Merge remote-tracking branch 'lass/master'

krebs/2configs/news.nix

@@ -16,6 +16,7 @@
       vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
       weechat|http://dev.weechat.org/feed/atom|#news
       xkcd|https://xkcd.com/rss.xml|#news
+      painload|https://github.com/krebscode/painload/commits/master.atom|#news
     '';
   };
 }

krebs/3modules/git.nix

@@ -420,7 +420,16 @@ let
       ];
       locations."/".extraConfig = ''
         include             ${pkgs.nginx}/conf/fastcgi_params;
-        fastcgi_param       SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
+        fastcgi_param       SCRIPT_FILENAME ${pkgs.writeDash "cgit-wrapper" ''
+          set -efu
+          exec 3>&1
+          ${pkgs.cgit}/cgit/cgit.cgi "$@" 2>&1 >&3 3>&- \
+            | ${pkgs.gnused}/bin/sed \
+                  '
+                    \|^${pkgs.cgit}/cgit/cgit.cgi: Relink |d
+                  '
+          exec 3>&-
+        ''};
         fastcgi_param       PATH_INFO       $uri;
         fastcgi_param       QUERY_STRING    $args;
         fastcgi_param       HTTP_HOST       $server_name;

krebs/5pkgs/default.nix

@@ -13,6 +13,15 @@ foldl' mergeAttrs {}
 //
 
 {
+  # https://github.com/NixOS/nixpkgs/pull/30065
+  brscan4 = overrideDerivation super.brscan4 (original: rec {
+    name = "brscan4-0.4.4-4";
+    src = super.fetchurl {
+      url = "http://download.brother.com/welcome/dlf006645/${name}.amd64.deb";
+      sha256 = "0xy5px96y1saq9l80vwvfn6anr2q42qlxdhm6ci2a0diwib5q9fd";
+    };
+  });
+
   ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};
 
   # https://github.com/proot-me/PRoot/issues/106

krebs/5pkgs/simple/Reaktor/plugins.nix

@@ -144,7 +144,8 @@ rec {
     '';
   };
   wiki-todo-show = buildSimpleReaktorPlugin "wiki-todo" {
-    script = pkgs.writeDash "wiki-todo-add" ''
+    pattern = "^wiki-show$";
+    script = pkgs.writeDash "wiki-show" ''
       ${pkgs.coreutils}/bin/cat wiki-todo
     '';
   };

krebs/5pkgs/simple/git-preview/default.nix

@@ -1,15 +1,16 @@
-{ coreutils, git, stdenv, writeDashBin }:
+{ coreutils, git, writeDashBin }:
 
 writeDashBin "git-preview" ''
-  PATH=${stdenv.lib.makeBinPath [
-    coreutils
-    git
-  ]}''${PATH+:$PATH}
-  hashes=$(git log --format=%h "..$1")
-  end=$(echo "$hashes" | head -1)
-  start=$(echo "$hashes" | tail -1)
-  # exit if no diff was found
-  test -z "$start" && exit 0
-  shift
-  git diff "$start^..$end" "$@"
+  set -efu
+  head_commit=$(${git}/bin/git log -1 --format=%H)
+  merge_commit=$1; shift
+  merge_message='Merge for git-preview'
+  preview_dir=$(${coreutils}/bin/mktemp --tmpdir -d git-preview.XXXXXXXX)
+  preview_name=$(${coreutils}/bin/basename "$preview_dir")
+  ${git}/bin/git worktree add --detach -f "$preview_dir" 2>/dev/null
+  ${git}/bin/git -C "$preview_dir" checkout -q "$head_commit"
+  ${git}/bin/git -C "$preview_dir" merge -qm "$merge_message" "$merge_commit"
+  ${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@"
+  ${coreutils}/bin/rm -fR "$preview_dir"
+  ${coreutils}/bin/rm -R .git/worktrees/"$preview_name"
 ''

