Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse Source
This commit is contained in:
tv 2017-03-05 00:28:32 +01:00
commit 4499cc4065
49 changed files with 782 additions and 653 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
krebs/3modules/default.nix
View File

@ -22,6 +22,7 @@ let
./go.nix ./go.nix
./iptables.nix ./iptables.nix
./kapacitor.nix ./kapacitor.nix
./monit.nix
./newsbot-js.nix ./newsbot-js.nix
./nginx.nix ./nginx.nix
./nixpkgs.nix ./nixpkgs.nix

2
krebs/3modules/exim-smarthost.nix
View File

@ -55,7 +55,7 @@ let
local_domains = mkOption { local_domains = mkOption {
type = with types; listOf hostname; type = with types; listOf hostname;
default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases; default = unique (["localhost" cfg.primary_hostname] ++ config.krebs.build.host.nets.retiolum.aliases);
}; };
relay_from_hosts = mkOption { relay_from_hosts = mkOption {

28
krebs/3modules/fetchWallpaper.nix
View File

@ -21,13 +21,14 @@ let
OnCalendar = "*:00,10,20,30,40,50"; OnCalendar = "*:00,10,20,30,40,50";
}; };
}; };
# TODO find a better default stateDir
stateDir = mkOption { stateDir = mkOption {
type = types.str; type = types.str;
default = "/var/lib/wallpaper"; default = "$HOME/wallpaper";
}; };
display = mkOption { display = mkOption {
type = types.str; type = types.str;
default = ":11"; default = ":0";
}; };
unitConfig = mkOption { unitConfig = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
@ -48,38 +49,30 @@ let
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" '' fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
set -euf set -euf
mkdir -p ${shell.escape cfg.stateDir} mkdir -p ${cfg.stateDir}
cd ${shell.escape cfg.stateDir} cd ${cfg.stateDir}
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || : (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper feh --no-fehbg --bg-scale wallpaper
''; '';
imp = { imp = {
users.users.fetchWallpaper = { systemd.user.timers.fetchWallpaper = {
name = "fetchWallpaper";
uid = genid "fetchWallpaper";
description = "fetchWallpaper user";
home = cfg.stateDir;
createHome = true;
};
systemd.timers.fetchWallpaper = {
description = "fetch wallpaper timer"; description = "fetch wallpaper timer";
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig; timerConfig = cfg.timerConfig;
}; };
systemd.services.fetchWallpaper = { systemd.user.services.fetchWallpaper = {
description = "fetch wallpaper"; description = "fetch wallpaper";
after = [ "network.target" ]; wantedBy = [ "default.target" ];
path = with pkgs; [ path = with pkgs; [
curl curl
feh feh
coreutils
]; ];
environment = { environment = {
URL = cfg.url;
DISPLAY = cfg.display; DISPLAY = cfg.display;
}; };
restartIfChanged = true; restartIfChanged = true;
@ -87,7 +80,6 @@ let
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = fetchWallpaperScript; ExecStart = fetchWallpaperScript;
User = "fetchWallpaper";
}; };
unitConfig = cfg.unitConfig; unitConfig = cfg.unitConfig;

10
krebs/3modules/lass/default.nix
View File

@ -73,13 +73,21 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
}; };
prism = { prism = rec {
cores = 4; cores = 4;
extraZones = {
"krebsco.de" = ''
prism IN A ${nets.internet.ip4.addr}
paste IN A ${nets.internet.ip4.addr}
'';
};
nets = rec { nets = rec {
internet = { internet = {
ip4.addr = "213.239.205.240"; ip4.addr = "213.239.205.240";
aliases = [ aliases = [
"prism.internet" "prism.internet"
"paste.i"
"paste.internet"
]; ];
ssh.port = 45621; ssh.port = 45621;
}; };

2
krebs/3modules/lass/ssh/icarus.rsa
View File

@ -1 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus

30
krebs/3modules/makefu/default.nix
View File

@ -236,7 +236,6 @@ with import <stockholm/lib>;
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
}; };
@ -291,7 +290,6 @@ with import <stockholm/lib>;
wry IN A ${nets.internet.ip4.addr} wry IN A ${nets.internet.ip4.addr}
io IN NS wry.krebsco.de. io IN NS wry.krebsco.de.
graphs IN A ${nets.internet.ip4.addr} graphs IN A ${nets.internet.ip4.addr}
paste 60 IN A ${nets.internet.ip4.addr}
tinc IN A ${nets.internet.ip4.addr} tinc IN A ${nets.internet.ip4.addr}
''; '';
}; };
@ -300,9 +298,7 @@ with import <stockholm/lib>;
ip4.addr = "104.233.87.86"; ip4.addr = "104.233.87.86";
aliases = [ aliases = [
"wry.i" "wry.i"
"paste.i"
"wry.internet" "wry.internet"
"paste.internet"
]; ];
}; };
retiolum = { retiolum = {
@ -431,15 +427,15 @@ with import <stockholm/lib>;
"wbob.retiolum" "wbob.retiolum"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8 cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9 rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
}; };
}; };
@ -569,7 +565,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
}; };
# non-stockholm # non-stockholm
flap = rec { flap = rec {
cores = 1; cores = 1;
@ -843,8 +839,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
}; };
}; };
}; };
} // { # hosts only maintained in stockholm, not owned by me } // { # hosts only maintained in stockholm, not owned by me
muhbaasu = rec { muhbaasu = rec {
owner = config.krebs.users.root; owner = config.krebs.users.root;
@ -920,6 +914,10 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
inherit (makefu) mail pgp; inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum";
}; };
makefu-bob = {
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
};
ciko = { ciko = {
mail = "wieczorek.stefan@googlemail.com"; mail = "wieczorek.stefan@googlemail.com";
}; };

