Merge branch 'master' of prism.r:stockholm into staging/jeschli

This commit is contained in:
jeschli 2018-02-18 10:48:18 +01:00
commit 52b846c98b
44 changed files with 686 additions and 369 deletions

View File

@ -14,7 +14,6 @@ with import <stockholm/lib>;
boot = {
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
kernelParams = [ "acpi_backlight=none" ];
};

View File

@ -624,6 +624,10 @@ with import <stockholm/lib>;
mail = "lass@xerxes.r";
pubkey = builtins.readFile ./ssh/xerxes.rsa;
};
lass-daedalus = {
mail = "lass@daedalus.r";
pubkey = builtins.readFile ./ssh/daedalus.rsa;
};
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};

View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgF3311cZ/JV7lOzo/Crmy6pi0oBYu5klbTb8lU/Yic55XVRyYFtm+KGrNvqkcFgOx803aS7jogJ1N6HCdUAaEl5MzlkOX++h97ihZ/NeQZKDjYEEQYl4ElmIbCRiddpDm0HVX1OGSCtUzhlyDHJ8ieMCb+QVNrpwovlQnp53c/+Z6rGSZWgBMrzP7stlw+XjC1Alhi1M5L+bJfroa7cEcF+J5ZN+J2mWSmkPiQ6+iuk9zRkc5ELO1Vz4MsLoeKwbJrz+uuNVsY7u070pHtsLwbAsYU5vOWJeN/vtEwy51SY/so30FowvivTD9jIJ0xcmAdC56XjWaxttKuqUVBjJqhwqsUI6+AxLESekFXzkfghmG+AJPPkb2pvpVF3k0Ivn14bFBuFv0T2qPHq68Fs19WLTZn+dK3V+RfVkI6bEZaMOUezyBv59yFEY42wMISPw53jkaWqKIxyGCBECi3XlbeQ61FkwE9TElSY+NmoeMu6jPWw7XGDY4Jt6mtKiYu3hVqI5pg4hq3bxB8r2W7LnkDiYfArbzwmrc2zAmgJtY60/Pcwq7hP3LSDEuDDc4gYgpkLNwHjs+CLWqpbQffCFv+oOZj8G92if+dMBOUSBCr6FDqH6wLxZp2cfhud0p/0kLz09nv/PcRohOHdaQSEW7OAhJ5kgg3DuxhwUwOf/3UX5iLvm4WwE/mb7Iki4U3AENKHUWQ7TOrXcQq9AJX57e9CTI+N4phtzp9qur8vjVl2OpYl2Qb/0yQSGM+4wQ/nM4acePMk80oXLb3OJBlPp0CswzoI7kFBD0TUOnFTCkrJWPaZhgjQXyvCzgFKAvXgqWy4riczqLhdBAhc1vT3a18HsqKXE3mhJa6Kjl6r/ZQaDl2zw7uLmWTHhGuUI9w487L36extGuC3Tv8zEvu2UHqhdEcaSDzRQYcv1kRobfhTWjzFHzdA97Kkc+HuFfJk3MzchsjCxqIuDP4r5YauMBMHAIsUlP7Ar/t29WreAGJbCCd2oulkFL+P+8Sp6SksMMhKQvuRcj74n6BETfailv64z2FjT+qzkCsr/gzvWD08EJRZUCpidX2WfMoL396nBf+EgwhFykqoFg2jlJJ7Vggod8CSHUSeBkslhNk/tkv4y+NnsAIgNluVZlxIeKj1UgazohSNQVRHozs2lkuK0Ytl4TsFrE0X3ar7LpwEVvCLj3eh2kg4kNKNN/vOwWxvMlF9uCBq5FUHaBCst/OXeigjfGZ0ZK5iHsZN+R/iIlG+3V3VN1Rm29aPJPSuAgwl/lfPUfUP5c8QiwnDgdHqMi7VcuCpEtcTLjqDHBssqosRTLodcIZY6qLepm5kQgJ2FfcTPi+ZwT3Z/IFH6p/H7NeVbb8rVYeF/zqDJiWbI+gDy0xFnGgOLpFSBdHq679FjtjZk7Exgz3rVD+QsoSB8VYVOSqpHB1LQyQ2qBry+33CNpxlX5GaaLx5sbEKEguaJ+9R7Mbf8zQMa8EAXhqoT96kIj66IEk= lass@daedalus

View File

@ -1038,6 +1038,10 @@ with import <stockholm/lib>;
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
};
makefu-remote-builder = {
inherit (makefu) mail pgp;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild";
};
makefu-bob = {
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";

