diff --git a/ci.nix b/ci.nix index 6f4b89b08..a383a0631 100644 --- a/ci.nix +++ b/ci.nix @@ -1,4 +1,4 @@ -# usage: nix-instantiate --eval --strict --json ./ci.nix +# usage: nix-instantiate --eval --json --read-write-mode --strict ci.nix | jq . with import ./lib; let pkgs = import { overlays = [ (import ./submodules/nix-writers/pkgs) ]; }; @@ -16,6 +16,6 @@ let ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts; build = host: owner: - ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build/${host}";}); + ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";}); in mapAttrs (n: h: build n h.owner.name) ci-systems diff --git a/default.nix b/default.nix index 5ae8e399e..9368dcd9e 100644 --- a/default.nix +++ b/default.nix @@ -1,19 +1,12 @@ -import { - modules = [ - (import "NIXOS_CONFIG" ) - ]; -} -// -{ +import {} // rec { lib = import ./lib; - systems = with import ./lib; let - ns = getEnv "LOGNAME"; + systems = with lib; let + namespace = getEnv "LOGNAME"; + systemsDir = + "/${namespace}/1systems"; in genAttrs - (attrNames (filterAttrs (_: eq "directory") (readDir ( + "/${ns}/1systems")))) - (name: let - config = import ( + "/${ns}/1systems/${name}/config.nix"); - in import { - modules = [ config ]; + (attrNames (filterAttrs (_: eq "directory") (readDir systemsDir))) + (name: import { + configuration = import (systemsDir + "/${name}/config.nix"); }); } diff --git a/jeschli/5pkgs/simple/default.nix b/jeschli/5pkgs/simple/default.nix index 1b9d8c235..6ba4fec83 100644 --- a/jeschli/5pkgs/simple/default.nix +++ b/jeschli/5pkgs/simple/default.nix @@ -15,10 +15,4 @@ let else override; in - listToAttrs - (map - (name: nameValuePair (removeSuffix ".nix" name) - (callPackage (./. + "/${name}") {})) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) + mapNixDir (path: callPackage path {}) ./. diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix index 4ebd98f09..827c77b77 100644 --- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix +++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix @@ -24,8 +24,9 @@ import Control.Monad.Extra (whenJustM) import Graphics.X11.ExtraTypes.XF86 import Text.Read (readEither) import XMonad -import System.IO (hPutStrLn, stderr) import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv) +import System.Exit (exitFailure) +import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace , removeEmptyWorkspace) @@ -66,12 +67,14 @@ myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" main :: IO () main = getArgs >>= \case - ["--shutdown"] -> sendShutdownEvent - _ -> mainNoArgs + [] -> mainNoArgs + ["--shutdown"] -> shutdown + args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure mainNoArgs :: IO () mainNoArgs = do workspaces0 <- getWorkspaces0 + handleShutdownEvent <- newShutdownEventHandler xmonad -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } -- urgencyConfig { remindWhen = Every 1 } diff --git a/jeschli/krops.nix b/jeschli/krops.nix index d45d57c63..989abcdd0 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -6,7 +6,7 @@ ; source = { test }: lib.evalSource [ - krebs-source + (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; secrets = if test then { diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 0a848426c..cf72e0d73 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -10,7 +10,6 @@ - diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix new file mode 100644 index 000000000..056667d8c --- /dev/null +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -0,0 +1,33 @@ +{lib, ... }: +with lib; +let + domain = "cache.nsupdate.info"; +in { + # This only works for a single domain for nsupdate.info as multiple usernames + # and passwords are required for multiple domains + services.ddclient = { + enable = true; + server = "ipv4.nsupdate.info"; + username = domain; + password = import ((toString ) + "/nsupdate-cache.nix"); + domains = [ domain ]; + use= "if, if=et0"; + # use = "web, web=http://ipv4.nsupdate.info/myip"; + + }; + krebs.cachecache = { + enable = true; + enableSSL = false; # disable letsencrypt for testing + cacheDir = "/var/cache/nix-cache-cache"; + maxSize = "10g"; + + # assumes that the domain is reachable from the internet + virtualHost = domain; + }; + + boot.kernelModules = [ "tcp_bbr" ]; + + boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr"; + boot.kernel.sysctl."net.core.default_qdisc" = "fq"; + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 962dbf49c..65972aacc 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,7 +5,7 @@ 6667 6669 ]; - services.charybdis = { + krebs.charybdis = { enable = true; motd = '' hello diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 1633840f7..56fb31795 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -243,7 +243,7 @@ let in { systemd.services.airdcpp = { description = "airdcpp webui"; - after = [ "network.target" ]; + after = [ "network.target" "local-fs.target" ]; wantedBy = [ "multi-user.target" ]; restartIfChanged = true; serviceConfig = { diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 209dbe980..8995753ac 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -362,7 +362,7 @@ let # normally we should write buildbot.tac by our own # ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir} - chmod 700 -R ${workdir} + chmod 700 ${workdir} chown buildbotMaster:buildbotMaster -R ${workdir} ''; ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start --nodaemon ${workdir}"; diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 544f9c4e0..c15169fba 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -166,7 +166,7 @@ let echo ${description} > ${workdir}/info/host chown buildbotSlave:buildbotSlave -R ${workdir} - chmod 700 -R ${workdir} + chmod 700 ${workdir} ''; ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}"; ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}"; diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix new file mode 100644 index 000000000..989320480 --- /dev/null +++ b/krebs/3modules/cachecache.nix @@ -0,0 +1,171 @@ +{ config, lib, ... }: + + +# fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b +# related: https://github.com/nh2/nix-binary-cache-proxy + +with lib; + +let + + cfg = config.krebs.cachecache; + + nginxCfg = config.services.nginx; + + cacheFallbackConfig = { + proxyPass = "$upstream_endpoint"; + extraConfig = '' + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1. + proxy_http_version 1.1; + + # Remove the Connection header if the client sends it, it could + # be "close" to close a keepalive connection + proxy_set_header Connection ""; + + # Needed for CloudFront. + proxy_ssl_server_name on; + + proxy_set_header Host $proxy_host; + proxy_cache nix_cache_cache; + proxy_cache_valid 200 302 60m; + proxy_cache_valid 404 1m; + + expires max; + add_header Cache-Control $nix_cache_cache_header always; + ''; + }; + +in + +{ + options = { + krebs.cachecache = { + enable = mkEnableOption "Nix binary cache cache"; + + virtualHost = mkOption { + type = types.str; + default = "nix-cache"; + description = '' + Name of the nginx virtualhost to use and setup. If null, do + not setup any virtualhost. + ''; + }; + enableSSL = mkOption { + type = types.bool; + default = true; + description = '' + enable SSL via letsencrypt. Requires working dns resolution and open + internet tls port. + ''; + }; + + # webRoot = mkOption { + # type = types.str; + # default = "/"; + # description = '' + # Directory on virtual host that serves the cache. Must end in + # /. + # ''; + # }; + + resolver = mkOption { + type = types.str; + description = "Address of DNS resolver."; + default = "8.8.8.8 ipv6=off"; + example = "127.0.0.1 ipv6=off"; + }; + + cacheDir = mkOption { + type = types.str; + default = "/var/cache/nix-cache-cache"; + description = '' + Where nginx should store cached data. + ''; + }; + + maxSize = mkOption { + type = types.str; + default = "50g"; + description = "Maximum cache size."; + }; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + + systemd.services.nginx.preStart = '' + mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache + chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache + chown ${nginxCfg.user}:${nginxCfg.group} \ + ${cfg.cacheDir} /srv/www/nix-cache-cache + ''; + + services.nginx = { + enable = true; + + appendHttpConfig = '' + proxy_cache_path ${cfg.cacheDir} + levels=1:2 + keys_zone=nix_cache_cache:100m + max_size=${cfg.maxSize} + inactive=365d + use_temp_path=off; + + # Cache only success status codes; in particular we don't want + # to cache 404s. See https://serverfault.com/a/690258/128321. + map $status $nix_cache_cache_header { + 200 "public"; + 302 "public"; + default "no-cache"; + } + ''; + + virtualHosts.${cfg.virtualHost} = { + addSSL = cfg.enableSSL; + enableACME = cfg.enableSSL; + extraConfig = '' + # Using a variable for the upstream endpoint to ensure that it is + # resolved at runtime as opposed to once when the config file is loaded + # and then cached forever (we don't want that): + # see https://tenzer.dk/nginx-with-dynamic-upstreams/ + # This fixes errors like + # + # nginx: [emerg] host not found in upstream "upstream.example.com" + # + # when the upstream host is not reachable for a short time when + # nginx is started. + resolver ${cfg.resolver} valid=10s; + set $upstream_endpoint https://cache.nixos.org; + ''; + + locations."/" = + { + root = "/srv/www/nix-cache-cache"; + extraConfig = '' + expires max; + add_header Cache-Control $nix_cache_cache_header always; + + # Ask the upstream server if a file isn't available + # locally. + error_page 404 = @fallback; + + # Don't bother logging the above 404. + log_not_found off; + ''; + }; + + locations."@fallback" = cacheFallbackConfig; + + # We always want to copy cache.nixos.org's nix-cache-info + # file, and ignore our own, because `nix-push` by default + # generates one without `Priority` field, and thus that file + # by default has priority 50 (compared to cache.nixos.org's + # `Priority: 40`), which will make download clients prefer + # `cache.nixos.org` over our binary cache. + locations."= /nix-cache-info" = cacheFallbackConfig; + }; + }; + }; +} diff --git a/krebs/3modules/charybdis.nix b/krebs/3modules/charybdis.nix new file mode 100644 index 000000000..f4a7c1313 --- /dev/null +++ b/krebs/3modules/charybdis.nix @@ -0,0 +1,110 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption singleton types; + inherit (pkgs) coreutils charybdis; + cfg = config.krebs.charybdis; + + configFile = pkgs.writeText "charybdis.conf" '' + ${cfg.config} + ''; +in + +{ + + ###### interface + + options = { + + krebs.charybdis = { + + enable = mkEnableOption "Charybdis IRC daemon"; + + config = mkOption { + type = types.string; + description = '' + Charybdis IRC daemon configuration file. + ''; + }; + + statedir = mkOption { + type = types.string; + default = "/var/lib/charybdis"; + description = '' + Location of the state directory of charybdis. + ''; + }; + + user = mkOption { + type = types.string; + default = "ircd"; + description = '' + Charybdis IRC daemon user. + ''; + }; + + group = mkOption { + type = types.string; + default = "ircd"; + description = '' + Charybdis IRC daemon group. + ''; + }; + + motd = mkOption { + type = types.nullOr types.lines; + default = null; + description = '' + Charybdis MOTD text. + + Charybdis will read its MOTD from /etc/charybdis/ircd.motd . + If set, the value of this option will be written to this path. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable (lib.mkMerge [ + { + users.users = singleton { + name = cfg.user; + description = "Charybdis IRC daemon user"; + uid = config.ids.uids.ircd; + group = cfg.group; + }; + + users.groups = singleton { + name = cfg.group; + gid = config.ids.gids.ircd; + }; + + systemd.services.charybdis = { + description = "Charybdis IRC daemon"; + wantedBy = [ "multi-user.target" ]; + environment = { + BANDB_DBPATH = "${cfg.statedir}/ban.db"; + }; + serviceConfig = { + ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}"; + Group = cfg.group; + User = cfg.user; + PermissionsStartOnly = true; # preStart needs to run with root permissions + }; + preStart = '' + ${coreutils}/bin/mkdir -p ${cfg.statedir} + ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir} + ''; + }; + + } + + (mkIf (cfg.motd != null) { + environment.etc."charybdis/ircd.motd".text = cfg.motd; + }) + ]); +} diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 16c6d4315..a47dbe611 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -26,10 +26,19 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' - nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null - nix-instantiate --quiet -Q --eval --strict --json ./ci.nix + set -efu + ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix >&2 + json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" + echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \ + | while read -r host builder; do + gcroot=${shell.escape profileRoot}/$host-builder + ${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder" + done + echo "$json" ''; + profileRoot = "/nix/var/nix/profiles/ci"; + imp = { krebs.buildbot.master = { slaves = { @@ -98,9 +107,16 @@ let self.addBuildSteps([steps.ShellCommand( name=str(new_step), command=[ - new_steps[new_step] + "${pkgs.writeDash "build-stepper.sh" '' + set -efu + profile=${shell.escape profileRoot}/$build_name + result=$("$build_script") + ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" + ''}" ], env={ + "build_name": new_step, + "build_script": new_steps[new_step], "NIX_REMOTE": "daemon", "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", }, @@ -163,6 +179,20 @@ let password = "lasspass"; packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ]; }; + + system.activationScripts.buildbots-nix-profile = '' + ${pkgs.coreutils}/bin/mkdir -p ${shell.escape profileRoot} + ${pkgs.coreutils}/bin/chmod 0770 ${shell.escape profileRoot} + ${pkgs.coreutils}/bin/chgrp buildbots ${shell.escape profileRoot} + ''; + + users = { + groups.buildbots.gid = genid "buildbots"; + users = { + buildbotMaster.extraGroups = [ "buildbots" ]; + buildbotSlave.extraGroups = [ "buildbots" ]; + }; + }; }; in out diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6307649e3..24cbd9cc9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -14,6 +14,8 @@ let ./buildbot/master.nix ./buildbot/slave.nix ./build.nix + ./cachecache.nix + ./charybdis.nix ./ci.nix ./current.nix ./exim.nix @@ -111,7 +113,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./nin { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { @@ -201,6 +202,7 @@ let "cfp@eloop.org" = eloop-ml; "kontakt@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml; + "youtube@eloop.org" = eloop-ml; "eloop2016@krebsco.de" = eloop-ml; "eloop2017@krebsco.de" = eloop-ml; "postmaster@krebsco.de" = spam-ml; # RFC 822 diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index f67188122..5a5065565 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -38,11 +38,6 @@ let ''; default = {}; }; - maxTime = mkOption { - type = types.int; - default = 0; - description = "Time to wait before download is aborted"; - }; }; fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" '' @@ -51,8 +46,8 @@ let mkdir -p ${cfg.stateDir} chmod o+rx ${cfg.stateDir} cd ${cfg.stateDir} - (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || : - feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper + (curl -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || : + feh --no-fehbg --bg-scale wallpaper ''; imp = { diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index e6db3aa42..3b626dc46 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -57,7 +57,7 @@ let user = rec { name = "github-hosts-sync"; - uid = genid name; + uid = genid_uint31 name; }; # TODO move to lib? diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 9b9f052a5..12345a20a 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -15,8 +15,9 @@ with import ; cores = 4; extraZones = { "krebsco.de" = '' - prism IN A ${nets.internet.ip4.addr} + cache IN A ${nets.internet.ip4.addr} paste IN A ${nets.internet.ip4.addr} + prism IN A ${nets.internet.ip4.addr} ''; "lassul.us" = '' $TTL 3600 @@ -27,12 +28,13 @@ with import ; 60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" + cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; @@ -642,47 +644,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; }; - cabal = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.1.4"; - ip6.addr = "42::1:4"; - aliases = [ - "cabal.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A - SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj - rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK - qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e - LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq - rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3 - 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE - fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v - yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A - kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR - KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi - TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U - oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs - TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw - 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD - rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ - 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf - luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py - w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG - 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1 - K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g - ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; - }; red = { monitoring = false; cores = 1; @@ -714,6 +675,36 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; }; + yellow = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.14"; + ip6.addr = "42:0:0:0:0:0:0:14"; + aliases = [ + "yellow.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP + MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY + b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU + Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd + OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP + vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6 + C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp + Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU + 52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg + zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p + DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ + Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje "; + }; blue = { cores = 1; nets = { @@ -787,9 +778,6 @@ with import ; mail = "lass@daedalus.r"; pubkey = builtins.readFile ./ssh/daedalus.rsa; }; - fritz = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; - }; prism-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; mail = "lass@prism.r"; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e2152ea1a..188fbc461 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -60,7 +60,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi"; }; drop = rec { - ci = true; + ci = false; cores = 1; nets = { retiolum = { @@ -83,7 +83,7 @@ in { }; }; studio = rec { - ci = true; + ci = false; cores = 4; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; @@ -109,7 +109,7 @@ in { }; fileleech = rec { - ci = true; + ci = false; cores = 4; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; @@ -134,7 +134,7 @@ in { }; }; latte = rec { - ci = true; + ci = false; cores = 1; ssh.privkey.path = ; # ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; @@ -166,7 +166,7 @@ in { }; pnp = { - ci = true; + ci = false; cores = 1; nets = { retiolum = { @@ -190,7 +190,7 @@ in { }; }; darth = { - ci = true; + ci = false; cores = 4; nets = { retiolum = { @@ -404,7 +404,7 @@ in { }; }; wry = rec { - ci = true; + ci = false; cores = 1; extraZones = { "krebsco.de" = '' @@ -449,7 +449,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry"; }; filepimp = rec { - ci = true; + ci = false; cores = 1; nets = { lan = { @@ -494,6 +494,8 @@ in { ip6.addr = "42:f9f0::10"; aliases = [ "omo.r" + "dcpp.omo.r" + "torrent.omo.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -554,7 +556,7 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; - nextgum = rec { + gum = rec { ci = true; extraZones = { "krebsco.de" = '' @@ -563,6 +565,23 @@ in { graph IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} iso.euer IN A ${nets.internet.ip4.addr} + wg.euer IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} + o.euer IN A ${nets.internet.ip4.addr} + mon.euer IN A ${nets.internet.ip4.addr} + boot.euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} + pigstarter IN A ${nets.internet.ip4.addr} + cgit.euer IN A ${nets.internet.ip4.addr} + git.euer IN A ${nets.internet.ip4.addr} + euer IN A ${nets.internet.ip4.addr} + share.euer IN A ${nets.internet.ip4.addr} + gum IN A ${nets.internet.ip4.addr} + wikisearch IN A ${nets.internet.ip4.addr} + dl.euer IN A ${nets.internet.ip4.addr} + ghook IN A ${nets.internet.ip4.addr} + dockerhub IN A ${nets.internet.ip4.addr} + io IN NS gum.krebsco.de. ''; }; cores = 8; @@ -571,6 +590,7 @@ in { ip4.addr = "144.76.26.247"; ip6.addr = "2a01:4f8:191:12f6::2"; aliases = [ + "gum.i" "nextgum.i" ]; }; @@ -594,71 +614,17 @@ in { "stats.makefu.r" "backup.makefu.r" "dcpp.nextgum.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8 - aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO - npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh - 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF - 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN - VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; - }; - - gum = rec { - ci = true; - cores = 2; - - extraZones = { - "krebsco.de" = '' - share.euer IN A ${nets.internet.ip4.addr} - mattermost.euer IN A ${nets.internet.ip4.addr} - gum IN A ${nets.internet.ip4.addr} - wikisearch IN A ${nets.internet.ip4.addr} - pigstarter IN A ${nets.internet.ip4.addr} - cgit.euer IN A ${nets.internet.ip4.addr} - euer IN A ${nets.internet.ip4.addr} - o.euer IN A ${nets.internet.ip4.addr} - git.euer IN A ${nets.internet.ip4.addr} - dl.euer IN A ${nets.internet.ip4.addr} - boot.euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} - mon.euer IN A ${nets.internet.ip4.addr} - ghook IN A ${nets.internet.ip4.addr} - dockerhub IN A ${nets.internet.ip4.addr} - photostore IN A ${nets.internet.ip4.addr} - io IN NS gum.krebsco.de. - ''; - }; - nets = rec { - internet = { - ip4.addr = "185.194.143.140"; - ip6.addr = "2a03:4000:1c:43f::1"; - aliases = [ - "gum.i" - ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.0.211"; - ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2"; - aliases = [ "gum.r" "cgit.gum.r" "o.gum.r" "tracker.makefu.r" - "search.makefu.r" "wiki.makefu.r" "wiki.gum.r" "blog.makefu.r" "blog.gum.r" "dcpp.gum.r" + "torrent.