Merge remote-tracking branch 'orange/master'
This commit is contained in:
commit
5d1b0675cf
@ -36,6 +36,7 @@
|
||||
hosts = self.nixosConfigurations.hotdog.config.krebs.hosts;
|
||||
users = self.nixosConfigurations.hotdog.config.krebs.users;
|
||||
};
|
||||
overlays.default = import ./krebs/5pkgs/default.nix;
|
||||
lib = import (self.outPath + "/lib/pure.nix") { lib = nixpkgs.lib; };
|
||||
};
|
||||
}
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ r6, w6, ... }:
|
||||
{
|
||||
consul = false;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.2";
|
||||
|
@ -20,6 +20,7 @@
|
||||
ip6.addr = r6 "99";
|
||||
aliases = [
|
||||
"neoprism.r"
|
||||
"cache.neoprism.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
|
@ -14,31 +14,31 @@ rec {
|
||||
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
|
||||
60 IN NS ns16.ovh.net.
|
||||
60 IN NS dns16.ovh.net.
|
||||
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
|
||||
60 IN A ${nets.internet.ip4.addr}
|
||||
60 IN AAAA ${nets.internet.ip4.addr}
|
||||
IN MX 5 mail.lassul.us.
|
||||
60 IN TXT "v=spf1 mx -all"
|
||||
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
|
||||
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
||||
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
cache 60 IN A ${nets.internet.ip4.addr}
|
||||
cgit 60 IN A ${nets.internet.ip4.addr}
|
||||
pad 60 IN A ${nets.internet.ip4.addr}
|
||||
codi 60 IN A ${nets.internet.ip4.addr}
|
||||
go 60 IN A ${nets.internet.ip4.addr}
|
||||
io 60 IN NS ions.lassul.us.
|
||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
mail 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
|
||||
flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
schrott 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
ions 60 IN A ${nets.internet.ip4.addr}
|
||||
lol 60 IN A ${nets.internet.ip4.addr}
|
||||
matrix 60 IN A ${nets.internet.ip4.addr}
|
||||
paste 60 IN A ${nets.internet.ip4.addr}
|
||||
radio 60 IN A ${nets.internet.ip4.addr}
|
||||
jitsi 60 IN A ${nets.internet.ip4.addr}
|
||||
streaming 60 IN A ${nets.internet.ip4.addr}
|
||||
mumble 60 IN A ${nets.internet.ip4.addr}
|
||||
mail 60 IN A ${nets.internet.ip4.addr}
|
||||
mail 60 IN AAAA ${nets.internet.ip6.addr}
|
||||
flix 60 IN A ${nets.internet.ip4.addr}
|
||||
testing 60 IN A ${nets.internet.ip4.addr}
|
||||
schrott 60 IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
|
@ -476,15 +476,21 @@ in {
|
||||
aliases = [ "ryan.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0RE5jmBiEGmaYLVFmpCyVvlb6K3Zh2uxh7sVm44k31d9PEHHm4Wz
|
||||
HQH+ueaefGVu19xLRJQGu4ZMl7oRbb5awiqKdSGgInhQaNzxUIHW4cCCdOVkgZSy
|
||||
NjI9LMcc8tQtkoFGt6OhAzaViuGMo+aJAkLuXNf8hz5uR2flqQEeKfG5Kc7Z1DAQ
|
||||
QNoBRtY0pltyK2y/Ip8cZ9cdxR5oLww67ykhY+eLy9tZLfKs6uWSq+2CV0cpNNQ9
|
||||
Sh8fSbkjb4+JkxWAHDOyAnwFxnxstMcW0cscOW7nXYDi5IpvvesJlk698un7bLhm
|
||||
vCkAd+WiNuTGfs9t0r6FDDVDREBhNk1sLwIDAQAB
|
||||
MIICCgKCAgEApu7U9HP1Uo+kTDI+KTCs+YFLcSYct1qPuMkntKonYgdiW9Z4Ud99
|
||||
tU0VmJWdDnKaRxIcjC2Bmy342G3QN+UgdnTxyEWggWRKHUDjWMXBuj5n+uBgzTyM
|
||||
XDwuQR7RZmStBG6vDRIQWL07/b0u/wzyrhXDERx7o2msOLfnaU271aVrDM/Y67fL
|
||||
PMfKBtfckv7+W5e7KspJRIyhj7mqXMsSHaroqgoikK+Xyv44OxlklV7VnmACaNLf
|
||||
Yg0AiSjIrMtkTQ85m9t6q147lWBKlAK7yqEHUPyVNGMf/Mh6M1Xg1t0oc9hcb7/F
|
||||
VAPNbwFiwm0rR8ugjW5Gn5i/uZDeDDSQcc8m1tsB+86peuS16sfOXZewXH9bYDFo
|
||||
9n28+vFjyF5FRI1J6fAjneFm5PyoLvowgwvVECEDRgUF2+ySwfWawF+LPDpRZiZ4
|
||||
NfHN2qT81QWa1UfWdaudCYbwMK5iQskCUtRw20ABsR0Kg6oHGG/uiLZ4pYReeM/n
|
||||
agefDCe9PN5bkjonwOxN2klV8QgYQeznm1gdsFjMdvJUcba2kZICpRy8Wx9Sc0ai
|
||||
oO8HKLqRoO5sV4Nv1FcY6EFq05AR1PPt6LoE0AY5REwVuNZSyiBp8lzzDj2E3JYf
|
||||
obeZ8RtCYmNkXL3I+wfm/73SrIrX/ombqeaWGJB/rX2DEwco0IFau4ECAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "sOD149OLZ2yUEjRpwbGdwHULKF2qNY3F+9AsEi1G0ZM";