116
krebs/3modules/monit.nix Normal file
View File

@ -0,0 +1,116 @@
{ config, lib, pkgs, ... }:
with builtins;
with import <stockholm/lib>;
let
cfg = config.krebs.monit;
out = {
options.krebs.monit = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "monit";
http = {
enable = mkEnableOption "monit http server";
port = mkOption {
type = types.int;
default = 9093;
};
user = mkOption {
type = types.str;
default = "krebs";
};
pass = mkOption {
type = types.str;
default = "bob";
};
};
user = mkOption {
type = types.user;
default = {
name = "monit";
};
};
group = mkOption {
type = types.group;
default = {
name = "monitor";
};
};
extraConfig = mkOption {
type = types.attrs;
default = {};
};
alarms = mkOption {
default = {};
type = with types; attrsOf (submodule {
options = {
test = mkOption {
type = path;
};
alarm = mkOption {
type = path;
};
interval = mkOption {
type = str;
default = "10";
};
};
});
};
};
imp = let
configFile = pkgs.writeText "monit.cfg" ''
${optionalString cfg.http.enable ''
set httpd port ${toString cfg.http.port}
allow ${cfg.http.user}:${cfg.http.pass}
''}
set daemon 10
${concatStringsSep "\n" (mapAttrsToList (name: alarm: ''
check program ${name} with path "${alarm.test}"
every ${alarm.interval} cycles
if status != 0 then exec "${alarm.alarm}"
'') cfg.alarms)}
'';
in {
environment.etc = [
{
source = configFile;
target = "monit.conf";
mode = "0400";
uid = config.users.users.${cfg.user.name}.uid;
}
];
users = {
groups.${cfg.group.name} = {
inherit (cfg.group) name gid;
};
users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
createHome = true;
group = cfg.group.name;
};
};
systemd.services.monit = {
description = "monit";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
User = cfg.user.name;
ExecStart = "${pkgs.monit}/bin/monit -I -c /etc/monit.conf";
# Monit should restart when the config changes
ExecStartPre = "${pkgs.coreutils}/bin/echo ${configFile}";
};
};
};
in out

2
krebs/3modules/nin/default.nix
View File

@ -38,6 +38,8 @@ with import <stockholm/lib>;
aliases = [ aliases = [
"onondaga.retiolum" "onondaga.retiolum"
"onondaga.r" "onondaga.r"
"cgit.onondaga.r"
"cgit.onondaga.retiolum"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----

8
krebs/5pkgs/buildbot/default.nix
View File

@ -3,10 +3,10 @@
pythonPackages.buildPythonApplication (rec { pythonPackages.buildPythonApplication (rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "buildbot"; pname = "buildbot";
version = "0.9.1"; version = "0.9.4";
src = fetchurl { src = fetchurl {
url = "mirror://pypi/b/${pname}/${name}.tar.gz"; url = "mirror://pypi/b/${pname}/${name}.tar.gz";
sha256 = "1kk4dlkk4rznwid9xykq2lbzksvkcr4r5kmz9hgh5hswdzv8bwx9"; sha256 = "0wklrn4fszac9wi8zw3vbsznwyff6y57cz0i81zvh46skb6n3086";
}; };
doCheck = false; doCheck = false;
buildInputs = with pythonPackages; [ buildInputs = with pythonPackages; [
@ -22,6 +22,7 @@ pythonPackages.buildPythonApplication (rec {
pylint pylint
astroid astroid
pyflakes pyflakes
pyjwt
]; ];
propagatedBuildInputs = with pythonPackages; [ propagatedBuildInputs = with pythonPackages; [
@ -55,9 +56,6 @@ pythonPackages.buildPythonApplication (rec {
] ++ plugins; ] ++ plugins;
patchPhase = ''
patch -p1 < ${./irc_messages.patch}
'';
preInstall = '' preInstall = ''
# writes out a file that can't be read properly # writes out a file that can't be read properly
sed -i.bak -e '69,84d' buildbot/test/unit/test_www_config.py sed -i.bak -e '69,84d' buildbot/test/unit/test_www_config.py

40
krebs/5pkgs/buildbot/irc_messages.patch
View File

@ -1,40 +0,0 @@
diff --git a/buildbot/reporters/words.py b/master/buildbot/reporters/words.py
index a65147b..bf44118 100644
--- a/buildbot/reporters/words.py
+++ b/buildbot/reporters/words.py
@@ -550,14 +550,15 @@ class Contact(service.AsyncService):
if self.useRevisions:
revisions = yield self.getRevisionsForBuild(build)
- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \
+ r = "Build %s containing revision(s) [%s] is complete: %s" % \
(builderName, ','.join(revisions), results[0])
else:
- r = "Hey! build %s #%d is complete: %s" % \
+ r = "Build %s #%d is complete: %s" % \
(builderName, buildNumber, results[0])
r += ' [%s]' % maybeColorize(build['state_string'],
results[1], self.useColors)
+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber)
self.send(r)
# FIXME: where do we get the list of changes for a build ?
@@ -622,14 +623,15 @@ class Contact(service.AsyncService):
results = self.getResultsDescriptionAndColor(build['results'])
if self.useRevisions:
revisions = yield self.getRevisionsForBuild(build)
- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \
+ r = "Build %s containing revision(s) [%s] is complete: %s" % \
(builder_name, ','.join(revisions), results[0])
else:
- r = "Hey! build %s #%d is complete: %s" % \
+ r = "Build %s #%d is complete: %s" % \
(builder_name, buildnum, results[0])
r += ' [%s]' % maybeColorize(build['state_string'],
results[1], self.useColors)
+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber)
self.send(r)
# FIXME: where do we get the base_url? Then do we use the build Link to

4
krebs/5pkgs/buildbot/worker.nix
View File

@ -2,12 +2,12 @@
pythonPackages.buildPythonApplication (rec { pythonPackages.buildPythonApplication (rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "buildbot-worker"; pname = "buildbot-worker";
version = "0.9.1"; version = "0.9.4";
doCheck = false; doCheck = false;
src = fetchurl { src = fetchurl {
url = "mirror://pypi/b/${pname}/${name}.tar.gz"; url = "mirror://pypi/b/${pname}/${name}.tar.gz";
sha256 = "00p9l1qz6mx12npjwsycp8f9a8f2har15ig79pfsg8z7a7yw93hx"; sha256 = "0rdrr8x7sn2nxl51p6h9ad42s3c28lb6sys84zrg0d7fm4zhv7hj";
}; };
buildInputs = with pythonPackages; [ setuptoolsTrial mock ]; buildInputs = with pythonPackages; [ setuptoolsTrial mock ];

