Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
597f546e98
@ -1,13 +1,13 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
6667 6669
|
||||
];
|
||||
|
||||
systemd.services.solanum.serviceConfig.LimitNOFILE = 16384;
|
||||
systemd.services.solanum.serviceConfig.LimitNOFILE = lib.mkForce 16384;
|
||||
|
||||
krebs.solanum = {
|
||||
services.solanum = {
|
||||
enable = true;
|
||||
motd = ''
|
||||
hello
|
||||
|
@ -50,7 +50,6 @@ let
|
||||
./secret.nix
|
||||
./setuid.nix
|
||||
./shadow.nix
|
||||
./solanum.nix
|
||||
./sync-containers.nix
|
||||
./tinc.nix
|
||||
./tinc_graphs.nix
|
||||
|
4
krebs/3modules/external/default.nix
vendored
4
krebs/3modules/external/default.nix
vendored
@ -150,6 +150,7 @@ in {
|
||||
"makanek.r"
|
||||
"makanek.kmein.r"
|
||||
"grafana.kmein.r"
|
||||
"names.kmein.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
@ -263,6 +264,7 @@ in {
|
||||
"zaatar.r"
|
||||
"zaatar.kmein.r"
|
||||
"radio.kmein.r"
|
||||
"bvg.kmein.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
@ -585,7 +587,7 @@ in {
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.13.12";
|
||||
aliases = [ "catalonia.r" "aleph.r" ];
|
||||
aliases = [ "catalonia.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
|
||||
|
108
krebs/3modules/external/mic92.nix
vendored
108
krebs/3modules/external/mic92.nix
vendored
@ -256,6 +256,10 @@ in {
|
||||
okelmann = {
|
||||
owner = config.krebs.users.mic92;
|
||||
nets.retiolum = {
|
||||
addrs = [
|
||||
config.krebs.hosts.okelmann.nets.retiolum.ip4.addr
|
||||
config.krebs.hosts.okelmann.nets.retiolum.ip6.addr
|
||||
];
|
||||
ip4.addr = "10.243.29.190";
|
||||
aliases = [
|
||||
"okelmann.r"
|
||||
@ -275,6 +279,10 @@ in {
|
||||
aendernix = {
|
||||
owner = config.krebs.users.mic92;
|
||||
nets.retiolum = {
|
||||
addrs = [
|
||||
config.krebs.hosts.aendernix.nets.retiolum.ip4.addr
|
||||
config.krebs.hosts.aendernix.nets.retiolum.ip6.addr
|
||||
];
|
||||
ip4.addr = "10.243.29.172";
|
||||
aliases = [
|
||||
"aendernix.r"
|
||||
@ -296,6 +304,30 @@ in {
|
||||
'';
|
||||
};
|
||||
};
|
||||
aenderpad = {
|
||||
owner = config.krebs.users.mic92;
|
||||
nets.retiolum = {
|
||||
addrs = [
|
||||
config.krebs.hosts.aenderpad.nets.retiolum.ip4.addr
|
||||
config.krebs.hosts.aenderpad.nets.retiolum.ip6.addr
|
||||
];
|
||||
ip4.addr = "10.243.29.201";
|
||||
aliases = [
|
||||
"aendernix.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvHSVUd6/5P2rK3s9iQhVrxkjufDIi0Kn04iVB4Z0TpUvnmFAP+Hv
|
||||
d7umo95lNkAPL9c3byv4ooQjOskrp7GmgQRijLUvJSAZ9FBVWPAjMXs+gk9oJnQj
|
||||
6bovXJ3DurmW3h1ZRmkWn256j7g8lEMtf5LGFxs9Bwi4wqZTbI6DzTQhmNm76Spb
|
||||
2UMSzr9kDcNj5r6LDhDKEDtx4P1Opshgsf9AusV81N5nqDcvAYsvEqYoPvjKIPwF
|
||||
5jtfHY7hM7SdYoVgdAY8RFH7xuRkLQW4LBxPKjP3pEQPCgXcuEELm33PGr+w/vhC
|
||||
jxeyKP+uSeuBBMSatTWG3kU8W2LxVML65QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
Ed25519PublicKey = jC2UzKiUtWUlZF2ET88qM+Ot+GpoWxFFfpi8TCCr0uM
|
||||
'';
|
||||
};
|
||||
};
|
||||
dimitra = {
|
||||
owner = config.krebs.users.mic92;
|
||||
nets.retiolum = {
|
||||
@ -761,5 +793,81 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
ryan = {
|
||||
owner = config.krebs.users.mic92;
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
addrs = [
|
||||
config.krebs.hosts.ryan.nets.retiolum.ip4.addr
|
||||
config.krebs.hosts.ryan.nets.retiolum.ip6.addr
|
||||
];
|
||||
ip4.addr = "10.243.29.198";
|
||||
aliases = [ "ryan.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0RE5jmBiEGmaYLVFmpCyVvlb6K3Zh2uxh7sVm44k31d9PEHHm4Wz
|
||||
HQH+ueaefGVu19xLRJQGu4ZMl7oRbb5awiqKdSGgInhQaNzxUIHW4cCCdOVkgZSy
|
||||
NjI9LMcc8tQtkoFGt6OhAzaViuGMo+aJAkLuXNf8hz5uR2flqQEeKfG5Kc7Z1DAQ
|
||||
QNoBRtY0pltyK2y/Ip8cZ9cdxR5oLww67ykhY+eLy9tZLfKs6uWSq+2CV0cpNNQ9
|
||||
Sh8fSbkjb4+JkxWAHDOyAnwFxnxstMcW0cscOW7nXYDi5IpvvesJlk698un7bLhm
|
||||
vCkAd+WiNuTGfs9t0r6FDDVDREBhNk1sLwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
Ed25519PublicKey = sOD149OLZ2yUEjRpwbGdwHULKF2qNY3F+9AsEi1G0ZM
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
graham = {
|
||||
owner = config.krebs.users.mic92;
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
addrs = [
|
||||
config.krebs.hosts.graham.nets.retiolum.ip4.addr
|
||||
config.krebs.hosts.graham.nets.retiolum.ip6.addr
|
||||
];
|
||||
ip4.addr = "10.243.29.199";
|
||||
aliases = [ "graham.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAtnM8VqFlEPLPYfKOZvN4kKklrVEyX4WewlqHO8vtxML9ND5BHCdn
|
||||
UeRsThvbKVRqEvZLTAXKClZRYVr2IroHqfx0euTq3FYTUbNNQ4KgcFAfLKWoxGfK
|
||||
HsQbYpS93/sUtmhRBGcgXPnEkE6yqvFBXxcmB1QqdmgYKdY2Gtikwrv/5hb4AlNe
|
||||
/gyzKGtAKYogspLI6EpEwlD9CGDNIUPJ4uQ56gDhV/qtyMSE6X0igSSVZayDc+x1
|
||||
InPkH90xsa0/uXjYDnXNdMguLArGkRzMhd6DzK4vEaPFIX59yMX+tEj46rGY7xAI
|
||||
gUZUI2codqY5Z93W5GC+ws34y0bpfeMMWwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
Ed25519PublicKey = xMJNMMXZRCbWkN9CzLFohkGUK54dPcrrosFD7xgIFXA
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
maurice = {
|
||||
owner = config.krebs.users.mic92;
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
addrs = [
|
||||
config.krebs.hosts.maurice.nets.retiolum.ip4.addr
|
||||
config.krebs.hosts.maurice.nets.retiolum.ip6.addr
|
||||
];
|
||||
ip4.addr = "10.243.29.200";
|
||||
aliases = [ "maurice.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAsLKBfPtZkjWGu6uitCV+4c5aQox2t4N8XNhY2mqE806XsYrqAC+y
|
||||
d0oLOxRMUjfh9stDnEW/YRoLEKz9oZdRYd4eenP0Q3c3HdRFDBNCs27M5a8ysqZD
|
||||
5w9+B+9OfUmMv61NyKiaR6WtoGbE849cj1UNk1z04elshfU7h829D8QnD4j1A1gf
|
||||
bOaNG+RzOP6qP/6Q30rxAiTxRPi+FhcHvxa33y1ZVobvnfGcJa+AzsTbgH9T9Yob
|
||||
GuXFZvuQVSyWOLOgY/vVml904q8gScMpBesAsZJ7DEXxSTga0Rt99Ti3d9ABwBI5
|
||||
1YabQlGLaAkrj3PMgrDyayzGBDDDva9fEQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
Ed25519PublicKey = pkMuJ4kbyleQAdau+sfmLtzTuUy7uL+wwcgV/GWC7/N
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -55,10 +55,12 @@ let
|
||||
name = "fetchWallpaper";
|
||||
uid = genid_uint31 "fetchWallpaper";
|
||||
description = "fetchWallpaper user";
|
||||
group = "fetchWallpaper";
|
||||
home = cfg.stateDir;
|
||||
createHome = true;
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.fetchWallpaper = {};
|
||||
|
||||
systemd.timers.fetchWallpaper = {
|
||||
description = "fetch wallpaper timer";
|
||||
|
@ -362,10 +362,8 @@ let
|
||||
users.users.${cfg.user.name} = {
|
||||
inherit (cfg.user) home name uid;
|
||||
description = "Git repository hosting user";
|
||||
extraGroups = [
|
||||
# To allow running cgit-clear-cache via hooks.
|
||||
cfg.cgit.fcgiwrap.group.name
|
||||
];
|
||||
# To allow running cgit-clear-cache via hooks.
|
||||
group = cfg.cgit.fcgiwrap.group.name;
|
||||
isSystemUser = true;
|
||||
shell = "/bin/sh";
|
||||
openssh.authorizedKeys.keys =
|
||||
|
@ -105,6 +105,7 @@ in {
|
||||
"go.r"
|
||||
"rss.r"
|
||||
];
|
||||
tinc.port = 0;
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9PY6t6P1ytgo8qYL2QDc
|
||||
@ -165,6 +166,7 @@ in {
|
||||
"build.puyak.r"
|
||||
"cgit.puyak.r"
|
||||
];
|
||||
tinc.port = 0;
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955
|
||||
|
@ -37,6 +37,7 @@ in {
|
||||
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
||||
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
io 60 IN NS ions.lassul.us.
