Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2021-11-07 14:31:25 +01:00
commit 597f546e98
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
106 changed files with 815 additions and 842 deletions

View File

@ -1,13 +1,13 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
networking.firewall.allowedTCPPorts = [
6667 6669
];
systemd.services.solanum.serviceConfig.LimitNOFILE = 16384;
systemd.services.solanum.serviceConfig.LimitNOFILE = lib.mkForce 16384;
krebs.solanum = {
services.solanum = {
enable = true;
motd = ''
hello

View File

@ -50,7 +50,6 @@ let
./secret.nix
./setuid.nix
./shadow.nix
./solanum.nix
./sync-containers.nix
./tinc.nix
./tinc_graphs.nix

View File

@ -150,6 +150,7 @@ in {
"makanek.r"
"makanek.kmein.r"
"grafana.kmein.r"
"names.kmein.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -263,6 +264,7 @@ in {
"zaatar.r"
"zaatar.kmein.r"
"radio.kmein.r"
"bvg.kmein.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -585,7 +587,7 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.13.12";
aliases = [ "catalonia.r" "aleph.r" ];
aliases = [ "catalonia.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y

View File

@ -256,6 +256,10 @@ in {
okelmann = {
owner = config.krebs.users.mic92;
nets.retiolum = {
addrs = [
config.krebs.hosts.okelmann.nets.retiolum.ip4.addr
config.krebs.hosts.okelmann.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.190";
aliases = [
"okelmann.r"
@ -275,6 +279,10 @@ in {
aendernix = {
owner = config.krebs.users.mic92;
nets.retiolum = {
addrs = [
config.krebs.hosts.aendernix.nets.retiolum.ip4.addr
config.krebs.hosts.aendernix.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.172";
aliases = [
"aendernix.r"
@ -296,6 +304,30 @@ in {
'';
};
};
aenderpad = {
owner = config.krebs.users.mic92;
nets.retiolum = {
addrs = [
config.krebs.hosts.aenderpad.nets.retiolum.ip4.addr
config.krebs.hosts.aenderpad.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.201";
aliases = [
"aendernix.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvHSVUd6/5P2rK3s9iQhVrxkjufDIi0Kn04iVB4Z0TpUvnmFAP+Hv
d7umo95lNkAPL9c3byv4ooQjOskrp7GmgQRijLUvJSAZ9FBVWPAjMXs+gk9oJnQj
6bovXJ3DurmW3h1ZRmkWn256j7g8lEMtf5LGFxs9Bwi4wqZTbI6DzTQhmNm76Spb
2UMSzr9kDcNj5r6LDhDKEDtx4P1Opshgsf9AusV81N5nqDcvAYsvEqYoPvjKIPwF
5jtfHY7hM7SdYoVgdAY8RFH7xuRkLQW4LBxPKjP3pEQPCgXcuEELm33PGr+w/vhC
jxeyKP+uSeuBBMSatTWG3kU8W2LxVML65QIDAQAB
-----END RSA PUBLIC KEY-----
Ed25519PublicKey = jC2UzKiUtWUlZF2ET88qM+Ot+GpoWxFFfpi8TCCr0uM
'';
};
};
dimitra = {
owner = config.krebs.users.mic92;
nets.retiolum = {
@ -761,5 +793,81 @@ in {
};
};
};
ryan = {
owner = config.krebs.users.mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.ryan.nets.retiolum.ip4.addr
config.krebs.hosts.ryan.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.198";
aliases = [ "ryan.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0RE5jmBiEGmaYLVFmpCyVvlb6K3Zh2uxh7sVm44k31d9PEHHm4Wz
HQH+ueaefGVu19xLRJQGu4ZMl7oRbb5awiqKdSGgInhQaNzxUIHW4cCCdOVkgZSy
NjI9LMcc8tQtkoFGt6OhAzaViuGMo+aJAkLuXNf8hz5uR2flqQEeKfG5Kc7Z1DAQ
QNoBRtY0pltyK2y/Ip8cZ9cdxR5oLww67ykhY+eLy9tZLfKs6uWSq+2CV0cpNNQ9
Sh8fSbkjb4+JkxWAHDOyAnwFxnxstMcW0cscOW7nXYDi5IpvvesJlk698un7bLhm
vCkAd+WiNuTGfs9t0r6FDDVDREBhNk1sLwIDAQAB
-----END RSA PUBLIC KEY-----
Ed25519PublicKey = sOD149OLZ2yUEjRpwbGdwHULKF2qNY3F+9AsEi1G0ZM
'';
};
};
};
graham = {
owner = config.krebs.users.mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.graham.nets.retiolum.ip4.addr
config.krebs.hosts.graham.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.199";
aliases = [ "graham.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAtnM8VqFlEPLPYfKOZvN4kKklrVEyX4WewlqHO8vtxML9ND5BHCdn
UeRsThvbKVRqEvZLTAXKClZRYVr2IroHqfx0euTq3FYTUbNNQ4KgcFAfLKWoxGfK
HsQbYpS93/sUtmhRBGcgXPnEkE6yqvFBXxcmB1QqdmgYKdY2Gtikwrv/5hb4AlNe
/gyzKGtAKYogspLI6EpEwlD9CGDNIUPJ4uQ56gDhV/qtyMSE6X0igSSVZayDc+x1
InPkH90xsa0/uXjYDnXNdMguLArGkRzMhd6DzK4vEaPFIX59yMX+tEj46rGY7xAI
gUZUI2codqY5Z93W5GC+ws34y0bpfeMMWwIDAQAB
-----END RSA PUBLIC KEY-----
Ed25519PublicKey = xMJNMMXZRCbWkN9CzLFohkGUK54dPcrrosFD7xgIFXA
'';
};
};
};
maurice = {
owner = config.krebs.users.mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.maurice.nets.retiolum.ip4.addr
config.krebs.hosts.maurice.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.200";
aliases = [ "maurice.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAsLKBfPtZkjWGu6uitCV+4c5aQox2t4N8XNhY2mqE806XsYrqAC+y
d0oLOxRMUjfh9stDnEW/YRoLEKz9oZdRYd4eenP0Q3c3HdRFDBNCs27M5a8ysqZD
5w9+B+9OfUmMv61NyKiaR6WtoGbE849cj1UNk1z04elshfU7h829D8QnD4j1A1gf
bOaNG+RzOP6qP/6Q30rxAiTxRPi+FhcHvxa33y1ZVobvnfGcJa+AzsTbgH9T9Yob
GuXFZvuQVSyWOLOgY/vVml904q8gScMpBesAsZJ7DEXxSTga0Rt99Ti3d9ABwBI5
1YabQlGLaAkrj3PMgrDyayzGBDDDva9fEQIDAQAB
-----END RSA PUBLIC KEY-----
Ed25519PublicKey = pkMuJ4kbyleQAdau+sfmLtzTuUy7uL+wwcgV/GWC7/N
'';
};
};
};
};
}

View File

@ -55,10 +55,12 @@ let
name = "fetchWallpaper";
uid = genid_uint31 "fetchWallpaper";
description = "fetchWallpaper user";
group = "fetchWallpaper";
home = cfg.stateDir;
createHome = true;
isSystemUser = true;
};
users.groups.fetchWallpaper = {};
systemd.timers.fetchWallpaper = {
description = "fetch wallpaper timer";

View File

@ -362,10 +362,8 @@ let
users.users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
description = "Git repository hosting user";
extraGroups = [
# To allow running cgit-clear-cache via hooks.
cfg.cgit.fcgiwrap.group.name
];
# To allow running cgit-clear-cache via hooks.
group = cfg.cgit.fcgiwrap.group.name;
isSystemUser = true;
shell = "/bin/sh";
openssh.authorizedKeys.keys =

