Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2017-03-16 23:28:32 +01:00
commit 4b29caff26
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
30 changed files with 219 additions and 98 deletions

View File

@ -20,6 +20,7 @@ let
./github-hosts-sync.nix
./git.nix
./go.nix
./htgen.nix
./iptables.nix
./kapacitor.nix
./monit.nix

View File

@ -21,10 +21,9 @@ let
OnCalendar = "*:00,10,20,30,40,50";
};
};
# TODO find a better default stateDir
stateDir = mkOption {
type = types.str;
default = "$HOME/wallpaper";
default = "/var/lib/wallpaper";
};
display = mkOption {
type = types.str;
@ -52,27 +51,35 @@ let
mkdir -p ${cfg.stateDir}
cd ${cfg.stateDir}
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
feh --no-fehbg --bg-scale wallpaper
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
'';
imp = {
systemd.user.timers.fetchWallpaper = {
users.users.fetchWallpaper = {
name = "fetchWallpaper";
uid = genid "fetchWallpaper";
description = "fetchWallpaper user";
home = cfg.stateDir;
createHome = true;
};
systemd.timers.fetchWallpaper = {
description = "fetch wallpaper timer";
wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig;
};
systemd.user.services.fetchWallpaper = {
systemd.services.fetchWallpaper = {
description = "fetch wallpaper";
wantedBy = [ "default.target" ];
after = [ "network.target" ];
path = with pkgs; [
curl
feh
coreutils
];
environment = {
URL = cfg.url;
DISPLAY = cfg.display;
};
restartIfChanged = true;
@ -80,6 +87,7 @@ let
serviceConfig = {
Type = "simple";
ExecStart = fetchWallpaperScript;
User = "fetchWallpaper";
};
unitConfig = cfg.unitConfig;

68
krebs/3modules/htgen.nix Normal file
View File

@ -0,0 +1,68 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.krebs.htgen;
out = {
options.krebs.htgen = api;
config = imp;
};
api = mkOption {
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
enable = mkEnableOption "krebs.htgen-${config.name}";
name = mkOption {
type = types.username;
default = config._module.args.name;
};
port = mkOption {
type = types.uint;
};
script = mkOption {
type = types.str;
};
user = mkOption {
type = types.user;
default = {
name = "htgen-${config.name}";
home = "/var/lib/htgen-${config.name}";
};
};
};
}));
};
imp = {
systemd.services = mapAttrs' (name: htgen:
nameValuePair "htgen-${name}" {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = {
HTGEN_PORT = toString htgen.port;
HTGEN_SCRIPT = htgen.script;
};
serviceConfig = {
SyslogIdentifier = "htgen";
User = htgen.user.name;
PrivateTmp = true;
Restart = "always";
ExecStart = "${pkgs.htgen}/bin/htgen --serve";
};
}
) cfg;
users.users = mapAttrs' (name: htgen:
nameValuePair htgen.user.name {
inherit (htgen.user) home name uid;
createHome = true;
}
) cfg;
};
in out

View File

@ -68,8 +68,8 @@ let
networking.firewall.enable = false;
systemd.services.krebs-iptables = {
description = "krebs-iptables";
wantedBy = [ "network-pre.target" ];
wantedBy = [ "sysinit.target" ];
wants = [ "network-pre.target" ];
before = [ "network-pre.target" ];
after = [ "systemd-modules-load.service" ];
@ -85,6 +85,8 @@ let
Restart = "always";
ExecStart = startScript;
};
unitConfig.DefaultDependencies = false;
};
};

View File

@ -224,8 +224,8 @@ with import <stockholm/lib>;
internet = {
ip4.addr = "188.68.36.196";
aliases = [
"cgit.ni.i"
"ni.i"
"cgit.ni.i"
];
ssh.port = 11423;
};
@ -360,8 +360,8 @@ with import <stockholm/lib>;
gg23 = {
ip4.addr = "10.23.1.38";
aliases = [
"cache.xu.gg23"
"xu.gg23"
"cache.xu.gg23"
];
ssh.port = 11423;
};

View File

@ -0,0 +1,28 @@
{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }:
with import <stockholm/lib>;
let
version = "1.1";
in stdenv.mkDerivation {
name = "htgen-${version}";
src = fetchgit {
url = "http://cgit.krebsco.de/htgen";
rev = "refs/tags/v${version}";
sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z";
};
installPhase = ''
mkdir -p $out/bin
{
echo '#! ${bash}/bin/bash'
echo 'export PATH=${makeBinPath [
ucspi-tcp
coreutils
gnused
]}''${PATH+":$PATH"}'
cat htgen
} > $out/bin/htgen
chmod +x $out/bin/htgen
cp -r examples $out
'';
}

View File

@ -2,5 +2,5 @@
# TODO use `execve` instead?
writeDashBin "krebspaste" ''
exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@"
''