83
krebs/5pkgs/zandronum-bin/default.nix Normal file
View File

@ -0,0 +1,83 @@
{ stdenv
, atk
, bzip2
, cairo
, fetchurl
, fluidsynth
, fontconfig
, freetype
, gdk_pixbuf
, glib
, gtk2
, libjpeg_turbo
, mesa_glu
, mesa_noglu
, openssl
, pango
, SDL
, zlib
, makeWrapper
}:
stdenv.mkDerivation rec {
name = "zandronum-3.0";
src = fetchurl {
url = "http://zandronum.com/downloads/testing/3.0/ZandroDev3.0-170205-2117linux-x86_64.tar.bz2";
sha256 = "17vrzk0m5b17sp3sqcg57r7812ma97lp3qxn9hmd39fwl1z40fz3";
};
libPath = stdenv.lib.makeLibraryPath [
atk
bzip2
cairo
fluidsynth
fontconfig
freetype
gdk_pixbuf
glib
gtk2
libjpeg_turbo
mesa_glu
mesa_noglu
openssl
pango
SDL
stdenv.cc.cc
zlib
];
nativeBuildInputs = [ makeWrapper ];
phases = [ "unpackPhase" "installPhase" ];
sourceRoot = ".";
installPhase = ''
mkdir -p $out/bin
mkdir -p $out/share/zandronum
cp *.so *.pk3 zandronum zandronum-server $out/share/zandronum
patchelf \
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
--set-rpath $libPath:$out/share/zandronum \
$out/share/zandronum/zandronum
patchelf \
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
--set-rpath $libPath \
$out/share/zandronum/zandronum-server
# If we don't set absolute argv0, zandronum.wad file is not found.
makeWrapper $out/share/zandronum/zandronum $out/bin/zandronum
makeWrapper $out/share/zandronum/zandronum-server $out/bin/zandronum-server
'';
meta = {
homepage = http://zandronum.com/;
description = "Multiplayer oriented port, based off Skulltag, for Doom and Doom II by id Software. Binary version for online play";
maintainers = [ stdenv.lib.maintainers.lassulus ];
# Binary version has different version string than source code version.
license = stdenv.lib.licenses.unfreeRedistributable;
platforms = [ "x86_64-linux" ];
};
}

59
lass/1systems/mors.nix
View File

@ -76,56 +76,15 @@ with import <stockholm/lib>;
{ {
services.redis.enable = true; services.redis.enable = true;
} }
#{ {
# #gitit magic #ipfs-testing
# imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ]; services.ipfs.enable = true;
# services.gitit = { }
# enable = true; {
# haskellPackages = pkgs.haskell.packages.ghc7103; environment.systemPackages = [
# }; pkgs.krebszones
#} ];
#{ }
# lass.icinga2 = {
# enable = true;
# configFiles = [
# ''
# template Service "generic-service" {
# max_check_attempts = 3
# check_interval = 5m
# retry_interval = 1m
# enable_perfdata = true
# }
# apply Service "ping4" {
# }
# ''
# ];
# };
# services.mysql = {
# enable = true;
# package = pkgs.mariadb;
# rootPassword = "<secrets>/mysql_rootPassword";
# };
# lass.icingaweb2 = {
# enable = true;
# initialRootPasswordHash = "$1$HpWDCehI$ITbAoyfOB6HEN1ftooxZq0";
# resources = {
# icinga2db = {
# type = "mysql";
# host = "localhost";
# user = "icingaweb2";
# db = "icinga";
# passfile = <secrets/icinga2-pw>;
# };
# icingaweb2db = {
# type = "mysql";
# host = "localhost";
# user = "icingaweb2";
# db = "icingaweb2";
# passfile = <secrets/icinga2-pw>;
# };
# };
# };
#}
]; ];
krebs.build.host = config.krebs.hosts.mors; krebs.build.host = config.krebs.hosts.mors;

25
lass/1systems/prism.nix
View File

@ -44,6 +44,7 @@ in {
../2configs/hfos.nix ../2configs/hfos.nix
../2configs/makefu-sip.nix ../2configs/makefu-sip.nix
../2configs/monitoring/server.nix ../2configs/monitoring/server.nix
../2configs/monitoring/monit-alarms.nix
{ {
imports = [ imports = [
../2configs/bepasty.nix ../2configs/bepasty.nix
@ -164,7 +165,6 @@ in {
} }
{ {
imports = [ imports = [
../2configs/websites/wohnprojekt-rhh.de.nix
../2configs/websites/domsen.nix ../2configs/websites/domsen.nix
../2configs/websites/lassulus.nix ../2configs/websites/lassulus.nix
]; ];
@ -215,7 +215,8 @@ in {
} }
{ {
krebs.repo-sync.timerConfig = { krebs.repo-sync.timerConfig = {
OnUnitInactiveSec = "5min"; OnBootSec = "5min";
OnUnitInactiveSec = "3min";
RandomizedDelaySec = "2min"; RandomizedDelaySec = "2min";
}; };
} }
@ -247,7 +248,13 @@ in {
]; ];
} }
{ {
krebs.Reaktor.coders = { krebs.Reaktor.coders = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
in {
nickname = "reaktor-lass"; nickname = "reaktor-lass";
channels = [ "#coders" ]; channels = [ "#coders" ];
extraEnviron = { extraEnviron = {
@ -263,7 +270,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-pl" { (buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$"; pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" '' script = pkgs.writeDash "lambda-pl" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@pl $1" -e "@pl $1"
''; '';
@ -271,7 +278,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-type" { (buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$"; pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" '' script = pkgs.writeDash "lambda-type" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@type $1" -e "@type $1"
''; '';
@ -279,7 +286,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-let" { (buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$"; pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" '' script = pkgs.writeDash "lambda-let" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@let $1" -e "@let $1"
''; '';
@ -287,7 +294,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-run" { (buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$"; pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" '' script = pkgs.writeDash "lambda-run" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@run $1" -e "@run $1"
''; '';
@ -295,7 +302,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" { (buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$"; pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" '' script = pkgs.writeDash "lambda-kind" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@kind $1" -e "@kind $1"
''; '';
@ -303,7 +310,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" { (buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$"; pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" '' script = pkgs.writeDash "lambda-kind" ''
exec ${pkgs.lambdabot}/bin/lambdabot \ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags} ${indent lambdabotflags}
-e "@kind $1" -e "@kind $1"
''; '';

