From 4cf1dfeef28e3571eac3e8a4495347f778e9c0a5 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 30 Sep 2018 01:25:06 +0200 Subject: [PATCH 001/209] ma pkgs._4nxci: re-package 4nxci's version of mbedtls --- makefu/5pkgs/{4nxci => _4nxci}/default.nix | 44 +++++++++++----------- 1 file changed, 21 insertions(+), 23 deletions(-) rename makefu/5pkgs/{4nxci => _4nxci}/default.nix (55%) diff --git a/makefu/5pkgs/4nxci/default.nix b/makefu/5pkgs/_4nxci/default.nix similarity index 55% rename from makefu/5pkgs/4nxci/default.nix rename to makefu/5pkgs/_4nxci/default.nix index 3aba3be45..dafa37ff6 100644 --- a/makefu/5pkgs/4nxci/default.nix +++ b/makefu/5pkgs/_4nxci/default.nix @@ -1,33 +1,31 @@ -{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }: +{ stdenv, lib, fetchFromGitHub, mbedtls, python2, perl }: let - - mymbedtls = lib.overrideDerivation mbedtls (old: rec { - name = "mbedtls-${version}"; - version = "2.13.0"; - src = fetchFromGitHub { - owner = "ARMmbed"; - repo = "mbedtls"; - rev = name; - sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j"; - }; - buildInputs = old.buildInputs ++ [ python2 ]; - postConfigure = '' - perl scripts/config.pl set MBEDTLS_CMAC_C - ''; - doCheck = false; - - }); -in stdenv.mkDerivation rec { - name = "4nxci-${version}"; - version = "1.30"; - + version = "1.35"; src = fetchFromGitHub { owner = "The-4n"; repo = "4NXCI"; rev = "v${version}"; - sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh"; + sha256 = "0yq0irxzi4wi71ajw8ld01zfpkrgknpq7g3m76pbnwmdzkm7dra6"; }; + mymbedtls = stdenv.mkDerivation { + name = "mbedtls-${version}"; + version = "2.6.1"; + doCheck = false; + inherit src; + buildInputs = [ perl ]; + phases = [ "unpackPhase" "buildPhase" "installPhase" ]; + makeFlags = [ "DESTDIR=$(out)" ]; + buildPhase = '' + cp config.mk.template config.mk + cd mbedtls + make + ''; + }; +in stdenv.mkDerivation rec { + name = "4nxci-${version}"; + + inherit src version; buildPhase = '' cp config.mk.template config.mk sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile From d6ee59430d800fe2cb14ab71143c3fba7bbf9089 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 15:09:15 +0200 Subject: [PATCH 002/209] add charybdis module until it's fixed in 18.09 --- krebs/2configs/ircd.nix | 2 +- krebs/3modules/charybdis.nix | 110 +++++++++++++++++++++++++++++++++++ krebs/3modules/default.nix | 1 + 3 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 krebs/3modules/charybdis.nix diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 962dbf49c..65972aacc 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,7 +5,7 @@ 6667 6669 ]; - services.charybdis = { + krebs.charybdis = { enable = true; motd = '' hello diff --git a/krebs/3modules/charybdis.nix b/krebs/3modules/charybdis.nix new file mode 100644 index 000000000..f4a7c1313 --- /dev/null +++ b/krebs/3modules/charybdis.nix @@ -0,0 +1,110 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption singleton types; + inherit (pkgs) coreutils charybdis; + cfg = config.krebs.charybdis; + + configFile = pkgs.writeText "charybdis.conf" '' + ${cfg.config} + ''; +in + +{ + + ###### interface + + options = { + + krebs.charybdis = { + + enable = mkEnableOption "Charybdis IRC daemon"; + + config = mkOption { + type = types.string; + description = '' + Charybdis IRC daemon configuration file. + ''; + }; + + statedir = mkOption { + type = types.string; + default = "/var/lib/charybdis"; + description = '' + Location of the state directory of charybdis. + ''; + }; + + user = mkOption { + type = types.string; + default = "ircd"; + description = '' + Charybdis IRC daemon user. + ''; + }; + + group = mkOption { + type = types.string; + default = "ircd"; + description = '' + Charybdis IRC daemon group. + ''; + }; + + motd = mkOption { + type = types.nullOr types.lines; + default = null; + description = '' + Charybdis MOTD text. + + Charybdis will read its MOTD from /etc/charybdis/ircd.motd . + If set, the value of this option will be written to this path. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable (lib.mkMerge [ + { + users.users = singleton { + name = cfg.user; + description = "Charybdis IRC daemon user"; + uid = config.ids.uids.ircd; + group = cfg.group; + }; + + users.groups = singleton { + name = cfg.group; + gid = config.ids.gids.ircd; + }; + + systemd.services.charybdis = { + description = "Charybdis IRC daemon"; + wantedBy = [ "multi-user.target" ]; + environment = { + BANDB_DBPATH = "${cfg.statedir}/ban.db"; + }; + serviceConfig = { + ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}"; + Group = cfg.group; + User = cfg.user; + PermissionsStartOnly = true; # preStart needs to run with root permissions + }; + preStart = '' + ${coreutils}/bin/mkdir -p ${cfg.statedir} + ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir} + ''; + }; + + } + + (mkIf (cfg.motd != null) { + environment.etc."charybdis/ircd.motd".text = cfg.motd; + }) + ]); +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6307649e3..dd682bf4d 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -14,6 +14,7 @@ let ./buildbot/master.nix ./buildbot/slave.nix ./build.nix + ./charybdis.nix ./ci.nix ./current.nix ./exim.nix From d92a2971d7c749a5ffa241e679f2e32008adf8c0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 16:49:08 +0200 Subject: [PATCH 003/209] krops: init submodule --- .gitmodules | 3 +++ submodules/krops | 1 + 2 files changed, 4 insertions(+) create mode 160000 submodules/krops diff --git a/.gitmodules b/.gitmodules index c96fec739..f35a9250d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "submodules/nix-writers"] path = submodules/nix-writers url = http://cgit.krebsco.de/nix-writers +[submodule "submodules/krops"] + path = submodules/krops + url = https://cgit.krebsco.de/krops diff --git a/submodules/krops b/submodules/krops new file mode 160000 index 000000000..e2b296542 --- /dev/null +++ b/submodules/krops @@ -0,0 +1 @@ +Subproject commit e2b29654251367545700154ffbac806705dd04c0 From 4c73914d128e8d5b36a0644834db7cbd09be7434 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 17:08:01 +0200 Subject: [PATCH 004/209] krops: import from submodules --- krebs/krops.nix | 5 +---- makefu/krops.nix | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/krebs/krops.nix b/krebs/krops.nix index 864cc8066..89354c1ea 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -1,9 +1,6 @@ { name }: rec { - krops = builtins.fetchGit { - url = https://cgit.krebsco.de/krops/; - rev = "c46166d407c7d246112f13346621a3fbdb25889e"; - }; + krops = ../submodules/krops; lib = import "${krops}/lib"; diff --git a/makefu/krops.nix b/makefu/krops.nix index ddb4afece..4f55915af 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -1,8 +1,5 @@ { config ? config, name, target ? name }: let - krops = builtins.fetchGit { - url = https://cgit.krebsco.de/krops/; - rev = "4e466eaf05861b47365c5ef46a31a188b70f3615"; - }; + krops = ../submodules/krops; nixpkgs-src = lib.importJSON ./nixpkgs.json; lib = import "${krops}/lib"; From 6b08d5aa46adc80d8a1ab4ed1d3e320c61a19f01 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 20:57:53 +0200 Subject: [PATCH 005/209] remove nin --- krebs/3modules/default.nix | 1 - krebs/3modules/nin/default.nix | 111 ------ lass/1systems/prism/config.nix | 8 - nin/0tests/dummysecrets/hashedPasswords.nix | 1 - nin/0tests/dummysecrets/ssh.id_ed25519 | 0 nin/1systems/axon/config.nix | 132 -------- nin/1systems/hiawatha/config.nix | 126 ------- nin/1systems/onondaga/config.nix | 23 -- nin/2configs/ableton.nix | 20 -- nin/2configs/copyq.nix | 38 --- nin/2configs/default.nix | 173 ---------- nin/2configs/games.nix | 70 ---- nin/2configs/git.nix | 60 ---- nin/2configs/im.nix | 19 -- nin/2configs/retiolum.nix | 28 -- nin/2configs/skype.nix | 27 -- nin/2configs/termite.nix | 22 -- nin/2configs/vim.nix | 355 -------------------- nin/2configs/weechat.nix | 21 -- nin/default.nix | 7 - nin/krops.nix | 35 -- 21 files changed, 1277 deletions(-) delete mode 100644 krebs/3modules/nin/default.nix delete mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix delete mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519 delete mode 100644 nin/1systems/axon/config.nix delete mode 100644 nin/1systems/hiawatha/config.nix delete mode 100644 nin/1systems/onondaga/config.nix delete mode 100644 nin/2configs/ableton.nix delete mode 100644 nin/2configs/copyq.nix delete mode 100644 nin/2configs/default.nix delete mode 100644 nin/2configs/games.nix delete mode 100644 nin/2configs/git.nix delete mode 100644 nin/2configs/im.nix delete mode 100644 nin/2configs/retiolum.nix delete mode 100644 nin/2configs/skype.nix delete mode 100644 nin/2configs/termite.nix delete mode 100644 nin/2configs/vim.nix delete mode 100644 nin/2configs/weechat.nix delete mode 100644 nin/default.nix delete mode 100644 nin/krops.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index dd682bf4d..8f2e22acf 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -112,7 +112,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./nin { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix deleted file mode 100644 index 1531a2c89..000000000 --- a/krebs/3modules/nin/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, ... }: - -with import ; - -{ - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.nin; - ci = true; - }) { - hiawatha = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.132.96"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; - aliases = [ - "hiawatha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o - Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB - iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E - UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr - lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ - yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; - }; - axon= { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.134.66"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; - aliases = [ - "axon.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo - glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj - KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH - L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j - VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY - PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN - X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh - m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp - OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT - LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H - /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK - MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w - 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm - ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 - 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF - 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt - 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj - FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl - buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p - hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG - yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi - ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; - }; - onondaga = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.132.55"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; - aliases = [ - "onondaga.r" - "cgit.onondaga.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR - OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu - htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH - xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO - kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn - hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; - }; - - }; - users = { - nin = { - mail = "nin@axon.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; - }; - nin_h = { - mail = "nin@hiawatha.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; - }; - }; -} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bf7de6fc5..808f35b24 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -57,13 +57,6 @@ with import ; config.krebs.users.makefu.pubkey ]; }; - users.users.nin = { - uid = genid "nin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; @@ -119,7 +112,6 @@ with import ; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey ]; }; autoStart = true; diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix deleted file mode 100644 index 0967ef424..000000000 --- a/nin/0tests/dummysecrets/hashedPasswords.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 deleted file mode 100644 index e69de29bb..000000000 diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix deleted file mode 100644 index 5e81afdbd..000000000 --- a/nin/1systems/axon/config.nix +++ /dev/null @@ -1,132 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - - - #../2configs/copyq.nix - - - - - - ]; - - krebs.build.host = config.krebs.hosts.axon; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/pool/root"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices.crypted.device = "/dev/sda2"; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver = { - enable = true; - - displayManager.lightdm.enable = true; - }; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - atom - chromium - firefox - git - htop - keepassx - lmms - networkmanagerapplet - openvpn - python - ruby - steam - taskwarrior - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xhost}/bin/xhost + local: - ''; - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix deleted file mode 100644 index a09eed958..000000000 --- a/nin/1systems/hiawatha/config.nix +++ /dev/null @@ -1,126 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - - - #../2configs/copyq.nix - - - - - ]; - - krebs.build.host = config.krebs.hosts.hiawatha; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/home" = - { device = "/dev/fam/home"; - }; - - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - fileSystems."/home/nin/.local/share/Steam" = { - device = "/dev/fam/steam"; - }; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - firefox - git - lmms - networkmanagerapplet - python - steam - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix deleted file mode 100644 index 3cd0773ae..000000000 --- a/nin/1systems/onondaga/config.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - ]; - - krebs.build.host = config.krebs.hosts.onondaga; - - boot.isContainer = true; - networking.useDHCP = false; - - time.timeZone = "Europe/Amsterdam"; - - services.openssh.enable = true; -} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix deleted file mode 100644 index 343a9089d..000000000 --- a/nin/2configs/ableton.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, ... }: let - mainUser = config.users.extraUsers.nin; -in { - users.users= { - ableton = { - isNormalUser = true; - extraGroups = [ - "audio" - "video" - ]; - packages = [ - pkgs.wine - pkgs.winetricks - ]; - }; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(ableton) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix deleted file mode 100644 index 0616c4025..000000000 --- a/nin/2configs/copyq.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, ... }: -with import ; -let - copyqConfig = pkgs.writeDash "copyq-config" '' - ${pkgs.copyq}/bin/copyq config check_clipboard true - ${pkgs.copyq}/bin/copyq config check_selection true - ${pkgs.copyq}/bin/copyq config copy_clipboard true - ${pkgs.copyq}/bin/copyq config copy_selection true - - ${pkgs.copyq}/bin/copyq config activate_closes true - ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 - ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard - ${pkgs.copyq}/bin/copyq config disable_tray true - ${pkgs.copyq}/bin/copyq config hide_tabs true - ${pkgs.copyq}/bin/copyq config hide_toolbar true - ${pkgs.copyq}/bin/copyq config item_popup_interval true - ${pkgs.copyq}/bin/copyq config maxitems 1000 - ${pkgs.copyq}/bin/copyq config move true - ${pkgs.copyq}/bin/copyq config text_wrap true - ''; -in { - systemd.user.services.copyq = { - after = [ "graphical.target" ]; - wants = [ "graphical.target" ]; - wantedBy = [ "default.target" ]; - environment = { - DISPLAY = ":0"; - }; - serviceConfig = { - SyslogIdentifier = "copyq"; - ExecStart = "${pkgs.copyq}/bin/copyq"; - ExecStartPost = copyqConfig; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - }; - }; -} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix deleted file mode 100644 index 62f499a2d..000000000 --- a/nin/2configs/default.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -{ - imports = [ - ../2configs/vim.nix - - - { - users.extraUsers = - mapAttrs (_: h: { hashedPassword = h; }) - (import ); - } - { - users.users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - nin = { - name = "nin"; - uid = 1337; - home = "/home/nin"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "audio" - "fuse" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - }; - } - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { - environment.variables = { - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - }) - ]; - - networking.hostName = config.krebs.build.host.name; - nix.maxJobs = config.krebs.build.host.cores; - - krebs = { - enable = true; - search-domain = "r"; - build = { - user = config.krebs.users.nin; - }; - }; - - nix.useSandbox = true; - - users.mutableUsers = false; - - services.timesyncd.enable = true; - - #why is this on in the first place? - services.nscd.enable = false; - - boot.tmpOnTmpfs = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - ''; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - gs = "git status"; - }; - - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - proot - pavucontrol - populate - p7zip - termite - unzip - unrar - hashPassword - ]; - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' - else - PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - krebs.iptables = { - enable = true; - tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; - }; - - networking.dhcpcd.extraConfig = '' - noipv4ll - ''; -} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix deleted file mode 100644 index 15e17238d..000000000 --- a/nin/2configs/games.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; - vdoom = pkgs.writeDash "vdoom" '' - ${pkgs.zandronum}/bin/zandronum \ - -fov 120 \ - "$@" - ''; - doom = pkgs.writeDash "doom" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ - "$@" - ''; - doom1 = pkgs.writeDashBin "doom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - doom2 = pkgs.writeDashBin "doom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - vdoom1 = pkgs.writeDashBin "vdoom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - vdoom2 = pkgs.writeDashBin "vdoom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - - doomservercfg = pkgs.writeText "doomserver.cfg" '' - skill 7 - #survival true - #sv_maxlives 4 - #sv_norespawn true - #sv_weapondrop true - no_jump true - #sv_noweaponspawn true - sv_sharekeys true - sv_survivalcountdowntime 1 - sv_noteamselect true - sv_updatemaster false - #sv_coop_loseinventory true - #cl_startasspectator false - #lms_spectatorview false - ''; - - vdoomserver = pkgs.writeDashBin "vdoomserver" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - - ${pkgs.zandronum}/bin/zandronum-server \ - +exec ${doomservercfg} \ - "$@" - ''; - -in { - environment.systemPackages = with pkgs; [ - dwarf_fortress - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - - hardware.pulseaudio.support32Bit = true; - -} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix deleted file mode 100644 index aed4a9f48..000000000 --- a/nin/2configs/git.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -let - - out = { - services.nginx.enable = true; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = public-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - stockholm = { - cgit.desc = "take all the computers hostage, they'll love you!"; - }; - }; - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = [ nin nin_h ]; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix deleted file mode 100644 index b078dbd53..000000000 --- a/nin/2configs/im.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -{ - environment.systemPackages = with pkgs; [ - (pkgs.writeDashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - ssh chat@onondaga - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - ]; -} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix deleted file mode 100644 index 821e3cc00..000000000 --- a/nin/2configs/retiolum.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: - -{ - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } - ]; - }; - }; - - krebs.tinc.retiolum = { - enable = true; - connectTo = [ - "prism" - "pigstarter" - "gum" - "flap" - ]; - }; - - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; -} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix deleted file mode 100644 index 621dfae82..000000000 --- a/nin/2configs/skype.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - mainUser = config.users.extraUsers.nin; - inherit (import ) genid; - -in { - users.extraUsers = { - skype = { - name = "skype"; - uid = genid "skype"; - description = "user for running skype"; - home = "/home/skype"; - useDefaultShell = true; - extraGroups = [ "audio" "video" ]; - createHome = true; - }; - }; - - krebs.per-user.skype.packages = [ - pkgs.skype - ]; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(skype) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix deleted file mode 100644 index 942446b01..000000000 --- a/nin/2configs/termite.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = [ - pkgs.termite - ]; - - krebs.per-user.nin.packages = let - termitecfg = pkgs.writeTextFile { - name = "termite-config"; - destination = "/etc/xdg/termite/config"; - text = '' - [colors] - foreground = #d0d7d0 - background = #000000 - ''; - }; - in [ - termitecfg - ]; - -} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix deleted file mode 100644 index 7b5d37611..000000000 --- a/nin/2configs/vim.nix +++ /dev/null @@ -1,355 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - out = { - environment.systemPackages = [ - vim - pkgs.pythonPackages.flake8 - ]; - - environment.etc.vimrc.source = vimrc; - - environment.variables.EDITOR = mkForce "vim"; - environment.variables.VIMINIT = ":so /etc/vimrc"; - }; - - vimrc = pkgs.writeText "vimrc" '' - set nocompatible - - set autoindent - set backspace=indent,eol,start - set backup - set backupdir=${dirs.backupdir}/ - set directory=${dirs.swapdir}// - set hlsearch - set incsearch - set laststatus=2 - set mouse=a - set noruler - set pastetoggle= - set runtimepath=${extra-runtimepath},$VIMRUNTIME - set shortmess+=I - set showcmd - set showmatch - set ttimeoutlen=0 - set undodir=${dirs.undodir} - set undofile - set undolevels=1000000 - set undoreload=1000000 - set viminfo='20,<1000,s100,h,n${files.viminfo} - set visualbell - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - set wildmode=longest,full - - set et ts=2 sts=2 sw=2 - - filetype plugin indent on - - set t_Co=256 - colorscheme hack - syntax on - - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - \ | syn match TabStop containedin=ALL /\t\+/ - \ | syn keyword Todo containedin=ALL TODO - - au BufRead,BufNewFile *.hs so ${hs.vim} - - au BufRead,BufNewFile *.nix so ${nix.vim} - - au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - - "Syntastic config - let g:syntastic_python_checkers=['flake8'] - - nmap q :buffer - nmap :buffer - - cnoremap - - noremap :q - vnoremap < >gv - - nnoremap [5^ :tabp - nnoremap [6^ :tabn - nnoremap [5@ :tabm -1 - nnoremap [6@ :tabm +1 - - nnoremap :tabp - nnoremap :tabn - inoremap :tabp - inoremap :tabn - - " - noremap Oa | noremap! Oa - noremap Ob | noremap! Ob - noremap Oc | noremap! Oc - noremap Od | noremap! Od - " <[C]S-{Up,Down,Right,Left> - noremap [a | noremap! [a - noremap [b | noremap! [b - noremap [c | noremap! [c - noremap [d | noremap! [d - vnoremap u - ''; - - extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - pkgs.vimPlugins.Syntastic - pkgs.vimPlugins.undotree - pkgs.vimPlugins.airline - (pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchgit { - url = git://github.com/bogado/file-line; - rev = "refs/tags/1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "hack"; - in { - name = "vim-color-${name}-1.0.2"; - destination = "/colors/${name}.vim"; - text = /* vim */ '' - set background=dark - hi clear - if exists("syntax_on") - syntax clear - endif - - let colors_name = ${toJSON name} - - hi Normal ctermbg=235 - hi Comment ctermfg=242 - hi Constant ctermfg=062 - hi Identifier ctermfg=068 - hi Function ctermfg=041 - hi Statement ctermfg=167 - hi PreProc ctermfg=167 - hi Type ctermfg=041 - hi Delimiter ctermfg=251 - hi Special ctermfg=062 - - hi Garbage ctermbg=088 - hi TabStop ctermbg=016 - hi Todo ctermfg=174 ctermbg=NONE - - hi NixCode ctermfg=148 - hi NixData ctermfg=149 - hi NixQuote ctermfg=150 - - hi diffNewFile ctermfg=207 - hi diffFile ctermfg=207 - hi diffLine ctermfg=207 - hi diffSubname ctermfg=207 - hi diffAdded ctermfg=010 - hi diffRemoved ctermfg=009 - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "vim"; - in { - name = "vim-syntax-${name}-1.0.0"; - destination = "/syntax/${name}.vim"; - text = /* vim */ '' - ${concatMapStringsSep "\n" (s: /* vim */ '' - syn keyword vimColor${s} ${s} - \ containedin=ALLBUT,vimComment,vimLineComment - hi vimColor${s} ctermfg=${s} - '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "showsyntax"; - in { - name = "vim-plugin-${name}-1.0.0"; - destination = "/plugin/${name}.vim"; - text = /* vim */ '' - if exists('g:loaded_showsyntax') - finish - endif - let g:loaded_showsyntax = 0 - - fu! ShowSyntax() - let id = synID(line("."), col("."), 1) - let name = synIDattr(id, "name") - let transName = synIDattr(synIDtrans(id),"name") - if name != transName - let name .= " (" . transName . ")" - endif - echo "Syntax: " . name - endfu - - command! -n=0 -bar ShowSyntax :call ShowSyntax() - ''; - }))) - ]; - - dirs = { - backupdir = "$HOME/.cache/vim/backup"; - swapdir = "$HOME/.cache/vim/swap"; - undodir = "$HOME/.cache/vim/undo"; - }; - files = { - viminfo = "$HOME/.cache/vim/info"; - }; - - mkdirs = let - dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); - in assert out != ""; out; - alldirs = attrValues dirs ++ map dirOf (attrValues files); - in unique (sort lessThan alldirs); - - vim = pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - exec ${pkgs.vim}/bin/vim "$@" - ''; - - - hs.vim = pkgs.writeText "hs.vim" '' - syn region String start=+\[[[:alnum:]]*|+ end=+|]+ - - hi link ConId Identifier - hi link VarId Identifier - hi link hsDelimiter Delimiter - ''; - - nix.vim = pkgs.writeText "nix.vim" '' - setf nix - - " Ref - syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ - syn match NixINT /\<[0-9]\+\>/ - syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ - syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ - syn region NixSTRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - syn region NixIND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - - syn match NixOther /[():/;=.,?\[\]]/ - - syn match NixCommentMatch /\(^\|\s\)#.*/ - syn region NixCommentRegion start="/\*" end="\*/" - - hi link NixCode Statement - hi link NixData Constant - hi link NixComment Comment - - hi link NixCommentMatch NixComment - hi link NixCommentRegion NixComment - hi link NixID NixCode - hi link NixINT NixData - hi link NixPATH NixData - hi link NixHPATH NixData - hi link NixSPATH NixData - hi link NixURI NixData - hi link NixSTRING NixData - hi link NixIND_STRING NixData - - hi link NixEnter NixCode - hi link NixOther NixCode - hi link NixQuote NixData - - syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings - syn cluster nix_ind_strings contains=NixIND_STRING - syn cluster nix_strings contains=NixSTRING - - ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let - startAlts = filter isString [ - ''/\* ${lang} \*/'' - extraStart - ]; - sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; - in /* vim */ '' - syn include @nix_${lang}_syntax syntax/${lang}.vim - unlet b:current_syntax - - syn match nix_${lang}_sigil - \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X - \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING - \ transparent - - syn region nix_${lang}_region_STRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn region nix_${lang}_region_IND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn cluster nix_ind_strings - \ add=nix_${lang}_region_IND_STRING - - syn cluster nix_strings - \ add=nix_${lang}_region_STRING - - syn cluster nix_has_dollar_curly - \ add=@nix_${lang}_syntax - '') { - c = {}; - cabal = {}; - haskell = {}; - sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - vim.extraStart = - ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; - })} - - " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. - syn clear shVarAssign - - syn region nixINSIDE_DOLLAR_CURLY - \ matchgroup=NixEnter - \ start="[$]{" - \ end="}" - \ contains=TOP - \ containedin=@nix_has_dollar_curly - \ transparent - - syn region nix_inside_curly - \ matchgroup=NixEnter - \ start="{" - \ end="}" - \ contains=TOP - \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly - \ transparent - - syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /\\./he=s+1 - \ containedin=@nix_strings - \ contained - - syn sync fromstart - - let b:current_syntax = "nix" - - set isk=@,48-57,_,192-255,-,' - set bg=dark - ''; -in -out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix deleted file mode 100644 index 6c0fb313e..000000000 --- a/nin/2configs/weechat.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ) genid; -in { - krebs.per-user.chat.packages = with pkgs; [ - mosh - weechat - tmux - ]; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; -} diff --git a/nin/default.nix b/nin/default.nix deleted file mode 100644 index c31d6d949..000000000 --- a/nin/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: -{ - imports = [ - ../krebs - ./2configs - ]; -} diff --git a/nin/krops.nix b/nin/krops.nix deleted file mode 100644 index d0074840a..000000000 --- a/nin/krops.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ name }: let - inherit (import ../krebs/krops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - krebs-source - { - nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; - secrets = if test then { - file = toString ./0tests/dummysecrets; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.krops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - target = "root@${name}/var/src"; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) - test = { target }: pkgs.krops.writeTest "${name}-test" { - inherit target; - source = source { test = true; }; - }; -} From 9104af869e8c8ce299fc2ddbf7f2631bbbf48b1e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 7 Oct 2018 23:09:27 +0200 Subject: [PATCH 006/209] ma pkgs: rip zj-58 and jd-gui --- makefu/5pkgs/jd-gui/default.nix | 36 --------------------------------- makefu/5pkgs/zj-58/default.nix | 30 --------------------------- 2 files changed, 66 deletions(-) delete mode 100644 makefu/5pkgs/jd-gui/default.nix delete mode 100644 makefu/5pkgs/zj-58/default.nix diff --git a/makefu/5pkgs/jd-gui/default.nix b/makefu/5pkgs/jd-gui/default.nix deleted file mode 100644 index adefd80dd..000000000 --- a/makefu/5pkgs/jd-gui/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ stdenv, lib, pkgs, fetchurl, jre, makeWrapper, unzip }: -stdenv.mkDerivation rec { - name = "${packageName}-${version}"; - packageName = "jd-gui"; - version = "1.4.0"; - - src = fetchurl { - url = "https://github.com/java-decompiler/jd-gui/releases/download/v${version}/${name}.jar"; - sha256 = "0rvbplkhafb6s9aiwgcq4ffz4bvzyp7q511pd46hx4ahhzfg7lmx"; - }; - - nativeBuildInputs = [ makeWrapper unzip ]; - - phases = [ "installPhase" ]; - - installPhase = '' - f=$out/lib/jd-gui/ - bin=$out/bin - name=$(basename $src) - mkdir -p $f $bin - - # fixup path to java - cp $src $f - cat > $bin/jd-gui < Date: Mon, 8 Oct 2018 00:58:45 +0200 Subject: [PATCH 007/209] nixpkgs: 86fb1e9 -> 86fb1e9 --- makefu/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json index f39bb6688..c5cd0ac30 100644 --- a/makefu/nixpkgs.json +++ b/makefu/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/makefu/nixpkgs", - "rev": "8f991294288b27b9dec05cc1e07ec6a360bb39c8", - "date": "2018-08-06T14:29:01+02:00", - "sha256": "0zan8kdjk1pwdzm1rwc3ka87k11j0zmw4mdnj70r6pm38x2fa9n6", + "rev": "86fb1e9ae6ba6dfedc814b82abd8db5cfa4f4687", + "date": "2018-10-07T23:33:42+02:00", + "sha256": "015yxs3qj299mgqfmz5vgszj2gxqwazifsdsjw6xadris3ri41d3", "fetchSubmodules": true } From e51aa863c5c7b6403b2b8dcbe064697476f200ea Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 8 Oct 2018 20:31:31 +0200 Subject: [PATCH 008/209] ma printer: use upstream zj-58 --- makefu/2configs/printer.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index d5fa65ef9..fb1a67358 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -5,11 +5,11 @@ let in { services.printing = { enable = true; - drivers = [ - pkgs.samsungUnifiedLinuxDriver - pkgs.cups-dymo # dymo labelwriter - pkgs.foo2zjs # magicolor 1690mf - pkgs.zj-58 + drivers = with pkgs; [ + samsungUnifiedLinuxDriver + cups-dymo # dymo labelwriter + foo2zjs # magicolor 1690mf + cups-zj-58 ]; }; From 77bf84d5ffdab0f930c125ae8daaa15e25e4c879 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 8 Oct 2018 23:39:41 +0200 Subject: [PATCH 009/209] ma pkgs.inkscape: share/extensions solves the issue see ee44a46c858b5a80c1888ab5d38aef43a9577783 in https://gitlab.com/inkscape/extensions --- makefu/2configs/rtorrent.nix | 19 ------------------- makefu/5pkgs/custom/inkscape/dxf_fix.patch | 12 ------------ makefu/5pkgs/default.nix | 3 --- 3 files changed, 34 deletions(-) delete mode 100644 makefu/2configs/rtorrent.nix delete mode 100644 makefu/5pkgs/custom/inkscape/dxf_fix.patch diff --git a/makefu/2configs/rtorrent.nix b/makefu/2configs/rtorrent.nix deleted file mode 100644 index 9e2990cab..000000000 --- a/makefu/2configs/rtorrent.nix +++ /dev/null @@ -1,19 +0,0 @@ -_: -let - listenPort = 60123; - xml-port = 5000; - authfile = ; -in { - makefu.rtorrent = { - enable = true; - web = { - enable = true; - enableAuth = true; - inherit authfile; - }; - rutorrent.enable = true; - enableXMLRPC = true; - logLevel = "debug"; - inherit listenPort; - }; -} diff --git a/makefu/5pkgs/custom/inkscape/dxf_fix.patch b/makefu/5pkgs/custom/inkscape/dxf_fix.patch deleted file mode 100644 index b7b491d4e..000000000 --- a/makefu/5pkgs/custom/inkscape/dxf_fix.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- ./share/extensions/dxf_outlines.py 2017-10-08 17:28:45.553368917 +0200 -+++ ./share/extensions/dxf_outlines.py.new 2017-10-08 17:29:20.172554152 +0200 -@@ -341,7 +341,7 @@ - if not scale: - scale = 25.4/96 # if no scale is specified, assume inch as baseunit - scale /= self.unittouu('1px') -- h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0]) -+ h = self.unittouu(self.documentHeight()) - self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]] - doc = self.document.getroot() - self.process_group(doc) - diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 390aabd73..6e86f4264 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -30,9 +30,6 @@ in { qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; inherit (callPackage ./devpi {}) devpi-web ; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; - inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { - patches = [ ./custom/inkscape/dxf_fix.patch ]; - }); } // (mapAttrs (_: flip callPackage {}) From 9b638b239aa37038b0223840cdf4e5885d1565ea Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 10 Oct 2018 00:08:16 +0200 Subject: [PATCH 010/209] ma pkgs.esniper: replaced by upstream --- .../events-publisher/default.nix | 0 makefu/5pkgs/esniper/default.nix | 32 ------------------- makefu/5pkgs/esniper/find-ca-bundle.patch | 26 --------------- 3 files changed, 58 deletions(-) rename makefu/2configs/{deployment => shack}/events-publisher/default.nix (100%) delete mode 100644 makefu/5pkgs/esniper/default.nix delete mode 100644 makefu/5pkgs/esniper/find-ca-bundle.patch diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/shack/events-publisher/default.nix similarity index 100% rename from makefu/2configs/deployment/events-publisher/default.nix rename to makefu/2configs/shack/events-publisher/default.nix diff --git a/makefu/5pkgs/esniper/default.nix b/makefu/5pkgs/esniper/default.nix deleted file mode 100644 index a6aac5748..000000000 --- a/makefu/5pkgs/esniper/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }: - -stdenv.mkDerivation rec { - name = "${pname}-2-35-0"; - pname = "esniper"; - version = "2.35.0"; - src = fetchurl { - url = "mirror://sourceforge/${pname}/${name}.tgz"; - sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9"; - }; - - - buildInputs = [ openssl curl ]; - - # Add support for CURL_CA_BUNDLE variable. - # Fix . - patches = [ ./find-ca-bundle.patch ]; - - postInstall = '' - sed <"frontends/snipe" >"$out/bin/snipe" \ - -e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\"" - chmod 555 "$out/bin/snipe" - ''; - - meta = with stdenv.lib; { - description = "Simple, lightweight tool for sniping eBay auctions"; - homepage = http://esniper.sourceforge.net; - license = licenses.gpl2; - maintainers = with maintainers; [ lovek323 peti ]; - platforms = platforms.all; - }; -} diff --git a/makefu/5pkgs/esniper/find-ca-bundle.patch b/makefu/5pkgs/esniper/find-ca-bundle.patch deleted file mode 100644 index e4df272a0..000000000 --- a/makefu/5pkgs/esniper/find-ca-bundle.