View File

@ -25,6 +25,7 @@ stdenv.mkDerivation {
cat > $out/bin/ftb << EOF
#!${stdenv.shell}
export _JAVA_AWT_WM_NONREPARENTING=1
export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]}
${if useAlsa then "${alsaOss}/bin/aoss" else "" } \
${jre}/bin/java -jar $out/ftb.jar

View File

@ -18,7 +18,7 @@ in
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "b34a5f6d874e3c3f3f7812371b858b79ddb5be35"; # nixos-17.09 @ 2018-02-09
ref = "c831224528cd6bfd49bfc2c18b9c5d9015651077"; # nixos-17.09 @ 2018-02-15
};
}
override

View File

@ -16,6 +16,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
@ -149,11 +150,13 @@ with import <stockholm/lib>;
lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ];
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
services.printing.drivers = [ pkgs.postscript-lexmark ];
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
virtualisation.docker.enable = true;
}

View File

@ -31,6 +31,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/c-base.nix>
<stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/ableton.nix>
<stockholm/lass/2configs/dunst.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@ -89,6 +91,10 @@ with import <stockholm/lib>;
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home/virtual" = {
device = "/dev/mapper/pool-virtual";
fsType = "ext4";
};
};
services.udev.extraRules = ''
@ -194,5 +200,6 @@ with import <stockholm/lib>;
nix.package = pkgs.nixUnstable;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ];
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
}

View File

@ -297,6 +297,7 @@ in {
user = with config.krebs.users; [
jeschli
jeschli-bln
jeschli-bolide
jeschli-brauerei
];
repo = [ config.krebs.git.repos.stockholm ];
@ -313,6 +314,18 @@ in {
}
<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
{
services.taskserver = {
enable = true;
fqdn = "lassul.us";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "lass" "android" ];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
];
}
];
krebs.build.host = config.krebs.hosts.prism;

View File

@ -41,6 +41,7 @@ in {
lass-shodan.pubkey
lass-icarus.pubkey
lass-android.pubkey
lass-helios.pubkey
];
};

View File

@ -121,7 +121,7 @@ in {
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
${pkgs.coreutils}/bin/sleep infinity
exec ${pkgs.coreutils}/bin/sleep infinity
'';
}];
};

View File

@ -17,6 +17,7 @@ in {
config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey
config.krebs.users.jeschli-bln.pubkey
config.krebs.users.jeschli-brauerei.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB"
];
@ -44,6 +45,11 @@ in {
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT";}
{ predicate = "-p tcp --dport 9000"; target = "ACCEPT";}
];
krebs.per-user.dev.packages = [
pkgs.go
];
@ -51,4 +57,6 @@ in {
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';
services.minio.enable = true;
}

View File

@ -16,6 +16,8 @@ with import <stockholm/lib>;
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
lass-daedalus.pubkey
lass-helios.pubkey
makefu.pubkey
wine-mors.pubkey
];