View File

@ -86,6 +86,10 @@ with import <stockholm/lib>;
pkgs.krebszones
];
}
{
#ps vita stuff
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}
];
krebs.build.host = config.krebs.hosts.mors;
@ -180,8 +184,6 @@ with import <stockholm/lib>;
'';
environment.systemPackages = with pkgs; [
exfat
acronym
cac-api
sshpass

View File

@ -9,7 +9,10 @@ with import <stockholm/lib>;
with import <stockholm/lib>;
let
secKey = import <secrets/bepasty-secret.nix>;
ext-dom = "paste.lassul.us" ;
ext-doms = [
"paste.lassul.us"
"paste.krebsco.de"
];
in {
services.nginx.enable = mkDefault true;
@ -25,16 +28,15 @@ in {
defaultPermissions = "admin,list,create,read,delete";
secretKey = secKey;
};
"${ext-dom}" = {
nginx = {
enableSSL = true;
forceSSL = true;
enableACME = true;
};
defaultPermissions = "read";
secretKey = secKey;
} //
genAttrs ext-doms (ext-dom: {
nginx = {
enableSSL = true;
forceSSL = true;
enableACME = true;
};
};
defaultPermissions = "read";
secretKey = secKey;
});
};
}

View File

@ -9,7 +9,7 @@ let
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
${pkgs.copyq}/bin/copyq config clipboard_tab \&clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
@ -19,10 +19,9 @@ let
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
systemd.user.services.copyq = {
after = [ "graphical.target" ];
wants = [ "graphical.target" ];
wantedBy = [ "default.target" ];
systemd.services.copyq = {
wantedBy = [ "multi-user.target" ];
requires = [ "display-manager.service" ];
environment = {
DISPLAY = ":0";
};
@ -33,6 +32,7 @@ in {
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = "lass";
};
};
}

View File

@ -64,7 +64,10 @@ with import <stockholm/lib>;
];
}
{
services.dnscrypt-proxy.enable = true;
services.dnscrypt-proxy = {
enable = true;
resolverName = "d0wn-nl-ns3";
};
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';

View File

@ -32,10 +32,13 @@ let
public-repos = mapAttrs make-public-repo {
stockholm = {
cgit.desc = "take all the computers hostage, they'll love you!";
cgit.section = "configuration";
};
kimsufi-check = {};
} // mapAttrs make-public-repo-silent {
the_playlist = {};
the_playlist = {
cgit.desc = "Good Music collection + tools";
cgit.section = "art";
};
};
restricted-repos = mapAttrs make-restricted-repo (
@ -58,7 +61,7 @@ let
server = "ni.r";
verbose = config.krebs.build.host.name == "prism";
# TODO define branches in some kind of option per repo
branches = [ "master" "newest" ];
branches = [ "master" ];
};
};
};

View File

@ -36,5 +36,12 @@ with import <stockholm/lib>;
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
];
systemd.services.krebs-iptables.after = [ "libvirtd.service" ];
# TODO use bridge interfaces instead of this crap
systemd.services.libvirtd.serviceConfig.ExecStartPost = let
restart-iptables = pkgs.writeDash "restart-iptables" ''
#soo hacky
${pkgs.coreutils}/bin/sleep 1s
${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
'';
in restart-iptables;
}

View File

@ -3,6 +3,7 @@
with import <stockholm/lib>;
{
security.hideProcessInformation = true;
nixpkgs.config.packageOverrides = super: {
htop = pkgs.concat "htop" [
super.htop

View File

@ -66,7 +66,6 @@ let
# notmuch bindings
macro index \\\\ "<vfolder-from-query>" # looks up a hand made query
macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
@ -75,9 +74,25 @@ let
bind index d noop
bind pager d noop
bind index S noop
bind index s noop
bind pager S noop
bind pager s noop
macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
macro index s "<modify-labels>-junk\n" # tag as Junk mail
macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
macro pager s "<modify-labels>-junk\n" # tag as Junk mail
bind index A noop
bind index a noop
bind pager A noop
bind pager a noop
macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
macro index a "<modify-labels>-archive\n" # tag as Archived
macro pager A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
macro pager a "<modify-labels>-archive\n" # tag as Archived
bind index t noop
bind pager t noop

View File

@ -325,12 +325,10 @@ in {
(pkgs.concat "mc" [
pkgs.mc
(pkgs.writeDashBin "mc" ''
export MC_DATADIR=${pkgs.concat "mc-datadir" [
(pkgs.writeOut "mc-ext" {
export MC_DATADIR=${pkgs.writeOut "mc-ext" {
"/mc.ext".link = mcExt;
"/sfs.ini".text = "";
})
]}
}};
export TERM=xterm-256color
exec ${pkgs.mc}/bin/mc -S xoria256 "$@"
'')

View File

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
ref = "c0ecd31";
ref = "ade5837";
};
}