|
||||
|
||||
tinc.pubkey_ed25519 = "/KoqKeQsdRWnhva7/YTX65mUxuyKaFNjA8LlxmAUQXP";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
31
kartei/samularity/default.nix
Normal file
31
kartei/samularity/default.nix
Normal file
@ -0,0 +1,31 @@
|
||||
{ config, lib, ... }: let
|
||||
slib = import ../../lib/pure.nix { inherit lib; };
|
||||
in {
|
||||
users.samularity = {
|
||||
mail = "samularity@murks.r";
|
||||
};
|
||||
hosts.murks = {
|
||||
owner = config.krebs.users.samularity;
|
||||
nets.retiolum = {
|
||||
aliases = [ "murks.r" ];
|
||||
ip6.addr = (slib.krebs.genipv6 "retiolum" "samularity" { hostName = "murks"; }).address;
|
||||
ip4.addr = "10.243.0.42";
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAsooKgG5zkt4lPY7ROxnwuGuDTfN9YZPsKHnENjmzvMkfdwdM3aGW
|
||||
2fkZfn8Q8pQ0eJaTJ8/Lavk1LKOB5pgkuloyOtPfpmJY++LAn37rNxnQvUWP3kS4
|
||||
JJ78whRJqczO4b3TEh2Dm/DsvH3E/Gpwq5TXiRzbjQ9hspZlPptRkda0UveAh1fn
|
||||
wFVBtUEOmQZ3cpGCAdo2sMcBoZwJXSQAm4z2P+eTXXo2IIjWgS8zQu5nvX/y4RG8
|
||||
D+HSe/X58yVRww4ABU4g7cNzzqLVKFEAuznlmpiZZ6EMGZ7xbZQlDmJuAIHIXrn+
|
||||
JVc1Yo/WmFYbN/6CmIUHE80/434Zg1dK87honUXizeDO2cyIb1vEG432Eqd3TsG7
|
||||
3YjJOHqaiNqBd60tFrT87mjbuCiD6jKlA5AQtzSSdDhq8G0i0Il8Do6SnpY2ACx2
|
||||
CvF6s3sWXP3YtY/AupB+okPoqvC+96Oxs2KJwQSatQlDr0aarror19NKC6b/Y4qo
|
||||
C0tcDa7VZiOB+rM6iIjRiM3QEyWEBia3nj2n5T98DgPooqmSF2p4NKYcaBMSv3f5
|
||||
aD2oZzdBqZnPAbi2CNoNN9pdVOB0Ckt9DaiMaiROEeAvxL3xxwaWhMPBFbSvGhca
|
||||
ciMdqaPlgqKu7WGtmU4a0U3JXhWTjin1mroD3kduykgek4fAmvcP540CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "4ZAQxhHBUT9KSof2tjadgMHD5kxND0AtXgjdTzs/F+L";
|
||||
};
|
||||
};
|
||||
}
|
@ -38,7 +38,6 @@
|
||||
hidden = false;
|
||||
password = "$2a$04$0AtVycWQJ07ymrDdKyAm2un3UVSVIzpzL3wsWbWb3PF95d1CZMcMO";
|
||||
};
|
||||
server.max-line-length = 1024;
|
||||
server.lookup-hostnames = true;
|
||||
};
|
||||
};
|
||||
|
@ -253,6 +253,24 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
vicuna = {
|
||||
pattern = "^!vicuna (.*)$";
|
||||
activate = "match";
|
||||
arguments = [1];
|
||||
timeoutSec = 1337;
|
||||
command = {
|
||||
filename = pkgs.writeDash "vicuna" ''
|
||||
set -efu
|
||||
|
||||
mkdir -p ${stateDir}/vicuna
|
||||
export CONTEXT=${stateDir}/vicuna/"$_msgtarget".context
|
||||
${pkgs.vicuna-chat}/bin/vicuna-chat "$@" |
|
||||
echo "$_from: $(cat)" |
|
||||
fold -s -w 426
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
locationsLib = pkgs.writeText "locations.sh" ''
|
||||
ENDPOINT=http://c.r/poi.json
|
||||
get_locations() {
|
||||
@ -413,6 +431,7 @@ let
|
||||
hooks.sed
|
||||
interrogate
|
||||
say
|
||||
vicuna
|
||||
(generators.command_hook {
|
||||
inherit (commands) dance random-emoji nixos-version;
|
||||
tell = {
|
||||
@ -607,6 +626,7 @@ in {
|
||||
channels = [
|
||||
"#noise"
|
||||
"#xxx"
|
||||
"#fin"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -1,7 +1,6 @@
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
../../kartei
|
||||
./acl.nix
|
||||
./airdcpp.nix
|
||||
./announce-activation.nix
|
||||
@ -28,9 +27,10 @@
|
||||
./iana-etc.nix
|
||||
./iptables.nix
|
||||
./kapacitor.nix
|
||||
./kartei.nix
|
||||
./konsens.nix
|
||||
./krebs.nix
|
||||
./krebs-pages.nix
|
||||
./krebs.nix
|
||||
./monit.nix
|
||||
./nixpkgs.nix
|
||||
./on-failure.nix
|
||||
@ -45,8 +45,8 @@
|
||||
./secret.nix
|
||||
./setuid.nix
|
||||
./shadow.nix
|
||||
./ssh.nix
|
||||
./sitemap.nix
|
||||
./ssh.nix
|
||||
./ssl.nix
|
||||
./sync-containers.nix
|
||||
./sync-containers3.nix
|
||||
|
@ -40,7 +40,7 @@ let
|
||||
};
|
||||
|
||||
extraRouters = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
type = types.nullOr types.lines;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
3