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c ---- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100 -+++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200 -@@ -200,6 +200,9 @@ - int - initCurlStuff(void) - { -+ /* Path to OpenSSL bundle file. */ -+ const char *ssl_capath=NULL; -+ - /* list for custom headers */ - struct curl_slist *slist=NULL; - -@@ -241,6 +244,12 @@ - if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, ""))) - return initCurlStuffFailed(); - -+ /* If the environment variable CURL_CA_BUNDLE is set, pass through its -+ * contents to curl. */ -+ if ((ssl_capath = getenv("CURL_CA_BUNDLE"))) -+ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath))) -+ return initCurlStuffFailed(); -+ - slist = curl_slist_append(slist, "Accept: text/*"); - slist = curl_slist_append(slist, "Accept-Language: en"); - slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8"); From a083d352b416ba6d13bd15534473053a29ede50b Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 10 Oct 2018 14:07:42 +0200 Subject: [PATCH 011/209] ma pkgs.ifdnfc: rip --- makefu/5pkgs/ifdnfc/default.nix | 45 --------------------------------- 1 file changed, 45 deletions(-) delete mode 100644 makefu/5pkgs/ifdnfc/default.nix diff --git a/makefu/5pkgs/ifdnfc/default.nix b/makefu/5pkgs/ifdnfc/default.nix deleted file mode 100644 index cc7956c8c..000000000 --- a/makefu/5pkgs/ifdnfc/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ stdenv, fetchFromGitHub , pkgconfig -, pcsclite -, autoreconfHook -, libnfc -}: - -stdenv.mkDerivation rec { - name = "ifdnfc-${version}"; - version = "2016-03-01"; - - src = fetchFromGitHub { - owner = "nfc-tools"; - repo = "ifdnfc"; - rev = "0e48e8e"; - sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg"; - }; - nativeBuildInputs = [ pkgconfig autoreconfHook ]; - buildInputs = [ pcsclite libnfc ]; - - configureFlags = [ "--prefix=$(out)" ]; - makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ]; - - meta = with stdenv.lib; { - description = "PC/SC IFD Handler based on libnfc"; - long_description = - '' libnfc Interface Plugin to be used in services.pcscd.plugins. - It provides support for all readers which are not supported by ccid but by libnfc. - - For activating your reader you need to run - ifdnfc-activate yes with this package in your - environment.systemPackages - - To use your reader you may need to blacklist your reader kernel modules: - boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ]; - - Supports the pn533 smart-card reader chip which is for example used in - the SCM SCL3711. - ''; - homepage = https://github.com/nfc-tools/ifdnfc; - license = licenses.gpl3; - platforms = platforms.linux; - maintainers = with maintainers; [ makefu ]; - }; -} - From f97f63deab36b7ff774c4f132c1a87daecc8e9f5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 10 Oct 2018 14:08:18 +0200 Subject: [PATCH 012/209] ma events-publisher: bump version --- makefu/2configs/shack/events-publisher/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/shack/events-publisher/default.nix b/makefu/2configs/shack/events-publisher/default.nix index 37d74c282..93a965e95 100644 --- a/makefu/2configs/shack/events-publisher/default.nix +++ b/makefu/2configs/shack/events-publisher/default.nix @@ -2,8 +2,8 @@ with import ; let shack-announce = pkgs.callPackage (builtins.fetchTarball { - url = "https://github.com/makefu/events-publisher/archive/c5218195e6afdc646cb7682d8f355a7ec2b90716.tar.gz"; - sha256 = "0xk74q7gah3l5zy3bkvih3k9fr1hclvf71rm3ixcmslhicl7khav"; + url = "https://github.com/makefu/events-publisher/archive/1e98edfabfe5574586b4eb8d30d315ae2afb1f9f.tar.gz"; + sha256 = "013ca4dkkzc7q49cwad6fxpxv01hd8va02025pazlz5q223nk70z"; }) {} ; home = "/var/lib/shackannounce"; user = "shackannounce"; From 431cf1348b97fe6364ece67616f345b887f34b75 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 14 Oct 2018 23:46:51 +0200 Subject: [PATCH 013/209] ma omo.r: enable airdcpp --- makefu/1systems/omo/config.nix | 43 ++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 12 deletions(-) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index be49db024..9eb8cbf49 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -8,11 +8,11 @@ let in { imports = [ - #./hw/omo.nix - ./hw/tsp.nix + ./hw/omo.nix + #./hw/tsp.nix - + # @@ -25,6 +25,22 @@ in { # # + + { krebs.airdcpp.dcpp.shares = let + d = path: "/media/cryptX/${path}"; + in { + emu.path = d "emu"; + audiobooks.path = lib.mkForce (d "audiobooks"); + incoming.path = lib.mkForce (d "torrent"); + anime.path = d "anime"; + }; + krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp"; + } + { + # copy config from to /var/lib/sabnzbd/ + #services.sabnzbd.enable = true; + #systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + } # @@ -41,12 +57,22 @@ in { # services - + { + services.nginx.enable = true; + networking.firewall.allowedTCPPorts = [ 80 ]; + } + # + { + makefu.ps3netsrv = { + enable = true; + servedir = "/media/cryptX/emu/ps3"; + }; + } { hardware.pulseaudio.systemWide = true; makefu.mpd.musicDirectory = "/media/cryptX/music"; @@ -74,7 +100,7 @@ in { krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) { downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' - upload_rate = 200 + upload_rate = 500 ''; }; users.groups.share = { @@ -83,14 +109,7 @@ in { }; networking.firewall.trustedInterfaces = [ primaryInterface ]; - # copy config from to /var/lib/sabnzbd/ - services.sabnzbd.enable = true; - systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - makefu.ps3netsrv = { - enable = true; - servedir = "/media/cryptX/emu/ps3"; - }; users.users.misa = { uid = 9002; From 0cfc9b54a0d588dadef3642aa6b3872f0392a220 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 14 Oct 2018 23:47:18 +0200 Subject: [PATCH 014/209] ma airdcpp: enable state tracking --- makefu/2configs/dcpp/airdcpp.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix index fe05effd9..ad62babc3 100644 --- a/makefu/2configs/dcpp/airdcpp.nix +++ b/makefu/2configs/dcpp/airdcpp.nix @@ -44,5 +44,6 @@ ''; }; - + state = map (f: "${config.krebs.airdcpp.stateDir}/${f}") + [ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ]; } From efc70c213c464d0a4eecd80e1acf886c8deb787a Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 17 Oct 2018 00:34:46 +0200 Subject: [PATCH 015/209] ma homeautomation: cleanup, add flurlicht --- .../deployment/bureautomation/home.nix | 67 --------- .../deployment/homeautomation/default.nix | 127 ++++++++++++++---- 2 files changed, 102 insertions(+), 92 deletions(-) delete mode 100644 makefu/2configs/deployment/bureautomation/home.nix diff --git a/makefu/2configs/deployment/bureautomation/home.nix b/makefu/2configs/deployment/bureautomation/home.nix deleted file mode 100644 index 28edb6af2..000000000 --- a/makefu/2configs/deployment/bureautomation/home.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ pkgs, lib, ... }: -let - firetv = "192.168.1.238"; -in { - systemd.services.firetv = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - }; - }; - services.home-assistant = { - #panel_iframe: - #configurator: - # title: Configurator - # icon: mdi:wrench - # url: http://hassio.local:3218 - # sensor: - # - platform: random - enable = true; - config = { - homeassistant = { - name = "Bureautomation"; - time_zone = "Europe/Berlin"; - }; - panel_iframe = { - euer_blog = { - title = "Euer Blog"; - icon = "mdi:wrench"; - url = "https://euer.krebsco.de"; - }; - }; - media_player = [ - { platform = "kodi"; - host = firetv; - } - { platform = "firetv"; - # assumes python-firetv running - } - ]; - sensor = [ - { - platform = "luftdaten"; - name = "Shack 1"; - sensorid = "50"; - monitored_conditions = [ "P1" "P2" ]; - } - { - platform = "luftdaten"; - name = "Shack 2"; - sensorid = "658"; - monitored_conditions = [ "P1" "P2" ]; - } - { - platform = "luftdaten"; - name = "Ditzingen"; - sensorid = "5341"; - monitored_conditions = [ "P1" "P2" ]; - } - { platform = "random"; } - ]; - frontend = { }; - http = { }; - feedreader.urls = [ "https://nixos.org/blogs.xml" ]; - }; - }; -} diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix index f2a3b36e2..5da0dba2e 100644 --- a/makefu/2configs/deployment/homeautomation/default.nix +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -1,9 +1,60 @@ -{ pkgs, config, ... }: +{ pkgs, lib, config, ... }: # Ideas: ## wake-on-lan server ## let + tasmota_rgb = name: topic: +# LED WS2812b +# effect_state_topic: "stat/led/Scheme" +# effect_command_topic: "cmnd/led/Scheme" +# effect_value_template: "{{ value_json.Scheme }}" + { platform = "mqtt"; + inherit name; + retain = false; + qos = 1; + optimistic = false; + # state + # TODO: currently broken, will not use the custom state topic + #state_topic = "/ham/${topic}/stat/POWER"; + state_topic = "stat/${topic}/POWER"; + command_topic = "/ham/${topic}/cmnd/POWER"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + # brightness + brightness_state_topic = "/ham/${topic}/stat/Dimmer"; + brightness_command_topic = "/ham/${topic}/cmnd/Dimmer"; + brightness_value_template = "{{ value_json.Dimmer }}"; + brightness_scale = 100; + # color + rgb_state_topic = "/ham/${topic}/stat/Color"; + rgb_command_topic = "/ham/${topic}/cmnd/Color2"; + rgb_command_mode = "hex"; + rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; + # effects + effect_state_topic = "/ham/${topic}/stat/Scheme"; + effect_command_topic = "/ham/${topic}/cmnd/Scheme"; + effect_value_template = "{{ value_json.Scheme }}"; + effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ]; +}; + # switchmode 1 - also toggle power + # switchtopic flurlicht + tasmota_motion = name: topic: + { platform = "mqtt"; + device_class = "motion"; + inherit name; + # TODO: currently broken, will not use the custom state topic + state_topic = "stat/${topic}/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; + firetv = "192.168.1.238"; tasmota_plug = name: topic: { platform = "mqtt"; @@ -40,16 +91,13 @@ in { imports = [ ./mqtt.nix ]; - systemd.services.firetv = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - }; - }; - nixpkgs.config.permittedInsecurePackages = [ - "homeassistant-0.65.5" - ]; + #systemd.services.firetv = { + # wantedBy = [ "multi-user.target" ]; + # serviceConfig = { + # User = "nobody"; + # ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + # }; + #}; services.home-assistant = { config = { homeassistant = { @@ -58,7 +106,7 @@ in { longitude = "9.2478"; elevation = 247; }; - discovery = {}; + #discovery = {}; conversation = {}; history = {}; logbook = {}; @@ -71,16 +119,16 @@ in { { platform = "kodi"; host = firetv; } - { platform = "firetv"; - # assumes python-firetv running - } + #{ platform = "firetv"; + # # assumes python-firetv running + #} ]; mqtt = { broker = "localhost"; port = 1883; client_id = "home-assistant"; username = "hass"; - password = builtins.readFile ; + password = lib.removeSuffix "\n" (builtins.readFile ); keepalive = 60; protocol = 3.1; birth_message = { @@ -96,10 +144,14 @@ in { retain = true; }; }; + binary_sensor = [ + (tasmota_motion "Flur Bewegung" "flurlicht") + ]; sensor = [ - { platform = "speedtest"; - monitored_conditions = [ "ping" "download" "upload" ]; - } + # broken + #{ platform = "speedtest"; + # monitored_conditions = [ "ping" "download" "upload" ]; + #} { platform = "luftdaten"; name = "Ditzingen"; sensorid = "663"; @@ -107,7 +159,8 @@ in { } # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ { platform = "darksky"; - api_key = "c73619e6ea79e553a585be06aacf3679"; + api_key = lib.removeSuffix "\n" + (builtins.readFile ); language = "de"; monitored_conditions = [ "summary" "icon" "nearest_storm_distance" "precip_probability" @@ -125,15 +178,39 @@ in { } ] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer"); frontend = { }; - #group = [ - # { default_view = { view = "yes"; entities = [ - # "sensor.luftdaten" - # ]} - #]; + group = + { default_view = + { view = "yes"; + entities = [ + "group.flur" + "group.schlafzimmer" + "group.draussen" + "group.wohnzimmer" + ]; + }; + flur = [ + "light.flurlicht" + "binary_sensor.flur_bewegung" + ]; + wohnzimmer = [ + "media_player.kodi" + ]; + draussen = [ + "sensor.dark_sky_temperature" + "sensor.dark_sky_hourly_summary" + ]; + schlafzimmer = [ + "sensor.schlafzimmer_temperatur" + "sensor.schlafzimmer_luftdruck" + "sensor.schlafzimmer_luftfeuchtigkeit" + "switch.lichterkette_schlafzimmer" + ]; + }; http = { }; switch = [ (tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer") ]; + light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ]; }; enable = true; #configDir = "/var/lib/hass"; From c6de0074ebe4197fbcdd9665cc597b455312b32c Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 20 Oct 2018 21:39:26 +0200 Subject: [PATCH 016/209] ma pkgs.ns-atmosphere-programmer: init --- .../ns-atmosphere-programmer/default.nix | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 makefu/5pkgs/ns-atmosphere-programmer/default.nix diff --git a/makefu/5pkgs/ns-atmosphere-programmer/default.nix b/makefu/5pkgs/ns-atmosphere-programmer/default.nix new file mode 100644 index 000000000..1e1cb1d86 --- /dev/null +++ b/makefu/5pkgs/ns-atmosphere-programmer/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchzip +, makeWrapper +, autoPatchelfHook +, xlibs +, gnome3 +, libpng12 +}: +stdenv.mkDerivation rec { + name = "ns-atmosphere-programmer-${version}"; + version = "0.1"; + + src = fetchzip { + url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip"; + sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0"; + }; + + buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ]; + nativeBuildInputs = [ autoPatchelfHook makeWrapper ]; + + installPhase = '' + install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere + wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ +--suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share' + ''; + + dontStrip = true; + + meta = with stdenv.lib; { + description = "Payload programmer for ns-atmosphere injector"; + homepage = http://www.ns-atmosphere.com; + maintainers = [ maintainers.makefu ]; + platforms = platforms.linux; + license = with licenses; [ unfree ]; + }; + +} From 72a009b6a5593ca6885ca83517dfd99cefe2d3cb Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 00:16:12 +0200 Subject: [PATCH 017/209] ma shack/events-publisher: bump to latest version --- makefu/2configs/shack/events-publisher/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/shack/events-publisher/default.nix b/makefu/2configs/shack/events-publisher/default.nix index 93a965e95..531d2525e 100644 --- a/makefu/2configs/shack/events-publisher/default.nix +++ b/makefu/2configs/shack/events-publisher/default.nix @@ -2,8 +2,8 @@ with import ; let shack-announce = pkgs.callPackage (builtins.fetchTarball { - url = "https://github.com/makefu/events-publisher/archive/1e98edfabfe5574586b4eb8d30d315ae2afb1f9f.tar.gz"; - sha256 = "013ca4dkkzc7q49cwad6fxpxv01hd8va02025pazlz5q223nk70z"; + url = "https://github.com/makefu/events-publisher/archive/670f4d7182a41b6763296e301612499d2986f213.tar.gz"; + sha256 = "1yf9cb08v4rc6x992yx5lcyn62sm3p8i2b48rsmr4m66xdi4bpnd"; }) {} ; home = "/var/lib/shackannounce"; user = "shackannounce"; From cea8403dc5eb48792c9ccd4c4fc9584a84ba4238 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 00:18:59 +0200 Subject: [PATCH 018/209] ma shack/gitlab-ci: maintain own config --- .../2configs/shack/gitlab-runner/default.nix | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 makefu/2configs/shack/gitlab-runner/default.nix diff --git a/makefu/2configs/shack/gitlab-runner/default.nix b/makefu/2configs/shack/gitlab-runner/default.nix new file mode 100644 index 000000000..55dc50fa8 --- /dev/null +++ b/makefu/2configs/shack/gitlab-runner/default.nix @@ -0,0 +1,31 @@ + +{ + systemd.services.gitlab-runner.path = [ + "/run/wrappers" # /run/wrappers/bin/su + "/" # /bin/sh + ]; + services.gitlab-runner = { + enable = true; + configOptions = + { concurrent = 1; + runners = [ + { builds_dir = ""; + #docker = + #{ cache_dir = ""; + # disable_cache = true; + # host = ""; image = "nixos/nix:2.1.3"; + # privileged = true; + #}; + #executor = "docker"; + # name = "docker-nix"; + name = "gum-shell"; + executor = "shell"; + environment = [ "PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ]; + # generate via `gitlab-runner register` + token = import ; + url = "https://git.shackspace.de/"; + } + ]; + }; + }; +} From 489d3924307171751b174d62f64ce29a5c2550cf Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:04:27 +0200 Subject: [PATCH 019/209] ma backup: init --- makefu/2configs/backup/server.nix | 11 +++++++++++ makefu/2configs/backup/ssh/gum.pub | 1 + makefu/2configs/backup/ssh/nextgum.pub | 1 + makefu/2configs/backup/ssh/omo.pub | 1 + makefu/2configs/backup/ssh/x.pub | 1 + makefu/2configs/backup/state.nix | 25 +++++++++++++++++++++++++ 6 files changed, 40 insertions(+) create mode 100644 makefu/2configs/backup/server.nix create mode 100644 makefu/2configs/backup/ssh/gum.pub create mode 100644 makefu/2configs/backup/ssh/nextgum.pub create mode 100644 makefu/2configs/backup/ssh/omo.pub create mode 100644 makefu/2configs/backup/ssh/x.pub create mode 100644 makefu/2configs/backup/state.nix diff --git a/makefu/2configs/backup/server.nix b/makefu/2configs/backup/server.nix new file mode 100644 index 000000000..f157e715f --- /dev/null +++ b/makefu/2configs/backup/server.nix @@ -0,0 +1,11 @@ +{lib, ... }: +let + hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh ); +in { + # TODO: for all enabled machines + services.borgbackup.repos = lib.genAttrs hosts (host: { + authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ]; + path = "/var/lib/borgbackup/${host}"; + user = "borg-${host}"; + }) ; +} diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub new file mode 100644 index 000000000..ed203d544 --- /dev/null +++ b/makefu/2configs/backup/ssh/gum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x diff --git a/makefu/2configs/backup/ssh/nextgum.pub b/makefu/2configs/backup/ssh/nextgum.pub new file mode 100644 index 000000000..52d56d956 --- /dev/null +++ b/makefu/2configs/backup/ssh/nextgum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/backup/ssh/omo.pub b/makefu/2configs/backup/ssh/omo.pub new file mode 100644 index 000000000..053b4da87 --- /dev/null +++ b/makefu/2configs/backup/ssh/omo.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x diff --git a/makefu/2configs/backup/ssh/x.pub b/makefu/2configs/backup/ssh/x.pub new file mode 100644 index 000000000..fe894df33 --- /dev/null +++ b/makefu/2configs/backup/ssh/x.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x diff --git a/makefu/2configs/backup/state.nix b/makefu/2configs/backup/state.nix new file mode 100644 index 000000000..1143708bf --- /dev/null +++ b/makefu/2configs/backup/state.nix @@ -0,0 +1,25 @@ +{ config, ... }: +# back up all state +let + sec = toString ; + sshkey = sec + "/borg.priv"; + phrase = sec + "/borg.pw"; +in +{ + services.borgbackup.jobs.state = { + repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:."; + paths = config.state; + encryption = { + mode = "repokey"; + passCommand = "cat ${phrase}"; + }; + environment.BORG_RSH = "ssh -i ${sshkey}"; + prune.keep = + { daily = 7; + weekly = 4; + monthly = -1; # Keep at least one archive for each month + }; + compression = "auto,lzma"; + startAt = "daily"; + }; +} From 23d99c1ae27744d00b25e0615797c357642c4112 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:05:21 +0200 Subject: [PATCH 020/209] ma backup: streamline, RIP old rsync --- makefu/2configs/backup.nix | 52 ------------------------------- makefu/2configs/laptop-backup.nix | 12 ------- 2 files changed, 64 deletions(-) delete mode 100644 makefu/2configs/backup.nix delete mode 100644 makefu/2configs/laptop-backup.nix diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix deleted file mode 100644 index a4d02af6b..000000000 --- a/makefu/2configs/backup.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -let - # preparation: - # mkdir -p defaultBackupDir/host.name/src - # as root on omo: - # ssh-copy-id root@src - startAt = "0,6,12,18:00"; - defaultBackupServer = config.krebs.hosts.omo; - defaultBackupDir = "/home/backup"; - defaultPull = host: src: { - method = "pull"; - src = { - inherit host; - path = src; - }; - dst = { - host = defaultBackupServer; - path = "${defaultBackupDir}/${host.name}${src}"; - }; - startAt = "0,6,12,18:00"; - snapshots = { - hourly = { format = "%Y-%m-%dT%H"; retain = 4; }; - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; - }; -in { - krebs.backup.plans = { - # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; - gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; - gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )// - { - dst.path = "/media/cryptX/backup/gum/var-download"; - dst.host = defaultBackupServer; - startAt = "19:00"; - }; - gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )// - { - dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de"; - dst.host = defaultBackupServer; - - startAt = "05:00"; - }; - # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/"; - }; - environment.systemPackages = [ - pkgs.borgbackup - ]; -} diff --git a/makefu/2configs/laptop-backup.nix b/makefu/2configs/laptop-backup.nix deleted file mode 100644 index 8df7043c8..000000000 --- a/makefu/2configs/laptop-backup.nix +++ /dev/null @@ -1,12 +0,0 @@ -{config, lib, pkgs, ... }: - -{ - systemd.user.services.duply-secrets = { - description = "run daily secrets backup"; - startAt = "daily"; - serviceConfig = { - Type = "oneshot"; - ExecStart = "{pkgs.duply}/bin/duply omo-secrets backup"; - }; - }; -} From 102d394330ae8212907380b284c07bea4edd69e1 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:09:24 +0200 Subject: [PATCH 021/209] ma krops: bump home-manager --- makefu/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index 4f55915af..2f6f3a3d7 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -69,7 +69,7 @@ (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "6eea2a4"; + ref = "f947faf"; }; }) ]; From 8845ee8363feff8d944db4dd954bae9fda6345f1 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:09:48 +0200 Subject: [PATCH 022/209] ma pkgs.switch-launcher: init --- makefu/5pkgs/switch-launcher/default.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 makefu/5pkgs/switch-launcher/default.nix diff --git a/makefu/5pkgs/switch-launcher/default.nix b/makefu/5pkgs/switch-launcher/default.nix new file mode 100644 index 000000000..cc7905a31 --- /dev/null +++ b/makefu/5pkgs/switch-launcher/default.nix @@ -0,0 +1,24 @@ +{ lib, pkgs, python3Packages, ... }: + +with python3Packages; buildPythonPackage rec { + name = "nodemcu-uploader-${version}"; + version = "0.1.0"; + + src = pkgs.fetchFromGitHub { + owner = "ksmit799"; + repo = "switch-launcher"; + rev = version; + sha256 = "0j24dwiqqjiks59s8gilnplsls130mp1jssg2rpjrvj0jg0w52zz"; + }; + + + propagatedBuildInputs = [ + pyusb + ]; + + meta = { + homepage = https://github.com/ksmit799/switch-launcher; + description = "Desktop switch payload launcher based on a modified reswitched injector"; + license = lib.licenses.bsd3; + }; +} From 29752c0970c2964a7b1a5434fb7a583dd302ef43 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:10:25 +0200 Subject: [PATCH 023/209] ma pkgs.target-cli: init at 2.1 --- makefu/5pkgs/targetcli/default.nix | 64 ++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 makefu/5pkgs/targetcli/default.nix diff --git a/makefu/5pkgs/targetcli/default.nix b/makefu/5pkgs/targetcli/default.nix new file mode 100644 index 000000000..927c34c5a --- /dev/null +++ b/makefu/5pkgs/targetcli/default.nix @@ -0,0 +1,64 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python2Packages; +let + version = "2.1"; + rtslib = buildPythonPackage rec { + pname = "rtslib"; + inherit version; + src = fetchFromGitHub { + owner = "datera"; + repo = "rtslib"; + rev = version; + sha256 = "1d58k9i4xigfqgycyismsqzkz65ssjdri2v9fg0wpica1klyyv22"; + }; + propagatedBuildInputs = [ ipaddr netifaces configobj ]; + }; + configshell = buildPythonPackage rec { + pname = "configshell"; + version = "1.6"; + src = fetchFromGitHub { + owner = "datera"; + repo = "configshell"; + rev = version; + sha256 = "14n7xbcaicsvwajv1aihz727dlkn6zfaqjbnn7mcpns83c2hms7y"; + }; + propagatedBuildInputs = [ pyparsing ]; + }; + + tcm-py = buildPythonPackage rec { + pname = "tcm-py"; + version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; + src = fetchFromGitHub { + owner = "datera"; + repo = "lio-utils"; + rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; + sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0"; + } + "/tcm-py"; + propagatedBuildInputs = [ ]; + }; + + lio-py = buildPythonPackage rec { + pname = "lio-py"; + version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; + src = fetchFromGitHub { + owner = "datera"; + repo = "lio-utils"; + rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e"; + sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0"; + } + "/lio-py"; + propagatedBuildInputs = [ ]; + }; + +in buildPythonApplication rec { + pname = "targetcli"; + inherit version; + + propagatedBuildInputs = [ rtslib configshell lio-py tcm-py ]; + + src = fetchFromGitHub { + owner = "datera"; + repo = "targetcli"; + rev = version; + sha256 = "10nax7761g93qzky01y3hra8i4s11cgyy9w5w6l8781lj21lgi3d"; + }; +} From 56945ee3f2e16719943b8429d85ae3d61d8ee61f Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:10:56 +0200 Subject: [PATCH 024/209] ma hw/switch: init udev rules --- makefu/2configs/hw/switch.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 makefu/2configs/hw/switch.nix diff --git a/makefu/2configs/hw/switch.nix b/makefu/2configs/hw/switch.nix new file mode 100644 index 000000000..d46e8cf3f --- /dev/null +++ b/makefu/2configs/hw/switch.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + + users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "plugdev" ]; + + services.udev.extraRules = '' + SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev" + ''; +} From 8c3e92d9eb51f4eae4bca0e11839be652cc142ad Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:11:23 +0200 Subject: [PATCH 025/209] ma mcomix: rip --- makefu/5pkgs/mcomix/default.nix | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 makefu/5pkgs/mcomix/default.nix diff --git a/makefu/5pkgs/mcomix/default.nix b/makefu/5pkgs/mcomix/default.nix deleted file mode 100644 index 7fb9cd375..000000000 --- a/makefu/5pkgs/mcomix/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, lib ,python2Packages, fetchurl, gtk3}: -python2Packages.buildPythonPackage rec { - name = "mcomix-${version}"; - version = "1.2.1"; - - src = fetchurl { - url = "mirror://sourceforge/mcomix/${name}.tar.bz2"; - sha256 = "0fzsf9pklhfs1rzwzj64c0v30b74nk94p93h371rpg45qnfiahvy"; - }; - - propagatedBuildInputs = with python2Packages; - [ python2Packages.pygtk gtk3 python2Packages.pillow ]; - - # for module in sys.modules.itervalues(): - # RuntimeError: dictionary changed size during iteration - doCheck = false; - - meta = { - homepage = https://github.com/pyload/pyload; - description = "Free and Open Source download manager written in Python"; - license = lib.licenses.gpl3; - maintainers = with lib.maintainers; [ makefu ]; - }; -} From d8e481ac79f7d65fdede7cb553da8f27d7ccbfb8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:16:34 +0200 Subject: [PATCH 026/209] ma nginx/euer.{blog,wiki}: add state dirs --- makefu/2configs/nginx/euer.blog.nix | 1 + makefu/2configs/nginx/euer.wiki.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix index 65d36d9b6..14d1285db 100644 --- a/makefu/2configs/nginx/euer.blog.nix +++ b/makefu/2configs/nginx/euer.blog.nix @@ -39,4 +39,5 @@ in { }; }; }; + state = [ base-dir ]; } diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 99533b25c..280622259 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -21,6 +21,7 @@ let tw-pass-file = "${sec}/tw-pass.ini"; in { + state = [ base-dir ]; services.phpfpm = { # phpfpm does not have an enable option poolConfigs = { From 851c0e47d1ac7073ea5a38a656f93054b20d4b44 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:17:37 +0200 Subject: [PATCH 027/209] ma bureautomation: add tasks for shutting down monitor --- .../deployment/bureautomation/hass.nix | 32 ++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix index 4605e8933..b1eba22b4 100644 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -11,6 +11,11 @@ let payload_available= "Online"; payload_not_available= "Offline"; }; + tasmota_stecki = name: topic: + ( tasmota_plug name topic) // + { state_topic = "/bam/${topic}/stat/POWER"; + command_topic = "/bam/${topic}/cmnd/POWER"; + }; espeasy_dht22 = name: [ { platform = "mqtt"; name = "${name} DHT22 Temperature"; @@ -72,7 +77,7 @@ in { switch = [ (tasmota_plug "Bauarbeiterlampe" "plug") (tasmota_plug "Blitzdings" "plug2") - (tasmota_plug "Fernseher" "plug3") + (tasmota_stecki "Fernseher" "fernseher") (tasmota_plug "Pluggy" "plug4") ]; binary_sensor = [ @@ -116,6 +121,31 @@ in { frontend = { }; http = { }; feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; + automation = [ + { alias = "Turn on Fernseher on movement"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.motion"; + to = "on"; + }; + action = { + service= "homeassistant.turn_on"; + entity_id= "switch.fernseher"; + }; + } + { alias = "Turn off Fernseher 10 minutes after last movement"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.motion"; + to = "off"; + for.minutes = 10; + }; + action = { + service= "homeassistant.turn_off"; + entity_id= "switch.fernseher"; + }; + } + ]; }; }; } From 99b737e3e554b866fef2a9ba5fa58107e6c75aac Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:19:09 +0200 Subject: [PATCH 028/209] ma bepasty-dual: unauthorized on error --- makefu/2configs/bepasty-dual.nix | 5 +++++ makefu/2configs/deployment/graphs.nix | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index 890652285..f63dbefd8 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -32,6 +32,11 @@ in { "paste.${config.krebs.build.host.name}" "paste.r" ]; + extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; }; defaultPermissions = "admin,list,create,read,delete"; secretKeyFile = secKey; diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix index bde9892cd..e7dc54dd0 100644 --- a/makefu/2configs/deployment/graphs.nix +++ b/makefu/2configs/deployment/graphs.nix @@ -6,11 +6,6 @@ let internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; hn = config.krebs.build.host.name; in { - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; krebs.tinc_graphs = { enable = true; nginx = { From 4a445704512f50032747e73e10c5afeaa5cce6fc Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:19:46 +0200 Subject: [PATCH 029/209] ma pkgs.cozy: now upstream --- makefu/5pkgs/cozy-audiobooks/default.nix | 95 ------------------------ 1 file changed, 95 deletions(-) delete mode 100644 makefu/5pkgs/cozy-audiobooks/default.nix diff --git a/makefu/5pkgs/cozy-audiobooks/default.nix b/makefu/5pkgs/cozy-audiobooks/default.nix deleted file mode 100644 index 870fa8ce2..000000000 --- a/makefu/5pkgs/cozy-audiobooks/default.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ stdenv, fetchFromGitHub -, ninja -, boost -, meson -, pkgconfig -, wrapGAppsHook -, appstream-glib -, desktop-file-utils -, gtk3 -, glib -, gst_all_1 -, gobjectIntrospection -, python3Packages -, file -, cairo , sqlite , gettext -, gnome3 -}: - -let - peewee = with python3Packages; buildPythonPackage rec { - # https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/python-peewee - pname = "peewee"; - version = "3.6.4"; - src = fetchPypi { - inherit pname version; - sha256 = "1fi4z9n86ri79gllwav0gv3hmwipzmkvivzfyszfqn9fi5zpp3ak"; - }; - doCheck = false; - - checkPhase = '' - python runtests.py - ''; - - buildInputs = [ - cython - sqlite - # psycopg2 - # mysql-connector - ]; - meta.license = stdenv.lib.licenses.mit; - }; -in -stdenv.mkDerivation rec { - name = "cozy-${version}"; - version = "0.6.0"; - - src = fetchFromGitHub { - owner = "geigi"; - repo = "cozy"; - rev = version; - sha256 = "1afl3qsn9h4k8fgp63z0ab9p5ashrg3g936a9rh3i9qydv6s3srd"; - }; - - postPatch = '' - chmod +x data/meson_post_install.py - patchShebangs data/meson_post_install.py - substituteInPlace cozy/magic/magic.py --replace "ctypes.util.find_library('magic')" "'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'" - ''; - postInstall = '' - wrapProgram $out/bin/com.github.geigi.cozy \ - --prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)" - - ''; - wrapPrefixVariables = [ "PYTHONPATH" ]; - - - nativeBuildInputs = [ - meson ninja pkgconfig - wrapGAppsHook - appstream-glib - desktop-file-utils - gobjectIntrospection - - ]; - buildInputs = with gst_all_1; [ gtk3 glib - gstreamer gst-plugins-good gst-plugins-ugly gst-plugins-base cairo gettext - gnome3.defaultIconTheme gnome3.gsettings-desktop-schemas - ] - ++ (with python3Packages; [ - python gst-python pygobject3 dbus-python mutagen peewee magic - - ]); - - checkPhase = '' - ninja test - ''; - - meta = with stdenv.lib; { - description = '' - A modern audio book player for Linux using GTK+ 3 - ''; - maintainers = [ maintainers.makefu ]; - license = licenses.mit; - }; -} From f2b532c7ea8a87e46b3d0c8107c33bd631ff08ab Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:20:19 +0200 Subject: [PATCH 030/209] ma torrent: add state, torrent..r --- makefu/2configs/torrent.nix | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index 3df0ddbfe..ca368dbf0 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -3,12 +3,11 @@ with import ; let - daemon-user = "tor"; basicAuth = import ; peer-port = 51412; web-port = 8112; daemon-port = 58846; - base-dir = config.makefu.dl-dir; + base-dir = config.krebs.rtorrent.workDir; in { users.users = { @@ -23,17 +22,6 @@ in { }; }; - # todo: race condition, do this after download user has been created - system.activationScripts."download-dir-chmod" = '' - for i in finished watch; do - if test ! -d $i;then - mkdir -p "${base-dir}/$i" - chown rtorrent:download "${base-dir}/$i" - chmod 775 "${base-dir}/$i" - fi - done - ''; - users.extraGroups = { download = { gid = lib.mkDefault (genid "download"); @@ -57,15 +45,17 @@ in { rutorrent.enable = true; enableXMLRPC = true; listenPort = peer-port; - downloadDir = base-dir + "/finished"; - watchDir = base-dir + "/watch"; + downloadDir = config.makefu.dl-dir; # dump old torrents into watch folder to have them re-added }; + services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; }; + networking.firewall.extraCommands = '' iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT ''; networking.firewall.allowedTCPPorts = [ peer-port ]; networking.firewall.allowedUDPPorts = [ peer-port ]; + state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded } From 8f10933423df2f4dd71e13ef28a006e2fad67405 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:20:51 +0200 Subject: [PATCH 031/209] ma tools: shuffle --- makefu/2configs/tools/android-pentest.nix | 2 +- makefu/2configs/tools/desktop.nix | 2 +- makefu/2configs/tools/extra-gui.nix | 1 - makefu/2configs/tools/media.nix | 2 +- makefu/2configs/tools/mobility.nix | 2 ++ makefu/2configs/tools/secrets.nix | 2 +- 6 files changed, 6 insertions(+), 5 deletions(-) diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index da8a357ae..9dedafdd2 100644 --- a/makefu/2configs/tools/android-pentest.nix +++ b/makefu/2configs/tools/android-pentest.nix @@ -9,7 +9,7 @@ dex2jar apktool jd-gui - android-studio + # android-studio jdk jre openssl diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix index bb14c3eb5..924668803 100644 --- a/makefu/2configs/tools/desktop.nix +++ b/makefu/2configs/tools/desktop.nix @@ -3,7 +3,7 @@ { users.users.makefu.packages = with pkgs; [ taskwarrior - pass + (pass.withExtensions (ext: [ ext.pass-otp ])) gopass mutt weechat diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 1c28eeffd..3d26cc574 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -6,7 +6,6 @@ gimp inkscape libreoffice - quodlibet # skype synergy tdesktop diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index a61b6c88e..988550655 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -7,7 +7,7 @@ vlc mumble mplayer - quodlibet + quodlibet # exfalso plowshare streamripper diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 8a559dbbd..11151003d 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -7,6 +7,8 @@ rclone exfat (pkgs.callPackage ./secrets.nix {}) + + opensc pcsctools libu2f-host ]; # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix index f88618cbc..7d10983c7 100644 --- a/makefu/2configs/tools/secrets.nix +++ b/makefu/2configs/tools/secrets.nix @@ -1,7 +1,7 @@ { pass, write, writeDash, ... }: write "secrets" { - "/bin/secrets".link = writeDash "brain" '' + "/bin/secrets".link = writeDash "secrets" '' PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ exec ${pass}/bin/pass $@ ''; From 90da0939308ac0b7e3d73370ee6c12b5901990b7 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:21:22 +0200 Subject: [PATCH 032/209] ma cgit-retiolum: add secrets repo --- makefu/2configs/git/cgit-retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 1a7f3d987..4890e4afe 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -41,6 +41,7 @@ let autosync = { }; fenkins = { }; pass = { }; + secrets = { }; }; connector-repos = mapAttrs make-priv-repo { From f1bd2ce84d820d0b35c56245d820beffd7d2eb5b Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:21:58 +0200 Subject: [PATCH 033/209] ma gui: do not use antialiased fonts --- makefu/2configs/gui/base.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index 861a9327e..6bcd09826 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -66,7 +66,7 @@ in cat |derp < Date: Sun, 21 Oct 2018 23:22:21 +0200 Subject: [PATCH 034/209] ma gui/wbob-kiosk: disable screensaver on startup --- makefu/2configs/gui/wbob-kiosk.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index 7db749227..b0479d0d7 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -22,4 +22,16 @@ xrandr --output HDMI2 --right-of HDMI1 ''; }; + + systemd.services.xset-off = { + after = [ "display-manager.