View File

@ -105,6 +105,7 @@ in {
"go.r"
"rss.r"
];
tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9PY6t6P1ytgo8qYL2QDc
@ -165,6 +166,7 @@ in {
"build.puyak.r"
"cgit.puyak.r"
];
tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955

View File

@ -37,6 +37,7 @@ in {
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us.
@ -48,6 +49,7 @@ in {
jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
@ -122,33 +124,6 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
};
uriel = {
monitoring = false;
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.81.176";
ip6.addr = r6 "1e1";
aliases = [
"uriel.r"
];
tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR
duJkk8Fj12ftMc+Of1gnwDkFhRcfAKOeH1RSc4CTircWVq99WyecTwEZoaR/goQb
MND022kIBoG6NQNxv1Y5I1B/h7hfloMFEPym9oFtOAXoGhBY2vVl4g64NNz+RLME
m1RipLXKANAh6LRNPGPQCUYX4TVY2ZJVxM3CM1XdomUAdOYXJmWFyUg9NcIKaacx
uRrmuy7J9yFBcihZX5Y7NV361kINrpRmZYxJRf9cr0hb5EkJJ7bMIKQMEFQ5RnYo
u7MPGKD7aNHa6hLLCeIfJ5u0igVmSLh3pwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBryIo/Waw8SWvlQ0+5I+Bd/dJgcMd6iPXtELS6gQXoc";
secure = true;
};
mors = {
cores = 2;
nets = {
@ -418,38 +393,6 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
};
red = {
monitoring = false;
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.0.13";
ip6.addr = r6 "12ed";
aliases = [
"red.r"
];
tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
};
yellow = {
cores = 1;
nets = {
@ -583,44 +526,6 @@ in {
ci = false;
syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
};
morpheus = {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.0.19";
ip6.addr = r6 "012f";
aliases = [
"morpheus.r"
];
tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY
T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN
/Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh
S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz
Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR
bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI
Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz
sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+
VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j
3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA
U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
wiregrill = {
ip6.addr = w6 "012f";
aliases = [
"morpheus.w"
];
wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY=";
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
syncthing.id = "JS4RFIL-MJP2SMJ-EOQXCPQ-MC3NB4V-BQ77GN5-LPKGLWY-GHDP732-G22OJQQ";
};
hilum = {
cores = 1;
nets = {

View File

@ -1,104 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkEnableOption mkIf mkOption singleton types;
inherit (pkgs) coreutils solanum;
cfg = config.krebs.solanum;
configFile = pkgs.writeText "solanum.conf" ''
${cfg.config}
'';
in
{
###### interface
options = {
krebs.solanum = {
enable = mkEnableOption "Solanum IRC daemon";
config = mkOption {
type = types.str;
description = ''
Solanum IRC daemon configuration file.
'';
};
statedir = mkOption {
type = types.path;
default = "/var/lib/solanum";
description = ''
Location of the state directory of solanum.
'';
};
user = mkOption {
type = types.str;
default = "ircd";
description = ''
Solanum IRC daemon user.
'';
};
group = mkOption {
type = types.str;
default = "ircd";
description = ''
Solanum IRC daemon group.
'';
};
motd = mkOption {
type = types.nullOr types.lines;
default = null;
description = ''
Solanum MOTD text.
Solanum will read its MOTD from /etc/solanum/ircd.motd .
If set, the value of this option will be written to this path.
'';
};
};
};
###### implementation
config = mkIf cfg.enable (lib.mkMerge [
{
users.users.${cfg.user} = {
description = "Solanum IRC daemon user";
uid = config.ids.uids.ircd;
group = cfg.group;
};
users.groups.${cfg.group} = {
gid = config.ids.gids.ircd;
};
systemd.tmpfiles.rules = [
"d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -"
];
systemd.services.solanum = {
description = "Solanum IRC daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${solanum}/bin/solanum -foreground -logfile /dev/stdout -configfile ${configFile} -pidfile ${cfg.statedir}/ircd.pid";
Group = cfg.group;
User = cfg.user;
};
};
}
(mkIf (cfg.motd != null) {
environment.etc."solanum/ircd.motd".text = cfg.motd;
})
]);
}

View File

@ -94,7 +94,7 @@ in {
programs.fuse.userAllowOther = true;
# allow syncthing to enter /var/lib/containers
system.activationScripts.containers-enter = mkDefault ''
${pkgs.coreutils}/bin/chmod a+x /var/lib/containers
${pkgs.coreutils}/bin/chmod a+x /var/lib/containers || :
'';
services.syncthing.declarative.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({

View File

@ -237,9 +237,14 @@ let
inherit (cfg.user) home name uid;
createHome = true;
isSystemUser = true;
group = netname;
}
) config.krebs.tinc;
users.groups = mapAttrs' (netname: cfg:
nameValuePair netname {}
) config.krebs.tinc;
environment.etc = mapAttrs' (netname: cfg:
nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy {
source = cfg.confDir;

View File

@ -1,18 +1,23 @@
with import <stockholm/lib>;
let
stockholm.lib = import ../../lib;
in
with stockholm.lib;
self: super:
# Import files and subdirectories like they are overlays.
foldl' mergeAttrs {}
fix (foldl' (flip extends) (self: super) (
[
(self: super: { inherit stockholm; })
]
++
(map
(name: import (./. + "/${name}") self super)
(name: import (./. + "/${name}"))
(filter
(name: name != "default.nix" && !hasPrefix "." name)
(attrNames (readDir ./.))))
//
{
brockman = self.haskellPackages.brockman;
reaktor2 = self.haskellPackages.reaktor2;
}
++
[
(self: super: {
brockman = self.haskellPackages.brockman;
reaktor2 = self.haskellPackages.reaktor2;
})
]
))

View File

@ -1,4 +1,4 @@
{ mkDerivation, aeson, base, fetchgit, stdenv, X11 }:
{ mkDerivation, aeson, base, fetchgit, lib, X11 }:
mkDerivation {
pname = "X11-aeson";
version = "1.0.0";
@ -9,5 +9,5 @@ mkDerivation {
fetchSubmodules = true;
};
libraryHaskellDepends = [ aeson base X11 ];
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
}

View File

@ -1,6 +1,7 @@
with import <stockholm/lib>;
{ mkDerivation, base, fetchgit, hspec, QuickCheck, stdenv, text }: let
{ mkDerivation, base, fetchgit, hspec, QuickCheck, lib, stockholm, text }:
with stockholm.lib;
let
cfg = {
"18.03" = {
version = "1.1.0";
@ -23,5 +24,5 @@ in mkDerivation {
testHaskellDepends = [ base hspec QuickCheck ];
doHaddock = false;
# WTFPL is the true license, which is unknown to cabal.
license = stdenv.lib.licenses.wtfpl;
license = lib.licenses.wtfpl;
}

View File

@ -2,7 +2,7 @@
, case-insensitive, conduit, containers, directory, feed, filepath
, hashable, hslogger, html-entity, http-client, irc-conduit, lens
, lrucache, lrucaching, network, optparse-applicative, random, safe
, stdenv, text, time, timerep, wreq
, lib, text, time, timerep, wreq
, fetchFromGitHub
}:
mkDerivation rec {
@ -22,5 +22,5 @@ mkDerivation rec {
http-client irc-conduit lens lrucache lrucaching network
optparse-applicative random safe text time timerep wreq
];
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
}