|
||||
@ -48,6 +49,7 @@ in {
|
||||
jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
@ -122,33 +124,6 @@ in {
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
|
||||
};
|
||||
uriel = {
|
||||
monitoring = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.81.176";
|
||||
ip6.addr = r6 "1e1";
|
||||
aliases = [
|
||||
"uriel.r"
|
||||
];
|
||||
tinc.port = 0;
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR
|
||||
duJkk8Fj12ftMc+Of1gnwDkFhRcfAKOeH1RSc4CTircWVq99WyecTwEZoaR/goQb
|
||||
MND022kIBoG6NQNxv1Y5I1B/h7hfloMFEPym9oFtOAXoGhBY2vVl4g64NNz+RLME
|
||||
m1RipLXKANAh6LRNPGPQCUYX4TVY2ZJVxM3CM1XdomUAdOYXJmWFyUg9NcIKaacx
|
||||
uRrmuy7J9yFBcihZX5Y7NV361kINrpRmZYxJRf9cr0hb5EkJJ7bMIKQMEFQ5RnYo
|
||||
u7MPGKD7aNHa6hLLCeIfJ5u0igVmSLh3pwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBryIo/Waw8SWvlQ0+5I+Bd/dJgcMd6iPXtELS6gQXoc";
|
||||
secure = true;
|
||||
};
|
||||
mors = {
|
||||
cores = 2;
|
||||
nets = {
|
||||
@ -418,38 +393,6 @@ in {
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
|
||||
syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
|
||||
};
|
||||
red = {
|
||||
monitoring = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.13";
|
||||
ip6.addr = r6 "12ed";
|
||||
aliases = [
|
||||
"red.r"
|
||||
];
|
||||
tinc.port = 0;
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
|
||||
4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
|
||||
Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
|
||||
phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
|
||||
FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
|
||||
TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
|
||||
mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
|
||||
oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
|
||||
cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
|
||||
7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
|
||||
5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
|
||||
ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
||||
};
|
||||
yellow = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
@ -583,44 +526,6 @@ in {
|
||||
ci = false;
|
||||
syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
|
||||
};
|
||||
morpheus = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.19";
|
||||
ip6.addr = r6 "012f";
|
||||
aliases = [
|
||||
"morpheus.r"
|
||||
];
|
||||
tinc.port = 0;
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY
|
||||
T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN
|
||||
/Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh
|
||||
S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz
|
||||
Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR
|
||||
bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI
|
||||
Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz
|
||||
sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+
|
||||
VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j
|
||||
3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA
|
||||
U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
wiregrill = {
|
||||
ip6.addr = w6 "012f";
|
||||
aliases = [
|
||||
"morpheus.w"
|
||||
];
|
||||
wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY=";
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
|
||||
syncthing.id = "JS4RFIL-MJP2SMJ-EOQXCPQ-MC3NB4V-BQ77GN5-LPKGLWY-GHDP732-G22OJQQ";
|
||||
};
|
||||
hilum = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
|
@ -1,104 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkEnableOption mkIf mkOption singleton types;
|
||||
inherit (pkgs) coreutils solanum;
|
||||
cfg = config.krebs.solanum;
|
||||
|
||||
configFile = pkgs.writeText "solanum.conf" ''
|
||||
${cfg.config}
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
krebs.solanum = {
|
||||
|
||||
enable = mkEnableOption "Solanum IRC daemon";
|
||||
|
||||
config = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Solanum IRC daemon configuration file.
|
||||
'';
|
||||
};
|
||||
|
||||
statedir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/solanum";
|
||||
description = ''
|
||||
Location of the state directory of solanum.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "ircd";
|
||||
description = ''
|
||||
Solanum IRC daemon user.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "ircd";
|
||||
description = ''
|
||||
Solanum IRC daemon group.
|
||||
'';
|
||||
};
|
||||
|
||||
motd = mkOption {
|
||||
type = types.nullOr types.lines;
|
||||
default = null;
|
||||
description = ''
|
||||
Solanum MOTD text.
|
||||
|
||||
Solanum will read its MOTD from /etc/solanum/ircd.motd .
|
||||
If set, the value of this option will be written to this path.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable (lib.mkMerge [
|
||||
{
|
||||
users.users.${cfg.user} = {
|
||||
description = "Solanum IRC daemon user";
|
||||
uid = config.ids.uids.ircd;
|
||||
group = cfg.group;
|
||||
};
|
||||
|
||||
users.groups.${cfg.group} = {
|
||||
gid = config.ids.gids.ircd;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
|
||||
systemd.services.solanum = {
|
||||
description = "Solanum IRC daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${solanum}/bin/solanum -foreground -logfile /dev/stdout -configfile ${configFile} -pidfile ${cfg.statedir}/ircd.pid";
|
||||
Group = cfg.group;
|
||||
User = cfg.user;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
(mkIf (cfg.motd != null) {
|
||||
environment.etc."solanum/ircd.motd".text = cfg.motd;
|
||||
})
|
||||
]);
|
||||
}
|
@ -94,7 +94,7 @@ in {
|
||||
programs.fuse.userAllowOther = true;
|
||||
# allow syncthing to enter /var/lib/containers
|
||||
system.activationScripts.containers-enter = mkDefault ''
|
||||
${pkgs.coreutils}/bin/chmod a+x /var/lib/containers
|
||||
${pkgs.coreutils}/bin/chmod a+x /var/lib/containers || :
|
||||
'';
|
||||
|
||||
services.syncthing.declarative.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({
|
||||
|
@ -237,9 +237,14 @@ let
|
||||
inherit (cfg.user) home name uid;
|
||||
createHome = true;
|
||||
isSystemUser = true;
|
||||
group = netname;
|
||||
}
|
||||
) config.krebs.tinc;
|
||||
|
||||
users.groups = mapAttrs' (netname: cfg:
|
||||
nameValuePair netname {}
|
||||
) config.krebs.tinc;
|
||||
|
||||
environment.etc = mapAttrs' (netname: cfg:
|
||||
nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy {
|
||||
source = cfg.confDir;
|
||||
|
@ -1,18 +1,23 @@
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
stockholm.lib = import ../../lib;
|
||||
in
|
||||
with stockholm.lib;
|
||||
self: super:
|
||||
|
||||
# Import files and subdirectories like they are overlays.
|
||||
foldl' mergeAttrs {}
|
||||
fix (foldl' (flip extends) (self: super) (
|
||||
[
|
||||
(self: super: { inherit stockholm; })
|
||||
]
|
||||
++
|
||||
(map
|
||||
(name: import (./. + "/${name}") self super)
|
||||
(name: import (./. + "/${name}"))
|
||||
(filter
|
||||
(name: name != "default.nix" && !hasPrefix "." name)
|
||||
(attrNames (readDir ./.))))
|
||||
|
||||
//
|
||||
|
||||
{
|
||||
brockman = self.haskellPackages.brockman;
|
||||
reaktor2 = self.haskellPackages.reaktor2;
|
||||
}
|
||||
++
|
||||
[
|
||||
(self: super: {
|
||||
brockman = self.haskellPackages.brockman;
|
||||
reaktor2 = self.haskellPackages.reaktor2;
|
||||
})
|
||||
]
|
||||
))
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ mkDerivation, aeson, base, fetchgit, stdenv, X11 }:
|
||||
{ mkDerivation, aeson, base, fetchgit, lib, X11 }:
|
||||
mkDerivation {
|
||||
pname = "X11-aeson";
|
||||
version = "1.0.0";
|
||||
@ -9,5 +9,5 @@ mkDerivation {
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
libraryHaskellDepends = [ aeson base X11 ];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = lib.licenses.mit;
|
||||
}
|
||||
|
@ -1,6 +1,7 @@
|
||||
with import <stockholm/lib>;
|
||||
{ mkDerivation, base, fetchgit, hspec, QuickCheck, stdenv, text }: let
|
||||
{ mkDerivation, base, fetchgit, hspec, QuickCheck, lib, stockholm, text }:
|
||||
with stockholm.lib;
|
||||
|
||||
let
|
||||
cfg = {
|
||||
"18.03" = {
|
||||
version = "1.1.0";
|
||||
@ -23,5 +24,5 @@ in mkDerivation {
|
||||
testHaskellDepends = [ base hspec QuickCheck ];
|
||||
doHaddock = false;