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms"; + RemainAfterExit = "yes"; + TimeoutSec = "5"; + Restart = "on-failure"; + }; + }; + } From 7a3801c75ef2ecccb976be8ed62367e6ddb3ce25 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:28:52 +0200 Subject: [PATCH 035/209] ma home-manager: bump --- makefu/2configs/home-manager/cli.nix | 8 +++- makefu/2configs/home-manager/default.nix | 3 ++ makefu/2configs/home-manager/desktop.nix | 52 +++++++++++++++--------- makefu/2configs/home-manager/mail.nix | 3 +- 4 files changed, 44 insertions(+), 22 deletions(-) diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix index 1efc4d2bf..64aa03bd7 100644 --- a/makefu/2configs/home-manager/cli.nix +++ b/makefu/2configs/home-manager/cli.nix @@ -1,12 +1,18 @@ -{ +{pkgs, ... }: { home-manager.users.makefu = { services.gpg-agent = { + enable = true; defaultCacheTtl = 900; maxCacheTtl = 7200; defaultCacheTtlSsh = 3600; maxCacheTtlSsh = 86400; enableSshSupport = true; + enableScDaemon = true; }; programs.fzf.enable = true; # alt-c }; + services.udev.packages = [ + pkgs.libu2f-host + pkgs.yubikey-personalization + ]; } diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix index e75ee6262..2a4574cc8 100644 --- a/makefu/2configs/home-manager/default.nix +++ b/makefu/2configs/home-manager/default.nix @@ -4,4 +4,7 @@ ]; home-manager.users.makefu = { }; + environment.variables = { + GTK_DATA_PREFIX = "/run/current-system/sw"; + }; } diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix index c2f854d47..ce98e651a 100644 --- a/makefu/2configs/home-manager/desktop.nix +++ b/makefu/2configs/home-manager/desktop.nix @@ -1,31 +1,43 @@ -{pkgs, ... }: { +{ pkgs, lib, ... }: + +{ home-manager.users.makefu = { programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; + programs.firefox.enable = true; services.network-manager-applet.enable = true; + systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; services.blueman-applet.enable = true; services.pasystray.enable = true; - - systemd.user.services.network-manager-applet.Service.Environment = '' - XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache - ''; - systemd.user.services.clipit = { - Unit = { - Description = "clipboard manager"; - After = [ "graphical-session-pre.target" ]; - PartOf = [ "graphical-session.target" ]; + systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) ); + programs.chromium = { + enable = true; + extensions = [ + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium + # "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold + "fpnmgdkabkmnadcjpehmlllkndpkmiak" # wayback machine + "gcknhkkoolaabfmlnjonogaaifnjlfnp" # foxyproxy + "abkfbakhjpmblaafnpgjppbmioombali" # memex + "kjacjjdnoddnpbbcjilcajfhhbdhkpgk" # forest + ]; }; - Install = { - WantedBy = [ "graphical-session.target" ]; - }; + systemd.user.services.clipit = { + Unit = { + Description = "clipboard manager"; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; - Service = { - Environment = '' - XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache - ''; - ExecStart = "${pkgs.clipit}/bin/clipit"; - Restart = "on-abort"; + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + + Service = { + Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; + ExecStart = "${pkgs.clipit}/bin/clipit"; + Restart = "on-abort"; + }; }; }; - }; } diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix index ce7ae4f4d..467e0d7a0 100644 --- a/makefu/2configs/home-manager/mail.nix +++ b/makefu/2configs/home-manager/mail.nix @@ -1,5 +1,6 @@ { home-manager.users.makefu = { + accounts.email.maildirBasePath = "/home/makefu/Mail"; accounts.email.accounts.syntaxfehler = { address = "felix.richter@syntax-fehler.de"; userName = "Felix.Richter@syntax-fehler.de"; @@ -27,7 +28,7 @@ }; primary = true; realName = "Felix Richter"; - passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg"; + passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.gnupg/mail/syntax-fehler.gpg"; }; programs.offlineimap.enable = true; programs.offlineimap.extraConfig = { From f6b82f2d1f3cd5df1d70bf2b8e9f69196268f1e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:29:34 +0200 Subject: [PATCH 036/209] ma hw/bluetooth: add blueman to dbus packages --- makefu/2configs/hw/bluetooth.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix index 313ca0147..e556b43c0 100644 --- a/makefu/2configs/hw/bluetooth.nix +++ b/makefu/2configs/hw/bluetooth.nix @@ -1,9 +1,7 @@ { pkgs, ... }: { # bluetooth+pulse config # for blueman-applet - users.users.makefu.packages = [ - pkgs.blueman - ]; + users.users.makefu.packages = [ pkgs.blueman ]; hardware.pulseaudio = { enable = true; package = pkgs.pulseaudioFull; @@ -39,4 +37,5 @@ Enable=Source,Sink,Media,Socket ''; }; + services.dbus.packages = [ pkgs.blueman ]; } From 85e7795a34c757993118a39a8b6bb23465c0246b Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:29:55 +0200 Subject: [PATCH 037/209] ma hw/network-manager: collect state --- makefu/2configs/hw/network-manager.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index ffc32e0cb..3b9d04549 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -27,4 +27,7 @@ powersave = true; scanRandMacAddress = true; }; + state = [ + "/etc/NetworkManager/system-connections" #NM stateful config files + ]; } From 2e88305f407f1b3b2d71e7c3948645374c8cfd65 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:31:37 +0200 Subject: [PATCH 038/209] ma virtualbox: cleanup --- makefu/2configs/virtualisation/virtualbox.nix | 21 ++----------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/makefu/2configs/virtualisation/virtualbox.nix b/makefu/2configs/virtualisation/virtualbox.nix index 30de6e44a..e90cc1e8d 100644 --- a/makefu/2configs/virtualisation/virtualbox.nix +++ b/makefu/2configs/virtualisation/virtualbox.nix @@ -1,26 +1,9 @@ { config, lib, pkgs, ... }: -let - mainUser = config.krebs.build.user; - vboxguestpkg = lib.stdenv.mkDerivation rec { - name = "Virtualbox-Extensions-${version}-${rev}"; - version = "5.0.20"; - rev = "106931"; - src = pkgs.fetchurl { - url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack"; - sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf"; - }; - }; -in { +{ virtualisation.virtualbox.host.enable = true; nixpkgs.config.virtualbox.enableExtensionPack = true; virtualisation.virtualbox.host.enableHardening = false; - users.extraGroups.vboxusers.members = [ "${mainUser.name}" ]; - nixpkgs.config.packageOverrides = super: { - boot.kernelPackages.virtualbox = super.boot.kernelPackages.virtualbox.override { - buildInputs = super.boot.kernelPackages.virtualBox.buildInputs - ++ [ vboxguestpkg ]; - }; - }; + users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ]; } From 5c1e92aaf6fc0a3882207a5cb3ff03b7aeab04d6 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:33:33 +0200 Subject: [PATCH 039/209] ma gum.r: manage less services --- makefu/1systems/gum/config.nix | 67 +++++++++++++++++----------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 36af23bb5..75b0680b2 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,11 +8,23 @@ in { imports = [ ./hardware-config.nix + { + users.users.lass = { + uid = 9002; + isNormalUser = true; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + makefu.pubkey + ]; + }; + } # - + # # @@ -42,23 +54,24 @@ in { # buildbot + ## Web - - - - - - # - - - + # + # + # + # + # + ## + # + # + # - + # # - - - + # + # + # { services.taskserver.enable = true; @@ -71,11 +84,11 @@ in { ''; } # - + # # - + # @@ -98,10 +111,6 @@ in { # }; #} - { # iperf3 - networking.firewall.allowedUDPPorts = [ 5201 ]; - networking.firewall.allowedTCPPorts = [ 5201 ]; - } ]; makefu.dl-dir = "/var/download"; @@ -133,20 +142,12 @@ in { makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; }; - # Chat - environment.systemPackages = with pkgs;[ - weechat - bepasty-client-cli - get - tmux - ]; - # Network networking = { firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ # smtp 25 # http @@ -174,9 +175,9 @@ in { # tinc-shack 21032 ]; + }; + nameservers = [ "8.8.8.8" ]; }; - nameservers = [ "8.8.8.8" ]; - }; users.users.makefu.extraGroups = [ "download" "nginx" ]; boot.tmpOnTmpfs = true; } From cfd65930a09d0b147bdd54bccf26b4f1004862dc Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:34:54 +0200 Subject: [PATCH 040/209] ma x.r: manage more state, use new services --- makefu/1systems/x/config.nix | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 66d904512..5a4eea2e4 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -15,7 +15,7 @@ - + # @@ -74,6 +74,7 @@ + # @@ -83,11 +84,11 @@ # Security - { - programs.adb.enable = true; - } + { programs.adb.enable = true; } # temporary + { services.redis.enable = true; } + # # # # @@ -121,13 +122,11 @@ ]; makefu.server.primary-itf = "wlp3s0"; - makefu.full-populate = true; nixpkgs.config.allowUnfree = true; # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ]; networking.firewall.allowedUDPPorts = [ 665 26061 ]; networking.firewall.trustedInterfaces = [ "vboxnet0" ]; @@ -144,14 +143,25 @@ # avoid full boot dir boot.loader.grub.configurationLimit = 3; - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; + environment.systemPackages = [ pkgs.passwdqc-utils ]; # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; }; state = [ "/home/makefu/stockholm" - "/home/makefu/backup/borgun" - "/home/makefu/.mail/" + "/home/makefu/.ssh/" + "/home/makefu/.zsh_history" + "/home/makefu/.bash_history" + "/home/makefu/.zshrc" + "/home/makefu/bin" + "/home/makefu/.gnupg" + "/home/makefu/.imapfilter" + "/home/makefu/.mutt" + "/home/makefu/docs" + "/home/makefu/.password-store" + "/home/makefu/.secrets-pass" + "/home/makefu/autosync/Database.kdb" ]; + services.syncthing.user = lib.mkForce "makefu"; services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; } From ba234de4e1aa42e2abbd6edcfbb509b755ac6c16 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:35:17 +0200 Subject: [PATCH 041/209] ma nextgum.r: almost finished the migration --- makefu/1systems/nextgum/config.nix | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix index 64516fa98..1c5cca0de 100644 --- a/makefu/1systems/nextgum/config.nix +++ b/makefu/1systems/nextgum/config.nix @@ -21,10 +21,10 @@ in { - + # - + # # @@ -52,6 +52,7 @@ in { # + @@ -66,22 +67,22 @@ in { ### Web # # - # - # - # + + + ## # # - # + - + - # - # - # - # - # + + + + + { services.taskserver.enable = true; @@ -250,4 +251,5 @@ in { }; users.users.makefu.extraGroups = [ "download" "nginx" ]; boot.tmpOnTmpfs = true; + state = [ "/home/makefu/.weechat" ]; } From acaadbb6fd7f61ccd2f131ad9b59c140068d7473 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:36:19 +0200 Subject: [PATCH 042/209] ma wbob.r: no more synergy --- makefu/1systems/wbob/config.nix | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index e1d66a2f9..e1d61081e 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -174,20 +174,4 @@ in { fsType = "ext4"; }; }; - - # DualHead on NUC - # TODO: update synergy package with these extras (username) - # TODO: add crypto layer - systemd.services."synergy-client" = { - environment.DISPLAY = ":0"; - serviceConfig.User = user; - }; - - services.synergy = { - client = { - enable = true; - screenName = "wbob"; - serverAddress = "x.r"; - }; - }; } From 550f8fce2571537b23588b41e363c27a6cd46c0e Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 30 Oct 2018 22:47:57 +0100 Subject: [PATCH 043/209] krebs.tinc: add tincUpExtra --- krebs/3modules/tinc.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index b032f3148..ecd449b09 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -75,6 +75,7 @@ let ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} ''} + ${tinc.config.tincUpExtra} ''; description = '' tinc-up script to be used. Defaults to setting the @@ -83,6 +84,11 @@ let ''; }; + tincUpExtra = mkOption { + type = types.str; + default = ""; + }; + tincPackage = mkOption { type = types.package; default = pkgs.tinc; From f170326b0518d28f6ac611559edf1e4cbadeadc1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 31 Oct 2018 13:40:57 +0100 Subject: [PATCH 044/209] nixpkgs: 81f5c26 -> 06fb025 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 60307e694..b761246cd 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "81f5c2698a87c65b4970c69d472960c574ea0db4", - "date": "2018-10-17T20:48:45-04:00", - "sha256": "0p4x9532d3qlbykyyq8zk62k8py9mxd1s7zgbv54zmv597rs5y35", + "rev": "06fb0253afabb8cc7dc85db742e2de94a4d68ca0", + "date": "2018-10-24T10:37:15-04:00", + "sha256": "0jkldgvdm8pl9cfw5faw90n0qbbzrdssgwgbihk1by4xq66khf1b", "fetchSubmodules": false } From 100ca928ad483471d61b36bd9e977e34441d404b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 5 Nov 2018 10:33:28 +0100 Subject: [PATCH 045/209] nixpkgs: 06fb025 -> bf7930d --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index b761246cd..e013645ea 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "06fb0253afabb8cc7dc85db742e2de94a4d68ca0", - "date": "2018-10-24T10:37:15-04:00", - "sha256": "0jkldgvdm8pl9cfw5faw90n0qbbzrdssgwgbihk1by4xq66khf1b", + "rev": "bf7930d582bcf7953c3b87e649858f3f1873eb9c", + "date": "2018-11-04T19:36:25+01:00", + "sha256": "0nvn6g0pxp0glqjg985qxs7ash0cmcdc80h8jxxk6z4pnr3f2n1m", "fetchSubmodules": false } From 9520ee2c51b49a0e6cb0c96f9ab1724381e0e9cd Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 13:48:25 +0100 Subject: [PATCH 046/209] ma nixpkgs: 86fb1e9 -> bf46294 --- makefu/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json index c5cd0ac30..73798f44d 100644 --- a/makefu/nixpkgs.json +++ b/makefu/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/makefu/nixpkgs", - "rev": "86fb1e9ae6ba6dfedc814b82abd8db5cfa4f4687", - "date": "2018-10-07T23:33:42+02:00", - "sha256": "015yxs3qj299mgqfmz5vgszj2gxqwazifsdsjw6xadris3ri41d3", - "fetchSubmodules": true + "rev": "bf46294e4cf20649182f76fc9200a48436f5874a", + "date": "2018-09-18T02:20:45+02:00", + "sha256": "13900gack7pgf5a7c11x30rzb3s0kjpbm2z2g8fw4720cr9lkd94", + "fetchSubmodules": false } From ea3afff61105fd32be1ea658460329aecf061eec Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 13:50:22 +0100 Subject: [PATCH 047/209] ma gum: prepare replacement by nextgum --- makefu/1systems/gum/config.nix | 23 ------ makefu/1systems/nextgum/config.nix | 120 ++++++++--------------------- makefu/1systems/nextgum/rescue.txt | 11 +++ makefu/2configs/taskd.nix | 11 +++ 4 files changed, 52 insertions(+), 113 deletions(-) create mode 100644 makefu/1systems/nextgum/rescue.txt create mode 100644 makefu/2configs/taskd.nix diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 75b0680b2..af2e6f6b0 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,18 +8,6 @@ in { imports = [ ./hardware-config.nix - { - users.users.lass = { - uid = 9002; - isNormalUser = true; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - makefu.pubkey - ]; - }; - } # @@ -73,16 +61,6 @@ in { # # - { - services.taskserver.enable = true; - services.taskserver.fqdn = config.krebs.build.host.name; - services.taskserver.listenHost = "::"; - services.taskserver.organisations.home.users = [ "makefu" ]; - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ''; - } # # @@ -110,7 +88,6 @@ in { # locations."/".proxyPass = "http://localhost:5000"; # }; #} - ]; makefu.dl-dir = "/var/download"; diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix index 1c5cca0de..118b5b9d4 100644 --- a/makefu/1systems/nextgum/config.nix +++ b/makefu/1systems/nextgum/config.nix @@ -9,6 +9,18 @@ in { ./hardware-config.nix ./transfer-config.nix + { + users.users.lass = { + uid = 9002; + isNormalUser = true; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + makefu.pubkey + ]; + }; + } # @@ -23,11 +35,21 @@ in { # - + # networking + + # + # + # - # + # ci + # + + + + + # services @@ -55,14 +77,10 @@ in { - - ## buildbot - + # Removed until move: no extra mails - # Removed until move: avoid double-update of domain - # # Removed until move: avoid letsencrypt ban ### Web # @@ -84,94 +102,18 @@ in { - { - services.taskserver.enable = true; - services.taskserver.fqdn = config.krebs.build.host.name; - services.taskserver.listenHost = "::"; - services.taskserver.organisations.home.users = [ "makefu" ]; - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ''; - } - - - # + # sharing + + + ## Temporary: # - #{ - # services.dockerRegistry.enable = true; - # networking.firewall.allowedTCPPorts = [ 8443 ]; - - # services.nginx.virtualHosts."euer.krebsco.de" = { - # forceSSL = true; - # enableACME = true; - # extraConfig = '' - # client_max_body_size 1000M; - # ''; - # locations."/".proxyPass = "http://localhost:5000"; - # }; - #} - { # wireguard server - - # opkg install wireguard luci-proto-wireguard - - # TODO: networking.nat - - # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - # conf.all.proxy_arp =1 - networking.firewall = { - allowedUDPPorts = [ 51820 ]; - extraCommands = '' - iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE - ''; - }; - - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.0.1/24" ]; - listenPort = 51820; - privateKeyFile = (toString ) + "/wireguard.key"; - allowedIPsAsRoutes = true; - peers = [ - { - # x - allowedIPs = [ "10.244.0.2/32" ]; - publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - } - { - # vbob - allowedIPs = [ "10.244.0.3/32" ]; - publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; - } - { - # x-test - allowedIPs = [ "10.244.0.4/32" ]; - publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; - } - { - # work-router - allowedIPs = [ "10.244.0.5/32" ]; - publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; - } - { - # workr - allowedIPs = [ "10.244.0.6/32" ]; - publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; - } - ]; - }; - } - { # iperf3 - networking.firewall.allowedUDPPorts = [ 5201 ]; - networking.firewall.allowedTCPPorts = [ 5201 ]; - } - # krebs infrastructure services ]; @@ -191,9 +133,7 @@ in { ListenAddress = ${external-ip} 21031 ''; connectTo = [ - "muhbaasu" "tahoe" "flap" "wry" - "ni" - "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" + "prism" "ni" "enklave" "dishfire" "echelon" "hotdog" ]; }; diff --git a/makefu/1systems/nextgum/rescue.txt b/makefu/1systems/nextgum/rescue.txt new file mode 100644 index 000000000..30276b7db --- /dev/null +++ b/makefu/1systems/nextgum/rescue.txt @@ -0,0 +1,11 @@ +mount /dev/mapper/nixos-root /mnt +mount /dev/sda2 /mnt/boot + +chroot-prepare /mnt +chroot /mnt /bin/sh + +journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub) + +export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin +/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate +/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild diff --git a/makefu/2configs/taskd.nix b/makefu/2configs/taskd.nix new file mode 100644 index 000000000..5ca3b9904 --- /dev/null +++ b/makefu/2configs/taskd.nix @@ -0,0 +1,11 @@ +{config, ... }: +{ + services.taskserver.enable = true; + services.taskserver.fqdn = config.krebs.build.host.name; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.home.users = [ "makefu" ]; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ''; +} From 2487cbc8829b9c81545d1627d4a03b8fed12de01 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 13:51:28 +0100 Subject: [PATCH 048/209] ma wbob.r: more automation --- makefu/1systems/wbob/config.nix | 14 +- .../deployment/bureautomation/hass.nix | 129 +++++++++++++++--- .../deployment/bureautomation/mpd.nix | 9 ++ 3 files changed, 124 insertions(+), 28 deletions(-) create mode 100644 makefu/2configs/deployment/bureautomation/mpd.nix diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index e1d61081e..24a3dddc6 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -11,10 +11,10 @@ in { - - # - # - # + # + + + @@ -33,9 +33,6 @@ in { - { - users.users.makefu.extraGroups = [ "pulse" ]; - } # Sensors @@ -46,10 +43,11 @@ in { # - + { environment.systemPackages = [ pkgs.vlc ]; } + (let collectd-port = 25826; diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix index b1eba22b4..443484a34 100644 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -12,7 +12,7 @@ let payload_not_available= "Offline"; }; tasmota_stecki = name: topic: - ( tasmota_plug name topic) // + ( tasmota_plug name topic) // { state_topic = "/bam/${topic}/stat/POWER"; command_topic = "/bam/${topic}/cmnd/POWER"; }; @@ -43,9 +43,6 @@ let }; in { networking.firewall.allowedTCPPorts = [ 8123 ]; - nixpkgs.config.permittedInsecurePackages = [ - "homeassistant-0.65.5" - ]; services.home-assistant = { enable = true; @@ -53,6 +50,9 @@ in { homeassistant = { name = "Bureautomation"; time_zone = "Europe/Berlin"; + latitude = "48.8265"; + longitude = "9.0676"; + elevation = 303; }; mqtt = { @@ -101,26 +101,109 @@ in { sensorid = "5341"; monitored_conditions = [ "P1" "P2" ]; } - { platform = "influxdb"; - queries = [ - { name = "mean value of feinstaub P1"; - where = '' "node" = 'esp8266-1355142' ''; - measurement = "feinstaub"; - database = "telegraf"; - field = "P1"; - } - { name = "mean value of feinstaub P2"; - where = '' "node" = 'esp8266-1355142' ''; - measurement = "feinstaub"; - database = "telegraf"; - field = "P2"; - } - ]; + + { platform = "darksky"; + api_key = lib.removeSuffix "\n" + (builtins.readFile ); + language = "de"; + monitored_conditions = [ "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "apparent_temperature" + "hourly_summary" # next 24 hours text + "minutely_summary" + "humidity" + "pressure" + "uv_index" ]; + units = "si" ; + update_interval = { + days = 0; + hours = 0; + minutes = 30; + seconds = 0; + }; + } + #{ platform = "influxdb"; + # queries = [ + # { name = "mean value of feinstaub P1"; + # where = '' "node" = 'esp8266-1355142' ''; + # measurement = "feinstaub"; + # database = "telegraf"; + # field = "P1"; + # } + # { name = "mean value of feinstaub P2"; + # where = '' "node" = 'esp8266-1355142' ''; + # measurement = "feinstaub"; + # database = "telegraf"; + # field = "P2"; + # } + # ]; + #} + ]; + camera = [ + { name = "Baumarkt"; + platform = "generic"; + still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt + } + { name = "Autobahn Heilbronn"; + platform = "generic"; + still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ; + } + { name = "Autobahn Singen"; + platform = "generic"; + still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ; } ]; frontend = { }; http = { }; - feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; + conversation = {}; + history = {}; + logbook = {}; + tts = [ { platform = "google";} ]; + recorder = {}; + group = + { default_view = + { view = "yes"; + entities = [ + "group.sensors" + "group.outside" + "group.switches" + "group.automation" + "group.camera" + ]; + }; + automation = [ + "automation.turn_off_fernseher_10_minutes_after_last_movement" + ]; + switches = [ + "switch.bauarbeiterlampe" + "switch.blitzdings" + "switch.fernseher" + "switch.pluggy" + ]; + camera = [ + "camera.Baumarkt" + "camera.Autobahn_Heilbronn" + "camera.Autobahn_Singen" + ]; + sensors = [ + "binary_sensor.motion" + "sensor.easy2_dht22_humidity" + "sensor.easy2_dht22_temperature" + ]; + outside = [ + "sensor.ditzingen_pm10" + "sensor.ditzingen_pm25" + "sensor.dark_sky_temperature" + "sensor.dark_sky_humidity" + "sensor.dark_sky_pressure" + "sensor.dark_sky_hourly_summary" + "sensor.dark_sky_minutely_summary" + ]; + }; + # only for automation + # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; automation = [ { alias = "Turn on Fernseher on movement"; trigger = { @@ -144,6 +227,12 @@ in { service= "homeassistant.turn_off"; entity_id= "switch.fernseher"; }; + condition = [{ + condition = "time"; + before = "06:30:00"; #only turn off between 6:30 and 18:00 + after = "18:00:00"; + weekday = [ "mon" "tue" "wed" "thu" "fri" ]; + }]; } ]; }; diff --git a/makefu/2configs/deployment/bureautomation/mpd.nix b/makefu/2configs/deployment/bureautomation/mpd.nix new file mode 100644 index 000000000..1f5acb357 --- /dev/null +++ b/makefu/2configs/deployment/bureautomation/mpd.nix @@ -0,0 +1,9 @@ +{lib,pkgs, ... }: + +{ + systemd.services."ympd-wbob" = { + description = "mpd "; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody"; + }; +} From 7f52e698476f3d782caa4134a6166c68a9abc56e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 13:51:54 +0100 Subject: [PATCH 049/209] ma wbob-kiosk: trying to get xset working ... --- makefu/2configs/gui/wbob-kiosk.nix | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index b0479d0d7..6da1a37e7 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -4,23 +4,26 @@ imports = [ ./base.nix ]; - users.users.makefu.packages = [ pkgs.chromium ]; + users.users.makefu = { + packages = [ pkgs.chromium ]; + extraGroups = [ "audio" "pulse" ]; + }; services.xserver = { - layout = lib.mkForce "de"; - xkbVariant = lib.mkForce ""; windowManager = lib.mkForce { awesome.enable = false; default = "none"; }; - desktopManager.xfce.enable = true; + desktopManager.xfce = { + extraSessionCommands = '' + ${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms + ${pkgs.xlibs.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1 + ''; + enable = true; + }; # xrandrHeads = [ "HDMI1" "HDMI2" ]; # prevent screen from turning off, disable dpms - displayManager.sessionCommands = '' - xset -display :0 s off -dpms - xrandr --output HDMI2 --right-of HDMI1 - ''; }; systemd.services.xset-off = { @@ -29,7 +32,8 @@ serviceConfig = { ExecStart = "${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms"; RemainAfterExit = "yes"; - TimeoutSec = "5"; + TimeoutSec = "5s"; + RestartSec="5s"; Restart = "on-failure"; }; }; From e706831281d6e4a0638cab2a8f38ac21af23081c Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 13:52:11 +0100 Subject: [PATCH 050/209] ma homeautomation: more sensors --- .../deployment/homeautomation/default.nix | 54 ++++++++++++++++--- 1 file changed, 48 insertions(+), 6 deletions(-) diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix index 5da0dba2e..94799b11d 100644 --- a/makefu/2configs/deployment/homeautomation/default.nix +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -17,7 +17,7 @@ let # state # TODO: currently broken, will not use the custom state topic #state_topic = "/ham/${topic}/stat/POWER"; - state_topic = "stat/${topic}/POWER"; + state_topic = "/ham/${topic}/stat/POWER"; command_topic = "/ham/${topic}/cmnd/POWER"; availability_topic = "/ham/${topic}/tele/LWT"; payload_on= "ON"; @@ -47,7 +47,7 @@ let device_class = "motion"; inherit name; # TODO: currently broken, will not use the custom state topic - state_topic = "stat/${topic}/POWER"; + state_topic = "/ham/${topic}/stat/POWER"; payload_on = "ON"; payload_off = "OFF"; availability_topic = "/ham/${topic}/tele/LWT"; @@ -87,6 +87,20 @@ let unit_of_measurement = "hPa"; } ]; + tasmota_am2301 = name: topic: + [ { platform = "mqtt"; + name = "${name} Temperatur"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.AM2301.Temperature }}"; + unit_of_measurement = "°C"; + } + { platform = "mqtt"; + name = "${name} Luftfeuchtigkeit"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.AM2301.Humidity }}"; + unit_of_measurement = "%"; + } + ]; in { imports = [ ./mqtt.nix @@ -153,7 +167,7 @@ in { # monitored_conditions = [ "ping" "download" "upload" ]; #} { platform = "luftdaten"; - name = "Ditzingen"; + name = "Wangen"; sensorid = "663"; monitored_conditions = [ "P1" "P2" ]; } @@ -165,18 +179,23 @@ in { monitored_conditions = [ "summary" "icon" "nearest_storm_distance" "precip_probability" "precip_intensity" - "temperature" # "temperature_high" "temperature_low" + "temperature" + "apparent_temperature" "hourly_summary" + "humidity" + "pressure" "uv_index" ]; units = "si" ; update_interval = { days = 0; hours = 0; - minutes = 10; + minutes = 30; seconds = 0; }; } - ] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer"); + ] + ++ (tasmota_bme "Schlafzimmer" "schlafzimmer") + ++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer"); frontend = { }; group = { default_view = @@ -186,6 +205,7 @@ in { "group.schlafzimmer" "group.draussen" "group.wohnzimmer" + "group.arbeitszimmer" ]; }; flur = [ @@ -198,6 +218,8 @@ in { draussen = [ "sensor.dark_sky_temperature" "sensor.dark_sky_hourly_summary" + "sensor.wangen_pm10" + "sensor.wangen_pm25" ]; schlafzimmer = [ "sensor.schlafzimmer_temperatur" @@ -205,12 +227,32 @@ in { "sensor.schlafzimmer_luftfeuchtigkeit" "switch.lichterkette_schlafzimmer" ]; + arbeitszimmer = [ + "switch.strom_staubsauger" + "sensor.arbeitszimmer_temperatur" + "sensor.arbeitszimmer_luftfeuchtigkeit" + ]; }; http = { }; switch = [ (tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer") + (tasmota_plug "Strom Staubsauger" "arbeitszimmer") ]; light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ]; + automation = [ + { alias = "Staubsauger Strom aus nach 6h"; + trigger = { + platform = "state"; + entity_id = "switch.strom_staubsauger"; + to = "on"; + for.hours = 6; + }; + action = { + service= "homeassistant.turn_off"; + entity_id= "switch.strom_staubsauger"; + }; + } + ]; }; enable = true; #configDir = "/var/lib/hass"; From af41e7225900113b6a9c9b666a5fa25e209965b7 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 13:55:24 +0100 Subject: [PATCH 051/209] ma wbob: cleanup config, minor tweaks --- makefu/2configs/bluetooth-mpd.nix | 2 ++ makefu/2configs/stats/arafetch.nix | 2 ++ makefu/2configs/tools/media.nix | 2 ++ makefu/5pkgs/awesomecfg/full.cfg | 6 +++--- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix index b59d3ce10..e007b6072 100644 --- a/makefu/2configs/bluetooth-mpd.nix +++ b/makefu/2configs/bluetooth-mpd.nix @@ -57,6 +57,8 @@ in { load-module module-filter-heuristics load-module module-filter-apply load-module module-switch-on-connect + load-module module-equalizer-sink + load-module module-dbus-protocol #load-module module-bluez5-device #load-module module-bluez5-discover ''; diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index 422676b24..c16629cc5 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -27,12 +27,14 @@ in { systemd.services.arafetch = { startAt = "Mon,Wed,Fri 09:15:00"; wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; environment = { OUTDIR = home; }; path = [ pkg pkgs.git pkgs.wget ]; serviceConfig = { User = "arafetch"; + Restart = "always"; WorkingDirectory = home; PrivateTmp = true; ExecStart = pkgs.writeDash "start-weekrun" '' diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 988550655..88a7c6882 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -12,5 +12,7 @@ plowshare streamripper youtube-dl + + pulseeffects ]; } diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index 12d357913..11f9f59b8 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -572,9 +572,9 @@ local os = { do local cmds = { - "@networkmanagerapplet@/bin/nm-applet", - "@blueman@/bin/blueman-applet", - "@clipit@/bin/clipit" + -- "@networkmanagerapplet@/bin/nm-applet", + -- "@blueman@/bin/blueman-applet", + -- "@clipit@/bin/clipit" } for _,i in pairs(cmds) do From 72cd32c0bc7d66536e163b42a9404986e479c597 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 16:22:39 +0100 Subject: [PATCH 052/209] ma nextgum.r becomes gum.r --- krebs/3modules/makefu/default.nix | 100 +++------ makefu/1systems/gum/config.nix | 149 ++++++++----- makefu/1systems/gum/hardware-config.nix | 77 +++++-- makefu/1systems/{nextgum => gum}/rescue.txt | 0 makefu/1systems/gum/source.nix | 2 +- .../{nextgum => gum}/transfer-config.nix | 0 makefu/1systems/nextgum/config.nix | 195 ------------------ makefu/1systems/nextgum/hardware-config.nix | 99 --------- makefu/1systems/nextgum/source.nix | 5 - 9 files changed, 190 insertions(+), 437 deletions(-) rename makefu/1systems/{nextgum => gum}/rescue.txt (100%) rename makefu/1systems/{nextgum => gum}/transfer-config.nix (100%) delete mode 100644 makefu/1systems/nextgum/config.nix delete mode 100644 makefu/1systems/nextgum/hardware-config.nix delete mode 100644 makefu/1systems/nextgum/source.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e2152ea1a..94af67fc7 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -494,6 +494,8 @@ in { ip6.addr = "42:f9f0::10"; aliases = [ "omo.r" + "dcpp.omo.r" + "torrent.omo.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -554,7 +556,7 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; - nextgum = rec { + gum = rec { ci = true; extraZones = { "krebsco.de" = '' @@ -563,6 +565,23 @@ in { graph IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} iso.euer IN A ${nets.internet.ip4.addr} + wg.euer IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} + o.euer IN A ${nets.internet.ip4.addr} + mon.euer IN A ${nets.internet.ip4.addr} + boot.euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} + pigstarter IN A ${nets.internet.ip4.addr} + cgit.euer IN A ${nets.internet.ip4.addr} + git.euer IN A ${nets.internet.ip4.addr} + euer IN A ${nets.internet.ip4.addr} + share.euer IN A ${nets.internet.ip4.addr} + gum IN A ${nets.internet.ip4.addr} + wikisearch IN A ${nets.internet.ip4.addr} + dl.euer IN A ${nets.internet.ip4.addr} + ghook IN A ${nets.internet.ip4.addr} + dockerhub IN A ${nets.internet.ip4.addr} + io IN NS gum.krebsco.de. ''; }; cores = 8; @@ -571,6 +590,7 @@ in { ip4.addr = "144.76.26.247"; ip6.addr = "2a01:4f8:191:12f6::2"; aliases = [ + "gum.i" "nextgum.i" ]; }; @@ -594,6 +614,16 @@ in { "stats.makefu.r" "backup.makefu.r" "dcpp.nextgum.r" + "gum.r" + "cgit.gum.r" + "o.gum.r" + "tracker.makefu.r" + "search.makefu.r" + "wiki.makefu.r" + "wiki.gum.r" + "blog.makefu.r" + "blog.gum.r" + "dcpp.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -609,73 +639,7 @@ in { }; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; - - gum = rec { - ci = true; - cores = 2; - - extraZones = { - "krebsco.de" = '' - share.euer IN A ${nets.internet.ip4.addr} - mattermost.euer IN A ${nets.internet.ip4.addr} - gum IN A ${nets.internet.ip4.addr} - wikisearch IN A ${nets.internet.ip4.addr} - pigstarter IN A ${nets.internet.ip4.addr} - cgit.euer IN A ${nets.internet.ip4.addr} - euer IN A ${nets.internet.ip4.addr} - o.euer IN A ${nets.internet.ip4.addr} - git.euer IN A ${nets.internet.ip4.addr} - dl.euer IN A ${nets.internet.ip4.addr} - boot.euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} - mon.euer IN A ${nets.internet.ip4.addr} - ghook IN A ${nets.internet.ip4.addr} - dockerhub IN A ${nets.internet.ip4.addr} - photostore IN A ${nets.internet.ip4.addr} - io IN NS gum.krebsco.de. - ''; - }; - nets = rec { - internet = { - ip4.addr = "185.194.143.140"; - ip6.addr = "2a03:4000:1c:43f::1"; - aliases = [ - "gum.i" - ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.0.211"; - ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2"; - aliases = [ - "gum.r" - "cgit.gum.r" - "o.gum.r" - "tracker.makefu.r" - - "search.makefu.r" - "wiki.makefu.r" - "wiki.gum.r" - "blog.makefu.r" - "blog.gum.r" - "dcpp.gum.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY - BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 - i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 - 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS - u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa - OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - # configured manually - # ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; - }; + shoney = rec { ci = true; cores = 1; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index af2e6f6b0..118b5b9d4 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,16 +8,22 @@ in { imports = [ ./hardware-config.nix + ./transfer-config.nix + { + users.users.lass = { + uid = 9002; + isNormalUser = true; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + makefu.pubkey + ]; + }; + } # - - - # - # - - - # Security @@ -26,69 +32,90 @@ in { + + # + + # networking + + # + # + + # + + + # ci + # + + + + # services - - # - - - # + + - # network + # sharing + + + # + ## + # + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + # + + ## network # + + + + - # buildbot - - - - ## Web + # Removed until move: no extra mails + + # Removed until move: avoid letsencrypt ban + ### Web # # - # - # - # + + + ## # # - # + + + + - # - # - # - # - # - - # - # - - # - - + + + + + # - # Temporary: + # sharing + + + + ## Temporary: # + - #{ - # services.dockerRegistry.enable = true; - # networking.firewall.allowedTCPPorts = [ 8443 ]; - - # services.nginx.virtualHosts."euer.krebsco.de" = { - # forceSSL = true; - # enableACME = true; - # extraConfig = '' - # client_max_body_size 1000M; - # ''; - # locations."/".proxyPass = "http://localhost:5000"; - # }; - #} - + # krebs infrastructure services + ]; makefu.dl-dir = "/var/download"; @@ -106,9 +133,7 @@ in { ListenAddress = ${external-ip} 21031 ''; connectTo = [ - "muhbaasu" "tahoe" "flap" "wry" - "ni" - "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" + "prism" "ni" "enklave" "dishfire" "echelon" "hotdog" ]; }; @@ -119,12 +144,21 @@ in { makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; }; + # Chat + environment.systemPackages = with pkgs;[ + weechat + bepasty-client-cli + tmux + ]; + + # Hardware + # Network networking = { firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ # smtp 25 # http @@ -152,9 +186,10 @@ in { # tinc-shack 21032 ]; - }; - nameservers = [ "8.8.8.8" ]; }; + nameservers = [ "8.8.8.8" ]; + }; users.users.makefu.extraGroups = [ "download" "nginx" ]; boot.tmpOnTmpfs = true; + state = [ "/home/makefu/.weechat" ]; } diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index a40709169..bfe29b46c 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -1,26 +1,24 @@ { config, ... }: let - external-mac = "2a:c5:6e:d2:fc:7f"; - main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; - external-gw = "185.194.140.1"; + external-mac = "50:46:5d:9f:63:6b"; + main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; + sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; + external-gw = "144.76.26.225"; # single partition, label "nixos" # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate # static - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; + external-ip = "144.76.26.247"; + external-ip6 = "2a01:4f8:191:12f6::2"; external-gw6 = "fe80::1"; - external-netmask = 22; + external-netmask = 27; external-netmask6 = 64; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; ext-if = "et0"; # gets renamed on the fly in { imports = [ - - ]; - makefu.server.primary-itf = ext-if; services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" @@ -40,7 +38,62 @@ in { defaultGateway = external-gw; }; boot.kernelParams = [ ]; - boot.loader.grub.device = main-disk; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ main-disk ]; + boot.initrd.kernelModules = [ "dm-raid" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" + "xhci_pci" "ehci_pci" "ahci" "sd_mod" + ]; + boot.kernelModules = [ "kvm-intel" ]; + hardware.enableRedistributableFirmware = true; + fileSystems."/" = { + device = "/dev/mapper/nixos-root"; + fsType = "ext4"; + }; + fileSystems."/var/lib" = { + device = "/dev/mapper/nixos-lib"; + fsType = "ext4"; + }; + fileSystems."/var/download" = { + device = "/dev/mapper/nixos-download"; + fsType = "ext4"; + }; + fileSystems."