Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2017-03-16 23:28:32 +01:00
commit 4b29caff26
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
30 changed files with 219 additions and 98 deletions

View File

@ -20,6 +20,7 @@ let
./github-hosts-sync.nix ./github-hosts-sync.nix
./git.nix ./git.nix
./go.nix ./go.nix
./htgen.nix
./iptables.nix ./iptables.nix
./kapacitor.nix ./kapacitor.nix
./monit.nix ./monit.nix

View File

@ -21,10 +21,9 @@ let
OnCalendar = "*:00,10,20,30,40,50"; OnCalendar = "*:00,10,20,30,40,50";
}; };
}; };
# TODO find a better default stateDir
stateDir = mkOption { stateDir = mkOption {
type = types.str; type = types.str;
default = "$HOME/wallpaper"; default = "/var/lib/wallpaper";
}; };
display = mkOption { display = mkOption {
type = types.str; type = types.str;
@ -52,27 +51,35 @@ let
mkdir -p ${cfg.stateDir} mkdir -p ${cfg.stateDir}
cd ${cfg.stateDir} cd ${cfg.stateDir}
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || : (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
feh --no-fehbg --bg-scale wallpaper feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
''; '';
imp = { imp = {
systemd.user.timers.fetchWallpaper = { users.users.fetchWallpaper = {
name = "fetchWallpaper";
uid = genid "fetchWallpaper";
description = "fetchWallpaper user";
home = cfg.stateDir;
createHome = true;
};
systemd.timers.fetchWallpaper = {
description = "fetch wallpaper timer"; description = "fetch wallpaper timer";
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig; timerConfig = cfg.timerConfig;
}; };
systemd.user.services.fetchWallpaper = { systemd.services.fetchWallpaper = {
description = "fetch wallpaper"; description = "fetch wallpaper";
wantedBy = [ "default.target" ]; after = [ "network.target" ];
path = with pkgs; [ path = with pkgs; [
curl curl
feh feh
coreutils
]; ];
environment = { environment = {
URL = cfg.url;
DISPLAY = cfg.display; DISPLAY = cfg.display;
}; };
restartIfChanged = true; restartIfChanged = true;
@ -80,6 +87,7 @@ let
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = fetchWallpaperScript; ExecStart = fetchWallpaperScript;
User = "fetchWallpaper";
}; };
unitConfig = cfg.unitConfig; unitConfig = cfg.unitConfig;

68
krebs/3modules/htgen.nix Normal file
View File

@ -0,0 +1,68 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.krebs.htgen;
out = {
options.krebs.htgen = api;
config = imp;
};
api = mkOption {
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
enable = mkEnableOption "krebs.htgen-${config.name}";
name = mkOption {
type = types.username;
default = config._module.args.name;
};
port = mkOption {
type = types.uint;
};
script = mkOption {
type = types.str;
};
user = mkOption {
type = types.user;
default = {
name = "htgen-${config.name}";
home = "/var/lib/htgen-${config.name}";
};
};
};
}));
};
imp = {
systemd.services = mapAttrs' (name: htgen:
nameValuePair "htgen-${name}" {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = {
HTGEN_PORT = toString htgen.port;
HTGEN_SCRIPT = htgen.script;
};
serviceConfig = {
SyslogIdentifier = "htgen";
User = htgen.user.name;
PrivateTmp = true;
Restart = "always";
ExecStart = "${pkgs.htgen}/bin/htgen --serve";
};
}
) cfg;
users.users = mapAttrs' (name: htgen:
nameValuePair htgen.user.name {
inherit (htgen.user) home name uid;
createHome = true;
}
) cfg;
};
in out

View File

@ -68,8 +68,8 @@ let
networking.firewall.enable = false; networking.firewall.enable = false;
systemd.services.krebs-iptables = { systemd.services.krebs-iptables = {
description = "krebs-iptables"; wantedBy = [ "sysinit.target" ];
wantedBy = [ "network-pre.target" ]; wants = [ "network-pre.target" ];
before = [ "network-pre.target" ]; before = [ "network-pre.target" ];
after = [ "systemd-modules-load.service" ]; after = [ "systemd-modules-load.service" ];
@ -85,6 +85,8 @@ let
Restart = "always"; Restart = "always";
ExecStart = startScript; ExecStart = startScript;
}; };
unitConfig.DefaultDependencies = false;
}; };
}; };

View File

@ -224,8 +224,8 @@ with import <stockholm/lib>;
internet = { internet = {
ip4.addr = "188.68.36.196"; ip4.addr = "188.68.36.196";
aliases = [ aliases = [
"cgit.ni.i"
"ni.i" "ni.i"
"cgit.ni.i"
]; ];
ssh.port = 11423; ssh.port = 11423;
}; };
@ -360,8 +360,8 @@ with import <stockholm/lib>;
gg23 = { gg23 = {
ip4.addr = "10.23.1.38"; ip4.addr = "10.23.1.38";
aliases = [ aliases = [
"cache.xu.gg23"
"xu.gg23" "xu.gg23"
"cache.xu.gg23"
]; ];
ssh.port = 11423; ssh.port = 11423;
}; };