krebs/3modules/kartei.nix
Normal file
3
krebs/3modules/kartei.nix
Normal file
@ -0,0 +1,3 @@
|
||||
{
|
||||
imports = [ ../../kartei ];
|
||||
}
|
@ -39,7 +39,7 @@ let
|
||||
};
|
||||
in
|
||||
|
||||
pkgs.writeDashBin "fzfmenu" ''
|
||||
pkgs.writers.writeDashBin "fzfmenu" ''
|
||||
set -efu
|
||||
|
||||
# Spawn terminal if called without one, like e.g. from a window manager.
|
||||
|
@ -46,8 +46,8 @@ case "$Method $abs_path" in
|
||||
cp -v $content $item >&2
|
||||
fi
|
||||
|
||||
if test -n ${reg_content_type-}; then
|
||||
echo -n "$req_content_type" > "$item".content_type
|
||||
if test -n "${req_content_type_override-}"; then
|
||||
echo -n "$req_content_type_override" > "$item".content_type
|
||||
fi
|
||||
|
||||
base32short=$(echo $base32 | cut -b-7)
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
pkgs.writeDashBin "irc-announce" ''
|
||||
pkgs.writers.writeDashBin "irc-announce" ''
|
||||
set -euf
|
||||
|
||||
IRC_SERVER=$1
|
||||
|
@ -59,7 +59,7 @@ rec {
|
||||
filename = pkgs.writers.writeDash "sed-plugin" ''
|
||||
set -efu
|
||||
exec ${pkgs.python3}/bin/python \
|
||||
${stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py"} "$@"
|
||||
${./Reaktor/scripts/sed-plugin.py} "$@"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -9,7 +9,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
|
||||
gnused
|
||||
file
|
||||
findutils
|
||||
imagemagick6
|
||||
imagemagick
|
||||
inkscape
|
||||
jq
|
||||
nomads-cloud
|
||||
|
@ -1,9 +1,9 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "645ff62e09d294a30de823cb568e9c6d68e92606",
|
||||
"date": "2023-07-01T19:09:17+02:00",
|
||||
"path": "/nix/store/s5zy1prlscbr2iz6h9fj5la3973isaxw-nixpkgs",
|
||||
"sha256": "02hpby5ln7p5kix9518hn0ady4q3i41z5ycamvwsarv3gvlzbsb4",
|
||||
"rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
|
||||
"date": "2023-07-24T08:16:24+02:00",
|
||||
"path": "/nix/store/786lhas0jmp3nihbb28pbp7sm1sjzsy7-nixpkgs",
|
||||
"sha256": "1l9sa8hd242xrb2j18mj4f62f3cw0bf5pafp58gdl0jkl61dpapr",
|
||||
"fetchLFS": false,
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
|
@ -1,9 +1,9 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "0de86059128947b2438995450f2c2ca08cc783d5",
|
||||
"date": "2023-07-01T05:19:59+03:00",
|
||||
"path": "/nix/store/fwazy7k5nlavyj4637jnsqabdzdiad90-nixpkgs",
|
||||
"sha256": "0m3aqg2xx5705v4yglal1ksknqnj3cbdyzcyw1dvz6qqvn9ng7i5",
|
||||
"rev": "98da3dd0de6660d4abed7bb74e748694bd803413",
|
||||
"date": "2023-07-12T12:54:32+08:00",
|
||||
"path": "/nix/store/h9ncvz7aq1aqhjmxngnnhwaw359prh2g-nixpkgs",
|
||||
"sha256": "0qzflsmxfgqz07jlx7njfsq752n1la8a6007mmx7rvqspp30g6j1",
|
||||
"fetchLFS": false,
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
|
@ -27,6 +27,83 @@
|
||||
<stockholm/lass/2configs/print.nix>
|
||||
<stockholm/lass/2configs/br.nix>
|
||||
<stockholm/lass/2configs/c-base.nix>
|
||||
# steam-deck like experience https://github.com/Jovian-Experiments/Jovian-NixOS
|
||||
{
|
||||
imports = [
|
||||
"${builtins.fetchTarball "https://github.com/Jovian-Experiments/Jovian-NixOS/archive/master.tar.gz"}/modules"
|
||||
];
|
||||
jovian.steam.enable = true;
|
||||
}
|
||||
{ # autorandrs
|
||||
services.autorandr = {
|
||||
enable = true;
|
||||
hooks.postswitch.reset_usb = ''
|
||||
echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized
|
||||
${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert
|
||||
'';
|
||||
profiles = {
|
||||
default = {
|
||||
fingerprint = {
|
||||
eDP = "00ffffffffffff00288931000100000016200104805932780a0dc9a05747982712484c0000000101010101010101010101010101010108700088a1401360c820a300d9870000001ead4a0088a1401360c820a30020c23100001e000000fd0016480f5a1e000a202020202020000000fc0047504431303031480a2020202000cf";