23
lass/1systems/shodan.nix
View File

@ -42,6 +42,29 @@ with import <stockholm/lib>;
pkgs.python27Packages.python pkgs.python27Packages.python
]; ];
} }
{
krebs.monit = let
echoToIrc = msg:
pkgs.writeDash "echo_irc" ''
set -euf
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
'';
in {
enable = true;
http.enable = true;
alarms = {
hfos = {
test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'";
alarm = echoToIrc "test hfos failed";
};
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
];
}
]; ];
krebs.build.host = config.krebs.hosts.shodan; krebs.build.host = config.krebs.hosts.shodan;

70
lass/2configs/baseX.nix
View File

@ -1,13 +1,15 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
with import <stockholm/lib>;
let let
mainUser = config.users.extraUsers.mainUser; user = config.krebs.build.user;
in { in {
imports = [ imports = [
./xserver
./mpv.nix ./mpv.nix
./power-action.nix ./power-action.nix
./screenlock.nix ./screenlock.nix
./copyq.nix
./xresources.nix
./livestream.nix
{ {
hardware.pulseaudio = { hardware.pulseaudio = {
enable = true; enable = true;
@ -32,15 +34,15 @@ in {
programs.ssh.startAgent = false; programs.ssh.startAgent = false;
security.setuidPrograms = [ "slock" ];
services.printing = { services.printing = {
enable = true; enable = true;
drivers = [ pkgs.foomatic_filters ]; drivers = [
pkgs.foomatic_filters
pkgs.gutenprint
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
acpi acpi
dic dic
dmenu dmenu
@ -66,37 +68,37 @@ in {
youtube-tools youtube-tools
rxvt_unicode rxvt_unicode
#window manager stuff
#haskellPackages.xmobar
#haskellPackages.yeganesh
#dmenu2
#xlibs.fontschumachermisc
]; ];
#fonts.fonts = [ fonts.fonts = [
# pkgs.xlibs.fontschumachermisc pkgs.xlibs.fontschumachermisc
#]; ];
#services.xserver = { services.xserver = {
# enable = true; enable = true;
# windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [ desktopManager.xterm.enable = false;
# X11-xshape desktopManager.default = "none";
# ]; displayManager.lightdm.enable = true;
# windowManager.xmonad.enable = true; displayManager.lightdm.autoLogin = {
# windowManager.xmonad.enableContribAndExtras = true; enable = true;
# windowManager.default = "xmonad"; user = "lass";
# desktopManager.default = "none"; };
# desktopManager.xterm.enable = false; windowManager.default = "xmonad";
# displayManager.slim.enable = true; windowManager.session = [{
# displayManager.auto.enable = true; name = "xmonad";
# displayManager.auto.user = mainUser.name; start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
${pkgs.xmonad-lass}/bin/xmonad &
waitPID=$!
'';
}];
# layout = "us"; layout = "us";
# xkbModel = "evdev"; xkbModel = "evdev";
# xkbVariant = "altgr-intl"; xkbVariant = "altgr-intl";
# xkbOptions = "caps:backspace"; xkbOptions = "caps:backspace";
#}; };
services.logind.extraConfig = '' services.logind.extraConfig = ''
HandleLidSwitch=ignore HandleLidSwitch=ignore
@ -107,4 +109,6 @@ in {
twoFingerScroll = true; twoFingerScroll = true;
accelFactor = "0.035"; accelFactor = "0.035";
}; };
services.urxvtd.enable = true;
} }

10
lass/2configs/binary-cache/client.nix
View File

@ -2,8 +2,14 @@
{ {
nix = { nix = {
binaryCaches = ["http://cache.prism.r"]; binaryCaches = [
binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; "http://cache.prism.r"
"https://cache.nixos.org/"
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
}; };
} }

4
lass/2configs/browsers.nix
View File

@ -20,7 +20,7 @@ let
createChromiumUser = name: extraGroups: createChromiumUser = name: extraGroups:
let let
bin = pkgs.writeScriptBin name '' bin = pkgs.writeScriptBin name ''
/var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
''; '';
in { in {
users.extraUsers.${name} = { users.extraUsers.${name} = {
@ -43,7 +43,7 @@ let
createFirefoxUser = name: extraGroups: createFirefoxUser = name: extraGroups:
let let
bin = pkgs.writeScriptBin name '' bin = pkgs.writeScriptBin name ''
/var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
''; '';
in { in {
users.extraUsers.${name} = { users.extraUsers.${name} = {

2
lass/2configs/buildbot-standalone.nix
View File

@ -216,7 +216,7 @@ in {
enable = true; enable = true;
nick = "buildbot-lass"; nick = "buildbot-lass";
server = "ni.r"; server = "ni.r";
channels = [ { channel = "retiolum"; } ]; channels = [ { channel = "retiolum"; } { channel = "noise"; } ];
allowForce = true; allowForce = true;
}; };
}; };

38
lass/2configs/copyq.nix Normal file
View File

@ -0,0 +1,38 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
copyqConfig = pkgs.writeDash "copyq-config" ''
${pkgs.copyq}/bin/copyq config check_clipboard true
${pkgs.copyq}/bin/copyq config check_selection true
${pkgs.copyq}/bin/copyq config copy_clipboard true
${pkgs.copyq}/bin/copyq config copy_selection true
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
${pkgs.copyq}/bin/copyq config item_popup_interval true
${pkgs.copyq}/bin/copyq config maxitems 1000
${pkgs.copyq}/bin/copyq config move true
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
systemd.user.services.copyq = {
after = [ "graphical.target" ];
wants = [ "graphical.target" ];
wantedBy = [ "default.target" ];
environment = {
DISPLAY = ":0";
};
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
ExecStartPost = copyqConfig;
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
};
};
}