View File

@ -0,0 +1,28 @@
{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }:
with import <stockholm/lib>;
let
version = "1.1";
in stdenv.mkDerivation {
name = "htgen-${version}";
src = fetchgit {
url = "http://cgit.krebsco.de/htgen";
rev = "refs/tags/v${version}";
sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z";
};
installPhase = ''
mkdir -p $out/bin
{
echo '#! ${bash}/bin/bash'
echo 'export PATH=${makeBinPath [
ucspi-tcp
coreutils
gnused
]}''${PATH+":$PATH"}'
cat htgen
} > $out/bin/htgen
chmod +x $out/bin/htgen
cp -r examples $out
'';
}

View File

@ -2,5 +2,5 @@
# TODO use `execve` instead? # TODO use `execve` instead?
writeDashBin "krebspaste" '' writeDashBin "krebspaste" ''
exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@" exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@"
'' ''

View File

@ -86,6 +86,10 @@ with import <stockholm/lib>;
pkgs.krebszones pkgs.krebszones
]; ];
} }
{
#ps vita stuff
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}
]; ];
krebs.build.host = config.krebs.hosts.mors; krebs.build.host = config.krebs.hosts.mors;
@ -180,8 +184,6 @@ with import <stockholm/lib>;
''; '';
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
exfat
acronym acronym
cac-api cac-api
sshpass sshpass

View File

@ -9,7 +9,10 @@ with import <stockholm/lib>;
with import <stockholm/lib>; with import <stockholm/lib>;
let let
secKey = import <secrets/bepasty-secret.nix>; secKey = import <secrets/bepasty-secret.nix>;
ext-dom = "paste.lassul.us" ; ext-doms = [
"paste.lassul.us"
"paste.krebsco.de"
];
in { in {
services.nginx.enable = mkDefault true; services.nginx.enable = mkDefault true;
@ -25,8 +28,8 @@ in {
defaultPermissions = "admin,list,create,read,delete"; defaultPermissions = "admin,list,create,read,delete";
secretKey = secKey; secretKey = secKey;
}; };
} //
"${ext-dom}" = { genAttrs ext-doms (ext-dom: {
nginx = { nginx = {
enableSSL = true; enableSSL = true;
forceSSL = true; forceSSL = true;
@ -34,7 +37,6 @@ in {
}; };
defaultPermissions = "read"; defaultPermissions = "read";
secretKey = secKey; secretKey = secKey;
}; });
};
}; };
} }

View File

@ -9,7 +9,7 @@ let
${pkgs.copyq}/bin/copyq config activate_closes true ${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab clipboard ${pkgs.copyq}/bin/copyq config clipboard_tab \&clipboard
${pkgs.copyq}/bin/copyq config disable_tray true ${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true ${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true ${pkgs.copyq}/bin/copyq config hide_toolbar true
@ -19,10 +19,9 @@ let
${pkgs.copyq}/bin/copyq config text_wrap true ${pkgs.copyq}/bin/copyq config text_wrap true
''; '';
in { in {
systemd.user.services.copyq = { systemd.services.copyq = {
after = [ "graphical.target" ]; wantedBy = [ "multi-user.target" ];
wants = [ "graphical.target" ]; requires = [ "display-manager.service" ];
wantedBy = [ "default.target" ];
environment = { environment = {
DISPLAY = ":0"; DISPLAY = ":0";
}; };
@ -33,6 +32,7 @@ in {
Restart = "always"; Restart = "always";
RestartSec = "2s"; RestartSec = "2s";
StartLimitBurst = 0; StartLimitBurst = 0;
User = "lass";
}; };
}; };
} }

View File

@ -64,7 +64,10 @@ with import <stockholm/lib>;
]; ];
} }
{ {
services.dnscrypt-proxy.enable = true; services.dnscrypt-proxy = {
enable = true;
resolverName = "d0wn-nl-ns3";
};
networking.extraResolvconfConf = '' networking.extraResolvconfConf = ''
name_servers='127.0.0.1' name_servers='127.0.0.1'
''; '';