/var/lib/borgbackup" = { + device = "/dev/mapper/nixos-backup"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/sda2"; + fsType = "vfat"; + }; + # parted -s -a optimal "$disk" \ + # mklabel gpt \ + # mkpart no-fs 0 1024KiB \ + # set 1 bios_grub on \ + # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ + # mkpart primary 1025MiB 100% + # parted -s -a optimal "/dev/sdb" \ + # mklabel gpt \ + # mkpart primary 1M 100% + + #mkfs.vfat /dev/sda2 + #pvcreate /dev/sda3 + #pvcreate /dev/sdb1 + #vgcreate nixos /dev/sda3 /dev/sdb1 + #lvcreate -L 120G -m 1 -n root nixos + #lvcreate -L 50G -m 1 -n lib nixos + #lvcreate -L 100G -n download nixos + #lvcreate -L 100G -n backup nixos + #mkfs.ext4 /dev/mapper/nixos-root + #mkfs.ext4 /dev/mapper/nixos-lib + #mkfs.ext4 /dev/mapper/nixos-download + #mkfs.ext4 /dev/mapper/nixos-borgbackup + #mount /dev/mapper/nixos-root /mnt + #mkdir /mnt/boot + #mount /dev/sda2 /mnt/boot + #mkdir -p /mnt/var/src + #touch /mnt/var/src/.populate + } diff --git a/makefu/1systems/nextgum/rescue.txt b/makefu/1systems/gum/rescue.txt similarity index 100% rename from makefu/1systems/nextgum/rescue.txt rename to makefu/1systems/gum/rescue.txt diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index 1e36c6e87..6940498f1 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,5 +1,5 @@ { - name="gum"; + name="nextgum"; torrent = true; clever_kexec = true; } diff --git a/makefu/1systems/nextgum/transfer-config.nix b/makefu/1systems/gum/transfer-config.nix similarity index 100% rename from makefu/1systems/nextgum/transfer-config.nix rename to makefu/1systems/gum/transfer-config.nix diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix deleted file mode 100644 index 118b5b9d4..000000000 --- a/makefu/1systems/nextgum/config.nix +++ /dev/null @@ -1,195 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - ext-if = config.makefu.server.primary-itf; -in { - imports = [ - - ./hardware-config.nix - ./transfer-config.nix - { - users.users.lass = { - uid = 9002; - isNormalUser = true; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - makefu.pubkey - ]; - }; - } - - # - - # Security - - - # Tools - - - - - - # - - # networking - - # - # - - # - - - # ci - # - - - - - - # services - - - - # sharing - - - # - ## - # - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } - # - - ## network - - # - - - - - - - - # Removed until move: no extra mails - - # Removed until move: avoid letsencrypt ban - ### Web - # - # - - - - ## - # - # - - - - - - - - - - - - - # - - # sharing - - - - ## Temporary: - # - - - - # krebs infrastructure services - - ]; - makefu.dl-dir = "/var/download"; - - services.openssh.hostKeys = [ - { bits = 4096; path = (toString ); type = "rsa"; } - { path = (toString ); type = "ed25519"; } ]; - ###### stable - services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; - krebs.build.host = config.krebs.hosts.gum; - - krebs.tinc.retiolum = { - extraConfig = '' - ListenAddress = ${external-ip} 53 - ListenAddress = ${external-ip} 655 - ListenAddress = ${external-ip} 21031 - ''; - connectTo = [ - "prism" "ni" "enklave" "dishfire" "echelon" "hotdog" - ]; - }; - - - # access - users.users = { - root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; - makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; - }; - - # Chat - environment.systemPackages = with pkgs;[ - weechat - bepasty-client-cli - tmux - ]; - - # Hardware - - # Network - networking = { - firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # httptunnel - 8080 8443 - # tinc - 655 - # tinc-shack - 21032 - # tinc-retiolum - 21031 - # taskserver - 53589 - # temp vnc - 18001 - # temp reverseshell - 31337 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - # tinc-retiolum - 21031 - # tinc-shack - 21032 - ]; - }; - nameservers = [ "8.8.8.8" ]; - }; - users.users.makefu.extraGroups = [ "download" "nginx" ]; - boot.tmpOnTmpfs = true; - state = [ "/home/makefu/.weechat" ]; -} diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix deleted file mode 100644 index bfe29b46c..000000000 --- a/makefu/1systems/nextgum/hardware-config.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, ... }: -let - external-mac = "50:46:5d:9f:63:6b"; - main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; - sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; - external-gw = "144.76.26.225"; - # single partition, label "nixos" - # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate - - - # static - external-ip = "144.76.26.247"; - external-ip6 = "2a01:4f8:191:12f6::2"; - external-gw6 = "fe80::1"; - external-netmask = 27; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly -in { - imports = [ - ]; - makefu.server.primary-itf = ext-if; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - networking = { - interfaces."${ext-if}" = { - ipv4.addresses = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - ipv6.addresses = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - defaultGateway6 = external-gw6; - defaultGateway = external-gw; - }; - boot.kernelParams = [ ]; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ main-disk ]; - boot.initrd.kernelModules = [ "dm-raid" ]; - boot.initrd.availableKernelModules = [ - "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" - "xhci_pci" "ehci_pci" "ahci" "sd_mod" - ]; - boot.kernelModules = [ "kvm-intel" ]; - hardware.enableRedistributableFirmware = true; - fileSystems."/" = { - device = "/dev/mapper/nixos-root"; - fsType = "ext4"; - }; - fileSystems."/var/lib" = { - device = "/dev/mapper/nixos-lib"; - fsType = "ext4"; - }; - fileSystems."/var/download" = { - device = "/dev/mapper/nixos-download"; - fsType = "ext4"; - }; - fileSystems."/var/lib/borgbackup" = { - device = "/dev/mapper/nixos-backup"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "/dev/sda2"; - fsType = "vfat"; - }; - # parted -s -a optimal "$disk" \ - # mklabel gpt \ - # mkpart no-fs 0 1024KiB \ - # set 1 bios_grub on \ - # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ - # mkpart primary 1025MiB 100% - # parted -s -a optimal "/dev/sdb" \ - # mklabel gpt \ - # mkpart primary 1M 100% - - #mkfs.vfat /dev/sda2 - #pvcreate /dev/sda3 - #pvcreate /dev/sdb1 - #vgcreate nixos /dev/sda3 /dev/sdb1 - #lvcreate -L 120G -m 1 -n root nixos - #lvcreate -L 50G -m 1 -n lib nixos - #lvcreate -L 100G -n download nixos - #lvcreate -L 100G -n backup nixos - #mkfs.ext4 /dev/mapper/nixos-root - #mkfs.ext4 /dev/mapper/nixos-lib - #mkfs.ext4 /dev/mapper/nixos-download - #mkfs.ext4 /dev/mapper/nixos-borgbackup - #mount /dev/mapper/nixos-root /mnt - #mkdir /mnt/boot - #mount /dev/sda2 /mnt/boot - #mkdir -p /mnt/var/src - #touch /mnt/var/src/.populate - -} diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix deleted file mode 100644 index 6940498f1..000000000 --- a/makefu/1systems/nextgum/source.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - name="nextgum"; - torrent = true; - clever_kexec = true; -} From 51fe1cf77b1d66a75c8ad86bec231a889f11ed86 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 16:48:37 +0100 Subject: [PATCH 053/209] Revert "ma nixpkgs: 86fb1e9 -> bf46294" ... for now This reverts commit 9520ee2c51b49a0e6cb0c96f9ab1724381e0e9cd. --- makefu/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json index 73798f44d..c5cd0ac30 100644 --- a/makefu/nixpkgs.json +++ b/makefu/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/makefu/nixpkgs", - "rev": "bf46294e4cf20649182f76fc9200a48436f5874a", - "date": "2018-09-18T02:20:45+02:00", - "sha256": "13900gack7pgf5a7c11x30rzb3s0kjpbm2z2g8fw4720cr9lkd94", - "fetchSubmodules": false + "rev": "86fb1e9ae6ba6dfedc814b82abd8db5cfa4f4687", + "date": "2018-10-07T23:33:42+02:00", + "sha256": "015yxs3qj299mgqfmz5vgszj2gxqwazifsdsjw6xadris3ri41d3", + "fetchSubmodules": true } From 8b57f04ff84b53742ef6a8a9677560745075ffb1 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 18:18:35 +0100 Subject: [PATCH 054/209] ma gum.r: bye transfer-config --- makefu/1systems/gum/config.nix | 1 - makefu/1systems/gum/transfer-config.nix | 7 ------- 2 files changed, 8 deletions(-) delete mode 100644 makefu/1systems/gum/transfer-config.nix diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 118b5b9d4..3d2cbac6f 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,7 +8,6 @@ in { imports = [ ./hardware-config.nix - ./transfer-config.nix { users.users.lass = { uid = 9002; diff --git a/makefu/1systems/gum/transfer-config.nix b/makefu/1systems/gum/transfer-config.nix deleted file mode 100644 index 92df60195..000000000 --- a/makefu/1systems/gum/transfer-config.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, lib, ... }: -# configuration which is only required for the time of the transfer -{ - krebs.tinc.retiolum.connectTo = [ "gum" ]; - krebs.build.host = lib.mkForce config.krebs.hosts.nextgum; -} - From 69adc5dc17d9f9b9df605eada6a433545ff987dc Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 8 Nov 2018 19:09:11 +0100 Subject: [PATCH 055/209] tv q: add utcdate --- tv/5pkgs/simple/q/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix index 655c75e1b..cbcec1bae 100644 --- a/tv/5pkgs/simple/q/default.nix +++ b/tv/5pkgs/simple/q/default.nix @@ -71,6 +71,11 @@ let '+%Y-%m-%dT%H:%M:%S%:z' ''; + q-utcdate = '' + ${pkgs.coreutils}/bin/date -u \ + '+%Y-%m-%dT%H:%M:%S%:z' + ''; + q-gitdir = '' if test -d .git; then #git status --porcelain @@ -295,6 +300,7 @@ pkgs.writeBashBin "q" '' set -eu export PATH=/var/empty ${q-cal} + ${q-utcdate} ${q-isodate} ${q-sgtdate} (${q-gitdir}) & From 9a801fa642a60a2c46240670b4e3ad66ea77d995 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 8 Nov 2018 19:25:24 +0100 Subject: [PATCH 056/209] tv mu: replace disk --- tv/1systems/mu/config.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index c26d4ab30..a653ce40d 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -15,7 +15,7 @@ with import ; # hardware configuration boot.initrd.luks.devices.muca = { - device = "/dev/disk/by-uuid/a8796bb3-6c03-4ddf-b2e4-c2e44c51d352"; + device = "/dev/disk/by-uuid/7b24a931-40b6-44a6-ba22-c805cf164e91"; }; boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; boot.initrd.availableKernelModules = [ "ahci" ]; @@ -25,16 +25,17 @@ with import ; fileSystems = { "/" = { device = "/dev/mapper/muvga-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; + fsType = "ext4"; + options = [ "defaults" "discard" ]; }; "/home" = { device = "/dev/mapper/muvga-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; + fsType = "ext4"; + options = [ "defaults" "discard" ]; }; "/boot" = { - device = "/dev/disk/by-uuid/DC38-F165"; + device = "/dev/disk/by-uuid/CEB1-9743"; + fsType = "vfat"; }; }; From 70bffd8b90a7740546a20dbbdd6730ab00c7158b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 18:47:06 +0100 Subject: [PATCH 057/209] hotdog.r: remove import of gitlab-runner-shackspace --- krebs/1systems/hotdog/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 0a848426c..cf72e0d73 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -10,7 +10,6 @@ - From 6416e2637665a99c7efc07d036a023463500fefe Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 18:47:34 +0100 Subject: [PATCH 058/209] realwallpaper: e056328 -> 847faeb --- krebs/5pkgs/simple/realwallpaper/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 15cc277a5..7c9812117 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -5,8 +5,8 @@ stdenv.mkDerivation { src = fetchgit { url = https://github.com/Lassulus/realwallpaper; - rev = "e0563289c2ab592b669ce4549fc40130246e9d79"; - sha256 = "1zgk8ips2d686216h203w62wrw7zy9z0lrndx9f8z6f1vpvjcmqc"; + rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0"; + sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr"; }; phases = [ From df660ff2fa05a624903b0b8c93b84c2fef3eb4e8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 18:49:05 +0100 Subject: [PATCH 059/209] l archprism.r: new hfos ip --- lass/1systems/archprism/config.nix | 4 ++-- lass/1systems/archprism/physical.nix | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index 0a286c6f0..e6eddf8b2 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -36,10 +36,10 @@ with import ; # TODO write function for proxy_pass (ssl/nonssl) krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; } ]; } { diff --git a/lass/1systems/archprism/physical.nix b/lass/1systems/archprism/physical.nix index 56348d0ab..36de7dc17 100644 --- a/lass/1systems/archprism/physical.nix +++ b/lass/1systems/archprism/physical.nix @@ -14,16 +14,16 @@ }; }; # TODO use this network config - #networking.interfaces.et0.ipv4.addresses = [ - # { - # address = config.krebs.build.host.nets.internet.ip4.addr; - # prefixLength = 27; - # } - # { - # address = "46.4.114.243"; - # prefixLength = 27; - # } - #]; + networking.interfaces.eth0.ipv4.addresses = [ + { + address = config.krebs.build.host.nets.internet.ip4.addr; + prefixLength = 27; + } + { + address = "46.4.114.243"; + prefixLength = 27; + } + ]; #networking.defaultGateway = "46.4.114.225"; #networking.nameservers = [ # "8.8.8.8" From 3902f97c56cd374c67374b57357811621d8cec29 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 18:53:16 +0100 Subject: [PATCH 060/209] l prism.r: remove deprecated grub workaround --- lass/1systems/prism/config.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bf7de6fc5..01479b69c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -349,8 +349,6 @@ with import ; ]; krebs.build.host = config.krebs.hosts.prism; - # workaround because grub store paths are broken - boot.copyKernels = true; services.earlyoom = { enable = true; freeMemThreshold = 5; From cf22b956cd0f11a25c09c6e04b440dd456a23e03 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 18:56:25 +0100 Subject: [PATCH 061/209] l prism.r: new physical host --- lass/1systems/prism/physical.nix | 119 +++++++++++++------------------ 1 file changed, 49 insertions(+), 70 deletions(-) diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 56348d0ab..4388c13fa 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -1,77 +1,56 @@ { config, lib, pkgs, ... }: + { + imports = [ ./config.nix - { - boot.kernelParams = [ "net.ifnames=0" ]; - networking = { - defaultGateway = "46.4.114.225"; - # Use google's public DNS server - nameservers = [ "8.8.8.8" ]; - interfaces.eth0 = { - ipAddress = "46.4.114.247"; - prefixLength = 27; - }; - }; - # TODO use this network config - #networking.interfaces.et0.ipv4.addresses = [ - # { - # address = config.krebs.build.host.nets.internet.ip4.addr; - # prefixLength = 27; - # } - # { - # address = "46.4.114.243"; - # prefixLength = 27; - # } - #]; - #networking.defaultGateway = "46.4.114.225"; - #networking.nameservers = [ - # "8.8.8.8" - #]; - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" - #''; - } - { - imports = [ ]; - - networking.hostId = "fb4173ea"; - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - "ahci" "sd_mod" - ]; - - boot.kernelModules = [ "kvm-intel" ]; - - sound.enable = false; - nixpkgs.config.allowUnfree = true; - time.timeZone = "Europe/Berlin"; - - fileSystems."/" = { - device = "rpool/root/nixos"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d"; - fsType = "ext4"; - }; - - } + ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = { + device = "rpool/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "tank/srv-http"; + fsType = "zfs"; + }; + + fileSystems."/var/lib/containers" = { + device = "tank/containers"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "tank/home"; + fsType = "zfs"; + }; + + nix.maxJobs = lib.mkDefault 8; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; + + boot.kernelParams = [ "net.ifnames=0" ]; + networking = { + hostId = "2283aaae"; + defaultGateway = "95.216.1.129"; + # Use google's public DNS server + nameservers = [ "8.8.8.8" ]; + interfaces.eth0 = { + ipAddress = "95.216.1.150"; + prefixLength = 26; + }; + }; } From 2912ca43a9607f88780535fc32c5ad0a43d7bd3a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:00:04 +0100 Subject: [PATCH 062/209] l blue: add l-gen-secrets --- lass/2configs/blue.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 68f2256cf..4d4a92eb9 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -15,6 +15,7 @@ with (import ); dic nmap git-preview + l-gen-secrets ]; services.tor.enable = true; From 95c9cd185bdd29b19454a771d5a98d7c594d7cdb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:02:49 +0100 Subject: [PATCH 063/209] l ciko: chmod +x --- lass/2configs/ciko.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix index b08cf9307..6818db460 100644 --- a/lass/2configs/ciko.nix +++ b/lass/2configs/ciko.nix @@ -19,5 +19,9 @@ with import ; "slash16.net" ]; }; + + system.activationScripts.user-shadow = '' + ${pkgs.coreutils}/bin/chmod +x /home/ciko + ''; } From 4a5608ba7bb92450ca5c3ef5567818d65b0330a9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:03:08 +0100 Subject: [PATCH 064/209] l: add neocron@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 6ef3c8595..733115a74 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -90,6 +90,7 @@ with import ; { from = "afra@lassul.us"; to = lass.mail; } { from = "ksp@lassul.us"; to = lass.mail; } { from = "ccc@lassul.us"; to = lass.mail; } + { from = "neocron@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 93b4db56dfbb4981e5732cad981fba899c1309ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:03:43 +0100 Subject: [PATCH 065/209] l games: add steam-run & dolphinEmu to pkgs --- lass/2configs/games.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 17c3cf3be..49602898e 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -75,6 +75,8 @@ in { packages = with pkgs; [ ftb minecraft + steam-run + dolphinEmu ]; }; }; From ab6b32baa7282a5127def657dc0e595464b0bf9c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:13:01 +0100 Subject: [PATCH 066/209] l git: chmod +x /var/spool --- lass/2configs/git.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index c5b5c01fb..62173e33f 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -21,6 +21,10 @@ let krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } ]; + + system.activationScripts.spool-chmod = '' + ${pkgs.coreutils}/bin/chmod +x /var/spool + ''; }; cgit-clear-cache = pkgs.cgit-clear-cache.override { From 1c473c7c203e30aa7f48715c965786350084f901 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:15:11 +0100 Subject: [PATCH 067/209] l mail: add nix@lassul.us to nix ml --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e50689254..46939c97e 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -51,7 +51,7 @@ let gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; - nix-devel = [ "to:nix-devel@googlegroups.com" ]; + nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ]; patreon = [ "to:patreon@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ]; ptl = [ "to:ptl@posttenebraslab.ch" ]; From 125f9d7fd9336d59f66166f3efc6811c3ad881dd Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 10 Nov 2018 19:27:17 +0100 Subject: [PATCH 068/209] airdcpp module: after local-fs.target --- krebs/3modules/airdcpp.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 1633840f7..56fb31795 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -243,7 +243,7 @@ let in { systemd.services.airdcpp = { description = "airdcpp webui"; - after = [ "network.target" ]; + after = [ "network.target" "local-fs.target" ]; wantedBy = [ "multi-user.target" ]; restartIfChanged = true; serviceConfig = { From 70c12e9b021d2b5e532110713a6456ab312f6b64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:38:54 +0100 Subject: [PATCH 069/209] l sqlBackup: remove mysql_password --- lass/2configs/websites/sqlBackup.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix index 2fffa6cc9..897e35e61 100644 --- a/lass/2configs/websites/sqlBackup.nix +++ b/lass/2configs/websites/sqlBackup.nix @@ -11,7 +11,6 @@ enable = true; dataDir = "/var/mysql"; package = pkgs.mariadb; - rootPassword = config.krebs.secret.files.mysql_rootPassword.path; }; systemd.services.mysql = { From 62aebdf0584ee8c512da2f9a8d12d87995266484 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:39:07 +0100 Subject: [PATCH 070/209] l ejabberd: allow registration --- lass/3modules/ejabberd/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index 68bcfa340..e7288313a 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -96,9 +96,9 @@ in /* yaml */ '' mod_privacy: {} mod_private: {} mod_register: - access_from: deny + access_from: allow access: register - ip_access: trusted_network + # ip_access: trusted_network registration_watchers: ${toJSON config.registration_watchers} mod_roster: {} mod_shared_roster: {} From 140bfc4557f7da8122ef8f1682ca6c381957d9cd Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 10 Nov 2018 20:03:05 +0100 Subject: [PATCH 071/209] ma secrets: add hass/darksy.apikey --- makefu/0tests/data/secrets/hass/darksky.apikey | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 makefu/0tests/data/secrets/hass/darksky.apikey diff --git a/makefu/0tests/data/secrets/hass/darksky.apikey b/makefu/0tests/data/secrets/hass/darksky.apikey new file mode 100644 index 000000000..e69de29bb From dfb9c237607b73f00cd52ca5c5b731f45d83f932 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 10 Nov 2018 20:06:31 +0100 Subject: [PATCH 072/209] krebs: add youtube@eloop.org --- krebs/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 8f2e22acf..ca67ce65c 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -201,6 +201,7 @@ let "cfp@eloop.org" = eloop-ml; "kontakt@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml; + "youtube@eloop.org" = eloop-ml; "eloop2016@krebsco.de" = eloop-ml; "eloop2017@krebsco.de" = eloop-ml; "postmaster@krebsco.de" = spam-ml; # RFC 822 From cd720e1a9ed12413504ddae2d381279ec30ce24a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 20:18:41 +0100 Subject: [PATCH 073/209] l: add cache.krebsco.de & cache.lassul.us --- krebs/3modules/lass/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 9b9f052a5..08fd85737 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -17,6 +17,7 @@ with import ; "krebsco.de" = '' prism IN A ${nets.internet.ip4.addr} paste IN A ${nets.internet.ip4.addr} + cache IN A ${nets.internet.ip4.addr} ''; "lassul.us" = '' $TTL 3600 @@ -34,6 +35,7 @@ with import ; paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { From f2dd2793cd1dad28a65d78d307e59b74fb63f23c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 20:29:39 +0100 Subject: [PATCH 074/209] l dns-stuff: sort --- krebs/3modules/lass/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 08fd85737..836ecb3f6 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -15,9 +15,9 @@ with import ; cores = 4; extraZones = { "krebsco.de" = '' - prism IN A ${nets.internet.ip4.addr} - paste IN A ${nets.internet.ip4.addr} cache IN A ${nets.internet.ip4.addr} + paste IN A ${nets.internet.ip4.addr} + prism IN A ${nets.internet.ip4.addr} ''; "lassul.us" = '' $TTL 3600 @@ -28,14 +28,14 @@ with import ; 60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" + cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { From 0c235a88a8391a6c3b67573f85fc03931e5402a2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 10 Nov 2018 21:11:23 +0100 Subject: [PATCH 075/209] ma: disable some host ci --- krebs/3modules/makefu/default.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 94af67fc7..bea0f1c0e 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -60,7 +60,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi"; }; drop = rec { - ci = true; + ci = false; cores = 1; nets = { retiolum = { @@ -83,7 +83,7 @@ in { }; }; studio = rec { - ci = true; + ci = false; cores = 4; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; @@ -109,7 +109,7 @@ in { }; fileleech = rec { - ci = true; + ci = false; cores = 4; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; @@ -134,7 +134,7 @@ in { }; }; latte = rec { - ci = true; + ci = false; cores = 1; ssh.privkey.path = ; # ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; @@ -166,7 +166,7 @@ in { }; pnp = { - ci = true; + ci = false; cores = 1; nets = { retiolum = { @@ -190,7 +190,7 @@ in { }; }; darth = { - ci = true; + ci = false; cores = 4; nets = { retiolum = { @@ -404,7 +404,7 @@ in { }; }; wry = rec { - ci = true; + ci = false; cores = 1; extraZones = { "krebsco.de" = '' @@ -449,7 +449,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry"; }; filepimp = rec { - ci = true; + ci = false; cores = 1; nets = { lan = { @@ -639,9 +639,9 @@ in { }; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; - + shoney = rec { - ci = true; + ci = false; cores = 1; nets = rec { siem = { From 96a3e3c35d305699b7f279c3ea2fd0a18c8d6e97 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 21:46:35 +0100 Subject: [PATCH 076/209] l realwallpaper: serve realwallpaper-krebs.png --- lass/2configs/realwallpaper.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index 116d66276..16b999817 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -22,10 +22,7 @@ in { locations."/realwallpaper.png".extraConfig = '' root /var/realwallpaper/; ''; - locations."/realwallpaper-sat.png".extraConfig = '' - root /var/realwallpaper/; - ''; - locations."/realwallpaper-sat-krebs.png".extraConfig = '' + locations."/realwallpaper-krebs.png".extraConfig = '' root /var/realwallpaper/; ''; }; From 271871090289d166ea34ae41df63eaa1cf26da19 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 21:45:27 +0100 Subject: [PATCH 077/209] l & m: fetchWallpaper: fetch realwallpaper-krebs.png --- lass/2configs/fetchWallpaper.nix | 2 +- makefu/2configs/fetchWallpaper.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index 31a01c754..e756c3424 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -6,7 +6,7 @@ in { krebs.fetchWallpaper = { enable = true; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; - url = "prism/realwallpaper-sat-krebs.png"; + url = "prism/realwallpaper-krebs.png"; maxTime = 10; }; } diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix index 16a7a13b2..f63417e8f 100644 --- a/makefu/2configs/fetchWallpaper.nix +++ b/makefu/2configs/fetchWallpaper.nix @@ -8,7 +8,7 @@ timerConfig = { OnCalendar = "*:0/30"; }; - url = "http://prism.r/realwallpaper-sat-krebs.png"; + url = "http://prism.r/realwallpaper-krebs.png"; }; } From d41f85b671433be0576f03554e92d4756e608c75 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 21:45:52 +0100 Subject: [PATCH 078/209] l binary-cache: serve under cache.{krebsco.de,lassul.us} --- lass/2configs/binary-cache/server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 991bbeb54..220e41d0a 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -20,7 +20,7 @@ services.nginx = { enable = true; virtualHosts.nix-serve = { - serverAliases = [ "cache.prism.r" ]; + serverAliases = [ "cache.prism.r" "cache.krebsco.de" "cache.lassul.us" ]; locations."/".extraConfig = '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; ''; From 30a6c5219a120b7323e46c621a21da7ab8fc1d29 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 21:46:12 +0100 Subject: [PATCH 079/209] l realwallpaper: chmod +x --- lass/2configs/realwallpaper.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index 16b999817..e0cb37f67 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let hostname = config.krebs.build.host.name; @@ -9,6 +9,9 @@ let in { krebs.realwallpaper.enable = true; + system.activationScripts.user-shadow = '' + ${pkgs.coreutils}/bin/chmod +x /var/realwallpaper + ''; services.nginx.virtualHosts.wallpaper = { extraConfig = '' if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { From c823192f10a5977bb2f13a15cdf29a3cdf2be5ed Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 10 Nov 2018 22:28:24 +0100 Subject: [PATCH 080/209] Revert "Revert "ma nixpkgs: 86fb1e9 -> bf46294" ... for now" This reverts commit 51fe1cf77b1d66a75c8ad86bec231a889f11ed86. --- makefu/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json index c5cd0ac30..73798f44d 100644 --- a/makefu/nixpkgs.json +++ b/makefu/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/makefu/nixpkgs", - "rev": "86fb1e9ae6ba6dfedc814b82abd8db5cfa4f4687", - "date": "2018-10-07T23:33:42+02:00", - "sha256": "015yxs3qj299mgqfmz5vgszj2gxqwazifsdsjw6xadris3ri41d3", - "fetchSubmodules": true + "rev": "bf46294e4cf20649182f76fc9200a48436f5874a", + "date": "2018-09-18T02:20:45+02:00", + "sha256": "13900gack7pgf5a7c11x30rzb3s0kjpbm2z2g8fw4720cr9lkd94", + "fetchSubmodules": false } From 9536a502706ab73f475ef338675a35d87eadb168 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 23:00:54 +0100 Subject: [PATCH 081/209] l prism.r: RIP nin --- lass/1systems/archprism/config.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index e6eddf8b2..f21e76d37 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -57,13 +57,6 @@ with import ; config.krebs.users.makefu.pubkey ]; }; - users.users.nin = { - uid = genid "nin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; From 1626bf9e96950f9228c391a1f7f58fb878e1692a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 11 Nov 2018 17:25:36 +0100 Subject: [PATCH 082/209] remove remaining nin stuff --- lass/1systems/archprism/config.nix | 20 --------- nin/2configs/games.nix | 69 ------------------------------ nin/krops.nix | 36 ---------------- 3 files changed, 125 deletions(-) delete mode 100644 nin/2configs/games.nix delete mode 100644 nin/krops.nix diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index f21e76d37..6706914b5 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -102,26 +102,6 @@ with import ; localAddress = "10.233.2.2"; }; } - { - #onondaga - systemd.services."container@onondaga".reloadIfChanged = mkForce false; - containers.onondaga = { - config = { ... }: { - imports = [ ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.5"; - localAddress = "10.233.2.6"; - }; - } diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix deleted file mode 100644 index 4c4f0c3a0..000000000 --- a/nin/2configs/games.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; - vdoom = pkgs.writeDash "vdoom" '' - ${pkgs.zandronum}/bin/zandronum \ - -fov 120 \ - "$@" - ''; - doom = pkgs.writeDash "doom" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ - "$@" - ''; - doom1 = pkgs.writeDashBin "doom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - doom2 = pkgs.writeDashBin "doom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - vdoom1 = pkgs.writeDashBin "vdoom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - vdoom2 = pkgs.writeDashBin "vdoom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - - doomservercfg = pkgs.writeText "doomserver.cfg" '' - skill 7 - #survival true - #sv_maxlives 4 - #sv_norespawn true - #sv_weapondrop true - no_jump true - #sv_noweaponspawn true - sv_sharekeys true - sv_survivalcountdowntime 1 - sv_noteamselect true - sv_updatemaster false - #sv_coop_loseinventory true - #cl_startasspectator false - #lms_spectatorview false - ''; - - vdoomserver = pkgs.writeDashBin "vdoomserver" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - - ${pkgs.zandronum}/bin/zandronum-server \ - +exec ${doomservercfg} \ - "$@" - ''; - -in { - environment.systemPackages = with pkgs; [ - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - - hardware.pulseaudio.support32Bit = true; - -} diff --git a/nin/krops.nix b/nin/krops.nix deleted file mode 100644 index fef8cc38b..000000000 --- a/nin/krops.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ name }: let - inherit (import ../krebs/krops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - krebs-source - { - nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; - secrets = if test then { - file = toString ./0tests/dummysecrets; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.krops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - target = "root@${name}/var/src"; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) - test = { target }: pkgs.krops.writeTest "${name}-test" { - force = true; - inherit target; - source = source { test = true; }; - }; -} From 424e6d50af975c929d09f35d434295a823168db0 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 11 Nov 2018 18:23:46 +0100 Subject: [PATCH 083/209] ma hw/smartcard: disable ifdnfc for now until package becomes part of stable channel --- makefu/2configs/hw/smartcard.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/hw/smartcard.nix b/makefu/2configs/hw/smartcard.nix index 1e9bca53b..b66b70098 100644 --- a/makefu/2configs/hw/smartcard.nix +++ b/makefu/2configs/hw/smartcard.nix @@ -2,12 +2,15 @@ { services.pcscd = { enable = true; - plugins = with pkgs; [ ifdnfc ccid ]; + plugins = with pkgs; + [ #ifdnfc + ccid + ]; }; environment.systemPackages = with pkgs; [ # need to run ifdnfc-activate before usage - ifdnfc + # ifdnfc # pcsc_scan pcsctools ]; From af869d56c49e94357232588756b27703054456e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 11 Nov 2018 19:37:35 +0100 Subject: [PATCH 084/209] l: add osmocom@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 733115a74..bf43ee7d1 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -91,6 +91,7 @@ with import ; { from = "ksp@lassul.us"; to = lass.mail; } { from = "ccc@lassul.us"; to = lass.mail; } { from = "neocron@lassul.us"; to = lass.mail; } + { from = "osmocom@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 9c09cf30c3eba8137ecf2b4aa3b5fa65a283499e Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 13 Nov 2018 02:47:03 +0100 Subject: [PATCH 085/209] tv gitrepos: add hc --- tv/2configs/gitrepos.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 62c90d4e9..a89d1302c 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -76,6 +76,7 @@ let { }; } // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) { blessings = {}; + hc = {}; mime = {}; quipper = {}; scanner = {}; From b1dfd4b4937d48c4c14b12251bb554f562ef4737 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 13 Nov 2018 13:34:31 +0100 Subject: [PATCH 086/209] tv hc: init at 1.0.0 --- tv/5pkgs/simple/hc.nix | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 tv/5pkgs/simple/hc.nix diff --git a/tv/5pkgs/simple/hc.nix b/tv/5pkgs/simple/hc.nix new file mode 100644 index 000000000..4d325e16c --- /dev/null +++ b/tv/5pkgs/simple/hc.nix @@ -0,0 +1,37 @@ +{ coreutils, fetchgit, findutils, gawk, gnugrep, makeWrapper, qrencode, stdenv, texlive, utillinux, zbar }: + +stdenv.mkDerivation rec { + name = "hc-${meta.version}"; + + src = fetchgit { + url = "https://cgit.krebsco.de/hc"; + rev = "refs/tags/v${meta.version}"; + sha256 = "09349gja22p0j3xs082kp0fnaaada14bafszn4r3q7rg1id2slfb"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + buildPhase = null; + + installPhase = '' + mkdir -p $out/bin + + cp $src/bin/hc $out/bin/hc + + wrapProgram $out/bin/hc \ + --prefix PATH : ${stdenv.lib.makeBinPath [ + coreutils + findutils + gawk + gnugrep + qrencode + texlive.combined.scheme-full + utillinux + zbar + ]} + ''; + + meta = { + version = "1.0.0"; + }; +} From 8f6dc4a1316ff6812a248923a974e044576583fe Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 13 Nov 2018 20:55:04 +0100 Subject: [PATCH 087/209] ejabberd: replaced by upstream --- krebs/5pkgs/simple/ejabberd/default.nix | 122 ------------------ krebs/5pkgs/simple/ejabberd/ejabberdctl.patch | 32 ----- lass/3modules/ejabberd/config.nix | 1 - tv/3modules/ejabberd/config.nix | 1 - 4 files changed, 156 deletions(-) delete mode 100644 krebs/5pkgs/simple/ejabberd/default.nix delete mode 100644 krebs/5pkgs/simple/ejabberd/ejabberdctl.patch diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix deleted file mode 100644 index b4ab13b43..000000000 --- a/krebs/5pkgs/simple/ejabberd/default.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ stdenv, writeScriptBin, lib, fetchurl, git, cacert -, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd -, withMysql ? false -, withPgsql ? false -, withSqlite ? false, sqlite -, withPam ? false, pam -, withZlib ? true, zlib -, withRiak ? false -, withElixir ? false, elixir -, withIconv ? true -, withTools ? false -, withRedis ? false -}: - -let - fakegit = writeScriptBin "git" '' - #! ${stdenv.shell} -e - if [ "$1" = "describe" ]; then - [ -r .rev ] && cat .rev || true - fi - ''; - - ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ]; - -in stdenv.mkDerivation rec { - version = "18.01"; - name = "ejabberd-${version}"; - - src = fetchurl { - url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz"; - sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6"; - }; - - nativeBuildInputs = [ fakegit ]; - - buildInputs = [ erlang openssl expat libyaml gd ] - ++ lib.optional withSqlite sqlite - ++ lib.optional withPam pam - ++ lib.optional withZlib zlib - ++ lib.optional withElixir elixir - ; - - # Apparently needed for Elixir - LANG = "en_US.UTF-8"; - - deps = stdenv.mkDerivation { - name = "ejabberd-deps-${version}"; - - inherit src; - - configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ]; - - nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; - - GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; - - makeFlags = [ "deps" ]; - - phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ]; - - installPhase = '' - for i in deps/*; do - ( cd $i - git reset --hard - git clean -ffdx - git describe --always --tags > .rev - rm -rf .git - ) - done - rm deps/.got - - cp -r deps $out - ''; - - outputHashMode = "recursive"; - outputHashAlgo = "sha256"; - outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk"; - }; - - configureFlags = - [ (lib.enableFeature withMysql "mysql") - (lib.enableFeature withPgsql "pgsql") - (lib.enableFeature withSqlite "sqlite") - (lib.enableFeature withPam "pam") - (lib.enableFeature withZlib "zlib") - (lib.enableFeature withRiak "riak") - (lib.enableFeature withElixir "elixir") - (lib.enableFeature withIconv "iconv") - (lib.enableFeature withTools "tools") - (lib.enableFeature withRedis "redis") - ] ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}"; - - enableParallelBuilding = true; - - patches = [ - ./ejabberdctl.patch - ]; - - preBuild = '' - cp -r $deps deps - chmod -R +w deps - patchShebangs deps - ''; - - postInstall = '' - sed -i \ - -e '2iexport PATH=${ctlpath}:$PATH' \ - -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \ - -e 's,\(^ *JOT=\).