13
lass/2configs/default.nix
View File

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
imports = [ imports = [
@ -11,6 +10,7 @@ with import <stockholm/lib>;
../2configs/vim.nix ../2configs/vim.nix
../2configs/monitoring/client.nix ../2configs/monitoring/client.nix
./backups.nix ./backups.nix
./security-workarounds.nix
{ {
users.extraUsers = users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; }) mapAttrs (_: h: { hashedPassword = h; })
@ -62,6 +62,12 @@ with import <stockholm/lib>;
pkgs.pythonPackages.python pkgs.pythonPackages.python
]; ];
} }
{
services.dnscrypt-proxy.enable = true;
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}
]; ];
networking.hostName = config.krebs.build.host.name; networking.hostName = config.krebs.build.host.name;
@ -129,6 +135,7 @@ with import <stockholm/lib>;
#neat utils #neat utils
krebspaste krebspaste
mosh
pciutils pciutils
pop pop
psmisc psmisc
@ -155,6 +162,7 @@ with import <stockholm/lib>;
shopt -s histappend histreedit histverify shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion shopt -s no_empty_cmd_completion
complete -d cd complete -d cd
LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
''; '';
promptInit = '' promptInit = ''
if test $UID = 0; then if test $UID = 0; then
@ -202,6 +210,7 @@ with import <stockholm/lib>;
filter.INPUT.rules = [ filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }

3
lass/2configs/exim-smarthost.nix
View File

@ -8,11 +8,12 @@ with import <stockholm/lib>;
dkim = [ dkim = [
{ domain = "lassul.us"; } { domain = "lassul.us"; }
]; ];
primary_hostname = "lassul.us";
sender_domains = [ sender_domains = [
"lassul.us" "lassul.us"
"aidsballs.de" "aidsballs.de"
]; ];
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors config.krebs.hosts.mors
config.krebs.hosts.uriel config.krebs.hosts.uriel
config.krebs.hosts.helios config.krebs.hosts.helios

4
lass/2configs/fetchWallpaper.nix
View File

@ -9,9 +9,5 @@ in {
url = "prism/wallpaper.png"; url = "prism/wallpaper.png";
maxTime = 10; maxTime = 10;
}; };
systemd.services.fetchWallpaper = {
after = [ "xmonad.service" ];
wantedBy = [ "xmonad.service" ];
};
} }

32
lass/2configs/games.nix
View File

@ -11,7 +11,6 @@ let
DOOM_DIR=''${DOOM_DIR:-~/doom/} DOOM_DIR=''${DOOM_DIR:-~/doom/}
${vdoom} \ ${vdoom} \
-file $DOOM_DIR/lib/brutalv20.pk3 \ -file $DOOM_DIR/lib/brutalv20.pk3 \
-file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \
"$@" "$@"
''; '';
doom1 = pkgs.writeDashBin "doom1" '' doom1 = pkgs.writeDashBin "doom1" ''
@ -31,6 +30,31 @@ let
${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
''; '';
doomservercfg = pkgs.writeText "doomserver.cfg" ''
skill 7
#survival true
#sv_maxlives 4
#sv_norespawn true
#sv_weapondrop true
no_jump true
#sv_noweaponspawn true
sv_sharekeys true
sv_survivalcountdowntime 1
sv_noteamselect true
sv_updatemaster false
#sv_coop_loseinventory true
#cl_startasspectator false
#lms_spectatorview false
'';
vdoomserver = pkgs.writeDashBin "vdoomserver" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${pkgs.zandronum-bin}/bin/zandronum-server \
+exec ${doomservercfg} \
"$@"
'';
in { in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
dwarf_fortress dwarf_fortress
@ -38,6 +62,7 @@ in {
doom2 doom2
vdoom1 vdoom1
vdoom2 vdoom2
vdoomserver
]; ];
users.extraUsers = { users.extraUsers = {
@ -56,4 +81,9 @@ in {
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${mainUser.name} ALL=(games) NOPASSWD: ALL ${mainUser.name} ALL=(games) NOPASSWD: ALL
''; '';
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 10666"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 10666"; target = "ACCEPT"; }
];
} }

1
lass/2configs/git.nix
View File

@ -5,6 +5,7 @@ with import <stockholm/lib>;
let let
out = { out = {
services.nginx.enable = true;
krebs.git = { krebs.git = {
enable = true; enable = true;
cgit = { cgit = {

7
lass/2configs/hfos.nix
View File

@ -8,7 +8,6 @@ with import <stockholm/lib>;
extraGroups = [ "libvirtd" ]; extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
config.krebs.users.lass.pubkey
]; ];
}; };
@ -32,4 +31,10 @@ with import <stockholm/lib>;
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
]; ];
krebs.iptables.tables.nat.OUTPUT.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
];
systemd.services.krebs-iptables.after = [ "libvirtd.service" ];
} }

5
lass/2configs/hw/tp-x220.nix
View File

@ -48,4 +48,9 @@ with import <stockholm/lib>;
]; ];
security.rngd.enable = true; security.rngd.enable = true;
services.xserver.synaptics = {
enable = true;
additionalOptions = ''Option "TouchpadOff" "1"'';
};
} }

12
lass/2configs/livestream.nix Normal file
View File

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
stream = pkgs.writeDashBin "stream" ''
${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@"
'';
in {
environment.systemPackages = [ stream ];
}

44
lass/2configs/monitoring/monit-alarms.nix Normal file
View File

@ -0,0 +1,44 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
let
echoToIrc = msg:
pkgs.writeDash "echo_irc" ''
set -euf
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
'';
in {
krebs.monit = {
enable = true;
http.enable = true;
alarms = {
nirwanabluete = {
test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
alarm = echoToIrc "test nirwanabluete failed";
};
ubik = {
test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
alarm = echoToIrc "test ubik failed";
};
cac-panel = {
test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
alarm = echoToIrc "test cac-panel failed";
};
radio = {
test = pkgs.writeBash "check_stream" ''
${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
| ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
| ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
'';
alarm = echoToIrc "test radio failed";
};
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
];
}

2
lass/2configs/monitoring/server.nix
View File

@ -29,7 +29,7 @@ with import <stockholm/lib>;
data="$(${pkgs.jq}/bin/jq -r .message)" data="$(${pkgs.jq}/bin/jq -r .message)"
export LOGNAME=prism-alarm export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \ ${pkgs.irc-announce}/bin/irc-announce \
ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null ni.r 6667 prism-alarm \#noise "$data" >/dev/null
''; '';
in { in {
enable = true; enable = true;

2
lass/2configs/nixpkgs.nix
View File

@ -3,6 +3,6 @@
{ {
krebs.build.source.nixpkgs.git = { krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs; url = https://github.com/nixos/nixpkgs;
ref = "f7b7d8e"; ref = "5b0c9d4";
}; };
} }