|
||||
};
|
||||
config = {
|
||||
eDP = {
|
||||
enable = true;
|
||||
primary = true;
|
||||
position = "0x0";
|
||||
mode = "2560x1600";
|
||||
rate = "60.01";
|
||||
transform = [
|
||||
[ 0.750000 0.000000 0.000000 ]
|
||||
[ 0.000000 0.750000 0.000000 ]
|
||||
[ 0.000000 0.000000 1.000000 ]
|
||||
];
|
||||
# scale = {
|
||||
# x = 0.599991;
|
||||
# y = 0.599991;
|
||||
# };
|
||||
};
|
||||
};
|
||||
};
|
||||
docked2 = {
|
||||
fingerprint = {
|
||||
eDP = config.services.autorandr.profiles.default.fingerprint.eDP;
|
||||
DisplayPort-8 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c5a8780a070384d4030203500b9882100001af4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000009";
|
||||
DisplayPort-7 = "00ffffffffffff0020a32f00010000000c190103807341780acf74a3574cb02309484c21080081c0814081800101010101010101010104740030f2705a80b0588a00501d7400001e023a801871382d40582c4500501d7400001e000000fc00484953454e53450a2020202020000000fd00324b0f451e000a2020202020200172020333714f5f5e5d01020400101113001f2021222909070715075057070083010000e200f96d030c002000183c200060010203662150b051001b304070360056005300001e011d8018711c1620582c2500c48e2100009e011d007251d01e206e285500c48e2100001800000000000000000000000000000000000000000000ea";
|
||||
};
|
||||
config = {
|
||||
DisplayPort-7 = {
|
||||
enable = true;
|
||||
position = "2560x0";
|
||||
mode = "1920x1080";
|
||||
rate = "60.00";
|
||||
};
|
||||
DisplayPort-8 = config.services.autorandr.profiles.docked1.config.DisplayPort-1;
|
||||
eDP = config.services.autorandr.profiles.docked1.config.eDP;
|
||||
};
|
||||
};
|
||||
docked1 = {
|
||||
fingerprint = {
|
||||
eDP = config.services.autorandr.profiles.default.fingerprint.eDP;
|
||||
DisplayPort-1 = "00ffffffffffff0010ac39d14c3346300f200104b5462878fb26f5af4f46a5240f5054a54b00714f8140818081c081009500b300d1c0565e00a0a0a0295030203500b9882100001a000000ff00444342375847330a2020202020000000fc0044454c4c204733323233440a20000000fd0030a5fafa41010a2020202020200181020332f149030212110490131f3f2309070783010000e200eae305c000e606050162622c6d1a0000020b30a50007622c622c000000000000000000000000000000000000f4fb0050a0a0285008206800b9882100001a40e7006aa0a0675008209804b9882100001a6fc200a0a0a0555030203500b9882100001a000000000040";
|
||||
};
|
||||
config = {
|
||||
DisplayPort-1 = {
|
||||
enable = true;
|
||||
primary = true;
|
||||
position = "0x0";
|
||||
mode = "2560x1440";
|
||||
rate = "165.08";
|
||||
};
|
||||
eDP = config.services.autorandr.profiles.default.config.eDP // {
|
||||
primary = false;
|
||||
position = "640x1440";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
@ -38,6 +115,8 @@
|
||||
bank
|
||||
l-gen-secrets
|
||||
generate-secrets
|
||||
nixpkgs-review
|
||||
pipenv
|
||||
];
|
||||
|
||||
programs.adb.enable = true;
|
||||
@ -65,4 +144,5 @@
|
||||
];
|
||||
|
||||
boot.cleanTmpDir = true;
|
||||
programs.noisetorch.enable = true;
|
||||
}
|
||||
|
@ -10,14 +10,12 @@
|
||||
partitions = [
|
||||
{
|
||||
name = "boot";
|
||||
type = "partition";
|
||||
start = "0";
|
||||
end = "1M";
|
||||
part-type = "primary";
|
||||
flags = ["bios_grub"];
|
||||
}
|
||||
{
|
||||
type = "partition";
|
||||
name = "ESP";
|
||||
start = "1MiB";
|
||||
end = "1GiB";
|
||||
@ -31,7 +29,6 @@
|
||||
}
|
||||
{
|
||||
name = "root";
|
||||
type = "partition";
|
||||
start = "1GiB";
|
||||
end = "100%";
|
||||
content = {
|
||||
|
@ -19,15 +19,9 @@
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
boot.kernelParams = [
|
||||
# Enable energy savings during sleep
|
||||
"mem_sleep_default=deep"
|
||||
|
||||
# use less power with pstate
|
||||
"amd_pstate=passive"
|
||||
|
||||
# for ryzenadj -i
|
||||
"iomem=relaxed"
|
||||
|
||||
# suspend
|
||||
"resume_offset=178345675"
|
||||
];