*,\1,' \ - -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \ - $out/sbin/ejabberdctl - ''; - - meta = with stdenv.lib; { - description = "Open-source XMPP application server written in Erlang"; - license = licenses.gpl2; - homepage = http://www.ejabberd.im; - platforms = platforms.linux; - maintainers = with maintainers; [ sander abbradar ]; - broken = withElixir; - }; -} diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch deleted file mode 100644 index f7c842b7b..000000000 --- a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100 -+++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200 -@@ -42,19 +42,18 @@ - esac - - # parse command line parameters --for arg; do -- case $arg in -- -n|--node) ERLANG_NODE_ARG=$2; shift;; -- -s|--spool) SPOOL_DIR=$2; shift;; -- -l|--logs) LOGS_DIR=$2; shift;; -- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;; -- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;; -- -d|--config-dir) ETC_DIR=$2; shift;; -- -t|--no-timeout) NO_TIMEOUT="--no-timeout";; -- --) :;; -+while test $# -gt 0; do -+ case $1 in -+ -n|--node) ERLANG_NODE_ARG=$2; shift 2;; -+ -s|--spool) SPOOL_DIR=$2; shift 2;; -+ -l|--logs) LOGS_DIR=$2; shift 2;; -+ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;; -+ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;; -+ -d|--config-dir) ETC_DIR=$2; shift 2;; -+ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;; -+ # --) :;; what is this for? - *) break;; - esac -- shift - done - - # define ejabberd variables if not already defined from the command line diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index e7288313a..4630f25c1 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -87,7 +87,6 @@ in /* yaml */ '' mod_configure: {} mod_disco: {} mod_echo: {} - mod_irc: {} mod_bosh: {} mod_last: {} mod_offline: diff --git a/tv/3modules/ejabberd/config.nix b/tv/3modules/ejabberd/config.nix index 68bcfa340..a0631e226 100644 --- a/tv/3modules/ejabberd/config.nix +++ b/tv/3modules/ejabberd/config.nix @@ -87,7 +87,6 @@ in /* yaml */ '' mod_configure: {} mod_disco: {} mod_echo: {} - mod_irc: {} mod_bosh: {} mod_last: {} mod_offline: From 78cbcb1e95d5af310dac922f13beab341f658e5e Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 13 Nov 2018 21:30:04 +0100 Subject: [PATCH 088/209] ci.nix: fix usage --- ci.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci.nix b/ci.nix index 6f4b89b08..631c3dc41 100644 --- a/ci.nix +++ b/ci.nix @@ -1,4 +1,4 @@ -# usage: nix-instantiate --eval --strict --json ./ci.nix +# usage: nix-instantiate --eval --json --read-write-mode --strict ci.nix | jq . with import ./lib; let pkgs = import { overlays = [ (import ./submodules/nix-writers/pkgs) ]; }; From ddfddbe7563ff6004c9bfba709269fb8441a6605 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 13 Nov 2018 21:38:28 +0100 Subject: [PATCH 089/209] ci: register GC roots --- krebs/3modules/ci.nix | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 16c6d4315..4cfe598d6 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -30,6 +30,8 @@ let nix-instantiate --quiet -Q --eval --strict --json ./ci.nix ''; + profileRoot = "/nix/var/nix/profiles/ci"; + imp = { krebs.buildbot.master = { slaves = { @@ -98,9 +100,16 @@ let self.addBuildSteps([steps.ShellCommand( name=str(new_step), command=[ - new_steps[new_step] + "${pkgs.writeDash "build-stepper.sh" '' + set -efu + profile=${shell.escape profileRoot}/$build_name + result=$("$build_script") + ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" + ''}" ], env={ + "build_name": new_step, + "build_script": new_steps[new_step], "NIX_REMOTE": "daemon", "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", }, @@ -163,6 +172,20 @@ let password = "lasspass"; packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ]; }; + + system.activationScripts.buildbots-nix-profile = '' + ${pkgs.coreutils}/bin/mkdir -p ${shell.escape profileRoot} + ${pkgs.coreutils}/bin/chmod 0770 ${shell.escape profileRoot} + ${pkgs.coreutils}/bin/chgrp buildbots ${shell.escape profileRoot} + ''; + + users = { + groups.buildbots.gid = genid "buildbots"; + users = { + buildbotMaster.extraGroups = [ "buildbots" ]; + buildbotSlave.extraGroups = [ "buildbots" ]; + }; + }; }; in out From 81c0315a925c7891a86cf6d556426cc060ebb2fa Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 13 Nov 2018 22:54:25 +0100 Subject: [PATCH 090/209] krops: 1.6.0 -> 1.7.1 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index e2b296542..ce37b2a9c 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit e2b29654251367545700154ffbac806705dd04c0 +Subproject commit ce37b2a9c2a438b7278e8e8ab045df34f00ad386 From 6f512840395fa404385aadacf560f52ef152479a Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Nov 2018 10:43:28 +0100 Subject: [PATCH 091/209] tv vim: add fzf --- tv/2configs/vim.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 2ac7f7518..544fe94ae 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -14,6 +14,16 @@ let { }; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + # cannot use pkgs.vimPlugins.fzf-vim as it's missing :Rg + (pkgs.vimUtils.buildVimPlugin { + name = "junegunn"; + src = pkgs.fetchgit { + url = git://github.com/junegunn/fzf.vim; + rev = "ad1833ecbc9153b6e34a4292dc089a58c4bcb8dc"; + sha256 = "1z2q71q6l9hq9fqfqpj1svhyk4yk1bzw1ljhksx4bnpz8gkfbx2m"; + }; + }) + pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree pkgs.vimPlugins.vim-elixir (pkgs.vimUtils.buildVimPlugin { @@ -309,6 +319,11 @@ let { paths = [ (pkgs.writeDashBin "vim" '' set -efu + export FZF_DEFAULT_COMMAND='${pkgs.ripgrep}/bin/rg --files' + export PATH=$PATH:${makeBinPath [ + pkgs.fzf + pkgs.ripgrep + ]} (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString need-dirs}) exec ${pkgs.vim}/bin/vim "$@" '') @@ -385,5 +400,9 @@ let { noremap [c | noremap! [c noremap [d | noremap! [d vnoremap u + + " fzf + nnoremap q :Files + nnoremap w :Rg ''; } From 66204349496ede2f451ba14471efb2c23f74f76e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Nov 2018 10:45:22 +0100 Subject: [PATCH 092/209] tv vim: M-a edits alternate buffer --- tv/2configs/vim.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 544fe94ae..469ae3e2a 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -404,5 +404,9 @@ let { " fzf nnoremap q :Files nnoremap w :Rg + + " edit alternate buffer + " For some reason neither putting 6 nor ^ works here... + nnoremap a  ''; } From 1fc9124e81dd1d25bd5c05f30db68e0bd43f1ff8 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 16 Nov 2018 17:06:20 +0100 Subject: [PATCH 093/209] tv vim: set timeoutlen=0 --- tv/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 469ae3e2a..a63d80228 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -348,6 +348,7 @@ let { set shortmess+=I set showcmd set showmatch + set timeoutlen=0 set ttimeoutlen=0 set undodir=${dirs.undodir} set undofile From cc053bd01d79ac2b41a56ca7c0f04179547a2514 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 16 Nov 2018 17:18:07 +0100 Subject: [PATCH 094/209] tv vim: neaten fzf plugin --- tv/2configs/vim.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index a63d80228..e51f07774 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -16,9 +16,9 @@ let { extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ # cannot use pkgs.vimPlugins.fzf-vim as it's missing :Rg (pkgs.vimUtils.buildVimPlugin { - name = "junegunn"; + name = "fzf-2018-11-14"; src = pkgs.fetchgit { - url = git://github.com/junegunn/fzf.vim; + url = https://github.com/junegunn/fzf.vim; rev = "ad1833ecbc9153b6e34a4292dc089a58c4bcb8dc"; sha256 = "1z2q71q6l9hq9fqfqpj1svhyk4yk1bzw1ljhksx4bnpz8gkfbx2m"; }; From 083a8ca2aed285e94383b216347ee4e6ef44c6a6 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 16 Nov 2018 17:19:13 +0100 Subject: [PATCH 095/209] tv vim elixir: b916c00 -> 0a847f0 --- tv/2configs/vim.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index e51f07774..a5641f094 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -25,7 +25,14 @@ let { }) pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree - pkgs.vimPlugins.vim-elixir + (pkgs.vimUtils.buildVimPlugin { + name = "vim-elixir-2018-08-17"; + src = pkgs.fetchgit { + url = https://github.com/elixir-editors/vim-elixir; + rev = "0a847f0faed5ba2d94bb3d51f355c50f37ba025b"; + sha256 = "1jl85wpgywhcvhgw02y8zpvqf0glr4i8522kxpvhsiacb1v1xh04"; + }; + }) (pkgs.vimUtils.buildVimPlugin { name = "vim-syntax-jq"; src = pkgs.fetchgit { From 0435b6511f87c2f74b4d7b45e28c5eef32116228 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Nov 2018 21:39:29 +0100 Subject: [PATCH 096/209] l: add osmocom@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 733115a74..bf43ee7d1 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -91,6 +91,7 @@ with import ; { from = "ksp@lassul.us"; to = lass.mail; } { from = "ccc@lassul.us"; to = lass.mail; } { from = "neocron@lassul.us"; to = lass.mail; } + { from = "osmocom@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 9f9661f452abdad266da9e4f32ac988779115fce Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Nov 2018 21:36:18 +0100 Subject: [PATCH 097/209] ma nixpkgs: bf46294 -> 9728b2e --- makefu/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json index 73798f44d..ae35f9e76 100644 --- a/makefu/nixpkgs.json +++ b/makefu/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/makefu/nixpkgs", - "rev": "bf46294e4cf20649182f76fc9200a48436f5874a", - "date": "2018-09-18T02:20:45+02:00", - "sha256": "13900gack7pgf5a7c11x30rzb3s0kjpbm2z2g8fw4720cr9lkd94", + "rev": "9728b2e83406c76efc734ebb1923f23b8e687819", + "date": "2018-11-19T20:36:35+01:00", + "sha256": "0nk75ldppjr6x04hgghgg9vanr1cw4k5xhg699d38g2rpxviz5bp", "fetchSubmodules": false } From 150ca6a78a18c5e830971926348bb563197c913b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 20 Nov 2018 00:56:24 +0100 Subject: [PATCH 098/209] krops: 1.7.1 -> 1.7.2 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index ce37b2a9c..4ce5dae7b 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit ce37b2a9c2a438b7278e8e8ab045df34f00ad386 +Subproject commit 4ce5dae7bceb635e96a9f8d5658a1bd2aada4f66 From 88b043fc68c0d03acce738d2ff0f34a6bdab3abd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:12:09 +0100 Subject: [PATCH 099/209] l archprism.r: disable reaktor --- lass/1systems/archprism/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index 6706914b5..bed8961b8 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -110,7 +110,6 @@ with import ; - From ebc9dd353a0b69c1958a8fa2c3ad6df7b242e354 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:12:28 +0100 Subject: [PATCH 100/209] l mors.r: also blue-host --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6d65b58c2..cac13be2b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,6 +33,7 @@ with import ; + { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain From 0328c75a12bd29c93f1a9e1c62c51e1be39701ba Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:13:05 +0100 Subject: [PATCH 101/209] l skynet.r: revive --- lass/1systems/skynet/config.nix | 28 ++++++++++------------------ lass/1systems/skynet/physical.nix | 21 +++++++++++++++++++-- 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index b6c08f797..08aa18b76 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -5,42 +5,34 @@ with import ; - # { - # discordius config services.xserver.enable = true; + services.xserver.desktopManager.xfce.enable = true; + users.users.discordius = { - uid = genid "discordius"; - home = "/home/discordius"; - group = "users"; - createHome = true; + uid = genid "diskordius"; + isNormalUser = true; extraGroups = [ "audio" "networkmanager" ]; - useDefaultShell = true; }; - networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; + environment.systemPackages = with pkgs; [ + google-chrome + ]; hardware.pulseaudio = { enable = true; systemWide = true; }; - environment.systemPackages = with pkgs; [ - pavucontrol - firefox - hexchat - networkmanagerapplet - ]; - services.xserver.desktopManager.gnome3 = { - enable = true; - }; } ]; krebs.build.host = config.krebs.hosts.skynet; + networking.wireless.enable = false; + networking.networkmanager.enable = true; + services.logind.extraConfig = '' HandleLidSwitch=ignore ''; diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix index 358e1f511..e3451293f 100644 --- a/lass/1systems/skynet/physical.nix +++ b/lass/1systems/skynet/physical.nix @@ -1,10 +1,27 @@ { imports = [ ./config.nix - - + ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "nodev"; + + networking.hostId = "06442b9a"; + + fileSystems."/" = + { device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0876-B308"; + fsType = "vfat"; + }; + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0" From 5e3955c79a0e33a379795be787f5a3496191d35b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:13:48 +0100 Subject: [PATCH 102/209] l blue-host: add start/stop scripts --- lass/2configs/blue-host.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 83c235f3e..a40685775 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -20,4 +20,23 @@ with import ; hostAddress = "10.233.2.9"; localAddress = "10.233.2.10"; }; + environment.systemPackages = [ + (pkgs.writeDashBin "start-blue" '' + set -ef + if ping -c1 blue.r; then + echo 'blue is already running. bailing out' + exit 23 + fi + if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then + ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue + fi + nixos-container start blue + nixos-container run blue -- nixos-rebuild -I /var/src switch + '') + (pkgs.writeDashBin "stop-blue" '' + set -ef + nixos-container stop blue + fusermount -u /var/lib/containers/blue + '') + ]; } From 021d4960dbb1401245bd2a509b4529eae74c49a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:08 +0100 Subject: [PATCH 103/209] l blue-host: add rxvt_unicode.terminfo --- lass/2configs/blue-host.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index a40685775..f9da05073 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -8,7 +8,10 @@ with import ; systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { - environment.systemPackages = [ pkgs.git ]; + environment.systemPackages = [ + pkgs.git + pkgs.rxvt_unicode.terminfo + ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey From 0646503bfbad54a61315da7d77679722d90e79d8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:21 +0100 Subject: [PATCH 104/209] l blue-host: don't autostart --- lass/2configs/blue-host.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index f9da05073..2302c70ec 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -17,7 +17,7 @@ with import ; config.krebs.users.lass.pubkey ]; }; - autoStart = true; + autoStart = false; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.9"; From 46e00f3c28fe983516f29192939b98b884311885 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:54 +0100 Subject: [PATCH 105/209] l prometheus: enable anonymous grafana login --- lass/2configs/monitoring/prometheus-server.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index aef671636..b7083c776 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -177,7 +177,8 @@ addr = "0.0.0.0"; domain = "grafana.example.com"; rootUrl = "https://grafana.example.com/"; - security = import ; # { AdminUser = ""; adminPassword = ""} + auth.anonymous.enable = true; + auth.anonymous.org_role = "Admin"; }; }; services.logstash = { From 64e435e25e830b4be12062c1538db643c17822df Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:15:56 +0100 Subject: [PATCH 106/209] l domsen: add xanf user --- lass/2configs/websites/domsen.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 828cab95f..4935268a4 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -139,6 +139,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.xanf = { + uid = genid_uint31 "xanf"; + home = "/home/xanf"; + useDefaultShell = true; + createHome = true; + }; + users.users.domsen = { uid = genid_uint31 "domsen"; description = "maintenance acc for domsen"; From 33b07da6390deb0541066c2c7847f07f9394f4c1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:16:22 +0100 Subject: [PATCH 107/209] l krops: add populate --- lass/krops.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/krops.nix b/lass/krops.nix index a898164c3..758c2a7d4 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -21,12 +21,20 @@ ]; in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" { source = source { test = false; }; inherit target; }; + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate) + populate = { target, force ? false }: pkgs.populate { + inherit force; + source = source { test = false; }; + target = lib.mkTarget target; + }; + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { force = true; From 81c18a4f44c44dbff4e100316aca28f8db17e14e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:32:04 +0100 Subject: [PATCH 108/209] l mail: add more vboxes --- lass/2configs/mail.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 46939c97e..d9589ce86 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -31,6 +31,7 @@ let ''; mailboxes = { + afra = [ "to:afra@afra-berlin.de" ]; c-base = [ "to:c-base.org" ]; coins = [ "to:btce@lassul.us" @@ -49,8 +50,10 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; + india = [ "to:hillhackers@lists.hillhacks.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; + meetup = [ "to:meetup@lassul.us" ]; nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ]; patreon = [ "to:patreon@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ]; From 9807d6823b31f36eb6b255cf7a01431e7e44a74e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 23:02:17 +0100 Subject: [PATCH 109/209] l blue-host: sync state, start only when safe --- lass/2configs/blue-host.nix | 74 +++++++++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 8 deletions(-) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 2302c70ec..be9f68c08 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -1,11 +1,28 @@ { config, lib, pkgs, ... }: with import ; +let + all_hosts = [ + "icarus" + "shodan" + "daedalus" + "skynet" + "prism" + ]; + remote_hosts = filter (h: h != config.networking.hostName) all_hosts; -{ +in { imports = [ + { #hack for already defined + systemd.services."container@blue".reloadIfChanged = mkForce false; + systemd.services."container@blue".preStart = '' + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + ''; + systemd.services."container@blue".preStop = '' + /run/wrappers/bin/fusermount -u /var/lib/containers/blue + ''; + } ]; - systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { environment.systemPackages = [ @@ -23,10 +40,56 @@ with import ; hostAddress = "10.233.2.9"; localAddress = "10.233.2.10"; }; + + + systemd.services = builtins.listToAttrs (map (host: + let + in nameValuePair "sync-blue-${host}" { + bindsTo = [ "container@blue.service" ]; + wantedBy = [ "container@blue.service" ]; + # ssh needed for rsync + path = [ pkgs.openssh ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "sync-blue-${host}" '' + set -efu + #make sure blue is running + /run/wrappers/bin/ping -c1 blue.r > /dev/null + + #make sure the container is unlocked + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + + #make sure our target is reachable + ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null + + #start sync + ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" '' + settings { + nodaemon = true, + inotifyMode = "CloseWrite or Modify", + } + sync { + default.rsyncssh, + source = "/var/lib/containers/.blue", + host = "${host}.r", + targetdir = "/var/lib/containers/.blue", + ssh = { + binary = "${pkgs.openssh}/bin/ssh"; + identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", + }, + } + ''} + ''; + }; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + } + ) remote_hosts); + environment.systemPackages = [ (pkgs.writeDashBin "start-blue" '' set -ef - if ping -c1 blue.r; then + if ping -c1 blue.r >/dev/null; then echo 'blue is already running. bailing out' exit 23 fi @@ -36,10 +99,5 @@ with import ; nixos-container start blue nixos-container run blue -- nixos-rebuild -I /var/src switch '') - (pkgs.writeDashBin "stop-blue" '' - set -ef - nixos-container stop blue - fusermount -u /var/lib/containers/blue - '') ]; } From 79eaf3f97852765ce17283c50bddd8ec752cff87 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 23:02:33 +0100 Subject: [PATCH 110/209] l skynet.r: add blue-host --- lass/1systems/skynet/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 08aa18b76..14aca598e 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -6,6 +6,7 @@ with import ; + { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; From 24a82d39f57be38898519edea6baaf6c04741ecb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 23:02:48 +0100 Subject: [PATCH 111/209] l mail: add hackbeach to india vbox --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index d9589ce86..b5bbea750 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -50,7 +50,7 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; - india = [ "to:hillhackers@lists.hillhacks.in" ]; + india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; meetup = [ "to:meetup@lassul.us" ]; From b073ee1fd4a879a29166422269733604a6454fc3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Nov 2018 00:03:49 +0100 Subject: [PATCH 112/209] puyak.r: add cache.nsupdate.info --- krebs/1systems/puyak/config.nix | 1 + krebs/2configs/cache.nsupdate.info.nix | 33 +++++ krebs/3modules/cachecache.nix | 171 +++++++++++++++++++++++++ krebs/3modules/default.nix | 1 + 4 files changed, 206 insertions(+) create mode 100644 krebs/2configs/cache.nsupdate.info.nix create mode 100644 krebs/3modules/cachecache.nix diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 67257eacd..2cc97a24f 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -10,6 +10,7 @@ + diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix new file mode 100644 index 000000000..056667d8c --- /dev/null +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -0,0 +1,33 @@ +{lib, ... }: +with lib; +let + domain = "cache.nsupdate.info"; +in { + # This only works for a single domain for nsupdate.info as multiple usernames + # and passwords are required for multiple domains + services.ddclient = { + enable = true; + server = "ipv4.nsupdate.info"; + username = domain; + password = import ((toString ) + "/nsupdate-cache.nix"); + domains = [ domain ]; + use= "if, if=et0"; + # use = "web, web=http://ipv4.nsupdate.info/myip"; + + }; + krebs.cachecache = { + enable = true; + enableSSL = false; # disable letsencrypt for testing + cacheDir = "/var/cache/nix-cache-cache"; + maxSize = "10g"; + + # assumes that the domain is reachable from the internet + virtualHost = domain; + }; + + boot.kernelModules = [ "tcp_bbr" ]; + + boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr"; + boot.kernel.sysctl."net.core.default_qdisc" = "fq"; + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix new file mode 100644 index 000000000..c02c7c80c --- /dev/null +++ b/krebs/3modules/cachecache.nix @@ -0,0 +1,171 @@ +{ config, lib, ... }: + + +# fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b +# related: https://github.com/nh2/nix-binary-cache-proxy + +with lib; + +let + + cfg = config.krebs.cachecache; + + nginxCfg = config.services.nginx; + + cacheFallbackConfig = { + proxyPass = "$upstream_endpoint"; + extraConfig = '' + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1. + proxy_http_version 1.1; + + # Remove the Connection header if the client sends it, it could + # be "close" to close a keepalive connection + proxy_set_header Connection ""; + + # Needed for CloudFront. + proxy_ssl_server_name on; + + proxy_set_header Host $proxy_host; + proxy_cache nix_cache_cache; + proxy_cache_valid 200 302 60m; + proxy_cache_valid 404 1m; + + expires max; + add_header Cache-Control $nix_cache_cache_header always; + ''; + }; + +in + +{ + options = { + krebs.cachecache = { + enable = mkEnableOption "Nix binary cache cache"; + + virtualHost = mkOption { + type = types.str; + default = "nix-cache"; + description = '' + Name of the nginx virtualhost to use and setup. If null, do + not setup any virtualhost. + ''; + }; + enableSSL = mkOption { + type = types.bool; + default = true; + description = '' + enable SSL via letsencrypt. Requires working dns resolution and open + internet tls port. + ''; + }; + + # webRoot = mkOption { + # type = types.str; + # default = "/"; + # description = '' + # Directory on virtual host that serves the cache. Must end in + # /. + # ''; + # }; + + resolver = mkOption { + type = types.str; + description = "Address of DNS resolver."; + default = "8.8.8.8 ipv6=off"; + example = "127.0.0.1 ipv6=off"; + }; + + cacheDir = mkOption { + type = types.str; + default = "/var/cache/nix-cache-cache"; + description = '' + Where nginx should store cached data. + ''; + }; + + maxSize = mkOption { + type = types.str; + default = "50g"; + description = "Maximum cache size."; + }; + }; + }; + + config = { + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + + systemd.services.nginx.preStart = '' + mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache + chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache + chown ${nginxCfg.user}:${nginxCfg.group} \ + ${cfg.cacheDir} /srv/www/nix-cache-cache + ''; + + services.nginx = { + enable = true; + + appendHttpConfig = '' + proxy_cache_path ${cfg.cacheDir} + levels=1:2 + keys_zone=nix_cache_cache:100m + max_size=${cfg.maxSize} + inactive=365d + use_temp_path=off; + + # Cache only success status codes; in particular we don't want + # to cache 404s. See https://serverfault.com/a/690258/128321. + map $status $nix_cache_cache_header { + 200 "public"; + 302 "public"; + default "no-cache"; + } + ''; + + virtualHosts.${cfg.virtualHost} = { + addSSL = cfg.enableSSL; + enableACME = cfg.enableSSL; + extraConfig = '' + # Using a variable for the upstream endpoint to ensure that it is + # resolved at runtime as opposed to once when the config file is loaded + # and then cached forever (we don't want that): + # see https://tenzer.dk/nginx-with-dynamic-upstreams/ + # This fixes errors like + # + # nginx: [emerg] host not found in upstream "upstream.example.com" + # + # when the upstream host is not reachable for a short time when + # nginx is started. + resolver ${cfg.resolver} valid=10s; + set $upstream_endpoint https://cache.nixos.org; + ''; + + locations."/" = + { + root = "/srv/www/nix-cache-cache"; + extraConfig = '' + expires max; + add_header Cache-Control $nix_cache_cache_header always; + + # Ask the upstream server if a file isn't available + # locally. + error_page 404 = @fallback; + + # Don't bother logging the above 404. + log_not_found off; + ''; + }; + + locations."@fallback" = cacheFallbackConfig; + + # We always want to copy cache.nixos.org's nix-cache-info + # file, and ignore our own, because `nix-push` by default + # generates one without `Priority` field, and thus that file + # by default has priority 50 (compared to cache.nixos.org's + # `Priority: 40`), which will make download clients prefer + # `cache.nixos.org` over our binary cache. + locations."= /nix-cache-info" = cacheFallbackConfig; + }; + }; + }; +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ca67ce65c..24cbd9cc9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -14,6 +14,7 @@ let ./buildbot/master.nix ./buildbot/slave.nix ./build.nix + ./cachecache.nix ./charybdis.nix ./ci.nix ./current.nix From c4484dee1a7fb1bfc3952cf4211a22fa0d6002ca Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Nov 2018 00:06:05 +0100 Subject: [PATCH 113/209] puyak.r: disable cache again --- krebs/1systems/puyak/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 2cc97a24f..67257eacd 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -10,7 +10,6 @@ - From 105a0b6515b2e193b883ee8fb00d8454b8049588 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 21 Nov 2018 04:10:07 +0100 Subject: [PATCH 114/209] cachecache: enable only if enabled --- krebs/3modules/cachecache.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix index c02c7c80c..989320480 100644 --- a/krebs/3modules/cachecache.nix +++ b/krebs/3modules/cachecache.nix @@ -91,7 +91,7 @@ in }; }; - config = { + config = mkIf cfg.enable { networking.firewall.allowedTCPPorts = [ 80 443 ]; From 5491f83171e5fb1c5cb62d8a763d19e584e23a20 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 21 Nov 2018 04:58:55 +0100 Subject: [PATCH 115/209] l krops: add support for per host source.nix --- lass/krops.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/krops.nix b/lass/krops.nix index 758c2a7d4..c2669c8f2 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -5,6 +5,12 @@ pkgs ; + host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then + import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; } + else + {} + ; + source = { test }: lib.evalSource [ krebs-source { @@ -18,6 +24,7 @@ }; }; } + host-source ]; in { From 72467a2e5904f3e66efc65cb92f05dd0bf34c0e2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 21 Nov 2018 04:59:45 +0100 Subject: [PATCH 116/209] l blue: add source.nix (to fetch tarball) --- lass/1systems/blue/source.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 lass/1systems/blue/source.nix diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix new file mode 100644 index 000000000..8f748ab8f --- /dev/null +++ b/lass/1systems/blue/source.nix @@ -0,0 +1,11 @@ +{ lib, pkgs, ... }: +{ + nixpkgs = lib.mkForce { + file = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + }); + }; +} From c15c3d82bb9055f3af5033c89cfbbbbba975e4a4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Nov 2018 08:24:35 +0100 Subject: [PATCH 117/209] ma omo.r,wbob.r: allow insecure home-assistant --- makefu/1systems/omo/config.nix | 11 ++++++++++- makefu/1systems/wbob/config.nix | 7 ++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 9eb8cbf49..260f96081 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -63,9 +63,17 @@ in { } # - + # TODO: + # + + { + # Risikoübernahme + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.77.2" + ]; + } { makefu.ps3netsrv = { @@ -97,6 +105,7 @@ in { ]; makefu.full-populate = true; + nixpkgs.config.allowUnfree = true; krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) { downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 24a3dddc6..f2311fb55 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -45,7 +45,12 @@ in { # { environment.systemPackages = [ pkgs.vlc ]; } - + { + # Risikoübernahme + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.77.2" + ]; + } From a6f4d27da624cce5f9001b371a03b34ba4a68b8e Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 22 Nov 2018 09:38:33 +0100 Subject: [PATCH 118/209] ma: gum.r also resolves to torrent.gum.r --- krebs/3modules/makefu/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index bea0f1c0e..881f082c6 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -624,6 +624,7 @@ in { "blog.makefu.r" "blog.gum.r" "dcpp.gum.r" + "torrent.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- From 91e4f7fd9202086c137920e712ed810afafca6e7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 25 Nov 2018 18:20:40 +0100 Subject: [PATCH 119/209] nixpkgs: bf7930d -> 5d4a1a3 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index e013645ea..61fd085be 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "bf7930d582bcf7953c3b87e649858f3f1873eb9c", - "date": "2018-11-04T19:36:25+01:00", - "sha256": "0nvn6g0pxp0glqjg985qxs7ash0cmcdc80h8jxxk6z4pnr3f2n1m", + "rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c", + "date": "2018-11-24T00:40:22-05:00", + "sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq", "fetchSubmodules": false } From 4fedcb814791363ce89f8ba0a31291fc2a1ca138 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 25 Nov 2018 23:45:27 +0100 Subject: [PATCH 120/209] ma gum.r: fix pubkey which accidentally got overwritten ... --- krebs/3modules/makefu/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 881f082c6..188fbc461 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -628,12 +628,12 @@ in { ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8 - aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO - npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh - 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF - 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN - VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB + MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY + BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 + i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 + 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS + u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa + OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB -----END RSA PUBLIC KEY----- ''; }; From 2be0042d4288a5eae3b28c0d2db2fb855e8a82fe Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 26 Nov 2018 14:49:13 +0100 Subject: [PATCH 121/209] tv dnsmasq service: init --- tv/3modules/default.nix | 1 + tv/3modules/dnsmasq.nix | 57 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 tv/3modules/dnsmasq.nix diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 493cc8b72..6172feb03 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -1,6 +1,7 @@ { imports = [ ./charybdis + ./dnsmasq.nix ./ejabberd ./hosts.nix ./iptables.nix diff --git a/tv/3modules/dnsmasq.nix b/tv/3modules/dnsmasq.nix new file mode 100644 index 000000000..ec927f98a --- /dev/null +++ b/tv/3modules/dnsmasq.nix @@ -0,0 +1,57 @@ +with import ; +{ config, ... }: let + cfg = config.tv.dnsmasq; +in { + + options.tv.dnsmasq = { + enable = mkEnableOption "tv.dnsmasq"; + dhcp-range = mkOption { + type = types.str; + }; + interface = mkOption { + type = types.str; + }; + address = mkOption { + type = types.str; + }; + prefixLength = mkOption { + type = types.addCheck types.int (x: x >= 0 && x <= 32); + }; + }; + + config = mkIf cfg.enable (mkMerge [ + { + networking.dhcpcd.denyInterfaces = [ cfg.interface ]; + services.dnsmasq.resolveLocalQueries = false; + networking.interfaces.${cfg.interface} = { + ipv4.addresses = singleton { + address = cfg.address; + prefixLength = cfg.prefixLength; + }; + }; + services.dnsmasq.enable = true; + services.dnsmasq.extraConfig = '' + dhcp-range=${cfg.dhcp-range} + interface=${cfg.interface} + ''; + tv.iptables.extra.filter.INPUT = [ + "-i ${cfg.interface} -p tcp -m tcp --dport bootps -j ACCEPT" + "-i ${cfg.interface} -p udp -m udp --dport bootps -j ACCEPT" + "-i ${cfg.interface} -p tcp -m tcp --dport domain -j ACCEPT" + "-i ${cfg.interface} -p udp -m udp --dport domain -j ACCEPT" + ]; + } + { + # enable forwarding + boot.kernel.sysctl."net.ipv4.ip_forward" = true; + tv.iptables.extra.filter.FORWARD = [ + "-m state --state RELATED,ESTABLISHED -j ACCEPT" + "-i ${cfg.interface} -j ACCEPT" + ]; + tv.iptables.extra.nat.POSTROUTING = [ + "-j MASQUERADE" + ]; + } + ]); + +} From 09144f173677ed33850e484cf46876d13bb37c9e Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 26 Nov 2018 16:50:46 +0100 Subject: [PATCH 122/209] tv disko: init at 16cd458 --- tv/5pkgs/simple/disko.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 tv/5pkgs/simple/disko.nix diff --git a/tv/5pkgs/simple/disko.nix b/tv/5pkgs/simple/disko.nix new file mode 100644 index 000000000..de8f1df22 --- /dev/null +++ b/tv/5pkgs/simple/disko.nix @@ -0,0 +1,13 @@ +{ fetchgit }: + +let + src = fetchgit { + url = https://cgit.krebsco.de/disko; + rev = "16cd458af06d3caf687eb7d80ca3df26b71fe28c"; + sha256 = "16cd458af06d3caf687eb7d80ca3df26b71fe28c"; + }; +in + +{ + lib = import "${src}/lib"; +} From 35d426523b7c3feb3e845ba90f423c256581437d Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Nov 2018 23:05:45 +0100 Subject: [PATCH 123/209] ma download.binaergewitter: nightly sync --- .../nginx/download.binaergewitter.de.nix | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 makefu/2configs/nginx/download.binaergewitter.de.nix diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/nginx/download.binaergewitter.de.nix new file mode 100644 index 000000000..6b5687e72 --- /dev/null +++ b/makefu/2configs/nginx/download.binaergewitter.de.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +let + ident = (toString ) + "/mirrorsync.gum.id_ed25519"; +in { + systemd.services.mirrorsync = { + startAt = "08:00:00"; + path = with pkgs; [ rsync openssh ]; + script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter''; + }; + services.nginx = { + enable = lib.mkDefault true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + virtualHosts."download.binaergewitter.de" = { + serverAliases = [ "dl2.binaergewitter.de" ]; + root = "/var/www/binaergewitter"; + extraConfig = '' + access_log /var/spool/nginx/logs/binaergewitter.access.log combined; + error_log /var/spool/nginx/logs/binaergewitter.error.log error; + autoindex on; + ''; + }; + }; +} From c35bc044dba5260bea5574a86897c6c45b4e525a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:55:59 +0100 Subject: [PATCH 124/209] ci: abort if an error occurs in get_steps --- krebs/3modules/ci.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 4cfe598d6..62efce44b 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -26,6 +26,7 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' + set -efu nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null nix-instantiate --quiet -Q --eval --strict --json ./ci.nix ''; From 09ee7ca4d832bfdc836c9463513891f1e97db10b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:58:07 +0100 Subject: [PATCH 125/209] ci: add gcroot for build-scripts --- krebs/3modules/ci.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 62efce44b..d8d0e7f3d 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -28,7 +28,13 @@ let getJobs = pkgs.writeDash "get_jobs" '' set -efu nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null - nix-instantiate --quiet -Q --eval --strict --json ./ci.nix + js="$(nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" + echo "$js" | jq -r 'to_entries[] | [.key, .value] | @tsv' \ + | while read -r host builder; do + gcroot=${shell.escape profileRoot}/$host-builder + ${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder" + done + echo "$js" ''; profileRoot = "/nix/var/nix/profiles/ci"; From 593b2baf031dac70bff4d0484f87b28d674ccbed Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:58:57 +0100 Subject: [PATCH 126/209] fetchWallpaper: remove broken maxTime --- krebs/3modules/fetchWallpaper.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index f67188122..5a5065565 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -38,11 +38,6 @@ let ''; default = {}; }; - maxTime = mkOption { - type = types.int; - default = 0; - description = "Time to wait before download is aborted"; - }; }; fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" '' @@ -51,8 +46,8 @@ let mkdir -p ${cfg.stateDir} chmod o+rx ${cfg.stateDir} cd ${cfg.stateDir} - (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || : - feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper + (curl -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || : + feh --no-fehbg --bg-scale wallpaper ''; imp = { From 9f9a53723bd79b029d398c0542a686bd8ed56151 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:59:40 +0100 Subject: [PATCH 127/209] l blue-host: fix permissions --- lass/2configs/blue-host.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index be9f68c08..e80ce326a 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -23,6 +23,12 @@ in { ''; } ]; + + system.activationScripts.containerPermissions = '' + mkdir -p /var/lib/containers + chmod 711 /var/lib/containers + ''; + containers.blue = { config = { ... }: { environment.systemPackages = [ From 304059b1da4ac256d1487e83a7280d0db6615c2d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:00:14 +0100 Subject: [PATCH 128/209] l blue-host: sync also owner and group --- lass/2configs/blue-host.