277
lass/2configs/dunst.nix Normal file
View File

@ -0,0 +1,277 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
dunstConfig = pkgs.writeText "dunst-config" ''
[global]
font = Iosevka Term 11
# Allow a small subset of html markup:
# <b>bold</b>
# <i>italic</i>
# <s>strikethrough</s>
# <u>underline</u>
#
# For a complete reference see
# <http://developer.gnome.org/pango/stable/PangoMarkupFormat.html>.
# If markup is not allowed, those tags will be stripped out of the
# message.
markup = yes
plain_text = no
# The format of the message. Possible variables are:
# %a appname
# %s summary
# %b body
# %i iconname (including its path)
# %I iconname (without its path)
# %p progress value if set ([ 0%] to [100%]) or nothing
# Markup is allowed
format = "%a\n<b>%s</b>\n%b"
# Sort messages by urgency.
sort = yes
# Show how many messages are currently hidden (because of geometry).
indicate_hidden = yes
# Alignment of message text.
# Possible values are "left", "center" and "right".
alignment = center
# The frequency with wich text that is longer than the notification
# window allows bounces back and forth.
# This option conflicts with "word_wrap".
# Set to 0 to disable.
bounce_freq = 0
# Show age of message if message is older than show_age_threshold
# seconds.
# Set to -1 to disable.
show_age_threshold = 1
# Split notifications into multiple lines if they don't fit into
# geometry.
word_wrap = yes
# Ignore newlines '\n' in notifications.
ignore_newline = no
# Hide duplicate's count and stack them
stack_duplicates = yes
hide_duplicates_count = no
# The geometry of the window:
# [{width}]x{height}[+/-{x}+/-{y}]
# The geometry of the message window.
# The height is measured in number of notifications everything else
# in pixels. If the width is omitted but the height is given
# ("-geometry x2"), the message window expands over the whole screen
# (dmenu-like). If width is 0, the window expands to the longest
# message displayed. A positive x is measured from the left, a
# negative from the right side of the screen. Y is measured from
# the top and down respectevly.
# The width can be negative. In this case the actual width is the
# screen width minus the width defined in within the geometry option.
geometry = "500x10-0+0"
# Shrink window if it's smaller than the width. Will be ignored if
# width is 0.
shrink = no
# The transparency of the window. Range: [0; 100].
# This option will only work if a compositing windowmanager is
# present (e.g. xcompmgr, compiz, etc.).
# transparency = 5
# Don't remove messages, if the user is idle (no mouse or keyboard input)
# for longer than idle_threshold seconds.
# Set to 0 to disable.
idle_threshold = 0
# Which monitor should the notifications be displayed on.
monitor = keyboard
# Display notification on focused monitor. Possible modes are:
# mouse: follow mouse pointer
# keyboard: follow window with keyboard focus
# none: don't follow anything
#
# "keyboard" needs a windowmanager that exports the
# _NET_ACTIVE_WINDOW property.
# This should be the case for almost all modern windowmanagers.
#
# If this option is set to mouse or keyboard, the monitor option
# will be ignored.
follow = none
# Should a notification popped up from history be sticky or timeout
# as if it would normally do.
sticky_history = yes
# Maximum amount of notifications kept in history
history_length = 15
# Display indicators for URLs (U) and actions (A).
show_indicators = no
# The height of a single line. If the height is smaller than the
# font height, it will get raised to the font height.
# This adds empty space above and under the text.
line_height = 3
# Draw a line of "separatpr_height" pixel height between two
# notifications.
# Set to 0 to disable.
separator_height = 1
# Padding between text and separator.
padding = 1
# Horizontal padding.
horizontal_padding = 1
# Define a color for the separator.
# possible values are:
# * auto: dunst tries to find a color fitting to the background;
# * foreground: use the same color as the foreground;
# * frame: use the same color as the frame;
# * anything else will be interpreted as a X color.
separator_color = frame
# Print a notification on startup.
# This is mainly for error detection, since dbus (re-)starts dunst
# automatically after a crash.
startup_notification = true
# dmenu path.
dmenu = ${pkgs.dmenu}/bin/dmenu -p dunst:
# Browser for opening urls in context menu.
browser = /usr/bin/firefox -new-tab
# Align icons left/right/off
icon_position = off
max_icon_size = 80
# Paths to default icons.
icon_folders = /usr/share/icons/Paper/16x16/mimetypes/:/usr/share/icons/Paper/48x48/status/:/usr/share/icons/Paper/16x16/devices/:/usr/share/icons/Paper/48x48/notifications/:/usr/share/icons/Paper/48x48/emblems/
frame_width = 2
frame_color = "#8EC07C"
[shortcuts]
# Shortcuts are specified as [modifier+][modifier+]...key
# Available modifiers are "ctrl", "mod1" (the alt-key), "mod2",
# "mod3" and "mod4" (windows-key).
# Xev might be helpful to find names for keys.
# Close notification.
close = ctrl+space
# Close all notifications.
close_all = ctrl+shift+space
# Redisplay last message(s).
# On the US keyboard layout "grave" is normally above TAB and left
# of "1".
history = ctrl+grave
# Context menu.
context = mod4+u
[urgency_low]
# IMPORTANT: colors have to be defined in quotation marks.
# Otherwise the "#" and following would be interpreted as a comment.
frame_color = "#3B7C87"
foreground = "#3B7C87"
background = "#191311"
#background = "#2B313C"
timeout = 0
[urgency_normal]
frame_color = "#5B8234"
foreground = "#5B8234"
background = "#191311"
#background = "#2B313C"
timeout = 0
[urgency_critical]
frame_color = "#B7472A"
foreground = "#B7472A"
background = "#191311"
#background = "#2B313C"
timeout = 0
# Every section that isn't one of the above is interpreted as a rules to
# override settings for certain messages.
# Messages can be matched by "appname", "summary", "body", "icon", "category",
# "msg_urgency" and you can override the "timeout", "urgency", "foreground",
# "background", "new_icon" and "format".
# Shell-like globbing will get expanded.
#
# SCRIPTING
# You can specify a script that gets run when the rule matches by
# setting the "script" option.
# The script will be called as follows:
# script appname summary body icon urgency
# where urgency can be "LOW", "NORMAL" or "CRITICAL".
#
# NOTE: if you don't want a notification to be displayed, set the format
# to "".
# NOTE: It might be helpful to run dunst -print in a terminal in order
# to find fitting options for rules.
#[espeak]
# summary = "*"
# script = dunst_espeak.sh
#[script-test]
# summary = "*script*"
# script = dunst_test.sh
#[ignore]
# # This notification will not be displayed
# summary = "foobar"
# format = ""
#[signed_on]
# appname = Pidgin
# summary = "*signed on*"
# urgency = low
#
#[signed_off]
# appname = Pidgin
# summary = *signed off*
# urgency = low
#
#[says]
# appname = Pidgin
# summary = *says*
# urgency = critical
#
#[twitter]
# appname = Pidgin
# summary = *twitter.com*
# urgency = normal
#
# vim: ft=cfg
'';
in {
systemd.user.services.dunst = {
wantedBy = [ "graphical-session.target" ];
requires = [ "xmonad.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
serviceConfig = {
SyslogIdentifier = "dunst";
ExecStart = "${pkgs.dunst}/bin/dunst -conf ${dunstConfig}";
Restart = "always";
RestartSec = "15s";
StartLimitBurst = 0;
};
};
}