View File

@ -1,8 +1,9 @@
with import <stockholm/lib>;
self: super:
with self.stockholm.lib;
let
overrides = self: super: mapNixDir (path: self.callPackage path {}) ./.;
in
self: super:
{
haskell = super.haskell // {
packages = mapAttrs (name: value:

View File

@ -1,8 +1,10 @@
with import <stockholm/lib>;
{ mkDerivation, attoparsec, base, base64-bytestring, bytestring
, case-insensitive, containers, exceptions, fetchgit, QuickCheck
, stdenv, tasty, tasty-quickcheck, text, text-icu, time
}: let
, lib, stockholm, tasty, tasty-quickcheck, text, text-icu, time
}:
with stockholm.lib;
let
cfg = {
"18.03" = {
@ -40,5 +42,5 @@ in mkDerivation {
jailbreak = true;
homepage = "http://github.com/knrafto/email-header";
description = "Parsing and rendering of email and MIME headers";
license = stdenv.lib.licenses.bsd3;
license = lib.licenses.bsd3;
}

View File

@ -1,6 +1,5 @@
{ mkDerivation, base, blessings, containers, data-default, fetchgit
, lens, mtl, old-locale, process, scanner, stdenv, time, unix
, zippers
, lens, lib, mtl, old-locale, process, scanner, time, unix, zippers
}:
mkDerivation {
pname = "hack";
@ -18,5 +17,5 @@ mkDerivation {
base blessings containers data-default lens mtl old-locale process
scanner time unix zippers
];
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
}

View File

@ -1,5 +1,5 @@
{ mkDerivation, async, base, bytestring, fetchgit, network
, optparse-applicative, stdenv, text
{ mkDerivation, async, base, bytestring, fetchgit, lib, network
, optparse-applicative, text
}:
mkDerivation {
pname = "kirk";
@ -8,6 +8,7 @@ mkDerivation {
url = "http://cgit.krebsco.de/kirk";
sha256 = "1acsmmc485c54axpy9bd0320j18hs261vl1vdxns4n04sxzqd7k0";
rev = "cdf3cb373af8f9b03a9487a63eb32e0226913589";
fetchSubmodules = true;
};
isLibrary = true;
isExecutable = true;
@ -17,5 +18,5 @@ mkDerivation {
executableHaskellDepends = [
async base network optparse-applicative text
];
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
}

View File

@ -2,9 +2,9 @@
, blaze-builder, blessings, bytestring, case-insensitive
, containers, data-default, deepseq, directory, either
, email-header, fetchgit, filepath, friendly-time, http-types
, hyphenation, linebreak, network, old-locale, optparse-applicative
, process, random, rosezipper, safe, scanner, servant-server, split
, stdenv, terminal-size, text, time, transformers
, hyphenation, lib, linebreak, network, old-locale
, optparse-applicative, process, random, rosezipper, safe, scanner
, servant-server, split, terminal-size, text, time, transformers
, transformers-compat, unix, vector, wai, warp
}:
mkDerivation {
@ -32,5 +32,5 @@ mkDerivation {
data-default deepseq directory filepath hyphenation linebreak
process rosezipper safe scanner text time transformers unix
];
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
}

View File

@ -1,5 +1,5 @@
{ mkDerivation, base, bloomfilter, bytestring, feed, fetchgit, lens
, stdenv, wreq
, lib, wreq
}:
mkDerivation {
pname = "news";
@ -14,5 +14,5 @@ mkDerivation {
executableHaskellDepends = [
base bloomfilter bytestring feed lens wreq
];
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
}

View File

@ -2,7 +2,7 @@
, bytestring, containers, data-default, fetchgit, filepath
, hashable, lens, lens-aeson, network, network-simple
, network-simple-tls, network-uri, pcre-light, process, random
, servant-server, stdenv, string-conversions, stringsearch, text
, servant-server, lib, string-conversions, stringsearch, text
, time, transformers, unagi-chan, unix, unordered-containers
, vector, wai, warp
}:
@ -24,5 +24,5 @@ mkDerivation rec {
random servant-server string-conversions stringsearch text time
transformers unagi-chan unix unordered-containers vector wai warp
];
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
}

View File

@ -1,6 +1,6 @@
{ mkDerivation, ansi-terminal, async, base, binary, bytestring
, data-default, directory, filepath, megaparsec
, optparse-applicative, pandoc, random, safe, scalpel, stdenv, text
, optparse-applicative, pandoc, random, safe, scalpel, lib, text
, time
, fetchFromGitHub
}:
@ -21,5 +21,5 @@ mkDerivation rec {
filepath megaparsec optparse-applicative pandoc random safe scalpel
text time
];
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
}

View File

@ -1,4 +1,4 @@
{ mkDerivation, base, fetchgit, stdenv }:
{ mkDerivation, base, fetchgit, lib }:
mkDerivation {
pname = "scanner";
version = "1.0.1";
@ -9,5 +9,5 @@ mkDerivation {
fetchSubmodules = true;
};
libraryHaskellDepends = [ base ];
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
}

View File

@ -1,4 +1,4 @@
{ mkDerivation, aeson, base, fetchgit, stdenv, X11-aeson, xmonad }:
{ mkDerivation, aeson, base, fetchgit, lib, X11-aeson, xmonad }:
mkDerivation {
pname = "xmonad-aeson";
version = "1.0.0";
@ -9,5 +9,5 @@ mkDerivation {
fetchSubmodules = true;
};
libraryHaskellDepends = [ aeson base X11-aeson xmonad ];
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
}

View File

@ -1,4 +1,4 @@
{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft , X11-xshape, xmonad, xmonad-contrib
{ mkDerivation, base, containers, fetchgit, filepath, lib, unix, X11, X11-xft , X11-xshape, xmonad, xmonad-contrib
}:
mkDerivation rec {
pname = "xmonad-stockholm";
@ -11,5 +11,5 @@ mkDerivation rec {
libraryHaskellDepends = [
base containers filepath unix X11 X11-xft X11-xshape xmonad xmonad-contrib
];
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
}

View File

@ -1,4 +1,3 @@
with import <stockholm/lib>;
self: super: {
bitlbee-facebook = super.bitlbee-facebook.overrideAttrs (old: {

View File

@ -1,6 +1,5 @@
{ imagemagick, runCommand, ... }:
with import <stockholm/lib>;
{ imagemagick, runCommand, stockholm, ... }:
with stockholm.lib;
let
krebs-v2 = [

View File

@ -1,4 +1,4 @@
{ stdenv
{ lib
, buildPythonPackage
, fetchPypi
, pytest
@ -22,7 +22,7 @@ buildPythonPackage rec {
# Package supports 3.x, but tests are clearly 2.x only.
doCheck = !isPy3k;
meta = with stdenv.lib; {
meta = with lib; {
description = "Non-validating SQL parser for Python";
longDescription = ''
Provides support for parsing, splitting and formatting SQL statements.

View File

@ -1,8 +1,6 @@
with import <stockholm/lib>;
{ cache-root ? "/tmp/cgit", findutils, writeDashBin }:
{ cache-root ? "/tmp/cgit", findutils, stockholm, writeDashBin }:
writeDashBin "cgit-clear-cache" ''
set -efu
${findutils}/bin/find ${shell.escape cache-root} -type f -delete
${findutils}/bin/find ${stockholm.lib.shell.escape cache-root} -type f -delete
''

View File

@ -1,18 +1,16 @@
with import <stockholm/lib>;
self: super:
let
# This callPackage will try to detect obsolete overrides.
lib = super.stockholm.lib;
callPackage = path: args: let
override = self.callPackage path args;
upstream = optionalAttrs (override ? "name")
(super.${(parseDrvName override.name).name} or {});
upstream = lib.optionalAttrs (override ? "name")
(super.${(lib.parseDrvName override.name).name} or {});
in if upstream ? "name" &&
override ? "name" &&
compareVersions upstream.name override.name != -1
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
lib.compareVersions upstream.name override.name != -1
then lib.trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
else override;
in
mapNixDir (path: callPackage path {}) ./.
lib.mapNixDir (path: callPackage path {}) ./.