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index e80ce326a..6d46cb8c1 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -80,6 +80,10 @@ in { source = "/var/lib/containers/.blue", host = "${host}.r", targetdir = "/var/lib/containers/.blue", + rsync = { + owner = true, + group = true, + }; ssh = { binary = "${pkgs.openssh}/bin/ssh"; identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", From a1c261d61b243549bb2525da57bf3fada805f7f5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:00:59 +0100 Subject: [PATCH 129/209] l blue-host: dry-build blue first --- lass/2configs/blue-host.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 6d46cb8c1..fba996743 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -99,14 +99,15 @@ in { environment.systemPackages = [ (pkgs.writeDashBin "start-blue" '' set -ef - if ping -c1 blue.r >/dev/null; then - echo 'blue is already running. bailing out' - exit 23 - fi if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue fi nixos-container start blue + nixos-container run blue -- nixos-rebuild -I /var/src dry-build + if ping -c1 blue.r >/dev/null; then + echo 'blue is already running. bailing out' + exit 23 + fi nixos-container run blue -- nixos-rebuild -I /var/src switch '') ]; From f19b35b7ab0a272724d39b8cfd65181e220c727a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:01:16 +0100 Subject: [PATCH 130/209] l fetchWallpaper: remove maxTime --- lass/2configs/fetchWallpaper.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index e756c3424..065ee9c42 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -7,7 +7,6 @@ in { enable = true; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; url = "prism/realwallpaper-krebs.png"; - maxTime = 10; }; } From 8a6fd4d0044259574fec1b16d3ea441aee5eedda Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:01:56 +0100 Subject: [PATCH 131/209] l radio: add mp3 stream --- lass/2configs/radio.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index bf6855804..85faded14 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -60,10 +60,25 @@ in { group = "radio"; musicDirectory = "/home/radio/the_playlist/music"; extraConfig = '' + audio_output { + type "shout" + encoding "lame" + name "the_playlist_mp3" + host "localhost" + port "8000" + mount "/radio.mp3" + password "${source-password}" + bitrate "128" + + format "44100:16:2" + + user "source" + genre "good music" + } audio_output { type "shout" encoding "ogg" - name "the_playlist" + name "the_playlist_ogg" host "localhost" port "8000" mount "/radio.ogg" From 0b6c07ad7203634af4131ed3fb6f64c1c7fc45ff Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:11:35 +0100 Subject: [PATCH 132/209] buildbot: don't fuckup permissions --- krebs/3modules/buildbot/master.nix | 2 +- krebs/3modules/buildbot/slave.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 209dbe980..8995753ac 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -362,7 +362,7 @@ let # normally we should write buildbot.tac by our own # ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir} - chmod 700 -R ${workdir} + chmod 700 ${workdir} chown buildbotMaster:buildbotMaster -R ${workdir} ''; ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start --nodaemon ${workdir}"; diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 544f9c4e0..c15169fba 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -166,7 +166,7 @@ let echo ${description} > ${workdir}/info/host chown buildbotSlave:buildbotSlave -R ${workdir} - chmod 700 -R ${workdir} + chmod 700 ${workdir} ''; ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}"; ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}"; From d1020af2b3aac2d823240627980f846e6dc9797c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:01:13 +0100 Subject: [PATCH 133/209] l: add ssl for cache.{krebsco.de,lassul.us} --- lass/2configs/binary-cache/server.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 220e41d0a..86158c468 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -20,7 +20,14 @@ services.nginx = { enable = true; virtualHosts.nix-serve = { - serverAliases = [ "cache.prism.r" "cache.krebsco.de" "cache.lassul.us" ]; + serverAliases = [ "cache.prism.r" ]; + locations."/".extraConfig = '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''; + }; + virtualHosts."cache.krebsco.de" = { + serverAliases = [ "cache.lassul.us" ]; + enableACME = true; locations."/".extraConfig = '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; ''; From 42405d18cffbf9ef42ea5e29f0c3ae9ab607471a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:01:58 +0100 Subject: [PATCH 134/209] l: add lesswrong@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index bf43ee7d1..9bb70d1c2 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -92,6 +92,7 @@ with import ; { from = "ccc@lassul.us"; to = lass.mail; } { from = "neocron@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; } + { from = "lesswrong@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From eef1d7877defd7c310dc20f62bf96c7b8f408044 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:02:22 +0100 Subject: [PATCH 135/209] l mails: add dn42 vbox --- lass/2configs/mail.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index b5bbea750..9ea91ae19 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -47,6 +47,7 @@ let ]; dezentrale = [ "to:dezentrale.space" ]; dhl = [ "to:dhl@lassul.us" ]; + dn42 = [ "to:dn42@lists.nox.tf" ]; eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; From eb5b054cb24f9b2615b176c7cdb08d0a480a9e7f Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Nov 2018 11:52:23 +0100 Subject: [PATCH 136/209] tv querel: drop chromium --- tv/1systems/querel/config.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix index 01d67b5f5..6e7944cdf 100644 --- a/tv/1systems/querel/config.nix +++ b/tv/1systems/querel/config.nix @@ -25,7 +25,6 @@ with import ; }; environment.systemPackages = with pkgs; [ - chromium firefoxWrapper gimp kate @@ -63,8 +62,6 @@ with import ; networking.networkmanager.enable = true; - nixpkgs.config.chromium.enablePepperFlash = true; - programs.ssh.startAgent = false; services.xserver.enable = true; From dae35c44c7cf67d10152a4fb32d212310f86199a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Nov 2018 11:53:19 +0100 Subject: [PATCH 137/209] krebs: integrate 5pkgs as overlay --- krebs/default.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/krebs/default.nix b/krebs/default.nix index d99f60aaa..7ec791529 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,12 +1,14 @@ -{ config, lib, pkgs, ... }: -with import ; { + imports = [ ./3modules - { - nixpkgs.config.packageOverrides = - import ../submodules/nix-writers/pkgs pkgs; - } ]; - nixpkgs.config.packageOverrides = import ./5pkgs pkgs; + + nixpkgs = { + overlays = [ + (import ./5pkgs) + (import ../submodules/nix-writers/pkgs) + ]; + }; + } From 627a3800ce3b1fc417cba085d47560c0ad4c93a2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Nov 2018 11:55:12 +0100 Subject: [PATCH 138/209] tv: integrate 5pkgs as overlay --- tv/default.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tv/default.nix b/tv/default.nix index d077cc09f..10b09f2af 100644 --- a/tv/default.nix +++ b/tv/default.nix @@ -1,9 +1,15 @@ -{ pkgs, ... }: { + imports = [ ../krebs ./2configs ./3modules ]; - nixpkgs.config.packageOverrides = import ./5pkgs pkgs; + + nixpkgs = { + overlays = [ + (import ./5pkgs) + ]; + }; + } From 88ac2f40812b52220c1e2db290440c5abf42964e Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Nov 2018 12:09:19 +0100 Subject: [PATCH 139/209] tv xp332: add utsushi-customized --- tv/2configs/xp-332.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix index 627401dc6..4a0b0ae16 100644 --- a/tv/2configs/xp-332.nix +++ b/tv/2configs/xp-332.nix @@ -11,7 +11,7 @@ with import ; hardware.sane = { enable = true; extraBackends = [ - pkgs.utsushi + pkgs.utsushi-customized ]; }; @@ -19,7 +19,7 @@ with import ; elem (parseDrvName pkg.name).name [ "imagescan-plugin-networkscan" ]; nixpkgs.overlays = singleton (self: super: { - utsushi = super.utsushi.override { + utsushi-customized = self.utsushi.override { guiSupport = false; jpegSupport = false; networkSupport = true; From 00ff16d540721a5ae605cb753c7d874b44307c22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 20:38:59 +0100 Subject: [PATCH 140/209] ci get_steps: explicit pkg references --- krebs/3modules/ci.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index d8d0e7f3d..bbc58361d 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -27,9 +27,9 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' set -efu - nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null - js="$(nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" - echo "$js" | jq -r 'to_entries[] | [.key, .value] | @tsv' \ + ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null + js="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" + echo "$js" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \ | while read -r host builder; do gcroot=${shell.escape profileRoot}/$host-builder ${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder" From 09556c7538565078ba9c55f834859ef6f96af90b Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Nov 2018 09:20:25 +0100 Subject: [PATCH 141/209] tv fzmenu: init --- tv/5pkgs/simple/fzmenu/bin/otpmenu | 41 +++++++++++++++++++++++++++++ tv/5pkgs/simple/fzmenu/bin/passmenu | 41 +++++++++++++++++++++++++++++ tv/5pkgs/simple/fzmenu/default.nix | 34 ++++++++++++++++++++++++ 3 files changed, 116 insertions(+) create mode 100755 tv/5pkgs/simple/fzmenu/bin/otpmenu create mode 100755 tv/5pkgs/simple/fzmenu/bin/passmenu create mode 100644 tv/5pkgs/simple/fzmenu/default.nix diff --git a/tv/5pkgs/simple/fzmenu/bin/otpmenu b/tv/5pkgs/simple/fzmenu/bin/otpmenu new file mode 100755 index 000000000..ad8a0fda9 --- /dev/null +++ b/tv/5pkgs/simple/fzmenu/bin/otpmenu @@ -0,0 +1,41 @@ +#! /bin/sh +set -efu + +#PATH= + +case ${FZMENU_PHASE-0} in + 0) + export FZMENU_PHASE=1 + exec setsid -f urxvt -name fzmenu-urxvt -e dash "$0" + ;; + 1) + if result=$( + FZF_DEFAULT_OPTS=${FZMENU_FZF_DEFAULT_OPTS-} + if test -n "$FZF_DEFAULT_OPTS"; then + export FZF_DEFAULT_OPTS + fi + pass git ls-files '*/otp.gpg' | \ + sed ' + + s/\/otp\.gpg$// + ' | + exec fzf \ + --history=/dev/null \ + --no-sort \ + --prompt='OTP: ' \ + ) + then + export FZMENU_PHASE=2 + export FZMENU_RESULT="$result" + setsid -f "$0" + fi + ;; + 2) + pass=$(pass otp code "$FZMENU_RESULT/otp") + printf %s "$pass" | + xdotool type -f - + ;; + *) + echo "$0: error: bad phase: $FZMENU_PHASE" >&2 + exit -1 +esac diff --git a/tv/5pkgs/simple/fzmenu/bin/passmenu b/tv/5pkgs/simple/fzmenu/bin/passmenu new file mode 100755 index 000000000..00b36c3af --- /dev/null +++ b/tv/5pkgs/simple/fzmenu/bin/passmenu @@ -0,0 +1,41 @@ +#! /bin/sh +set -efu + +#PATH= + +case ${FZMENU_PHASE-0} in + 0) + export FZMENU_PHASE=1 + exec setsid -f urxvt -name fzmenu-urxvt -e dash "$0" + ;; + 1) + if result=$( + FZF_DEFAULT_OPTS=${FZMENU_FZF_DEFAULT_OPTS-} + if test -n "$FZF_DEFAULT_OPTS"; then + export FZF_DEFAULT_OPTS + fi + pass git ls-files '*/*.gpg' | \ + sed ' + /\/otp\.gpg$:/d + s/\.gpg$// + ' | + exec fzf \ + --history=/dev/null \ + --no-sort \ + --prompt='pass: ' \ + ) + then + export FZMENU_PHASE=2 + export FZMENU_RESULT="$result" + setsid -f "$0" + fi + ;; + 2) + pass=$(pass show "$FZMENU_RESULT") + printf %s "$pass" | + xdotool type -f - + ;; + *) + echo "$0: error: bad phase: $FZMENU_PHASE" >&2 + exit -1 +esac diff --git a/tv/5pkgs/simple/fzmenu/default.nix b/tv/5pkgs/simple/fzmenu/default.nix new file mode 100644 index 000000000..c49c903c6 --- /dev/null +++ b/tv/5pkgs/simple/fzmenu/default.nix @@ -0,0 +1,34 @@ +{ coreutils, dash, gnused, fzf, pass, runCommand, rxvt_unicode, stdenv, utillinux, xdotool }: + +runCommand "fzmenu" { +} /* sh */ '' + mkdir $out + + cp -r ${./bin} $out/bin + + substituteInPlace $out/bin/otpmenu \ + --replace '#! /bin/sh' '#! ${dash}/bin/dash' \ + --replace '#PATH=' PATH=${stdenv.lib.makeBinPath [ + coreutils + dash + fzf + gnused + pass + rxvt_unicode + utillinux + xdotool + ]} + + substituteInPlace $out/bin/passmenu \ + --replace '#! /bin/sh' '#! ${dash}/bin/dash' \ + --replace '#PATH=' PATH=${stdenv.lib.makeBinPath [ + coreutils + dash + fzf + gnused + pass + rxvt_unicode + utillinux + xdotool + ]} +'' From 57ce731ffb28adfc854de3caa1987509e1939559 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Nov 2018 09:55:38 +0100 Subject: [PATCH 142/209] tv xmonad: use fzmenu --- tv/2configs/xserver/Xresources.nix | 5 +++++ tv/2configs/xserver/default.nix | 5 +++++ tv/5pkgs/simple/xmonad-tv/default.nix | 13 +++++++++---- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/tv/2configs/xserver/Xresources.nix b/tv/2configs/xserver/Xresources.nix index 1d4044480..b8a4e822b 100644 --- a/tv/2configs/xserver/Xresources.nix +++ b/tv/2configs/xserver/Xresources.nix @@ -50,4 +50,9 @@ pkgs.writeText "Xresources" /* xdefaults */ '' root-urxvt*foreground: #e0c0c0 root-urxvt*BorderColor: #400000 root-urxvt*color0: #800000 + + fzmenu-urxvt*background: rgb:42/23/42 + fzmenu-urxvt*externalBorder: 1 + fzmenu-urxvt*externalBorder: 1 + fzmenu-urxvt*geometry: 70x9 '' diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index dbfa804d2..d1345723d 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -63,6 +63,11 @@ in { environment = { DISPLAY = ":${toString config.services.xserver.display}"; + FZMENU_FZF_DEFAULT_OPTS = toString [ + "--color=dark,border:126,bg+:090" + "--inline-info" + ]; + XMONAD_CACHE_DIR = cfg.cacheDir; XMONAD_CONFIG_DIR = cfg.configDir; XMONAD_DATA_DIR = cfg.dataDir; diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index 1168f10c8..a2525e06e 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -38,12 +38,12 @@ import Data.Map (Map) import qualified Data.Map as Map -- TODO import XMonad.Layout.WorkspaceDir import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) +import XMonad.Hooks.ManageHelpers (doCenterFloat) -- import XMonad.Layout.Tabbed --import XMonad.Layout.MouseResizableTile import XMonad.Layout.Reflect (reflectVert) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Hooks.Place (placeHook, smart) -import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Actions.PerWorkspaceKeys (chooseAction) import XMonad.Layout.PerWorkspace (onWorkspace) --import XMonad.Layout.BinarySpacePartition @@ -85,7 +85,12 @@ mainNoArgs = do , layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent --, handleEventHook = handleTimerEvent - , manageHook = placeHook (smart (1,0)) <+> floatNextHook + , manageHook = + composeAll + [ appName =? "fzmenu-urxvt" --> doCenterFloat + , appName =? "pinentry" --> doCenterFloat + , placeHook (smart (1,0)) + ] , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -133,8 +138,8 @@ myKeys conf = Map.fromList $ [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) , ((_4S , xK_c ), kill) - , ((_4 , xK_o ), forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing) - , ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing) + , ((_4 , xK_o ), forkFile "${pkgs.fzmenu}/bin/otpmenu" [] Nothing) + , ((_4 , xK_p ), forkFile "${pkgs.fzmenu}/bin/passmenu" [] Nothing) , ((_4 , xK_x ), chooseAction spawnTermAt) , ((_4C , xK_x ), spawnRootTerm) From 0c7c964e7597f5f66e146c20b82d8a3e086d52eb Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Nov 2018 09:54:51 +0100 Subject: [PATCH 143/209] tv otpmenu: RIP --- tv/5pkgs/simple/otpmenu.nix | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 tv/5pkgs/simple/otpmenu.nix diff --git a/tv/5pkgs/simple/otpmenu.nix b/tv/5pkgs/simple/otpmenu.nix deleted file mode 100644 index b35e1601f..000000000 --- a/tv/5pkgs/simple/otpmenu.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ dmenu, gnused, pass, writeDashBin, xdotool }: - -writeDashBin "otpmenu" '' - set -efu - - x=$( - ${pass}/bin/pass git ls-files '*/otp.gpg' \ - | ${gnused}/bin/sed 's:/otp\.gpg$::' \ - | ${dmenu}/bin/dmenu -f -p OTP - ) - - otp=$(${pass}/bin/pass otp code "$x/otp") - - printf %s "$otp" | ${xdotool}/bin/xdotool type -f - -'' From 856c4777d11c45c11c5cb9a74154f2fb99992d18 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 21:06:20 +0100 Subject: [PATCH 144/209] ci: js -> json, output to stderr --- krebs/3modules/ci.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index bbc58361d..a47dbe611 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -27,14 +27,14 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' set -efu - ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null - js="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" - echo "$js" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \ + ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix >&2 + json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" + echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \ | while read -r host builder; do gcroot=${shell.escape profileRoot}/$host-builder ${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder" done - echo "$js" + echo "$json" ''; profileRoot = "/nix/var/nix/profiles/ci"; From d094f265061cc84d4c13082ae0a8909d8942f821 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 05:14:39 +0100 Subject: [PATCH 145/209] ci: build all hosts in same dir --- ci.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci.nix b/ci.nix index 631c3dc41..a383a0631 100644 --- a/ci.nix +++ b/ci.nix @@ -16,6 +16,6 @@ let ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts; build = host: owner: - ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build/${host}";}); + ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";}); in mapAttrs (n: h: build n h.owner.name) ci-systems From 61f1aba8bc69dc522710d5871545cf4b4ec8645b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 21:06:20 +0100 Subject: [PATCH 146/209] * krops: get nixpkgs from store for ci --- jeschli/krops.nix | 2 ++ krebs/krops.nix | 16 +++++++++++++++- lass/krops.nix | 2 ++ makefu/krops.nix | 12 +++++++++++- tv/krops.nix | 2 ++ 5 files changed, 32 insertions(+), 2 deletions(-) diff --git a/jeschli/krops.nix b/jeschli/krops.nix index d45d57c63..fff014377 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -1,11 +1,13 @@ { name }: let inherit (import ../krebs/krops.nix { inherit name; }) + krebs-nixpkgs krebs-source lib pkgs ; source = { test }: lib.evalSource [ + (krebs-nixpkgs { test = test; }) krebs-source { nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; diff --git a/krebs/krops.nix b/krebs/krops.nix index 763e76b83..425fba8f5 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -7,11 +7,24 @@ # TODO document why pkgs should be used like this pkgs = import "${krops}/pkgs" {}; - krebs-source = { + krebs-nixpkgs = { test ? false }: if test then { + nixpkgs.file = { + path = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ./nixpkgs.json).rev; + sha256 = (lib.importJSON ./nixpkgs.json).sha256; + }); + useChecksum = true; + }; + } else { nixpkgs.git = { ref = (lib.importJSON ./nixpkgs.json).rev; url = https://github.com/NixOS/nixpkgs; }; + }; + + krebs-source = { stockholm.file = toString ../.; stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" '' set -efu @@ -28,6 +41,7 @@ }; source ={ test }: lib.evalSource [ + (krebs-nixpkgs { test = test; }) krebs-source { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; diff --git a/lass/krops.nix b/lass/krops.nix index c2669c8f2..26668de65 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -1,5 +1,6 @@ { name }: let inherit (import ../krebs/krops.nix { inherit name; }) + krebs-nixpkgs krebs-source lib pkgs @@ -12,6 +13,7 @@ ; source = { test }: lib.evalSource [ + (krebs-nixpkgs { test = test; }) krebs-source { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; diff --git a/makefu/krops.nix b/makefu/krops.nix index 2b43d541d..6c510eba3 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -23,7 +23,17 @@ { # nixos-18.09 @ 2018-09-18 # + uhub/sqlite: 5dd7610401747 - nixpkgs = if test || host-src.full then { + nixpkgs = if test then { + file = { + path = toString (pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "nixpkgs"; + rev = nixpkgs-src.rev; + sha256 = nixpkgs-src.sha256; + }); + useChecksum = true; + }; + } else if host-src.full then { git.ref = nixpkgs-src.rev; git.url = nixpkgs-src.url; } else if host-src.arm6 then { diff --git a/tv/krops.nix b/tv/krops.nix index e922630f7..3b60d3208 100644 --- a/tv/krops.nix +++ b/tv/krops.nix @@ -1,12 +1,14 @@ { name }: rec { inherit (import ../krebs/krops.nix { inherit name; }) + krebs-nixpkgs krebs-source lib pkgs ; source = lib.evalSource [ + (krebs-nixpkgs { test = true; }) krebs-source { nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; From f69a078f90d3cddfd5d3146ce39fbd294a14fb57 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 21:14:40 +0100 Subject: [PATCH 147/209] krops: reformat secrets (style) --- krebs/krops.nix | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/krebs/krops.nix b/krebs/krops.nix index 425fba8f5..1058e73c0 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -45,18 +45,14 @@ krebs-source { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; - secrets = - if test - then { - file = toString ; - } - else { - pass = { - dir = "${lib.getEnv "HOME"}/brain"; - name = "krebs-secrets/${name}"; - }; - } - ; + secrets = if test then { + file = toString ; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/brain"; + name = "krebs-secrets/${name}"; + }; + }; } ]; From 6d06ffa76a891c47b4516869ac9c8bbd0a6af5d4 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Nov 2018 13:37:58 +0100 Subject: [PATCH 148/209] krops: 1.7.2 -> 1.8.0 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index 4ce5dae7b..6f49342b2 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit 4ce5dae7bceb635e96a9f8d5658a1bd2aada4f66 +Subproject commit 6f49342b2d5973478f1f5eb6f8d6307059e7bcf7 From d5551ed214479317925239a9801384c9c3aa9add Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Nov 2018 14:29:07 +0100 Subject: [PATCH 149/209] tv fzmenu-urxvt: add internalBorder --- tv/2configs/xserver/Xresources.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/xserver/Xresources.nix b/tv/2configs/xserver/Xresources.nix index b8a4e822b..d032efc7d 100644 --- a/tv/2configs/xserver/Xresources.nix +++ b/tv/2configs/xserver/Xresources.nix @@ -53,6 +53,6 @@ pkgs.writeText "Xresources" /* xdefaults */ '' fzmenu-urxvt*background: rgb:42/23/42 fzmenu-urxvt*externalBorder: 1 - fzmenu-urxvt*externalBorder: 1 fzmenu-urxvt*geometry: 70x9 + fzmenu-urxvt*internalBorder: 1 '' From 1d7fddc064fef5e77c48602e3524949893a92997 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Nov 2018 14:41:56 +0100 Subject: [PATCH 150/209] tv xmonad: add currentSystem to executable name This prevents journal messges like: XMonad is recompiling and replacing itself another XMonad process because the current process is called "xmonad" but the compiled configuration should be called "xmonad-x86_64-linux" --- tv/2configs/xserver/default.nix | 4 ++-- tv/5pkgs/simple/xmonad-tv/default.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index d1345723d..a44ece8b1 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -100,8 +100,8 @@ in { "\${XMONAD_CONFIG_DIR}" "\${XMONAD_DATA_DIR}" ]}"; - ExecStart = "${pkgs.xmonad-tv}/bin/xmonad"; - ExecStop = "${pkgs.xmonad-tv}/bin/xmonad --shutdown"; + ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem}"; + ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem} --shutdown"; User = cfg.user.name; WorkingDirectory = cfg.user.home; }; diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index a2525e06e..430e6a809 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -1,6 +1,6 @@ { pkgs, ... }: pkgs.writeHaskellPackage "xmonad-tv" { - executables.xmonad = { + executables."xmonad-${builtins.currentSystem}" = { extra-depends = [ "containers" "extra" From f57b5b72a418ae740dbb5c536bb8addafe055a2a Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Nov 2018 14:47:08 +0100 Subject: [PATCH 151/209] tv xmonad: liftIO -> io --- tv/5pkgs/simple/xmonad-tv/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index 430e6a809..18463b496 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -92,7 +92,7 @@ mainNoArgs = do , placeHook (smart (1,0)) ] , startupHook = - whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) + whenJustM (io (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) , normalBorderColor = "#1c1c1c" , focusedBorderColor = "#f000b0" @@ -129,7 +129,7 @@ spawnRootTerm = spawnTermAt :: String -> X () spawnTermAt ws = do - env <- liftIO getEnvironment + env <- io getEnvironment let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env forkFile urxvtcPath [] (Just env') From ef418b19a05177b9cbac4febc77a79e437aa4851 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Nov 2018 17:03:53 +0100 Subject: [PATCH 152/209] tv xmonad: reduce cruft --- tv/5pkgs/simple/xmonad-tv/default.nix | 44 +-------------------------- 1 file changed, 1 insertion(+), 43 deletions(-) diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index 18463b496..97cc29917 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -25,30 +25,22 @@ import Graphics.X11.ExtraTypes.XF86 import Text.Read (readEither) import XMonad import System.IO (hPutStrLn, stderr) -import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv) +import System.Environment (getArgs, getEnv, getEnvironment, lookupEnv) import System.Posix.Process (executeFile) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace , removeEmptyWorkspace) import XMonad.Actions.GridSelect import XMonad.Actions.CycleWS (toggleWS) ---import XMonad.Actions.CopyWindow ( copy ) import XMonad.Layout.NoBorders ( smartBorders ) import qualified XMonad.StackSet as W import Data.Map (Map) import qualified Data.Map as Map --- TODO import XMonad.Layout.WorkspaceDir import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Hooks.ManageHelpers (doCenterFloat) --- import XMonad.Layout.Tabbed ---import XMonad.Layout.MouseResizableTile -import XMonad.Layout.Reflect (reflectVert) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Hooks.Place (placeHook, smart) import XMonad.Actions.PerWorkspaceKeys (chooseAction) -import XMonad.Layout.PerWorkspace (onWorkspace) ---import XMonad.Layout.BinarySpacePartition ---import XMonad.Actions.Submap import XMonad.Stockholm.Pager import XMonad.Stockholm.Rhombus import XMonad.Stockholm.Shutdown @@ -72,10 +64,6 @@ mainNoArgs :: IO () mainNoArgs = do workspaces0 <- getWorkspaces0 xmonad - -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } - -- urgencyConfig { remindWhen = Every 1 } - -- $ withUrgencyHook borderUrgencyHook "magenta" - -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never } $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def { terminal = urxvtcPath @@ -83,8 +71,6 @@ mainNoArgs = do , keys = myKeys , workspaces = workspaces0 , layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full - -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent - --, handleEventHook = handleTimerEvent , manageHook = composeAll [ appName =? "fzmenu-urxvt" --> doCenterFloat @@ -260,34 +246,6 @@ wGSConfig = def , gs_navigate = navNSearch } --- wsGSConfig = def --- { gs_cellheight = 20 --- , gs_cellwidth = 64 --- , gs_cellpadding = 5 --- , gs_font = myFont --- , gs_navigate = navNSearch --- } - --- custom navNSearch ---makeGSNav :: (KeyMask, KeySym) -> TwoD a (Maybe a) ---makeGSNav esc = nav --- where --- nav = makeXEventhandler $ shadowWithKeymap keyMap navNSearchDefaultHandler --- keyMap = Map.fromList --- [ (esc , cancel) --- , ((0,xK_Escape) , cancel) --- , ((0,xK_Return) , select) --- , ((0,xK_Left) , move (-1, 0) >> nav) --- , ((0,xK_Right) , move ( 1, 0) >> nav) --- , ((0,xK_Down) , move ( 0, 1) >> nav) --- , ((0,xK_Up) , move ( 0,-1) >> nav) --- , ((0,xK_BackSpace) , transformSearchString (\s -> if (s == "") then "" else init s) >> nav) --- ] --- -- The navigation handler ignores unknown key symbols, therefore we const --- navNSearchDefaultHandler (_,s,_) = do --- transformSearchString (++ s) --- nav - (&) :: a -> (a -> c) -> c (&) = flip ($) From 2b9d361f7f8ef6334c4832d6eb87f2b6008e352f Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Nov 2018 17:03:15 +0100 Subject: [PATCH 153/209] tv xmonad: wait for shutdown to complete --- tv/2configs/xserver/default.nix | 2 +- tv/5pkgs/simple/xmonad-tv/default.nix | 26 ++++++++++++++++++++++++-- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index a44ece8b1..199ffcaf8 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -101,7 +101,7 @@ in { "\${XMONAD_DATA_DIR}" ]}"; ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem}"; - ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem} --shutdown"; + ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem} --shutdown $MAINPID"; User = cfg.user.name; WorkingDirectory = cfg.user.home; }; diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index 97cc29917..ab4be91f3 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -19,6 +19,11 @@ pkgs.writeHaskellPackage "xmonad-tv" { module Main where +import System.IO.Error (isDoesNotExistError, tryIOError) +import System.Exit (exitFailure) +import Control.Monad (forever) +import Control.Concurrent (threadDelay) + import Control.Exception import Control.Monad.Extra (whenJustM) import Graphics.X11.ExtraTypes.XF86 @@ -27,6 +32,8 @@ import XMonad import System.IO (hPutStrLn, stderr) import System.Environment (getArgs, getEnv, getEnvironment, lookupEnv) import System.Posix.Process (executeFile) +import System.Posix.Signals (nullSignal, signalProcess) +import System.Posix.Types (ProcessID) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace , removeEmptyWorkspace) import XMonad.Actions.GridSelect @@ -57,8 +64,23 @@ myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" main :: IO () main = getArgs >>= \case - ["--shutdown"] -> sendShutdownEvent - _ -> mainNoArgs + [] -> mainNoArgs + ["--shutdown", pidArg] -> mainShutdown (read pidArg) + args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure + +mainShutdown :: ProcessID -> IO () +mainShutdown pid = do + sendShutdownEvent + hPutStrLn stderr ("waiting for: " <> show pid) + result <- tryIOError (waitProcess pid) + if isSuccess result + then hPutStrLn stderr ("result: " <> show result <> " [AKA success^_^]") + else hPutStrLn stderr ("result: " <> show result) + where + isSuccess = either isDoesNotExistError (const False) + +waitProcess :: ProcessID -> IO () +waitProcess pid = forever (signalProcess nullSignal pid >> threadDelay 10000) mainNoArgs :: IO () mainNoArgs = do From d1f81ace7241cf751f8a02c102b02bc1c8ad6c07 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Nov 2018 18:30:19 +0100 Subject: [PATCH 154/209] tv urlwatch: remove nixos --- tv/2configs/urlwatch.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 77947dafa..7467e8e67 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -27,11 +27,6 @@ in { # 2014-09-24 ref https://github.com/4z3/xintmap http://www.mathstat.dal.ca/~selinger/quipper/ - ## other - - https://nixos.org/channels/nixos-18.03/git-revision - https://nixos.org/channels/nixos-unstable/git-revision - ## 2014-10-17 ## TODO update ~/src/login/default.nix #http://hackage.haskell.org/package/bcrypt From 95f6255f586e93e096d56de75add76d7560b9df1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Nov 2018 21:30:46 +0100 Subject: [PATCH 155/209] * krops: merge krebs-nixpkgs into krebs-source --- jeschli/krops.nix | 4 +--- krebs/krops.nix | 38 ++++++++++++++++++-------------------- lass/krops.nix | 4 +--- tv/krops.nix | 4 +--- 4 files changed, 21 insertions(+), 29 deletions(-) diff --git a/jeschli/krops.nix b/jeschli/krops.nix index fff014377..989abcdd0 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -1,14 +1,12 @@ { name }: let inherit (import ../krebs/krops.nix { inherit name; }) - krebs-nixpkgs krebs-source lib pkgs ; source = { test }: lib.evalSource [ - (krebs-nixpkgs { test = test; }) - krebs-source + (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; secrets = if test then { diff --git a/krebs/krops.nix b/krebs/krops.nix index 1058e73c0..ab7524941 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -7,28 +7,27 @@ # TODO document why pkgs should be used like this pkgs = import "${krops}/pkgs" {}; - krebs-nixpkgs = { test ? false }: if test then { - nixpkgs.file = { - path = toString (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ./nixpkgs.json).rev; - sha256 = (lib.importJSON ./nixpkgs.json).sha256; - }); - useChecksum = true; + krebs-source = { test ? false }: rec { + nixpkgs = if test then { + file = { + path = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ./nixpkgs.json).rev; + sha256 = (lib.importJSON ./nixpkgs.json).sha256; + }); + useChecksum = true; + }; + } else { + git = { + ref = (lib.importJSON ./nixpkgs.json).rev; + url = https://github.com/NixOS/nixpkgs; + }; }; - } else { - nixpkgs.git = { - ref = (lib.importJSON ./nixpkgs.json).rev; - url = https://github.com/NixOS/nixpkgs; - }; - }; - - krebs-source = { stockholm.file = toString ../.; stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" '' set -efu - cd ${lib.escapeShellArg krebs-source.stockholm.file} + cd ${lib.escapeShellArg stockholm.file} V=$(${pkgs.coreutils}/bin/date +%y.%m) if test -d .git; then V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty) @@ -41,8 +40,7 @@ }; source ={ test }: lib.evalSource [ - (krebs-nixpkgs { test = test; }) - krebs-source + (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; secrets = if test then { diff --git a/lass/krops.nix b/lass/krops.nix index 26668de65..d64454ea5 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -1,6 +1,5 @@ { name }: let inherit (import ../krebs/krops.nix { inherit name; }) - krebs-nixpkgs krebs-source lib pkgs @@ -13,8 +12,7 @@ ; source = { test }: lib.evalSource [ - (krebs-nixpkgs { test = test; }) - krebs-source + (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; secrets = if test then { diff --git a/tv/krops.nix b/tv/krops.nix index 3b60d3208..af0e8616a 100644 --- a/tv/krops.nix +++ b/tv/krops.nix @@ -1,15 +1,13 @@ { name }: rec { inherit (import ../krebs/krops.nix { inherit name; }) - krebs-nixpkgs krebs-source lib pkgs ; source = lib.evalSource [ - (krebs-nixpkgs { test = true; }) - krebs-source + (krebs-source { test = true; }) { nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; secrets.file = toString ./dummy_secrets; From 53359a60f5f0114b013c6241b52aa7387d1b922a Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 29 Nov 2018 21:24:31 +0100 Subject: [PATCH 156/209] xmonad-stockholm: 1.2.0 -> 1.3.0 --- .../5pkgs/simple/xmonad-jeschli/default.nix | 9 +++++--- krebs/5pkgs/haskell/xmonad-stockholm.nix | 12 +++++----- lass/5pkgs/custom/xmonad-lass/default.nix | 10 ++++++--- tv/2configs/xserver/default.nix | 2 +- tv/5pkgs/simple/xmonad-tv/default.nix | 22 ++----------------- 5 files changed, 22 insertions(+), 33 deletions(-) diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix index 4ebd98f09..827c77b77 100644 --- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix +++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix @@ -24,8 +24,9 @@ import Control.Monad.Extra (whenJustM) import Graphics.X11.ExtraTypes.XF86 import Text.Read (readEither) import XMonad -import System.IO (hPutStrLn, stderr) import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv) +import System.Exit (exitFailure) +import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace , removeEmptyWorkspace) @@ -66,12 +67,14 @@ myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" main :: IO () main = getArgs >>= \case - ["--shutdown"] -> sendShutdownEvent - _ -> mainNoArgs + [] -> mainNoArgs + ["--shutdown"] -> shutdown + args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure mainNoArgs :: IO () mainNoArgs = do workspaces0 <- getWorkspaces0 + handleShutdownEvent <- newShutdownEventHandler xmonad -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } -- urgencyConfig { remindWhen = Every 1 } diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index 7f6bb299d..228d365a3 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,16 +1,16 @@ -{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xft, X11-xshape -, xmonad, xmonad-contrib +{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft +, X11-xshape, xmonad, xmonad-contrib }: mkDerivation rec { pname = "xmonad-stockholm"; - version = "1.2.0"; + version = "1.3.0"; src = fetchgit { url = http://cgit.ni.krebsco.de/xmonad-stockholm; - rev = "refs/tags/v${version}"; - sha256 = "13mvmh3kk9a79l1nii028p0n7l95pb78wz9c4j42l90m02mg6cis"; + rev = "refs/tags/v1.3.0"; + sha256 = "1np5126wn67y0a1r60rnkq828s0w9zjnvai4b8zy3yc02xlkrjm9"; }; libraryHaskellDepends = [ - base containers X11 X11-xft X11-xshape xmonad xmonad-contrib + base containers filepath unix X11 X11-xft X11-xshape xmonad xmonad-contrib ]; license = stdenv.lib.licenses.mit; } diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 087d54eca..3a4970767 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -25,6 +25,8 @@ import Control.Monad.Extra (whenJustM) import Data.List (isInfixOf) import Data.Monoid (Endo) import System.Environment (getArgs, lookupEnv) +import System.Exit (exitFailure) +import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CycleWS (toggleWS) @@ -49,7 +51,7 @@ import XMonad.Util.EZConfig (additionalKeysP) import XMonad.Util.NamedWindows (getName) import XMonad.Util.Run (safeSpawn) -import XMonad.Stockholm.Shutdown (handleShutdownEvent, sendShutdownEvent) +import XMonad.Stockholm.Shutdown (newShutdownEventHandler, shutdown) import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..)) data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show) @@ -69,11 +71,13 @@ myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1" main :: IO () main = getArgs >>= \case - ["--shutdown"] -> sendShutdownEvent - _ -> main' + [] -> main' + ["--shutdown"] -> shutdown + args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure main' :: IO () main' = do + handleShutdownEvent <- newShutdownEventHandler xmonad $ ewmh $ withUrgencyHook LibNotifyUrgencyHook $ def diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 199ffcaf8..a44ece8b1 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -101,7 +101,7 @@ in { "\${XMONAD_DATA_DIR}" ]}"; ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem}"; - ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem} --shutdown $MAINPID"; + ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem} --shutdown"; User = cfg.user.name; WorkingDirectory = cfg.user.home; }; diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index ab4be91f3..edfee98a0 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -19,10 +19,7 @@ pkgs.writeHaskellPackage "xmonad-tv" { module Main where -import System.IO.Error (isDoesNotExistError, tryIOError) import System.Exit (exitFailure) -import Control.Monad (forever) -import Control.Concurrent (threadDelay) import Control.Exception import Control.Monad.Extra (whenJustM) @@ -32,8 +29,6 @@ import XMonad import System.IO (hPutStrLn, stderr) import System.Environment (getArgs, getEnv, getEnvironment, lookupEnv) import System.Posix.Process (executeFile) -import System.Posix.Signals (nullSignal, signalProcess) -import System.Posix.Types (ProcessID) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace , removeEmptyWorkspace) import XMonad.Actions.GridSelect @@ -65,26 +60,13 @@ myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" main :: IO () main = getArgs >>= \case [] -> mainNoArgs - ["--shutdown", pidArg] -> mainShutdown (read pidArg) + ["--shutdown"] -> shutdown args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure -mainShutdown :: ProcessID -> IO () -mainShutdown pid = do - sendShutdownEvent - hPutStrLn stderr ("waiting for: " <> show pid) - result <- tryIOError (waitProcess pid) - if isSuccess result - then hPutStrLn stderr ("result: " <> show result <> " [AKA success^_^]") - else hPutStrLn stderr ("result: " <> show result) - where - isSuccess = either isDoesNotExistError (const False) - -waitProcess :: ProcessID -> IO () -waitProcess pid = forever (signalProcess nullSignal pid >> threadDelay 10000) - mainNoArgs :: IO () mainNoArgs = do workspaces0 <- getWorkspaces0 + handleShutdownEvent <- newShutdownEventHandler xmonad $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def From 740f8c8ccfca38d7fc164a8c99bb6df6249c0d22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:35:00 +0100 Subject: [PATCH 157/209] l: move download stuff to yellow.r --- krebs/3modules/lass/default.nix | 30 +++++++ lass/1systems/prism/config.nix | 58 ++++++++++++- lass/1systems/yellow/config.nix | 132 ++++++++++++++++++++++++++++++ lass/1systems/yellow/physical.nix | 8 ++ lass/2configs/downloading.nix | 65 --------------- 5 files changed, 227 insertions(+), 66 deletions(-) create mode 100644 lass/1systems/yellow/config.nix create mode 100644 lass/1systems/yellow/physical.nix delete mode 100644 lass/2configs/downloading.