Merge remote-tracking branch 'lass/master'

krebs/3modules/default.nix

@@ -20,6 +20,7 @@ let
       ./github-hosts-sync.nix
       ./git.nix
       ./go.nix
+      ./htgen.nix
       ./iptables.nix
       ./kapacitor.nix
       ./monit.nix

krebs/3modules/fetchWallpaper.nix

@@ -21,10 +21,9 @@ let
         OnCalendar = "*:00,10,20,30,40,50";
       };
     };
-    # TODO find a better default stateDir
     stateDir = mkOption {
       type = types.str;
-      default = "$HOME/wallpaper";
+      default = "/var/lib/wallpaper";
     };
     display = mkOption {
       type = types.str;
@@ -52,27 +51,35 @@ let
     mkdir -p ${cfg.stateDir}
     cd ${cfg.stateDir}
     (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
-    feh --no-fehbg --bg-scale wallpaper
+    feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
   '';
 
   imp = {
-    systemd.user.timers.fetchWallpaper = {
+    users.users.fetchWallpaper = {
+      name = "fetchWallpaper";
+      uid = genid "fetchWallpaper";
+      description = "fetchWallpaper user";
+      home = cfg.stateDir;
+      createHome = true;
+    };
+
+    systemd.timers.fetchWallpaper = {
       description = "fetch wallpaper timer";
       wantedBy = [ "timers.target" ];
 
       timerConfig = cfg.timerConfig;
     };
-    systemd.user.services.fetchWallpaper = {
+    systemd.services.fetchWallpaper = {
       description = "fetch wallpaper";
-      wantedBy = [ "default.target" ];
+      after = [ "network.target" ];
 
       path = with pkgs; [
         curl
         feh
-        coreutils
       ];
 
       environment = {
+        URL = cfg.url;
         DISPLAY = cfg.display;
       };
       restartIfChanged = true;
@@ -80,6 +87,7 @@ let
       serviceConfig = {
         Type = "simple";
         ExecStart = fetchWallpaperScript;
+        User = "fetchWallpaper";
       };
 
       unitConfig = cfg.unitConfig;

krebs/3modules/htgen.nix

@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+  cfg = config.krebs.htgen;
+
+  out = {
+    options.krebs.htgen = api;
+    config = imp;
+  };
+
+  api = mkOption {
+    default = {};
+    type = types.attrsOf (types.submodule ({ config, ... }: {
+      options = {
+        enable = mkEnableOption "krebs.htgen-${config.name}";
+
+        name = mkOption {
+          type = types.username;
+          default = config._module.args.name;
+        };
+
+        port = mkOption {
+          type = types.uint;
+        };
+
+        script = mkOption {
+          type = types.str;
+        };
+        user = mkOption {
+          type = types.user;
+          default = {
+            name = "htgen-${config.name}";
+            home = "/var/lib/htgen-${config.name}";
+          };
+        };
+      };
+    }));
+  };
+  imp = {
+
+    systemd.services = mapAttrs' (name: htgen:
+      nameValuePair "htgen-${name}" {
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+        environment = {
+          HTGEN_PORT = toString htgen.port;
+          HTGEN_SCRIPT = htgen.script;
+        };
+        serviceConfig = {
+          SyslogIdentifier = "htgen";
+          User = htgen.user.name;
+          PrivateTmp = true;
+          Restart = "always";
+          ExecStart = "${pkgs.htgen}/bin/htgen --serve";
+        };
+      }
+    ) cfg;
+
+    users.users = mapAttrs' (name: htgen:
+      nameValuePair htgen.user.name {
+        inherit (htgen.user) home name uid;
+        createHome = true;
+      }
+    ) cfg;
+
+  };
+in out

krebs/3modules/iptables.nix

@@ -68,8 +68,8 @@ let
     networking.firewall.enable = false;
 
     systemd.services.krebs-iptables = {
-      description = "krebs-iptables";
-      wantedBy = [ "network-pre.target" ];
+      wantedBy = [ "sysinit.target" ];
+      wants = [ "network-pre.target" ];
       before = [ "network-pre.target" ];
       after = [ "systemd-modules-load.service" ];
 