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -672,12 +638,11 @@ in { ''; }; }; - # configured manually - # ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; + shoney = rec { - ci = true; + ci = false; cores = 1; nets = rec { siem = { diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix deleted file mode 100644 index 1531a2c89..000000000 --- a/krebs/3modules/nin/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, ... }: - -with import ; - -{ - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.nin; - ci = true; - }) { - hiawatha = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.132.96"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; - aliases = [ - "hiawatha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o - Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB - iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E - UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr - lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ - yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; - }; - axon= { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.134.66"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; - aliases = [ - "axon.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo - glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj - KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH - L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j - VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY - PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN - X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh - m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp - OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT - LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H - /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK - MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w - 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm - ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 - 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF - 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt - 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj - FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl - buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p - hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG - yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi - ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; - }; - onondaga = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.132.55"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; - aliases = [ - "onondaga.r" - "cgit.onondaga.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR - OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu - htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH - xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO - kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn - hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; - }; - - }; - users = { - nin = { - mail = "nin@axon.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; - }; - nin_h = { - mail = "nin@hiawatha.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; - }; - }; -} diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 044811c7d..cb940efef 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -77,7 +77,190 @@ let serviceConfig = { Type = "simple"; - ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh"; + ExecStart = pkgs.writeDash "generate-wallpaper" '' + set -xeuf + + # usage: getimg FILENAME URL + fetch() { + echo "fetch $1" + curl -LsS -z "$1" -o "$1" "$2" + } + + # usage: check_type FILENAME TYPE + check_type() { + if ! file -ib "$1" | grep -q "^$2/"; then + echo "$1 is not of type $2" >&2 + rm "$1" + return 1 + fi + } + + # usage: image_size FILENAME + image_size() { + identify "$1" | awk '{print$3}' + } + + # usage: make_mask DST SRC MASK + make_layer() { + if needs_rebuild "$@"; then + echo "make $1 (apply mask)" >&2 + convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1" + fi + } + + # usage: flatten DST HILAYER LOLAYER + flatten() { + if needs_rebuild "$@"; then + echo "make $1 (flatten)" >&2 + composite "$2" "$3" "$1" + fi + } + + # usage: needs_rebuild DST SRC... + needs_rebuild() { + a="$1" + shift + if ! test -e "$a"; then + #echo " $a does not exist" >&2 + result=0 + else + result=1 + for b; do + if test "$b" -nt "$a"; then + #echo " $b is newer than $a" >&2 + result=0 + fi + done + fi + #case $result in + # 0) echo "$a needs rebuild" >&2;; + #esac + return $result + } + + main() { + cd ${cfg.workingDir} + + # fetch source images in parallel + fetch nightmap-raw.jpg \ + ${cfg.nightmap} & + fetch daymap-raw.png \ + ${cfg.daymap} & + fetch clouds-raw.jpg \ + ${cfg.cloudmap} & + fetch marker.json \ + ${cfg.marker} & + wait + + check_type nightmap-raw.jpg image + check_type daymap-raw.png image + check_type clouds-raw.jpg image + + in_size=2048x1024 + xplanet_out_size=1466x1200 + out_geometry=1366x768+100+160 + + nightsnow_color='#0c1a49' # nightmap + + for raw in \ + nightmap-raw.jpg \ + daymap-raw.png \ + clouds-raw.jpg \ + ; + do + normal=''${raw%-raw.*}.png + if needs_rebuild $normal $raw; then + echo "make $normal; normalize $raw" >&2 + convert $raw -scale $in_size $normal + fi + done + + # create nightmap-fullsnow + if needs_rebuild nightmap-fullsnow.png; then + convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png + fi + + # extract daymap-snowmask from daymap-final + if needs_rebuild daymap-snowmask.png daymap.png; then + convert daymap.png -threshold 95% daymap-snowmask.png + fi + + # extract nightmap-lightmask from nightmap + if needs_rebuild nightmap-lightmask.png nightmap.png; then + convert nightmap.png -threshold 25% nightmap-lightmask.png + fi + + # create layers + make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png + make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png + + # apply layers + flatten nightmap-lightsnowlayer.png \ + nightmap-lightlayer.png \ + nightmap-snowlayer.png + + flatten nightmap-final.png \ + nightmap-lightsnowlayer.png \ + nightmap.png + + # create marker file from json + if [ -s marker.json ]; then + jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file + fi + + # make all unmodified files as final + for normal in \ + daymap.png \ + clouds.png \ + ; + do + final=''${normal%.png}-final.png + needs_rebuild $final && + ln $normal $final + done + + # rebuild every time to update shadow + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-output.png --projection merc \ + -config ${pkgs.writeText "xplanet.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + shade=15 + ''} + + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-krebs-output.png --projection merc \ + -config ${pkgs.writeText "xplanet-krebs.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + marker_file=marker_file + shade=15 + ''} + + # trim xplanet output + if needs_rebuild realwallpaper.png xplanet-output.png; then + convert xplanet-output.png -crop $out_geometry \ + realwallpaper-tmp.png + mv realwallpaper-tmp.png realwallpaper.png + fi + + if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then + convert xplanet-krebs-output.png -crop $out_geometry \ + realwallpaper-krebs-tmp.png + mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png + fi + } + + main "$@" + ''; User = "realwallpaper"; }; }; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index b032f3148..ecd449b09 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -75,6 +75,7 @@ let ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} ''} + ${tinc.config.tincUpExtra} ''; description = '' tinc-up script to be used. Defaults to setting the @@ -83,6 +84,11 @@ let ''; }; + tincUpExtra = mkOption { + type = types.str; + default = ""; + }; + tincPackage = mkOption { type = types.package; default = pkgs.tinc; diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 463fa26ba..0cec1a2d3 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -183,7 +183,7 @@ let user = rec { name = "urlwatch"; - uid = genid name; + uid = genid_uint31 name; }; subtypes.job = types.submodule { diff --git a/krebs/5pkgs/haskell/default.nix b/krebs/5pkgs/haskell/default.nix index 7cdf65ea5..e824699f9 100644 --- a/krebs/5pkgs/haskell/default.nix +++ b/krebs/5pkgs/haskell/default.nix @@ -1,13 +1,6 @@ with import ; let - overrides = self: super: - listToAttrs - (map - (name: nameValuePair (removeSuffix ".nix" name) - (self.callPackage (./. + "/${name}") {})) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))); + overrides = self: super: mapNixDir (path: self.callPackage path {}) ./.; in self: super: { diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index 4e06a825f..228d365a3 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,17 +1,16 @@ -{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xft, X11-xshape -, xmonad, xmonad-contrib +{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft +, X11-xshape, xmonad, xmonad-contrib }: mkDerivation rec { pname = "xmonad-stockholm"; - version = "1.2.0"; -# src = /home/jeschli/projects/haskell/xmonad-stockholm; + version = "1.3.0"; src = fetchgit { url = http://cgit.ni.krebsco.de/xmonad-stockholm; - rev = "refs/tags/v${version}"; - sha256 = "13mvmh3kk9a79l1nii028p0n7l95pb78wz9c4j42l90m02mg6cis"; + rev = "refs/tags/v1.3.0"; + sha256 = "1np5126wn67y0a1r60rnkq828s0w9zjnvai4b8zy3yc02xlkrjm9"; }; libraryHaskellDepends = [ - base containers X11 X11-xft X11-xshape xmonad xmonad-contrib + base containers filepath unix X11 X11-xft X11-xshape xmonad xmonad-contrib ]; license = stdenv.lib.licenses.mit; } diff --git a/krebs/5pkgs/simple/default.nix b/krebs/5pkgs/simple/default.nix index 1b9d8c235..6ba4fec83 100644 --- a/krebs/5pkgs/simple/default.nix +++ b/krebs/5pkgs/simple/default.nix @@ -15,10 +15,4 @@ let else override; in - listToAttrs - (map - (name: nameValuePair (removeSuffix ".nix" name) - (callPackage (./. + "/${name}") {})) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) + mapNixDir (path: callPackage path {}) ./. diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix deleted file mode 100644 index b4ab13b43..000000000 --- a/krebs/5pkgs/simple/ejabberd/default.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ stdenv, writeScriptBin, lib, fetchurl, git, cacert -, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd -, withMysql ? false -, withPgsql ? false -, withSqlite ? false, sqlite -, withPam ? false, pam -, withZlib ? true, zlib -, withRiak ? false -, withElixir ? false, elixir -, withIconv ? true -, withTools ? false -, withRedis ? false -}: - -let - fakegit = writeScriptBin "git" '' - #! ${stdenv.shell} -e - if [ "$1" = "describe" ]; then - [ -r .rev ] && cat .rev || true - fi - ''; - - ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ]; - -in stdenv.mkDerivation rec { - version = "18.01"; - name = "ejabberd-${version}"; - - src = fetchurl { - url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz"; - sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6"; - }; - - nativeBuildInputs = [ fakegit ]; - - buildInputs = [ erlang openssl expat libyaml gd ] - ++ lib.optional withSqlite sqlite - ++ lib.optional withPam pam - ++ lib.optional withZlib zlib - ++ lib.optional withElixir elixir - ; - - # Apparently needed for Elixir - LANG = "en_US.UTF-8"; - - deps = stdenv.mkDerivation { - name = "ejabberd-deps-${version}"; - - inherit src; - - configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ]; - - nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; - - GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; - - makeFlags = [ "deps" ]; - - phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ]; - - installPhase = '' - for i in deps/*; do - ( cd $i - git reset --hard - git clean -ffdx - git describe --always --tags > .rev - rm -rf .git - ) - done - rm deps/.got - - cp -r deps $out - ''; - - outputHashMode = "recursive"; - outputHashAlgo = "sha256"; - outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk"; - }; - - configureFlags = - [ (lib.enableFeature withMysql "mysql") - (lib.enableFeature withPgsql "pgsql") - (lib.enableFeature withSqlite "sqlite") - (lib.enableFeature withPam "pam") - (lib.enableFeature withZlib "zlib") - (lib.enableFeature withRiak "riak") - (lib.enableFeature withElixir "elixir") - (lib.enableFeature withIconv "iconv") - (lib.enableFeature withTools "tools") - (lib.enableFeature withRedis "redis") - ] ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}"; - - enableParallelBuilding = true; - - patches = [ - ./ejabberdctl.patch - ]; - - preBuild = '' - cp -r $deps deps - chmod -R +w deps - patchShebangs deps - ''; - - postInstall = '' - sed -i \ - -e '2iexport PATH=${ctlpath}:$PATH' \ - -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \ - -e 's,\(^ *JOT=\).*,\1,' \ - -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \ - $out/sbin/ejabberdctl - ''; - - meta = with stdenv.lib; { - description = "Open-source XMPP application server written in Erlang"; - license = licenses.gpl2; - homepage = http://www.ejabberd.im; - platforms = platforms.linux; - maintainers = with maintainers; [ sander abbradar ]; - broken = withElixir; - }; -} diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch deleted file mode 100644 index f7c842b7b..000000000 --- a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100 -+++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200 -@@ -42,19 +42,18 @@ - esac - - # parse command line parameters --for arg; do -- case $arg in -- -n|--node) ERLANG_NODE_ARG=$2; shift;; -- -s|--spool) SPOOL_DIR=$2; shift;; -- -l|--logs) LOGS_DIR=$2; shift;; -- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;; -- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;; -- -d|--config-dir) ETC_DIR=$2; shift;; -- -t|--no-timeout) NO_TIMEOUT="--no-timeout";; -- --) :;; -+while test $# -gt 0; do -+ case $1 in -+ -n|--node) ERLANG_NODE_ARG=$2; shift 2;; -+ -s|--spool) SPOOL_DIR=$2; shift 2;; -+ -l|--logs) LOGS_DIR=$2; shift 2;; -+ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;; -+ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;; -+ -d|--config-dir) ETC_DIR=$2; shift 2;; -+ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;; -+ # --) :;; what is this for? - *) break;; - esac -- shift - done - - # define ejabberd variables if not already defined from the command line diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix deleted file mode 100644 index 15cc277a5..000000000 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ stdenv, fetchgit, xplanet, imagemagick, curl, file }: - -stdenv.mkDerivation { - name = "realwallpaper"; - - src = fetchgit { - url = https://github.com/Lassulus/realwallpaper; - rev = "e0563289c2ab592b669ce4549fc40130246e9d79"; - sha256 = "1zgk8ips2d686216h203w62wrw7zy9z0lrndx9f8z6f1vpvjcmqc"; - }; - - phases = [ - "unpackPhase" - "installPhase" - ]; - - buildInputs = [ - ]; - - installPhase = '' - mkdir -p $out - cp realwallpaper.sh $out/realwallpaper.sh - ''; -} diff --git a/krebs/default.nix b/krebs/default.nix index d99f60aaa..7ec791529 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,12 +1,14 @@ -{ config, lib, pkgs, ... }: -with import ; { + imports = [ ./3modules - { - nixpkgs.config.packageOverrides = - import ../submodules/nix-writers/pkgs pkgs; - } ]; - nixpkgs.config.packageOverrides = import ./5pkgs pkgs; + + nixpkgs = { + overlays = [ + (import ./5pkgs) + (import ../submodules/nix-writers/pkgs) + ]; + }; + } diff --git a/krebs/krops.nix b/krebs/krops.nix index 763e76b83..ab7524941 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -7,15 +7,27 @@ # TODO document why pkgs should be used like this pkgs = import "${krops}/pkgs" {}; - krebs-source = { - nixpkgs.git = { - ref = (lib.importJSON ./nixpkgs.json).rev; - url = https://github.com/NixOS/nixpkgs; + krebs-source = { test ? false }: rec { + nixpkgs = if test then { + file = { + path = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ./nixpkgs.json).rev; + sha256 = (lib.importJSON ./nixpkgs.json).sha256; + }); + useChecksum = true; + }; + } else { + git = { + ref = (lib.importJSON ./nixpkgs.json).rev; + url = https://github.com/NixOS/nixpkgs; + }; }; stockholm.file = toString ../.; stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" '' set -efu - cd ${lib.escapeShellArg krebs-source.stockholm.file} + cd ${lib.escapeShellArg stockholm.file} V=$(${pkgs.coreutils}/bin/date +%y.%m) if test -d .git; then V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty) @@ -28,21 +40,17 @@ }; source ={ test }: lib.evalSource [ - krebs-source + (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; - secrets = - if test - then { - file = toString ; - } - else { - pass = { - dir = "${lib.getEnv "HOME"}/brain"; - name = "krebs-secrets/${name}"; - }; - } - ; + secrets = if test then { + file = toString ; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/brain"; + name = "krebs-secrets/${name}"; + }; + }; } ]; diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index e013645ea..61fd085be 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "bf7930d582bcf7953c3b87e649858f3f1873eb9c", - "date": "2018-11-04T19:36:25+01:00", - "sha256": "0nvn6g0pxp0glqjg985qxs7ash0cmcdc80h8jxxk6z4pnr3f2n1m", + "rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c", + "date": "2018-11-24T00:40:22-05:00", + "sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq", "fetchSubmodules": false } diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index 0a286c6f0..bed8961b8 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -36,10 +36,10 @@ with import ; # TODO write function for proxy_pass (ssl/nonssl) krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; } ]; } { @@ -57,13 +57,6 @@ with import ; config.krebs.users.makefu.pubkey ]; }; - users.users.nin = { - uid = genid "nin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; @@ -109,26 +102,6 @@ with import ; localAddress = "10.233.2.2"; }; } - { - #onondaga - systemd.services."container@onondaga".reloadIfChanged = mkForce false; - containers.onondaga = { - config = { ... }: { - imports = [ ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.5"; - localAddress = "10.233.2.6"; - }; - } @@ -137,7 +110,6 @@ with import ; - diff --git a/lass/1systems/archprism/physical.nix b/lass/1systems/archprism/physical.nix index 56348d0ab..36de7dc17 100644 --- a/lass/1systems/archprism/physical.nix +++ b/lass/1systems/archprism/physical.nix @@ -14,16 +14,16 @@ }; }; # TODO use this network config - #networking.interfaces.et0.ipv4.addresses = [ - # { - # address = config.krebs.build.host.nets.internet.ip4.addr; - # prefixLength = 27; - # } - # { - # address = "46.4.114.243"; - # prefixLength = 27; - # } - #]; + networking.interfaces.eth0.ipv4.addresses = [ + { + address = config.krebs.build.host.nets.internet.ip4.addr; + prefixLength = 27; + } + { + address = "46.4.114.243"; + prefixLength = 27; + } + ]; #networking.defaultGateway = "46.4.114.225"; #networking.nameservers = [ # "8.8.8.8" diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix new file mode 100644 index 000000000..8f748ab8f --- /dev/null +++ b/lass/1systems/blue/source.nix @@ -0,0 +1,11 @@ +{ lib, pkgs, ... }: +{ + nixpkgs = lib.mkForce { + file = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + }); + }; +} diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix deleted file mode 100644 index 6a8040c9d..000000000 --- a/lass/1systems/cabal/config.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.cabal; -} diff --git a/lass/1systems/cabal/physical.nix b/lass/1systems/cabal/physical.nix deleted file mode 100644 index 3cc4af03b..000000000 --- a/lass/1systems/cabal/physical.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - imports = [ - ./config.nix - - - ]; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0" - ''; -} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 1957c8ba4..d2d4bd3eb 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -25,9 +25,5 @@ macchanger dpass ]; - services.redshift = { - enable = true; - provider = "geoclue2"; - }; programs.adb.enable = true; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6d65b58c2..207c7c640 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,6 +33,7 @@ with import ; + { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain @@ -101,6 +102,7 @@ with import ; urban mk_sql_pair remmina + transmission iodine @@ -147,10 +149,6 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; - services.redshift = { - enable = true; - provider = "geoclue2"; - }; lass.restic = genAttrs [ "daedalus" diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bf7de6fc5..0ca39447d 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -57,13 +57,6 @@ with import ; config.krebs.users.makefu.pubkey ]; }; - users.users.nin = { - uid = genid "nin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; @@ -119,7 +112,6 @@ with import ; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey ]; }; autoStart = true; @@ -215,7 +207,6 @@ with import ; RandomizedDelaySec = "2min"; }; } - { services.taskserver = { @@ -346,11 +337,64 @@ with import ; ]; } + { + systemd.services."container@yellow".reloadIfChanged = mkForce false; + containers.yellow = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.13"; + localAddress = "10.233.2.14"; + }; + + services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' + if ($scheme != "https") { + rewrite ^ https://$host$uri permanent; + } + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' + krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 + ''}; + proxy_pass http://10.233.2.14:9091; + ''; + + users.groups.download = {}; + users.users = { + download = { + createHome = true; + group = "download"; + name = "download"; + home = "/var/download"; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-shodan.pubkey + lass-icarus.pubkey + lass-daedalus.pubkey + lass-helios.pubkey + makefu.pubkey + wine-mors.pubkey + ]; + }; + }; + + system.activationScripts.downloadFolder = '' + mkdir -p /var/download + chmod 775 /var/download + ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : + chown download: /var/download/finished + ''; + } ]; krebs.build.host = config.krebs.hosts.prism; - # workaround because grub store paths are broken - boot.copyKernels = true; services.earlyoom = { enable = true; freeMemThreshold = 5; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 56348d0ab..116bdb92f 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -1,77 +1,61 @@ { config, lib, pkgs, ... }: + { + imports = [ ./config.nix - { - boot.kernelParams = [ "net.ifnames=0" ]; - networking = { - defaultGateway = "46.4.114.225"; - # Use google's public DNS server - nameservers = [ "8.8.8.8" ]; - interfaces.eth0 = { - ipAddress = "46.4.114.247"; - prefixLength = 27; - }; - }; - # TODO use this network config - #networking.interfaces.et0.ipv4.addresses = [ - # { - # address = config.krebs.build.host.nets.internet.ip4.addr; - # prefixLength = 27; - # } - # { - # address = "46.4.114.243"; - # prefixLength = 27; - # } - #]; - #networking.defaultGateway = "46.4.114.225"; - #networking.nameservers = [ - # "8.8.8.8" - #]; - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" - #''; - } - { - imports = [ ]; - - networking.hostId = "fb4173ea"; - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - "ahci" "sd_mod" - ]; - - boot.kernelModules = [ "kvm-intel" ]; - - sound.enable = false; - nixpkgs.config.allowUnfree = true; - time.timeZone = "Europe/Berlin"; - - fileSystems."/" = { - device = "rpool/root/nixos"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d"; - fsType = "ext4"; - }; - - } + ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = { + device = "rpool/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "tank/srv-http"; + fsType = "zfs"; + }; + + fileSystems."