|
||||
# WTFPL is the true license, which is unknown to cabal.
|
||||
license = stdenv.lib.licenses.wtfpl;
|
||||
license = lib.licenses.wtfpl;
|
||||
}
|
||||
|
@ -2,7 +2,7 @@
|
||||
, case-insensitive, conduit, containers, directory, feed, filepath
|
||||
, hashable, hslogger, html-entity, http-client, irc-conduit, lens
|
||||
, lrucache, lrucaching, network, optparse-applicative, random, safe
|
||||
, stdenv, text, time, timerep, wreq
|
||||
, lib, text, time, timerep, wreq
|
||||
, fetchFromGitHub
|
||||
}:
|
||||
mkDerivation rec {
|
||||
@ -22,5 +22,5 @@ mkDerivation rec {
|
||||
http-client irc-conduit lens lrucache lrucaching network
|
||||
optparse-applicative random safe text time timerep wreq
|
||||
];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = lib.licenses.mit;
|
||||
}
|
||||
|
@ -1,8 +1,9 @@
|
||||
with import <stockholm/lib>;
|
||||
self: super:
|
||||
with self.stockholm.lib;
|
||||
|
||||
let
|
||||
overrides = self: super: mapNixDir (path: self.callPackage path {}) ./.;
|
||||
in
|
||||
self: super:
|
||||
{
|
||||
haskell = super.haskell // {
|
||||
packages = mapAttrs (name: value:
|
||||
|
@ -1,8 +1,10 @@
|
||||
with import <stockholm/lib>;
|
||||
{ mkDerivation, attoparsec, base, base64-bytestring, bytestring
|
||||
, case-insensitive, containers, exceptions, fetchgit, QuickCheck
|
||||
, stdenv, tasty, tasty-quickcheck, text, text-icu, time
|
||||
}: let
|
||||
, lib, stockholm, tasty, tasty-quickcheck, text, text-icu, time
|
||||
}:
|
||||
with stockholm.lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = {
|
||||
"18.03" = {
|
||||
@ -40,5 +42,5 @@ in mkDerivation {
|
||||
jailbreak = true;
|
||||
homepage = "http://github.com/knrafto/email-header";
|
||||
description = "Parsing and rendering of email and MIME headers";
|
||||
license = stdenv.lib.licenses.bsd3;
|
||||
license = lib.licenses.bsd3;
|
||||
}
|
||||
|
@ -1,6 +1,5 @@
|
||||
{ mkDerivation, base, blessings, containers, data-default, fetchgit
|
||||
, lens, mtl, old-locale, process, scanner, stdenv, time, unix
|
||||
, zippers
|
||||
, lens, lib, mtl, old-locale, process, scanner, time, unix, zippers
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "hack";
|
||||
@ -18,5 +17,5 @@ mkDerivation {
|
||||
base blessings containers data-default lens mtl old-locale process
|
||||
scanner time unix zippers
|
||||
];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = lib.licenses.mit;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
{ mkDerivation, async, base, bytestring, fetchgit, network
|
||||
, optparse-applicative, stdenv, text
|
||||
{ mkDerivation, async, base, bytestring, fetchgit, lib, network
|
||||
, optparse-applicative, text
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "kirk";
|
||||
@ -8,6 +8,7 @@ mkDerivation {
|
||||
url = "http://cgit.krebsco.de/kirk";
|
||||
sha256 = "1acsmmc485c54axpy9bd0320j18hs261vl1vdxns4n04sxzqd7k0";
|
||||
rev = "cdf3cb373af8f9b03a9487a63eb32e0226913589";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
isLibrary = true;
|
||||
isExecutable = true;
|
||||
@ -17,5 +18,5 @@ mkDerivation {
|
||||
executableHaskellDepends = [
|
||||
async base network optparse-applicative text
|
||||
];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = lib.licenses.mit;
|
||||
}
|
||||
|
@ -2,9 +2,9 @@
|
||||
, blaze-builder, blessings, bytestring, case-insensitive
|
||||
, containers, data-default, deepseq, directory, either
|
||||
, email-header, fetchgit, filepath, friendly-time, http-types
|
||||
, hyphenation, linebreak, network, old-locale, optparse-applicative
|
||||
, process, random, rosezipper, safe, scanner, servant-server, split
|
||||
, stdenv, terminal-size, text, time, transformers
|
||||
, hyphenation, lib, linebreak, network, old-locale
|
||||
, optparse-applicative, process, random, rosezipper, safe, scanner
|
||||
, servant-server, split, terminal-size, text, time, transformers
|
||||
, transformers-compat, unix, vector, wai, warp
|
||||
}:
|
||||
mkDerivation {
|
||||
@ -32,5 +32,5 @@ mkDerivation {
|
||||
data-default deepseq directory filepath hyphenation linebreak
|
||||
process rosezipper safe scanner text time transformers unix
|
||||
];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = lib.licenses.mit;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
{ mkDerivation, base, bloomfilter, bytestring, feed, fetchgit, lens
|
||||
, stdenv, wreq
|
||||
, lib, wreq
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "news";
|
||||
@ -14,5 +14,5 @@ mkDerivation {
|
||||
executableHaskellDepends = [
|
||||
base bloomfilter bytestring feed lens wreq
|
||||
];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = lib.licenses.mit;
|
||||
}
|
||||
|
@ -2,7 +2,7 @@
|
||||
, bytestring, containers, data-default, fetchgit, filepath
|
||||
, hashable, lens, lens-aeson, network, network-simple
|
||||
, network-simple-tls, network-uri, pcre-light, process, random
|
||||
, servant-server, stdenv, string-conversions, stringsearch, text
|
||||
, servant-server, lib, string-conversions, stringsearch, text
|
||||
, time, transformers, unagi-chan, unix, unordered-containers
|
||||
, vector, wai, warp
|
||||
}:
|
||||
@ -24,5 +24,5 @@ mkDerivation rec {
|
||||
random servant-server string-conversions stringsearch text time
|
||||
transformers unagi-chan unix unordered-containers vector wai warp
|
||||
];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = lib.licenses.mit;
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ mkDerivation, ansi-terminal, async, base, binary, bytestring
|
||||
, data-default, directory, filepath, megaparsec
|
||||
, optparse-applicative, pandoc, random, safe, scalpel, stdenv, text
|
||||
, optparse-applicative, pandoc, random, safe, scalpel, lib, text
|
||||
, time
|
||||
, fetchFromGitHub
|
||||
}:
|
||||
@ -21,5 +21,5 @@ mkDerivation rec {
|
||||
filepath megaparsec optparse-applicative pandoc random safe scalpel
|
||||
text time
|
||||
];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = lib.licenses.mit;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ mkDerivation, base, fetchgit, stdenv }:
|
||||
{ mkDerivation, base, fetchgit, lib }:
|
||||
mkDerivation {
|
||||
pname = "scanner";
|
||||
version = "1.0.1";
|
||||
@ -9,5 +9,5 @@ mkDerivation {
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
libraryHaskellDepends = [ base ];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = lib.licenses.mit;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ mkDerivation, aeson, base, fetchgit, stdenv, X11-aeson, xmonad }:
|
||||
{ mkDerivation, aeson, base, fetchgit, lib, X11-aeson, xmonad }:
|
||||
mkDerivation {
|
||||
pname = "xmonad-aeson";
|
||||
version = "1.0.0";
|
||||
@ -9,5 +9,5 @@ mkDerivation {
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
libraryHaskellDepends = [ aeson base X11-aeson xmonad ];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = lib.licenses.mit;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft , X11-xshape, xmonad, xmonad-contrib
|
||||
{ mkDerivation, base, containers, fetchgit, filepath, lib, unix, X11, X11-xft , X11-xshape, xmonad, xmonad-contrib
|
||||
}:
|
||||
mkDerivation rec {
|
||||
pname = "xmonad-stockholm";
|
||||
@ -11,5 +11,5 @@ mkDerivation rec {
|
||||
libraryHaskellDepends = [
|
||||
base containers filepath unix X11 X11-xft X11-xshape xmonad xmonad-contrib
|
||||
];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = lib.licenses.mit;
|
||||
}
|
||||
|
@ -1,4 +1,3 @@
|
||||
with import <stockholm/lib>;
|
||||
self: super: {
|
||||
|
||||
bitlbee-facebook = super.bitlbee-facebook.overrideAttrs (old: {
|
||||
|
@ -1,6 +1,5 @@
|
||||
{ imagemagick, runCommand, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
{ imagemagick, runCommand, stockholm, ... }:
|
||||
with stockholm.lib;
|
||||
|
||||
let
|
||||
krebs-v2 = [
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, pytest
|
||||
@ -22,7 +22,7 @@ buildPythonPackage rec {
|
||||
# Package supports 3.x, but tests are clearly 2.x only.
|
||||
doCheck = !isPy3k;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
meta = with lib; {
|
||||
description = "Non-validating SQL parser for Python";
|
||||
longDescription = ''
|
||||
Provides support for parsing, splitting and formatting SQL statements.
|
||||
|
@ -1,8 +1,6 @@
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{ cache-root ? "/tmp/cgit", findutils, writeDashBin }:
|
||||
{ cache-root ? "/tmp/cgit", findutils, stockholm, writeDashBin }:
|
||||
|
||||
writeDashBin "cgit-clear-cache" ''
|
||||
set -efu
|
||||
${findutils}/bin/find ${shell.escape cache-root} -type f -delete
|
||||
${findutils}/bin/find ${stockholm.lib.shell.escape cache-root} -type f -delete
|
||||
''
|
||||
|
@ -1,18 +1,16 @@
|
||||
with import <stockholm/lib>;
|
||||
|
||||
self: super:
|
||||
|
||||
let
|
||||
# This callPackage will try to detect obsolete overrides.
|
||||
lib = super.stockholm.lib;
|
||||
callPackage = path: args: let
|
||||
override = self.callPackage path args;
|
||||
upstream = optionalAttrs (override ? "name")
|
||||
(super.${(parseDrvName override.name).name} or {});
|
||||
upstream = lib.optionalAttrs (override ? "name")
|
||||
(super.${(lib.parseDrvName override.name).name} or {});
|
||||
in if upstream ? "name" &&
|
||||
override ? "name" &&
|
||||
compareVersions upstream.name override.name != -1
|
||||
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
|
||||
lib.compareVersions upstream.name override.name != -1
|
||||
then lib.trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
|
||||
else override;
|
||||
in
|
||||
|
||||
mapNixDir (path: callPackage path {}) ./.
|
||||
lib.mapNixDir (path: callPackage path {}) ./.