View File

@ -59,6 +59,17 @@ with import <stockholm/lib>;
{ from = "coinexchange@lassul.us"; to = lass.mail; }
{ from = "verwaltung@lassul.us"; to = lass.mail; }
{ from = "gearbest@lassul.us"; to = lass.mail; }
{ from = "binance@lassul.us"; to = lass.mail; }
{ from = "bitfinex@lassul.us"; to = lass.mail; }
{ from = "alternate@lassul.us"; to = lass.mail; }
{ from = "redacted@lassul.us"; to = lass.mail; }
{ from = "mytaxi@lassul.us"; to = lass.mail; }
{ from = "pizza@lassul.us"; to = lass.mail; }
{ from = "robinhood@lassul.us"; to = lass.mail; }
{ from = "drivenow@lassul.us"; to = lass.mail; }
{ from = "aws@lassul.us"; to = lass.mail; }
{ from = "reddit@lassul.us"; to = lass.mail; }
{ from = "banggood@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

View File

@ -10,9 +10,13 @@ let
echelon = "197";
cloudkrebs = "119";
};
urgent = [
"\\blass@mors\\b"
];
in {
environment.systemPackages = [
(pkgs.writeDashBin "logf" ''
export LOGF_URGENT=${pkgs.writeJSON "urgent" urgent}
export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors}
${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)}
'')

View File

@ -21,11 +21,11 @@ let
'';
mailboxes = {
wireguard = [ "wireguard@lists.zx2c4" ];
c-base = [ "c-base.org" ];
security = [ "seclists.org" "security" "bugtraq" ];
nix-devel = [ "nix-devel@googlegroups.com" ];
shack = [ "shackspace.de" ];
wireguard = [ "to:wireguard@lists.zx2c4" ];
c-base = [ "to:c-base.org" ];
security = [ "to:seclists.org" "to:security" "to:bugtraq" ];
nix-devel = [ "to:nix-devel@googlegroups.com" ];
shack = [ "to:shackspace.de" ];
};
muttrc = pkgs.writeText "muttrc" ''
@ -80,16 +80,16 @@ let
# V
''} %r |"
virtual-mailboxes \
"Unread" "notmuch://?query=tag:unread"\
"INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\
${concatMapStringsSep "\n" (i: ''${" "}"${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)}
"BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\
"TODO" "notmuch://?query=tag:TODO"\
"Starred" "notmuch://?query=tag:*"\
"Archive" "notmuch://?query=tag:archive"\
"Sent" "notmuch://?query=tag:sent"\
"Junk" "notmuch://?query=tag:junk"
virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT ${f}") (flatten (attrValues mailboxes))}"
virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "${f}") i.value}"'') (mapAttrsToList nameValuePair mailboxes)}
virtual-mailboxes "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT ${f}") (flatten (attrValues mailboxes))}"
virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
virtual-mailboxes "Starred" "notmuch://?query=tag:*"
virtual-mailboxes "Archive" "notmuch://?query=tag:archive"
virtual-mailboxes "Sent" "notmuch://?query=tag:sent"
virtual-mailboxes "Junk" "notmuch://?query=tag:junk"
virtual-mailboxes "All" "notmuch://?query=*"
tag-transforms "junk" "k" \
"unread" "u" \

View File

@ -0,0 +1,6 @@
{
boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ];
services.udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="adm", MODE="0666", SYMLINK+="rtl_sdr"
'';
}