lass/1systems/helios/config.nix

@@ -115,4 +115,6 @@ with import <stockholm/lib>;
    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
   ];
+
+  lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
 }

lass/1systems/mors/config.nix

@@ -29,6 +29,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/syncthing.nix>
     <stockholm/lass/2configs/otp-ssh.nix>
     <stockholm/lass/2configs/c-base.nix>
+    <stockholm/tv/2configs/br.nix>
     {
       #risk of rain port
       krebs.iptables.tables.filter.INPUT.rules = [

lass/1systems/prism/config.nix

@@ -168,6 +168,14 @@ in {
           "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
         ];
       };
+      users.users.hellrazor = {
+        uid = genid "hellrazor";
+        isNormalUser = true;
+        extraGroups = [
+          "download"
+        ];
+        openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
+      };
     }
     {
       #hotdog

lass/2configs/baseX.nix

@@ -6,7 +6,6 @@ in {
   imports = [
     ./mpv.nix
     ./power-action.nix
-    ./screenlock.nix
     ./copyq.nix
     ./xresources.nix
     ./livestream.nix
@@ -31,15 +30,15 @@ in {
       options.lass.fonts = {
         regular = mkOption {
           type = types.str;
-          default = "xft:Hack-Regular:pixelsize=11,xft:Symbola";
+          default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
         };
         bold = mkOption {
           type = types.str;
-          default = "xft:Hack-Bold:pixelsize=11,xft:Symbola";
+          default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
         };
         italic = mkOption {
           type = types.str;
-          default = "xft:Hack-RegularOblique:pixelsize=11,xft:Symbol";
+          default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
         };
       };
     }
@@ -136,4 +135,5 @@ in {
   };
 
   services.urxvtd.enable = true;
+  lass.screenlock.enable = true;
 }

lass/2configs/br.nix

@@ -0,0 +1,48 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: {
+
+  imports = [
+    <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
+  ];
+
+  krebs.nixpkgs.allowUnfreePredicate = pkg: any (flip hasPrefix pkg.name) [
+    "brother-udev-rule-type1-"
+    "brscan4-"
+    "mfcl2700dnlpr-"
+  ];
+
+  hardware.sane = {
+    enable = true;
+    brscan4 = {
+      enable = true;
+      netDevices = {
+        bra = {
+          model = "MFCL2700DN";
+          ip = "10.23.42.221";
+        };
+      };
+    };
+  };
+
+  services.saned.enable = true;
+
+  # usage: scanimage -d "$(find-scanner bra)" --batch --format=tiff --resolution 150  -x 211 -y 298
+  environment.systemPackages = [
+    (pkgs.writeDashBin "find-scanner" ''
+      set -efu
+      name=$1
+      ${pkgs.sane-backends}/bin/scanimage -f '%m %d
+      ' \
+      | ${pkgs.gawk}/bin/awk -v dev="*$name" '$1 == dev { print $2; exit }' \
+      | ${pkgs.gnugrep}/bin/grep .
+    '')
+  ];
+
+  services.printing = {
+    enable = true;
+    drivers = [
+      pkgs.mfcl2700dncupswrapper
+    ];
+  };
+
+}

lass/2configs/default.nix

@@ -50,7 +50,7 @@ with import <stockholm/lib>;
         NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
       };
     }
-    (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
+    (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in {
       environment.variables = {
         CURL_CA_BUNDLE = ca-bundle;
         GIT_SSL_CAINFO = ca-bundle;
@@ -210,6 +210,7 @@ with import <stockholm/lib>;
         { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
         { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
         { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
+        { predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; }
       ];
     };
   };

lass/2configs/dns-stuff.nix

@@ -13,6 +13,7 @@ with import <stockholm/lib>;
   };
   services.dnsmasq = {
     enable = true;
+    resolveLocalQueries = false;
     extraConfig = ''
       server=127.1.0.1
       #no-resolv