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ jq, systemd, writeDashBin }:
|
||||
{ jq, stockholm, systemd, writeDashBin }:
|
||||
|
||||
let
|
||||
lib = import <stockholm/lib>;
|
||||
lib = stockholm.lib;
|
||||
user = "exim"; # TODO make this configurable
|
||||
in
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
with import <stockholm/lib>;
|
||||
{ pkgs, ... }@args:
|
||||
{ pkgs, stockholm, ... }@args:
|
||||
with stockholm.lib;
|
||||
|
||||
let
|
||||
# config cannot be declared in the input attribute set because that would
|
||||
|
@ -1,5 +1,5 @@
|
||||
with import <stockholm/lib>;
|
||||
{ config, pkgs }:
|
||||
with pkgs.stockholm.lib;
|
||||
let
|
||||
|
||||
# Refs https://github.com/lupoDharkael/flameshot/blob/master/src/widgets/capture/capturebutton.h
|
||||
|
@ -1,5 +1,5 @@
|
||||
with import <stockholm/lib>;
|
||||
{ pkgs, ... }@args:
|
||||
{ pkgs, stockholm, ... }@args:
|
||||
with stockholm.lib;
|
||||
|
||||
let
|
||||
# config cannot be declared in the input attribute set because that would
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ pkgs, ... }:
|
||||
{ pkgs, stockholm, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
with stockholm.lib;
|
||||
|
||||
{
|
||||
# TODO irc-announce should return a derivation
|
||||
|
@ -1,5 +1,6 @@
|
||||
with import <stockholm/lib>;
|
||||
{ pkgs, stdenv }:
|
||||
{ pkgs, stockholm, stdenv }:
|
||||
with stockholm.lib;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "htgen-cyberlocker";
|
||||
version = "1.0.0";
|
||||
|
@ -1,3 +1,10 @@
|
||||
emptyok_response() {(
|
||||
printf "HTTP/1.1 204 OK\r\n"
|
||||
printf 'Connection: close\r\n'
|
||||
printf 'Server: %s\r\n' "$Server"
|
||||
printf '\r\n'
|
||||
)}
|
||||
|
||||
delete_response() {
|
||||
jq -n -r \
|
||||
--arg server "$Server" \
|
||||
@ -44,7 +51,10 @@ read_uri() {
|
||||
}
|
||||
|
||||
uri=$(read_uri "$Request_URI")
|
||||
path=$(jq -nr --argjson uri "$uri" '$uri.path')
|
||||
path=$(jq -nr --argjson uri "$uri" '
|
||||
$uri.path |
|
||||
gsub("/+"; "/")
|
||||
')
|
||||
|
||||
case "$Method $path" in
|
||||
'POST /'*|'PUT /'*)
|
||||
@ -57,6 +67,8 @@ case "$Method $path" in
|
||||
|
||||
mkdir -v -p $STATEDIR/items >&2
|
||||
cp -v $content $item >&2
|
||||
|
||||
emptyok_response
|
||||
exit
|
||||
;;
|
||||
'GET /'*)
|
||||
|
@ -1,5 +1,4 @@
|
||||
with import <stockholm/lib>;
|
||||
{ attr, coreutils, exiv2, findutils, gnugrep, jq, nix, utillinux, stdenv }:
|
||||
{ attr, coreutils, exiv2, findutils, gnugrep, jq, nix, stockholm, utillinux, stdenv }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "htgen-imgur";
|
||||
version = "1.0.0";
|
||||
@ -9,7 +8,7 @@ stdenv.mkDerivation rec {
|
||||
buildPhase = ''
|
||||
(
|
||||
exec > htgen-imgur
|
||||
echo PATH=${makeBinPath [
|
||||
echo PATH=${stockholm.lib.makeBinPath [
|
||||
attr
|
||||
coreutils
|
||||
exiv2
|
||||
@ -18,7 +17,7 @@ stdenv.mkDerivation rec {
|
||||
jq
|
||||
nix utillinux
|
||||
]}
|
||||
echo STATEDIR=${shell.escape "\${STATEDIR-$HOME}"}
|
||||
echo STATEDIR=${stockholm.lib.shell.escape "\${STATEDIR-$HOME}"}
|
||||
cat $src/htgen-imgur
|
||||
)
|
||||
'';
|
||||
|
@ -1,18 +1,8 @@
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
pkgs.writeDashBin "irc-announce" ''
|
||||
set -euf
|
||||
|
||||
export PATH=${makeSearchPath "bin" (with pkgs; [
|
||||
coreutils
|
||||
gawk
|
||||
gnused
|
||||
netcat
|
||||
nettools
|
||||
])}
|
||||
|
||||
IRC_SERVER=$1
|
||||
IRC_PORT=$2
|
||||
IRC_NICK=$3_$$
|
||||
@ -20,57 +10,15 @@ pkgs.writeDashBin "irc-announce" ''
|
||||
IRC_TLS=$5
|
||||
message=$6
|
||||
|
||||
export IRC_CHANNEL # for privmsg_cat
|
||||
if test "$IRC_TLS" != 1; then
|
||||
unset IRC_TLS
|
||||
fi
|
||||
|
||||
# echo2 and cat2 are used output to both, stdout and stderr
|
||||
# This is used to see what we send to the irc server. (debug output)
|
||||
echo2() { echo "$*"; echo "$*" >&2; }
|
||||
cat2() {
|
||||
awk '{
|
||||
print $0
|
||||
print $0 > "/dev/stderr"
|
||||
}'
|
||||
}
|
||||
|
||||
# privmsg_cat transforms stdin to a privmsg
|
||||
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
|
||||
|
||||
tls_flag() { if [ "$IRC_TLS" -eq 1 ]; then echo "-c"; fi }
|
||||
|
||||
# ircin is used to feed the output of netcat back to the "irc client"
|
||||
# so we can implement expect-like behavior with sed^_^
|
||||
# XXX mkselfdestructingtmpfifo would be nice instead of this cruft
|
||||
tmpdir=$(mktemp --tmpdir -d irc-announce_XXXXXXXX)
|
||||
cd "$tmpdir"
|
||||
mkfifo ircin
|
||||
trap "
|
||||
rm ircin
|
||||
cd '$OLDPWD'
|
||||
rmdir '$tmpdir'
|
||||
trap - EXIT INT QUIT
|
||||
" EXIT INT QUIT
|
||||
|
||||
{
|
||||
echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
|
||||
echo2 "NICK $IRC_NICK"
|
||||
|
||||
awk 'match($0, /PING(.*)/, m) {print "PONG", m[1]; exit}'
|
||||
|
||||
# wait for MODE message
|
||||
sed -n '/^:[^ ]* MODE /q'
|
||||
|
||||
echo2 "JOIN $IRC_CHANNEL"
|
||||
|
||||
printf '%s' "$message" \
|
||||
| privmsg_cat \
|
||||
| cat2
|
||||
|
||||
echo2 "PART $IRC_CHANNEL"
|
||||
|
||||
# wait for PART confirmation
|
||||
sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
|
||||
|
||||
echo2 'QUIT :Gone to have lunch'
|
||||
} < ircin \
|
||||
| nc $(tls_flag) "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
|
||||
printf %s "$message" |
|
||||
${pkgs.ircaids}/bin/ircsink \
|
||||
--nick="$IRC_NICK" \
|
||||
--port="$IRC_PORT" \
|
||||
--server="$IRC_SERVER" \
|
||||
--target="$IRC_CHANNEL" \
|
||||
''${IRC_TLS:+--secure}
|
||||
''
|
||||
|
32
krebs/5pkgs/simple/ircaids/default.nix
Normal file
32
krebs/5pkgs/simple/ircaids/default.nix
Normal file
@ -0,0 +1,32 @@
|
||||
{ lib, pkgs, stdenv }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ircaids";
|
||||
version = "1.0.1";
|
||||
|
||||
src = pkgs.fetchgit {
|
||||
url = "https://cgit.krebsco.de/ircaids";
|
||||
rev = "refs/tags/${version}";
|
||||
sha256 = "0wp01pag58c72rmx8j3i1vlq60na8lc91743832f0h27cik8yqvh";
|
||||
};
|
||||
|
||||
buildPhase = null;
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
|
||||
cp $src/bin/ircsink $out/bin/ircsink
|
||||
sed -i '
|
||||
s;^#! /bin/sh;#! ${pkgs.dash}/bin/dash;
|
||||
s;^#!.*;&\nexport PATH=${lib.makeBinPath [
|
||||
pkgs.coreutils
|
||||
pkgs.gawk
|
||||
pkgs.gnused
|
||||
pkgs.netcat
|
||||
pkgs.nettools
|
||||
pkgs.openssl
|
||||
pkgs.utillinux
|
||||
]};
|
||||
' $out/bin/ircsink
|
||||
'';
|
||||
}
|
@ -1,7 +1,5 @@
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
default-host-colors = pkgs.writeJSON "logf.default-host-colors.json" {
|
||||
};
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ coreutils, curl, fetchgit, gawk, gnugrep, gnused, jq, stdenv, w3m, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{ coreutils, curl, fetchgit, gawk, gnugrep, gnused, jq, stdenv, stockholm, w3m, ... }:
|
||||
with stockholm.lib;
|
||||
|
||||
let
|
||||
readJSON = path: fromJSON (readFile path);
|
||||
sed.escape = replaceChars ["/"] ["\\/"]; # close enough
|
||||
|
@ -1,10 +1,10 @@
|
||||
{ writers, coreutils, grib2json, curl, jq, findutils, imagemagick }:
|
||||
writers.writeDashBin "nomads-cloud" ''
|
||||
prefix=$(mktemp -d)
|
||||
grib_path=$prefix.grib
|
||||
json_path=$prefix.json
|
||||
pgm_path=$prefix.pgm
|
||||
png_path="$1"
|
||||
grib_path=$prefix/clouds.grib
|
||||
json_path=$prefix/clouds.json
|
||||
pgm_path=$prefix/clouds.pgm
|
||||
png_path=$1
|
||||
|
||||
mkdir -p "$prefix"
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
with import <stockholm/lib>;
|
||||
{ lib, pkgs, ... }:
|
||||
{ lib, pkgs, stockholm, ... }:
|
||||
with stockholm.lib;
|
||||
|
||||
rec {
|
||||
generators = {
|
||||
|
@ -1,5 +1,4 @@
|
||||
let lib = import <stockholm/lib>; in
|
||||
{ pkgs }:
|
||||
{ pkgs, stockholm }:
|
||||
|
||||
# urix - URI eXtractor
|
||||
# Extract all the URIs from standard input and write them to standard output!
|
||||
@ -10,6 +9,6 @@ pkgs.execBin "urix" {
|
||||
argv = [
|
||||
"urix"
|
||||
"-Eo"
|
||||
"\\b${lib.uri.posix-extended-regex}\\b"
|
||||
"\\b${stockholm.lib.uri.posix-extended-regex}\\b"
|
||||
];
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
with import <stockholm/lib>;
|
||||
{ coreutils, quote, utillinux, writeDash }:
|
||||
{ coreutils, quote, stockholm, utillinux, writeDash }:
|
||||
with stockholm.lib;
|
||||
|
||||
opt-spec: cmd-spec: let
|
||||
|
||||
|
@ -1,5 +1,3 @@
|
||||
with import <stockholm/lib>;
|
||||
|
||||
self: super:
|
||||
|
||||
{
|
||||
|
@ -6,8 +6,8 @@
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
(import ./5pkgs)
|
||||
(import ../submodules/nix-writers/pkgs)
|
||||
(import ./5pkgs)
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -1,9 +1,9 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "09cd65b33c5653d7d2954fef4b9f0e718c899743",
|
||||
"date": "2021-09-08T11:21:07-05:00",
|
||||
"path": "/nix/store/h4hgs0aiaszmgqcwwhw7q10vqgvgbimf-nixpkgs",
|
||||
"sha256": "1h696xv2wdl1859jcr0bmv0m0rfsq4vpc1vc0hg3msfsdnz0aixl",
|
||||
"rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175",
|
||||
"date": "2021-11-01T19:42:18+01:00",
|
||||
"path": "/nix/store/ccfd4ijkp4rn018sjghkhn4a7gkdq84l-nixpkgs",
|
||||
"sha256": "1q7n9rk4i8ky2xxiymm72cfq1xra3ss3vkhbwf60rhiblslldgqg",
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
"leaveDotGit": false
|
||||
|
@ -1,9 +1,9 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "6120ac5cd201f6cb593d1b80e861be0342495be9",
|
||||
"date": "2021-09-18T21:31:09+02:00",
|
||||
"path": "/nix/store/g1a0swq7h7b24g4vkn3wr3d8rwjazfmv-nixpkgs",
|
||||
"sha256": "04mrjxr1qsdcgcryx7yy72cgcw14c0770gfcgzrdfpnvmjdgbi9i",
|
||||
"rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f",
|
||||
"date": "2021-10-31T15:33:08-07:00",
|
||||
"path": "/nix/store/60dqlv3rf8dyf041qwx2bblmpd7mp7q6-nixpkgs",
|
||||
"sha256": "150rrksrjf6w9m3c1ll04xilpglysklfpi636rxwyy318g5xss55",
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
"leaveDotGit": false
|
||||
|
@ -1,5 +1,5 @@
|
||||
{ lib, pkgs, test, ... }:
|
||||
{
|
||||
if test then {} else {
|
||||
nixpkgs = lib.mkIf (! test) (lib.mkForce {
|
||||
file = {
|
||||
path = toString (pkgs.fetchFromGitHub {
|
||||
|
@ -16,7 +16,7 @@
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
<stockholm/lass/2configs/wine.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
# <stockholm/lass/2configs/nfs-dl.nix>
|
||||
<stockholm/lass/2configs/prism-mounts/samba.nix>
|
||||
<stockholm/lass/2configs/pass.nix>
|
||||
<stockholm/lass/2configs/mail.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
|
21
lass/1systems/coaxmetal/source.nix
Normal file
21
lass/1systems/coaxmetal/source.nix
Normal file
@ -0,0 +1,21 @@
|
||||
{ lib, pkgs, test, ... }: let
|
||||
npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
|
||||
in {
|
||||
nixpkgs = (if test then lib.mkForce ({ derivation = let
|
||||
rev = npkgs.rev;
|
||||
sha256 = npkgs.sha256;
|
||||
in ''
|
||||
with import (builtins.fetchTarball {
|
||||
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
||||
sha256 = "${sha256}";
|
||||
}) {};
|
||||
pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs";
|
||||
rev = "${rev}";
|
||||
sha256 = "${sha256}";
|
||||
}
|
||||
''; }) else {
|
||||
git.ref = lib.mkForce npkgs.rev;
|
||||
});
|
||||
}
|
@ -5,10 +5,13 @@
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/tor-initrd.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/green-host.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.echelon;
|
||||
|
||||
boot.tmpOnTmpfs = true;
|
||||
|
||||
}
|
||||
|
||||
|
@ -17,6 +17,8 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/IM.nix>
|
||||
<stockholm/lass/2configs/muchsync.nix>
|
||||
<stockholm/lass/2configs/pass.nix>
|
||||
|
||||
<stockholm/lass/2configs/git-brain.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.green;
|
||||
@ -68,6 +70,13 @@ with import <stockholm/lib>;
|
||||
];
|
||||
clearTarget = true;
|
||||
};
|
||||
"/var/lib/git" = {
|
||||
source = "/var/state/git";
|
||||
options = [
|
||||
"-M ${toString config.users.users.git.uid}"
|
||||
];
|
||||
clearTarget = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" ''
|
||||
|
@ -1,5 +1,4 @@
|
||||
{ lib, pkgs, ... }:
|
||||
{
|
||||
{ lib, pkgs, test, ... }:
|
||||
if test then {} else {
|
||||
nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
|
||||
nixpkgs.git.shallow = true;
|
||||
}
|
||||
|
@ -1,29 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/green-host.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.morpheus;
|
||||
|
||||
networking.wireless.enable = false;
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
services.logind.lidSwitch = "ignore";
|
||||
services.logind.lidSwitchDocked = "ignore";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
gitAndTools.hub
|
||||
nix-review
|
||||
firefox
|
||||
ag
|
||||
];
|
||||
|
||||
services.openssh.forwardX11 = true;
|
||||
programs.x2goserver.enable = true;
|
||||
}
|
@ -1,44 +0,0 @@
|
||||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.efiSupport = true;
|
||||
boot.loader.grub.efiInstallAsRemovable = true;
|
||||
boot.loader.grub.device = "nodev";
|
||||
|
||||
networking.hostId = "06442b9a";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/pool/root";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/1F60-17C6";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "/dev/pool/home";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = ["nosuid" "nodev" "noatime"];
|
||||
};
|
||||
boot.initrd.luks = {
|
||||
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
devices.luksroot.device = "/dev/nvme0n1p3";
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
|
||||
'';
|
||||
}
|
21
lass/1systems/mors/source.nix
Normal file
21
lass/1systems/mors/source.nix
Normal file
@ -0,0 +1,21 @@
|
||||
{ lib, pkgs, test, ... }: let
|
||||
npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
|
||||
in {
|
||||
nixpkgs = (if test then lib.mkForce ({ derivation = let
|
||||
rev = npkgs.rev;
|
||||
sha256 = npkgs.sha256;
|
||||
in ''
|
||||
with import (builtins.fetchTarball {
|
||||
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
||||
sha256 = "${sha256}";
|
||||
}) {};
|
||||
pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs";
|
||||
rev = "${rev}";
|
||||
sha256 = "${sha256}";
|
||||
}
|
||||
''; }) else {
|
||||
git.ref = lib.mkForce npkgs.rev;
|
||||
});
|
||||
}
|
@ -112,7 +112,6 @@ with import <stockholm/lib>;
|
||||
};
|
||||
}
|
||||
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||
<stockholm/lass/2configs/ts3.nix>
|
||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||
<stockholm/lass/2configs/radio.nix>
|
||||
<stockholm/lass/2configs/binary-cache/server.nix>
|
||||
@ -124,16 +123,6 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/ciko.nix>
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
<stockholm/lass/2configs/jitsi.nix>
|
||||
{ # quasi bepasty.nix
|
||||
imports = [
|
||||
<stockholm/lass/2configs/bepasty.nix>
|
||||
];
|
||||
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
||||
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
|
||||
return 403;
|
||||
}
|
||||
'';
|
||||
}
|
||||
{
|
||||
services.tor = {
|
||||
enable = true;
|
||||
|
@ -65,6 +65,12 @@
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
# silence mdmonitor.service failures
|
||||
# https://github.com/NixOS/nixpkgs/issues/72394
|
||||
environment.etc."mdadm.conf".text = ''
|
||||
MAILADDR root
|
||||
'';
|
||||
|
||||
nix.maxJobs = lib.mkDefault 8;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
|
||||
|
@ -1,28 +0,0 @@
|
||||
with import <stockholm/lib>;
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
||||
servephpBB
|
||||
;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/websites>
|
||||
<stockholm/lass/2configs/websites/sqlBackup.nix>
|
||||
(servephpBB [ "rote-allez-fraktion.de" ])
|
||||
];
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.red;
|
||||
|
||||
services.nginx.enable = true;
|
||||
environment.systemPackages = [
|
||||
pkgs.mk_sql_pair
|
||||
];
|
||||
}
|
@ -1,7 +0,0 @@
|
||||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
];
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
}
|
@ -1,47 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
{
|
||||
# locke config
|
||||
i18n.defaultLocale ="de_DE.UTF-8";
|
||||
time.timeZone = "Europe/Berlin";
|
||||
services.xserver.enable = true;
|
||||
services.xserver.libinput.enable = false;
|
||||
users.users.locke = {
|
||||
uid = genid "locke";
|
||||
home = "/home/locke";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"networkmanager"