/var/download" = { + device = "tank/download"; + fsType = "zfs"; + }; + + fileSystems."/var/lib/containers" = { + device = "tank/containers"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "tank/home"; + fsType = "zfs"; + }; + + nix.maxJobs = lib.mkDefault 8; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; + + boot.kernelParams = [ "net.ifnames=0" ]; + networking = { + hostId = "2283aaae"; + defaultGateway = "95.216.1.129"; + # Use google's public DNS server + nameservers = [ "8.8.8.8" ]; + interfaces.eth0 = { + ipAddress = "95.216.1.150"; + prefixLength = 26; + }; + }; } diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 8405b0f1f..87a733d62 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -16,6 +16,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index b6c08f797..13a8b3e41 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -5,42 +5,36 @@ with import ; - # + + { - # discordius config services.xserver.enable = true; + services.xserver.desktopManager.xfce.enable = true; + users.users.discordius = { - uid = genid "discordius"; - home = "/home/discordius"; - group = "users"; - createHome = true; + uid = genid "diskordius"; + isNormalUser = true; extraGroups = [ "audio" "networkmanager" ]; - useDefaultShell = true; }; - networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; + environment.systemPackages = with pkgs; [ + google-chrome + ]; hardware.pulseaudio = { enable = true; systemWide = true; }; - environment.systemPackages = with pkgs; [ - pavucontrol - firefox - hexchat - networkmanagerapplet - ]; - services.xserver.desktopManager.gnome3 = { - enable = true; - }; } ]; krebs.build.host = config.krebs.hosts.skynet; + networking.wireless.enable = false; + networking.networkmanager.enable = true; + services.logind.extraConfig = '' HandleLidSwitch=ignore ''; diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix index 358e1f511..e3451293f 100644 --- a/lass/1systems/skynet/physical.nix +++ b/lass/1systems/skynet/physical.nix @@ -1,10 +1,27 @@ { imports = [ ./config.nix - - + ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "nodev"; + + networking.hostId = "06442b9a"; + + fileSystems."/" = + { device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0876-B308"; + fsType = "vfat"; + }; + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0" diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix new file mode 100644 index 000000000..48d405111 --- /dev/null +++ b/lass/1systems/yellow/config.nix @@ -0,0 +1,140 @@ +with import ; +{ config, lib, pkgs, ... }: +{ + imports = [ + + + + ]; + + krebs.build.host = config.krebs.hosts.yellow; + + system.activationScripts.downloadFolder = '' + mkdir -p /var/download + chown download:download /var/download + chmod 775 /var/download + ''; + + users.users.download = { uid = genid "download"; }; + users.groups.download.members = [ "transmission" ]; + users.users.transmission.group = mkForce "download"; + + systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ]; + services.transmission = { + enable = true; + settings = { + download-dir = "/var/download/finished"; + incomplete-dir = "/var/download/incoming"; + incomplete-dir-enable = true; + umask = "002"; + rpc-whitelist-enabled = false; + rpc-host-whitelist-enabled = false; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."yellow.r".locations."/dl".extraConfig = '' + autoindex on; + alias /var/download/finished; + ''; + }; + + krebs.iptables = { + enable = true; + tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } + ]; + }; + + services.openvpn.servers.nordvpn.config = '' + client + dev tun + proto udp + remote 82.102.16.229 1194 + resolv-retry infinite + remote-random + nobind + tun-mtu 1500 + tun-mtu-extra 32 + mssfix 1450 + persist-key + persist-tun + ping 15 + ping-restart 0 + ping-timer-rem + reneg-sec 0 + comp-lzo no + + explicit-exit-notify 3 + + remote-cert-tls server + + #mute 10000 + auth-user-pass ${toString } + + verb 3 + pull + fast-io + cipher AES-256-CBC + auth SHA512 + + + -----BEGIN CERTIFICATE----- + MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD + VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH + Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw + bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y + ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG + A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT + B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2 + cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v + cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG + UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny + mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X + +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT + ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI + 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA + VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT + Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh + MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ + MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy + Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW + EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG + SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ + e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW + //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB + wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB + KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p + lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9 + -----END CERTIFICATE----- + + key-direction 1 + + # + # 2048 bit OpenVPN static key + # + -----BEGIN OpenVPN Static key V1----- + 49b2f54c6ee58d2d97331681bb577d55 + 054f56d92b743c31e80b684de0388702 + ad3bf51088cd88f3fac7eb0729f2263c + 51d82a6eb7e2ed4ae6dfa65b1ac764d0 + b9dedf1379c1b29b36396d64cb6fd6b2 + e61f869f9a13001dadc02db171f04c4d + c46d1132c1f31709e7b54a6eabae3ea8 + fbd2681363c185f4cb1be5aa42a27c31 + 21db7b2187fd11c1acf224a0d5a44466 + b4b5a3cc34ec0227fe40007e8b379654 + f1e8e2b63c6b46ee7ab6f1bd82f57837 + 92c209e8f25bc9ed493cb5c1d891ae72 + 7f54f4693c5b20f136ca23e639fd8ea0 + 865b4e22dd2af43e13e6b075f12427b2 + 08af9ffd09c56baa694165f57fe2697a + 3377fa34aebcba587c79941d83deaf45 + -----END OpenVPN Static key V1----- + + ''; +} diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix new file mode 100644 index 000000000..7499ff723 --- /dev/null +++ b/lass/1systems/yellow/physical.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = false; + environment.variables.NIX_REMOTE = "daemon"; +} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9b44e8f0e..d781f8c71 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -126,6 +126,12 @@ in { restartIfChanged = false; }; + nixpkgs.config.packageOverrides = super: { + dmenu = pkgs.writeDashBin "dmenu" '' + ${pkgs.fzfmenu}/bin/fzfmenu "$@" + ''; + }; + krebs.xresources.enable = true; lass.screenlock.enable = true; } diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 991bbeb54..d3775b5df 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -25,6 +25,14 @@ proxy_pass http://localhost:${toString config.services.nix-serve.port}; ''; }; + virtualHosts."cache.krebsco.de" = { + forceSSL = true; + serverAliases = [ "cache.lassul.us" ]; + enableACME = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''; + }; }; } diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 83c235f3e..9cf294afd 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -1,23 +1,115 @@ { config, lib, pkgs, ... }: with import ; +let + all_hosts = [ + "icarus" + "shodan" + "daedalus" + "skynet" + "prism" + ]; + remote_hosts = filter (h: h != config.networking.hostName) all_hosts; -{ +in { imports = [ + { #hack for already defined + systemd.services."container@blue".reloadIfChanged = mkForce false; + systemd.services."container@blue".preStart = '' + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + ''; + systemd.services."container@blue".preStop = '' + /run/wrappers/bin/fusermount -u /var/lib/containers/blue + ''; + } ]; - systemd.services."container@blue".reloadIfChanged = mkForce false; + + system.activationScripts.containerPermissions = '' + mkdir -p /var/lib/containers + chmod 711 /var/lib/containers + ''; + containers.blue = { config = { ... }: { - environment.systemPackages = [ pkgs.git ]; + environment.systemPackages = [ + pkgs.git + pkgs.rxvt_unicode.terminfo + ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey ]; }; - autoStart = true; + autoStart = false; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.9"; localAddress = "10.233.2.10"; }; + + + systemd.services = builtins.listToAttrs (map (host: + let + in nameValuePair "sync-blue-${host}" { + bindsTo = [ "container@blue.service" ]; + wantedBy = [ "container@blue.service" ]; + # ssh needed for rsync + path = [ pkgs.openssh ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "sync-blue-${host}" '' + set -efu + #make sure blue is running + /run/wrappers/bin/ping -c1 blue.r > /dev/null + + #make sure the container is unlocked + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + + #make sure our target is reachable + ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null + + #start sync + ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" '' + settings { + nodaemon = true, + inotifyMode = "CloseWrite or Modify", + } + sync { + default.rsyncssh, + source = "/var/lib/containers/.blue", + host = "${host}.r", + targetdir = "/var/lib/containers/.blue", + rsync = { + archive = true, + owner = true, + group = true, + }; + ssh = { + binary = "${pkgs.openssh}/bin/ssh"; + identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", + }, + } + ''} + ''; + }; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + } + ) remote_hosts); + + environment.systemPackages = [ + (pkgs.writeDashBin "start-blue" '' + set -ef + if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then + ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue + fi + nixos-container start blue + nixos-container run blue -- nixos-rebuild -I /var/src dry-build + if ping -c1 blue.r >/dev/null; then + echo 'blue is already running. bailing out' + exit 23 + fi + nixos-container run blue -- nixos-rebuild -I /var/src switch + '') + ]; } diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 68f2256cf..4d4a92eb9 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -15,6 +15,7 @@ with (import ); dic nmap git-preview + l-gen-secrets ]; services.tor.enable = true; diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix index b08cf9307..6818db460 100644 --- a/lass/2configs/ciko.nix +++ b/lass/2configs/ciko.nix @@ -19,5 +19,9 @@ with import ; "slash16.net" ]; }; + + system.activationScripts.user-shadow = '' + ${pkgs.coreutils}/bin/chmod +x /home/ciko + ''; } diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix deleted file mode 100644 index 8d0fb0d02..000000000 --- a/lass/2configs/downloading.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - users.extraUsers = { - download = { - name = "download"; - home = "/var/download"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-daedalus.pubkey - lass-helios.pubkey - makefu.pubkey - wine-mors.pubkey - ]; - }; - - transmission = { - extraGroups = [ - "download" - ]; - }; - }; - - users.extraGroups = { - download = { - members = [ - "download" - "transmission" - ]; - }; - }; - - krebs.rtorrent = { - enable = true; - web = { - enable = true; - port = 9091; - basicAuth = import ; - }; - rutorrent.enable = true; - enableXMLRPC = true; - listenPort = 51413; - downloadDir = "/var/download/finished"; - # dump old torrents into watch folder to have them re-added - watchDir = "/var/download/watch"; - }; - - krebs.iptables = { - enable = true; - tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } - { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } - ]; - }; -} diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 6ef3c8595..1ee45bb41 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -90,6 +90,10 @@ with import ; { from = "afra@lassul.us"; to = lass.mail; } { from = "ksp@lassul.us"; to = lass.mail; } { from = "ccc@lassul.us"; to = lass.mail; } + { from = "neocron@lassul.us"; to = lass.mail; } + { from = "osmocom@lassul.us"; to = lass.mail; } + { from = "lesswrong@lassul.us"; to = lass.mail; } + { from = "nordvpn@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index 31a01c754..065ee9c42 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -6,8 +6,7 @@ in { krebs.fetchWallpaper = { enable = true; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; - url = "prism/realwallpaper-sat-krebs.png"; - maxTime = 10; + url = "prism/realwallpaper-krebs.png"; }; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 17c3cf3be..49602898e 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -75,6 +75,8 @@ in { packages = with pkgs; [ ftb minecraft + steam-run + dolphinEmu ]; }; }; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index c5b5c01fb..62173e33f 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -21,6 +21,10 @@ let krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } ]; + + system.activationScripts.spool-chmod = '' + ${pkgs.coreutils}/bin/chmod +x /var/spool + ''; }; cgit-clear-cache = pkgs.cgit-clear-cache.override { diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e50689254..36e797a96 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -31,6 +31,7 @@ let ''; mailboxes = { + afra = [ "to:afra@afra-berlin.de" ]; c-base = [ "to:c-base.org" ]; coins = [ "to:btce@lassul.us" @@ -46,12 +47,15 @@ let ]; dezentrale = [ "to:dezentrale.space" ]; dhl = [ "to:dhl@lassul.us" ]; + dn42 = [ "to:dn42@lists.nox.tf" ]; eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; + india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; - nix-devel = [ "to:nix-devel@googlegroups.com" ]; + meetup = [ "to:meetup@lassul.us" ]; + nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ]; patreon = [ "to:patreon@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ]; ptl = [ "to:ptl@posttenebraslab.ch" ]; @@ -170,6 +174,16 @@ let macro pager a "-archive\n" # tag as Archived + bind index U noop + bind index u noop + bind pager U noop + bind pager u noop + macro index U "+unread\n" + macro index u "-unread\n" + macro pager U "+unread\n" + macro pager u "-unread\n" + + bind index t noop bind pager t noop macro index t "" # tag as Archived diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index aef671636..b7083c776 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -177,7 +177,8 @@ addr = "0.0.0.0"; domain = "grafana.example.com"; rootUrl = "https://grafana.example.com/"; - security = import ; # { AdminUser = ""; adminPassword = ""} + auth.anonymous.enable = true; + auth.anonymous.org_role = "Admin"; }; }; services.logstash = { diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index bf6855804..85faded14 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -60,10 +60,25 @@ in { group = "radio"; musicDirectory = "/home/radio/the_playlist/music"; extraConfig = '' + audio_output { + type "shout" + encoding "lame" + name "the_playlist_mp3" + host "localhost" + port "8000" + mount "/radio.mp3" + password "${source-password}" + bitrate "128" + + format "44100:16:2" + + user "source" + genre "good music" + } audio_output { type "shout" encoding "ogg" - name "the_playlist" + name "the_playlist_ogg" host "localhost" port "8000" mount "/radio.ogg" diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index 116d66276..e0cb37f67 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let hostname = config.krebs.build.host.name; @@ -9,6 +9,9 @@ let in { krebs.realwallpaper.enable = true; + system.activationScripts.user-shadow = '' + ${pkgs.coreutils}/bin/chmod +x /var/realwallpaper + ''; services.nginx.virtualHosts.wallpaper = { extraConfig = '' if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { @@ -22,10 +25,7 @@ in { locations."/realwallpaper.png".extraConfig = '' root /var/realwallpaper/; ''; - locations."/realwallpaper-sat.png".extraConfig = '' - root /var/realwallpaper/; - ''; - locations."/realwallpaper-sat-krebs.png".extraConfig = '' + locations."/realwallpaper-krebs.png".extraConfig = '' root /var/realwallpaper/; ''; }; diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/lass/2configs/tests/dummy-secrets/nordvpn.txt similarity index 100% rename from nin/0tests/dummysecrets/ssh.id_ed25519 rename to lass/2configs/tests/dummy-secrets/nordvpn.txt diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 828cab95f..4935268a4 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -139,6 +139,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.xanf = { + uid = genid_uint31 "xanf"; + home = "/home/xanf"; + useDefaultShell = true; + createHome = true; + }; + users.users.domsen = { uid = genid_uint31 "domsen"; description = "maintenance acc for domsen"; diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix deleted file mode 100644 index 14d6ce9ec..000000000 --- a/lass/2configs/websites/fritz.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - inherit (import ) - genid - head - ; - inherit (import {inherit lib pkgs;}) - servePage - serveWordpress - ; - - msmtprc = pkgs.writeText "msmtprc" '' - account default - host localhost - ''; - - sendmail = pkgs.writeDash "msmtp" '' - exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" - ''; - -in { - - services.nginx.enable = true; - - imports = [ - ./default.nix - ./sqlBackup.nix - - (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) - - (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ]) - - (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) - - (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) - - (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) - - (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - - (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) - ]; - - lass.mysqlBackup.config.all.databases = [ - "eastuttgart_de" - "radical_dreamers_de" - "spielwaren_kern_de" - "ttf_kleinaspach_de" - ]; - - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - - users.users.goldbarrendiebstahl = { - home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de"; - uid = genid "goldbarrendiebstahl"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - }; - - services.phpfpm.phpOptions = '' - sendmail_path = ${sendmail} -t - ''; -} diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b72b20928..6470d86f7 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -66,22 +66,6 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; - locations."/urlaubyay2018".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/india2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; - locations."/heilstadt".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/grabowsee2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; locations."/krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix index 2fffa6cc9..897e35e61 100644 --- a/lass/2configs/websites/sqlBackup.nix +++ b/lass/2configs/websites/sqlBackup.nix @@ -11,7 +11,6 @@ enable = true; dataDir = "/var/mysql"; package = pkgs.mariadb; - rootPassword = config.krebs.secret.files.mysql_rootPassword.path; }; systemd.services.mysql = { diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index 68bcfa340..4630f25c1 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -87,7 +87,6 @@ in /* yaml */ '' mod_configure: {} mod_disco: {} mod_echo: {} - mod_irc: {} mod_bosh: {} mod_last: {} mod_offline: @@ -96,9 +95,9 @@ in /* yaml */ '' mod_privacy: {} mod_private: {} mod_register: - access_from: deny + access_from: allow access: register - ip_access: trusted_network + # ip_access: trusted_network registration_watchers: ${toJSON config.registration_watchers} mod_roster: {} mod_shared_roster: {} diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 087d54eca..f86a4a69b 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -25,6 +25,8 @@ import Control.Monad.Extra (whenJustM) import Data.List (isInfixOf) import Data.Monoid (Endo) import System.Environment (getArgs, lookupEnv) +import System.Exit (exitFailure) +import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CycleWS (toggleWS) @@ -36,7 +38,7 @@ import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) -import XMonad.Hooks.Place (placeHook, smart) +import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>)) import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) @@ -49,7 +51,7 @@ import XMonad.Util.EZConfig (additionalKeysP) import XMonad.Util.NamedWindows (getName) import XMonad.Util.Run (safeSpawn) -import XMonad.Stockholm.Shutdown (handleShutdownEvent, sendShutdownEvent) +import XMonad.Stockholm.Shutdown (newShutdownEventHandler, shutdown) import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..)) data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show) @@ -69,18 +71,20 @@ myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1" main :: IO () main = getArgs >>= \case - ["--shutdown"] -> sendShutdownEvent - _ -> main' + [] -> main' + ["--shutdown"] -> shutdown + args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure main' :: IO () main' = do + handleShutdownEvent <- newShutdownEventHandler xmonad $ ewmh $ withUrgencyHook LibNotifyUrgencyHook $ def { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks + , manageHook = floatHooks <+> floatNextHook , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -95,13 +99,12 @@ myLayoutHook = defLayout defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat) floatHooks :: Query (Endo WindowSet) -floatHooks = composeAll . concat $ - [ [ title =? t --> doFloat | t <- myTitleFloats] - , [ className =? c --> doFloat | c <- myClassFloats ] ] - where - myTitleFloats = [] - myClassFloats = ["Pinentry"] -- for gpg passphrase entry - +floatHooks = composeOne + [ className =? "Pinentry" -?> doCenterFloat + , title =? "fzfmenu" -?> doCenterFloat + , title =? "glxgears" -?> doCenterFloat + , resource =? "Dialog" -?> doFloat + ] myKeyMap :: [([Char], X ())] myKeyMap = @@ -110,6 +113,7 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") + , ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") @@ -159,6 +163,9 @@ myKeyMap = , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") + , ("M4-", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8") + , ("M4-", spawn "${pkgs.redshift}/bin/redshift -x") + , ("", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("M4-s", spawn "${pkgs.knav}/bin/knav") diff --git a/lass/5pkgs/emot-menu/default.nix b/lass/5pkgs/emot-menu/default.nix new file mode 100644 index 000000000..d5d84e456 --- /dev/null +++ b/lass/5pkgs/emot-menu/default.nix @@ -0,0 +1,31 @@ +{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let + + emoticons = writeText "emoticons" '' +¯\(°_o)/¯ | dunno lol shrug dlol +¯\_(ツ)_/¯ | dunno lol shrug dlol +( ͡° ͜ʖ ͡°) | lenny +¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol +( ゚д゚) | aaah sad noo +ヽ(^o^)丿 | hi yay hello +(^o^; | ups hehe +(^∇^) | yay +┗(`皿´)┛ | angry argh +ヾ(^_^) byebye!! | bye +<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance +(-.