lass/2configs/exim-smarthost.nix

@@ -45,6 +45,7 @@ with import <stockholm/lib>;
       { from = "raf@lassul.us"; to = lass.mail; }
       { from = "apple@lassul.us"; to = lass.mail; }
       { from = "coinbase@lassul.us"; to = lass.mail; }
+      { from = "tomtop@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }

lass/2configs/screenlock.nix

@@ -1,17 +0,0 @@
-{ pkgs, config, ... }:
-
-{
-  systemd.services.screenlock = {
-    before = [ "sleep.target" ];
-    wantedBy = [ "sleep.target" ];
-    environment = {
-      DISPLAY = ":0";
-    };
-    serviceConfig = {
-      SyslogIdentifier = "screenlock";
-      ExecStart = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
-      Type = "forking";
-      User = "lass";
-    };
-  };
-}

lass/2configs/websites/domsen.nix

@@ -126,6 +126,8 @@ in {
       { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
       { from = "dma@ubikmedia.de"; to = "domsen"; }
       { from = "dma@ubikmedia.eu"; to = "domsen"; }
+      { from = "mail@habsys.de"; to = "domsen"; }
+      { from = "mail@habsys.eu"; to = "domsen"; }
       { from = "bruno@apanowicz.de"; to = "bruno"; }
       { from = "mail@jla-trading.com"; to = "jla-trading"; }
       { from = "jms@ubikmedia.eu"; to = "jms"; }

lass/3modules/default.nix

@@ -8,6 +8,7 @@ _:
     ./mysql-backup.nix
     ./news.nix
     ./pyload.nix
+    ./screenlock.nix
     ./umts.nix
     ./usershadow.nix
     ./xresources.nix

lass/3modules/screenlock.nix

@@ -0,0 +1,37 @@
+{ pkgs, config, ... }:
+
+with import <stockholm/lib>;
+
+let
+  cfg = config.lass.screenlock;
+
+  out = {
+    options.lass.screenlock = api;
+    config = mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "screenlock";
+    command = mkOption {
+      type = types.str;
+      default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
+    };
+  };
+
+  imp = {
+    systemd.services.screenlock = {
+      before = [ "sleep.target" ];
+      wantedBy = [ "sleep.target" ];
+      environment = {
+        DISPLAY = ":0";
+      };
+      serviceConfig = {
+        SyslogIdentifier = "screenlock";
+        ExecStart = cfg.command;
+        Type = "forking";
+        User = "lass";
+      };
+    };
+  };
+
+in out

lass/5pkgs/xmonad-lass.nix

@@ -97,7 +97,7 @@ displaySomeException = displayException
 
 myKeyMap :: [([Char], X ())]
 myKeyMap =
-    [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
+    [ ("M4-<F11>", spawn "${config.lass.screenlock.command}")
     , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
     , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
     , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
@@ -139,6 +139,8 @@ myKeyMap =
     , ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
     , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
     , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
+
+    , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
     ]
 
 forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()

lass/source.nix

@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "68ef4b1";
+        ref = "6a0a00d";
       };
       secrets.file = getAttr builder {
         buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

nin/1systems/hiawatha/config.nix

@@ -15,6 +15,7 @@ with lib;
     <stockholm/nin/2configs/git.nix>
     <stockholm/nin/2configs/retiolum.nix>
     <stockholm/nin/2configs/termite.nix>
+    <stockholm/nin/2configs/skype.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.hiawatha;
@@ -98,10 +99,6 @@ with lib;
 
     allowUnfree = true;
 
-    firefox = {
-      enableGoogleTalkPlugin = true;
-      enableAdobeFlash = true;
-    };
   };
 