View File

@ -19,23 +19,8 @@ in {
pkgs.wine
];
};
wine64 = {
name = "wine64";
description = "user for running wine in 64bit";
home = "/home/wine64";
useDefaultShell = true;
extraGroups = [
"audio"
"video"
];
createHome = true;
packages = [
(pkgs.wine.override { wineBuild = "wineWow"; })
];
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(wine) NOPASSWD: ALL
${mainUser.name} ALL=(wine64) NOPASSWD: ALL
'';
}

View File

@ -50,16 +50,15 @@
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
#beautiful colors
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
rev = "master";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
}}/LS_COLORS)
#beautiful colors
alias ls='ls --color'
# zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
bindkey "[7~" beginning-of-line
@ -109,7 +108,7 @@
fi
#check if in nix shell
if test -n "$buildInputs"; then
if test -n "$IN_NIX_SHELL"; then
p_nixshell='%F{green}[s]%f '
t_nixshell='[s] '
else

View File

@ -33,6 +33,11 @@ let
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${xcfg.displayManager.sessionCommands}
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
fi
export DBUS_SESSION_BUS_ADDRESS
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
wait
'';
@ -74,6 +79,7 @@ let
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
];
User = user.name;
};
};
krebs.xresources.resources.dpi = ''

View File

@ -23,6 +23,7 @@ import XMonad
import qualified XMonad.StackSet as W
import Control.Monad.Extra (whenJustM)
import Data.List (isInfixOf)
import Data.Monoid (Endo)
import System.Environment (getArgs, lookupEnv)
import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1)
@ -36,7 +37,7 @@ import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
import XMonad.Layout.NoBorders (smartBorders)
@ -44,9 +45,20 @@ import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Util.NamedWindows (getName)
import XMonad.Util.Run (safeSpawn)
import XMonad.Stockholm.Shutdown
data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
instance UrgencyHook LibNotifyUrgencyHook where
urgencyHook LibNotifyUrgencyHook w = do
name <- getName w
Just idx <- fmap (W.findTag w) $ gets windowset
safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx]
myTerm :: FilePath
myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc"
@ -61,7 +73,7 @@ main = getArgs >>= \case
main' :: IO ()
main' = do
xmonad $ ewmh
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ withUrgencyHook LibNotifyUrgencyHook
$ def
{ terminal = myTerm
, modMask = mod4Mask
@ -80,11 +92,12 @@ myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeAll . concat $
[ [ title =? t --> doFloat | t <- myTitleFloats]
, [ className =? c --> doFloat | c <- myClassFloats ] ]
where
myTitleFloats = [] -- for the KDE "open link" popup from konsole
myTitleFloats = []
myClassFloats = ["Pinentry"] -- for gpg passphrase entry

View File

@ -148,6 +148,11 @@ in {
allowedIPs = [ "10.244.0.5/32" ];
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
}
{
# workr
allowedIPs = [ "10.244.0.6/32" ];
publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
}
];
};
}

View File

@ -19,22 +19,24 @@ let
# __FRONT_
# |* d0 |
# | |
# |* d3 |
# |* d1 |
# | |
# |* d3 |
# | |
# |* |
# |* d2 |
# | * r0 |
# | * |
# | * |
# |_______|
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
# all physical disks
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ];
dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
allDisks = [ rootDisk ] ++ dataDisks;
in {
imports =
@ -68,6 +70,8 @@ in {
<stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
# security
@ -116,7 +120,6 @@ in {
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
virtualisation.docker.enable = true;
makefu.ps3netsrv = {
enable = true;
servedir = "/media/cryptX/emu/ps3";
@ -126,6 +129,7 @@ in {
makefu.snapraid = {
enable = true;
# TODO: 3 is not protected
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
@ -138,7 +142,7 @@ in {
'';
environment.systemPackages = with pkgs;[
mergerfs # hard requirement for mount
wol # wake up filepimp
wol # wake up filepimp
f3
];
fileSystems = let
@ -150,6 +154,7 @@ in {
in cryptMount "crypt0"
// cryptMount "crypt1"
// cryptMount "crypt2"
// cryptMount "crypt3"
// { "/media/cryptX" = {
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]);
fsType = "mergerfs";
@ -178,6 +183,7 @@ in {
(usbkey "crypt0" cryptDisk0)
(usbkey "crypt1" cryptDisk1)
(usbkey "crypt2" cryptDisk2)
(usbkey "crypt3" cryptDisk3)
];
};
loader.grub.device = lib.mkForce rootDisk;