|
||||
];
|
||||
useDefaultShell = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
networking.networkmanager.enable = true;
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
pavucontrol
|
||||
firefox
|
||||
hexchat
|
||||
networkmanagerapplet
|
||||
];
|
||||
services.xserver.desktopManager.xfce = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.uriel;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
}
|
@ -1,59 +0,0 @@
|
||||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
];
|
||||
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
boot = {
|
||||
#kernelParams = [
|
||||
# "acpi.brightness_switch_enabled=0"
|
||||
#];
|
||||
#loader.grub.enable = true;
|
||||
#loader.grub.version = 2;
|
||||
#loader.grub.device = "/dev/sda";
|
||||
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.timeout = 5;
|
||||
|
||||
initrd.luks.devices.luksroot.device = "/dev/sda2";
|
||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||
#kernelModules = [ "kvm-intel" "msr" ];
|
||||
kernelModules = [ "msr" ];
|
||||
};
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/pool/root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/bku" = {
|
||||
device = "/dev/pool/bku";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
"/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = ["nosuid" "nodev" "noatime"];
|
||||
};
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
|
||||
'';
|
||||
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
accelFactor = "0.035";
|
||||
additionalOptions = ''
|
||||
Option "FingerHigh" "60"
|
||||
Option "FingerLow" "60"
|
||||
'';
|
||||
};
|
||||
}
|
@ -30,7 +30,7 @@ in {
|
||||
imports = [
|
||||
./bitlbee.nix
|
||||
];
|
||||
environment.systemPackages = [ tmux ];
|
||||
environment.systemPackages = [ tmux weechat ];
|
||||
systemd.services.chat = {
|
||||
description = "chat environment setup";
|
||||
after = [ "network.target" ];
|
||||
|
@ -11,6 +11,7 @@ in {
|
||||
./xdg-open.nix
|
||||
./yubikey.nix
|
||||
./pipewire.nix
|
||||
./tmux.nix
|
||||
./xmonad.nix
|
||||
{
|
||||
krebs.per-user.lass.packages = [
|
||||
@ -61,7 +62,8 @@ in {
|
||||
font-size
|
||||
fzfmenu
|
||||
gimp
|
||||
gitAndTools.qgit
|
||||
gitAndTools.hub
|
||||
git-crypt
|
||||
git-preview
|
||||
gnome3.dconf
|
||||
iodine
|
||||
@ -85,6 +87,7 @@ in {
|
||||
xorg.xhost
|
||||
xsel
|
||||
zathura
|
||||
flameshot-once
|
||||
(pkgs.writeDashBin "screenshot" ''
|
||||
set -efu
|
||||
|
||||
|
@ -1,44 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
# secrets used:
|
||||
# wildcard.krebsco.de.crt
|
||||
# wildcard.krebsco.de.key
|
||||
# bepasty-secret.nix <- contains single string
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
secKey = import <secrets/bepasty-secret.nix>;
|
||||
ext-doms = [
|
||||
"paste.lassul.us"
|
||||
"paste.krebsco.de"
|
||||
];
|
||||
in {
|
||||
|
||||
services.nginx.enable = mkDefault true;
|
||||
krebs.bepasty = {
|
||||
enable = true;
|
||||
serveNginx= true;
|
||||
|
||||
servers = {
|
||||
"paste.r" = {
|
||||
nginx = {
|
||||
serverAliases = [
|
||||
"paste.${config.krebs.build.host.name}"
|
||||
"paste.r"
|
||||
];
|
||||
};
|
||||
defaultPermissions = "admin,list,create,read,delete";
|
||||
secretKey = secKey;
|
||||
};
|
||||
} //
|
||||
genAttrs ext-doms (ext-dom: {
|
||||
nginx = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
defaultPermissions = "read,create";
|
||||
secretKey = secKey;
|
||||
});
|
||||
};
|
||||
}
|
@ -29,6 +29,13 @@
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||
'';
|
||||
locations."= /nix-cache-info".extraConfig = ''
|
||||
alias ${pkgs.writeText "cache-info" ''
|
||||
StoreDir: /nix/store
|
||||
WantMassQuery: 1
|
||||
Priority: 42
|
||||
''};
|
||||
'';
|
||||
};
|
||||
virtualHosts."cache.krebsco.de" = {
|
||||
forceSSL = true;
|
||||
|
@ -2,16 +2,13 @@ with (import <stockholm/lib>);
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
imports = [
|
||||
./bitlbee.nix
|
||||
./mail.nix
|
||||
./pass.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
ag
|
||||
brain
|
||||
dic
|
||||
nmap
|
||||
git-preview
|
||||
@ -30,43 +27,6 @@ with (import <stockholm/lib>);
|
||||
{ predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";}
|
||||
];
|
||||
|
||||
systemd.services.chat = let
|
||||
tmux = pkgs.writeDash "tmux" ''
|
||||
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
|
||||
set-option -g prefix `
|
||||
unbind-key C-b
|
||||
bind ` send-prefix
|
||||
|
||||
set-option -g status off
|
||||
set-option -g default-terminal screen-256color
|
||||
|
||||
#use session instead of windows
|
||||
bind-key c new-session
|
||||
bind-key p switch-client -p
|
||||
bind-key n switch-client -n
|
||||
bind-key C-s switch-client -l
|
||||
''} "$@"
|
||||
'';
|
||||
in {
|
||||
description = "chat environment setup";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
restartIfChanged = false;
|
||||
|
||||
path = [
|
||||
pkgs.rxvt_unicode.terminfo
|
||||
];
|
||||
|
||||
serviceConfig = {
|
||||
User = "lass";
|
||||
RemainAfterExit = true;
|
||||
Type = "oneshot";
|
||||
ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
|
||||
ExecStop = "${tmux} kill-session -t IM";
|
||||
};
|
||||
};
|
||||
|
||||
services.dovecot2 = {
|
||||
enable = true;
|
||||
mailLocation = "maildir:~/Maildir";
|
||||
|
@ -1,27 +1,52 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.nginx.virtualHosts.codimd = {
|
||||
let
|
||||
domain = "pad.lassul.us";
|
||||
in {
|
||||
|
||||
# redirect legacy domain to new one
|
||||
services.nginx.virtualHosts."codi.lassul.us" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
serverName = "codi.lassul.us";
|
||||
locations."/".extraConfig = ''
|
||||
client_max_body_size 4G;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://localhost:3091;
|
||||
'';
|
||||
locations."/".return = "301 https://${domain}\$request_uri";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "https://localhost:3091";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
security.acme.certs.${domain}.group = "hedgecert";
|
||||
users.groups.hedgecert.members = [ "codimd" "nginx" ];
|
||||
|
||||
security.dhparams = {
|
||||
enable = true;
|
||||
params.hedgedoc = {};
|
||||
};
|
||||
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
configuration.allowOrigin = [ "*" ];
|
||||
configuration.allowOrigin = [ domain ];
|
||||
configuration = {
|
||||
db = {
|
||||
dialect = "sqlite";
|
||||
storage = "/var/lib/codimd/db.codimd.sqlite";
|
||||
useCDN = false;
|
||||
};
|
||||
useCDN = false;
|
||||
port = 3091;
|
||||
domain = domain;
|
||||
allowFreeURL = true;
|
||||
|
||||
useSSL = true;
|
||||
protocolUseSSL = true;
|
||||
sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
|
||||
sslCertPath = "/var/lib/acme/${domain}/cert.pem";
|
||||
sslKeyPath = "/var/lib/acme/${domain}/key.pem";
|
||||
dhParamPath = config.security.dhparams.params.hedgedoc.path;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -19,10 +19,9 @@ with import <stockholm/lib>;
|
||||
users.extraUsers = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass-mors.pubkey
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-blue.pubkey
|
||||
config.krebs.users.lass-green.pubkey
|
||||
config.krebs.users.lass-yubikey.pubkey
|
||||
];
|
||||
};
|
||||
mainUser = {
|
||||
@ -35,25 +34,17 @@ with import <stockholm/lib>;
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"fuse"
|
||||
"wheel"
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass-mors.pubkey
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-blue.pubkey
|
||||
config.krebs.users.lass-green.pubkey
|
||||
config.krebs.users.lass-yubikey.pubkey
|
||||
];
|
||||
};
|
||||
nix = {
|
||||
isNormalUser = true;
|
||||
uid = genid_uint31 "nix";
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.hosts.mors.ssh.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
nix.trustedUsers = ["nix"];
|
||||
}
|
||||
{
|
||||
environment.variables = {
|
||||
@ -70,7 +61,7 @@ with import <stockholm/lib>;
|
||||
{
|
||||
#for sshuttle
|
||||
environment.systemPackages = [
|
||||
pkgs.pythonPackages.python
|
||||
pkgs.python3Packages.python
|
||||
];
|
||||
}
|
||||
];
|
||||
@ -89,8 +80,6 @@ with import <stockholm/lib>;
|
||||
|
||||
services.timesyncd.enable = mkForce true;
|
||||
|
||||
boot.tmpOnTmpfs = true;
|
||||
|
||||
# multiple-definition-problem when defining environment.variables.EDITOR
|
||||
environment.extraInit = ''
|
||||
EDITOR=vim
|
||||
@ -102,6 +91,7 @@ with import <stockholm/lib>;
|
||||
#stockholm
|
||||
deploy
|
||||
git
|
||||
git-preview
|
||||
gnumake
|
||||
jq
|
||||
|
||||
@ -126,6 +116,7 @@ with import <stockholm/lib>;
|
||||
file
|
||||
hashPassword
|
||||
kpaste
|
||||
cyberlocker-tools
|
||||
pciutils
|
||||
pop
|
||||
q
|
||||