-)Zzz... | sleep +(∩╹□╹∩) | oh noes woot +™ | tm +ζ | zeta +(╯°□°)╯ ┻━┻ | table flip +(」゜ロ゜)」 | why woot + ''; + +in +writeDashBin "emoticons" '' + set -efu + + data=$(${coreutils}/bin/cat ${emoticons}) + emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//') + ${xdotool}/bin/xdotool type -- "$emoticon" + exit 0 +'' diff --git a/lass/5pkgs/fzfmenu/default.nix b/lass/5pkgs/fzfmenu/default.nix new file mode 100644 index 000000000..905a5ce6b --- /dev/null +++ b/lass/5pkgs/fzfmenu/default.nix @@ -0,0 +1,45 @@ +{ pkgs, ... }: + +pkgs.writeDashBin "fzfmenu" '' + set -efu + PROMPT=">" + for i in "$@" + do + case $i in + -p) + PROMPT="$2" + shift + shift + break + ;; + -l) + # no reason to filter number of lines + LINES="$2" + shift + shift + break + ;; + -i) + # we do this anyway + shift + break + ;; + *) + echo "Unknown option $1" >&2 + shift + ;; + esac + done + INPUT=$(${pkgs.coreutils}/bin/cat) + OUTPUT="$(${pkgs.coreutils}/bin/mktemp)" + ${pkgs.rxvt_unicode}/bin/urxvt \ + -name fzfmenu -title fzfmenu \ + -e ${pkgs.dash}/bin/dash -c \ + "echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \ + --history=/dev/null \ + --no-sort \ + --prompt=\"$PROMPT\" \ + > \"$OUTPUT\"" 2>/dev/null + ${pkgs.coreutils}/bin/cat "$OUTPUT" + ${pkgs.coreutils}/bin/rm "$OUTPUT" +'' diff --git a/lass/krops.nix b/lass/krops.nix index a898164c3..d64454ea5 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -5,8 +5,14 @@ pkgs ; + host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then + import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; } + else + {} + ; + source = { test }: lib.evalSource [ - krebs-source + (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; secrets = if test then { @@ -18,15 +24,24 @@ }; }; } + host-source ]; in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" { source = source { test = false; }; inherit target; }; + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate) + populate = { target, force ? false }: pkgs.populate { + inherit force; + source = source { test = false; }; + target = lib.mkTarget target; + }; + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { force = true; diff --git a/lib/default.nix b/lib/default.nix index a40225c49..348d47e85 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -5,6 +5,7 @@ let evalSource = import ./eval-source.nix; git = import ./git.nix { inherit lib; }; + krops = import ../submodules/krops/lib; shell = import ./shell.nix { inherit lib; }; types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; @@ -12,8 +13,9 @@ let ne = x: y: x != y; mod = x: y: x - y * (x / y); - genid = import ./genid.nix { inherit lib; }; - genid_uint31 = x: ((lib.genid x) + 16777216) / 2; + genid = lib.genid_uint32; # TODO remove + genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2; + genid_uint32 = import ./genid.nix { inherit lib; }; lpad = n: c: s: if lib.stringLength s < n @@ -44,6 +46,23 @@ let indent = replaceChars ["\n"] ["\n "]; + mapNixDir = f: x: { + list = foldl' mergeAttrs {} (map (mapNixDir1 f) x); + path = mapNixDir1 f x; + }.${typeOf x}; + + mapNixDir1 = f: dirPath: + listToAttrs + (map + (relPath: let + name = removeSuffix ".nix" relPath; + path = dirPath + "/${relPath}"; + in + nameValuePair name (f path)) + (filter + (name: name != "default.nix" && !hasPrefix "." name) + (attrNames (readDir dirPath)))); + # https://tools.ietf.org/html/rfc5952 normalize-ip6-addr = let diff --git a/lib/types.nix b/lib/types.nix index d663d2512..016853300 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -3,7 +3,7 @@ let inherit (lib) all any attrNames concatMapStringsSep concatStringsSep const filter flip - genid hasSuffix head isInt isString length mergeOneOption mkOption + genid_uint31 hasSuffix head isInt isString length mergeOneOption mkOption mkOptionType optional optionalAttrs optionals range splitString stringLength substring test testString typeOf; inherit (lib.types) @@ -365,7 +365,7 @@ rec { }; uid = mkOption { type = int; - default = genid config.name; + default = genid_uint31 config.name; }; }; }); @@ -377,7 +377,7 @@ rec { }; gid = mkOption { type = int; - default = genid config.name; + default = genid_uint31 config.name; }; }; }); diff --git a/makefu/0tests/data/secrets/hass/darksky.apikey b/makefu/0tests/data/secrets/hass/darksky.apikey new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 36af23bb5..3d2cbac6f 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,16 +8,21 @@ in { imports = [ ./hardware-config.nix + { + users.users.lass = { + uid = 9002; + isNormalUser = true; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + makefu.pubkey + ]; + }; + } # - - - # - # - - - # Security @@ -26,83 +31,90 @@ in { + + # + + # networking + + # + # + + # + + + # ci + # + + + + # services - - # - - - # + + - # network + # sharing + + + # + ## + # + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + # + + ## network # + + + + - # buildbot - - - ## Web - - + # Removed until move: no extra mails + + # Removed until move: avoid letsencrypt ban + ### Web + # + # - # - - + ## + # + # + + + - # + - { - services.taskserver.enable = true; - services.taskserver.fqdn = config.krebs.build.host.name; - services.taskserver.listenHost = "::"; - services.taskserver.organisations.home.users = [ "makefu" ]; - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ''; - } - # - - - # - - - # - # Temporary: + # sharing + + + + ## Temporary: # + - #{ - # services.dockerRegistry.enable = true; - # networking.firewall.allowedTCPPorts = [ 8443 ]; - - # services.nginx.virtualHosts."euer.krebsco.de" = { - # forceSSL = true; - # enableACME = true; - # extraConfig = '' - # client_max_body_size 1000M; - # ''; - # locations."/".proxyPass = "http://localhost:5000"; - # }; - #} - - { # iperf3 - networking.firewall.allowedUDPPorts = [ 5201 ]; - networking.firewall.allowedTCPPorts = [ 5201 ]; - } - + # krebs infrastructure services + ]; makefu.dl-dir = "/var/download"; @@ -120,9 +132,7 @@ in { ListenAddress = ${external-ip} 21031 ''; connectTo = [ - "muhbaasu" "tahoe" "flap" "wry" - "ni" - "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" + "prism" "ni" "enklave" "dishfire" "echelon" "hotdog" ]; }; @@ -137,10 +147,11 @@ in { environment.systemPackages = with pkgs;[ weechat bepasty-client-cli - get tmux ]; + # Hardware + # Network networking = { firewall = { @@ -179,4 +190,5 @@ in { }; users.users.makefu.extraGroups = [ "download" "nginx" ]; boot.tmpOnTmpfs = true; + state = [ "/home/makefu/.weechat" ]; } diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index a40709169..bfe29b46c 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -1,26 +1,24 @@ { config, ... }: let - external-mac = "2a:c5:6e:d2:fc:7f"; - main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; - external-gw = "185.194.140.1"; + external-mac = "50:46:5d:9f:63:6b"; + main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; + sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; + external-gw = "144.76.26.225"; # single partition, label "nixos" # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate # static - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; + external-ip = "144.76.26.247"; + external-ip6 = "2a01:4f8:191:12f6::2"; external-gw6 = "fe80::1"; - external-netmask = 22; + external-netmask = 27; external-netmask6 = 64; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; ext-if = "et0"; # gets renamed on the fly in { imports = [ - - ]; - makefu.server.primary-itf = ext-if; services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" @@ -40,7 +38,62 @@ in { defaultGateway = external-gw; }; boot.kernelParams = [ ]; - boot.loader.grub.device = main-disk; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ main-disk ]; + boot.initrd.kernelModules = [ "dm-raid" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" + "xhci_pci" "ehci_pci" "ahci" "sd_mod" + ]; + boot.kernelModules = [ "kvm-intel" ]; + hardware.enableRedistributableFirmware = true; + fileSystems."/" = { + device = "/dev/mapper/nixos-root"; + fsType = "ext4"; + }; + fileSystems."/var/lib" = { + device = "/dev/mapper/nixos-lib"; + fsType = "ext4"; + }; + fileSystems."/var/download" = { + device = "/dev/mapper/nixos-download"; + fsType = "ext4"; + }; + fileSystems."/var/lib/borgbackup" = { + device = "/dev/mapper/nixos-backup"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/sda2"; + fsType = "vfat"; + }; + # parted -s -a optimal "$disk" \ + # mklabel gpt \ + # mkpart no-fs 0 1024KiB \ + # set 1 bios_grub on \ + # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ + # mkpart primary 1025MiB 100% + # parted -s -a optimal "/dev/sdb" \ + # mklabel gpt \ + # mkpart primary 1M 100% + + #mkfs.vfat /dev/sda2 + #pvcreate /dev/sda3 + #pvcreate /dev/sdb1 + #vgcreate nixos /dev/sda3 /dev/sdb1 + #lvcreate -L 120G -m 1 -n root nixos + #lvcreate -L 50G -m 1 -n lib nixos + #lvcreate -L 100G -n download nixos + #lvcreate -L 100G -n backup nixos + #mkfs.ext4 /dev/mapper/nixos-root + #mkfs.ext4 /dev/mapper/nixos-lib + #mkfs.ext4 /dev/mapper/nixos-download + #mkfs.ext4 /dev/mapper/nixos-borgbackup + #mount /dev/mapper/nixos-root /mnt + #mkdir /mnt/boot + #mount /dev/sda2 /mnt/boot + #mkdir -p /mnt/var/src + #touch /mnt/var/src/.populate + } diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt new file mode 100644 index 000000000..30276b7db --- /dev/null +++ b/makefu/1systems/gum/rescue.txt @@ -0,0 +1,11 @@ +mount /dev/mapper/nixos-root /mnt +mount /dev/sda2 /mnt/boot + +chroot-prepare /mnt +chroot /mnt /bin/sh + +journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub) + +export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin +/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate +/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index 1e36c6e87..6940498f1 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,5 +1,5 @@ { - name="gum"; + name="nextgum"; torrent = true; clever_kexec = true; } diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix deleted file mode 100644 index 64516fa98..000000000 --- a/makefu/1systems/nextgum/config.nix +++ /dev/null @@ -1,253 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - ext-if = config.makefu.server.primary-itf; -in { - imports = [ - - ./hardware-config.nix - ./transfer-config.nix - - # - - # Security - - - # Tools - - - - - - - - - - # - - - # services - - - - # sharing - - - # - ## - # - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } - # - - ## network - - # - - - - - - ## buildbot - - - # Removed until move: no extra mails - - # Removed until move: avoid double-update of domain - # - # Removed until move: avoid letsencrypt ban - ### Web - # - # - # - # - # - ## - # - # - # - - - - - # - # - # - # - # - - { - services.taskserver.enable = true; - services.taskserver.fqdn = config.krebs.build.host.name; - services.taskserver.listenHost = "::"; - services.taskserver.organisations.home.users = [ "makefu" ]; - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ''; - } - - - - - # - - ## Temporary: - # - - - - #{ - # services.dockerRegistry.enable = true; - # networking.firewall.allowedTCPPorts = [ 8443 ]; - - # services.nginx.virtualHosts."euer.krebsco.de" = { - # forceSSL = true; - # enableACME = true; - # extraConfig = '' - # client_max_body_size 1000M; - # ''; - # locations."/".proxyPass = "http://localhost:5000"; - # }; - #} - { # wireguard server - - # opkg install wireguard luci-proto-wireguard - - # TODO: networking.nat - - # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - # conf.all.proxy_arp =1 - networking.firewall = { - allowedUDPPorts = [ 51820 ]; - extraCommands = '' - iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE - ''; - }; - - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.0.1/24" ]; - listenPort = 51820; - privateKeyFile = (toString ) + "/wireguard.key"; - allowedIPsAsRoutes = true; - peers = [ - { - # x - allowedIPs = [ "10.244.0.2/32" ]; - publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - } - { - # vbob - allowedIPs = [ "10.244.0.3/32" ]; - publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; - } - { - # x-test - allowedIPs = [ "10.244.0.4/32" ]; - publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; - } - { - # work-router - allowedIPs = [ "10.244.0.5/32" ]; - publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; - } - { - # workr - allowedIPs = [ "10.244.0.6/32" ]; - publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; - } - ]; - }; - } - { # iperf3 - networking.firewall.allowedUDPPorts = [ 5201 ]; - networking.firewall.allowedTCPPorts = [ 5201 ]; - } - - # krebs infrastructure services - - ]; - makefu.dl-dir = "/var/download"; - - services.openssh.hostKeys = [ - { bits = 4096; path = (toString ); type = "rsa"; } - { path = (toString ); type = "ed25519"; } ]; - ###### stable - services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; - krebs.build.host = config.krebs.hosts.gum; - - krebs.tinc.retiolum = { - extraConfig = '' - ListenAddress = ${external-ip} 53 - ListenAddress = ${external-ip} 655 - ListenAddress = ${external-ip} 21031 - ''; - connectTo = [ - "muhbaasu" "tahoe" "flap" "wry" - "ni" - "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" - ]; - }; - - - # access - users.users = { - root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; - makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; - }; - - # Chat - environment.systemPackages = with pkgs;[ - weechat - bepasty-client-cli - tmux - ]; - - # Hardware - - # Network - networking = { - firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # httptunnel - 8080 8443 - # tinc - 655 - # tinc-shack - 21032 - # tinc-retiolum - 21031 - # taskserver - 53589 - # temp vnc - 18001 - # temp reverseshell - 31337 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - # tinc-retiolum - 21031 - # tinc-shack - 21032 - ]; - }; - nameservers = [ "8.8.8.8" ]; - }; - users.users.makefu.extraGroups = [ "download" "nginx" ]; - boot.tmpOnTmpfs = true; -} diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix deleted file mode 100644 index bfe29b46c..000000000 --- a/makefu/1systems/nextgum/hardware-config.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, ... }: -let - external-mac = "50:46:5d:9f:63:6b"; - main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; - sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; - external-gw = "144.76.26.225"; - # single partition, label "nixos" - # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate - - - # static - external-ip = "144.76.26.247"; - external-ip6 = "2a01:4f8:191:12f6::2"; - external-gw6 = "fe80::1"; - external-netmask = 27; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly -in { - imports = [ - ]; - makefu.server.primary-itf = ext-if; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - networking = { - interfaces."${ext-if}" = { - ipv4.addresses = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - ipv6.addresses = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - defaultGateway6 = external-gw6; - defaultGateway = external-gw; - }; - boot.kernelParams = [ ]; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ main-disk ]; - boot.initrd.kernelModules = [ "dm-raid" ]; - boot.initrd.availableKernelModules = [ - "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" - "xhci_pci" "ehci_pci" "ahci" "sd_mod" - ]; - boot.kernelModules = [ "kvm-intel" ]; - hardware.enableRedistributableFirmware = true; - fileSystems."/" = { - device = "/dev/mapper/nixos-root"; - fsType = "ext4"; - }; - fileSystems."/var/lib" = { - device = "/dev/mapper/nixos-lib"; - fsType = "ext4"; - }; - fileSystems."/var/download" = { - device = "/dev/mapper/nixos-download"; - fsType = "ext4"; - }; - fileSystems."/var/lib/borgbackup" = { - device = "/dev/mapper/nixos-backup"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "/dev/sda2"; - fsType = "vfat"; - }; - # parted -s -a optimal "$disk" \ - # mklabel gpt \ - # mkpart no-fs 0 1024KiB \ - # set 1 bios_grub on \ - # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ - # mkpart primary 1025MiB 100% - # parted -s -a optimal "/dev/sdb" \ - # mklabel gpt \ - # mkpart primary 1M 100% - - #mkfs.vfat /dev/sda2 - #pvcreate /dev/sda3 - #pvcreate /dev/sdb1 - #vgcreate nixos /dev/sda3 /dev/sdb1 - #lvcreate -L 120G -m 1 -n root nixos - #lvcreate -L 50G -m 1 -n lib nixos - #lvcreate -L 100G -n download nixos - #lvcreate -L 100G -n backup nixos - #mkfs.ext4 /dev/mapper/nixos-root - #mkfs.ext4 /dev/mapper/nixos-lib - #mkfs.ext4 /dev/mapper/nixos-download - #mkfs.ext4 /dev/mapper/nixos-borgbackup - #mount /dev/mapper/nixos-root /mnt - #mkdir /mnt/boot - #mount /dev/sda2 /mnt/boot - #mkdir -p /mnt/var/src - #touch /mnt/var/src/.populate - -} diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix deleted file mode 100644 index 6940498f1..000000000 --- a/makefu/1systems/nextgum/source.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - name="nextgum"; - torrent = true; - clever_kexec = true; -} diff --git a/makefu/1systems/nextgum/transfer-config.nix b/makefu/1systems/nextgum/transfer-config.nix deleted file mode 100644 index 92df60195..000000000 --- a/makefu/1systems/nextgum/transfer-config.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, lib, ... }: -# configuration which is only required for the time of the transfer -{ - krebs.tinc.retiolum.connectTo = [ "gum" ]; - krebs.build.host = lib.mkForce config.krebs.hosts.nextgum; -} - diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index be49db024..260f96081 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -8,11 +8,11 @@ let in { imports = [ - #./hw/omo.nix - ./hw/tsp.nix + ./hw/omo.nix + #./hw/tsp.nix - + # @@ -25,6 +25,22 @@ in { # # + + { krebs.airdcpp.dcpp.shares = let + d = path: "/media/cryptX/${path}"; + in { + emu.path = d "emu"; + audiobooks.path = lib.mkForce (d "audiobooks"); + incoming.path = lib.mkForce (d "torrent"); + anime.path = d "anime"; + }; + krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp"; + } + { + # copy config from to /var/lib/sabnzbd/ + #services.sabnzbd.enable = true; + #systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + } # @@ -41,12 +57,30 @@ in { # services - + { + services.nginx.enable = true; + networking.firewall.allowedTCPPorts = [ 80 ]; + } + # - + # TODO: + # + + { + # Risikoübernahme + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.77.2" + ]; + } + { + makefu.ps3netsrv = { + enable = true; + servedir = "/media/cryptX/emu/ps3"; + }; + } { hardware.pulseaudio.systemWide = true; makefu.mpd.musicDirectory = "/media/cryptX/music"; @@ -71,10 +105,11 @@ in { ]; makefu.full-populate = true; + nixpkgs.config.allowUnfree = true; krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) { downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' - upload_rate = 200 + upload_rate = 500 ''; }; users.groups.share = { @@ -83,14 +118,7 @@ in { }; networking.firewall.trustedInterfaces = [ primaryInterface ]; - # copy config from to /var/lib/sabnzbd/ - services.sabnzbd.enable = true; - systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - makefu.ps3netsrv = { - enable = true; - servedir = "/media/cryptX/emu/ps3"; - }; users.users.misa = { uid = 9002; diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index e1d66a2f9..f2311fb55 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -11,10 +11,10 @@ in { - - # - # - # + # + + + @@ -33,9 +33,6 @@ in { - { - users.users.makefu.extraGroups = [ "pulse" ]; - } # Sensors @@ -46,10 +43,16 @@ in { # + { environment.systemPackages = [ pkgs.vlc ]; } - - + { + # Risikoübernahme + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.77.2" + ]; + } + (let collectd-port = 25826; @@ -174,20 +177,4 @@ in { fsType = "ext4"; }; }; - - # DualHead on NUC - # TODO: update synergy package with these extras (username) - # TODO: add crypto layer - systemd.services."synergy-client" = { - environment.DISPLAY = ":0"; - serviceConfig.User = user; - }; - - services.synergy = { - client = { - enable = true; - screenName = "wbob"; - serverAddress = "x.r"; - }; - }; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 66d904512..5a4eea2e4 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -15,7 +15,7 @@ - + # @@ -74,6 +74,7 @@ + # @@ -83,11 +84,11 @@ # Security - { - programs.adb.enable = true; - } + { programs.adb.enable = true; } # temporary + { services.redis.enable = true; } + # # # # @@ -121,13 +122,11 @@ ]; makefu.server.primary-itf = "wlp3s0"; - makefu.full-populate = true; nixpkgs.config.allowUnfree = true; # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ]; networking.firewall.allowedUDPPorts = [ 665 26061 ]; networking.firewall.trustedInterfaces = [ "vboxnet0" ]; @@ -144,14 +143,25 @@ # avoid full boot dir boot.loader.grub.configurationLimit = 3; - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; + environment.systemPackages = [ pkgs.passwdqc-utils ]; # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; }; state = [ "/home/makefu/stockholm" - "/home/makefu/backup/borgun" - "/home/makefu/.mail/" + "/home/makefu/.ssh/" + "/home/makefu/.zsh_history" + "/home/makefu/.bash_history" + "/home/makefu/.zshrc" + "/home/makefu/bin" + "/home/makefu/.gnupg" + "/home/makefu/.imapfilter" + "/home/makefu/.mutt" + "/home/makefu/docs" + "/home/makefu/.password-store" + "/home/makefu/.secrets-pass" + "/home/makefu/autosync/Database.kdb" ]; + services.syncthing.user = lib.mkForce "makefu"; services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; } diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix deleted file mode 100644 index a4d02af6b..000000000 --- a/makefu/2configs/backup.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -let - # preparation: - # mkdir -p defaultBackupDir/host.name/src - # as root on omo: - # ssh-copy-id root@src - startAt = "0,6,12,18:00"; - defaultBackupServer = config.krebs.hosts.omo; - defaultBackupDir = "/home/backup"; - defaultPull = host: src: { - method = "pull"; - src = { - inherit host; - path = src; - }; - dst = { - host = defaultBackupServer; - path = "${defaultBackupDir}/${host.name}${src}"; - }; - startAt = "0,6,12,18:00"; - snapshots = { - hourly = { format = "%Y-%m-%dT%H"; retain = 4; }; - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; - }; -in { - krebs.backup.plans = { - # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; - gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; - gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )// - { - dst.path = "/media/cryptX/backup/gum/var-download"; - dst.host = defaultBackupServer; - startAt = "19:00"; - }; - gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )// - { - dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de"; - dst.host = defaultBackupServer; - - startAt = "05:00"; - }; - # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/"; - }; - environment.systemPackages = [ - pkgs.borgbackup - ]; -} diff --git a/makefu/2configs/backup/server.nix b/makefu/2configs/backup/server.nix new file mode 100644 index 000000000..f157e715f --- /dev/null +++ b/makefu/2configs/backup/server.nix @@ -0,0 +1,11 @@ +{lib, ... }: +let + hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh ); +in { + # TODO: for all enabled machines + services.borgbackup.repos = lib.genAttrs hosts (host: { + authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ]; + path = "/var/lib/borgbackup/${host}"; + user = "borg-${host}"; + }) ; +} diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub new file mode 100644 index 000000000..ed203d544 --- /dev/null +++ b/makefu/2configs/backup/ssh/gum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x diff --git a/makefu/2configs/backup/ssh/nextgum.pub b/makefu/2configs/backup/ssh/nextgum.pub new file mode 100644 index 000000000..52d56d956 --- /dev/null +++ b/makefu/2configs/backup/ssh/nextgum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/backup/ssh/omo.pub b/makefu/2configs/backup/ssh/omo.pub new file mode 100644 index 000000000..053b4da87 --- /dev/null +++ b/makefu/2configs/backup/ssh/omo.