View File

@ -26,7 +26,7 @@ in {
lowerLimit = 0;
charging = false;
action = pkgs.writeDash "suspend-wrapper" ''
/var/setuid-wrappers/sudo ${suspend}
/run/wrappers/bin/sudo ${suspend}
'';
};
user = "lass";

View File

@ -10,6 +10,7 @@ let
public = true;
name = mkDefault "${name}";
cgit.desc = mkDefault "mirror for ${name}";
cgit.section = mkDefault "mirror";
hooks = mkIf announce (mkDefault {
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;

View File

@ -120,6 +120,7 @@ in {
sender_domains = [
"jla-trading.com"
"ubikmedia.eu"
"ubikmedia.de"
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";

View File

@ -36,9 +36,10 @@ let
'';
in {
systemd.user.services.xresources = {
systemd.services.xresources = {
description = "xresources";
wantedBy = [ "default.target" ];
wantedBy = [ "multi-user.target" ];
after = [ "display-manager.service" ];
environment = {
DISPLAY = ":0";
@ -50,6 +51,7 @@ in {
Type = "simple";
ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
Restart = "on-failure";
User = "lass";
};
};
}

View File

@ -32,7 +32,17 @@ in
security = import <secrets/grafana_security.nix>;
};
nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ];
nix = {
binaryCaches = [
"http://localhost:3142/nixos"
"http://cache.prism.r"
"https://cache.nixos.org/"
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
};
networking = {
firewall.enable = false;

View File

@ -23,7 +23,8 @@ with lib;
};
};
latest = {
mirror.url = mirror;
url = mirror;
ref = "heads/master";
};
};
};

View File

@ -19,12 +19,6 @@ with import <stockholm/lib>;
../2configs/xserver
{
environment.systemPackages = with pkgs; [
# stockholm
gnumake
hashPassword
parallel
# root
cryptsetup

View File

@ -20,23 +20,6 @@ with import <stockholm/lib>;
{
environment.systemPackages = with pkgs; [
# stockholm
gnumake
hashPassword
#haskellPackages.lentil
parallel
(pkgs.writeBashBin "im" ''
export PATH=${makeSearchPath "bin" (with pkgs; [
tmux
gnugrep
weechat
])}
if tmux list-sessions -F\#S | grep -q '^im''$'; then
exec tmux attach -t im
else
exec tmux new -s im weechat
fi
'')
# root
cryptsetup

View File

@ -25,24 +25,6 @@ with import <stockholm/lib>;
{
environment.systemPackages = with pkgs; [
# stockholm
gnumake
hashPassword
haskellPackages.lentil
parallel
(pkgs.writeBashBin "im" ''
export PATH=${makeSearchPath "bin" (with pkgs; [
tmux
gnugrep
weechat
])}
if tmux list-sessions -F\#S | grep -q '^im''$'; then
exec tmux attach -t im
else
exec tmux new -s im weechat
fi
'')
# root
cryptsetup

View File

@ -38,6 +38,8 @@ with import <stockholm/lib>;
# stockholm dependencies
environment.systemPackages = with pkgs; [
git
gnumake
hashPassword
populate
];
}
@ -152,6 +154,7 @@ with import <stockholm/lib>;
{
environment.systemPackages = [
pkgs.get
pkgs.krebspaste
pkgs.krebszones
pkgs.nix-prefetch-scripts
pkgs.push

View File

@ -13,7 +13,7 @@ with import <stockholm/lib>;
"shackspace.de"
"viljetic.de"
];
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [
config.krebs.hosts.nomic
config.krebs.hosts.wu
config.krebs.hosts.xu

View File

@ -297,14 +297,18 @@ let {
alldirs = attrValues dirs ++ map dirOf (attrValues files);
in unique (sort lessThan alldirs);
vim = pkgs.writeDashBin "vim" ''
set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
if test $# = 0 && test -e "$PWD/.ctrlpignore"; then
set -- +CtrlP
fi
exec ${pkgs.vim}/bin/vim "$@"
'';
vim = pkgs.concat "vim" [
pkgs.vim_configurable
(pkgs.writeDashBin "vim" ''
set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
if test $# = 0 && test -e "$PWD/.ctrlpignore"; then
set -- +CtrlP
fi
# vim-orgmode needs Python, thus vim_configurable instead of just vim
exec ${pkgs.vim_configurable}/bin/vim "$@"
'')
];
vimrc = pkgs.writeText "vimrc" ''
set nocompatible

View File

@ -57,8 +57,8 @@ let {
networking.firewall.enable = false;
systemd.services.tv-iptables = {
description = "tv-iptables";
wantedBy = [ "network-pre.target" ];
wantedBy = [ "sysinit.target" ];
wants = [ "network-pre.target" ];
before = [ "network-pre.target" ];
after = [ "systemd-modules-load.service" ];
@ -79,6 +79,8 @@ let {
ip6tables-restore < ${rules 6}
'';
};
unitConfig.DefaultDependencies = false;
};
};