|
||||
@ -37,24 +31,6 @@
|
||||
# On recent AMD CPUs this can be more energy efficient.
|
||||
"amd-pstate"
|
||||
"kvm-amd"
|
||||
|
||||
# needed for zenstates
|
||||
"msr"
|
||||
|
||||
# zenpower
|
||||
"zenpower"
|
||||
];
|
||||
|
||||
boot.extraModulePackages = [
|
||||
(config.boot.kernelPackages.zenpower.overrideAttrs (old: {
|
||||
src = pkgs.fetchFromGitea {
|
||||
domain = "git.exozy.me";
|
||||
owner = "a";
|
||||
repo = "zenpower3";
|
||||
rev = "c176fdb0d5bcba6ba2aba99ea36812e40f47751f";
|
||||
hash = "sha256-d2WH8Zv7F0phZmEKcDiaak9On+Mo9bAFhMulT/N5FWI=";
|
||||
};
|
||||
}))
|
||||
];
|
||||
|
||||
# hardware.cpu.amd.updateMicrocode = true;
|
||||
@ -76,7 +52,6 @@
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.vulkan-tools
|
||||
pkgs.ryzenadj
|
||||
(pkgs.writers.writeDashBin "set_tdp" ''
|
||||
set -efux
|
||||
watt=$1
|
||||
@ -85,9 +60,6 @@
|
||||
'')
|
||||
];
|
||||
|
||||
# textsize
|
||||
services.xserver.dpi = 200;
|
||||
|
||||
# corectrl
|
||||
programs.corectrl = {
|
||||
enable = true;
|
||||
@ -99,17 +71,6 @@
|
||||
users.users.mainUser.extraGroups = [ "corectrl" ];
|
||||
|
||||
# use newer ryzenadj
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
ryzenadj = super.ryzenadj.overrideAttrs (old: {
|
||||
version = "unstable-2023-01-15";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "FlyGoat";
|
||||
repo = "RyzenAdj";
|
||||
rev = "1052fb52b2c0e23ac4cd868c4e74d4a9510be57c"; # unstable on 2023-01-15
|
||||
sha256 = "sha256-/IxkbQ1XrBrBVrsR4EdV6cbrFr1m+lGwz+rYBqxYG1k=";
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
# keyboard quirks
|
||||
services.xserver.displayManager.sessionCommands = ''
|
||||
@ -122,11 +83,16 @@
|
||||
KEYBOARD_KEY_70027=reserved
|
||||
'';
|
||||
|
||||
# ignore power key
|
||||
|
||||
# update cpu microcode
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
hardware.opengl.enable = true;
|
||||
hardware.opengl.extraPackages = [
|
||||
pkgs.amdvlk
|
||||
pkgs.rocm-opencl-icd
|
||||
pkgs.rocm-opencl-runtime
|
||||
];
|
||||
|
||||
# suspend to disk
|
||||
swapDevices = [{
|
||||
device = "/swapfile";
|
||||
@ -139,4 +105,8 @@
|
||||
|
||||
# firefox touchscreen support
|
||||
environment.sessionVariables.MOZ_USE_XINPUT2 = "1";
|
||||
# reinit usb after docking station connect
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="drm", ACTION=="change", RUN+="${pkgs.dash}/bin/dash -c 'echo 0 > /sys/bus/usb/devices/usb9/authorized; echo 1 > /sys/bus/usb/devices/usb9/authorized'"
|
||||
'';
|
||||
}
|
||||
|
@ -6,7 +6,8 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/nfs-dl.nix>
|
||||
<stockholm/lass/2configs/pipewire.nix>
|
||||
# <stockholm/lass/2configs/nfs-dl.nix>
|
||||
{
|
||||
# bubsy config
|
||||
users.users.bubsy = {
|
||||
@ -17,22 +18,20 @@ with import <stockholm/lib>;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"networkmanager"
|
||||
"pipewire"
|
||||
# "plugdev"
|
||||
];
|
||||
useDefaultShell = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
networking.networkmanager.enable = true;
|
||||
networking.wireless.enable = mkForce false;
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
programs.chromium = {
|
||||
enable = true;
|
||||
extensions = [
|
||||
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
|
||||
];
|
||||
};
|
||||
# programs.chromium = {
|
||||
# enable = true;
|
||||
# extensions = [
|
||||
# "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
|
||||
# ];
|
||||
# };
|
||||
environment.systemPackages = with pkgs; [
|
||||
ark
|
||||
pavucontrol
|
||||
@ -48,7 +47,9 @@ with import <stockholm/lib>;
|
||||
geeqie
|
||||
vlc
|
||||
zsnes
|
||||
telegram-desktop
|
||||
];
|
||||
# services.udev.packages = [ pkgs.ledger-udev-rules ];
|
||||
nixpkgs.config.firefox.enableAdobeFlash = true;
|
||||
services.xserver.enable = true;
|
||||
services.xserver.displayManager.lightdm.enable = true;
|
||||
@ -72,12 +73,10 @@ with import <stockholm/lib>;
|
||||
"networkmanager"
|
||||
"plugdev"
|
||||
];
|
||||
packages = let
|
||||
unstable = import <nixpkgs-unstable> { config.allowUnfree = true; };
|
||||
in [
|
||||
packages = [
|
||||
pkgs.electrum
|
||||