View File

@ -1,7 +1,7 @@
{ jq, systemd, writeDashBin }:
{ jq, stockholm, systemd, writeDashBin }:
let
lib = import <stockholm/lib>;
lib = stockholm.lib;
user = "exim"; # TODO make this configurable
in

View File

@ -1,5 +1,5 @@
with import <stockholm/lib>;
{ pkgs, ... }@args:
{ pkgs, stockholm, ... }@args:
with stockholm.lib;
let
# config cannot be declared in the input attribute set because that would

View File

@ -1,5 +1,5 @@
with import <stockholm/lib>;
{ config, pkgs }:
with pkgs.stockholm.lib;
let
# Refs https://github.com/lupoDharkael/flameshot/blob/master/src/widgets/capture/capturebutton.h

View File

@ -1,5 +1,5 @@
with import <stockholm/lib>;
{ pkgs, ... }@args:
{ pkgs, stockholm, ... }@args:
with stockholm.lib;
let
# config cannot be declared in the input attribute set because that would

View File

@ -1,6 +1,6 @@
{ pkgs, ... }:
{ pkgs, stockholm, ... }:
with import <stockholm/lib>;
with stockholm.lib;
{
# TODO irc-announce should return a derivation

View File

@ -1,5 +1,6 @@
with import <stockholm/lib>;
{ pkgs, stdenv }:
{ pkgs, stockholm, stdenv }:
with stockholm.lib;
stdenv.mkDerivation rec {
pname = "htgen-cyberlocker";
version = "1.0.0";

View File

@ -1,3 +1,10 @@
emptyok_response() {(
printf "HTTP/1.1 204 OK\r\n"
printf 'Connection: close\r\n'
printf 'Server: %s\r\n' "$Server"
printf '\r\n'
)}
delete_response() {
jq -n -r \
--arg server "$Server" \
@ -44,7 +51,10 @@ read_uri() {
}
uri=$(read_uri "$Request_URI")
path=$(jq -nr --argjson uri "$uri" '$uri.path')
path=$(jq -nr --argjson uri "$uri" '
$uri.path |
gsub("/+"; "/")
')
case "$Method $path" in
'POST /'*|'PUT /'*)
@ -57,6 +67,8 @@ case "$Method $path" in
mkdir -v -p $STATEDIR/items >&2
cp -v $content $item >&2
emptyok_response
exit
;;
'GET /'*)

View File

@ -1,5 +1,4 @@
with import <stockholm/lib>;
{ attr, coreutils, exiv2, findutils, gnugrep, jq, nix, utillinux, stdenv }:
{ attr, coreutils, exiv2, findutils, gnugrep, jq, nix, stockholm, utillinux, stdenv }:
stdenv.mkDerivation rec {
pname = "htgen-imgur";
version = "1.0.0";
@ -9,7 +8,7 @@ stdenv.mkDerivation rec {
buildPhase = ''
(
exec > htgen-imgur
echo PATH=${makeBinPath [
echo PATH=${stockholm.lib.makeBinPath [
attr
coreutils
exiv2
@ -18,7 +17,7 @@ stdenv.mkDerivation rec {
jq
nix utillinux
]}
echo STATEDIR=${shell.escape "\${STATEDIR-$HOME}"}
echo STATEDIR=${stockholm.lib.shell.escape "\${STATEDIR-$HOME}"}
cat $src/htgen-imgur
)
'';

View File

@ -1,18 +1,8 @@
{ pkgs, lib, ... }:
with lib;
pkgs.writeDashBin "irc-announce" ''
set -euf
export PATH=${makeSearchPath "bin" (with pkgs; [
coreutils
gawk
gnused
netcat
nettools
])}
IRC_SERVER=$1
IRC_PORT=$2
IRC_NICK=$3_$$
@ -20,57 +10,15 @@ pkgs.writeDashBin "irc-announce" ''
IRC_TLS=$5
message=$6
export IRC_CHANNEL # for privmsg_cat
if test "$IRC_TLS" != 1; then
unset IRC_TLS
fi
# echo2 and cat2 are used output to both, stdout and stderr
# This is used to see what we send to the irc server. (debug output)
echo2() { echo "$*"; echo "$*" >&2; }
cat2() {
awk '{
print $0
print $0 > "/dev/stderr"
}'
}
# privmsg_cat transforms stdin to a privmsg
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
tls_flag() { if [ "$IRC_TLS" -eq 1 ]; then echo "-c"; fi }
# ircin is used to feed the output of netcat back to the "irc client"
# so we can implement expect-like behavior with sed^_^
# XXX mkselfdestructingtmpfifo would be nice instead of this cruft
tmpdir=$(mktemp --tmpdir -d irc-announce_XXXXXXXX)
cd "$tmpdir"
mkfifo ircin
trap "
rm ircin
cd '$OLDPWD'
rmdir '$tmpdir'
trap - EXIT INT QUIT
" EXIT INT QUIT
{
echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
echo2 "NICK $IRC_NICK"
awk 'match($0, /PING(.*)/, m) {print "PONG", m[1]; exit}'
# wait for MODE message
sed -n '/^:[^ ]* MODE /q'
echo2 "JOIN $IRC_CHANNEL"
printf '%s' "$message" \
| privmsg_cat \
| cat2
echo2 "PART $IRC_CHANNEL"
# wait for PART confirmation
sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
echo2 'QUIT :Gone to have lunch'
} < ircin \
| nc $(tls_flag) "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
printf %s "$message" |
${pkgs.ircaids}/bin/ircsink \
--nick="$IRC_NICK" \
--port="$IRC_PORT" \
--server="$IRC_SERVER" \
--target="$IRC_CHANNEL" \
''${IRC_TLS:+--secure}
''

View File

@ -0,0 +1,32 @@
{ lib, pkgs, stdenv }:
stdenv.mkDerivation rec {
pname = "ircaids";
version = "1.0.1";
src = pkgs.fetchgit {
url = "https://cgit.krebsco.de/ircaids";
rev = "refs/tags/${version}";
sha256 = "0wp01pag58c72rmx8j3i1vlq60na8lc91743832f0h27cik8yqvh";
};
buildPhase = null;
installPhase = ''
mkdir -p $out/bin
cp $src/bin/ircsink $out/bin/ircsink
sed -i '
s;^#! /bin/sh;#! ${pkgs.dash}/bin/dash;
s;^#!.*;&\nexport PATH=${lib.makeBinPath [
pkgs.coreutils
pkgs.gawk
pkgs.gnused
pkgs.netcat
pkgs.nettools
pkgs.openssl
pkgs.utillinux
]};
' $out/bin/ircsink
'';
}

View File

@ -1,7 +1,5 @@
{ lib, pkgs, ... }:
with import <stockholm/lib>;
let
default-host-colors = pkgs.writeJSON "logf.default-host-colors.json" {
};

