From 6874e0f4ed1f638280878cd3e0878a943a0e282a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 20:04:39 +0100 Subject: [PATCH 74/78] l 2: add mosh to systemPackages --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 5f383a91d..3e7881fb4 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -135,6 +135,7 @@ with import ; #neat utils krebspaste + mosh pciutils pop psmisc From 8ec271445d5c42a4058ddd05cc0efec3cd68336a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 20:42:05 +0100 Subject: [PATCH 75/78] l 2 nixpkgs: 53a2baa -> 5b0c9d4 using 17.03 now --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index fbf671874..9c3eafffd 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "53a2baa"; + ref = "5b0c9d4"; }; } From e8b575db8dd94e92785015ff3479ceeb7ba3197d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 20:46:59 +0100 Subject: [PATCH 76/78] s 2: bump nixpkgs to 17.03 --- shared/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index cae2bc814..bf2ce84b6 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with import ; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; # nixos-16.09 @ 2016-10-19 + ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 @ 2017-03-04 }; secrets.file = if getEnv "dummy_secrets" == "true" From e1bb6d8c27d3be94e3fa18eb8958f2c885322126 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 22:01:03 +0100 Subject: [PATCH 77/78] l 2 livestream: use python27 --- lass/2configs/livestream.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix index 25d54e26d..c877a8c0a 100644 --- a/lass/2configs/livestream.nix +++ b/lass/2configs/livestream.nix @@ -4,7 +4,7 @@ with import ; let stream = pkgs.writeDashBin "stream" '' - ${pkgs.python35Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@" + ${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@" ''; in { From 39fd77b84c7c14d6460722721726b378bdab7acd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Mar 2017 00:21:53 +0100 Subject: [PATCH 78/78] l 1 prism: start repo-sync 5mins after boot --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 1f983da1e..b55732f65 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -215,6 +215,7 @@ in { } { krebs.repo-sync.timerConfig = { + OnBootSec = "5min"; OnUnitInactiveSec = "3min"; RandomizedDelaySec = "2min"; };