2
lass/2configs/screenlock.nix
View File

@ -5,7 +5,7 @@
before = [ "sleep.target" ]; before = [ "sleep.target" ];
wantedBy = [ "sleep.target" ]; wantedBy = [ "sleep.target" ];
environment = { environment = {
DISPLAY = ":${toString config.services.xserver.display}"; DISPLAY = ":0";
}; };
serviceConfig = { serviceConfig = {
SyslogIdentifier = "screenlock"; SyslogIdentifier = "screenlock";

8
lass/2configs/security-workarounds.nix Normal file
View File

@ -0,0 +1,8 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
# http://seclists.org/oss-sec/2017/q1/471
boot.extraModprobeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
}

22
lass/2configs/termite.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
environment.systemPackages = [
pkgs.termite
];
krebs.per-user.lass.packages = let
termitecfg = pkgs.writeTextFile {
name = "termite-config";
destination = "/etc/xdg/termite/config";
text = ''
[colors]
foreground = #d0d7d0
background = #000000
'';
};
in [
termitecfg
];
}

3
lass/2configs/vim.nix
View File

@ -25,7 +25,7 @@ let
set hlsearch set hlsearch
set incsearch set incsearch
set mouse=a set mouse=a
set noruler set ruler
set pastetoggle=<INS> set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I set shortmess+=I
@ -66,6 +66,7 @@ let
"Syntastic config "Syntastic config
let g:syntastic_python_checkers=['flake8'] let g:syntastic_python_checkers=['flake8']
let g:syntastic_python_flake8_post_args='--ignore=E501'
nmap <esc>q :buffer nmap <esc>q :buffer
nmap <M-q> :buffer nmap <M-q> :buffer

10
lass/2configs/websites/lassulus.nix
View File

@ -110,7 +110,10 @@ in {
''; '';
enableSSL = true; enableSSL = true;
extraConfig = "listen 80;"; extraConfig = ''
listen 80;
listen [::]:80;
'';
sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/lassul.us/key.pem"; sslCertificateKey = "/var/lib/acme/lassul.us/key.pem";
}; };
@ -123,7 +126,10 @@ in {
root /var/lib/acme/acme-challenges; root /var/lib/acme/acme-challenges;
''; '';
enableSSL = true; enableSSL = true;
extraConfig = "listen 80;"; extraConfig = ''
listen 80;
listen [::]:80;
'';
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
}; };

15
lass/2configs/websites/util.nix
View File

@ -17,7 +17,10 @@ rec {
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
enableACME = true; enableACME = true;
enableSSL = true; enableSSL = true;
extraConfig = "listen 80;"; extraConfig = ''
listen 80;
listen [::]:80;
'';
serverAliases = domains; serverAliases = domains;
locations."/".extraConfig = '' locations."/".extraConfig = ''
root /srv/http/${domain}; root /srv/http/${domain};
@ -29,12 +32,14 @@ rec {
let let
domain = head domains; domain = head domains;
in { in {
services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true; enableACME = true;
enableSSL = true; enableSSL = true;
serverAliases = domains; serverAliases = domains;
extraConfig = '' extraConfig = ''
listen 80; listen 80;
listen [::]:80;
# Add headers to serve security related headers # Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
@ -148,6 +153,8 @@ rec {
serverAliases = domains; serverAliases = domains;
extraConfig = '' extraConfig = ''
listen 80; listen 80;
listen [::]:80;
root /srv/http/${domain}/; root /srv/http/${domain}/;
index index.php; index index.php;
access_log /tmp/nginx_acc.log; access_log /tmp/nginx_acc.log;
@ -175,10 +182,10 @@ rec {
user = nginx user = nginx
group = nginx group = nginx
pm = dynamic pm = dynamic
pm.max_children = 5 pm.max_children = 15
pm.start_servers = 2 pm.start_servers = 3
pm.min_spare_servers = 1 pm.min_spare_servers = 1
pm.max_spare_servers = 3 pm.max_spare_servers = 10
listen.owner = nginx listen.owner = nginx
listen.group = nginx listen.group = nginx
php_admin_value[error_log] = 'stderr' php_admin_value[error_log] = 'stderr'

23
lass/2configs/websites/wohnprojekt-rhh.de.nix
View File

@ -1,23 +0,0 @@
{ config, pkgs, lib, ... }:
let
inherit (import <stockholm/lib>)
genid
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
ssl
servePage
;
in {
imports = [
( ssl [ "wohnprojekt-rhh.de" ])
( servePage [ "wohnprojekt-rhh.de" ])
];
users.users.laura = {
home = "/srv/http/wohnprojekt-rhh.de";
createHome = true;
useDefaultShell = true;
};
}

55
lass/2configs/xresources.nix Normal file
View File

@ -0,0 +1,55 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
xresources = pkgs.writeText "Xresources" ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*SaveLines: 4096
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
! ref https://github.com/muennich/urxvt-perls
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt*background: #000000
URxvt*foreground: #d0d7d0
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
URxvt*.pointerBlank: true
URxvt*.pointerBlankDelay: 987654321
URxvt*.pointerColor: #f042b0
URxvt*.pointerColor2: #050505
'';
in {
systemd.user.services.xresources = {
description = "xresources";
wantedBy = [ "default.target" ];
environment = {
DISPLAY = ":0";
};
restartIfChanged = true;
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
Restart = "on-failure";
};
};
}

66
lass/2configs/xserver/Xresources.nix
View File

@ -1,66 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
pkgs.writeText "Xresources" ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
! ref https://github.com/muennich/urxvt-perls
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt*background: #050505
! URxvt*background: #041204
!URxvt.depth: 32
!URxvt*background: rgba:0500/0500/0500/cccc
! URxvt*background: #080810
URxvt*foreground: #d0d7d0
! URxvt*background: black
! URxvt*foreground: white
! URxvt*background: rgb:00/00/40
! URxvt*foreground: rgb:a0/a0/d0
! XTerm*cursorColor: rgb:00/00/60
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
! URxvt*cursorUnderline: true
! URxvt*highlightColor: #232323
! URxvt*highlightTextColor: #b0ffb0
URxvt*.pointerBlank: true
URxvt*.pointerBlankDelay: 987654321
URxvt*.pointerColor: #f042b0
URxvt*.pointerColor2: #050505
! URxvt*color0: #000000
! URxvt*color1: #c00000
! URxvt*color2: #80c070
URxvt*color3: #c07000
! URxvt*color4: #0000c0
URxvt*color4: #4040c0
! URxvt*color5: #c000c0
! URxvt*color6: #008080
URxvt*color7: #c0c0c0
URxvt*color8: #707070
URxvt*color9: #ff6060
URxvt*color10: #70ff70
URxvt*color11: #ffff70
URxvt*color12: #7070ff
URxvt*color13: #ff50ff
URxvt*color14: #70ffff
URxvt*color15: #ffffff
''