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x diff --git a/makefu/2configs/backup/ssh/x.pub b/makefu/2configs/backup/ssh/x.pub new file mode 100644 index 000000000..fe894df33 --- /dev/null +++ b/makefu/2configs/backup/ssh/x.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x diff --git a/makefu/2configs/backup/state.nix b/makefu/2configs/backup/state.nix new file mode 100644 index 000000000..1143708bf --- /dev/null +++ b/makefu/2configs/backup/state.nix @@ -0,0 +1,25 @@ +{ config, ... }: +# back up all state +let + sec = toString ; + sshkey = sec + "/borg.priv"; + phrase = sec + "/borg.pw"; +in +{ + services.borgbackup.jobs.state = { + repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:."; + paths = config.state; + encryption = { + mode = "repokey"; + passCommand = "cat ${phrase}"; + }; + environment.BORG_RSH = "ssh -i ${sshkey}"; + prune.keep = + { daily = 7; + weekly = 4; + monthly = -1; # Keep at least one archive for each month + }; + compression = "auto,lzma"; + startAt = "daily"; + }; +} diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index 890652285..f63dbefd8 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -32,6 +32,11 @@ in { "paste.${config.krebs.build.host.name}" "paste.r" ]; + extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; }; defaultPermissions = "admin,list,create,read,delete"; secretKeyFile = secKey; diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix index b59d3ce10..e007b6072 100644 --- a/makefu/2configs/bluetooth-mpd.nix +++ b/makefu/2configs/bluetooth-mpd.nix @@ -57,6 +57,8 @@ in { load-module module-filter-heuristics load-module module-filter-apply load-module module-switch-on-connect + load-module module-equalizer-sink + load-module module-dbus-protocol #load-module module-bluez5-device #load-module module-bluez5-discover ''; diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix index fe05effd9..ad62babc3 100644 --- a/makefu/2configs/dcpp/airdcpp.nix +++ b/makefu/2configs/dcpp/airdcpp.nix @@ -44,5 +44,6 @@ ''; }; - + state = map (f: "${config.krebs.airdcpp.stateDir}/${f}") + [ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ]; } diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix index 4605e8933..443484a34 100644 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -11,6 +11,11 @@ let payload_available= "Online"; payload_not_available= "Offline"; }; + tasmota_stecki = name: topic: + ( tasmota_plug name topic) // + { state_topic = "/bam/${topic}/stat/POWER"; + command_topic = "/bam/${topic}/cmnd/POWER"; + }; espeasy_dht22 = name: [ { platform = "mqtt"; name = "${name} DHT22 Temperature"; @@ -38,9 +43,6 @@ let }; in { networking.firewall.allowedTCPPorts = [ 8123 ]; - nixpkgs.config.permittedInsecurePackages = [ - "homeassistant-0.65.5" - ]; services.home-assistant = { enable = true; @@ -48,6 +50,9 @@ in { homeassistant = { name = "Bureautomation"; time_zone = "Europe/Berlin"; + latitude = "48.8265"; + longitude = "9.0676"; + elevation = 303; }; mqtt = { @@ -72,7 +77,7 @@ in { switch = [ (tasmota_plug "Bauarbeiterlampe" "plug") (tasmota_plug "Blitzdings" "plug2") - (tasmota_plug "Fernseher" "plug3") + (tasmota_stecki "Fernseher" "fernseher") (tasmota_plug "Pluggy" "plug4") ]; binary_sensor = [ @@ -96,26 +101,140 @@ in { sensorid = "5341"; monitored_conditions = [ "P1" "P2" ]; } - { platform = "influxdb"; - queries = [ - { name = "mean value of feinstaub P1"; - where = '' "node" = 'esp8266-1355142' ''; - measurement = "feinstaub"; - database = "telegraf"; - field = "P1"; - } - { name = "mean value of feinstaub P2"; - where = '' "node" = 'esp8266-1355142' ''; - measurement = "feinstaub"; - database = "telegraf"; - field = "P2"; - } - ]; + + { platform = "darksky"; + api_key = lib.removeSuffix "\n" + (builtins.readFile ); + language = "de"; + monitored_conditions = [ "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "apparent_temperature" + "hourly_summary" # next 24 hours text + "minutely_summary" + "humidity" + "pressure" + "uv_index" ]; + units = "si" ; + update_interval = { + days = 0; + hours = 0; + minutes = 30; + seconds = 0; + }; + } + #{ platform = "influxdb"; + # queries = [ + # { name = "mean value of feinstaub P1"; + # where = '' "node" = 'esp8266-1355142' ''; + # measurement = "feinstaub"; + # database = "telegraf"; + # field = "P1"; + # } + # { name = "mean value of feinstaub P2"; + # where = '' "node" = 'esp8266-1355142' ''; + # measurement = "feinstaub"; + # database = "telegraf"; + # field = "P2"; + # } + # ]; + #} + ]; + camera = [ + { name = "Baumarkt"; + platform = "generic"; + still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt + } + { name = "Autobahn Heilbronn"; + platform = "generic"; + still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ; + } + { name = "Autobahn Singen"; + platform = "generic"; + still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ; } ]; frontend = { }; http = { }; - feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; + conversation = {}; + history = {}; + logbook = {}; + tts = [ { platform = "google";} ]; + recorder = {}; + group = + { default_view = + { view = "yes"; + entities = [ + "group.sensors" + "group.outside" + "group.switches" + "group.automation" + "group.camera" + ]; + }; + automation = [ + "automation.turn_off_fernseher_10_minutes_after_last_movement" + ]; + switches = [ + "switch.bauarbeiterlampe" + "switch.blitzdings" + "switch.fernseher" + "switch.pluggy" + ]; + camera = [ + "camera.Baumarkt" + "camera.Autobahn_Heilbronn" + "camera.Autobahn_Singen" + ]; + sensors = [ + "binary_sensor.motion" + "sensor.easy2_dht22_humidity" + "sensor.easy2_dht22_temperature" + ]; + outside = [ + "sensor.ditzingen_pm10" + "sensor.ditzingen_pm25" + "sensor.dark_sky_temperature" + "sensor.dark_sky_humidity" + "sensor.dark_sky_pressure" + "sensor.dark_sky_hourly_summary" + "sensor.dark_sky_minutely_summary" + ]; + }; + # only for automation + # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; + automation = [ + { alias = "Turn on Fernseher on movement"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.motion"; + to = "on"; + }; + action = { + service= "homeassistant.turn_on"; + entity_id= "switch.fernseher"; + }; + } + { alias = "Turn off Fernseher 10 minutes after last movement"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.motion"; + to = "off"; + for.minutes = 10; + }; + action = { + service= "homeassistant.turn_off"; + entity_id= "switch.fernseher"; + }; + condition = [{ + condition = "time"; + before = "06:30:00"; #only turn off between 6:30 and 18:00 + after = "18:00:00"; + weekday = [ "mon" "tue" "wed" "thu" "fri" ]; + }]; + } + ]; }; }; } diff --git a/makefu/2configs/deployment/bureautomation/home.nix b/makefu/2configs/deployment/bureautomation/home.nix deleted file mode 100644 index 28edb6af2..000000000 --- a/makefu/2configs/deployment/bureautomation/home.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ pkgs, lib, ... }: -let - firetv = "192.168.1.238"; -in { - systemd.services.firetv = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - }; - }; - services.home-assistant = { - #panel_iframe: - #configurator: - # title: Configurator - # icon: mdi:wrench - # url: http://hassio.local:3218 - # sensor: - # - platform: random - enable = true; - config = { - homeassistant = { - name = "Bureautomation"; - time_zone = "Europe/Berlin"; - }; - panel_iframe = { - euer_blog = { - title = "Euer Blog"; - icon = "mdi:wrench"; - url = "https://euer.krebsco.de"; - }; - }; - media_player = [ - { platform = "kodi"; - host = firetv; - } - { platform = "firetv"; - # assumes python-firetv running - } - ]; - sensor = [ - { - platform = "luftdaten"; - name = "Shack 1"; - sensorid = "50"; - monitored_conditions = [ "P1" "P2" ]; - } - { - platform = "luftdaten"; - name = "Shack 2"; - sensorid = "658"; - monitored_conditions = [ "P1" "P2" ]; - } - { - platform = "luftdaten"; - name = "Ditzingen"; - sensorid = "5341"; - monitored_conditions = [ "P1" "P2" ]; - } - { platform = "random"; } - ]; - frontend = { }; - http = { }; - feedreader.urls = [ "https://nixos.org/blogs.xml" ]; - }; - }; -} diff --git a/makefu/2configs/deployment/bureautomation/mpd.nix b/makefu/2configs/deployment/bureautomation/mpd.nix new file mode 100644 index 000000000..1f5acb357 --- /dev/null +++ b/makefu/2configs/deployment/bureautomation/mpd.nix @@ -0,0 +1,9 @@ +{lib,pkgs, ... }: + +{ + systemd.services."ympd-wbob" = { + description = "mpd "; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody"; + }; +} diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix index bde9892cd..e7dc54dd0 100644 --- a/makefu/2configs/deployment/graphs.nix +++ b/makefu/2configs/deployment/graphs.nix @@ -6,11 +6,6 @@ let internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; hn = config.krebs.build.host.name; in { - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; krebs.tinc_graphs = { enable = true; nginx = { diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix index f2a3b36e2..94799b11d 100644 --- a/makefu/2configs/deployment/homeautomation/default.nix +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -1,9 +1,60 @@ -{ pkgs, config, ... }: +{ pkgs, lib, config, ... }: # Ideas: ## wake-on-lan server ## let + tasmota_rgb = name: topic: +# LED WS2812b +# effect_state_topic: "stat/led/Scheme" +# effect_command_topic: "cmnd/led/Scheme" +# effect_value_template: "{{ value_json.Scheme }}" + { platform = "mqtt"; + inherit name; + retain = false; + qos = 1; + optimistic = false; + # state + # TODO: currently broken, will not use the custom state topic + #state_topic = "/ham/${topic}/stat/POWER"; + state_topic = "/ham/${topic}/stat/POWER"; + command_topic = "/ham/${topic}/cmnd/POWER"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + # brightness + brightness_state_topic = "/ham/${topic}/stat/Dimmer"; + brightness_command_topic = "/ham/${topic}/cmnd/Dimmer"; + brightness_value_template = "{{ value_json.Dimmer }}"; + brightness_scale = 100; + # color + rgb_state_topic = "/ham/${topic}/stat/Color"; + rgb_command_topic = "/ham/${topic}/cmnd/Color2"; + rgb_command_mode = "hex"; + rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; + # effects + effect_state_topic = "/ham/${topic}/stat/Scheme"; + effect_command_topic = "/ham/${topic}/cmnd/Scheme"; + effect_value_template = "{{ value_json.Scheme }}"; + effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ]; +}; + # switchmode 1 - also toggle power + # switchtopic flurlicht + tasmota_motion = name: topic: + { platform = "mqtt"; + device_class = "motion"; + inherit name; + # TODO: currently broken, will not use the custom state topic + state_topic = "/ham/${topic}/stat/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; + firetv = "192.168.1.238"; tasmota_plug = name: topic: { platform = "mqtt"; @@ -36,20 +87,31 @@ let unit_of_measurement = "hPa"; } ]; + tasmota_am2301 = name: topic: + [ { platform = "mqtt"; + name = "${name} Temperatur"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.AM2301.Temperature }}"; + unit_of_measurement = "°C"; + } + { platform = "mqtt"; + name = "${name} Luftfeuchtigkeit"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.AM2301.Humidity }}"; + unit_of_measurement = "%"; + } + ]; in { imports = [ ./mqtt.nix ]; - systemd.services.firetv = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - }; - }; - nixpkgs.config.permittedInsecurePackages = [ - "homeassistant-0.65.5" - ]; + #systemd.services.firetv = { + # wantedBy = [ "multi-user.target" ]; + # serviceConfig = { + # User = "nobody"; + # ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + # }; + #}; services.home-assistant = { config = { homeassistant = { @@ -58,7 +120,7 @@ in { longitude = "9.2478"; elevation = 247; }; - discovery = {}; + #discovery = {}; conversation = {}; history = {}; logbook = {}; @@ -71,16 +133,16 @@ in { { platform = "kodi"; host = firetv; } - { platform = "firetv"; - # assumes python-firetv running - } + #{ platform = "firetv"; + # # assumes python-firetv running + #} ]; mqtt = { broker = "localhost"; port = 1883; client_id = "home-assistant"; username = "hass"; - password = builtins.readFile ; + password = lib.removeSuffix "\n" (builtins.readFile ); keepalive = 60; protocol = 3.1; birth_message = { @@ -96,43 +158,100 @@ in { retain = true; }; }; + binary_sensor = [ + (tasmota_motion "Flur Bewegung" "flurlicht") + ]; sensor = [ - { platform = "speedtest"; - monitored_conditions = [ "ping" "download" "upload" ]; - } + # broken + #{ platform = "speedtest"; + # monitored_conditions = [ "ping" "download" "upload" ]; + #} { platform = "luftdaten"; - name = "Ditzingen"; + name = "Wangen"; sensorid = "663"; monitored_conditions = [ "P1" "P2" ]; } # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ { platform = "darksky"; - api_key = "c73619e6ea79e553a585be06aacf3679"; + api_key = lib.removeSuffix "\n" + (builtins.readFile ); language = "de"; monitored_conditions = [ "summary" "icon" "nearest_storm_distance" "precip_probability" "precip_intensity" - "temperature" # "temperature_high" "temperature_low" + "temperature" + "apparent_temperature" "hourly_summary" + "humidity" + "pressure" "uv_index" ]; units = "si" ; update_interval = { days = 0; hours = 0; - minutes = 10; + minutes = 30; seconds = 0; }; } - ] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer"); + ] + ++ (tasmota_bme "Schlafzimmer" "schlafzimmer") + ++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer"); frontend = { }; - #group = [ - # { default_view = { view = "yes"; entities = [ - # "sensor.luftdaten" - # ]} - #]; + group = + { default_view = + { view = "yes"; + entities = [ + "group.flur" + "group.schlafzimmer" + "group.draussen" + "group.wohnzimmer" + "group.arbeitszimmer" + ]; + }; + flur = [ + "light.flurlicht" + "binary_sensor.flur_bewegung" + ]; + wohnzimmer = [ + "media_player.kodi" + ]; + draussen = [ + "sensor.dark_sky_temperature" + "sensor.dark_sky_hourly_summary" + "sensor.wangen_pm10" + "sensor.wangen_pm25" + ]; + schlafzimmer = [ + "sensor.schlafzimmer_temperatur" + "sensor.schlafzimmer_luftdruck" + "sensor.schlafzimmer_luftfeuchtigkeit" + "switch.lichterkette_schlafzimmer" + ]; + arbeitszimmer = [ + "switch.strom_staubsauger" + "sensor.arbeitszimmer_temperatur" + "sensor.arbeitszimmer_luftfeuchtigkeit" + ]; + }; http = { }; switch = [ (tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer") + (tasmota_plug "Strom Staubsauger" "arbeitszimmer") + ]; + light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ]; + automation = [ + { alias = "Staubsauger Strom aus nach 6h"; + trigger = { + platform = "state"; + entity_id = "switch.strom_staubsauger"; + to = "on"; + for.hours = 6; + }; + action = { + service= "homeassistant.turn_off"; + entity_id= "switch.strom_staubsauger"; + }; + } ]; }; enable = true; diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix index 16a7a13b2..f63417e8f 100644 --- a/makefu/2configs/fetchWallpaper.nix +++ b/makefu/2configs/fetchWallpaper.nix @@ -8,7 +8,7 @@ timerConfig = { OnCalendar = "*:0/30"; }; - url = "http://prism.r/realwallpaper-sat-krebs.png"; + url = "http://prism.r/realwallpaper-krebs.png"; }; } diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 1a7f3d987..4890e4afe 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -41,6 +41,7 @@ let autosync = { }; fenkins = { }; pass = { }; + secrets = { }; }; connector-repos = mapAttrs make-priv-repo { diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index 861a9327e..6bcd09826 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -66,7 +66,7 @@ in cat |derp <) + "/mirrorsync.gum.id_ed25519"; +in { + systemd.services.mirrorsync = { + startAt = "08:00:00"; + path = with pkgs; [ rsync openssh ]; + script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter''; + }; + services.nginx = { + enable = lib.mkDefault true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + virtualHosts."download.binaergewitter.de" = { + serverAliases = [ "dl2.binaergewitter.de" ]; + root = "/var/www/binaergewitter"; + extraConfig = '' + access_log /var/spool/nginx/logs/binaergewitter.access.log combined; + error_log /var/spool/nginx/logs/binaergewitter.error.log error; + autoindex on; + ''; + }; + }; +} diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix index 65d36d9b6..14d1285db 100644 --- a/makefu/2configs/nginx/euer.blog.nix +++ b/makefu/2configs/nginx/euer.blog.nix @@ -39,4 +39,5 @@ in { }; }; }; + state = [ base-dir ]; } diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 99533b25c..280622259 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -21,6 +21,7 @@ let tw-pass-file = "${sec}/tw-pass.ini"; in { + state = [ base-dir ]; services.phpfpm = { # phpfpm does not have an enable option poolConfigs = { diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index d5fa65ef9..fb1a67358 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -5,11 +5,11 @@ let in { services.printing = { enable = true; - drivers = [ - pkgs.samsungUnifiedLinuxDriver - pkgs.cups-dymo # dymo labelwriter - pkgs.foo2zjs # magicolor 1690mf - pkgs.zj-58 + drivers = with pkgs; [ + samsungUnifiedLinuxDriver + cups-dymo # dymo labelwriter + foo2zjs # magicolor 1690mf + cups-zj-58 ]; }; diff --git a/makefu/2configs/rtorrent.nix b/makefu/2configs/rtorrent.nix deleted file mode 100644 index 9e2990cab..000000000 --- a/makefu/2configs/rtorrent.nix +++ /dev/null @@ -1,19 +0,0 @@ -_: -let - listenPort = 60123; - xml-port = 5000; - authfile = ; -in { - makefu.rtorrent = { - enable = true; - web = { - enable = true; - enableAuth = true; - inherit authfile; - }; - rutorrent.enable = true; - enableXMLRPC = true; - logLevel = "debug"; - inherit listenPort; - }; -} diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/shack/events-publisher/default.nix similarity index 87% rename from makefu/2configs/deployment/events-publisher/default.nix rename to makefu/2configs/shack/events-publisher/default.nix index 37d74c282..531d2525e 100644 --- a/makefu/2configs/deployment/events-publisher/default.nix +++ b/makefu/2configs/shack/events-publisher/default.nix @@ -2,8 +2,8 @@ with import ; let shack-announce = pkgs.callPackage (builtins.fetchTarball { - url = "https://github.com/makefu/events-publisher/archive/c5218195e6afdc646cb7682d8f355a7ec2b90716.tar.gz"; - sha256 = "0xk74q7gah3l5zy3bkvih3k9fr1hclvf71rm3ixcmslhicl7khav"; + url = "https://github.com/makefu/events-publisher/archive/670f4d7182a41b6763296e301612499d2986f213.tar.gz"; + sha256 = "1yf9cb08v4rc6x992yx5lcyn62sm3p8i2b48rsmr4m66xdi4bpnd"; }) {} ; home = "/var/lib/shackannounce"; user = "shackannounce"; diff --git a/makefu/2configs/shack/gitlab-runner/default.nix b/makefu/2configs/shack/gitlab-runner/default.nix new file mode 100644 index 000000000..55dc50fa8 --- /dev/null +++ b/makefu/2configs/shack/gitlab-runner/default.nix @@ -0,0 +1,31 @@ + +{ + systemd.services.gitlab-runner.path = [ + "/run/wrappers" # /run/wrappers/bin/su + "/" # /bin/sh + ]; + services.gitlab-runner = { + enable = true; + configOptions = + { concurrent = 1; + runners = [ + { builds_dir = ""; + #docker = + #{ cache_dir = ""; + # disable_cache = true; + # host = ""; image = "nixos/nix:2.1.3"; + # privileged = true; + #}; + #executor = "docker"; + # name = "docker-nix"; + name = "gum-shell"; + executor = "shell"; + environment = [ "PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ]; + # generate via `gitlab-runner register` + token = import ; + url = "https://git.shackspace.de/"; + } + ]; + }; + }; +} diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index 422676b24..c16629cc5 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -27,12 +27,14 @@ in { systemd.services.arafetch = { startAt = "Mon,Wed,Fri 09:15:00"; wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; environment = { OUTDIR = home; }; path = [ pkg pkgs.git pkgs.wget ]; serviceConfig = { User = "arafetch"; + Restart = "always"; WorkingDirectory = home; PrivateTmp = true; ExecStart = pkgs.writeDash "start-weekrun" '' diff --git a/makefu/2configs/taskd.nix b/makefu/2configs/taskd.nix new file mode 100644 index 000000000..5ca3b9904 --- /dev/null +++ b/makefu/2configs/taskd.nix @@ -0,0 +1,11 @@ +{config, ... }: +{ + services.taskserver.enable = true; + services.taskserver.fqdn = config.krebs.build.host.name; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.home.users = [ "makefu" ]; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ''; +} diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index da8a357ae..9dedafdd2 100644 --- a/makefu/2configs/tools/android-pentest.nix +++ b/makefu/2configs/tools/android-pentest.nix @@ -9,7 +9,7 @@ dex2jar apktool jd-gui - android-studio + # android-studio jdk jre openssl diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix index bb14c3eb5..924668803 100644 --- a/makefu/2configs/tools/desktop.nix +++ b/makefu/2configs/tools/desktop.nix @@ -3,7 +3,7 @@ { users.users.makefu.packages = with pkgs; [ taskwarrior - pass + (pass.withExtensions (ext: [ ext.pass-otp ])) gopass mutt weechat diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 1c28eeffd..3d26cc574 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -6,7 +6,6 @@ gimp inkscape libreoffice - quodlibet # skype synergy tdesktop diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index a61b6c88e..88a7c6882 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -7,10 +7,12 @@ vlc mumble mplayer - quodlibet + quodlibet # exfalso plowshare streamripper youtube-dl + + pulseeffects ]; } diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 8a559dbbd..11151003d 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -7,6 +7,8 @@ rclone exfat (pkgs.callPackage ./secrets.nix {}) + + opensc pcsctools libu2f-host ]; # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix index f88618cbc..7d10983c7 100644 --- a/makefu/2configs/tools/secrets.nix +++ b/makefu/2configs/tools/secrets.nix @@ -1,7 +1,7 @@ { pass, write, writeDash, ... }: write "secrets" { - "/bin/secrets".link = writeDash "brain" '' + "/bin/secrets".link = writeDash "secrets" '' PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ exec ${pass}/bin/pass $@ ''; diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index 3df0ddbfe..ca368dbf0 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -3,12 +3,11 @@ with import ; let - daemon-user = "tor"; basicAuth = import ; peer-port = 51412; web-port = 8112; daemon-port = 58846; - base-dir = config.makefu.dl-dir; + base-dir = config.krebs.rtorrent.workDir; in { users.users = { @@ -23,17 +22,6 @@ in { }; }; - # todo: race condition, do this after download user has been created - system.activationScripts."download-dir-chmod" = '' - for i in finished watch; do - if test ! -d $i;then - mkdir -p "${base-dir}/$i" - chown rtorrent:download "${base-dir}/$i" - chmod 775 "${base-dir}/$i" - fi - done - ''; - users.extraGroups = { download = { gid = lib.mkDefault (genid "download"); @@ -57,15 +45,17 @@ in { rutorrent.enable = true; enableXMLRPC = true; listenPort = peer-port; - downloadDir = base-dir + "/finished"; - watchDir = base-dir + "/watch"; + downloadDir = config.makefu.dl-dir; # dump old torrents into watch folder to have them re-added }; + services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; }; + networking.firewall.extraCommands = '' iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT ''; networking.firewall.allowedTCPPorts = [ peer-port ]; networking.firewall.allowedUDPPorts = [ peer-port ]; + state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded } diff --git a/makefu/2configs/virtualisation/virtualbox.nix b/makefu/2configs/virtualisation/virtualbox.nix index 30de6e44a..e90cc1e8d 100644 --- a/makefu/2configs/virtualisation/virtualbox.nix +++ b/makefu/2configs/virtualisation/virtualbox.nix @@ -1,26 +1,9 @@ { config, lib, pkgs, ... }: -let - mainUser = config.krebs.build.user; - vboxguestpkg = lib.stdenv.mkDerivation rec { - name = "Virtualbox-Extensions-${version}-${rev}"; - version = "5.0.20"; - rev = "106931"; - src = pkgs.fetchurl { - url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack"; - sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf"; - }; - }; -in { +{ virtualisation.virtualbox.host.enable = true; nixpkgs.config.virtualbox.enableExtensionPack = true; virtualisation.virtualbox.host.enableHardening = false; - users.extraGroups.vboxusers.members = [ "${mainUser.name}" ]; - nixpkgs.config.packageOverrides = super: { - boot.kernelPackages.virtualbox = super.boot.kernelPackages.virtualbox.override { - buildInputs = super.boot.kernelPackages.virtualBox.buildInputs - ++ [ vboxguestpkg ]; - }; - }; + users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ]; } diff --git a/makefu/5pkgs/4nxci/default.nix b/makefu/5pkgs/_4nxci/default.nix similarity index 55% rename from makefu/5pkgs/4nxci/default.nix rename to makefu/5pkgs/_4nxci/default.nix index 3aba3be45..dafa37ff6 100644 --- a/makefu/5pkgs/4nxci/default.nix +++ b/makefu/5pkgs/_4nxci/default.nix @@ -1,33 +1,31 @@ -{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }: +{ stdenv, lib, fetchFromGitHub, mbedtls, python2, perl }: let - - mymbedtls = lib.overrideDerivation mbedtls (old: rec { - name = "mbedtls-${version}"; - version = "2.13.0"; - src = fetchFromGitHub { - owner = "ARMmbed"; - repo = "mbedtls"; - rev = name; - sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j"; - }; - buildInputs = old.buildInputs ++ [ python2 ]; - postConfigure = '' - perl scripts/config.pl set MBEDTLS_CMAC_C - ''; - doCheck = false; - - }); -in stdenv.mkDerivation rec { - name = "4nxci-${version}"; - version = "1.30"; - + version = "1.35"; src = fetchFromGitHub { owner = "The-4n"; repo = "4NXCI"; rev = "v${version}"; - sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh"; + sha256 = "0yq0irxzi4wi71ajw8ld01zfpkrgknpq7g3m76pbnwmdzkm7dra6"; }; + mymbedtls = stdenv.mkDerivation { + name = "mbedtls-${version}"; + version = "2.6.1"; + doCheck = false; + inherit src; + buildInputs = [ perl ]; + phases = [ "unpackPhase" "buildPhase" "installPhase" ]; + makeFlags = [ "DESTDIR=$(out)" ]; + buildPhase = '' + cp config.mk.template config.mk + cd mbedtls + make + ''; + }; +in stdenv.mkDerivation rec { + name = "4nxci-${version}"; + + inherit src version; buildPhase = '' cp config.mk.template config.mk sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index 12d357913..11f9f59b8 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -572,9 +572,9 @@ local os = { do local cmds = { - "@networkmanagerapplet@/bin/nm-applet", - "@blueman@/bin/blueman-applet", - "@clipit@/bin/clipit" + -- "@networkmanagerapplet@/bin/nm-applet", + -- "@blueman@/bin/blueman-applet", + -- "@clipit@/bin/clipit" } for _,i in pairs(cmds) do diff --git a/makefu/5pkgs/cozy-audiobooks/default.nix b/makefu/5pkgs/cozy-audiobooks/default.nix deleted file mode 100644 index 870fa8ce2..000000000 --- a/makefu/5pkgs/cozy-audiobooks/default.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ stdenv, fetchFromGitHub -, ninja -, boost -, meson -, pkgconfig -, wrapGAppsHook -, appstream-glib -, desktop-file-utils -, gtk3 -, glib -, gst_all_1 -, gobjectIntrospection -, python3Packages -, file -, cairo , sqlite , gettext -, gnome3 -}: - -let - peewee = with python3Packages; buildPythonPackage rec { - # https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/python-peewee - pname = "peewee"; - version = "3.6.4"; - src = fetchPypi { - inherit pname version; - sha256 = "1fi4z9n86ri79gllwav0gv3hmwipzmkvivzfyszfqn9fi5zpp3ak"; - }; - doCheck = false; - - checkPhase = '' - python runtests.py - ''; - - buildInputs = [ - cython - sqlite - # psycopg2 - # mysql-connector - ]; - meta.license = stdenv.lib.licenses.mit; - }; -in -stdenv.mkDerivation rec { - name = "cozy-${version}"; - version = "0.6.0"; - - src = fetchFromGitHub { - owner = "geigi"; - repo = "cozy"; - rev = version; - sha256 = "1afl3qsn9h4k8fgp63z0ab9p5ashrg3g936a9rh3i9qydv6s3srd"; - }; - - postPatch = '' - chmod +x data/meson_post_install.py - patchShebangs data/meson_post_install.py - substituteInPlace cozy/magic/magic.py --replace "ctypes.util.find_library('magic')" "'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'" - ''; - postInstall = '' - wrapProgram $out/bin/com.github.geigi.cozy \ - --prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)" - - ''; - wrapPrefixVariables = [ "PYTHONPATH" ]; - - - nativeBuildInputs = [ - meson ninja pkgconfig - wrapGAppsHook - appstream-glib - desktop-file-utils - gobjectIntrospection - - ]; - buildInputs = with gst_all_1; [ gtk3 glib - gstreamer gst-plugins-good gst-plugins-ugly gst-plugins-base cairo gettext - gnome3.defaultIconTheme gnome3.gsettings-desktop-schemas - ] - ++ (with python3Packages; [ - python gst-python pygobject3 dbus-python mutagen peewee magic - - ]); - - checkPhase = '' - ninja test - ''; - - meta = with stdenv.lib; { - description = '' - A modern audio book player for Linux using GTK+ 3 - ''; - maintainers = [ maintainers.makefu ]; - license = licenses.mit; - }; -} diff --git a/makefu/5pkgs/custom/inkscape/dxf_fix.patch b/makefu/5pkgs/custom/inkscape/dxf_fix.patch deleted file mode 100644 index b7b491d4e..000000000 --- a/makefu/5pkgs/custom/inkscape/dxf_fix.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- ./share/extensions/dxf_outlines.py 2017-10-08 17:28:45.553368917 +0200 -+++ ./share/extensions/dxf_outlines.py.new 2017-10-08 17:29:20.172554152 +0200 -@@ -341,7 +341,7 @@ - if not scale: - scale = 25.4/96 # if no scale is specified, assume inch as baseunit - scale /= self.unittouu('1px') -- h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0]) -+ h = self.unittouu(self.documentHeight()) - self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]] - doc = self.document.getroot() - self.process_group(doc) - diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 390aabd73..6e86f4264 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -30,9 +30,6 @@ in { qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; inherit (callPackage ./devpi {}) devpi-web ; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; - inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { - patches = [ ./custom/inkscape/dxf_fix.patch ]; - }); } // (mapAttrs (_: flip callPackage {}) diff --git a/makefu/5pkgs/esniper/default.nix b/makefu/5pkgs/esniper/default.nix deleted file mode 100644 index a6aac5748..000000000 --- a/makefu/5pkgs/esniper/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }: - -stdenv.mkDerivation rec { - name = "${pname}-2-35-0"; - pname = "esniper"; - version = "2.35.0"; - src = fetchurl { - url = "mirror://sourceforge/${pname}/${name}.tgz"; - sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9"; - }; - - - buildInputs = [ openssl curl ]; - - # Add support for CURL_CA_BUNDLE variable. - # Fix . - patches = [ ./find-ca-bundle.patch ]; - - postInstall = '' - sed <"frontends/snipe" >"$out/bin/snipe" \ - -e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\"" - chmod 555 "$out/bin/snipe" - ''; - - meta = with stdenv.lib; { - description = "Simple, lightweight tool for sniping eBay auctions"; - homepage = http://esniper.sourceforge.net; - license = licenses.gpl2; - maintainers = with maintainers; [ lovek323 peti ]; - platforms = platforms.all; - }; -} diff --git a/makefu/5pkgs/esniper/find-ca-bundle.patch b/makefu/5pkgs/esniper/find-ca-bundle.patch deleted file mode 100644 index e4df272a0..000000000 --- a/makefu/5pkgs/esniper/find-ca-bundle.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c ---- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100 -+++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200 -@@ -200,6 +200,9 @@ - int - initCurlStuff(void) - { -+ /* Path to OpenSSL bundle file. */ -+ const char *ssl_capath=NULL; -+ - /* list for custom headers */ - struct curl_slist *slist=NULL; - -@@ -241,6 +244,12 @@ - if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, ""))) - return initCurlStuffFailed(); - -+ /* If the environment variable CURL_CA_BUNDLE is set, pass through its -+ * contents to curl. */ -+ if ((ssl_capath = getenv("CURL_CA_BUNDLE"))) -+ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath))) -+ return initCurlStuffFailed(); -+ - slist = curl_slist_append(slist, "Accept: text/*"); - slist = curl_slist_append(slist, "Accept-Language: en"); - slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8"); diff --git a/makefu/5pkgs/ifdnfc/default.nix b/makefu/5pkgs/ifdnfc/default.nix deleted file mode 100644 index cc7956c8c..000000000 --- a/makefu/5pkgs/ifdnfc/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ stdenv, fetchFromGitHub , pkgconfig -, pcsclite -, autoreconfHook -, libnfc -}: - -stdenv.mkDerivation rec { - name = "ifdnfc-${version}"; - version = "2016-03-01"; - - src = fetchFromGitHub { - owner = "nfc-tools"; - repo = "ifdnfc"; - rev = "0e48e8e"; - sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg"; - }; - nativeBuildInputs = [ pkgconfig autoreconfHook ]; - buildInputs = [ pcsclite libnfc ]; - - configureFlags = [ "--prefix=$(out)" ]; - makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ]; - - meta = with stdenv.lib; { - description = "PC/SC IFD Handler based on libnfc"; - long_description = - '' libnfc Interface Plugin to be used in services.pcscd.plugins. - It provides support for all readers which are not supported by ccid but by libnfc. - - For activating your reader you need to run - ifdnfc-activate yes with this package in your - environment.systemPackages - - To use your reader you may need to blacklist your reader kernel modules: - boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ]; - - Supports the pn533 smart-card reader chip which is for example used in - the SCM SCL3711. - ''; - homepage = https://github.com/nfc-tools/ifdnfc; - license = licenses.gpl3; - platforms = platforms.linux; - maintainers = with maintainers; [ makefu ]; - }; -} - diff --git a/makefu/5pkgs/jd-gui/default.nix b/makefu/5pkgs/jd-gui/default.nix deleted file mode 100644 index adefd80dd..000000000 --- a/makefu/5pkgs/jd-gui/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ stdenv, lib, pkgs, fetchurl, jre, makeWrapper, unzip }: -stdenv.mkDerivation rec { - name = "${packageName}-${version}"; - packageName = "jd-gui"; - version = "1.4.0"; - - src = fetchurl { - url = "https://github.com/java-decompiler/jd-gui/releases/download/v${version}/${name}.jar"; - sha256 = "0rvbplkhafb6s9aiwgcq4ffz4bvzyp7q511pd46hx4ahhzfg7lmx"; - }; - - nativeBuildInputs = [ makeWrapper unzip ]; - - phases = [ "installPhase" ]; - - installPhase = '' - f=$out/lib/jd-gui/ - bin=$out/bin - name=$(basename $src) - mkdir -p $f $bin - - # fixup path to java - cp $src $f - cat > $bin/jd-gui < - - #../2configs/copyq.nix - - - - - - ]; - - krebs.build.host = config.krebs.hosts.axon; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/pool/root"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices.crypted.device = "/dev/sda2"; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver = { - enable = true; - - displayManager.lightdm.enable = true; - }; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - atom - chromium - firefox - git - htop - keepassx - lmms - networkmanagerapplet - openvpn - python - ruby - steam - taskwarrior - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xhost}/bin/xhost + local: - ''; - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix deleted file mode 100644 index a09eed958..000000000 --- a/nin/1systems/hiawatha/config.nix +++ /dev/null @@ -1,126 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - - - #../2configs/copyq.nix - - - - - ]; - - krebs.build.host = config.krebs.hosts.hiawatha; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/home" = - { device = "/dev/fam/home"; - }; - - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - fileSystems."/home/nin/.local/share/Steam" = { - device = "/dev/fam/steam"; - }; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - firefox - git - lmms - networkmanagerapplet - python - steam - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix deleted file mode 100644 index 3cd0773ae..000000000 --- a/nin/1systems/onondaga/config.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - ]; - - krebs.build.host = config.krebs.hosts.onondaga; - - boot.isContainer = true; - networking.useDHCP = false; - - time.timeZone = "Europe/Amsterdam"; - - services.openssh.enable = true; -} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix deleted file mode 100644 index 343a9089d..000000000 --- a/nin/2configs/ableton.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, ... }: let - mainUser = config.users.extraUsers.nin; -in { - users.users= { - ableton = { - isNormalUser = true; - extraGroups = [ - "audio" - "video" - ]; - packages = [ - pkgs.wine - pkgs.winetricks - ]; - }; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(ableton) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix deleted file mode 100644 index 0616c4025..000000000 --- a/nin/2configs/copyq.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, ... }: -with import ; -let - copyqConfig = pkgs.writeDash "copyq-config" '' - ${pkgs.copyq}/bin/copyq config check_clipboard true - ${pkgs.copyq}/bin/copyq config check_selection true - ${pkgs.copyq}/bin/copyq config copy_clipboard true - ${pkgs.copyq}/bin/copyq config copy_selection true - - ${pkgs.copyq}/bin/copyq config activate_closes true - ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 - ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard - ${pkgs.copyq}/bin/copyq config disable_tray true - ${pkgs.copyq}/bin/copyq config hide_tabs true - ${pkgs.copyq}/bin/copyq config hide_toolbar true - ${pkgs.copyq}/bin/copyq config item_popup_interval true - ${pkgs.copyq}/bin/copyq config maxitems 1000 - ${pkgs.copyq}/bin/copyq config move true - ${pkgs.copyq}/bin/copyq config text_wrap true - ''; -in { - systemd.user.services.copyq = { - after = [ "graphical.target" ]; - wants = [ "graphical.target" ]; - wantedBy = [ "default.target" ]; - environment = { - DISPLAY = ":0"; - }; - serviceConfig = { - SyslogIdentifier = "copyq"; - ExecStart = "${pkgs.copyq}/bin/copyq"; - ExecStartPost = copyqConfig; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - }; - }; -} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix deleted file mode 100644 index 62f499a2d..000000000 --- a/nin/2configs/default.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -{ - imports = [ - ../2configs/vim.nix - - - { - users.extraUsers = - mapAttrs (_: h: { hashedPassword = h; }) - (import ); - } - { - users.users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - nin = { - name = "nin"; - uid = 1337; - home = "/home/nin"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "audio" - "fuse" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - }; - } - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { - environment.variables = { - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - }) - ]; - - networking.hostName = config.krebs.build.host.name; - nix.maxJobs = config.krebs.build.host.cores; - - krebs = { - enable = true; - search-domain = "r"; - build = { - user = config.krebs.users.nin; - }; - }; - - nix.useSandbox = true; - - users.mutableUsers = false; - - services.timesyncd.enable = true; - - #why is this on in the first place? - services.nscd.enable = false; - - boot.tmpOnTmpfs = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - ''; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - gs = "git status"; - }; - - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - proot - pavucontrol - populate - p7zip - termite - unzip - unrar - hashPassword - ]; - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' - else - PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - krebs.iptables = { - enable = true; - tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; - }; - - networking.dhcpcd.extraConfig = '' - noipv4ll - ''; -} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix deleted file mode 100644 index 4c4f0c3a0..000000000 --- a/nin/2configs/games.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; - vdoom = pkgs.writeDash "vdoom" '' - ${pkgs.zandronum}/bin/zandronum \ - -fov 120 \ - "$@" - ''; - doom = pkgs.writeDash "doom" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ - "$@" - ''; - doom1 = pkgs.writeDashBin "doom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - doom2 = pkgs.writeDashBin "doom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - vdoom1 = pkgs.writeDashBin "vdoom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - vdoom2 = pkgs.writeDashBin "vdoom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - - doomservercfg = pkgs.writeText "doomserver.cfg" '' - skill 7 - #survival true - #sv_maxlives 4 - #sv_norespawn true - #sv_weapondrop true - no_jump true - #sv_noweaponspawn true - sv_sharekeys true - sv_survivalcountdowntime 1 - sv_noteamselect true - sv_updatemaster false - #sv_coop_loseinventory true - #cl_startasspectator false - #lms_spectatorview false - ''; - - vdoomserver = pkgs.writeDashBin "vdoomserver" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - - ${pkgs.zandronum}/bin/zandronum-server \ - +exec ${doomservercfg} \ - "$@" - ''; - -in { - environment.systemPackages = with pkgs; [ - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - - hardware.pulseaudio.support32Bit = true; - -} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix deleted file mode 100644 index aed4a9f48..000000000 --- a/nin/2configs/git.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -let - - out = { - services.nginx.enable = true; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = public-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - stockholm = { - cgit.desc = "take all the computers hostage, they'll love you!"; - }; - }; - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = [ nin nin_h ]; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix deleted file mode 100644 index b078dbd53..000000000 --- a/nin/2configs/im.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -{ - environment.systemPackages = with pkgs; [ - (pkgs.writeDashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - ssh chat@onondaga - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - ]; -} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix deleted file mode 100644 index 821e3cc00..000000000 --- a/nin/2configs/retiolum.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: - -{ - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } - ]; - }; - }; - - krebs.tinc.retiolum = { - enable = true; - connectTo = [ - "prism" - "pigstarter" - "gum" - "flap" - ]; - }; - - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; -} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix deleted file mode 100644 index 621dfae82..000000000 --- a/nin/2configs/skype.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - mainUser = config.users.extraUsers.nin; - inherit (import ) genid; - -in { - users.extraUsers = { - skype = { - name = "skype"; - uid = genid "skype"; - description = "user for running skype"; - home = "/home/skype"; - useDefaultShell = true; - extraGroups = [ "audio" "video" ]; - createHome = true; - }; - }; - - krebs.per-user.skype.packages = [ - pkgs.skype - ]; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(skype) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix deleted file mode 100644 index 942446b01..000000000 --- a/nin/2configs/termite.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = [ - pkgs.termite - ]; - - krebs.per-user.nin.packages = let - termitecfg = pkgs.writeTextFile { - name = "termite-config"; - destination = "/etc/xdg/termite/config"; - text = '' - [colors] - foreground = #d0d7d0 - background = #000000 - ''; - }; - in [ - termitecfg - ]; - -} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix deleted file mode 100644 index 7b5d37611..000000000 --- a/nin/2configs/vim.nix +++ /dev/null @@ -1,355 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - out = { - environment.systemPackages = [ - vim - pkgs.pythonPackages.flake8 - ]; - - environment.etc.vimrc.source = vimrc; - - environment.variables.EDITOR = mkForce "vim"; - environment.variables.VIMINIT = ":so /etc/vimrc"; - }; - - vimrc = pkgs.writeText "vimrc" '' - set nocompatible - - set autoindent - set backspace=indent,eol,start - set backup - set backupdir=${dirs.backupdir}/ - set directory=${dirs.swapdir}// - set hlsearch - set incsearch - set laststatus=2 - set mouse=a - set noruler - set pastetoggle= - set runtimepath=${extra-runtimepath},$VIMRUNTIME - set shortmess+=I - set showcmd - set showmatch - set ttimeoutlen=0 - set undodir=${dirs.undodir} - set undofile - set undolevels=1000000 - set undoreload=1000000 - set viminfo='20,<1000,s100,h,n${files.viminfo} - set visualbell - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - set wildmode=longest,full - - set et ts=2 sts=2 sw=2 - - filetype plugin indent on - - set t_Co=256 - colorscheme hack - syntax on - - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - \ | syn match TabStop containedin=ALL /\t\+/ - \ | syn keyword Todo containedin=ALL TODO - - au BufRead,BufNewFile *.hs so ${hs.vim} - - au BufRead,BufNewFile *.nix so ${nix.vim} - - au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - - "Syntastic config - let g:syntastic_python_checkers=['flake8'] - - nmap q :buffer - nmap :buffer - - cnoremap - - noremap :q - vnoremap < >gv - - nnoremap [5^ :tabp - nnoremap [6^ :tabn - nnoremap [5@ :tabm -1 - nnoremap [6@ :tabm +1 - - nnoremap :tabp - nnoremap :tabn - inoremap :tabp - inoremap :tabn - - " - noremap Oa | noremap! Oa - noremap Ob | noremap! Ob - noremap Oc | noremap! Oc - noremap Od | noremap! Od - " <[C]S-{Up,Down,Right,Left> - noremap [a | noremap! [a - noremap [b | noremap! [b - noremap [c | noremap! [c - noremap [d | noremap! [d - vnoremap u - ''; - - extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - pkgs.vimPlugins.Syntastic - pkgs.vimPlugins.undotree - pkgs.vimPlugins.airline - (pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchgit { - url = git://github.com/bogado/file-line; - rev = "refs/tags/1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "hack"; - in { - name = "vim-color-${name}-1.0.2"; - destination = "/colors/${name}.vim"; - text = /* vim */ '' - set background=dark - hi clear - if exists("syntax_on") - syntax clear - endif - - let colors_name = ${toJSON name} - - hi Normal ctermbg=235 - hi Comment ctermfg=242 - hi Constant ctermfg=062 - hi Identifier ctermfg=068 - hi Function ctermfg=041 - hi Statement ctermfg=167 - hi PreProc ctermfg=167 - hi Type ctermfg=041 - hi Delimiter ctermfg=251 - hi Special ctermfg=062 - - hi Garbage ctermbg=088 - hi TabStop ctermbg=016 - hi Todo ctermfg=174 ctermbg=NONE - - hi NixCode ctermfg=148 - hi NixData ctermfg=149 - hi NixQuote ctermfg=150 - - hi diffNewFile ctermfg=207 - hi diffFile ctermfg=207 - hi diffLine ctermfg=207 - hi diffSubname ctermfg=207 - hi diffAdded ctermfg=010 - hi diffRemoved ctermfg=009 - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "vim"; - in { - name = "vim-syntax-${name}-1.0.0"; - destination = "/syntax/${name}.vim"; - text = /* vim */ '' - ${concatMapStringsSep "\n" (s: /* vim */ '' - syn keyword vimColor${s} ${s} - \ containedin=ALLBUT,vimComment,vimLineComment - hi vimColor${s} ctermfg=${s} - '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "showsyntax"; - in { - name = "vim-plugin-${name}-1.0.0"; - destination = "/plugin/${name}.vim"; - text = /* vim */ '' - if exists('g:loaded_showsyntax') - finish - endif - let g:loaded_showsyntax = 0 - - fu! ShowSyntax() - let id = synID(line("."), col("."), 1) - let name = synIDattr(id, "name") - let transName = synIDattr(synIDtrans(id),"name") - if name != transName - let name .