View File

@ -1,5 +1,6 @@
{ coreutils, curl, fetchgit, gawk, gnugrep, gnused, jq, stdenv, w3m, ... }:
with import <stockholm/lib>;
{ coreutils, curl, fetchgit, gawk, gnugrep, gnused, jq, stdenv, stockholm, w3m, ... }:
with stockholm.lib;
let
readJSON = path: fromJSON (readFile path);
sed.escape = replaceChars ["/"] ["\\/"]; # close enough

View File

@ -1,10 +1,10 @@
{ writers, coreutils, grib2json, curl, jq, findutils, imagemagick }:
writers.writeDashBin "nomads-cloud" ''
prefix=$(mktemp -d)
grib_path=$prefix.grib
json_path=$prefix.json
pgm_path=$prefix.pgm
png_path="$1"
grib_path=$prefix/clouds.grib
json_path=$prefix/clouds.json
pgm_path=$prefix/clouds.pgm
png_path=$1
mkdir -p "$prefix"

View File

@ -1,5 +1,5 @@
with import <stockholm/lib>;
{ lib, pkgs, ... }:
{ lib, pkgs, stockholm, ... }:
with stockholm.lib;
rec {
generators = {

View File

@ -1,5 +1,4 @@
let lib = import <stockholm/lib>; in
{ pkgs }:
{ pkgs, stockholm }:
# urix - URI eXtractor
# Extract all the URIs from standard input and write them to standard output!
@ -10,6 +9,6 @@ pkgs.execBin "urix" {
argv = [
"urix"
"-Eo"
"\\b${lib.uri.posix-extended-regex}\\b"
"\\b${stockholm.lib.uri.posix-extended-regex}\\b"
];
}

View File

@ -1,5 +1,5 @@
with import <stockholm/lib>;
{ coreutils, quote, utillinux, writeDash }:
{ coreutils, quote, stockholm, utillinux, writeDash }:
with stockholm.lib;
opt-spec: cmd-spec: let

View File

@ -1,5 +1,3 @@
with import <stockholm/lib>;
self: super:
{

View File

@ -6,8 +6,8 @@
nixpkgs = {
overlays = [
(import ./5pkgs)
(import ../submodules/nix-writers/pkgs)
(import ./5pkgs)
];
};

View File

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "09cd65b33c5653d7d2954fef4b9f0e718c899743",
"date": "2021-09-08T11:21:07-05:00",
"path": "/nix/store/h4hgs0aiaszmgqcwwhw7q10vqgvgbimf-nixpkgs",
"sha256": "1h696xv2wdl1859jcr0bmv0m0rfsq4vpc1vc0hg3msfsdnz0aixl",
"rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175",
"date": "2021-11-01T19:42:18+01:00",
"path": "/nix/store/ccfd4ijkp4rn018sjghkhn4a7gkdq84l-nixpkgs",
"sha256": "1q7n9rk4i8ky2xxiymm72cfq1xra3ss3vkhbwf60rhiblslldgqg",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false

View File

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "6120ac5cd201f6cb593d1b80e861be0342495be9",
"date": "2021-09-18T21:31:09+02:00",
"path": "/nix/store/g1a0swq7h7b24g4vkn3wr3d8rwjazfmv-nixpkgs",
"sha256": "04mrjxr1qsdcgcryx7yy72cgcw14c0770gfcgzrdfpnvmjdgbi9i",
"rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f",
"date": "2021-10-31T15:33:08-07:00",
"path": "/nix/store/60dqlv3rf8dyf041qwx2bblmpd7mp7q6-nixpkgs",
"sha256": "150rrksrjf6w9m3c1ll04xilpglysklfpi636rxwyy318g5xss55",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false

View File

@ -1,5 +1,5 @@
{ lib, pkgs, test, ... }:
{
if test then {} else {
nixpkgs = lib.mkIf (! test) (lib.mkForce {
file = {
path = toString (pkgs.fetchFromGitHub {

View File

@ -16,7 +16,7 @@
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
# <stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/prism-mounts/samba.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/bitcoin.nix>

View File

@ -0,0 +1,21 @@
{ lib, pkgs, test, ... }: let
npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
in {
nixpkgs = (if test then lib.mkForce ({ derivation = let
rev = npkgs.rev;
sha256 = npkgs.sha256;
in ''
with import (builtins.fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
sha256 = "${sha256}";
}) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = "${rev}";
sha256 = "${sha256}";
}
''; }) else {
git.ref = lib.mkForce npkgs.rev;
});
}

View File

@ -5,10 +5,13 @@
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/tor-initrd.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/green-host.nix>
];
krebs.build.host = config.krebs.hosts.echelon;
boot.tmpOnTmpfs = true;
}

View File

@ -17,6 +17,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/IM.nix>
<stockholm/lass/2configs/muchsync.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/git-brain.nix>
];
krebs.build.host = config.krebs.hosts.green;
@ -68,6 +70,13 @@ with import <stockholm/lib>;
];
clearTarget = true;
};
"/var/lib/git" = {
source = "/var/state/git";
options = [
"-M ${toString config.users.users.git.uid}"
];
clearTarget = true;
};
};
systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" ''

View File

@ -1,5 +1,4 @@
{ lib, pkgs, ... }:
{
{ lib, pkgs, test, ... }:
if test then {} else {
nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
nixpkgs.git.shallow = true;
}

View File

@ -1,29 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/green-host.nix>
];
krebs.build.host = config.krebs.hosts.morpheus;
networking.wireless.enable = false;
networking.networkmanager.enable = true;
services.logind.lidSwitch = "ignore";
services.logind.lidSwitchDocked = "ignore";
environment.systemPackages = with pkgs; [
gitAndTools.hub
nix-review
firefox
ag
];
services.openssh.forwardX11 = true;
programs.x2goserver.enable = true;
}

View File

@ -1,44 +0,0 @@
{
imports = [
./config.nix
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.device = "nodev";
networking.hostId = "06442b9a";
fileSystems."/" = {
device = "/dev/pool/root";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1F60-17C6";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/pool/home";
fsType = "btrfs";
};
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
devices.luksroot.device = "/dev/nvme0n1p3";
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
'';
}

View File

@ -0,0 +1,21 @@
{ lib, pkgs, test, ... }: let
npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
in {
nixpkgs = (if test then lib.mkForce ({ derivation = let
rev = npkgs.rev;
sha256 = npkgs.sha256;
in ''
with import (builtins.fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
sha256 = "${sha256}";
}) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = "${rev}";
sha256 = "${sha256}";
}
''; }) else {
git.ref = lib.mkForce npkgs.rev;
});
}

View File

@ -112,7 +112,6 @@ with import <stockholm/lib>;
};
}
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
@ -124,16 +123,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/jitsi.nix>
{ # quasi bepasty.nix
imports = [
<stockholm/lass/2configs/bepasty.nix>
];
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
return 403;
}
'';
}
{
services.tor = {
enable = true;

View File

@ -65,6 +65,12 @@
fsType = "ext4";
};
# silence mdmonitor.service failures
# https://github.com/NixOS/nixpkgs/issues/72394
environment.etc."mdadm.conf".text = ''
MAILADDR root
'';
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

View File

@ -1,28 +0,0 @@
with import <stockholm/lib>;
{ config, lib, pkgs, ... }:
let
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
servephpBB
;
in
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/websites>
<stockholm/lass/2configs/websites/sqlBackup.nix>
(servephpBB [ "rote-allez-fraktion.de" ])
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
];
krebs.build.host = config.krebs.hosts.red;
services.nginx.enable = true;
environment.systemPackages = [
pkgs.mk_sql_pair
];
}

View File

@ -1,7 +0,0 @@
{
imports = [
./config.nix
];
boot.isContainer = true;
networking.useDHCP = false;
}