147
lass/2configs/xserver/default.nix
View File

@ -1,147 +0,0 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
user = config.krebs.build.user;
copyqConfig = pkgs.writeDash "copyq-config" ''
${pkgs.copyq}/bin/copyq config check_clipboard true
${pkgs.copyq}/bin/copyq config check_selection true
${pkgs.copyq}/bin/copyq config copy_clipboard true
${pkgs.copyq}/bin/copyq config copy_selection true
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
${pkgs.copyq}/bin/copyq config item_popup_interval true
${pkgs.copyq}/bin/copyq config maxitems 1000
${pkgs.copyq}/bin/copyq config move true
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
environment.systemPackages = [
pkgs.gitAndTools.qgit
pkgs.mpv
pkgs.sxiv
pkgs.xsel
pkgs.zathura
];
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
services.xserver = {
enable = true;
display = 11;
tty = 11;
synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
};
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "caps:backspace";
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} &
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
wait
'';
XMONAD_STATE = "/tmp/xmonad.state";
# XXX JSON is close enough :)
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
"dashboard" # we start here
]);
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
ExecStop = pkgs.writeScript "xmonad-stop" ''
#! /bin/sh
${pkgs.xmonad-lass}/bin/xmonad --shutdown
${pkgs.coreutils}/bin/sleep 2s
'';
User = user.name;
WorkingDirectory = user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString config.services.xserver.display}"
"vt${toString config.services.xserver.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
];
};
};
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
systemd.services.copyq = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
ExecStartPost = copyqConfig;
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
}

40
lass/2configs/xserver/xserver.conf.nix
View File

@ -1,40 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

24
lass/5pkgs/xmonad-lass.nix
View File

@ -22,7 +22,7 @@ import XMonad
import qualified XMonad.StackSet as W import qualified XMonad.StackSet as W
import Control.Exception import Control.Exception
import Data.List (isInfixOf) import Data.List (isInfixOf)
import System.Environment (getArgs, withArgs, getEnv) import System.Environment (getArgs, withArgs)
import System.IO (hPutStrLn, stderr) import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile) import System.Posix.Process (executeFile)
import Text.Read (readEither) import Text.Read (readEither)
@ -60,21 +60,17 @@ main = getArgs >>= \case
mainNoArgs :: IO () mainNoArgs :: IO ()
mainNoArgs = do mainNoArgs = do
workspaces0 <- getWorkspaces0
xmonad' xmonad'
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def $ def
{ terminal = urxvtcPath { terminal = urxvtcPath
, modMask = mod4Mask , modMask = mod4Mask
, workspaces = workspaces0
, layoutHook = smartBorders $ myLayoutHook , layoutHook = smartBorders $ myLayoutHook
, manageHook = placeHook (smart (1,0)) <+> floatNextHook , manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook = do
path <- liftIO (getEnv "XMONAD_STARTUP_HOOK")
forkFile path [] Nothing
, normalBorderColor = "#1c1c1c" , normalBorderColor = "#1c1c1c"
, focusedBorderColor = "#f000b0" , focusedBorderColor = "#f000b0"
, handleEventHook = handleShutdownEvent , handleEventHook = handleShutdownEvent
, workspaces = [ "dashboard" ]
} `additionalKeysP` myKeyMap } `additionalKeysP` myKeyMap
myLayoutHook = defLayout myLayoutHook = defLayout
@ -84,7 +80,7 @@ myLayoutHook = defLayout
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
xmonad' conf = do xmonad' conf = do
path <- getEnv "XMONAD_STATE" let path = "/tmp/xmonad.state"
try (readFile path) >>= \case try (readFile path) >>= \case
Right content -> do Right content -> do
hPutStrLn stderr ("resuming from " ++ path) hPutStrLn stderr ("resuming from " ++ path)
@ -93,25 +89,13 @@ xmonad' conf = do
hPutStrLn stderr (displaySomeException e) hPutStrLn stderr (displaySomeException e)
xmonad conf xmonad conf
getWorkspaces0 :: IO [String]
getWorkspaces0 =
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
Left e -> warn (displaySomeException e)
Right p -> try (readFile p) >>= \case
Left e -> warn (displaySomeException e)
Right x -> case readEither x of
Left e -> warn e
Right y -> return y
where
warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
displaySomeException :: SomeException -> String displaySomeException :: SomeException -> String
displaySomeException = displayException displaySomeException = displayException
myKeyMap :: [([Char], X ())] myKeyMap :: [([Char], X ())]
myKeyMap = myKeyMap =
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i $HOME/wallpaper -f")
, ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")

3
makefu/1systems/gum.nix
View File

@ -35,6 +35,7 @@ in {
# ../2configs/opentracker.nix # ../2configs/opentracker.nix
../2configs/logging/central-stats-client.nix ../2configs/logging/central-stats-client.nix
../2configs/logging/central-logging-client.nix
]; ];
services.smartd.devices = [ { device = "/dev/sda";} ]; services.smartd.devices = [ { device = "/dev/sda";} ];
@ -64,7 +65,7 @@ in {
# access # access
users.users = { users.users = {
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
}; };
# Chat # Chat

1
makefu/1systems/wry.nix
View File

@ -25,6 +25,7 @@ in {
# collectd # collectd
../2configs/logging/central-stats-client.nix ../2configs/logging/central-stats-client.nix
../2configs/logging/central-logging-client.nix
../2configs/tinc/retiolum.nix ../2configs/tinc/retiolum.nix
# ../2configs/torrent.nix # ../2configs/torrent.nix