   #services.logind.extraConfig = "HandleLidSwitch=ignore";

nin/2configs/default.nix

@@ -4,6 +4,7 @@ with import <stockholm/lib>;
 {
   imports = [
     ../2configs/vim.nix
+    <stockholm/krebs/2configs/binary-cache/prism.nix>
     {
       users.extraUsers =
         mapAttrs (_: h: { hashedPassword = h; })
@@ -45,12 +46,6 @@ with import <stockholm/lib>;
         SSL_CERT_FILE = ca-bundle;
       };
     })
-    {
-      nix = {
-        binaryCaches = ["http://cache.prism.r"];
-        binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
-      };
-    }
   ];
 
   networking.hostName = config.krebs.build.host.name;
@@ -96,6 +91,7 @@ with import <stockholm/lib>;
     gnumake
     jq
     proot
+    pavucontrol
     populate
     p7zip
     termite
@@ -158,6 +154,7 @@ with import <stockholm/lib>;
       filter.INPUT.rules = [
         { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
         { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+        { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false;  precedence = 10000; }
         { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
         { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
         { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }

nin/2configs/skype.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+let
+  mainUser = config.users.extraUsers.nin;
+  inherit (import <stockholm/lib>) genid;
+
+in {
+  users.extraUsers = {
+    skype = {
+      name = "skype";
+      uid = genid "skype";
+      description = "user for running skype";
+      home = "/home/skype";
+      useDefaultShell = true;
+      extraGroups = [ "audio" "video" ];
+      createHome = true;
+    };
+  };
+
+  krebs.per-user.skype.packages = [
+    pkgs.skype
+  ];
+
+  security.sudo.extraConfig = ''
+    ${mainUser.name} ALL=(skype) NOPASSWD: ALL
+  '';
+}

nin/source.nix

@@ -14,6 +14,6 @@ in
     stockholm.file = toString <stockholm>;
     nixpkgs.git = {
       url = https://github.com/nixos/nixpkgs;
-      ref = "799435b";
+      ref = "c99239b";
     };
   }

tv/1systems/xu/config.nix

@@ -13,6 +13,7 @@ with import <stockholm/lib>;
     <stockholm/tv/2configs/man.nix>
     <stockholm/tv/2configs/nginx/krebs-pages.nix>
     <stockholm/tv/2configs/nginx/public_html.nix>
+    <stockholm/tv/2configs/ppp.nix>
     <stockholm/tv/2configs/pulse.nix>
     <stockholm/tv/2configs/retiolum.nix>
     <stockholm/tv/2configs/binary-cache>
@@ -99,7 +100,6 @@ with import <stockholm/lib>;
         #tlsdate
         #unetbootin
         #utillinuxCurses
-        #wvdial
         #xdotool
         #xkill
         #xl2tpd

tv/2configs/ppp.nix

@@ -0,0 +1,32 @@
+{ pkgs, ... }: {
+
+  # usage: pppd call default
+
+  environment.etc."ppp/peers/default".text = ''
+    /dev/ttyACM2
+    921600
+    crtscts
+    defaultroute
+    holdoff 10
+    lock
+    maxfail 0
+    noauth
+    nodetach
+    noipdefault
+    passive
+    persist
+    usepeerdns
+    connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "default.chat" ''
+      ABORT "BUSY"
+      ABORT "NO CARRIER"
+      REPORT CONNECT
+      "" "ATDT*99#"
+      CONNECT
+    ''}"
+  '';
+
+  environment.systemPackages = [
+    pkgs.ppp
+  ];
+
+}

tv/5pkgs/default.nix

@@ -13,14 +13,6 @@ foldl' mergeAttrs {}
 //
 
 {
-  brscan4 = overrideDerivation super.brscan4 (original: rec {
-    name = "brscan4-0.4.4-4";
-    src = super.fetchurl {
-      url = "http://download.brother.com/welcome/dlf006645/${name}.amd64.deb";
-      sha256 = "0xy5px96y1saq9l80vwvfn6anr2q42qlxdhm6ci2a0diwib5q9fd";
-    };
-  });
-
   # TODO use XDG_RUNTIME_DIR?
   cr = self.writeDashBin "cr" ''
     set -efu