@@ -85,6 +85,8 @@ let
         Restart = "always";
         ExecStart = startScript;
       };
+
+      unitConfig.DefaultDependencies = false;
     };
   };
 

krebs/3modules/tv/default.nix

@@ -224,8 +224,8 @@ with import <stockholm/lib>;
         internet = {
           ip4.addr = "188.68.36.196";
           aliases = [
-            "cgit.ni.i"
             "ni.i"
+            "cgit.ni.i"
           ];
           ssh.port = 11423;
         };
@@ -360,8 +360,8 @@ with import <stockholm/lib>;
         gg23 = {
           ip4.addr = "10.23.1.38";
           aliases = [
-            "cache.xu.gg23"
             "xu.gg23"
+            "cache.xu.gg23"
           ];
           ssh.port = 11423;
         };

krebs/5pkgs/htgen/default.nix

@@ -0,0 +1,28 @@
+{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }:
+with import <stockholm/lib>;
+let
+  version = "1.1";
+in stdenv.mkDerivation {
+  name = "htgen-${version}";
+
+  src = fetchgit {
+    url = "http://cgit.krebsco.de/htgen";
+    rev = "refs/tags/v${version}";
+    sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z";
+  };
+
+  installPhase = ''
+    mkdir -p $out/bin
+    {
+      echo '#! ${bash}/bin/bash'
+      echo 'export PATH=${makeBinPath [
+        ucspi-tcp
+        coreutils
+        gnused
+      ]}''${PATH+":$PATH"}'
+      cat htgen
+    } > $out/bin/htgen
+    chmod +x $out/bin/htgen
+    cp -r examples $out
+  '';
+}

krebs/5pkgs/krebspaste/default.nix

@@ -2,5 +2,5 @@
 
 # TODO use `execve` instead?
 writeDashBin "krebspaste" ''
-  exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
+  exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@"
 ''

lass/1systems/mors.nix

@@ -86,6 +86,10 @@ with import <stockholm/lib>;
         pkgs.krebszones
       ];
     }
+    {
+      #ps vita stuff
+      boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.mors;
@@ -180,8 +184,6 @@ with import <stockholm/lib>;
   '';
 
   environment.systemPackages = with pkgs; [
-    exfat
-
     acronym
     cac-api
     sshpass

lass/2configs/bepasty.nix

@@ -9,7 +9,10 @@ with import <stockholm/lib>;
 with import <stockholm/lib>;
 let
   secKey = import <secrets/bepasty-secret.nix>;
-  ext-dom = "paste.lassul.us" ;
+  ext-doms = [
+    "paste.lassul.us"
+    "paste.krebsco.de"
+  ];
 in {
 
   services.nginx.enable = mkDefault true;
@@ -25,16 +28,15 @@ in {
         defaultPermissions = "admin,list,create,read,delete";
         secretKey = secKey;
       };
-
-      "${ext-dom}" = {
-        nginx = {
-          enableSSL = true;
-          forceSSL = true;
-          enableACME = true;
-        };
-        defaultPermissions = "read";
-        secretKey = secKey;
+    } //
+    genAttrs ext-doms (ext-dom: {
+      nginx = {
+        enableSSL = true;
+        forceSSL = true;
+        enableACME = true;
       };
-    };
+      defaultPermissions = "read";
+      secretKey = secKey;
+    });
   };
 }

lass/2configs/copyq.nix

@@ -9,7 +9,7 @@ let
 
     ${pkgs.copyq}/bin/copyq config activate_closes true
     ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
-    ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
+    ${pkgs.copyq}/bin/copyq config clipboard_tab \&clipboard
     ${pkgs.copyq}/bin/copyq config disable_tray true
     ${pkgs.copyq}/bin/copyq config hide_tabs true
     ${pkgs.copyq}/bin/copyq config hide_toolbar true
@@ -19,10 +19,9 @@ let
     ${pkgs.copyq}/bin/copyq config text_wrap true
   '';
 in {
-  systemd.user.services.copyq = {
-    after = [ "graphical.target" ];
-    wants = [ "graphical.target" ];
-    wantedBy = [ "default.target" ];
+  systemd.services.copyq = {
+    wantedBy = [ "multi-user.target" ];
+    requires = [ "display-manager.service" ];
     environment = {
       DISPLAY = ":0";
     };
@@ -33,6 +32,7 @@ in {
       Restart = "always";
       RestartSec = "2s";
       StartLimitBurst = 0;
+      User = "lass";
     };
   };
 }

lass/2configs/default.nix

@@ -64,7 +64,10 @@ with import <stockholm/lib>;
       ];
     }
     {
-      services.dnscrypt-proxy.enable = true;
+      services.dnscrypt-proxy = {
+        enable = true;
+        resolverName = "d0wn-nl-ns3";
+      };
       networking.extraResolvconfConf = ''
         name_servers='127.0.0.1'
       '';

lass/2configs/git.nix

@@ -32,10 +32,13 @@ let
   public-repos = mapAttrs make-public-repo {
     stockholm = {
       cgit.desc = "take all the computers hostage, they'll love you!";
+      cgit.section = "configuration";
     };
-    kimsufi-check = {};
   } // mapAttrs make-public-repo-silent {
-    the_playlist = {};
+    the_playlist = {
+      cgit.desc = "Good Music collection + tools";
+      cgit.section  = "art";
+    };
   };
 
   restricted-repos = mapAttrs make-restricted-repo (
@@ -58,7 +61,7 @@ let
         server = "ni.r";
         verbose = config.krebs.build.host.name == "prism";
         # TODO define branches in some kind of option per repo
-        branches = [ "master" "newest" ];
+        branches = [ "master" ];
       };
     };
   };

lass/2configs/hfos.nix

@@ -36,5 +36,12 @@ with import <stockholm/lib>;
     { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
   ];
 