6
makefu/1systems/x.nix
View File

@ -10,9 +10,10 @@
../2configs/main-laptop.nix ../2configs/main-laptop.nix
../2configs/laptop-utils.nix ../2configs/laptop-utils.nix
../2configs/laptop-backup.nix ../2configs/laptop-backup.nix
../2configs/dnscrypt.nix
# testing # testing
../2configs/openvpn/vpngate.nix # ../2configs/openvpn/vpngate.nix
#../2configs/temp/share-samba.nix #../2configs/temp/share-samba.nix
# ../2configs/mediawiki.nix # ../2configs/mediawiki.nix
# ../2configs/wordpress.nix # ../2configs/wordpress.nix
@ -26,7 +27,6 @@
#../2configs/elchos/stats.nix #../2configs/elchos/stats.nix
#../2configs/elchos/test/ftpservers.nix #../2configs/elchos/test/ftpservers.nix
../2configs/laptop-backup.nix
# ../2configs/tinc/siem.nix # ../2configs/tinc/siem.nix
#../2configs/torrent.nix #../2configs/torrent.nix
# temporary modules # temporary modules
@ -59,7 +59,7 @@
# hardware specifics are in here # hardware specifics are in here
../2configs/hw/tp-x230.nix ../2configs/hw/tp-x230.nix
../2configs/hw/rtl8812au.nix ../2configs/hw/rtl8812au.nix
../2configs/hw/bcm4352.nix
# mount points # mount points
../2configs/fs/sda-crypto-root-home.nix ../2configs/fs/sda-crypto-root-home.nix

6
makefu/2configs/dnscrypt.nix Normal file
View File

@ -0,0 +1,6 @@
{
services.dnscrypt-proxy.enable = true;
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}

60
makefu/5pkgs/awesomecfg/full.cfg
View File

@ -101,6 +101,7 @@ browser = "firefox"
-- I suggest you to remap Mod4 to another key using xmodmap or other tools. -- I suggest you to remap Mod4 to another key using xmodmap or other tools.
-- However, you can use another modifier like Mod1, but it may interact with others. -- However, you can use another modifier like Mod1, but it may interact with others.
modkey = "@modkey@" modkey = "@modkey@"
-- modkey = "Mod4"
-- Table of layouts to cover with awful.layout.inc, order matters. -- Table of layouts to cover with awful.layout.inc, order matters.
awful.layout.layouts = awful.layout.layouts =
@ -116,10 +117,24 @@ awful.layout.layouts =
-- awful.layout.suit.spiral.dwindle, -- awful.layout.suit.spiral.dwindle,
awful.layout.suit.max, awful.layout.suit.max,
awful.layout.suit.max.fullscreen, awful.layout.suit.max.fullscreen,
-- awful.layout.suit.magnifier, awful.layout.suit.magnifier,
awful.layout.suit.corner.nw awful.layout.suit.corner.nw
} }
-- }}} -- }}}
-- {{{ Helper Functions
local function client_menu_toggle_fn()
local instance = nil
return function ()
if instance and instance.wibox.visible then
instance:hide()
instance = nil
else
instance = awful.menu.clients({ theme = { width = 250 } })
end
end
end
-- }}}
-- {{{ Wallpaper -- {{{ Wallpaper
if beautiful.wallpaper then if beautiful.wallpaper then
@ -166,17 +181,26 @@ mytextclock = wibox.widget.textclock()
-- Create a wibox for each screen and add it -- Create a wibox for each screen and add it
mywibox = {} mywibox = {}
mylayoutbox = {} mylayoutbox = {}
mytaglist = {}
mytaglist.buttons = awful.util.table.join( -- Create a wibox for each screen and add it
awful.button({ }, 1, awful.tag.viewonly), local taglist_buttons = awful.util.table.join(
awful.button({ modkey }, 1, awful.client.movetotag), awful.button({ }, 1, function(t) t:view_only() end),
awful.button({ modkey }, 1, function(t)
if client.focus then
client.focus:move_to_tag(t)
end
end),
awful.button({ }, 3, awful.tag.viewtoggle), awful.button({ }, 3, awful.tag.viewtoggle),
awful.button({ modkey }, 3, awful.client.toggletag), awful.button({ modkey }, 3, function(t)
awful.button({ }, 4, function(t) awful.tag.viewnext(awful.tag.getscreen(t)) end), if client.focus then
awful.button({ }, 5, function(t) awful.tag.viewprev(awful.tag.getscreen(t)) end) client.focus:toggle_tag(t)
end
end),
awful.button({ }, 4, function(t) awful.tag.viewnext(t.screen) end),
awful.button({ }, 5, function(t) awful.tag.viewprev(t.screen) end)
) )
mytasklist = {}
mytasklist.buttons = awful.util.table.join( local tasklist_buttons = awful.util.table.join(
awful.button({ }, 1, function (c) awful.button({ }, 1, function (c)
if c == client.focus then if c == client.focus then
c.minimized = true c.minimized = true
@ -184,8 +208,8 @@ mytasklist.buttons = awful.util.table.join(
-- Without this, the following -- Without this, the following
-- :isvisible() makes no sense -- :isvisible() makes no sense
c.minimized = false c.minimized = false
if not c:isvisible() then if not c:isvisible() and c.first_tag then
awful.tag.viewonly(c:tags()[1]) c.first_tag:view_only()
end end
-- This will also un-minimize -- This will also un-minimize
-- the client, if needed -- the client, if needed
@ -193,23 +217,15 @@ mytasklist.buttons = awful.util.table.join(
c:raise() c:raise()
end end
end), end),
awful.button({ }, 3, function () awful.button({ }, 3, client_menu_toggle_fn()),
if instance then
instance:hide()
instance = nil
else
instance = awful.menu.clients({ width=250 })
end
end),
awful.button({ }, 4, function () awful.button({ }, 4, function ()
awful.client.focus.byidx(1) awful.client.focus.byidx(1)
if client.focus then client.focus:raise() end
end), end),
awful.button({ }, 5, function () awful.button({ }, 5, function ()
awful.client.focus.byidx(-1) awful.client.focus.byidx(-1)
if client.focus then client.focus:raise() end
end)) end))
local function set_wallpaper(s) local function set_wallpaper(s)
-- Wallpaper -- Wallpaper
if beautiful.wallpaper then if beautiful.wallpaper then

2
nin/2configs/nixpkgs.nix
View File

@ -3,6 +3,6 @@
{ {
krebs.build.source.nixpkgs.git = { krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs; url = https://github.com/nixos/nixpkgs;
ref = "6b28bd0daf00b8e5e370a04347844cb8614138ff"; ref = "6651c72";
}; };
} }