pkgs.electron-cash
|
||||
unstable.ledger-live-desktop
|
||||
pkgs.ledger-live-desktop
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -4,6 +4,9 @@
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/monitoring/prometheus.nix>
|
||||
<stockholm/lass/2configs/monitoring/telegraf.nix>
|
||||
<stockholm/lass/2configs/consul.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.dishfire;
|
||||
|
@ -4,13 +4,8 @@
|
||||
<stockholm/lass>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/baseX.nix>
|
||||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/network-manager.nix>
|
||||
<stockholm/lass/2configs/mail.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/nfs-dl.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.hilum;
|
||||
|
@ -10,18 +10,14 @@
|
||||
partitions = [
|
||||
{
|
||||
name = "boot";
|
||||
type = "partition";
|
||||
start = "0";
|
||||
end = "1M";
|
||||
part-type = "primary";
|
||||
flags = ["bios_grub"];
|
||||
}
|
||||
{
|
||||
type = "partition";
|
||||
name = "ESP";
|
||||
start = "1MiB";
|
||||
start = "1M";
|
||||
end = "50%";
|
||||
fs-type = "fat32";
|
||||
bootable = true;
|
||||
content = {
|
||||
type = "filesystem";
|
||||
@ -31,19 +27,13 @@
|
||||
}
|
||||
{
|
||||
name = "root";
|
||||
type = "partition";
|
||||
start = "50%";
|
||||
end = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "hilum_luks";
|
||||
keyFile = keyFile;
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "xfs";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
@ -3,9 +3,13 @@ set -efux
|
||||
|
||||
disk=$1
|
||||
|
||||
cd "$(dirname "$0")"
|
||||
export NIXPKGS_ALLOW_UNFREE=1
|
||||
(umask 077; pass show admin/hilum/luks > /tmp/hilum.luks)
|
||||
trap 'rm -f /tmp/hilum.luks' EXIT
|
||||
echo "$disk" > /tmp/hilum-disk
|
||||
trap 'rm -f /tmp/hilum-disk' EXIT
|
||||
|
||||
stockholm_root=$(git rev-parse --show-toplevel)
|
||||
ssh root@localhost -t -- $(nix-build \
|
||||
--no-out-link \
|
||||
@ -31,7 +35,9 @@ $(nix-build \
|
||||
--arg force true
|
||||
)
|
||||
ssh root@localhost << SSH
|
||||
NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-root-password --root /mnt/hilum -I /var/src
|
||||
set -efux
|
||||
mkdir -p /mnt/hilum/etc
|
||||
NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-bootloader --no-root-password --root /mnt/hilum -I /var/src
|
||||
nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader
|
||||
umount -Rv /mnt/hilum
|
||||
SSH
|
||||
|
@ -15,7 +15,7 @@
|
||||
;
|
||||
in lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = tryFile "/etc/hilum-disk" "/dev/sdz";
|
||||
default = tryFile "/etc/hilum-disk" (tryFile "/tmp/hilum-disk" "/dev/sdz");
|
||||
};
|
||||
config.environment.etc.hilum-disk.text = config.mainDisk;
|
||||
}
|
||||
@ -47,4 +47,7 @@
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
|
||||
#weird bug with nixos-enter
|
||||
services.logrotate.enable = false;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
@ -8,6 +8,7 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/mouse.nix>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/baseX.nix>
|
||||
<stockholm/lass/2configs/pipewire.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
@ -17,10 +18,8 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/elster.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
<stockholm/lass/2configs/wine.nix>
|
||||
<stockholm/lass/2configs/git.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/mail.nix>
|
||||
<stockholm/krebs/2configs/ircd.nix>
|
||||
<stockholm/lass/2configs/logf.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/sync/sync.nix>
|
||||
@ -104,28 +103,9 @@ with import <stockholm/lib>;
|
||||
|
||||
dnsutils
|
||||
woeusb
|
||||
l-gen-secrets
|
||||
generate-secrets
|
||||
(pkgs.writeDashBin "btc-coinbase" ''
|
||||
${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
|
||||
'')
|
||||
(pkgs.writeDashBin "btc-wex" ''
|
||||
${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg'
|
||||
'')
|
||||
(pkgs.writeDashBin "btc-kraken" ''
|
||||
${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]'
|
||||
'')
|
||||
(pkgs.writeDashBin "krebsco.de" ''
|
||||