-  systemd.services.krebs-iptables.after = [ "libvirtd.service" ];
+  # TODO use bridge interfaces instead of this crap
+  systemd.services.libvirtd.serviceConfig.ExecStartPost = let
+    restart-iptables = pkgs.writeDash "restart-iptables" ''
+      #soo hacky
+      ${pkgs.coreutils}/bin/sleep 1s
+      ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
+    '';
+  in restart-iptables;
 }

lass/2configs/htop.nix

@@ -3,6 +3,7 @@
 with import <stockholm/lib>;
 
 {
+  security.hideProcessInformation = true;
   nixpkgs.config.packageOverrides = super: {
     htop = pkgs.concat "htop" [
       super.htop

lass/2configs/mail.nix

@@ -66,7 +66,6 @@ let
 
     # notmuch bindings
     macro index \\\\ "<vfolder-from-query>"                   # looks up a hand made query
-    macro index A "<modify-labels>+archive -unread -inbox\n"  # tag as Archived
     macro index + "<modify-labels>+*\n<sync-mailbox>"         # tag as starred
     macro index - "<modify-labels>-*\n<sync-mailbox>"         # tag as unstarred
 
@@ -75,9 +74,25 @@ let
     bind index d noop
     bind pager d noop
 
+    bind index S noop
+    bind index s noop
     bind pager S noop
+    bind pager s noop
     macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
+    macro index s "<modify-labels>-junk\n" # tag as Junk mail
     macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
+    macro pager s "<modify-labels>-junk\n" # tag as Junk mail
+
+
+    bind index A noop
+    bind index a noop
+    bind pager A noop
+    bind pager a noop
+    macro index A "<modify-labels>+archive -unread -inbox\n"  # tag as Archived
+    macro index a "<modify-labels>-archive\n"  # tag as Archived
+    macro pager A "<modify-labels>+archive -unread -inbox\n"  # tag as Archived
+    macro pager a "<modify-labels>-archive\n"  # tag as Archived
+
 
     bind index t noop
     bind pager t noop

lass/2configs/mc.nix

@@ -325,12 +325,10 @@ in {
     (pkgs.concat "mc" [
       pkgs.mc
       (pkgs.writeDashBin "mc" ''
-        export MC_DATADIR=${pkgs.concat "mc-datadir" [
-          (pkgs.writeOut "mc-ext" {
+        export MC_DATADIR=${pkgs.writeOut "mc-ext" {
             "/mc.ext".link = mcExt;
             "/sfs.ini".text = "";
-          })
-        ]}
+        }};
         export TERM=xterm-256color
         exec ${pkgs.mc}/bin/mc -S xoria256 "$@"
       '')

lass/2configs/nixpkgs.nix

@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://cgit.lassul.us/nixpkgs;
-    ref = "c0ecd31";
+    ref = "ade5837";
   };
 }

lass/2configs/power-action.nix

@@ -26,7 +26,7 @@ in {
       lowerLimit = 0;
       charging = false;
       action = pkgs.writeDash "suspend-wrapper" ''
-        /var/setuid-wrappers/sudo ${suspend}
+        /run/wrappers/bin/sudo ${suspend}
       '';
     };
     user = "lass";

lass/2configs/repo-sync.nix

@@ -10,6 +10,7 @@ let
       public = true;
       name = mkDefault "${name}";
       cgit.desc = mkDefault "mirror for ${name}";
+      cgit.section = mkDefault "mirror";
       hooks = mkIf announce (mkDefault {
         post-receive = pkgs.git-hooks.irc-announce {
           nick = config.networking.hostName;

lass/2configs/websites/domsen.nix

@@ -120,6 +120,7 @@ in {
     sender_domains = [
       "jla-trading.com"
       "ubikmedia.eu"
+      "ubikmedia.de"
     ];
     ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
     ssl_key = "/var/lib/acme/lassul.us/key.pem";

lass/2configs/xresources.nix

@@ -36,9 +36,10 @@ let
   '';
 
 in {
-  systemd.user.services.xresources = {
+  systemd.services.xresources = {
     description = "xresources";
-    wantedBy = [ "default.target" ];
+    wantedBy = [ "multi-user.target" ];
+    after = [ "display-manager.service" ];
 
     environment = {
       DISPLAY = ":0";
@@ -50,6 +51,7 @@ in {
       Type = "simple";
       ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
       Restart = "on-failure";
+      User = "lass";
     };
   };
 }

shared/1systems/wolf.nix

@@ -32,7 +32,17 @@ in
     security = import <secrets/grafana_security.nix>;
   };
 