View File

@ -1,47 +0,0 @@
{ config, pkgs, ... }:
with builtins;
with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
{
# locke config
i18n.defaultLocale ="de_DE.UTF-8";
time.timeZone = "Europe/Berlin";
services.xserver.enable = true;
services.xserver.libinput.enable = false;
users.users.locke = {
uid = genid "locke";
home = "/home/locke";
group = "users";
createHome = true;
extraGroups = [
"audio"
"networkmanager"
];
useDefaultShell = true;
isNormalUser = true;
};
networking.networkmanager.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
environment.systemPackages = with pkgs; [
pavucontrol
firefox
hexchat
networkmanagerapplet
];
services.xserver.desktopManager.xfce = {
enable = true;
};
}
];
krebs.build.host = config.krebs.hosts.uriel;
nixpkgs.config.allowUnfree = true;
}

View File

@ -1,59 +0,0 @@
{
imports = [
./config.nix
];
hardware.enableRedistributableFirmware = true;
boot = {
#kernelParams = [
# "acpi.brightness_switch_enabled=0"
#];
#loader.grub.enable = true;
#loader.grub.version = 2;
#loader.grub.device = "/dev/sda";
loader.systemd-boot.enable = true;
loader.timeout = 5;
initrd.luks.devices.luksroot.device = "/dev/sda2";
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
device = "/dev/pool/root";
fsType = "ext4";
};
"/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
"/boot" = {
device = "/dev/sda1";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
'';
services.xserver.synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
additionalOptions = ''
Option "FingerHigh" "60"
Option "FingerLow" "60"
'';
};
}

View File

@ -30,7 +30,7 @@ in {
imports = [
./bitlbee.nix
];
environment.systemPackages = [ tmux ];
environment.systemPackages = [ tmux weechat ];
systemd.services.chat = {
description = "chat environment setup";
after = [ "network.target" ];

View File

@ -11,6 +11,7 @@ in {
./xdg-open.nix
./yubikey.nix
./pipewire.nix
./tmux.nix
./xmonad.nix
{
krebs.per-user.lass.packages = [
@ -61,7 +62,8 @@ in {
font-size
fzfmenu
gimp
gitAndTools.qgit
gitAndTools.hub
git-crypt
git-preview
gnome3.dconf
iodine
@ -85,6 +87,7 @@ in {
xorg.xhost
xsel
zathura
flameshot-once
(pkgs.writeDashBin "screenshot" ''
set -efu

View File

@ -1,44 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
# secrets used:
# wildcard.krebsco.de.crt
# wildcard.krebsco.de.key
# bepasty-secret.nix <- contains single string
with import <stockholm/lib>;
let
secKey = import <secrets/bepasty-secret.nix>;
ext-doms = [
"paste.lassul.us"
"paste.krebsco.de"
];
in {
services.nginx.enable = mkDefault true;
krebs.bepasty = {
enable = true;
serveNginx= true;
servers = {
"paste.r" = {
nginx = {
serverAliases = [
"paste.${config.krebs.build.host.name}"
"paste.r"
];
};
defaultPermissions = "admin,list,create,read,delete";
secretKey = secKey;
};
} //
genAttrs ext-doms (ext-dom: {
nginx = {
forceSSL = true;
enableACME = true;
};
defaultPermissions = "read,create";
secretKey = secKey;
});
};
}

View File

@ -29,6 +29,13 @@
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'';
locations."= /nix-cache-info".extraConfig = ''
alias ${pkgs.writeText "cache-info" ''
StoreDir: /nix/store
WantMassQuery: 1
Priority: 42
''};
'';
};
virtualHosts."cache.krebsco.de" = {
forceSSL = true;

View File

@ -2,16 +2,13 @@ with (import <stockholm/lib>);
{ config, lib, pkgs, ... }:
{
imports = [
./bitlbee.nix
./mail.nix
./pass.nix
];
environment.systemPackages = with pkgs; [
ag
brain
dic
nmap
git-preview
@ -30,43 +27,6 @@ with (import <stockholm/lib>);
{ predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";}
];
systemd.services.chat = let
tmux = pkgs.writeDash "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g prefix `
unbind-key C-b
bind ` send-prefix
set-option -g status off
set-option -g default-terminal screen-256color
#use session instead of windows
bind-key c new-session
bind-key p switch-client -p
bind-key n switch-client -n
bind-key C-s switch-client -l
''} "$@"
'';
in {
description = "chat environment setup";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = false;
path = [
pkgs.rxvt_unicode.terminfo
];
serviceConfig = {
User = "lass";
RemainAfterExit = true;
Type = "oneshot";
ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
ExecStop = "${tmux} kill-session -t IM";
};
};
services.dovecot2 = {
enable = true;
mailLocation = "maildir:~/Maildir";

View File

@ -1,27 +1,52 @@
{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
{
services.nginx.virtualHosts.codimd = {
let
domain = "pad.lassul.us";
in {
# redirect legacy domain to new one
services.nginx.virtualHosts."codi.lassul.us" = {
enableACME = true;
addSSL = true;
serverName = "codi.lassul.us";
locations."/".extraConfig = ''
client_max_body_size 4G;
proxy_set_header Host $host;
proxy_pass http://localhost:3091;
'';
locations."/".return = "301 https://${domain}\$request_uri";
};
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "https://localhost:3091";
proxyWebsockets = true;
};
};
security.acme.certs.${domain}.group = "hedgecert";
users.groups.hedgecert.members = [ "codimd" "nginx" ];
security.dhparams = {
enable = true;
params.hedgedoc = {};
};
services.hedgedoc = {
enable = true;
configuration.allowOrigin = [ "*" ];
configuration.allowOrigin = [ domain ];
configuration = {
db = {
dialect = "sqlite";
storage = "/var/lib/codimd/db.codimd.sqlite";
useCDN = false;
};
useCDN = false;
port = 3091;
domain = domain;
allowFreeURL = true;
useSSL = true;
protocolUseSSL = true;
sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
sslCertPath = "/var/lib/acme/${domain}/cert.pem";
sslKeyPath = "/var/lib/acme/${domain}/key.pem";
dhParamPath = config.security.dhparams.params.hedgedoc.path;
};
};
}

View File

@ -19,10 +19,9 @@ with import <stockholm/lib>;
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.lass-mors.pubkey
config.krebs.users.lass.pubkey
config.krebs.users.lass-blue.pubkey
config.krebs.users.lass-green.pubkey
config.krebs.users.lass-yubikey.pubkey
];
};
mainUser = {
@ -35,25 +34,17 @@ with import <stockholm/lib>;
isNormalUser = true;
extraGroups = [
"audio"
"video"
"fuse"
"wheel"
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass-mors.pubkey
config.krebs.users.lass.pubkey
config.krebs.users.lass-blue.pubkey
config.krebs.users.lass-green.pubkey
config.krebs.users.lass-yubikey.pubkey
];
};
nix = {
isNormalUser = true;
uid = genid_uint31 "nix";
openssh.authorizedKeys.keys = [
config.krebs.hosts.mors.ssh.pubkey
];
};
};
nix.trustedUsers = ["nix"];
}
{
environment.variables = {
@ -70,7 +61,7 @@ with import <stockholm/lib>;
{
#for sshuttle
environment.systemPackages = [
pkgs.pythonPackages.python
pkgs.python3Packages.python
];
}
];
@ -89,8 +80,6 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true;
boot.tmpOnTmpfs = true;
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
@ -102,6 +91,7 @@ with import <stockholm/lib>;
#stockholm
deploy
git
git-preview
gnumake
jq
@ -126,6 +116,7 @@ with import <stockholm/lib>;
file
hashPassword
kpaste
cyberlocker-tools
pciutils
pop
q
@ -187,6 +178,7 @@ with import <stockholm/lib>;
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
Storage=persistent
'';
krebs.iptables = {
@ -225,5 +217,7 @@ with import <stockholm/lib>;
# use 24:00 time format, the default got sneakily changed around 20.03
i18n.defaultLocale = mkDefault "C.UTF-8";
time.timeZone = mkDefault"Europe/Berlin";
system.stateVersion = mkDefault "20.03";
}