View File

@ -5,32 +5,35 @@
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
# <stockholm/makefu/2configs/hw/vbox-guest.nix>
{ # until virtualbox-image is fixed
imports = [
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
];
boot.loader.grub.device = "/dev/sda";
}
<stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix>
# environment
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
];
# workaround for https://github.com/NixOS/nixpkgs/issues/16641
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
nixpkgs.config.allowUnfree = true;
# allow sdev to deploy self
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
# corefonts
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[
ppp xclip
get
passwdqc-utils
docker
gnupg
populate
(pkgs.writeScriptBin "tor-browser" ''
@ -39,18 +42,11 @@
'')
];
virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [
25
80
8010
];
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = [ "rw" "uid=9001" "gid=9001" ];
};
}

View File

@ -8,30 +8,9 @@
{
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
boot.loader.grub.device = "/dev/sda";
virtualisation.virtualbox.guest.enable = true;
}
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
# ];
# virtualbox.baseImageSize = 35 * 1024;
# fileSystems."/media/share" = {
# fsType = "vboxsf";
# device = "share";
# options = [ "rw" "uid=9001" "gid=9001" ];
# };
# }
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
# ];
# fileSystems."/nix" = {
# device ="/dev/disk/by-label/nixstore";
# fsType = "ext4";
# };
# }
# <stockholm/makefu/2configs/hw/vbox-guest.nix>
# <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
# base gui
# <stockholm/makefu/2configs/main-laptop.nix>
@ -75,14 +54,8 @@
];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
nixpkgs.config.allowUnfree = true;
# allow vbob to deploy self
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
environment.shellAliases = {
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
@ -94,16 +67,18 @@
ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
'';
# for forticlient
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[
fortclientsslvpn ppp xclip
get
logstash
# docker
#devpi-web
#devpi-client
ansible
];
# virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [
@ -111,6 +86,6 @@
80
8010
];
# required for qemu
systemd.services."serial-getty@ttyS0".enable = true;
}

View File

@ -18,7 +18,7 @@ in {
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
# <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/stats/client.nix>
@ -31,6 +31,63 @@ in {
# Services
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/share/wbob.nix>
(let
musicDirectory = "/data/music";
in {
services.mpd = {
enable = true;
inherit musicDirectory;
# dataDir = "/home/anders/.mpd";
network.listenAddress = "any";
extraConfig = ''
audio_output {
type "pulse"
name "Local MPD"
server "127.0.0.1"
}
'';
};
# open because of truestedInterfaces
# networking.firewall.allowedTCPPorts = [ 6600 4713 ];
services.samba.shares.music = {
path = musicDirectory;
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
sound.enable = true;
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
tcp = {
enable = true;
anonymousClients.allowAll = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ];
};
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
load-module module-intended-roles
load-module module-position-event-sounds
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
load-module module-switch-on-connect
'';
};
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
})
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
@ -147,7 +204,10 @@ in {
boot.loader.grub.device = rootdisk;
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.kernelModules = [ "kvm-intel"
"snd-seq" "snd-rawmidi"
];
fileSystems = {
"/" = {
device = rootdisk + "-part1";
@ -174,66 +234,4 @@ in {
serverAddress = "x.r";
};
};
security.wrappers.fping = {
source = "${pkgs.fping}/bin/fping";
setuid = true;
};
services.smokeping = {
enable = true;
targetConfig = ''
probe = FPing
menu = Top
title = Network Latency Grapher
remark = Welcome to this SmokePing website.
+ network
menu = Net latency
title = Network latency (ICMP pings)
++ google
probe = FPing
host = google.de
++ webde
probe = FPing
host = web.de
+ services
menu = Service latency
title = Service latency (DNS, HTTP)
++ HTTP
menu = HTTP latency
title = Service latency (HTTP)
+++ webdeping
probe = EchoPingHttp
host = web.de
+++ googwebping
probe = EchoPingHttp
host = google.de
#+++ webwww
#probe = Curl
#host = web.de
#+++ googwebwww
#probe = Curl
#host = google.de
'';
probeConfig = ''
+ FPing
binary = /run/wrappers/bin/fping
+ EchoPingHttp
pings = 5
url = /
#+ Curl
## probe-specific variables
#binary = ${pkgs.curl}/bin/curl
#step = 60
## a default for this target-specific variable
#urlformat = http://%host%/
'';
};
}