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
||||
${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json
|
||||
OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import
|
||||
${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
|
||||
'')
|
||||
(pkgs.writeDashBin "lassul.us" ''
|
||||
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
||||
${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json
|
||||
OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us
|
||||
${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
|
||||
(pkgs.writeDashBin "play-on" ''
|
||||
HOST=$(echo 'styx\nshodan' | fzfmenu)
|
||||
ssh -t "$HOST" -- mpv "$@"
|
||||
'')
|
||||
];
|
||||
|
||||
|
@ -2,9 +2,11 @@
|
||||
imports = [
|
||||
./config.nix
|
||||
<stockholm/lass/2configs/hw/x220.nix>
|
||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||
<stockholm/lass/2configs/boot/universal.nix>
|
||||
];
|
||||
|
||||
boot.kernelParams = [ "acpi_backlight=native" ];
|
||||
|
||||
fileSystems = {
|
||||
"/bku" = {
|
||||
device = "/dev/mapper/pool-bku";
|
||||
|
@ -4,6 +4,9 @@
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/mail/internet-gateway.nix>
|
||||
<stockholm/lass/2configs/binary-cache/server.nix>
|
||||
<stockholm/lass/2configs/matrix.nix>
|
||||
<stockholm/lass/2configs/gsm-wiki.nix>
|
||||
|
||||
# sync-containers
|
||||
@ -26,7 +29,23 @@
|
||||
krebs.build.host = config.krebs.hosts.neoprism;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
services.nginx.enable = true;
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "acme@lassul.us";
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
enableReload = true;
|
||||
|
||||
virtualHosts.default = {
|
||||
default = true;
|
||||
locations."= /etc/os-release".extraConfig = ''
|
||||
default_type text/plain;
|
||||
alias /etc/os-release;
|
||||
'';
|
||||
locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -4,40 +4,27 @@
|
||||
type = "disk";
|
||||
device = disk;
|
||||
content = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
partitions = [
|
||||
{
|
||||
name = "boot";
|
||||
type = "partition";
|
||||
start = "0";
|
||||
end = "1M";
|
||||
part-type = "primary";
|
||||
flags = ["bios_grub"];
|
||||
}
|
||||
{
|
||||
type = "partition";
|
||||
name = "ESP";
|
||||
start = "1M";
|
||||
end = "1GiB";
|
||||
fs-type = "fat32";
|
||||
bootable = true;
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
size = "1M";
|
||||
type = "EF02";
|
||||
};
|
||||
ESP = {
|
||||
size = "1G";
|
||||
content = {
|
||||
type = "mdraid";
|
||||
name = "boot";
|
||||
};
|
||||
}
|
||||
{
|
||||
type = "partition";
|
||||
name = "zfs";
|
||||
start = "1GiB";
|
||||
end = "100%";
|
||||
};
|
||||
zfs = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "zfs";
|
||||
pool = "zroot";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
})) // {
|
||||
hdd1 = {
|
||||
@ -69,7 +56,7 @@
|
||||
rootFsOptions = {
|
||||
};
|
||||
datasets.reserved = {
|
||||
zfs_type = "filesystem";
|
||||
type = "zfs_fs";
|
||||
options.refreservation = "1G";
|
||||
};
|
||||
};
|
||||
@ -77,38 +64,53 @@
|
||||
type = "zpool";
|
||||
datasets = {
|
||||
reserved = {
|
||||
zfs_type = "filesystem";
|
||||
type = "zfs_fs";
|
||||
options.refreservation = "1G";
|
||||
};
|
||||
containers = {
|
||||
zfs_type = "filesystem";
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/var/lib/containers";
|
||||
options = {
|
||||
canmount = "noauto";
|
||||
};
|
||||
};
|
||||
home = {
|
||||
zfs_type = "filesystem";
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/home";
|
||||
options = {
|
||||
canmount = "noauto";
|
||||
};
|
||||
};
|
||||
srv = {
|
||||
zfs_type = "filesystem";
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/srv";
|
||||
options = {
|
||||
canmount = "noauto";
|
||||
};
|
||||
};
|
||||
libvirt = {
|
||||
zfs_type = "filesystem";
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/var/lib/libvirt";
|
||||
options = {
|
||||
canmount = "noauto";
|
||||
};
|
||||
};
|
||||
# encrypted = {
|
||||
# zfs_type = "filesystem";
|
||||
# type = "zfs_fs";
|
||||
# options = {
|
||||
# canmount = "noauto";
|
||||