View File

@ -19,8 +19,10 @@ in {
"lassul.us"
];
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.blue
config.krebs.hosts.coaxmetal
config.krebs.hosts.green
config.krebs.hosts.mors
config.krebs.hosts.xerxes
];
internet-aliases = map (from: { inherit from to; }) mails;

View File

@ -5,7 +5,7 @@ let
in {
krebs.fetchWallpaper = {
enable = true;
url = "prism/realwallpaper-krebs-stars.png";
url = "prism/realwallpaper-krebs-stars-berlin.png";
};
}

View File

@ -3,7 +3,7 @@
with import <stockholm/lib>;
{
nix.gc = {
automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer);
automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" "coaxmetal" ] || config.boot.isContainer);
options = "--delete-older-than 15d";
};
}

View File

@ -0,0 +1,57 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
repos = krebs-repos;
rules = concatMap krebs-rules (attrValues krebs-repos);
krebs-repos = mapAttrs make-krebs-repo {
brain = { };
krebs-secrets = { };
};
make-krebs-repo = with git; name: { cgit ? {}, ... }: {
inherit cgit name;
public = false;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = true;
channel = "#xxx";
# TODO remove the hardcoded hostname
server = "irc.r";
};
};
};
# TODO: get the list of all krebsministers
krebsminister = with config.krebs.users; [ makefu tv ];
krebs-rules = repo:
set-owners repo [ config.krebs.users.lass ] ++ set-ro-access repo krebsminister;
set-ro-access = with git; repo: user:
singleton {
inherit user;
repo = [ repo ];
perm = fetch;
};
set-owners = with git;repo: user:
singleton {
inherit user;
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
};
in {
krebs.git = {
enable = true;
cgit = {
enable = false;
};
inherit repos rules;
};
}

View File

@ -189,7 +189,7 @@ let
with git // config.krebs.users;
repo:
singleton {
user = [ lass lass-mors lass-blue lass-yubikey ];
user = [ lass lass-green ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++

View File

@ -6,12 +6,12 @@
];
krebs.sync-containers.containers.green = {
peers = [
"echelon"
"icarus"
"littleT"
"mors"
"shodan"
"skynet"
"mors"
"morpheus"
"littleT"
"styx"
];
hostIp = "10.233.2.15";
@ -25,5 +25,9 @@
repo = "/var/lib/sync-containers/green/backup";
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
};
};
}

View File

@ -6,7 +6,6 @@
boot = {
initrd.luks.devices.luksroot.device = "/dev/sda3";
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
extraModulePackages = [
config.boot.kernelPackages.tp_smapi
@ -36,11 +35,6 @@
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
};
services.logind.lidSwitch = "ignore";

View File

@ -80,7 +80,12 @@ let
name = "mpv";
paths = [
(pkgs.writeDashBin "mpv" ''
exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@"
exec ${pkgs.mpv}/bin/mpv \
-vo=gpu \
--no-config \
--script=${autosub} \
--script-opts=ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp \
"$@"
'')
pkgs.mpv
];

View File

@ -4,6 +4,7 @@ with (import <stockholm/lib>);
{
systemd.services.muchsync = let
hosts = [
"coaxmetal.r"
"mors.r"
"green.r"
"blue.r"

View File

@ -16,7 +16,7 @@
StandardError = lib.mkForce "journal";
};
virtualisation.oci-containers.containers.mumble-web = {
image = "rankenstein/mumble-web";
image = "rankenstein/mumble-web:0.5";
environment = {
MUMBLE_SERVER = "lassul.us:64738";
};
@ -28,12 +28,9 @@
services.nginx.virtualHosts."mumble.lassul.us" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:64739/;
proxy_set_header Accept-Encoding "";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
locations."/" = {
proxyPass = "http://localhost:64739";
proxyWebsockets = true;
};
};
}

View File

@ -4,7 +4,15 @@
users.users.mainUser.packages = with pkgs; [
(pass.withExtensions (ext: [ ext.pass-otp ]))
gnupg
(pkgs.writers.writeDashBin "unlock" ''
set -efu
HOST=$1
pw=$(pass show "admin/$HOST/luks")
torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"
'')
];
programs.gnupg.agent.enable = true;
}

View File

@ -16,6 +16,7 @@
environment.systemPackages = with pkgs; [
alsaUtils
pulseaudioLight
ponymix
];
environment.variables.PULSE_SERVER = "localhost:4713";
@ -26,6 +27,7 @@
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Migrate-PulseAudio#module-native-protocol-tcp
config.pipewire-pulse = {
"context.properties" = {

View File

@ -0,0 +1,15 @@
{
fileSystems."/mnt/prism" = {
device = "//prism.r/public";
fsType = "cifs";
options = [
"guest"
"nofail"
"noauto"
"ro"
"x-systemd.automount"
"x-systemd.device-timeout=1"
"x-systemd.idle-timeout=1min"
];
};
}

View File

@ -13,9 +13,23 @@
pv
pwgen
remmina
ripgrep
silver-searcher
transmission
wget
xsel
youtube-dl
(pkgs.writeDashBin "tether-on" ''
adb shell svc usb setFunctions rndis
'')
(pkgs.writeDashBin "tether-off" ''
adb shell svc usb setFunctions
'')
(pkgs.writeDashBin "dl-movie" ''
${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/movies -a "$@"
'')
(pkgs.writeDashBin "dl-series" ''
${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/series -a "$@"
'')
];
}

View File

@ -356,6 +356,89 @@ in {
locations."= /good".extraConfig = ''
proxy_pass http://localhost:8001;
'';
locations."= /controls".extraConfig = ''
default_type "text/html";
alias ${pkgs.writeText "controls.html" ''
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>The_Playlist Voting!</title>
<style>
#good {
display: block;
width: 100%;
border: none;
background-color: #04AA6D;
padding: 14px;
margin: 14px 0 0 0;
height: 100px;
font-size: 16px;
cursor: pointer;
text-align: center;
}
#bad {
display: block;
width: 100%;
border: none;
background-color: red;
padding: 14px;
height: 100px;
margin: 14px 0 0 0;
font-size: 16px;
cursor: pointer;
text-align: center;
}
</style>
</head>
<body>
<div id=votenote></div>
<button id=good type="button"> GUT </button>
<button id=bad type="button"> SCHLECHT </button>
<center>
Currently Running: <br/><div>
<b id=current></b>
</div>
<div id=vote>
</div>
<audio controls autoplay="autoplay">
<source src="https://radio.lassul.us/radio.ogg" type="audio/ogg">
Your browser does not support the audio element.
</audio>
</center>
<script>
document.getElementById("good").onclick=async ()=>{
let result = await fetch("https://radio.lassul.us/good", {"method": "POST"})
document.getElementById("vote").textContent = "Dieses Lied findest du gut"
};
document.getElementById("bad").onclick=async ()=>{
let result = await fetch("https://radio.lassul.us/skip", {"method": "POST"})
document.getElementById("vote").textContent = "Dieses Lied findest du schlecht"
};
async function current() {
let result = await fetch("https://radio.lassul.us/current", {"method": "GET"})
let data = await result.json()
document.getElementById("current").textContent = data.name
}
window.onload = function() {
window.setInterval('current()', 10000)
current()
}
</script>
</body>
</html>
''};
'';
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
@ -371,7 +454,7 @@ in {
</head>
<body>
<div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
<iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
<iframe src="https://kiwiirc.com/client/irc.hackint.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
</div>
<div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
<audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>