View File

@ -40,7 +40,7 @@ with import <stockholm/lib>;
# Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
# <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
{
networking.firewall.allowedTCPPorts = [ 8080 ];
networking.nat = {
@ -59,8 +59,9 @@ with import <stockholm/lib>;
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/wwan.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix>
@ -77,18 +78,46 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/lanparty/samba.nix>
# <stockholm/makefu/2configs/lanparty/mumble-server.nix>
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
{
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.0.2/24" ];
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
peers = [
{
# gum
endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820";
allowedIPs = [ "10.244.0.0/24" ];
publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
}
#{
# # vbob
# allowedIPs = [ "10.244.0.3/32" ];
# publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
#}
];
};
}
{ # auto-mounting
services.udisks2.enable = true;
services.devmon.enable = true;
# services.gnome3.gvfs.enable = true;
users.users.makefu.packages = with pkgs;[
gvfs pcmanfm lxmenu-data
];
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
}
];
makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
makefu.umts.apn = "web.vodafone.de";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ pkgs.passwdqc-utils ];
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
@ -100,8 +129,15 @@ with import <stockholm/lib>;
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
networking.extraHosts = ''
192.168.1.11 omo.local
192.168.1.11 omo.local
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
nix.package = pkgs.nixUnstable;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
nixpkgs.overlays = [ (import <python/overlay.nix>) ];
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
}

View File

@ -0,0 +1,34 @@
{ config, lib, pkgs, buildPythonPackage, ... }:
with import <stockholm/lib>;
let
pkg = pkgs.ampel;
home = "/var/lib/ampel";
sec = "${toString <secrets>}/google-muell.json";
ampelsec = "${home}/google-muell.json";
esp = "192.168.1.23";
sleepval = "1800";
in {
users.users.ampel = {
uid = genid "ampel";
createHome = true;
isSystemUser = true;
inherit home;
};
systemd.services.google-muell-ampel = {
description = "Send led change to rgb cubes";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "ampel";
ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
cp ${sec} ${ampelsec}
chown ampel ${ampelsec}
'';
ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
PermissionsStartOnly = true;
Restart = "always";
RestartSec = 10;
PrivateTmp = true;
};
};
}

View File

@ -2,25 +2,7 @@
let
mq = "192.168.8.11";
pkg = pkgs.python3Packages.buildPythonPackage {
name = "ampel-master";
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "531741b";
sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
};
propagatedBuildInputs = with pkgs.python3Packages; [
docopt
paho-mqtt
requests
pytz
influxdb
httplib2
google_api_python_client
];
};
pkg = pkgs.ampel;
in {
systemd.services.led-fader = {
description = "Send led change to message queue";

View File

@ -48,13 +48,14 @@ in
fonts = [ pkgs.terminus_font ];
};
environment.systemPackages = with pkgs;[
pavucontrol
xlockmore
rxvt_unicode-with-plugins
firefox
];
users.extraUsers.${mainUser}.extraGroups = [ "audio" ];
users.users.${mainUser} = {
extraGroups = [ "audio" ];
packages = with pkgs;[
pavucontrol
xlockmore
rxvt_unicode-with-plugins
];
};
hardware.pulseaudio = {
enable = true;

View File

@ -1,11 +1,13 @@
{ lib, ... }:
{ pkgs, lib, ... }:
{
imports = [
./base.nix
];
users.users.makefu.packages = [ pkgs.chromium ];
services.xserver = {
layout = lib.mkForce "de";
xkbVariant = lib.mkForce "";
windowManager = lib.mkForce {
awesome.enable = false;
@ -16,7 +18,7 @@
# xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms
displayManager.sessionCommands = ''
xset s off -dpms
xset -display :0 s off -dpms
xrandr --output HDMI2 --right-of HDMI1
'';
};

View File

@ -0,0 +1,37 @@
{ pkgs, lib, ... }:
{
users.users.makefu = {
extraGroups = [ "networkmanager" ];
packages = with pkgs;[
networkmanagerapplet
gnome3.gnome_keyring gnome3.dconf
];
};
networking.wireless.enable = lib.mkForce false;
systemd.services.modemmanager = {
description = "ModemManager";
after = [ "network-manager.service" ];
bindsTo = [ "network-manager.service" ];
wantedBy = [ "network-manager.service" ];
serviceConfig = {
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
PrivateTmp = true;
Restart = "always";
RestartSec = "5";
};
};
networking.networkmanager.enable = true;
# TODO: put somewhere else
services.xserver.displayManager.sessionCommands = ''
${pkgs.clipit}/bin/clipit &
${pkgs.networkmanagerapplet}/bin/nm-applet &
'';
# nixOSUnstable
# networking.networkmanager.wifi = {
# powersave = true;
# scanRandMacAddress = true;
# };
}

View File

@ -0,0 +1,16 @@
{ lib, ...}:
{
## Guest Extensions are currently broken
imports = [
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
];
virtualisation.virtualbox.guest.enable = true;
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
};
# virtualbox.baseImageSize = 35 * 1024;
}

View File

@ -1,8 +0,0 @@
_:
{
makefu.umts = {
enable = true;
modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
};
}

View File

@ -5,5 +5,5 @@
mosh
];
# boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}