= " (" . transName . ")" - endif - echo "Syntax: " . name - endfu - - command! -n=0 -bar ShowSyntax :call ShowSyntax() - ''; - }))) - ]; - - dirs = { - backupdir = "$HOME/.cache/vim/backup"; - swapdir = "$HOME/.cache/vim/swap"; - undodir = "$HOME/.cache/vim/undo"; - }; - files = { - viminfo = "$HOME/.cache/vim/info"; - }; - - mkdirs = let - dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); - in assert out != ""; out; - alldirs = attrValues dirs ++ map dirOf (attrValues files); - in unique (sort lessThan alldirs); - - vim = pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - exec ${pkgs.vim}/bin/vim "$@" - ''; - - - hs.vim = pkgs.writeText "hs.vim" '' - syn region String start=+\[[[:alnum:]]*|+ end=+|]+ - - hi link ConId Identifier - hi link VarId Identifier - hi link hsDelimiter Delimiter - ''; - - nix.vim = pkgs.writeText "nix.vim" '' - setf nix - - " Ref - syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ - syn match NixINT /\<[0-9]\+\>/ - syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ - syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ - syn region NixSTRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - syn region NixIND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - - syn match NixOther /[():/;=.,?\[\]]/ - - syn match NixCommentMatch /\(^\|\s\)#.*/ - syn region NixCommentRegion start="/\*" end="\*/" - - hi link NixCode Statement - hi link NixData Constant - hi link NixComment Comment - - hi link NixCommentMatch NixComment - hi link NixCommentRegion NixComment - hi link NixID NixCode - hi link NixINT NixData - hi link NixPATH NixData - hi link NixHPATH NixData - hi link NixSPATH NixData - hi link NixURI NixData - hi link NixSTRING NixData - hi link NixIND_STRING NixData - - hi link NixEnter NixCode - hi link NixOther NixCode - hi link NixQuote NixData - - syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings - syn cluster nix_ind_strings contains=NixIND_STRING - syn cluster nix_strings contains=NixSTRING - - ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let - startAlts = filter isString [ - ''/\* ${lang} \*/'' - extraStart - ]; - sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; - in /* vim */ '' - syn include @nix_${lang}_syntax syntax/${lang}.vim - unlet b:current_syntax - - syn match nix_${lang}_sigil - \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X - \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING - \ transparent - - syn region nix_${lang}_region_STRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn region nix_${lang}_region_IND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn cluster nix_ind_strings - \ add=nix_${lang}_region_IND_STRING - - syn cluster nix_strings - \ add=nix_${lang}_region_STRING - - syn cluster nix_has_dollar_curly - \ add=@nix_${lang}_syntax - '') { - c = {}; - cabal = {}; - haskell = {}; - sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - vim.extraStart = - ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; - })} - - " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. - syn clear shVarAssign - - syn region nixINSIDE_DOLLAR_CURLY - \ matchgroup=NixEnter - \ start="[$]{" - \ end="}" - \ contains=TOP - \ containedin=@nix_has_dollar_curly - \ transparent - - syn region nix_inside_curly - \ matchgroup=NixEnter - \ start="{" - \ end="}" - \ contains=TOP - \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly - \ transparent - - syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /\\./he=s+1 - \ containedin=@nix_strings - \ contained - - syn sync fromstart - - let b:current_syntax = "nix" - - set isk=@,48-57,_,192-255,-,' - set bg=dark - ''; -in -out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix deleted file mode 100644 index 6c0fb313e..000000000 --- a/nin/2configs/weechat.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ) genid; -in { - krebs.per-user.chat.packages = with pkgs; [ - mosh - weechat - tmux - ]; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; -} diff --git a/nin/default.nix b/nin/default.nix deleted file mode 100644 index c31d6d949..000000000 --- a/nin/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: -{ - imports = [ - ../krebs - ./2configs - ]; -} diff --git a/nin/krops.nix b/nin/krops.nix deleted file mode 100644 index fef8cc38b..000000000 --- a/nin/krops.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ name }: let - inherit (import ../krebs/krops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - krebs-source - { - nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; - secrets = if test then { - file = toString ./0tests/dummysecrets; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.krops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - target = "root@${name}/var/src"; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) - test = { target }: pkgs.krops.writeTest "${name}-test" { - force = true; - inherit target; - source = source { test = true; }; - }; -} diff --git a/submodules/krops b/submodules/krops index e2b296542..eb68146cc 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit e2b29654251367545700154ffbac806705dd04c0 +Subproject commit eb68146cc4848cfc0c0339c72a44a96fdeb4a1de diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index c26d4ab30..a653ce40d 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -15,7 +15,7 @@ with import ; # hardware configuration boot.initrd.luks.devices.muca = { - device = "/dev/disk/by-uuid/a8796bb3-6c03-4ddf-b2e4-c2e44c51d352"; + device = "/dev/disk/by-uuid/7b24a931-40b6-44a6-ba22-c805cf164e91"; }; boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; boot.initrd.availableKernelModules = [ "ahci" ]; @@ -25,16 +25,17 @@ with import ; fileSystems = { "/" = { device = "/dev/mapper/muvga-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; + fsType = "ext4"; + options = [ "defaults" "discard" ]; }; "/home" = { device = "/dev/mapper/muvga-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; + fsType = "ext4"; + options = [ "defaults" "discard" ]; }; "/boot" = { - device = "/dev/disk/by-uuid/DC38-F165"; + device = "/dev/disk/by-uuid/CEB1-9743"; + fsType = "vfat"; }; }; diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix index 01d67b5f5..6e7944cdf 100644 --- a/tv/1systems/querel/config.nix +++ b/tv/1systems/querel/config.nix @@ -25,7 +25,6 @@ with import ; }; environment.systemPackages = with pkgs; [ - chromium firefoxWrapper gimp kate @@ -63,8 +62,6 @@ with import ; networking.networkmanager.enable = true; - nixpkgs.config.chromium.enablePepperFlash = true; - programs.ssh.startAgent = false; services.xserver.enable = true; diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix index b75ad8bfc..d7673931c 100644 --- a/tv/2configs/bash/default.nix +++ b/tv/2configs/bash/default.nix @@ -13,6 +13,20 @@ with import ; shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion complete -d cd + + case $UID in + ${shell.escape (toString config.krebs.users.tv.uid)}) + if test ''${SHLVL-1} = 1; then + case ''${XMONAD_SPAWN_WORKSPACE-} in + stockholm) + cd ~/stockholm + ;; + esac + fi + + export NIX_PATH="stockholm=$HOME/stockholm:$NIX_PATH" + ;; + esac ''; promptInit = /* sh */ '' case $UID in @@ -32,14 +46,6 @@ with import ; if test -n "$SSH_AGENT_PID"; then PS1="ssh-agent[$SSH_AGENT_PID] $PS1" fi - - if test ''${SHLVL-1} = 1; then - case ''${XMONAD_SPAWN_WORKSPACE-} in - stockholm) - cd ~/stockholm - ;; - esac - fi ''; }; } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index d9ddc90d0..484a337b7 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -87,11 +87,6 @@ with import ; export SYSTEM="$1" exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' ''; - reload = "systemctl reload"; - restart = "systemctl restart"; - start = "systemctl start"; - status = "systemctl status"; - stop = "systemctl stop"; }; environment.variables = { diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 62c90d4e9..a89d1302c 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -76,6 +76,7 @@ let { }; } // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) { blessings = {}; + hc = {}; mime = {}; quipper = {}; scanner = {}; diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index c051b4261..2e679bd14 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -95,7 +95,7 @@ in users = { groups.pulse.gid = config.users.users.pulse.uid; users.pulse = { - uid = genid "pulse"; + uid = genid_uint31 "pulse"; group = "pulse"; extraGroups = [ "audio" ]; home = "${runDir}/home"; diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 77947dafa..7467e8e67 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -27,11 +27,6 @@ in { # 2014-09-24 ref https://github.com/4z3/xintmap http://www.mathstat.dal.ca/~selinger/quipper/ - ## other - - https://nixos.org/channels/nixos-18.03/git-revision - https://nixos.org/channels/nixos-unstable/git-revision - ## 2014-10-17 ## TODO update ~/src/login/default.nix #http://hackage.haskell.org/package/bcrypt diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 2ac7f7518..3794628c1 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -14,8 +14,25 @@ let { }; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + # cannot use pkgs.vimPlugins.fzf-vim as it's missing :Rg + (pkgs.vimUtils.buildVimPlugin { + name = "fzf-2018-11-14"; + src = pkgs.fetchgit { + url = https://github.com/junegunn/fzf.vim; + rev = "ad1833ecbc9153b6e34a4292dc089a58c4bcb8dc"; + sha256 = "1z2q71q6l9hq9fqfqpj1svhyk4yk1bzw1ljhksx4bnpz8gkfbx2m"; + }; + }) + pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree - pkgs.vimPlugins.vim-elixir + (pkgs.vimUtils.buildVimPlugin { + name = "vim-elixir-2018-08-17"; + src = pkgs.fetchgit { + url = https://github.com/elixir-editors/vim-elixir; + rev = "0a847f0faed5ba2d94bb3d51f355c50f37ba025b"; + sha256 = "1jl85wpgywhcvhgw02y8zpvqf0glr4i8522kxpvhsiacb1v1xh04"; + }; + }) (pkgs.vimUtils.buildVimPlugin { name = "vim-syntax-jq"; src = pkgs.fetchgit { @@ -112,7 +129,7 @@ let { command! -n=0 -bar ShowSyntax :call ShowSyntax() ''; }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { + ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" { "/syntax/haskell.vim".text = /* vim */ '' syn region String start=+\[[[:alnum:]]*|+ end=+|]+ @@ -222,26 +239,58 @@ let { " This is required because containedin isn't transitive. syn cluster nix_has_dollar_curly \ add=@nix_${lang}_syntax - '') { + '') (let + + capitalize = s: let + xs = stringToCharacters s; + in + toUpper (head xs) + concatStrings (tail xs); + + alts = xs: ''\(${concatStringsSep ''\|'' xs}\)''; + def = k: ''${k}[ \t\r\n]*=''; + writer = k: ''write${k}[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''; + + in { c = {}; cabal = {}; diff = {}; haskell = {}; - jq.extraStart = concatStringsSep ''\|'' [ - ''writeJq.*'' + jq.extraStart = alts [ + (writer "Jq") ''write[^ \t\r\n]*[ \t\r\n]*"[^"]*\.jq"'' ]; + javascript.extraStart = ''/\* js \*/''; lua = {}; - sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - sh.extraStart = concatStringsSep ''\|'' [ - ''write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'' - ''[a-z]*Phase[ \t\r\n]*='' + python.extraStart = ''/\* py \*/''; + sed.extraStart = writer "Sed"; + sh.extraStart = let + phases = [ + "unpack" + "patch" + "configure" + "build" + "check" + "install" + "fixup" + "installCheck" + "dist" + ]; + shells = [ + "ash" + "bash" + "dash" + ]; + in alts [ + (def "shellHook") + (def "${alts phases}Phase") + (def "${alts ["pre" "post"]}${alts (map capitalize phases)}") + (writer (alts (map capitalize shells))) ]; yaml = {}; vim.extraStart = ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; xdefaults = {}; - })} + }))} " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. syn clear shVarAssign @@ -309,6 +358,11 @@ let { paths = [ (pkgs.writeDashBin "vim" '' set -efu + export FZF_DEFAULT_COMMAND='${pkgs.ripgrep}/bin/rg --files' + export PATH=$PATH:${makeBinPath [ + pkgs.fzf + pkgs.ripgrep + ]} (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString need-dirs}) exec ${pkgs.vim}/bin/vim "$@" '') @@ -333,6 +387,7 @@ let { set shortmess+=I set showcmd set showmatch + set timeoutlen=0 set ttimeoutlen=0 set undodir=${dirs.undodir} set undofile @@ -385,5 +440,13 @@ let { noremap [c | noremap! [c noremap [d | noremap! [d vnoremap u + + " fzf + nnoremap q :Files + nnoremap w :Rg + + " edit alternate buffer + " For some reason neither putting 6 nor ^ works here... + nnoremap a  ''; } diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix index 627401dc6..4a0b0ae16 100644 --- a/tv/2configs/xp-332.nix +++ b/tv/2configs/xp-332.nix @@ -11,7 +11,7 @@ with import ; hardware.sane = { enable = true; extraBackends = [ - pkgs.utsushi + pkgs.utsushi-customized ]; }; @@ -19,7 +19,7 @@ with import ; elem (parseDrvName pkg.name).name [ "imagescan-plugin-networkscan" ]; nixpkgs.overlays = singleton (self: super: { - utsushi = super.utsushi.override { + utsushi-customized = self.utsushi.override { guiSupport = false; jpegSupport = false; networkSupport = true; diff --git a/tv/2configs/xserver/Xresources.nix b/tv/2configs/xserver/Xresources.nix index 1d4044480..d032efc7d 100644 --- a/tv/2configs/xserver/Xresources.nix +++ b/tv/2configs/xserver/Xresources.nix @@ -50,4 +50,9 @@ pkgs.writeText "Xresources" /* xdefaults */ '' root-urxvt*foreground: #e0c0c0 root-urxvt*BorderColor: #400000 root-urxvt*color0: #800000 + + fzmenu-urxvt*background: rgb:42/23/42 + fzmenu-urxvt*externalBorder: 1 + fzmenu-urxvt*geometry: 70x9 + fzmenu-urxvt*internalBorder: 1 '' diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index dbfa804d2..8d4b13fad 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -24,17 +24,6 @@ in { pkgs.xlibs.fontschumachermisc ]; - # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /run/wrappers/bin - krebs.setuid.slock = { - filename = "${pkgs.slock}/bin/slock"; - group = "wheel"; - envp = { - DISPLAY = ":${toString config.services.xserver.display}"; - USER = cfg.user.name; - }; - }; - services.xserver = { # Don't install feh into systemPackages @@ -57,12 +46,19 @@ in { systemd.services.display-manager.enable = false; - systemd.services.xmonad = { + systemd.services.xmonad = let + xmonad = "${pkgs.haskellPackages.xmonad-tv}/bin/xmonad"; + in { wantedBy = [ "graphical.target" ]; requires = [ "xserver.service" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; + FZMENU_FZF_DEFAULT_OPTS = toString [ + "--color=dark,border:126,bg+:090" + "--inline-info" + ]; + XMONAD_CACHE_DIR = cfg.cacheDir; XMONAD_CONFIG_DIR = cfg.configDir; XMONAD_DATA_DIR = cfg.dataDir; @@ -88,6 +84,14 @@ in { "za" "zh" "zj" "zs" ]); }; + path = [ + config.tv.slock.package + pkgs.fzmenu + pkgs.pulseaudioLight.out + pkgs.rxvt_unicode + pkgs.xcalib + "/run/wrappers" # for su + ]; serviceConfig = { SyslogIdentifier = "xmonad"; ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [ @@ -95,8 +99,8 @@ in { "\${XMONAD_CONFIG_DIR}" "\${XMONAD_DATA_DIR}" ]}"; - ExecStart = "${pkgs.xmonad-tv}/bin/xmonad"; - ExecStop = "${pkgs.xmonad-tv}/bin/xmonad --shutdown"; + ExecStart = "@${xmonad} xmonad-${currentSystem} "; + ExecStop = "@${xmonad} xmonad-${currentSystem} --shutdown"; User = cfg.user.name; WorkingDirectory = cfg.user.home; }; @@ -142,4 +146,9 @@ in { User = cfg.user.name; }; }; + + tv.slock = { + enable = true; + user = cfg.user; + }; } diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 493cc8b72..f53a58e9a 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -1,10 +1,12 @@ { imports = [ ./charybdis + ./dnsmasq.nix ./ejabberd ./hosts.nix ./iptables.nix ./nixpkgs-overlays.nix + ./slock.nix ./x0vncserver.nix ]; } diff --git a/tv/3modules/dnsmasq.nix b/tv/3modules/dnsmasq.nix new file mode 100644 index 000000000..ec927f98a --- /dev/null +++ b/tv/3modules/dnsmasq.nix @@ -0,0 +1,57 @@ +with import ; +{ config, ... }: let + cfg = config.tv.dnsmasq; +in { + + options.tv.dnsmasq = { + enable = mkEnableOption "tv.dnsmasq"; + dhcp-range = mkOption { + type = types.str; + }; + interface = mkOption { + type = types.str; + }; + address = mkOption { + type = types.str; + }; + prefixLength = mkOption { + type = types.addCheck types.int (x: x >= 0 && x <= 32); + }; + }; + + config = mkIf cfg.enable (mkMerge [ + { + networking.dhcpcd.denyInterfaces = [ cfg.interface ]; + services.dnsmasq.resolveLocalQueries = false; + networking.interfaces.${cfg.interface} = { + ipv4.addresses = singleton { + address = cfg.address; + prefixLength = cfg.prefixLength; + }; + }; + services.dnsmasq.enable = true; + services.dnsmasq.extraConfig = '' + dhcp-range=${cfg.dhcp-range} + interface=${cfg.interface} + ''; + tv.iptables.extra.filter.INPUT = [ + "-i ${cfg.interface} -p tcp -m tcp --dport bootps -j ACCEPT" + "-i ${cfg.interface} -p udp -m udp --dport bootps -j ACCEPT" + "-i ${cfg.interface} -p tcp -m tcp --dport domain -j ACCEPT" + "-i ${cfg.interface} -p udp -m udp --dport domain -j ACCEPT" + ]; + } + { + # enable forwarding + boot.kernel.sysctl."net.ipv4.ip_forward" = true; + tv.iptables.extra.filter.FORWARD = [ + "-m state --state RELATED,ESTABLISHED -j ACCEPT" + "-i ${cfg.interface} -j ACCEPT" + ]; + tv.iptables.extra.nat.POSTROUTING = [ + "-j MASQUERADE" + ]; + } + ]); + +} diff --git a/tv/3modules/ejabberd/config.nix b/tv/3modules/ejabberd/config.nix index 68bcfa340..a0631e226 100644 --- a/tv/3modules/ejabberd/config.nix +++ b/tv/3modules/ejabberd/config.nix @@ -87,7 +87,6 @@ in /* yaml */ '' mod_configure: {} mod_disco: {} mod_echo: {} - mod_irc: {} mod_bosh: {} mod_last: {} mod_offline: diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix new file mode 100644 index 000000000..1c84b1e9e --- /dev/null +++ b/tv/3modules/slock.nix @@ -0,0 +1,71 @@ +with import ; +{ config, pkgs, ... }: let + cfg = config.tv.slock; +in { + options.tv.slock = { + enable = mkEnableOption "tv.slock"; + package = mkOption { + default = pkgs.execBin "slock" rec { + filename = "${pkgs.systemd}/bin/systemctl"; + argv = [ filename "start" "slock-${cfg.user.name}.service" ]; + }; + type = types.package; + }; + user = mkOption { + type = types.user; + }; + }; + config = mkIf cfg.enable { + security.polkit.extraConfig = /* js */ '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && + action.lookup("unit") == "slock-${cfg.user.name}.service" && + subject.user == ${toJSON cfg.user.name}) { + return polkit.Result.YES; + } + }); + ''; + systemd.services."slock-${cfg.user.name}" = { + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" { + passAsFile = ["text"]; + text = /* c */ '' + #include + #include + + static struct spwd entry = { + .sp_namp = "", + .sp_pwdp = + ${toC config.users.users.${cfg.user.name}.hashedPassword}, + .sp_lstchg = 0, + .sp_min = 0, + .sp_max = 0, + .sp_warn = 0, + .sp_inact = 0, + .sp_expire = 0, + .sp_flag = 0, + }; + + extern struct spwd *getspnam(const char *name) { return &entry; } + extern int setgroups(size_t size, const gid_t *list) { return 0; } + extern int setgid(gid_t gid) { return 0; } + extern int setuid(uid_t uid) { return 0; } + ''; + } /* sh */ '' + gcc -Wall -shared -o $out -xc "$textPath" + ''; + }; + restartIfChanged = false; + serviceConfig = { + ExecStart = "${pkgs.slock}/bin/slock"; + OOMScoreAdjust = -1000; + Restart = "on-failure"; + RestartSec = "100ms"; + StartLimitBurst = 0; + SyslogIdentifier = "slock"; + User = cfg.user.name; + }; + }; + }; +} diff --git a/tv/5pkgs/haskell/default.nix b/tv/5pkgs/haskell/default.nix new file mode 100644 index 000000000..fcede2f9c --- /dev/null +++ b/tv/5pkgs/haskell/default.nix @@ -0,0 +1,20 @@ +with import ; +let + overrides = self: super: + mapNixDir (path: self.callPackage path {}) [ + + ./. + ]; +in + self: super: { + haskell = super.haskell // { + packages = mapAttrs (name: value: + if hasAttr "override" value + then value.override { inherit overrides; } + else value + ) super.haskell.packages; + }; + haskellPackages = super.haskellPackages.override { + inherit overrides; + }; + } diff --git a/tv/5pkgs/haskell/xmonad-tv/default.nix b/tv/5pkgs/haskell/xmonad-tv/default.nix new file mode 100644 index 000000000..42eb13d41 --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/default.nix @@ -0,0 +1,15 @@ +{ mkDerivation, base, containers, directory, extra, stdenv, unix +, X11, xmonad, xmonad-contrib, xmonad-stockholm +}: +mkDerivation { + pname = "xmonad-tv"; + version = "1.0.0"; + src = ./src; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + base containers directory extra unix X11 xmonad xmonad-contrib + xmonad-stockholm + ]; + license = stdenv.lib.licenses.mit; +} diff --git a/tv/5pkgs/haskell/xmonad-tv/shell.nix b/tv/5pkgs/haskell/xmonad-tv/shell.nix new file mode 100644 index 000000000..936e69627 --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/shell.nix @@ -0,0 +1,78 @@ +{ compiler ? "default" }: let + + stockholm = import ; + + inherit (stockholm.systems.${lib.krops.getHostName}) config pkgs; + inherit (stockholm) lib; + + haskellPackages = + if compiler == "default" + then pkgs.haskellPackages + else pkgs.haskell.packages.${compiler}; + + xmonadDrv = haskellPackages.callPackage (import ./.) {}; + +in + + lib.overrideDerivation xmonadDrv.env (oldAttrs: { + shellHook = '' + pkg_name=${lib.shell.escape (lib.baseNameOf (toString ./.))