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 836ecb3f6..35b1e1b83 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -716,6 +716,36 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; }; + yellow = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.14"; + ip6.addr = "42:0:0:0:0:0:0:14"; + aliases = [ + "yellow.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP + MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY + b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU + Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd + OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP + vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6 + C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp + Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU + 52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg + zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p + DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ + Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje "; + }; blue = { cores = 1; nets = { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a9fbae695..57298b1bd 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -207,7 +207,6 @@ with import ; RandomizedDelaySec = "2min"; }; } - { services.taskserver = { @@ -338,6 +337,63 @@ with import ; ]; } + { + systemd.services."container@yellow".reloadIfChanged = mkForce false; + containers.yellow = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.13"; + localAddress = "10.233.2.14"; + }; + + services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' + if ($scheme != "https") { + rewrite ^ https://$host$uri permanent; + } + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' + krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 + ''}; + proxy_pass http://10.233.2.14:9091; + ''; + + users.groups.download = {}; + users.users = { + download = { + createHome = true; + group = "download"; + name = "download"; + home = "/var/download"; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-shodan.pubkey + lass-icarus.pubkey + lass-daedalus.pubkey + lass-helios.pubkey + makefu.pubkey + wine-mors.pubkey + ]; + }; + }; + + system.activationScripts.downloadFolder = '' + mkdir -p /var/download + chmod 775 /var/download + ln -fs /var/download/finished /var/lib/containers/yellow/var/download/finished || : + chown download: /var/download/finished + ln -fs /var/download/incoming /var/lib/containers/yellow/var/download/incoming || : + chown download: /var/download/incoming + ''; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix new file mode 100644 index 000000000..ee14986ac --- /dev/null +++ b/lass/1systems/yellow/config.nix @@ -0,0 +1,132 @@ +with import ; +{ config, lib, pkgs, ... }: +{ + imports = [ + + + + ]; + + krebs.build.host = config.krebs.hosts.yellow; + + system.activationScripts.downloadFolder = '' + mkdir -p /var/download + chown download:download /var/download + chmod 775 /var/download + ''; + + users.users.download = { uid = genid "download"; }; + users.groups.download.members = [ "transmission" ]; + users.users.transmission.group = mkForce "download"; + + systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ]; + services.transmission = { + enable = true; + settings = { + download-dir = "/var/download/finished"; + incomplete-dir = "/var/download/incoming"; + incomplete-dir-enable = true; + umask = "002"; + rpc-whitelist-enabled = false; + rpc-host-whitelist-enabled = false; + }; + }; + + krebs.iptables = { + enable = true; + tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } + ]; + }; + + services.nginx.enable = true; + services.openvpn.servers.nordvpn.config = '' + client + dev tun + proto udp + remote 82.102.16.229 1194 + resolv-retry infinite + remote-random + nobind + tun-mtu 1500 + tun-mtu-extra 32 + mssfix 1450 + persist-key + persist-tun + ping 15 + ping-restart 0 + ping-timer-rem + reneg-sec 0 + comp-lzo no + + explicit-exit-notify 3 + + remote-cert-tls server + + #mute 10000 + auth-user-pass ${toString } + + verb 3 + pull + fast-io + cipher AES-256-CBC + auth SHA512 + + + -----BEGIN CERTIFICATE----- + MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD + VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH + Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw + bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y + ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG + A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT + B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2 + cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v + cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG + UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny + mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X + +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT + ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI + 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA + VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT + Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh + MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ + MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy + Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW + EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG + SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ + e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW + //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB + wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB + KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p + lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9 + -----END CERTIFICATE----- + + key-direction 1 + + # + # 2048 bit OpenVPN static key + # + -----BEGIN OpenVPN Static key V1----- + 49b2f54c6ee58d2d97331681bb577d55 + 054f56d92b743c31e80b684de0388702 + ad3bf51088cd88f3fac7eb0729f2263c + 51d82a6eb7e2ed4ae6dfa65b1ac764d0 + b9dedf1379c1b29b36396d64cb6fd6b2 + e61f869f9a13001dadc02db171f04c4d + c46d1132c1f31709e7b54a6eabae3ea8 + fbd2681363c185f4cb1be5aa42a27c31 + 21db7b2187fd11c1acf224a0d5a44466 + b4b5a3cc34ec0227fe40007e8b379654 + f1e8e2b63c6b46ee7ab6f1bd82f57837 + 92c209e8f25bc9ed493cb5c1d891ae72 + 7f54f4693c5b20f136ca23e639fd8ea0 + 865b4e22dd2af43e13e6b075f12427b2 + 08af9ffd09c56baa694165f57fe2697a + 3377fa34aebcba587c79941d83deaf45 + -----END OpenVPN Static key V1----- + + ''; +} diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix new file mode 100644 index 000000000..7499ff723 --- /dev/null +++ b/lass/1systems/yellow/physical.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = false; + environment.variables.NIX_REMOTE = "daemon"; +} diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix deleted file mode 100644 index 8d0fb0d02..000000000 --- a/lass/2configs/downloading.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - users.extraUsers = { - download = { - name = "download"; - home = "/var/download"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-daedalus.pubkey - lass-helios.pubkey - makefu.pubkey - wine-mors.pubkey - ]; - }; - - transmission = { - extraGroups = [ - "download" - ]; - }; - }; - - users.extraGroups = { - download = { - members = [ - "download" - "transmission" - ]; - }; - }; - - krebs.rtorrent = { - enable = true; - web = { - enable = true; - port = 9091; - basicAuth = import ; - }; - rutorrent.enable = true; - enableXMLRPC = true; - listenPort = 51413; - downloadDir = "/var/download/finished"; - # dump old torrents into watch folder to have them re-added - watchDir = "/var/download/watch"; - }; - - krebs.iptables = { - enable = true; - tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } - { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } - ]; - }; -} From 02350fd5ece71ea018583feadba51f5936803d80 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:35:39 +0100 Subject: [PATCH 158/209] l prism.r: add /var/download mount --- lass/1systems/prism/physical.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 4388c13fa..116bdb92f 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -25,6 +25,11 @@ fsType = "zfs"; }; + fileSystems."/var/download" = { + device = "tank/download"; + fsType = "zfs"; + }; + fileSystems."/var/lib/containers" = { device = "tank/containers"; fsType = "zfs"; From 293a82ad3b927d1f21430e9c01b0ce32bf669e36 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:36:37 +0100 Subject: [PATCH 159/209] maintain realwallpaper in stockholm --- krebs/3modules/realwallpaper.nix | 185 ++++++++++++++++++- krebs/5pkgs/simple/realwallpaper/default.nix | 24 --- 2 files changed, 184 insertions(+), 25 deletions(-) delete mode 100644 krebs/5pkgs/simple/realwallpaper/default.nix diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 044811c7d..cb940efef 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -77,7 +77,190 @@ let serviceConfig = { Type = "simple"; - ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh"; + ExecStart = pkgs.writeDash "generate-wallpaper" '' + set -xeuf + + # usage: getimg FILENAME URL + fetch() { + echo "fetch $1" + curl -LsS -z "$1" -o "$1" "$2" + } + + # usage: check_type FILENAME TYPE + check_type() { + if ! file -ib "$1" | grep -q "^$2/"; then + echo "$1 is not of type $2" >&2 + rm "$1" + return 1 + fi + } + + # usage: image_size FILENAME + image_size() { + identify "$1" | awk '{print$3}' + } + + # usage: make_mask DST SRC MASK + make_layer() { + if needs_rebuild "$@"; then + echo "make $1 (apply mask)" >&2 + convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1" + fi + } + + # usage: flatten DST HILAYER LOLAYER + flatten() { + if needs_rebuild "$@"; then + echo "make $1 (flatten)" >&2 + composite "$2" "$3" "$1" + fi + } + + # usage: needs_rebuild DST SRC... + needs_rebuild() { + a="$1" + shift + if ! test -e "$a"; then + #echo " $a does not exist" >&2 + result=0 + else + result=1 + for b; do + if test "$b" -nt "$a"; then + #echo " $b is newer than $a" >&2 + result=0 + fi + done + fi + #case $result in + # 0) echo "$a needs rebuild" >&2;; + #esac + return $result + } + + main() { + cd ${cfg.workingDir} + + # fetch source images in parallel + fetch nightmap-raw.jpg \ + ${cfg.nightmap} & + fetch daymap-raw.png \ + ${cfg.daymap} & + fetch clouds-raw.jpg \ + ${cfg.cloudmap} & + fetch marker.json \ + ${cfg.marker} & + wait + + check_type nightmap-raw.jpg image + check_type daymap-raw.png image + check_type clouds-raw.jpg image + + in_size=2048x1024 + xplanet_out_size=1466x1200 + out_geometry=1366x768+100+160 + + nightsnow_color='#0c1a49' # nightmap + + for raw in \ + nightmap-raw.jpg \ + daymap-raw.png \ + clouds-raw.jpg \ + ; + do + normal=''${raw%-raw.*}.png + if needs_rebuild $normal $raw; then + echo "make $normal; normalize $raw" >&2 + convert $raw -scale $in_size $normal + fi + done + + # create nightmap-fullsnow + if needs_rebuild nightmap-fullsnow.png; then + convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png + fi + + # extract daymap-snowmask from daymap-final + if needs_rebuild daymap-snowmask.png daymap.png; then + convert daymap.png -threshold 95% daymap-snowmask.png + fi + + # extract nightmap-lightmask from nightmap + if needs_rebuild nightmap-lightmask.png nightmap.png; then + convert nightmap.png -threshold 25% nightmap-lightmask.png + fi + + # create layers + make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png + make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png + + # apply layers + flatten nightmap-lightsnowlayer.png \ + nightmap-lightlayer.png \ + nightmap-snowlayer.png + + flatten nightmap-final.png \ + nightmap-lightsnowlayer.png \ + nightmap.png + + # create marker file from json + if [ -s marker.json ]; then + jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file + fi + + # make all unmodified files as final + for normal in \ + daymap.png \ + clouds.png \ + ; + do + final=''${normal%.png}-final.png + needs_rebuild $final && + ln $normal $final + done + + # rebuild every time to update shadow + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-output.png --projection merc \ + -config ${pkgs.writeText "xplanet.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + shade=15 + ''} + + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-krebs-output.png --projection merc \ + -config ${pkgs.writeText "xplanet-krebs.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + marker_file=marker_file + shade=15 + ''} + + # trim xplanet output + if needs_rebuild realwallpaper.png xplanet-output.png; then + convert xplanet-output.png -crop $out_geometry \ + realwallpaper-tmp.png + mv realwallpaper-tmp.png realwallpaper.png + fi + + if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then + convert xplanet-krebs-output.png -crop $out_geometry \ + realwallpaper-krebs-tmp.png + mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png + fi + } + + main "$@" + ''; User = "realwallpaper"; }; }; diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix deleted file mode 100644 index 7c9812117..000000000 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ stdenv, fetchgit, xplanet, imagemagick, curl, file }: - -stdenv.mkDerivation { - name = "realwallpaper"; - - src = fetchgit { - url = https://github.com/Lassulus/realwallpaper; - rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0"; - sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr"; - }; - - phases = [ - "unpackPhase" - "installPhase" - ]; - - buildInputs = [ - ]; - - installPhase = '' - mkdir -p $out - cp realwallpaper.sh $out/realwallpaper.sh - ''; -} From 2a904d988555629deb043e6641434253d544d480 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:37:02 +0100 Subject: [PATCH 160/209] l: add nordvpn@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 9bb70d1c2..1ee45bb41 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -93,6 +93,7 @@ with import ; { from = "neocron@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; } + { from = "nordvpn@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 55efde5159ddb4c44fbac06fabd9138b197ed4c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:37:22 +0100 Subject: [PATCH 161/209] l skynet: import power-action.nix --- lass/1systems/skynet/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 14aca598e..13a8b3e41 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -7,6 +7,7 @@ with import ; + { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; From 3f5d31bb2ef3ec4b9cc53d742e9303e1577fb260 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:37:42 +0100 Subject: [PATCH 162/209] l websites: remove deprecated stuff --- lass/2configs/websites/lassulus.nix | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b72b20928..6470d86f7 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -66,22 +66,6 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; - locations."/urlaubyay2018".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/india2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; - locations."/heilstadt".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/grabowsee2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; locations."/krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; From cd3b73955ef8a792ece37d33ad7de7efbac0625f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:40:59 +0100 Subject: [PATCH 163/209] l: RIP cabal.r --- krebs/3modules/lass/default.nix | 41 -------------------------------- lass/1systems/cabal/config.nix | 16 ------------- lass/1systems/cabal/physical.nix | 12 ---------- 3 files changed, 69 deletions(-) delete mode 100644 lass/1systems/cabal/config.nix delete mode 100644 lass/1systems/cabal/physical.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 35b1e1b83..09c8ba675 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -644,47 +644,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; }; - cabal = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.1.4"; - ip6.addr = "42::1:4"; - aliases = [ - "cabal.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A - SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj - rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK - qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e - LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq - rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3 - 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE - fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v - yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A - kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR - KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi - TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U - oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs - TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw - 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD - rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ - 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf - luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py - w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG - 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1 - K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g - ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; - }; red = { monitoring = false; cores = 1; diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix deleted file mode 100644 index 6a8040c9d..000000000 --- a/lass/1systems/cabal/config.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.cabal; -} diff --git a/lass/1systems/cabal/physical.nix b/lass/1systems/cabal/physical.nix deleted file mode 100644 index 3cc4af03b..000000000 --- a/lass/1systems/cabal/physical.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - imports = [ - ./config.nix - - - ]; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0" - ''; -} From 2e81c4edeed70b9e5a94eb06be4692d757e2bce8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:43:01 +0100 Subject: [PATCH 164/209] l: add dummy-secret nordvpn.txt --- lass/2configs/tests/dummy-secrets/nordvpn.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 lass/2configs/tests/dummy-secrets/nordvpn.txt diff --git a/lass/2configs/tests/dummy-secrets/nordvpn.txt b/lass/2configs/tests/dummy-secrets/nordvpn.txt new file mode 100644 index 000000000..e69de29bb From 698b61efe54fac6ccba91cad9d8c2136a7569ad6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 05:23:53 +0100 Subject: [PATCH 165/209] l xmonad: better float --- lass/5pkgs/custom/xmonad-lass/default.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 3a4970767..85c008750 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -38,7 +38,7 @@ import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) -import XMonad.Hooks.Place (placeHook, smart) +import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>)) import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) @@ -84,7 +84,7 @@ main' = do { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks + , manageHook = floatHooks <+> floatNextHook , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -99,13 +99,12 @@ myLayoutHook = defLayout defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat) floatHooks :: Query (Endo WindowSet) -floatHooks = composeAll . concat $ - [ [ title =? t --> doFloat | t <- myTitleFloats] - , [ className =? c --> doFloat | c <- myClassFloats ] ] - where - myTitleFloats = [] - myClassFloats = ["Pinentry"] -- for gpg passphrase entry - +floatHooks = composeOne + [ className =? "Pinentry" -?> doCenterFloat + , title =? "fzfmenu" -?> doCenterFloat + , title =? "glxgears" -?> doCenterFloat + , resource =? "Dialog" -?> doFloat + ] myKeyMap :: [([Char], X ())] myKeyMap = From 4122e3efd5af7fc7f827aa69b5fabb577bb4d2ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 05:24:22 +0100 Subject: [PATCH 166/209] l xmonad: add redshift bindings --- lass/5pkgs/custom/xmonad-lass/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 85c008750..c020f975c 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -162,6 +162,9 @@ myKeyMap = , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") + , ("M4-", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8") + , ("M4-", spawn "${pkgs.redshift}/bin/redshift -x") + , ("", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("M4-s", spawn "${pkgs.knav}/bin/knav") From cef8060bedcc33cf4b6e2781bdcbb97c2c0edba4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 07:48:49 +0100 Subject: [PATCH 167/209] l: override dmenu with fzfmenu --- lass/2configs/baseX.nix | 6 ++++++ lass/5pkgs/fzfmenu/default.nix | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 lass/5pkgs/fzfmenu/default.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9b44e8f0e..d781f8c71 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -126,6 +126,12 @@ in { restartIfChanged = false; }; + nixpkgs.config.packageOverrides = super: { + dmenu = pkgs.writeDashBin "dmenu" '' + ${pkgs.fzfmenu}/bin/fzfmenu "$@" + ''; + }; + krebs.xresources.enable = true; lass.screenlock.enable = true; } diff --git a/lass/5pkgs/fzfmenu/default.nix b/lass/5pkgs/fzfmenu/default.nix new file mode 100644 index 000000000..6b5899359 --- /dev/null +++ b/lass/5pkgs/fzfmenu/default.nix @@ -0,0 +1,33 @@ +{ pkgs, ... }: + +pkgs.writeDashBin "fzfmenu" '' + set -efu + PROMPT=">" + for i in "$@" + do + case $i in + -p) + PROMPT="$2" + shift + shift + break + ;; + *) + echo "Unknown option $1" + shift + ;; + esac + done + INPUT=$(${pkgs.coreutils}/bin/cat) + OUTPUT="$(${pkgs.coreutils}/bin/mktemp)" + ${pkgs.rxvt_unicode}/bin/urxvt \ + -name fzfmenu -title fzfmenu \ + -e ${pkgs.dash}/bin/dash -c \ + "echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \ + --history=/dev/null \ + --no-sort \ + --prompt=\"$PROMPT\" \ + > \"$OUTPUT\"" 2>/dev/null + ${pkgs.coreutils}/bin/cat "$OUTPUT" + ${pkgs.coreutils}/bin/rm "$OUTPUT" +'' From 7f5431a4999fea9626df300f707aa8c62de894e3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 08:30:08 +0100 Subject: [PATCH 168/209] l prism.r: use symlinks correctly, remove incoming link --- lass/1systems/prism/config.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 57298b1bd..24fa3fd7a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -388,10 +388,8 @@ with import ; system.activationScripts.downloadFolder = '' mkdir -p /var/download chmod 775 /var/download - ln -fs /var/download/finished /var/lib/containers/yellow/var/download/finished || : + ln -fs /var/lib/containers/yellow/var/download/finished /var/download/finished || : chown download: /var/download/finished - ln -fs /var/download/incoming /var/lib/containers/yellow/var/download/incoming || : - chown download: /var/download/incoming ''; } ]; From 5f0b1b803500f468a1d60217cc0fc81bb8fd58aa Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 09:40:53 +0100 Subject: [PATCH 169/209] lib: add mapNixDir{,1} --- jeschli/5pkgs/simple/default.nix | 8 +------- krebs/5pkgs/haskell/default.nix | 9 +-------- krebs/5pkgs/simple/default.nix | 8 +------- lib/default.nix | 17 +++++++++++++++++ tv/5pkgs/simple/default.nix | 8 +------- 5 files changed, 21 insertions(+), 29 deletions(-) diff --git a/jeschli/5pkgs/simple/default.nix b/jeschli/5pkgs/simple/default.nix index 1b9d8c235..6ba4fec83 100644 --- a/jeschli/5pkgs/simple/default.nix +++ b/jeschli/5pkgs/simple/default.nix @@ -15,10 +15,4 @@ let else override; in - listToAttrs - (map - (name: nameValuePair (removeSuffix ".nix" name) - (callPackage (./. + "/${name}") {})) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) + mapNixDir (path: callPackage path {}) ./. diff --git a/krebs/5pkgs/haskell/default.nix b/krebs/5pkgs/haskell/default.nix index 7cdf65ea5..e824699f9 100644 --- a/krebs/5pkgs/haskell/default.nix +++ b/krebs/5pkgs/haskell/default.nix @@ -1,13 +1,6 @@ with import ; let - overrides = self: super: - listToAttrs - (map - (name: nameValuePair (removeSuffix ".nix" name) - (self.callPackage (./. + "/${name}") {})) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))); + overrides = self: super: mapNixDir (path: self.callPackage path {}) ./.; in self: super: { diff --git a/krebs/5pkgs/simple/default.nix b/krebs/5pkgs/simple/default.nix index 1b9d8c235..6ba4fec83 100644 --- a/krebs/5pkgs/simple/default.nix +++ b/krebs/5pkgs/simple/default.nix @@ -15,10 +15,4 @@ let else override; in - listToAttrs - (map - (name: nameValuePair (removeSuffix ".nix" name) - (callPackage (./. + "/${name}") {})) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) + mapNixDir (path: callPackage path {}) ./. diff --git a/lib/default.nix b/lib/default.nix index a40225c49..7b964b22f 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -44,6 +44,23 @@ let indent = replaceChars ["\n"] ["\n "]; + mapNixDir = f: x: { + list = foldl' mergeAttrs {} (map (mapNixDir1 f) x); + path = mapNixDir1 f x; + }.${typeOf x}; + + mapNixDir1 = f: dirPath: + listToAttrs + (map + (relPath: let + name = removeSuffix ".nix" relPath; + path = dirPath + "/${relPath}"; + in + nameValuePair name (f path)) + (filter + (name: name != "default.nix" && !hasPrefix "." name) + (attrNames (readDir dirPath)))); + # https://tools.ietf.org/html/rfc5952 normalize-ip6-addr = let diff --git a/tv/5pkgs/simple/default.nix b/tv/5pkgs/simple/default.nix index 1b9d8c235..6ba4fec83 100644 --- a/tv/5pkgs/simple/default.nix +++ b/tv/5pkgs/simple/default.nix @@ -15,10 +15,4 @@ let else override; in - listToAttrs - (map - (name: nameValuePair (removeSuffix ".nix" name) - (callPackage (./. + "/${name}") {})) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) + mapNixDir (path: callPackage path {}) ./. From 4319a386800c8dd535fe8b7273539d258e3c6092 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 09:41:32 +0100 Subject: [PATCH 170/209] tv pkgs haskell: init --- tv/5pkgs/haskell/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 tv/5pkgs/haskell/default.nix diff --git a/tv/5pkgs/haskell/default.nix b/tv/5pkgs/haskell/default.nix new file mode 100644 index 000000000..fcede2f9c --- /dev/null +++ b/tv/5pkgs/haskell/default.nix @@ -0,0 +1,20 @@ +with import ; +let + overrides = self: super: + mapNixDir (path: self.callPackage path {}) [ + + ./. + ]; +in + self: super: { + haskell = super.haskell // { + packages = mapAttrs (name: value: + if hasAttr "override" value + then value.override { inherit overrides; } + else value + ) super.haskell.packages; + }; + haskellPackages = super.haskellPackages.override { + inherit overrides; + }; + } From 94a09258ad3202cfba1bcba8cdbf99b51f5aae86 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 09:03:52 +0100 Subject: [PATCH 171/209] tv xmonad: move to haskell packages --- tv/2configs/xserver/default.nix | 13 ++++-- tv/5pkgs/haskell/xmonad-tv/default.nix | 15 +++++++ .../haskell/xmonad-tv/src/Helpers/Path.hs | 15 +++++++ tv/5pkgs/haskell/xmonad-tv/src/Paths.hs | 22 ++++++++++ .../xmonad-tv/src/main.hs} | 41 +++++-------------- .../haskell/xmonad-tv/src/xmonad-tv.cabal | 25 +++++++++++ 6 files changed, 97 insertions(+), 34 deletions(-) create mode 100644 tv/5pkgs/haskell/xmonad-tv/default.nix create mode 100644 tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs create mode 100644 tv/5pkgs/haskell/xmonad-tv/src/Paths.hs rename tv/5pkgs/{simple/xmonad-tv/default.nix => haskell/xmonad-tv/src/main.hs} (88%) create mode 100644 tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index a44ece8b1..9cb487254 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -57,7 +57,9 @@ in { systemd.services.display-manager.enable = false; - systemd.services.xmonad = { + systemd.services.xmonad = let + xmonad = "${pkgs.haskellPackages.xmonad-tv}/bin/xmonad"; + in { wantedBy = [ "graphical.target" ]; requires = [ "xserver.service" ]; environment = { @@ -93,6 +95,11 @@ in { "za" "zh" "zj" "zs" ]); }; + path = [ + pkgs.alsaUtils + pkgs.fzmenu + pkgs.rxvt_unicode + ]; serviceConfig = { SyslogIdentifier = "xmonad"; ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [ @@ -100,8 +107,8 @@ in { "\${XMONAD_CONFIG_DIR}" "\${XMONAD_DATA_DIR}" ]}"; - ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem}"; - ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-${currentSystem} --shutdown"; + ExecStart = "@${xmonad} xmonad-${currentSystem} "; + ExecStop = "@${xmonad} xmonad-${currentSystem} --shutdown"; User = cfg.user.name; WorkingDirectory = cfg.user.home; }; diff --git a/tv/5pkgs/haskell/xmonad-tv/default.nix b/tv/5pkgs/haskell/xmonad-tv/default.nix new file mode 100644 index 000000000..42eb13d41 --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/default.nix @@ -0,0 +1,15 @@ +{ mkDerivation, base, containers, directory, extra, stdenv, unix +, X11, xmonad, xmonad-contrib, xmonad-stockholm +}: +mkDerivation { + pname = "xmonad-tv"; + version = "1.0.0"; + src = ./src; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + base containers directory extra unix X11 xmonad xmonad-contrib + xmonad-stockholm + ]; + license = stdenv.lib.licenses.mit; +} diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs b/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs new file mode 100644 index 000000000..1029d60be --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs @@ -0,0 +1,15 @@ +module Helpers.Path where + +import qualified Data.List +import qualified System.Directory +import qualified System.IO.Unsafe + + +findExecutable :: String -> FilePath +findExecutable = + System.IO.Unsafe.unsafePerformIO . find + where + find name = + maybe failure id <$> System.Directory.findExecutable name + where + failure = error (Data.List.intercalate " " [name, "not found"]) diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs new file mode 100644 index 000000000..24a809bfe --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs @@ -0,0 +1,22 @@ +module Paths where + +import Helpers.Path + + +amixer :: FilePath +amixer = findExecutable "amixer" + +otpmenu :: FilePath +otpmenu = findExecutable "otpmenu" + +passmenu :: FilePath +passmenu = findExecutable "passmenu" + +slock :: FilePath +slock = "/run/wrappers/bin/slock" + +su :: FilePath +su = "/run/wrappers/bin/su" + +urxvtc :: FilePath +urxvtc = findExecutable "urxvtc" diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/haskell/xmonad-tv/src/main.hs similarity index 88% rename from tv/5pkgs/simple/xmonad-tv/default.nix rename to tv/5pkgs/haskell/xmonad-tv/src/main.hs index edfee98a0..43461ab98 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -1,16 +1,3 @@ -{ pkgs, ... }: -pkgs.writeHaskellPackage "xmonad-tv" { - executables."xmonad-${builtins.currentSystem}" = { - extra-depends = [ - "containers" - "extra" - "unix" - "X11" - "xmonad" - "xmonad-contrib" - "xmonad-stockholm" - ]; - text = /* haskell */ '' {-# LANGUAGE DeriveDataTypeable #-} -- for XS {-# LANGUAGE FlexibleContexts #-} -- for xmonad' {-# LANGUAGE LambdaCase #-} @@ -46,14 +33,9 @@ import XMonad.Actions.PerWorkspaceKeys (chooseAction) import XMonad.Stockholm.Pager import XMonad.Stockholm.Rhombus import XMonad.Stockholm.Shutdown +import qualified Paths -amixerPath :: FilePath -amixerPath = "${pkgs.alsaUtils}/bin/amixer" - -urxvtcPath :: FilePath -urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc" - myFont :: String myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" @@ -70,7 +52,7 @@ mainNoArgs = do xmonad $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def - { terminal = urxvtcPath + { terminal = Paths.urxvtc , modMask = mod4Mask , keys = myKeys , workspaces = workspaces0 @@ -113,23 +95,23 @@ forkFile path args env = spawnRootTerm :: X () spawnRootTerm = forkFile - urxvtcPath - ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"] + Paths.urxvtc + ["-name", "root-urxvt", "-e", Paths.su, "-"] Nothing spawnTermAt :: String -> X () spawnTermAt ws = do env <- io getEnvironment let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env - forkFile urxvtcPath [] (Just env') + forkFile Paths.urxvtc [] (Just env') myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) myKeys conf = Map.fromList $ - [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) + [ ((_4 , xK_Escape ), forkFile Paths.slock [] Nothing) , ((_4S , xK_c ), kill) - , ((_4 , xK_o ), forkFile "${pkgs.fzmenu}/bin/otpmenu" [] Nothing) - , ((_4 , xK_p ), forkFile "${pkgs.fzmenu}/bin/passmenu" [] Nothing) + , ((_4 , xK_o ), forkFile Paths.otpmenu [] Nothing) + , ((_4 , xK_p ), forkFile Paths.passmenu [] Nothing) , ((_4 , xK_x ), chooseAction spawnTermAt) , ((_4C , xK_x ), spawnRootTerm) @@ -140,7 +122,7 @@ myKeys conf = Map.fromList $ , ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) , ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) , ((_C , xK_Menu ), toggleWS) - , ((_4 , xK_Menu ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] ) + -- , ((_4 , xK_Menu ), rhombus horseConfig (io . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] ) -- %! Rotate through the available layout algorithms , ((_4 , xK_space ), sendMessage NextLayout) @@ -207,7 +189,7 @@ myKeys conf = Map.fromList $ _4CM = _4 .|. _C .|. _M _4SM = _4 .|. _S .|. _M - amixer args = forkFile amixerPath args Nothing + amixer args = forkFile Paths.amixer args Nothing pagerConfig :: PagerConfig @@ -257,6 +239,3 @@ wGSConfig = def allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] allWorkspaceNames ws = return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws] - ''; - }; -} diff --git a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal new file mode 100644 index 000000000..f10bc4aeb --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal @@ -0,0 +1,25 @@ +name: xmonad-tv +version: 1.0.0 +license: MIT +author: tv +maintainer: tv +build-type: Simple +cabal-version: >=1.10 + +executable xmonad + main-is: main.hs + build-depends: + base, + containers, + directory, + extra, + unix, + X11, + xmonad, + xmonad-contrib, + xmonad-stockholm + other-modules: + Helpers.Path, + Paths + default-language: Haskell2010 + ghc-options: -O2 -Wall -threaded From 9c97865f15a07b910a13de6ae1d6ab6b14ade9a9 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 11:27:47 +0100 Subject: [PATCH 172/209] default.nix: simplify system evaluations --- default.nix | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/default.nix b/default.nix index 5ae8e399e..9368dcd9e 100644 --- a/default.nix +++ b/default.nix @@ -1,19 +1,12 @@ -import { - modules = [ - (import "NIXOS_CONFIG" ) - ]; -} -// -{ +import {} // rec { lib = import ./lib; - systems = with import ./lib; let - ns = getEnv "LOGNAME"; + systems = with lib; let + namespace = getEnv "LOGNAME"; + systemsDir = + "/${namespace}/1systems"; in genAttrs - (attrNames (filterAttrs (_: eq "directory") (readDir ( + "/${ns}/1systems")))) - (name: let - config = import ( + "/${ns}/1systems/${name}/config.nix"); - in import { - modules = [ config ]; + (attrNames (filterAttrs (_: eq "directory") (readDir systemsDir))) + (name: import { + configuration = import (systemsDir + "/${name}/config.nix"); }); } From 220969d4d3d435b59c6f121cdc7eb86719dcfd80 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 13:15:49 +0100 Subject: [PATCH 173/209] tv: remove systemd aliases --- tv/2configs/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index d9ddc90d0..484a337b7 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -87,11 +87,6 @@ with import ; export SYSTEM="$1" exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' ''; - reload = "systemctl reload"; - restart = "systemctl restart"; - start = "systemctl start"; - status = "systemctl status"; - stop = "systemctl stop"; }; environment.variables = { From 5e4ea890cfa9c1b2df396b330f68d8d1f273feba Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 13:42:44 +0100 Subject: [PATCH 174/209] lib: add krops --- lib/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/default.nix b/lib/default.nix index 7b964b22f..4cb0332ca 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -5,6 +5,7 @@ let evalSource = import ./eval-source.nix; git = import ./git.nix { inherit lib; }; + krops = import ../submodules/krops/lib; shell = import ./shell.nix { inherit lib; }; types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; From 127a259584232f0fcc2c6e9c0ce919a74c747fe3 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 13:43:10 +0100 Subject: [PATCH 175/209] tv xmonad: add shell.nix --- tv/5pkgs/haskell/xmonad-tv/shell.nix | 78 ++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 tv/5pkgs/haskell/xmonad-tv/shell.nix diff --git a/tv/5pkgs/haskell/xmonad-tv/shell.nix b/tv/5pkgs/haskell/xmonad-tv/shell.nix new file mode 100644 index 000000000..2f9fff6ed --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/shell.nix @@ -0,0 +1,78 @@ +{ compiler ? "default" }: let + + stockholm = import ; + + inherit (stockholm.systems.