View File

@ -32,10 +32,13 @@ let
public-repos = mapAttrs make-public-repo { public-repos = mapAttrs make-public-repo {
stockholm = { stockholm = {
cgit.desc = "take all the computers hostage, they'll love you!"; cgit.desc = "take all the computers hostage, they'll love you!";
cgit.section = "configuration";
}; };
kimsufi-check = {};
} // mapAttrs make-public-repo-silent { } // mapAttrs make-public-repo-silent {
the_playlist = {}; the_playlist = {
cgit.desc = "Good Music collection + tools";
cgit.section = "art";
};
}; };
restricted-repos = mapAttrs make-restricted-repo ( restricted-repos = mapAttrs make-restricted-repo (
@ -58,7 +61,7 @@ let
server = "ni.r"; server = "ni.r";
verbose = config.krebs.build.host.name == "prism"; verbose = config.krebs.build.host.name == "prism";
# TODO define branches in some kind of option per repo # TODO define branches in some kind of option per repo
branches = [ "master" "newest" ]; branches = [ "master" ];
}; };
}; };
}; };

View File

@ -36,5 +36,12 @@ with import <stockholm/lib>;
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; } { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
]; ];
systemd.services.krebs-iptables.after = [ "libvirtd.service" ]; # TODO use bridge interfaces instead of this crap
systemd.services.libvirtd.serviceConfig.ExecStartPost = let
restart-iptables = pkgs.writeDash "restart-iptables" ''
#soo hacky
${pkgs.coreutils}/bin/sleep 1s
${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
'';
in restart-iptables;
} }

View File

@ -3,6 +3,7 @@
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
security.hideProcessInformation = true;
nixpkgs.config.packageOverrides = super: { nixpkgs.config.packageOverrides = super: {
htop = pkgs.concat "htop" [ htop = pkgs.concat "htop" [
super.htop super.htop

View File

@ -66,7 +66,6 @@ let
# notmuch bindings # notmuch bindings
macro index \\\\ "<vfolder-from-query>" # looks up a hand made query macro index \\\\ "<vfolder-from-query>" # looks up a hand made query
macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
@ -75,9 +74,25 @@ let
bind index d noop bind index d noop
bind pager d noop bind pager d noop
bind index S noop
bind index s noop
bind pager S noop bind pager S noop
bind pager s noop
macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
macro index s "<modify-labels>-junk\n" # tag as Junk mail
macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
macro pager s "<modify-labels>-junk\n" # tag as Junk mail
bind index A noop
bind index a noop
bind pager A noop
bind pager a noop
macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
macro index a "<modify-labels>-archive\n" # tag as Archived
macro pager A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
macro pager a "<modify-labels>-archive\n" # tag as Archived
bind index t noop bind index t noop
bind pager t noop bind pager t noop

View File

@ -325,12 +325,10 @@ in {
(pkgs.concat "mc" [ (pkgs.concat "mc" [
pkgs.mc pkgs.mc
(pkgs.writeDashBin "mc" '' (pkgs.writeDashBin "mc" ''
export MC_DATADIR=${pkgs.concat "mc-datadir" [ export MC_DATADIR=${pkgs.writeOut "mc-ext" {
(pkgs.writeOut "mc-ext" {
"/mc.ext".link = mcExt; "/mc.ext".link = mcExt;
"/sfs.ini".text = ""; "/sfs.ini".text = "";
}) }};
]}
export TERM=xterm-256color export TERM=xterm-256color
exec ${pkgs.mc}/bin/mc -S xoria256 "$@" exec ${pkgs.mc}/bin/mc -S xoria256 "$@"
'') '')

View File

@ -3,6 +3,6 @@
{ {
krebs.build.source.nixpkgs.git = { krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs; url = https://cgit.lassul.us/nixpkgs;
ref = "c0ecd31"; ref = "ade5837";
}; };
} }

View File

@ -26,7 +26,7 @@ in {
lowerLimit = 0; lowerLimit = 0;
charging = false; charging = false;
action = pkgs.writeDash "suspend-wrapper" '' action = pkgs.writeDash "suspend-wrapper" ''
/var/setuid-wrappers/sudo ${suspend} /run/wrappers/bin/sudo ${suspend}
''; '';
}; };
user = "lass"; user = "lass";

View File

@ -10,6 +10,7 @@ let
public = true; public = true;
name = mkDefault "${name}"; name = mkDefault "${name}";
cgit.desc = mkDefault "mirror for ${name}"; cgit.desc = mkDefault "mirror for ${name}";
cgit.section = mkDefault "mirror";
hooks = mkIf announce (mkDefault { hooks = mkIf announce (mkDefault {
post-receive = pkgs.git-hooks.irc-announce { post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName; nick = config.networking.hostName;

View File

@ -120,6 +120,7 @@ in {
sender_domains = [ sender_domains = [
"jla-trading.com" "jla-trading.com"
"ubikmedia.eu" "ubikmedia.eu"
"ubikmedia.de"
]; ];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem";