View File

@ -9,8 +9,8 @@
# owncloudclient
(pkgs.writeScriptBin "prepare-pulseaudio" ''
pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming"
pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1
pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1
pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream
pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream
darkice -c ~/lol.conf
'')
];

View File

@ -14,8 +14,6 @@ _:
./snapraid.nix
./torrent.nix
./udpt.nix
./umts.nix
./wvdial.nix
];
}

View File

@ -1,84 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs-channels";
rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
}) {};
wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
# TODO: currently it is only netzclub
umts-bin = pkgs.writeScriptBin "umts" ''
#!/bin/sh
set -euf
systemctl start umts
trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
journalctl -xfu umts
'';
wvdial-defaults = ''
Phone = *99***1#
Dial Command = ATDT
Modem = ${cfg.modem-device}
Baud = 460800
Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
Modem Type = Analog Modem
Username = netzclub
Password = netzclub
Stupid Mode = 1
Idle Seconds = 0'';
cfg = config.makefu.umts;
out = {
options.makefu.umts = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "umts";
modem-device = mkOption {
default = "/dev/ttyUSB0";
type = types.str;
description = ''
path to modem device, use <filename>/dev/serial/by-id/...</filename>
to avoid race conditions.
'';
};
apn = mkOption {
default = "pinternet.interkom.de";
type = types.str;
description = ''
apn to use for dailing
'';
};
};
imp = {
environment.shellAliases = {
umts = "sudo ${umts-bin}/bin/umts";
};
environment.systemPackages = [ ];
environment.wvdial.dialerDefaults = wvdial-defaults;
systemd.services.umts = {
description = "UMTS wvdial Service";
serviceConfig = {
Type = "simple";
Restart = "always";
RestartSec = "10s";
ExecStart = "${wvdial}/bin/wvdial -n";
};
};
};
in out

View File

@ -1,71 +0,0 @@
# Global configuration for wvdial.
{ config, lib, pkgs, ... }:
with lib;
let
configFile = ''
[Dialer Defaults]
PPPD PATH = ${pkgs.ppp}/sbin/pppd
${config.environment.wvdial.dialerDefaults}
'';
cfg = config.environment.wvdial;
in
{
###### interface
options = {
environment.wvdial = {
dialerDefaults = mkOption {
default = "";
type = types.str;
example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
description = ''
Contents of the "Dialer Defaults" section of
<filename>/etc/wvdial.conf</filename>.
'';
};
pppDefaults = mkOption {
default = ''
noipdefault
usepeerdns
defaultroute
persist
noauth
'';
type = types.str;
description = "Default ppp settings for wvdial.";
};
};
};
###### implementation
config = mkIf (cfg.dialerDefaults != "") {
environment = {
etc =
[
{ source = pkgs.writeText "wvdial.conf" configFile;
target = "wvdial.conf";
}
{ source = pkgs.writeText "wvdial" cfg.pppDefaults;
target = "ppp/peers/wvdial";
}
];
};
};
}

View File

@ -0,0 +1,27 @@
{ lib, pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;buildPythonPackage rec {
name = "ampel-${version}";
version = "0.2";
propagatedBuildInputs = [
docopt
paho-mqtt
requests
pytz
influxdb
httplib2
google_api_python_client
];
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "d8a0250";
sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f";
};
meta = {
homepage = http://cgit.euer.krebsco.de/ampel;
description = "change colors of rgb cubes";
license = lib.licenses.asl20;
};
}

View File

@ -0,0 +1,27 @@
{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }:
stdenv.mkDerivation rec {
pname = "pfsshell";
version = "64f8c2";
name = "${pname}-${version}";
src = fetchFromGitHub {
owner = "makefu";
repo = "pfsshell";
rev = version;
sha256 = "01lbqf8s91p8id58xa16fp555i03vfycqvhv7qzpnrjy6yvp9dm8";
};
buildInputs = [ ];
makeFlags = [ ];
installPhase = ''
mkdir -p $out/bin
cp pfsshell $out/bin
'';
meta = {
homepage = https://github.com/uyjulian/pfsshell ;
description = "browse and transfer files to/from PFS filesystems";
};
}

View File

@ -13,7 +13,8 @@ let
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
ref = "0f19bee"; # nixos-17.09 @ 2018-01-05
# TODO: automate updating of this ref + cherry-picks
ref = "51810e0"; # nixos-17.09 @ 2018-02-14
# + do_sqlite3 ruby: 55a952be5b5
# + signal: 0f19beef3

View File

@ -128,11 +128,6 @@ let {
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
} ++
optional (repo.collaborators or [] != []) {
user = repo.collaborators;
repo = [ repo ];