@ -187,6 +178,7 @@ with import <stockholm/lib>;
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
RuntimeMaxUse=128M
|
||||
Storage=persistent
|
||||
'';
|
||||
|
||||
krebs.iptables = {
|
||||
@ -225,5 +217,7 @@ with import <stockholm/lib>;
|
||||
|
||||
# use 24:00 time format, the default got sneakily changed around 20.03
|
||||
i18n.defaultLocale = mkDefault "C.UTF-8";
|
||||
time.timeZone = mkDefault"Europe/Berlin";
|
||||
|
||||
system.stateVersion = mkDefault "20.03";
|
||||
}
|
||||
|
@ -19,8 +19,10 @@ in {
|
||||
"lassul.us"
|
||||
];
|
||||
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
|
||||
config.krebs.hosts.mors
|
||||
config.krebs.hosts.blue
|
||||
config.krebs.hosts.coaxmetal
|
||||
config.krebs.hosts.green
|
||||
config.krebs.hosts.mors
|
||||
config.krebs.hosts.xerxes
|
||||
];
|
||||
internet-aliases = map (from: { inherit from to; }) mails;
|
||||
|
@ -5,7 +5,7 @@ let
|
||||
in {
|
||||
krebs.fetchWallpaper = {
|
||||
enable = true;
|
||||
url = "prism/realwallpaper-krebs-stars.png";
|
||||
url = "prism/realwallpaper-krebs-stars-berlin.png";
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -3,7 +3,7 @@
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
nix.gc = {
|
||||
automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer);
|
||||
automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" "coaxmetal" ] || config.boot.isContainer);
|
||||
options = "--delete-older-than 15d";
|
||||
};
|
||||
}
|
||||
|
57
lass/2configs/git-brain.nix
Normal file
57
lass/2configs/git-brain.nix
Normal file
@ -0,0 +1,57 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
|
||||
repos = krebs-repos;
|
||||
rules = concatMap krebs-rules (attrValues krebs-repos);
|
||||
|
||||
krebs-repos = mapAttrs make-krebs-repo {
|
||||
brain = { };
|
||||
krebs-secrets = { };
|
||||
};
|
||||
|
||||
|
||||
make-krebs-repo = with git; name: { cgit ? {}, ... }: {
|
||||
inherit cgit name;
|
||||
public = false;
|
||||
hooks = {
|
||||
post-receive = pkgs.git-hooks.irc-announce {
|
||||
nick = config.networking.hostName;
|
||||
verbose = true;
|
||||
channel = "#xxx";
|
||||
# TODO remove the hardcoded hostname
|
||||
server = "irc.r";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
# TODO: get the list of all krebsministers
|
||||
krebsminister = with config.krebs.users; [ makefu tv ];
|
||||
krebs-rules = repo:
|
||||
set-owners repo [ config.krebs.users.lass ] ++ set-ro-access repo krebsminister;
|
||||
|
||||
set-ro-access = with git; repo: user:
|
||||
singleton {
|
||||
inherit user;
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
};
|
||||
|
||||
set-owners = with git;repo: user:
|
||||
singleton {
|
||||
inherit user;
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
};
|
||||
|
||||
in {
|
||||
krebs.git = {
|
||||
enable = true;
|
||||
cgit = {
|
||||
enable = false;
|
||||
};
|
||||
inherit repos rules;
|
||||
};
|
||||
}
|
@ -189,7 +189,7 @@ let
|
||||
with git // config.krebs.users;
|
||||
repo:
|
||||
singleton {
|
||||
user = [ lass lass-mors lass-blue lass-yubikey ];
|
||||
user = [ lass lass-green ];
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
} ++
|
||||
|
@ -6,12 +6,12 @@
|
||||
];
|
||||
krebs.sync-containers.containers.green = {
|
||||
peers = [
|
||||
"echelon"
|
||||
"icarus"
|
||||
"littleT"
|
||||
"mors"
|
||||
"shodan"
|
||||
"skynet"
|
||||
"mors"
|
||||
"morpheus"
|
||||
"littleT"
|
||||
"styx"
|
||||
];
|
||||
hostIp = "10.233.2.15";
|
||||
@ -25,5 +25,9 @@
|
||||
repo = "/var/lib/sync-containers/green/backup";
|
||||
compression = "auto,lzma";
|
||||
startAt = "daily";
|
||||
prune.keep = {
|
||||
daily = 7;
|
||||
weekly = 4;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -6,7 +6,6 @@
|
||||
|
||||
boot = {
|
||||
initrd.luks.devices.luksroot.device = "/dev/sda3";
|
||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||
extraModulePackages = [
|
||||
config.boot.kernelPackages.tp_smapi
|
||||
@ -36,11 +35,6 @@
|
||||
fsType = "btrfs";
|
||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||
};
|
||||
"/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = ["nosuid" "nodev" "noatime"];
|
||||
};
|
||||
};
|
||||
|
||||
services.logind.lidSwitch = "ignore";
|
||||
|
@ -80,7 +80,12 @@ let
|
||||
name = "mpv";
|
||||
paths = [
|
||||
(pkgs.writeDashBin "mpv" ''
|
||||
exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@"
|
||||
exec ${pkgs.mpv}/bin/mpv \
|
||||
-vo=gpu \
|
||||
--no-config \
|
||||
--script=${autosub} \
|
||||
--script-opts=ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp \
|
||||
"$@"
|
||||
'')
|
||||
pkgs.mpv
|
||||
];
|
||||
|
@ -4,6 +4,7 @@ with (import <stockholm/lib>);
|
||||
{
|
||||
systemd.services.muchsync = let
|
||||
hosts = [
|
||||
"coaxmetal.r"
|
||||
"mors.r"
|
||||
"green.r"
|
||||
"blue.r"
|
||||
|
@ -16,7 +16,7 @@
|
||||
StandardError = lib.mkForce "journal";
|
||||
};
|
||||
virtualisation.oci-containers.containers.mumble-web = {
|
||||
image = "rankenstein/mumble-web";
|
||||
image = "rankenstein/mumble-web:0.5";
|
||||
environment = {
|
||||
MUMBLE_SERVER = "lassul.us:64738";
|
||||
};
|
||||
@ -28,12 +28,9 @@
|
||||
services.nginx.virtualHosts."mumble.lassul.us" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://localhost:64739/;
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
'';
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:64739";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -4,7 +4,15 @@
|
||||
users.users.mainUser.packages = with pkgs; [
|
||||
(pass.withExtensions (ext: [ ext.pass-otp ]))
|
||||
gnupg
|
||||
(pkgs.writers.writeDashBin "unlock" ''
|
||||
set -efu
|
||||
HOST=$1
|
||||
|
||||
pw=$(pass show "admin/$HOST/luks")
|
||||
torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"
|
||||
'')
|
||||
];
|
||||
|
||||
programs.gnupg.agent.enable = true;
|
||||
|
||||
}
|
||||
|
@ -16,6 +16,7 @@
|
||||
environment.systemPackages = with pkgs; [
|
||||
alsaUtils
|
||||
pulseaudioLight
|
||||
ponymix
|
||||
];
|
||||
|
||||
environment.variables.PULSE_SERVER = "localhost:4713";
|
||||
@ -26,6 +27,7 @@
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
|
||||
# https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Migrate-PulseAudio#module-native-protocol-tcp
|
||||
config.pipewire-pulse = {
|
||||
"context.properties" = {
|
||||
|
15
lass/2configs/prism-mounts/samba.nix
Normal file
15
lass/2configs/prism-mounts/samba.nix
Normal file
@ -0,0 +1,15 @@
|
||||
{
|
||||
fileSystems."/mnt/prism" = {
|
||||
device = "//prism.r/public";
|
||||
fsType = "cifs";
|
||||
options = [
|
||||
"guest"
|
||||
"nofail"
|
||||
"noauto"
|
||||
"ro"
|
||||
"x-systemd.automount"
|
||||
"x-systemd.device-timeout=1"
|
||||
"x-systemd.idle-timeout=1min"
|
||||
];
|
||||
};
|
||||
}
|
@ -13,9 +13,23 @@
|
||||
pv
|
||||
pwgen
|
||||
remmina
|
||||
ripgrep
|
||||
silver-searcher
|
||||
transmission
|
||||
wget
|
||||
xsel
|
||||
youtube-dl
|
||||
(pkgs.writeDashBin "tether-on" ''
|
||||
adb shell svc usb setFunctions rndis
|
||||
'')
|
||||
(pkgs.writeDashBin "tether-off" ''
|
||||
adb shell svc usb setFunctions
|
||||
'')
|
||||
(pkgs.writeDashBin "dl-movie" ''
|
||||
${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/movies -a "$@"
|
||||
'')
|
||||
(pkgs.writeDashBin "dl-series" ''
|
||||
${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/series -a "$@"
|
||||
'')
|
||||
];
|
||||
}
|
||||
|
@ -356,6 +356,89 @@ in {
|
||||
locations."= /good".extraConfig = ''
|
||||
proxy_pass http://localhost:8001;
|
||||
'';
|
||||
locations."= /controls".extraConfig = ''
|
||||
default_type "text/html";
|
||||
alias ${pkgs.writeText "controls.html" ''
|
||||
<!doctype html>
|
||||
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
|
||||
<title>The_Playlist Voting!</title>
|
||||
<style>
|
||||
#good {
|
||||
display: block;
|
||||
width: 100%;
|
||||
border: none;
|
||||
background-color: #04AA6D;
|
||||
padding: 14px;
|
||||
margin: 14px 0 0 0;
|
||||
height: 100px;
|
||||
font-size: 16px;
|
||||
cursor: pointer;
|
||||
text-align: center;
|
||||
}
|
||||
#bad {
|
||||
display: block;
|
||||
width: 100%;
|
||||
border: none;
|
||||
background-color: red;
|
||||
padding: 14px;
|
||||
height: 100px;
|
||||
|
||||
margin: 14px 0 0 0;
|
||||
font-size: 16px;
|
||||
cursor: pointer;
|
||||
text-align: center;
|
||||
}
|
||||
</style>
|
||||
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div id=votenote></div>
|
||||
<button id=good type="button"> GUT </button>
|
||||
|
||||
<button id=bad type="button"> SCHLECHT </button>
|
||||
<center>
|
||||
Currently Running: <br/><div>
|
||||
<b id=current></b>
|
||||
</div>
|
||||
<div id=vote>
|
||||
</div>
|
||||
<audio controls autoplay="autoplay">
|
||||
<source src="https://radio.lassul.us/radio.ogg" type="audio/ogg">
|
||||
Your browser does not support the audio element.