View File

@ -27,43 +27,6 @@ in {
hooks.PRIVMSG = [
hooks.sed
hooks.url-title
{
activate = "match";
pattern = ''^@([^ ]+) (.*)$'';
command = 1;
arguments = [2];
env.HOME = config.krebs.reaktor2.coders.stateDir;
commands = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" ''
exec ${lambdabot}/bin/lambdabot \
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \
-e "$@"
'';
in {
pl.filename = pkgs.writeDash "lambdabot-pl" ''
${lambdabotWrapper} "@pl $1"
'';
type.filename = pkgs.writeDash "lambdabot-type" ''
${lambdabotWrapper} "@type $1"
'';
"let".filename = pkgs.writeDash "lambdabot-let" ''
${lambdabotWrapper} "@let $1"
'';
run.filename = pkgs.writeDash "lambdabot-run" ''
${lambdabotWrapper} "@run $1"
'';
kind.filename = pkgs.writeDash "lambdabot-kind" ''
${lambdabotWrapper} "@kind $1"
'';
};
}
{
activate = "match";
pattern = ''^!([^ ]+)(?:\s*(.*))?'';

View File

@ -13,7 +13,7 @@
nixpkgs.config.steam.java = true;
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
users.users.games.packages = [ (pkgs.steam.override {
users.users.mainUser.packages = [ (pkgs.steam.override {
extraPkgs = p: with p; [
gnutls # needed for Halo MCC
];

View File

@ -1,6 +1,6 @@
{
services.syncthing.declarative.folders."/home/lass/sync" = {
devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" ];
devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" "coaxmetal" ];
};
krebs.permown."/home/lass/sync" = {
file-mode = "u+rw,g+rw";

46
lass/2configs/tmux.nix Normal file
View File

@ -0,0 +1,46 @@
with import <stockholm/lib>;
{ config, pkgs, ... }:
{
nixpkgs.config.packageOverrides = super: {
tmux = pkgs.symlinkJoin {
name = "tmux";
paths = [
(pkgs.writeDashBin "tmux" ''
exec ${super.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
#change prefix key to `
set-option -g prefix `
unbind-key C-b
bind ` send-prefix
set-option -g default-terminal screen-256color
#use session instead of windows
bind-key c new-session
bind-key p switch-client -p
bind-key n switch-client -n
bind-key C-s switch-client -l
''} "$@"
'')
super.tmux
];
};
};
environment.systemPackages = with pkgs; [
tmux
];
# programs.bash.interactiveShellInit = ''
# if [[ "$TERM" != "linux" && -z "$TMUX" ]]; then
# if [[ -n "$SSH_AUTH_SOCK" ]]; then
# tmux set-environment -g SSH_AUTH_SOCK "$SSH_AUTH_SOCK" 2>/dev/null
# fi
# exec tmux -u
# fi
# if [[ "$__host__" != "$HOST" ]]; then
# tmux set -g status-bg colour$(string_hash $HOST 255)
# export __host__=$HOST
# fi
# '';
}

View File

@ -1,19 +0,0 @@
{ config, ... }:
{
services.teamspeak3 = {
enable = true;
};
krebs.iptables.tables.filter.INPUT.rules = [
#voice port
{ predicate = "-p tcp --dport 9987"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 9987"; target = "ACCEPT"; }
##file transfer port
{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; }
##query port
#{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; }
#{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; }
];
}

View File

@ -5,16 +5,6 @@ let
out = {
environment.systemPackages = [
(hiPrio vim)
(pkgs.writeDashBin "govet" ''
go vet "$@"
'')
(hiPrio (pkgs.python3.withPackages (ps: [
ps.python-language-server
ps.pyls-isort
ps.pyflakes
ps.flake8
ps.yapf
])))
];
environment.etc.vimrc.source = vimrc;
@ -33,6 +23,7 @@ let
set directory=${dirs.swapdir}//
set hlsearch
set incsearch
set ttymouse=sgr
set mouse=a
set ruler
set pastetoggle=<INS>
@ -126,11 +117,7 @@ let
'';
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
pkgs.vimPlugins.ack-vim
pkgs.vimPlugins.undotree
pkgs.vimPlugins.vim-go
pkgs.vimPlugins.fzf-vim
pkgs.vimPlugins.LanguageClient-neovim
(pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchFromGitHub {

View File

@ -8,12 +8,7 @@ with import <stockholm/lib>;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts._http = {
default = true;
extraConfig = ''
return 404;
'';
};
enableReload = true;
virtualHosts.default = {
locations."= /etc/os-release".extraConfig = ''

View File

@ -82,7 +82,6 @@ in {
"o_ubikmedia_de"
];
services.phpfpm.phpPackage = pkgs.php73;
services.phpfpm.phpOptions = ''
sendmail_path = ${sendmail} -t
upload_max_filesize = 100M
@ -117,6 +116,13 @@ in {
# workaround for android 7
security.acme.certs."lassul.us".keyType = "rsa4096";
services.roundcube = {
enable = true;
hostName = "mail.lassul.us";
extraConfig = ''
$config['smtp_port'] = 25;
'';
};
services.dovecot2 = {
enable = true;
mailLocation = "maildir:~/Mail";
@ -138,7 +144,7 @@ in {
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
'';
internet-aliases = [
{ from = "dma@ubikmedia.de"; to = "domsen"; }
@ -317,6 +323,15 @@ in {
isNormalUser = true;
};
users.users.line = {
uid = genid_uint31 "line";
home = "/home/line";
useDefaultShell = true;
# extraGroups = [ "xanf" ];
createHome = true;
isNormalUser = true;
};
users.groups.xanf = {};
krebs.on-failure.plans.restic-backups-domsen = {

View File

@ -32,6 +32,7 @@ in {
services.nginx.virtualHosts."lassul.us" = {
addSSL = true;
enableACME = true;
default = true;
locations."/".extraConfig = ''
root /srv/http/lassul.us;
'';

View File

@ -58,7 +58,6 @@
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
}}/LS_COLORS)
alias ls='ls --color'
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
@ -66,12 +65,6 @@
bindkey "[8~" end-of-line
bindkey "Oc" emacs-forward-word
bindkey "Od" emacs-backward-word
#aliases
alias ll='ls -l'
alias la='ls -la'
#fancy window title magic
'';
promptInit = ''
# TODO: figure out why we need to set this here

View File

@ -38,7 +38,7 @@ in {
# match filetype against patterns
${concatMapStringsSep "\n" (script: ''
${pkgs.xclip}/bin/xclip -selection clipboard -target TARGETS -out \
| grep -q '${script.target}'
| ${pkgs.gnugrep}/bin/grep -q '${script.target}'
if [ $? -eq 0 ]; then
labels="$labels:${script.label}"
fi

View File

@ -1,4 +1,5 @@
{ pkgs }:
# usage: sshify prism.r -- curl ifconfig.me
pkgs.writers.writeBashBin "sshify" ''
set -efu

Some files were not shown because too many files have changed in this diff Show More