-  nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ];
+  nix = {
+    binaryCaches = [
+      "http://localhost:3142/nixos"
+      "http://cache.prism.r"
+      "https://cache.nixos.org/"
+    ];
+    binaryCachePublicKeys = [
+      "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+      "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+    ];
+  };
 
   networking = {
     firewall.enable = false;

shared/2configs/repo-sync.nix

@@ -23,7 +23,8 @@ with lib;
         };
       };
       latest = {
-        mirror.url = mirror;
+        url = mirror;
+        ref = "heads/master";
       };
     };
   };

tv/1systems/wu.nix

@@ -19,12 +19,6 @@ with import <stockholm/lib>;
     ../2configs/xserver
     {
       environment.systemPackages = with pkgs; [
-
-        # stockholm
-        gnumake
-        hashPassword
-        parallel
-
         # root
         cryptsetup
 

tv/1systems/xu.nix

@@ -20,23 +20,6 @@ with import <stockholm/lib>;
     {
       environment.systemPackages = with pkgs; [
 
-        # stockholm
-        gnumake
-        hashPassword
-        #haskellPackages.lentil
-        parallel
-        (pkgs.writeBashBin "im" ''
-          export PATH=${makeSearchPath "bin" (with pkgs; [
-            tmux
-            gnugrep
-            weechat
-          ])}
-          if tmux list-sessions -F\#S | grep -q '^im''$'; then
-            exec tmux attach -t im
-          else
-            exec tmux new -s im weechat
-          fi
-        '')
 
         # root
         cryptsetup

tv/1systems/zu.nix

@@ -25,24 +25,6 @@ with import <stockholm/lib>;
     {
       environment.systemPackages = with pkgs; [
 
-        # stockholm
-        gnumake
-        hashPassword
-        haskellPackages.lentil
-        parallel
-        (pkgs.writeBashBin "im" ''
-          export PATH=${makeSearchPath "bin" (with pkgs; [
-            tmux
-            gnugrep
-            weechat
-          ])}
-          if tmux list-sessions -F\#S | grep -q '^im''$'; then
-            exec tmux attach -t im
-          else
-            exec tmux new -s im weechat
-          fi
-        '')
-
         # root
         cryptsetup
 

tv/2configs/default.nix

@@ -38,6 +38,8 @@ with import <stockholm/lib>;
       # stockholm dependencies
       environment.systemPackages = with pkgs; [
         git
+        gnumake
+        hashPassword
         populate
       ];
     }
@@ -152,6 +154,7 @@ with import <stockholm/lib>;
     {
       environment.systemPackages = [
         pkgs.get
+        pkgs.krebspaste
         pkgs.krebszones
         pkgs.nix-prefetch-scripts
         pkgs.push

tv/2configs/exim-smarthost.nix

@@ -13,7 +13,7 @@ with import <stockholm/lib>;
       "shackspace.de"
       "viljetic.de"
     ];
-    relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+    relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [
       config.krebs.hosts.nomic
       config.krebs.hosts.wu
       config.krebs.hosts.xu

tv/2configs/vim.nix

@@ -297,14 +297,18 @@ let {
     alldirs = attrValues dirs ++ map dirOf (attrValues files);
   in unique (sort lessThan alldirs);
 
-  vim = pkgs.writeDashBin "vim" ''
-    set -efu
-    (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
-    if test $# = 0 && test -e "$PWD/.ctrlpignore"; then
-      set -- +CtrlP
-    fi
-    exec ${pkgs.vim}/bin/vim "$@"
-  '';
+  vim = pkgs.concat "vim" [
+    pkgs.vim_configurable
+    (pkgs.writeDashBin "vim" ''
+      set -efu
+      (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
+      if test $# = 0 && test -e "$PWD/.ctrlpignore"; then
+        set -- +CtrlP
+      fi
+      # vim-orgmode needs Python, thus vim_configurable instead of just vim
+      exec ${pkgs.vim_configurable}/bin/vim "$@"
+    '')
+  ];
 
   vimrc = pkgs.writeText "vimrc" ''
     set nocompatible

tv/3modules/iptables.nix

@@ -57,8 +57,8 @@ let {
     networking.firewall.enable = false;
 
     systemd.services.tv-iptables = {
-      description = "tv-iptables";
-      wantedBy = [ "network-pre.target" ];
+      wantedBy = [ "sysinit.target" ];
+      wants = [ "network-pre.target" ];
       before = [ "network-pre.target" ];
       after = [ "systemd-modules-load.service" ];
 
@@ -79,6 +79,8 @@ let {
           ip6tables-restore < ${rules 6}
         '';
       };
+
+      unitConfig.DefaultDependencies = false;
     };
   };