View File

@ -36,9 +36,10 @@ let
''; '';
in { in {
systemd.user.services.xresources = { systemd.services.xresources = {
description = "xresources"; description = "xresources";
wantedBy = [ "default.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "display-manager.service" ];
environment = { environment = {
DISPLAY = ":0"; DISPLAY = ":0";
@ -50,6 +51,7 @@ in {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
Restart = "on-failure"; Restart = "on-failure";
User = "lass";
}; };
}; };
} }

View File

@ -32,7 +32,17 @@ in
security = import <secrets/grafana_security.nix>; security = import <secrets/grafana_security.nix>;
}; };
nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ]; nix = {
binaryCaches = [
"http://localhost:3142/nixos"
"http://cache.prism.r"
"https://cache.nixos.org/"
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
};
networking = { networking = {
firewall.enable = false; firewall.enable = false;

View File

@ -23,7 +23,8 @@ with lib;
}; };
}; };
latest = { latest = {
mirror.url = mirror; url = mirror;
ref = "heads/master";
}; };
}; };
}; };

View File

@ -19,12 +19,6 @@ with import <stockholm/lib>;
../2configs/xserver ../2configs/xserver
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# stockholm
gnumake
hashPassword
parallel
# root # root
cryptsetup cryptsetup

View File

@ -20,23 +20,6 @@ with import <stockholm/lib>;
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# stockholm
gnumake
hashPassword
#haskellPackages.lentil
parallel
(pkgs.writeBashBin "im" ''
export PATH=${makeSearchPath "bin" (with pkgs; [
tmux
gnugrep
weechat
])}
if tmux list-sessions -F\#S | grep -q '^im''$'; then
exec tmux attach -t im
else
exec tmux new -s im weechat
fi
'')
# root # root
cryptsetup cryptsetup

View File

@ -25,24 +25,6 @@ with import <stockholm/lib>;
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# stockholm
gnumake
hashPassword
haskellPackages.lentil
parallel
(pkgs.writeBashBin "im" ''
export PATH=${makeSearchPath "bin" (with pkgs; [
tmux
gnugrep
weechat
])}
if tmux list-sessions -F\#S | grep -q '^im''$'; then
exec tmux attach -t im
else
exec tmux new -s im weechat
fi
'')
# root # root
cryptsetup cryptsetup

View File

@ -38,6 +38,8 @@ with import <stockholm/lib>;
# stockholm dependencies # stockholm dependencies
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gnumake
hashPassword
populate populate
]; ];
} }
@ -152,6 +154,7 @@ with import <stockholm/lib>;
{ {
environment.systemPackages = [ environment.systemPackages = [
pkgs.get pkgs.get
pkgs.krebspaste
pkgs.krebszones pkgs.krebszones
pkgs.nix-prefetch-scripts pkgs.nix-prefetch-scripts
pkgs.push pkgs.push

View File

@ -13,7 +13,7 @@ with import <stockholm/lib>;
"shackspace.de" "shackspace.de"
"viljetic.de" "viljetic.de"
]; ];
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [
config.krebs.hosts.nomic config.krebs.hosts.nomic
config.krebs.hosts.wu config.krebs.hosts.wu
config.krebs.hosts.xu config.krebs.hosts.xu

View File

@ -297,14 +297,18 @@ let {
alldirs = attrValues dirs ++ map dirOf (attrValues files); alldirs = attrValues dirs ++ map dirOf (attrValues files);
in unique (sort lessThan alldirs); in unique (sort lessThan alldirs);
vim = pkgs.writeDashBin "vim" '' vim = pkgs.concat "vim" [
pkgs.vim_configurable
(pkgs.writeDashBin "vim" ''
set -efu set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
if test $# = 0 && test -e "$PWD/.ctrlpignore"; then if test $# = 0 && test -e "$PWD/.ctrlpignore"; then
set -- +CtrlP set -- +CtrlP
fi fi
exec ${pkgs.vim}/bin/vim "$@" # vim-orgmode needs Python, thus vim_configurable instead of just vim
''; exec ${pkgs.vim_configurable}/bin/vim "$@"
'')
];
vimrc = pkgs.writeText "vimrc" '' vimrc = pkgs.writeText "vimrc" ''
set nocompatible set nocompatible

View File

@ -57,8 +57,8 @@ let {
networking.firewall.enable = false; networking.firewall.enable = false;
systemd.services.tv-iptables = { systemd.services.tv-iptables = {
description = "tv-iptables"; wantedBy = [ "sysinit.target" ];
wantedBy = [ "network-pre.target" ]; wants = [ "network-pre.target" ];
before = [ "network-pre.target" ]; before = [ "network-pre.target" ];
after = [ "systemd-modules-load.service" ]; after = [ "systemd-modules-load.service" ];
@ -79,6 +79,8 @@ let {
ip6tables-restore < ${rules 6} ip6tables-restore < ${rules 6}
''; '';
}; };
unitConfig.DefaultDependencies = false;
}; };
}; };