} + + WORKDIR=${toString ./src} + CACHEDIR=$HOME/tmp/$pkg_name + HISTFILE=$CACHEDIR/bash_history + + mkdir -p "$CACHEDIR" + + config_XMONAD_CACHE_DIR=${lib.shell.escape + config.systemd.services.xmonad.environment.XMONAD_CACHE_DIR + } + + xmonad=$CACHEDIR/xmonad-${lib.currentSystem} + + xmonad_build() {( + set -efu + cd "$WORKDIR" + options=$( + ${pkgs.cabal-read}/bin/ghc-options "$WORKDIR/$pkg_name.cabal" xmonad + ) + ghc $options \ + -odir "$CACHEDIR" \ + -hidir "$CACHEDIR" \ + -o "$xmonad" \ + main.hs + )} + + xmonad_restart() {( + set -efu + cd "$WORKDIR" + if systemctl is-active xmonad; then + sudo systemctl stop xmonad + cp -b "$config_XMONAD_CACHE_DIR"/xmonad.state "$CACHEDIR"/ + echo "xmonad.state: $(cat "$CACHEDIR"/xmonad.state)" + else + "$xmonad" --shutdown || : + fi + "$xmonad" & + echo xmonad pid: $! >&2 + )} + + xmonad_yield() {( + set -efu + "$xmonad" --shutdown + cp -b "$CACHEDIR"/xmonad.state "$config_XMONAD_CACHE_DIR"/ + sudo systemctl start xmonad + )} + + export PATH=${config.systemd.services.xmonad.path}:$PATH + export SHELL=/run/current-system/sw/bin/bash + + export XMONAD_CACHE_DIR="$CACHEDIR" + export XMONAD_DATA_DIR="$CACHEDIR" + export XMONAD_CONFIG_DIR=/var/empty + + unset XMONAD_STARTUP_HOOK + + cd "$WORKDIR" + ''; + }) diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs b/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs new file mode 100644 index 000000000..1029d60be --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs @@ -0,0 +1,15 @@ +module Helpers.Path where + +import qualified Data.List +import qualified System.Directory +import qualified System.IO.Unsafe + + +findExecutable :: String -> FilePath +findExecutable = + System.IO.Unsafe.unsafePerformIO . find + where + find name = + maybe failure id <$> System.Directory.findExecutable name + where + failure = error (Data.List.intercalate " " [name, "not found"]) diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs new file mode 100644 index 000000000..3a879b5d0 --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs @@ -0,0 +1,25 @@ +module Paths where + +import Helpers.Path + + +otpmenu :: FilePath +otpmenu = findExecutable "otpmenu" + +pactl :: FilePath +pactl = findExecutable "pactl" + +passmenu :: FilePath +passmenu = findExecutable "passmenu" + +slock :: FilePath +slock = findExecutable "slock" + +su :: FilePath +su = findExecutable "su" + +urxvtc :: FilePath +urxvtc = findExecutable "urxvtc" + +xcalib :: FilePath +xcalib = findExecutable "xcalib" diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs new file mode 100644 index 000000000..b7d4e9bca --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -0,0 +1,206 @@ +{-# LANGUAGE DeriveDataTypeable #-} -- for XS +{-# LANGUAGE FlexibleContexts #-} -- for xmonad' +{-# LANGUAGE LambdaCase #-} +{-# LANGUAGE ScopedTypeVariables #-} + + +module Main (main) where + +import System.Exit (exitFailure) + +import Control.Exception +import Control.Monad.Extra (whenJustM) +import Graphics.X11.ExtraTypes.XF86 +import Text.Read (readEither) +import XMonad +import System.IO (hPutStrLn, stderr) +import System.Environment (getArgs, getEnv, getEnvironment, lookupEnv) +import System.Posix.Process (executeFile) +import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace + , removeEmptyWorkspace) +import XMonad.Actions.CycleWS (toggleWS) +import XMonad.Layout.NoBorders ( smartBorders ) +import XMonad.Layout.ResizableTile (ResizableTall(ResizableTall)) +import XMonad.Layout.ResizableTile (MirrorResize(MirrorExpand,MirrorShrink)) +import qualified XMonad.StackSet as W +import Data.Map (Map) +import qualified Data.Map as Map +import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) +import XMonad.Hooks.ManageHelpers (doCenterFloat) +import XMonad.Hooks.Place (placeHook, smart) +import XMonad.Actions.PerWorkspaceKeys (chooseAction) + +import XMonad.Stockholm.Pager +import XMonad.Stockholm.Shutdown +import qualified Paths + + +myFont :: String +myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" + + +main :: IO () +main = getArgs >>= \case + [] -> mainNoArgs + ["--shutdown"] -> shutdown + args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure + + +mainNoArgs :: IO () +mainNoArgs = do + let width = 1366 + workspaces0 <- getWorkspaces0 + handleShutdownEvent <- newShutdownEventHandler + xmonad + $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") + $ def + { terminal = Paths.urxvtc + , modMask = mod4Mask + , keys = myKeys + , workspaces = workspaces0 + , layoutHook = + smartBorders $ + ResizableTall + 1 + (10 * 6 / width) + ((80 * 6 + 2 * (1+1+1))/width) [] + ||| + Full + , manageHook = + composeAll + [ appName =? "fzmenu-urxvt" --> doCenterFloat + , appName =? "pinentry" --> doCenterFloat + , placeHook (smart (1,0)) + ] + , startupHook = + whenJustM (io (lookupEnv "XMONAD_STARTUP_HOOK")) + (\path -> forkFile path [] Nothing) + , normalBorderColor = "#1c1c1c" + , focusedBorderColor = "#f000b0" + , handleEventHook = handleShutdownEvent + } + + +getWorkspaces0 :: IO [String] +getWorkspaces0 = + try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case + Left e -> warn (displaySomeException e) + Right p -> try (readFile p) >>= \case + Left e -> warn (displaySomeException e) + Right x -> case readEither x of + Left e -> warn e + Right y -> return y + where + warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return [] + + +displaySomeException :: SomeException -> String +displaySomeException = displayException + + +forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () +forkFile path args env = + xfork (executeFile path False args env) >> return () + + +spawnRootTerm :: X () +spawnRootTerm = + forkFile + Paths.urxvtc + ["-name", "root-urxvt", "-e", Paths.su, "-"] + Nothing + + +spawnTermAt :: String -> X () +spawnTermAt ws = do + env <- io getEnvironment + let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env + forkFile Paths.urxvtc [] (Just env') + + +myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) +myKeys conf = Map.fromList $ + [ ((_4 , xK_Escape ), forkFile Paths.slock [] Nothing) + , ((_4S , xK_c ), kill) + + , ((_4 , xK_o ), forkFile Paths.otpmenu [] Nothing) + , ((_4 , xK_p ), forkFile Paths.passmenu [] Nothing) + + , ((_4 , xK_x ), chooseAction spawnTermAt) + , ((_4C , xK_x ), spawnRootTerm) + + , ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) + , ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) + , ((_C , xK_Menu ), toggleWS) + + , ((_4 , xK_space ), sendMessage NextLayout) + , ((_4M , xK_space ), resetLayout) + + , ((_4 , xK_m ), windows W.focusMaster) + , ((_4 , xK_j ), windows W.focusDown) + , ((_4 , xK_k ), windows W.focusUp) + + , ((_4S , xK_m ), windows W.swapMaster) + , ((_4S , xK_j ), windows W.swapDown) + , ((_4S , xK_k ), windows W.swapUp) + + , ((_4M , xK_h ), sendMessage Shrink) + , ((_4M , xK_l ), sendMessage Expand) + + , ((_4M , xK_j ), sendMessage MirrorShrink) + , ((_4M , xK_k ), sendMessage MirrorExpand) + + , ((_4 , xK_t ), withFocused $ windows . W.sink) + + , ((_4 , xK_comma ), sendMessage $ IncMasterN 1) + , ((_4 , xK_period ), sendMessage $ IncMasterN (-1)) + + , ((_4 , xK_a ), addWorkspacePrompt def) + , ((_4 , xK_r ), renameWorkspace def) + , ((_4 , xK_Delete ), removeEmptyWorkspace) + + , ((_4 , xK_Return ), toggleWS) + + , ((0, xF86XK_AudioLowerVolume), audioLowerVolume) + , ((0, xF86XK_AudioRaiseVolume), audioRaiseVolume) + , ((0, xF86XK_AudioMute), audioMute) + + , ((_4, xK_Prior), forkFile Paths.xcalib ["-invert", "-alter"] Nothing) + ] + where + _4 = mod4Mask + _C = controlMask + _S = shiftMask + _M = mod1Mask + _4C = _4 .|. _C + _4S = _4 .|. _S + _4M = _4 .|. _M + _4CM = _4 .|. _C .|. _M + _4SM = _4 .|. _S .|. _M + + pactl args = forkFile Paths.pactl args Nothing + audioLowerVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "-5%"] + audioRaiseVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "+5%"] + audioMute = pactl ["--", "set-sink-mute", "@DEFAULT_SINK@", "toggle"] + + resetLayout = setLayout $ XMonad.layoutHook conf + + +pagerConfig :: PagerConfig +pagerConfig = def + { pc_font = myFont + , pc_cellwidth = 64 + , pc_matchmethod = MatchPrefix + , pc_windowColors = windowColors + } + where + windowColors _ _ _ True _ = ("#ef4242","#ff2323") + windowColors wsf m c u wf = do + let y = defaultWindowColors wsf m c u wf + if m == False && wf == True + then ("#402020", snd y) + else y + + +allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] +allWorkspaceNames = return . map W.tag . W.workspaces diff --git a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal new file mode 100644 index 000000000..f10bc4aeb --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal @@ -0,0 +1,25 @@ +name: xmonad-tv +version: 1.0.0 +license: MIT +author: tv +maintainer: tv +build-type: Simple +cabal-version: >=1.10 + +executable xmonad + main-is: main.hs + build-depends: + base, + containers, + directory, + extra, + unix, + X11, + xmonad, + xmonad-contrib, + xmonad-stockholm + other-modules: + Helpers.Path, + Paths + default-language: Haskell2010 + ghc-options: -O2 -Wall -threaded diff --git a/tv/5pkgs/simple/default.nix b/tv/5pkgs/simple/default.nix index 1b9d8c235..6ba4fec83 100644 --- a/tv/5pkgs/simple/default.nix +++ b/tv/5pkgs/simple/default.nix @@ -15,10 +15,4 @@ let else override; in - listToAttrs - (map - (name: nameValuePair (removeSuffix ".nix" name) - (callPackage (./. + "/${name}") {})) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) + mapNixDir (path: callPackage path {}) ./. diff --git a/tv/5pkgs/simple/disko.nix b/tv/5pkgs/simple/disko.nix new file mode 100644 index 000000000..de8f1df22 --- /dev/null +++ b/tv/5pkgs/simple/disko.nix @@ -0,0 +1,13 @@ +{ fetchgit }: + +let + src = fetchgit { + url = https://cgit.krebsco.de/disko; + rev = "16cd458af06d3caf687eb7d80ca3df26b71fe28c"; + sha256 = "16cd458af06d3caf687eb7d80ca3df26b71fe28c"; + }; +in + +{ + lib = import "${src}/lib"; +} diff --git a/tv/5pkgs/simple/fzmenu/bin/otpmenu b/tv/5pkgs/simple/fzmenu/bin/otpmenu new file mode 100755 index 000000000..ad8a0fda9 --- /dev/null +++ b/tv/5pkgs/simple/fzmenu/bin/otpmenu @@ -0,0 +1,41 @@ +#! /bin/sh +set -efu + +#PATH= + +case ${FZMENU_PHASE-0} in + 0) + export FZMENU_PHASE=1 + exec setsid -f urxvt -name fzmenu-urxvt -e dash "$0" + ;; + 1) + if result=$( + FZF_DEFAULT_OPTS=${FZMENU_FZF_DEFAULT_OPTS-} + if test -n "$FZF_DEFAULT_OPTS"; then + export FZF_DEFAULT_OPTS + fi + pass git ls-files '*/otp.gpg' | \ + sed ' + + s/\/otp\.gpg$// + ' | + exec fzf \ + --history=/dev/null \ + --no-sort \ + --prompt='OTP: ' \ + ) + then + export FZMENU_PHASE=2 + export FZMENU_RESULT="$result" + setsid -f "$0" + fi + ;; + 2) + pass=$(pass otp code "$FZMENU_RESULT/otp") + printf %s "$pass" | + xdotool type -f - + ;; + *) + echo "$0: error: bad phase: $FZMENU_PHASE" >&2 + exit -1 +esac diff --git a/tv/5pkgs/simple/fzmenu/bin/passmenu b/tv/5pkgs/simple/fzmenu/bin/passmenu new file mode 100755 index 000000000..00b36c3af --- /dev/null +++ b/tv/5pkgs/simple/fzmenu/bin/passmenu @@ -0,0 +1,41 @@ +#! /bin/sh +set -efu + +#PATH= + +case ${FZMENU_PHASE-0} in + 0) + export FZMENU_PHASE=1 + exec setsid -f urxvt -name fzmenu-urxvt -e dash "$0" + ;; + 1) + if result=$( + FZF_DEFAULT_OPTS=${FZMENU_FZF_DEFAULT_OPTS-} + if test -n "$FZF_DEFAULT_OPTS"; then + export FZF_DEFAULT_OPTS + fi + pass git ls-files '*/*.gpg' | \ + sed ' + /\/otp\.gpg$:/d + s/\.gpg$// + ' | + exec fzf \ + --history=/dev/null \ + --no-sort \ + --prompt='pass: ' \ + ) + then + export FZMENU_PHASE=2 + export FZMENU_RESULT="$result" + setsid -f "$0" + fi + ;; + 2) + pass=$(pass show "$FZMENU_RESULT") + printf %s "$pass" | + xdotool type -f - + ;; + *) + echo "$0: error: bad phase: $FZMENU_PHASE" >&2 + exit -1 +esac diff --git a/tv/5pkgs/simple/fzmenu/default.nix b/tv/5pkgs/simple/fzmenu/default.nix new file mode 100644 index 000000000..c49c903c6 --- /dev/null +++ b/tv/5pkgs/simple/fzmenu/default.nix @@ -0,0 +1,34 @@ +{ coreutils, dash, gnused, fzf, pass, runCommand, rxvt_unicode, stdenv, utillinux, xdotool }: + +runCommand "fzmenu" { +} /* sh */ '' + mkdir $out + + cp -r ${./bin} $out/bin + + substituteInPlace $out/bin/otpmenu \ + --replace '#! /bin/sh' '#! ${dash}/bin/dash' \ + --replace '#PATH=' PATH=${stdenv.lib.makeBinPath [ + coreutils + dash + fzf + gnused + pass + rxvt_unicode + utillinux + xdotool + ]} + + substituteInPlace $out/bin/passmenu \ + --replace '#! /bin/sh' '#! ${dash}/bin/dash' \ + --replace '#PATH=' PATH=${stdenv.lib.makeBinPath [ + coreutils + dash + fzf + gnused + pass + rxvt_unicode + utillinux + xdotool + ]} +'' diff --git a/tv/5pkgs/simple/hc.nix b/tv/5pkgs/simple/hc.nix new file mode 100644 index 000000000..4d325e16c --- /dev/null +++ b/tv/5pkgs/simple/hc.nix @@ -0,0 +1,37 @@ +{ coreutils, fetchgit, findutils, gawk, gnugrep, makeWrapper, qrencode, stdenv, texlive, utillinux, zbar }: + +stdenv.mkDerivation rec { + name = "hc-${meta.version}"; + + src = fetchgit { + url = "https://cgit.krebsco.de/hc"; + rev = "refs/tags/v${meta.version}"; + sha256 = "09349gja22p0j3xs082kp0fnaaada14bafszn4r3q7rg1id2slfb"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + buildPhase = null; + + installPhase = '' + mkdir -p $out/bin + + cp $src/bin/hc $out/bin/hc + + wrapProgram $out/bin/hc \ + --prefix PATH : ${stdenv.lib.makeBinPath [ + coreutils + findutils + gawk + gnugrep + qrencode + texlive.combined.scheme-full + utillinux + zbar + ]} + ''; + + meta = { + version = "1.0.0"; + }; +} diff --git a/tv/5pkgs/simple/otpmenu.nix b/tv/5pkgs/simple/otpmenu.nix deleted file mode 100644 index b35e1601f..000000000 --- a/tv/5pkgs/simple/otpmenu.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ dmenu, gnused, pass, writeDashBin, xdotool }: - -writeDashBin "otpmenu" '' - set -efu - - x=$( - ${pass}/bin/pass git ls-files '*/otp.gpg' \ - | ${gnused}/bin/sed 's:/otp\.gpg$::' \ - | ${dmenu}/bin/dmenu -f -p OTP - ) - - otp=$(${pass}/bin/pass otp code "$x/otp") - - printf %s "$otp" | ${xdotool}/bin/xdotool type -f - -'' diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix index 655c75e1b..cbcec1bae 100644 --- a/tv/5pkgs/simple/q/default.nix +++ b/tv/5pkgs/simple/q/default.nix @@ -71,6 +71,11 @@ let '+%Y-%m-%dT%H:%M:%S%:z' ''; + q-utcdate = '' + ${pkgs.coreutils}/bin/date -u \ + '+%Y-%m-%dT%H:%M:%S%:z' + ''; + q-gitdir = '' if test -d .git; then #git status --porcelain @@ -295,6 +300,7 @@ pkgs.writeBashBin "q" '' set -eu export PATH=/var/empty ${q-cal} + ${q-utcdate} ${q-isodate} ${q-sgtdate} (${q-gitdir}) & diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix deleted file mode 100644 index 1168f10c8..000000000 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ /dev/null @@ -1,295 +0,0 @@ -{ pkgs, ... }: -pkgs.writeHaskellPackage "xmonad-tv" { - executables.xmonad = { - extra-depends = [ - "containers" - "extra" - "unix" - "X11" - "xmonad" - "xmonad-contrib" - "xmonad-stockholm" - ]; - text = /* haskell */ '' -{-# LANGUAGE DeriveDataTypeable #-} -- for XS -{-# LANGUAGE FlexibleContexts #-} -- for xmonad' -{-# LANGUAGE LambdaCase #-} -{-# LANGUAGE ScopedTypeVariables #-} - - -module Main where - -import Control.Exception -import Control.Monad.Extra (whenJustM) -import Graphics.X11.ExtraTypes.XF86 -import Text.Read (readEither) -import XMonad -import System.IO (hPutStrLn, stderr) -import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv) -import System.Posix.Process (executeFile) -import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace - , removeEmptyWorkspace) -import XMonad.Actions.GridSelect -import XMonad.Actions.CycleWS (toggleWS) ---import XMonad.Actions.CopyWindow ( copy ) -import XMonad.Layout.NoBorders ( smartBorders ) -import qualified XMonad.StackSet as W -import Data.Map (Map) -import qualified Data.Map as Map --- TODO import XMonad.Layout.WorkspaceDir -import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) --- import XMonad.Layout.Tabbed ---import XMonad.Layout.MouseResizableTile -import XMonad.Layout.Reflect (reflectVert) -import XMonad.Layout.FixedColumn (FixedColumn(..)) -import XMonad.Hooks.Place (placeHook, smart) -import XMonad.Hooks.FloatNext (floatNextHook) -import XMonad.Actions.PerWorkspaceKeys (chooseAction) -import XMonad.Layout.PerWorkspace (onWorkspace) ---import XMonad.Layout.BinarySpacePartition - ---import XMonad.Actions.Submap -import XMonad.Stockholm.Pager -import XMonad.Stockholm.Rhombus -import XMonad.Stockholm.Shutdown - - -amixerPath :: FilePath -amixerPath = "${pkgs.alsaUtils}/bin/amixer" - -urxvtcPath :: FilePath -urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc" - -myFont :: String -myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" - -main :: IO () -main = getArgs >>= \case - ["--shutdown"] -> sendShutdownEvent - _ -> mainNoArgs - -mainNoArgs :: IO () -mainNoArgs = do - workspaces0 <- getWorkspaces0 - xmonad - -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } - -- urgencyConfig { remindWhen = Every 1 } - -- $ withUrgencyHook borderUrgencyHook "magenta" - -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never } - $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") - $ def - { terminal = urxvtcPath - , modMask = mod4Mask - , keys = myKeys - , workspaces = workspaces0 - , layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full - -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent - --, handleEventHook = handleTimerEvent - , manageHook = placeHook (smart (1,0)) <+> floatNextHook - , startupHook = - whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) - (\path -> forkFile path [] Nothing) - , normalBorderColor = "#1c1c1c" - , focusedBorderColor = "#f000b0" - , handleEventHook = handleShutdownEvent - } - - -getWorkspaces0 :: IO [String] -getWorkspaces0 = - try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case - Left e -> warn (displaySomeException e) - Right p -> try (readFile p) >>= \case - Left e -> warn (displaySomeException e) - Right x -> case readEither x of - Left e -> warn e - Right y -> return y - where - warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return [] - -displaySomeException :: SomeException -> String -displaySomeException = displayException - - -forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () -forkFile path args env = - xfork (executeFile path False args env) >> return () - -spawnRootTerm :: X () -spawnRootTerm = - forkFile - urxvtcPath - ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"] - Nothing - -spawnTermAt :: String -> X () -spawnTermAt ws = do - env <- liftIO getEnvironment - let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env - forkFile urxvtcPath [] (Just env') - -myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) -myKeys conf = Map.fromList $ - [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) - , ((_4S , xK_c ), kill) - - , ((_4 , xK_o ), forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing) - , ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing) - - , ((_4 , xK_x ), chooseAction spawnTermAt) - , ((_4C , xK_x ), spawnRootTerm) - - --, ((_4 , xK_F1 ), withFocused jojo) - --, ((_4 , xK_F1 ), printAllGeometries) - - , ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) - , ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) - , ((_C , xK_Menu ), toggleWS) - , ((_4 , xK_Menu ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] ) - - -- %! Rotate through the available layout algorithms - , ((_4 , xK_space ), sendMessage NextLayout) - , ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout - - ---- BinarySpacePartition - --, ((_4 , xK_l), sendMessage $ ExpandTowards R) - --, ((_4 , xK_h), sendMessage $ ExpandTowards L) - --, ((_4 , xK_j), sendMessage $ ExpandTowards D) - --, ((_4 , xK_k), sendMessage $ ExpandTowards U) - --, ((_4S , xK_l), sendMessage $ ShrinkFrom R) - --, ((_4S , xK_h), sendMessage $ ShrinkFrom L) - --, ((_4S , xK_j), sendMessage $ ShrinkFrom D) - --, ((_4S , xK_k), sendMessage $ ShrinkFrom U) - --, ((_4 , xK_n), sendMessage Rotate) - --, ((_4S , xK_n), sendMessage Swap) - - ---- mouseResizableTile - --, ((_4 , xK_u), sendMessage ShrinkSlave) - --, ((_4 , xK_i), sendMessage ExpandSlave) - - -- move focus up or down the window stack - --, ((_4 , xK_m ), windows W.focusMaster) - , ((_4 , xK_j ), windows W.focusDown) - , ((_4 , xK_k ), windows W.focusUp) - - -- modifying the window order - , ((_4S , xK_m ), windows W.swapMaster) - , ((_4S , xK_j ), windows W.swapDown) - , ((_4S , xK_k ), windows W.swapUp) - - -- resizing the master/slave ratio - , ((_4 , xK_h ), sendMessage Shrink) -- %! Shrink the master area - , ((_4 , xK_l ), sendMessage Expand) -- %! Expand the master area - - -- floating layer support - , ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling - - -- increase or decrease number of windows in the master area - , ((_4 , xK_comma ), sendMessage $ IncMasterN 1) - , ((_4 , xK_period ), sendMessage $ IncMasterN (-1)) - - , ((_4 , xK_a ), addWorkspacePrompt def) - , ((_4 , xK_r ), renameWorkspace def) - , ((_4 , xK_Delete ), removeEmptyWorkspace) - - , ((_4 , xK_Return ), toggleWS) - --, (0 , xK_Menu ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view) - --, (_4 , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view) - --, (_4S , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.shift) - --, (_4 , xK_b ) & \k -> (k, goToSelected wGSConfig { gs_navigate = makeGSNav k }) - , ((noModMask, xF86XK_AudioLowerVolume), amixer ["sset", "Master", "5%-"]) - , ((noModMask, xF86XK_AudioRaiseVolume), amixer ["sset", "Master", "5%+"]) - , ((noModMask, xF86XK_AudioMute), amixer ["sset", "Master", "toggle"]) - ] - where - _4 = mod4Mask - _C = controlMask - _S = shiftMask - _M = mod1Mask - _4C = _4 .|. _C - _4S = _4 .|. _S - _4M = _4 .|. _M - _4CM = _4 .|. _C .|. _M - _4SM = _4 .|. _S .|. _M - - amixer args = forkFile amixerPath args Nothing - - -pagerConfig :: PagerConfig -pagerConfig = def - { pc_font = myFont - , pc_cellwidth = 64 - --, pc_cellheight = 36 -- TODO automatically keep screen aspect - --, pc_borderwidth = 1 - --, pc_matchcolor = "#f0b000" - , pc_matchmethod = MatchPrefix - --, pc_colors = pagerWorkspaceColors - , pc_windowColors = windowColors - } - where - windowColors _ _ _ True _ = ("#ef4242","#ff2323") - windowColors wsf m c u wf = do - let y = defaultWindowColors wsf m c u wf - if m == False && wf == True - then ("#402020", snd y) - else y - -horseConfig :: RhombusConfig -horseConfig = def - { rc_font = myFont - , rc_cellwidth = 64 - --, rc_cellheight = 36 -- TODO automatically keep screen aspect - --, rc_borderwidth = 1 - --, rc_matchcolor = "#f0b000" - , rc_matchmethod = MatchPrefix - --, rc_colors = pagerWorkspaceColors - --, rc_paint = myPaint - } - -wGSConfig :: GSConfig Window -wGSConfig = def - { gs_cellheight = 20 - , gs_cellwidth = 192 - , gs_cellpadding = 5 - , gs_font = myFont - , gs_navigate = navNSearch - } - --- wsGSConfig = def --- { gs_cellheight = 20 --- , gs_cellwidth = 64 --- , gs_cellpadding = 5 --- , gs_font = myFont --- , gs_navigate = navNSearch --- } - --- custom navNSearch ---makeGSNav :: (KeyMask, KeySym) -> TwoD a (Maybe a) ---makeGSNav esc = nav --- where --- nav = makeXEventhandler $ shadowWithKeymap keyMap navNSearchDefaultHandler --- keyMap = Map.fromList --- [ (esc , cancel) --- , ((0,xK_Escape) , cancel) --- , ((0,xK_Return) , select) --- , ((0,xK_Left) , move (-1, 0) >> nav) --- , ((0,xK_Right) , move ( 1, 0) >> nav) --- , ((0,xK_Down) , move ( 0, 1) >> nav) --- , ((0,xK_Up) , move ( 0,-1) >> nav) --- , ((0,xK_BackSpace) , transformSearchString (\s -> if (s == "") then "" else init s) >> nav) --- ] --- -- The navigation handler ignores unknown key symbols, therefore we const --- navNSearchDefaultHandler (_,s,_) = do --- transformSearchString (++ s) --- nav - - -(&) :: a -> (a -> c) -> c -(&) = flip ($) - -allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] -allWorkspaceNames ws = - return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws] - ''; - }; -} diff --git a/tv/default.nix b/tv/default.nix index d077cc09f..10b09f2af 100644 --- a/tv/default.nix +++ b/tv/default.nix @@ -1,9 +1,15 @@ -{ pkgs, ... }: { + imports = [ ../krebs ./2configs ./3modules ]; - nixpkgs.config.packageOverrides = import ./5pkgs pkgs; + + nixpkgs = { + overlays = [ + (import ./5pkgs) + ]; + }; + } diff --git a/tv/krops.nix b/tv/krops.nix index e922630f7..af0e8616a 100644 --- a/tv/krops.nix +++ b/tv/krops.nix @@ -7,7 +7,7 @@ ; source = lib.evalSource [ - krebs-source + (krebs-source { test = true; }) { nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; secrets.file = toString ./dummy_secrets;