|
||||
</audio>
|
||||
</center>
|
||||
|
||||
<script>
|
||||
document.getElementById("good").onclick=async ()=>{
|
||||
let result = await fetch("https://radio.lassul.us/good", {"method": "POST"})
|
||||
document.getElementById("vote").textContent = "Dieses Lied findest du gut"
|
||||
};
|
||||
document.getElementById("bad").onclick=async ()=>{
|
||||
let result = await fetch("https://radio.lassul.us/skip", {"method": "POST"})
|
||||
document.getElementById("vote").textContent = "Dieses Lied findest du schlecht"
|
||||
};
|
||||
|
||||
async function current() {
|
||||
let result = await fetch("https://radio.lassul.us/current", {"method": "GET"})
|
||||
let data = await result.json()
|
||||
document.getElementById("current").textContent = data.name
|
||||
}
|
||||
window.onload = function() {
|
||||
window.setInterval('current()', 10000)
|
||||
current()
|
||||
}
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
''};
|
||||
'';
|
||||
extraConfig = ''
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
@ -371,7 +454,7 @@ in {
|
||||
</head>
|
||||
<body>
|
||||
<div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
|
||||
<iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
|
||||
<iframe src="https://kiwiirc.com/client/irc.hackint.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
|
||||
</div>
|
||||
<div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
|
||||
<audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
|
||||
|
@ -27,43 +27,6 @@ in {
|
||||
hooks.PRIVMSG = [
|
||||
hooks.sed
|
||||
hooks.url-title
|
||||
{
|
||||
activate = "match";
|
||||
pattern = ''^@([^ ]+) (.*)$'';
|
||||
command = 1;
|
||||
arguments = [2];
|
||||
env.HOME = config.krebs.reaktor2.coders.stateDir;
|
||||
commands = let
|
||||
lambdabot = (import (pkgs.fetchFromGitHub {
|
||||
owner = "NixOS"; repo = "nixpkgs";
|
||||
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
|
||||
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
|
||||
}) {}).lambdabot;
|
||||
lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
|
||||
-XFlexibleInstances -XMultiParamTypeClasses \
|
||||
-XOverloadedStrings -XFunctionalDependencies \
|
||||
-e "$@"
|
||||
'';
|
||||
in {
|
||||
pl.filename = pkgs.writeDash "lambdabot-pl" ''
|
||||
${lambdabotWrapper} "@pl $1"
|
||||
'';
|
||||
type.filename = pkgs.writeDash "lambdabot-type" ''
|
||||
${lambdabotWrapper} "@type $1"
|
||||
'';
|
||||
"let".filename = pkgs.writeDash "lambdabot-let" ''
|
||||
${lambdabotWrapper} "@let $1"
|
||||
'';
|
||||
run.filename = pkgs.writeDash "lambdabot-run" ''
|
||||
${lambdabotWrapper} "@run $1"
|
||||
'';
|
||||
kind.filename = pkgs.writeDash "lambdabot-kind" ''
|
||||
${lambdabotWrapper} "@kind $1"
|
||||
'';
|
||||
};
|
||||
}
|
||||
{
|
||||
activate = "match";
|
||||
pattern = ''^!([^ ]+)(?:\s*(.*))?'';
|
||||
|
@ -13,7 +13,7 @@
|
||||
nixpkgs.config.steam.java = true;
|
||||
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
|
||||
|
||||
users.users.games.packages = [ (pkgs.steam.override {
|
||||
users.users.mainUser.packages = [ (pkgs.steam.override {
|
||||
extraPkgs = p: with p; [
|
||||
gnutls # needed for Halo MCC
|
||||
];
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
services.syncthing.declarative.folders."/home/lass/sync" = {
|
||||
devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" ];
|
||||
devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" "coaxmetal" ];
|
||||
};
|
||||
krebs.permown."/home/lass/sync" = {
|
||||
file-mode = "u+rw,g+rw";
|
||||
|
46
lass/2configs/tmux.nix
Normal file
46
lass/2configs/tmux.nix
Normal file
@ -0,0 +1,46 @@
|
||||
with import <stockholm/lib>;
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
tmux = pkgs.symlinkJoin {
|
||||
name = "tmux";
|
||||
paths = [
|
||||
(pkgs.writeDashBin "tmux" ''
|
||||
exec ${super.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
|
||||
#change prefix key to `
|
||||
set-option -g prefix `
|
||||
unbind-key C-b
|
||||
bind ` send-prefix
|
||||
|
||||
set-option -g default-terminal screen-256color
|
||||
|
||||
#use session instead of windows
|
||||
bind-key c new-session
|
||||
bind-key p switch-client -p
|
||||
bind-key n switch-client -n
|
||||
bind-key C-s switch-client -l
|
||||
''} "$@"
|
||||
'')
|
||||
super.tmux
|
||||
];
|
||||
};
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
tmux
|
||||
];
|
||||
|
||||
# programs.bash.interactiveShellInit = ''
|
||||
# if [[ "$TERM" != "linux" && -z "$TMUX" ]]; then
|
||||
# if [[ -n "$SSH_AUTH_SOCK" ]]; then
|
||||
# tmux set-environment -g SSH_AUTH_SOCK "$SSH_AUTH_SOCK" 2>/dev/null
|
||||
# fi
|
||||
|
||||
# exec tmux -u
|
||||
# fi
|
||||
# if [[ "$__host__" != "$HOST" ]]; then
|
||||
# tmux set -g status-bg colour$(string_hash $HOST 255)
|
||||
# export __host__=$HOST
|
||||
# fi
|
||||
# '';
|
||||
}
|
@ -1,19 +0,0 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
services.teamspeak3 = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
#voice port
|
||||
{ predicate = "-p tcp --dport 9987"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 9987"; target = "ACCEPT"; }
|
||||
##file transfer port
|
||||
{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; }
|
||||
##query port
|
||||
#{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; }
|
||||
#{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
@ -5,16 +5,6 @@ let
|
||||
out = {
|
||||
environment.systemPackages = [
|
||||
(hiPrio vim)
|
||||
(pkgs.writeDashBin "govet" ''
|
||||
go vet "$@"
|
||||
'')
|
||||
(hiPrio (pkgs.python3.withPackages (ps: [
|
||||
ps.python-language-server
|
||||
ps.pyls-isort
|
||||
ps.pyflakes
|
||||
ps.flake8
|
||||
ps.yapf
|
||||
])))
|
||||
];
|
||||
|
||||
environment.etc.vimrc.source = vimrc;
|
||||
@ -33,6 +23,7 @@ let
|
||||
set directory=${dirs.swapdir}//
|
||||
set hlsearch
|
||||
set incsearch
|
||||
set ttymouse=sgr
|
||||
set mouse=a
|
||||
set ruler
|
||||
set pastetoggle=<INS>
|
||||
@ -126,11 +117,7 @@ let
|
||||
'';
|
||||
|
||||
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
||||
pkgs.vimPlugins.ack-vim
|
||||
pkgs.vimPlugins.undotree
|
||||
pkgs.vimPlugins.vim-go
|
||||
pkgs.vimPlugins.fzf-vim
|
||||
pkgs.vimPlugins.LanguageClient-neovim
|
||||
(pkgs.vimUtils.buildVimPlugin {
|
||||
name = "file-line-1.0";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
|
@ -8,12 +8,7 @@ with import <stockholm/lib>;
|
||||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts._http = {
|
||||
default = true;
|
||||
extraConfig = ''
|
||||
return 404;
|
||||
'';
|
||||
};
|
||||
enableReload = true;
|
||||
|
||||
virtualHosts.default = {
|
||||
locations."= /etc/os-release".extraConfig = ''
|
||||
|
@ -82,7 +82,6 @@ in {
|
||||
"o_ubikmedia_de"
|
||||
];
|
||||
|
||||
services.phpfpm.phpPackage = pkgs.php73;
|
||||
services.phpfpm.phpOptions = ''
|
||||
sendmail_path = ${sendmail} -t
|
||||
upload_max_filesize = 100M
|
||||
@ -117,6 +116,13 @@ in {
|
||||
# workaround for android 7
|
||||
security.acme.certs."lassul.us".keyType = "rsa4096";
|
||||
|
||||
services.roundcube = {
|
||||
enable = true;
|
||||
hostName = "mail.lassul.us";
|
||||
extraConfig = ''
|
||||
$config['smtp_port'] = 25;
|
||||
'';
|
||||
};
|
||||
services.dovecot2 = {
|
||||
enable = true;
|
||||
mailLocation = "maildir:~/Mail";
|
||||
@ -138,7 +144,7 @@ in {
|
||||
driver = plaintext
|
||||
public_name = LOGIN
|
||||
server_prompts = "Username:: : Password::"
|
||||
server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
|
||||
server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
|
||||
'';
|
||||
internet-aliases = [
|
||||
{ from = "dma@ubikmedia.de"; to = "domsen"; }
|
||||
@ -317,6 +323,15 @@ in {
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.line = {
|
||||
uid = genid_uint31 "line";
|
||||
home = "/home/line";
|
||||
useDefaultShell = true;
|
||||
# extraGroups = [ "xanf" ];
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.groups.xanf = {};
|
||||
|
||||
krebs.on-failure.plans.restic-backups-domsen = {
|
||||
|
@ -32,6 +32,7 @@ in {
|
||||
services.nginx.virtualHosts."lassul.us" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
default = true;
|
||||
locations."/".extraConfig = ''
|
||||
root /srv/http/lassul.us;
|
||||
'';
|
||||
|
@ -58,7 +58,6 @@
|
||||
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
|
||||
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
|
||||
}}/LS_COLORS)
|
||||
alias ls='ls --color'
|
||||
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
|
||||
|
||||
#emacs bindings
|
||||
@ -66,12 +65,6 @@
|
||||
bindkey "[8~" end-of-line
|
||||
bindkey "Oc" emacs-forward-word
|
||||
bindkey "Od" emacs-backward-word
|
||||
|
||||
#aliases
|
||||
alias ll='ls -l'
|
||||
alias la='ls -la'
|
||||
|
||||
#fancy window title magic
|
||||
'';
|
||||
promptInit = ''
|
||||
# TODO: figure out why we need to set this here
|
||||
|
@ -38,7 +38,7 @@ in {
|
||||
# match filetype against patterns
|
||||
${concatMapStringsSep "\n" (script: ''
|
||||
${pkgs.xclip}/bin/xclip -selection clipboard -target TARGETS -out \
|
||||
| grep -q '${script.target}'
|
||||
| ${pkgs.gnugrep}/bin/grep -q '${script.target}'
|
||||
if [ $? -eq 0 ]; then
|
||||
labels="$labels:${script.label}"
|
||||
fi
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ pkgs }:
|
||||
# usage: sshify prism.r -- curl ifconfig.me
|
||||
pkgs.writers.writeBashBin "sshify" ''
|
||||
set -efu
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user