${lib.krops.getHostName}) config pkgs; + inherit (stockholm) lib; + + haskellPackages = + if compiler == "default" + then pkgs.haskellPackages + else pkgs.haskell.packages.${compiler}; + + xmonadDrv = haskellPackages.callPackage (import ./.) {}; + +in + + lib.overrideDerivation xmonadDrv.env (oldAttrs: { + shellHook = '' + pkg_name=${lib.shell.escape (lib.baseNameOf (toString ./.))} + + WORKDIR=${toString ./src} + CACHEDIR=$HOME/tmp/$pkg_name + HISTFILE=$CACHEDIR/bash_history + + mkdir -p "$CACHEDIR" + + config_XMONAD_CACHE_DIR=${lib.shell.escape + config.systemd.services.xmonad.environment.XMONAD_CACHE_DIR + } + + xmonad=$CACHEDIR/main + + xmonad_build() {( + set -efu + cd "$WORKDIR" + options=$( + ${pkgs.cabal-read}/bin/ghc-options "$WORKDIR/$pkg_name.cabal" xmonad + ) + ghc $options \ + -odir "$CACHEDIR" \ + -hidir "$CACHEDIR" \ + -o "$xmonad" \ + main.hs + )} + + xmonad_restart() {( + set -efu + cd "$WORKDIR" + if systemctl is-active xmonad; then + sudo systemctl stop xmonad + cp -b "$config_XMONAD_CACHE_DIR"/xmonad.state "$CACHEDIR"/ + echo "xmonad.state: $(cat "$CACHEDIR"/xmonad.state)" + else + "$xmonad" --shutdown || : + fi + "$xmonad" & + echo xmonad pid: $! >&2 + )} + + xmonad_yield() {( + set -efu + "$xmonad" --shutdown + cp -b "$CACHEDIR"/xmonad.state "$config_XMONAD_CACHE_DIR"/ + sudo systemctl start xmonad + )} + + export PATH=${config.systemd.services.xmonad.path}:$PATH + export SHELL=/run/current-system/sw/bin/bash + + export XMONAD_CACHE_DIR="$CACHEDIR" + export XMONAD_DATA_DIR="$CACHEDIR" + export XMONAD_CONFIG_DIR=/var/empty + + unset XMONAD_STARTUP_HOOK + + cd "$WORKDIR" + ''; + }) From ed44b2dacdb33156921a859733991295dc4c2502 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 14:04:42 +0100 Subject: [PATCH 176/209] tv bash: use XMONAD_SPAWN_WORKSPACE only for tv change directory only for interactivetv user --- tv/2configs/bash/default.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix index b75ad8bfc..3b4a4aadb 100644 --- a/tv/2configs/bash/default.nix +++ b/tv/2configs/bash/default.nix @@ -13,6 +13,18 @@ with import ; shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion complete -d cd + + case $UID in + ${shell.escape (toString config.krebs.users.tv.uid)}) + if test ''${SHLVL-1} = 1; then + case ''${XMONAD_SPAWN_WORKSPACE-} in + stockholm) + cd ~/stockholm + ;; + esac + fi + ;; + esac ''; promptInit = /* sh */ '' case $UID in @@ -32,14 +44,6 @@ with import ; if test -n "$SSH_AGENT_PID"; then PS1="ssh-agent[$SSH_AGENT_PID] $PS1" fi - - if test ''${SHLVL-1} = 1; then - case ''${XMONAD_SPAWN_WORKSPACE-} in - stockholm) - cd ~/stockholm - ;; - esac - fi ''; }; } From 8a17b6fb1750b3f11b3f1b12fe12317b916026fe Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 14:07:58 +0100 Subject: [PATCH 177/209] tv bash: redefine for tv --- tv/2configs/bash/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix index 3b4a4aadb..d7673931c 100644 --- a/tv/2configs/bash/default.nix +++ b/tv/2configs/bash/default.nix @@ -23,6 +23,8 @@ with import ; ;; esac fi + + export NIX_PATH="stockholm=$HOME/stockholm:$NIX_PATH" ;; esac ''; From e28130802708bc9040514a9f10c4b8785f91838f Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 14:18:14 +0100 Subject: [PATCH 178/209] tv xmonad: cleanup --- tv/5pkgs/haskell/xmonad-tv/src/main.hs | 77 ++++---------------------- 1 file changed, 11 insertions(+), 66 deletions(-) diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index 43461ab98..dd76fbf6e 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -4,7 +4,7 @@ {-# LANGUAGE ScopedTypeVariables #-} -module Main where +module Main (main) where import System.Exit (exitFailure) @@ -18,7 +18,6 @@ import System.Environment (getArgs, getEnv, getEnvironment, lookupEnv) import System.Posix.Process (executeFile) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace , removeEmptyWorkspace) -import XMonad.Actions.GridSelect import XMonad.Actions.CycleWS (toggleWS) import XMonad.Layout.NoBorders ( smartBorders ) import qualified XMonad.StackSet as W @@ -31,7 +30,6 @@ import XMonad.Hooks.Place (placeHook, smart) import XMonad.Actions.PerWorkspaceKeys (chooseAction) import XMonad.Stockholm.Pager -import XMonad.Stockholm.Rhombus import XMonad.Stockholm.Shutdown import qualified Paths @@ -39,12 +37,14 @@ import qualified Paths myFont :: String myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" + main :: IO () main = getArgs >>= \case [] -> mainNoArgs ["--shutdown"] -> shutdown args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure + mainNoArgs :: IO () mainNoArgs = do workspaces0 <- getWorkspaces0 @@ -84,6 +84,7 @@ getWorkspaces0 = where warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return [] + displaySomeException :: SomeException -> String displaySomeException = displayException @@ -92,6 +93,7 @@ forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () forkFile path args env = xfork (executeFile path False args env) >> return () + spawnRootTerm :: X () spawnRootTerm = forkFile @@ -99,12 +101,14 @@ spawnRootTerm = ["-name", "root-urxvt", "-e", Paths.su, "-"] Nothing + spawnTermAt :: String -> X () spawnTermAt ws = do env <- io getEnvironment let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env forkFile Paths.urxvtc [] (Just env') + myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) myKeys conf = Map.fromList $ [ ((_4 , xK_Escape ), forkFile Paths.slock [] Nothing) @@ -116,52 +120,25 @@ myKeys conf = Map.fromList $ , ((_4 , xK_x ), chooseAction spawnTermAt) , ((_4C , xK_x ), spawnRootTerm) - --, ((_4 , xK_F1 ), withFocused jojo) - --, ((_4 , xK_F1 ), printAllGeometries) - , ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) , ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) , ((_C , xK_Menu ), toggleWS) - -- , ((_4 , xK_Menu ), rhombus horseConfig (io . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] ) - - -- %! Rotate through the available layout algorithms + , ((_4 , xK_space ), sendMessage NextLayout) , ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout - ---- BinarySpacePartition - --, ((_4 , xK_l), sendMessage $ ExpandTowards R) - --, ((_4 , xK_h), sendMessage $ ExpandTowards L) - --, ((_4 , xK_j), sendMessage $ ExpandTowards D) - --, ((_4 , xK_k), sendMessage $ ExpandTowards U) - --, ((_4S , xK_l), sendMessage $ ShrinkFrom R) - --, ((_4S , xK_h), sendMessage $ ShrinkFrom L) - --, ((_4S , xK_j), sendMessage $ ShrinkFrom D) - --, ((_4S , xK_k), sendMessage $ ShrinkFrom U) - --, ((_4 , xK_n), sendMessage Rotate) - --, ((_4S , xK_n), sendMessage Swap) - - ---- mouseResizableTile - --, ((_4 , xK_u), sendMessage ShrinkSlave) - --, ((_4 , xK_i), sendMessage ExpandSlave) - - -- move focus up or down the window stack - --, ((_4 , xK_m ), windows W.focusMaster) , ((_4 , xK_j ), windows W.focusDown) , ((_4 , xK_k ), windows W.focusUp) - -- modifying the window order , ((_4S , xK_m ), windows W.swapMaster) , ((_4S , xK_j ), windows W.swapDown) , ((_4S , xK_k ), windows W.swapUp) - -- resizing the master/slave ratio - , ((_4 , xK_h ), sendMessage Shrink) -- %! Shrink the master area - , ((_4 , xK_l ), sendMessage Expand) -- %! Expand the master area + , ((_4 , xK_h ), sendMessage Shrink) + , ((_4 , xK_l ), sendMessage Expand) - -- floating layer support - , ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling + , ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling - -- increase or decrease number of windows in the master area , ((_4 , xK_comma ), sendMessage $ IncMasterN 1) , ((_4 , xK_period ), sendMessage $ IncMasterN (-1)) @@ -170,10 +147,6 @@ myKeys conf = Map.fromList $ , ((_4 , xK_Delete ), removeEmptyWorkspace) , ((_4 , xK_Return ), toggleWS) - --, (0 , xK_Menu ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view) - --, (_4 , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view) - --, (_4S , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.shift) - --, (_4 , xK_b ) & \k -> (k, goToSelected wGSConfig { gs_navigate = makeGSNav k }) , ((noModMask, xF86XK_AudioLowerVolume), amixer ["sset", "Master", "5%-"]) , ((noModMask, xF86XK_AudioRaiseVolume), amixer ["sset", "Master", "5%+"]) , ((noModMask, xF86XK_AudioMute), amixer ["sset", "Master", "toggle"]) @@ -196,11 +169,7 @@ pagerConfig :: PagerConfig pagerConfig = def { pc_font = myFont , pc_cellwidth = 64 - --, pc_cellheight = 36 -- TODO automatically keep screen aspect - --, pc_borderwidth = 1 - --, pc_matchcolor = "#f0b000" , pc_matchmethod = MatchPrefix - --, pc_colors = pagerWorkspaceColors , pc_windowColors = windowColors } where @@ -211,30 +180,6 @@ pagerConfig = def then ("#402020", snd y) else y -horseConfig :: RhombusConfig -horseConfig = def - { rc_font = myFont - , rc_cellwidth = 64 - --, rc_cellheight = 36 -- TODO automatically keep screen aspect - --, rc_borderwidth = 1 - --, rc_matchcolor = "#f0b000" - , rc_matchmethod = MatchPrefix - --, rc_colors = pagerWorkspaceColors - --, rc_paint = myPaint - } - -wGSConfig :: GSConfig Window -wGSConfig = def - { gs_cellheight = 20 - , gs_cellwidth = 192 - , gs_cellpadding = 5 - , gs_font = myFont - , gs_navigate = navNSearch - } - - -(&) :: a -> (a -> c) -> c -(&) = flip ($) allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] allWorkspaceNames ws = From 08849bbb4e731a4b655fa2456bad6925e7a70e8d Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 16:17:32 +0100 Subject: [PATCH 179/209] tv xmonad: amixer -> pactl --- tv/2configs/xserver/default.nix | 2 +- tv/5pkgs/haskell/xmonad-tv/src/Paths.hs | 6 +++--- tv/5pkgs/haskell/xmonad-tv/src/main.hs | 12 ++++++++---- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 9cb487254..22c94f7b1 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -96,8 +96,8 @@ in { ]); }; path = [ - pkgs.alsaUtils pkgs.fzmenu + pkgs.pulseaudioLight.out pkgs.rxvt_unicode ]; serviceConfig = { diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs index 24a809bfe..e12c25bd5 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs @@ -3,12 +3,12 @@ module Paths where import Helpers.Path -amixer :: FilePath -amixer = findExecutable "amixer" - otpmenu :: FilePath otpmenu = findExecutable "otpmenu" +pactl :: FilePath +pactl = findExecutable "pactl" + passmenu :: FilePath passmenu = findExecutable "passmenu" diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index dd76fbf6e..c96a8539e 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -147,9 +147,10 @@ myKeys conf = Map.fromList $ , ((_4 , xK_Delete ), removeEmptyWorkspace) , ((_4 , xK_Return ), toggleWS) - , ((noModMask, xF86XK_AudioLowerVolume), amixer ["sset", "Master", "5%-"]) - , ((noModMask, xF86XK_AudioRaiseVolume), amixer ["sset", "Master", "5%+"]) - , ((noModMask, xF86XK_AudioMute), amixer ["sset", "Master", "toggle"]) + + , ((0, xF86XK_AudioLowerVolume), audioLowerVolume) + , ((0, xF86XK_AudioRaiseVolume), audioRaiseVolume) + , ((0, xF86XK_AudioMute), audioMute) ] where _4 = mod4Mask @@ -162,7 +163,10 @@ myKeys conf = Map.fromList $ _4CM = _4 .|. _C .|. _M _4SM = _4 .|. _S .|. _M - amixer args = forkFile Paths.amixer args Nothing + pactl args = forkFile Paths.pactl args Nothing + audioLowerVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "-5%"] + audioRaiseVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "+5%"] + audioMute = pactl ["--", "set-sink-mute", "@DEFAULT_SINK@", "toggle"] pagerConfig :: PagerConfig From 574356c63e8b11abd4fb7224cff9dca1c86332a2 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 18:17:32 +0100 Subject: [PATCH 180/209] krops: 1.8.0 -> 1.8.1 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index 6f49342b2..4017c6048 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit 6f49342b2d5973478f1f5eb6f8d6307059e7bcf7 +Subproject commit 4017c60485c4bfff533ff11bdbb5557fa951655f From 53d36334fc94f43ddff6b71d2a66ecef1c2564f2 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Nov 2018 22:32:50 +0100 Subject: [PATCH 181/209] krops: 1.8.1 -> 1.9.0 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index 4017c6048..eb68146cc 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit 4017c60485c4bfff533ff11bdbb5557fa951655f +Subproject commit eb68146cc4848cfc0c0339c72a44a96fdeb4a1de From 0db666620399b996ff2755750f45113f039a8046 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 23:12:06 +0100 Subject: [PATCH 182/209] l binary-cache: fix nginx SSL config --- lass/2configs/binary-cache/server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 86158c468..d3775b5df 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -26,6 +26,7 @@ ''; }; virtualHosts."cache.krebsco.de" = { + forceSSL = true; serverAliases = [ "cache.lassul.us" ]; enableACME = true; locations."/".extraConfig = '' From 44e5f582dbfce55b58b792f9519a7a1810990e82 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 1 Dec 2018 11:40:01 +0100 Subject: [PATCH 183/209] tv xmonad: use ResizableTall --- tv/5pkgs/haskell/xmonad-tv/src/main.hs | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index c96a8539e..79b603b5d 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -20,12 +20,13 @@ import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace , removeEmptyWorkspace) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Layout.NoBorders ( smartBorders ) +import XMonad.Layout.ResizableTile (ResizableTall(ResizableTall)) +import XMonad.Layout.ResizableTile (MirrorResize(MirrorExpand,MirrorShrink)) import qualified XMonad.StackSet as W import Data.Map (Map) import qualified Data.Map as Map import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Hooks.ManageHelpers (doCenterFloat) -import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Hooks.Place (placeHook, smart) import XMonad.Actions.PerWorkspaceKeys (chooseAction) @@ -47,6 +48,7 @@ main = getArgs >>= \case mainNoArgs :: IO () mainNoArgs = do + let width = 1366 workspaces0 <- getWorkspaces0 handleShutdownEvent <- newShutdownEventHandler xmonad @@ -56,7 +58,14 @@ mainNoArgs = do , modMask = mod4Mask , keys = myKeys , workspaces = workspaces0 - , layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full + , layoutHook = + smartBorders $ + ResizableTall + 1 + (10 * 6 / width) + ((80 * 6 + 2 * (1+1+1))/width) [] + ||| + Full , manageHook = composeAll [ appName =? "fzmenu-urxvt" --> doCenterFloat @@ -134,8 +143,11 @@ myKeys conf = Map.fromList $ , ((_4S , xK_j ), windows W.swapDown) , ((_4S , xK_k ), windows W.swapUp) - , ((_4 , xK_h ), sendMessage Shrink) - , ((_4 , xK_l ), sendMessage Expand) + , ((_4M , xK_h ), sendMessage Shrink) + , ((_4M , xK_l ), sendMessage Expand) + + , ((_4M , xK_j ), sendMessage MirrorShrink) + , ((_4M , xK_k ), sendMessage MirrorExpand) , ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling From ac837f8d32319daa8594616b3c6e224747bc6ef1 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 1 Dec 2018 11:40:33 +0100 Subject: [PATCH 184/209] tv xmonad: Super-m to focus master --- tv/5pkgs/haskell/xmonad-tv/src/main.hs | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index 79b603b5d..ebd902b1d 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -136,6 +136,7 @@ myKeys conf = Map.fromList $ , ((_4 , xK_space ), sendMessage NextLayout) , ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout + , ((_4 , xK_m ), windows W.focusMaster) , ((_4 , xK_j ), windows W.focusDown) , ((_4 , xK_k ), windows W.focusUp) From 5c6f751028f3e17b740ce239701044e74e2f0890 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 1 Dec 2018 11:40:58 +0100 Subject: [PATCH 185/209] tv xmonad: cleanup --- tv/5pkgs/haskell/xmonad-tv/src/main.hs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index ebd902b1d..f82077a21 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -134,7 +134,7 @@ myKeys conf = Map.fromList $ , ((_C , xK_Menu ), toggleWS) , ((_4 , xK_space ), sendMessage NextLayout) - , ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout + , ((_4M , xK_space ), resetLayout) , ((_4 , xK_m ), windows W.focusMaster) , ((_4 , xK_j ), windows W.focusDown) @@ -150,7 +150,7 @@ myKeys conf = Map.fromList $ , ((_4M , xK_j ), sendMessage MirrorShrink) , ((_4M , xK_k ), sendMessage MirrorExpand) - , ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling + , ((_4 , xK_t ), withFocused $ windows . W.sink) , ((_4 , xK_comma ), sendMessage $ IncMasterN 1) , ((_4 , xK_period ), sendMessage $ IncMasterN (-1)) @@ -181,6 +181,8 @@ myKeys conf = Map.fromList $ audioRaiseVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "+5%"] audioMute = pactl ["--", "set-sink-mute", "@DEFAULT_SINK@", "toggle"] + resetLayout = setLayout $ XMonad.layoutHook conf + pagerConfig :: PagerConfig pagerConfig = def @@ -199,5 +201,4 @@ pagerConfig = def allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] -allWorkspaceNames ws = - return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws] +allWorkspaceNames = return . map W.tag . W.workspaces From ee1080cb6e0161bfd9d3264cb100282f47e1dfa6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:44:17 +0100 Subject: [PATCH 186/209] l: disable redshift (now managed by xmonad) --- lass/1systems/icarus/config.nix | 4 ---- lass/1systems/mors/config.nix | 4 ---- 2 files changed, 8 deletions(-) diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 1957c8ba4..d2d4bd3eb 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -25,9 +25,5 @@ macchanger dpass ]; - services.redshift = { - enable = true; - provider = "geoclue2"; - }; programs.adb.enable = true; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cac13be2b..b9aaaab24 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -148,10 +148,6 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; - services.redshift = { - enable = true; - provider = "geoclue2"; - }; lass.restic = genAttrs [ "daedalus" From 745906c5b3a2d9f63eb56e77eac73849479116bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:44:37 +0100 Subject: [PATCH 187/209] l mors.r: install transmission-remote --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index b9aaaab24..207c7c640 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -102,6 +102,7 @@ with import ; urban mk_sql_pair remmina + transmission iodine From 7a0756c78a0d568001fa74e47c0f00aad94bd5fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:44:57 +0100 Subject: [PATCH 188/209] l prism: fix download links (again) --- lass/1systems/prism/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 24fa3fd7a..0ca39447d 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -388,7 +388,7 @@ with import ; system.activationScripts.downloadFolder = '' mkdir -p /var/download chmod 775 /var/download - ln -fs /var/lib/containers/yellow/var/download/finished /var/download/finished || : + ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : chown download: /var/download/finished ''; } From 1ac25c33a90e9029953f234644da4ebd31b45353 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:45:33 +0100 Subject: [PATCH 189/209] l yellow.r: add retiolum html listing --- lass/1systems/yellow/config.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index ee14986ac..48d405111 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -32,16 +32,24 @@ with import ; }; }; + services.nginx = { + enable = true; + virtualHosts."yellow.r".locations."/dl".extraConfig = '' + autoindex on; + alias /var/download/finished; + ''; + }; + krebs.iptables = { enable = true; tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } ]; }; - services.nginx.enable = true; services.openvpn.servers.nordvpn.config = '' client dev tun From 93e951f2b93fc3d3012f15fd27f9866254f90fa3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:46:17 +0100 Subject: [PATCH 190/209] l mail: add read/unread bindings --- lass/2configs/mail.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9ea91ae19..36e797a96 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -174,6 +174,16 @@ let macro pager a "-archive\n" # tag as Archived + bind index U noop + bind index u noop + bind pager U noop + bind pager u noop + macro index U "+unread\n" + macro index u "-unread\n" + macro pager U "+unread\n" + macro pager u "-unread\n" + + bind index t noop bind pager t noop macro index t "" # tag as Archived From 99381f7c9d90fb0be074d469daca4bc433cc0126 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:47:20 +0100 Subject: [PATCH 191/209] l fzfmenu: make more dmenu compatible --- lass/5pkgs/custom/xmonad-lass/default.nix | 1 + lass/5pkgs/fzfmenu/default.nix | 14 +++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index c020f975c..f86a4a69b 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -113,6 +113,7 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") + , ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") diff --git a/lass/5pkgs/fzfmenu/default.nix b/lass/5pkgs/fzfmenu/default.nix index 6b5899359..905a5ce6b 100644 --- a/lass/5pkgs/fzfmenu/default.nix +++ b/lass/5pkgs/fzfmenu/default.nix @@ -12,8 +12,20 @@ pkgs.writeDashBin "fzfmenu" '' shift break ;; + -l) + # no reason to filter number of lines + LINES="$2" + shift + shift + break + ;; + -i) + # we do this anyway + shift + break + ;; *) - echo "Unknown option $1" + echo "Unknown option $1" >&2 shift ;; esac From 0947c93af49acae04404589f60094cacb391554c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:59:47 +0100 Subject: [PATCH 192/209] l: add emot-menu --- lass/5pkgs/emot-menu/default.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 lass/5pkgs/emot-menu/default.nix diff --git a/lass/5pkgs/emot-menu/default.nix b/lass/5pkgs/emot-menu/default.nix new file mode 100644 index 000000000..d5d84e456 --- /dev/null +++ b/lass/5pkgs/emot-menu/default.nix @@ -0,0 +1,31 @@ +{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let + + emoticons = writeText "emoticons" '' +¯\(°_o)/¯ | dunno lol shrug dlol +¯\_(ツ)_/¯ | dunno lol shrug dlol +( ͡° ͜ʖ ͡°) | lenny +¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol +( ゚д゚) | aaah sad noo +ヽ(^o^)丿 | hi yay hello +(^o^; | ups hehe +(^∇^) | yay +┗(`皿´)┛ | angry argh +ヾ(^_^) byebye!! | bye +<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance +(-.-)Zzz... | sleep +(∩╹□╹∩) | oh noes woot +™ | tm +ζ | zeta +(╯°□°)╯ ┻━┻ | table flip +(」゜ロ゜)」 | why woot + ''; + +in +writeDashBin "emoticons" '' + set -efu + + data=$(${coreutils}/bin/cat ${emoticons}) + emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//') + ${xdotool}/bin/xdotool type -- "$emoticon" + exit 0 +'' From bd4a4c2faab7aed7db336607db9855aa44e7d904 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 14:14:03 +0100 Subject: [PATCH 193/209] lib.types.user: use genid_uint31 Refs https://github.com/systemd/systemd/issues/11026 --- lib/types.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/types.nix b/lib/types.nix index d663d2512..016853300 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -3,7 +3,7 @@ let inherit (lib) all any attrNames concatMapStringsSep concatStringsSep const filter flip - genid hasSuffix head isInt isString length mergeOneOption mkOption + genid_uint31 hasSuffix head isInt isString length mergeOneOption mkOption mkOptionType optional optionalAttrs optionals range splitString stringLength substring test testString typeOf; inherit (lib.types) @@ -365,7 +365,7 @@ rec { }; uid = mkOption { type = int; - default = genid config.name; + default = genid_uint31 config.name; }; }; }); @@ -377,7 +377,7 @@ rec { }; gid = mkOption { type = int; - default = genid config.name; + default = genid_uint31 config.name; }; }; }); From 29d9070f04fd57ced04b4304f27b4adc042c4388 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 14:51:35 +0100 Subject: [PATCH 194/209] tv xmonad shell: use currentSystem in executable --- tv/5pkgs/haskell/xmonad-tv/shell.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/5pkgs/haskell/xmonad-tv/shell.nix b/tv/5pkgs/haskell/xmonad-tv/shell.nix index 2f9fff6ed..936e69627 100644 --- a/tv/5pkgs/haskell/xmonad-tv/shell.nix +++ b/tv/5pkgs/haskell/xmonad-tv/shell.nix @@ -28,7 +28,7 @@ in config.systemd.services.xmonad.environment.XMONAD_CACHE_DIR } - xmonad=$CACHEDIR/main + xmonad=$CACHEDIR/xmonad-${lib.currentSystem} xmonad_build() {( set -efu From b9bd7a08b8aab6c0a7b4df5bad2ac7d40474633a Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 14:52:25 +0100 Subject: [PATCH 195/209] tv xmonad: find all paths --- tv/2configs/xserver/default.nix | 1 + tv/5pkgs/haskell/xmonad-tv/src/Paths.hs | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 22c94f7b1..480295565 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -99,6 +99,7 @@ in { pkgs.fzmenu pkgs.pulseaudioLight.out pkgs.rxvt_unicode + "/run/wrappers" # for slock, and su ]; serviceConfig = { SyslogIdentifier = "xmonad"; diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs index e12c25bd5..317900c1c 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs @@ -13,10 +13,10 @@ passmenu :: FilePath passmenu = findExecutable "passmenu" slock :: FilePath -slock = "/run/wrappers/bin/slock" +slock = findExecutable "slock" su :: FilePath -su = "/run/wrappers/bin/su" +su = findExecutable "su" urxvtc :: FilePath urxvtc = findExecutable "urxvtc" From 9f4d207bb72f4808ef60560e70a811c321bebabe Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 15:35:37 +0100 Subject: [PATCH 196/209] tv slock service: init --- tv/3modules/default.nix | 1 + tv/3modules/slock.nix | 71 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 tv/3modules/slock.nix diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 6172feb03..f53a58e9a 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -6,6 +6,7 @@ ./hosts.nix ./iptables.nix ./nixpkgs-overlays.nix + ./slock.nix ./x0vncserver.nix ]; } diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix new file mode 100644 index 000000000..1c84b1e9e --- /dev/null +++ b/tv/3modules/slock.nix @@ -0,0 +1,71 @@ +with import ; +{ config, pkgs, ... }: let + cfg = config.tv.slock; +in { + options.tv.slock = { + enable = mkEnableOption "tv.slock"; + package = mkOption { + default = pkgs.execBin "slock" rec { + filename = "${pkgs.systemd}/bin/systemctl"; + argv = [ filename "start" "slock-${cfg.user.name}.service" ]; + }; + type = types.package; + }; + user = mkOption { + type = types.user; + }; + }; + config = mkIf cfg.enable { + security.polkit.extraConfig = /* js */ '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && + action.lookup("unit") == "slock-${cfg.user.name}.service" && + subject.user == ${toJSON cfg.user.name}) { + return polkit.Result.YES; + } + }); + ''; + systemd.services."slock-${cfg.user.name}" = { + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" { + passAsFile = ["text"]; + text = /* c */ '' + #include + #include + + static struct spwd entry = { + .sp_namp = "", + .sp_pwdp = + ${toC config.users.users.${cfg.user.name}.hashedPassword}, + .sp_lstchg = 0, + .sp_min = 0, + .sp_max = 0, + .sp_warn = 0, + .sp_inact = 0, + .sp_expire = 0, + .sp_flag = 0, + }; + + extern struct spwd *getspnam(const char *name) { return &entry; } + extern int setgroups(size_t size, const gid_t *list) { return 0; } + extern int setgid(gid_t gid) { return 0; } + extern int setuid(uid_t uid) { return 0; } + ''; + } /* sh */ '' + gcc -Wall -shared -o $out -xc "$textPath" + ''; + }; + restartIfChanged = false; + serviceConfig = { + ExecStart = "${pkgs.slock}/bin/slock"; + OOMScoreAdjust = -1000; + Restart = "on-failure"; + RestartSec = "100ms"; + StartLimitBurst = 0; + SyslogIdentifier = "slock"; + User = cfg.user.name; + }; + }; + }; +} From 46dc547bbe9edbb2a314145482e220287ab4c70a Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 15:36:55 +0100 Subject: [PATCH 197/209] tv xmonad: use slock service --- tv/2configs/xserver/default.nix | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 480295565..b513dabbe 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -24,17 +24,6 @@ in { pkgs.xlibs.fontschumachermisc ]; - # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /run/wrappers/bin - krebs.setuid.slock = { - filename = "${pkgs.slock}/bin/slock"; - group = "wheel"; - envp = { - DISPLAY = ":${toString config.services.xserver.display}"; - USER = cfg.user.name; - }; - }; - services.xserver = { # Don't install feh into systemPackages @@ -96,10 +85,11 @@ in { ]); }; path = [ + config.tv.slock.package pkgs.fzmenu pkgs.pulseaudioLight.out pkgs.rxvt_unicode - "/run/wrappers" # for slock, and su + "/run/wrappers" # for su ]; serviceConfig = { SyslogIdentifier = "xmonad"; @@ -155,4 +145,9 @@ in { User = cfg.user.name; }; }; + + tv.slock = { + enable = true; + user = cfg.user; + }; } From a58628d1c3c8fb4d730ee77ce3fae6130271962f Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 15:43:49 +0100 Subject: [PATCH 198/209] tv xmonad: add xcalib --- tv/2configs/xserver/default.nix | 1 + tv/5pkgs/haskell/xmonad-tv/src/Paths.hs | 3 +++ tv/5pkgs/haskell/xmonad-tv/src/main.hs | 2 ++ 3 files changed, 6 insertions(+) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index b513dabbe..8d4b13fad 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -89,6 +89,7 @@ in { pkgs.fzmenu pkgs.pulseaudioLight.out pkgs.rxvt_unicode + pkgs.xcalib "/run/wrappers" # for su ]; serviceConfig = { diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs index 317900c1c..3a879b5d0 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs @@ -20,3 +20,6 @@ su = findExecutable "su" urxvtc :: FilePath urxvtc = findExecutable "urxvtc" + +xcalib :: FilePath +xcalib = findExecutable "xcalib" diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index f82077a21..b7d4e9bca 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -164,6 +164,8 @@ myKeys conf = Map.fromList $ , ((0, xF86XK_AudioLowerVolume), audioLowerVolume) , ((0, xF86XK_AudioRaiseVolume), audioRaiseVolume) , ((0, xF86XK_AudioMute), audioMute) + + , ((_4, xK_Prior), forkFile Paths.xcalib ["-invert", "-alter"] Nothing) ] where _4 = mod4Mask From a3e47e6788b568cf04d5103ad8a918ed902df9ce Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 16:03:36 +0100 Subject: [PATCH 199/209] tv: rename vim-tv to vim-syntax-nix-nested --- tv/2configs/vim.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index a5641f094..c6364c223 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -129,7 +129,7 @@ let { command! -n=0 -bar ShowSyntax :call ShowSyntax() ''; }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { + ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" { "/syntax/haskell.vim".text = /* vim */ '' syn region String start=+\[[[:alnum:]]*|+ end=+|]+ From e847d935ade4b36aecf8588faffb3dd61e3ebdfe Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 15:48:01 +0100 Subject: [PATCH 200/209] tv vim-syntax-nix-nested: simplify regexes --- tv/2configs/vim.nix | 46 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 8 deletions(-) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index c6364c223..009280815 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -239,26 +239,56 @@ let { " This is required because containedin isn't transitive. syn cluster nix_has_dollar_curly \ add=@nix_${lang}_syntax - '') { + '') (let + + capitalize = s: let + xs = stringToCharacters s; + in + toUpper (head xs) + concatStrings (tail xs); + + alts = xs: ''\(${concatStringsSep ''\|'' xs}\)''; + def = k: ''${k}[ \t\r\n]*=''; + writer = k: ''write${k}[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''; + + in { c = {}; cabal = {}; diff = {}; haskell = {}; - jq.extraStart = concatStringsSep ''\|'' [ - ''writeJq.*'' + jq.extraStart = alts [ + (writer "Jq") ''write[^ \t\r\n]*[ \t\r\n]*"[^"]*\.jq"'' ]; lua = {}; - sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - sh.extraStart = concatStringsSep ''\|'' [ - ''write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'' - ''[a-z]*Phase[ \t\r\n]*='' + sed.extraStart = writer "Sed"; + sh.extraStart = let + phases = [ + "unpack" + "patch" + "configure" + "build" + "check" + "install" + "fixup" + "installCheck" + "dist" + ]; + shells = [ + "ash" + "bash" + "dash" + ]; + in alts [ + (def "shellHook") + (def "${alts phases}Phase") + (def "${alts ["pre" "post"]}${alts (map capitalize phases)}") + (writer (alts (map capitalize shells))) ]; yaml = {}; vim.extraStart = ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; xdefaults = {}; - })} + }))} " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. syn clear shVarAssign From c544596952c7ed42479616cea6904b061085e2f0 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 16:07:53 +0100 Subject: [PATCH 201/209] tv vim-syntax-nix-nested: add js, and py --- tv/2configs/vim.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 009280815..3794628c1 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -259,7 +259,9 @@ let { (writer "Jq") ''write[^ \t\r\n]*[ \t\r\n]*"[^"]*\.jq"'' ]; + javascript.extraStart = ''/\* js \*/''; lua = {}; + python.extraStart = ''/\* py \*/''; sed.extraStart = writer "Sed"; sh.extraStart = let phases = [ From 145723a8e4d8cb51386cec51b871e3056fb62372 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 19:25:56 +0100 Subject: [PATCH 202/209] tv pulse: use genid_uint31 Refs https://github.com/systemd/systemd/issues/11026 --- tv/2configs/pulse.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index c051b4261..2e679bd14 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -95,7 +95,7 @@ in users = { groups.pulse.gid = config.users.users.pulse.uid; users.pulse = { - uid = genid "pulse"; + uid = genid_uint31 "pulse"; group = "pulse"; extraGroups = [ "audio" ]; home = "${runDir}/home"; From eb32d03802a780eda448658e2157028d3b177430 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 20:16:16 +0100 Subject: [PATCH 203/209] github-hosts-sync service: use genid_uint31 Refs https://github.com/systemd/systemd/issues/11026 --- krebs/3modules/github-hosts-sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index e6db3aa42..3b626dc46 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -57,7 +57,7 @@ let user = rec { name = "github-hosts-sync"; - uid = genid name; + uid = genid_uint31 name; }; # TODO move to lib? From 24b07c32840949dbd02a8282d0b5d9cbe1c01bf5 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Dec 2018 20:19:19 +0100 Subject: [PATCH 204/209] urlwatch service: use genid_uint31 Refs https://github.com/systemd/systemd/issues/11026 --- krebs/3modules/urlwatch.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 463fa26ba..0cec1a2d3 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -183,7 +183,7 @@ let user = rec { name = "urlwatch"; - uid = genid name; + uid = genid_uint31 name; }; subtypes.job = types.submodule { From 2dc617874e001c25c1caceccd14ef7c1f74f73bc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 21:27:29 +0100 Subject: [PATCH 205/209] l: RIP fritz (uses helsinki) --- lass/2configs/websites/fritz.nix | 70 -------------------------------- 1 file changed, 70 deletions(-) delete mode 100644 lass/2configs/websites/fritz.nix diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix deleted file mode 100644 index 14d6ce9ec..000000000 --- a/lass/2configs/websites/fritz.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - inherit (import ) - genid - head - ; - inherit (import {inherit lib pkgs;}) - servePage - serveWordpress - ; - - msmtprc = pkgs.writeText "msmtprc" '' - account default - host localhost - ''; - - sendmail = pkgs.writeDash "msmtp" '' - exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" - ''; - -in { - - services.nginx.enable = true; - - imports = [ - ./default.nix - ./sqlBackup.nix - - (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) - - (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ]) - - (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) - - (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) - - (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) - - (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - - (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) - ]; - - lass.mysqlBackup.config.all.databases = [ - "eastuttgart_de" - "radical_dreamers_de" - "spielwaren_kern_de" - "ttf_kleinaspach_de" - ]; - - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - - users.users.goldbarrendiebstahl = { - home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de"; - uid = genid "goldbarrendiebstahl"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - }; - - services.phpfpm.phpOptions = '' - sendmail_path = ${sendmail} -t - ''; -} From 0d7433f8eaafc50ee5ec93aed371d9c5a196235e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 05:01:22 +0100 Subject: [PATCH 206/209] l: remove more fritz --- krebs/3modules/lass/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 09c8ba675..12345a20a 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -778,9 +778,6 @@ with import ; mail = "lass@daedalus.r"; pubkey = builtins.readFile ./ssh/daedalus.rsa; }; - fritz = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; - }; prism-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; mail = "lass@prism.r"; From e99f63f99801dcc1f44fff02e9c327fcd8486778 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 05:01:40 +0100 Subject: [PATCH 207/209] l shodan.r: also blue host --- lass/1systems/shodan/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 8405b0f1f..87a733d62 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -16,6 +16,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; From c84b3c35f9f248fcf3081fa7eb0cee706fd8ebeb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 05:02:12 +0100 Subject: [PATCH 208/209] l blue-host: sync all permissions --- lass/2configs/blue-host.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index fba996743..9cf294afd 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -81,6 +81,7 @@ in { host = "${host}.r", targetdir = "/var/lib/containers/.blue", rsync = { + archive = true, owner = true, group = true, }; From 82988de84c177c247ebbe80940c4d50b9f073b4e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 07:45:20 +0100 Subject: [PATCH 209/209] lib: genid is genid_unit32 --- lib/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index 4cb0332ca..348d47e85 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -13,8 +13,9 @@ let ne = x: y: x != y; mod = x: y: x - y * (x / y); - genid = import ./genid.nix { inherit lib; }; - genid_uint31 = x: ((lib.genid x) + 16777216) / 2; + genid = lib.genid_uint32; # TODO remove + genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2; + genid_uint32 = import ./genid.nix { inherit lib; }; lpad = n: c: s: if lib.stringLength s < n