# mountpoint = "none";
|
||||
# encryption = "aes-256-gcm";
|
||||
# keyformat = "passphrase";
|
||||
# keylocation = "prompt";
|
||||
# };
|
||||
# };
|
||||
|
||||
# "encrypted/download" = {
|
||||
# zfs_type = "filesystem";
|
||||
# type = "zfs_fs";
|
||||
# mountpoint = "/var/download";
|
||||
# options = {
|
||||
# canmount = "noauto";
|
||||
# };
|
||||
# };
|
||||
};
|
||||
};
|
||||
|
@ -8,6 +8,8 @@
|
||||
];
|
||||
|
||||
disko.devices = import ./disk.nix;
|
||||
networking.hostId = "9c0a74ac";
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.efiSupport = true;
|
||||
@ -17,26 +19,58 @@
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
|
||||
# networking config
|
||||
boot.kernelParams = [ "net.ifnames=0" ];
|
||||
networking.bridges."ext-br".interfaces = [ "eth0" ];
|
||||
networking = {
|
||||
hostId = "2283aaae";
|
||||
defaultGateway = "95.217.192.1";
|
||||
defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; };
|
||||
# Use google's public DNS server
|
||||
nameservers = [ "8.8.8.8" ];
|
||||
interfaces.ext-br.ipv4.addresses = [
|
||||
{
|
||||
address = "95.217.192.59";
|
||||
prefixLength = 26;
|
||||
}
|
||||
networking.useNetworkd = true;
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
config = {
|
||||
networkConfig.SpeedMeter = true;
|
||||
};
|
||||
# netdevs.ext-br.netdevConfig = {
|
||||
# Kind = "bridge";
|
||||
# Name = "ext-br";
|
||||
# MACAddress = "a8:a1:59:0f:2d:69";
|
||||
# };
|
||||
# networks.ext-br = {
|
||||
# name = "ext-br";
|
||||
# address = [
|
||||
# "95.217.192.59/26"
|
||||
# "2a01:4f9:4a:4f1a::1/64"
|
||||
# ];
|
||||
# gateway = [
|
||||
# "95.217.192.1"
|
||||
# "fe80::1"
|
||||
# ];
|
||||
# };
|
||||
networks.eth0 = {
|
||||
#bridge = [ "ext-br" ];
|
||||
matchConfig.Name = "eth0";
|
||||
address = [
|
||||
"95.217.192.59/26"
|
||||
"2a01:4f9:4a:4f1a::1/64"
|
||||
];
|
||||
interfaces.ext-br.ipv6.addresses = [
|
||||
{
|
||||
address = "2a01:4f9:4a:4f1a::1";
|
||||
prefixLength = 64;
|
||||
}
|
||||
gateway = [
|
||||
"95.217.192.1"
|
||||
"fe80::1"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
networking.useDHCP = false;
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
enable = true;
|
||||
authorizedKeys = [ config.krebs.users.lass.pubkey ];
|
||||
port = 2222;
|
||||
hostKeys = [
|
||||
(toString <secrets/ssh.id_ed25519>)
|
||||
(toString <secrets/ssh.id_rsa>)
|
||||
];
|
||||
};
|
||||
};
|
||||
boot.kernelParams = [
|
||||
"net.ifnames=0"
|
||||
"ip=dhcp"
|
||||
"boot.trace"
|
||||
];
|
||||
}
|
||||
|
@ -83,6 +83,9 @@
|
||||
boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" ];
|
||||
networking.dhcpcd.enable = false;
|
||||
|
||||
|
||||
networking.useNetworkd = lib.mkForce false;
|
||||
systemd.network.enable = lib.mkForce false;
|
||||
# bridge config
|
||||
networking.bridges."ext-br".interfaces = [ "eth0" ];
|
||||
networking = {
|
||||
|
@ -13,6 +13,7 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/nfs-dl.nix>
|
||||
<stockholm/lass/2configs/yellow-mounts/samba.nix>
|
||||
<stockholm/lass/2configs/gg23.nix>
|
||||
<stockholm/lass/2configs/hass>
|
||||
<stockholm/lass/2configs/green-host.nix>
|
||||
@ -30,13 +31,37 @@ with import <stockholm/lib>;
|
||||
|
||||
krebs.build.host = config.krebs.hosts.styx;
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport ${toString config.services.smokeping.port}"; target = "ACCEPT"; }
|
||||
];
|
||||
networking.firewall.interfaces.int0.allowedTCPPorts = [ config.services.smokeping.port ];
|
||||
networking.firewall.interfaces.retiolum.allowedTCPPorts = [ config.services.smokeping.port ];
|
||||
networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ config.services.smokeping.port ];
|
||||
krebs.power-action.enable = mkForce false;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
wol
|
||||
(writeDashBin "wake-alien" ''
|
||||
${wol}/bin/wol -h 10.42.0.255 10:65:30:68:83:a3
|
||||
'')
|
||||
(writers.writeDashBin "iptv" ''
|
||||
set -efu
|
||||
/run/current-system/sw/bin/mpv \
|
||||
--audio-display=no --audio-channels=stereo \
|
||||
--audio-samplerate=48000 --audio-format=s16 \
|
||||
--ao-pcm-file=/run/snapserver/snapfifo --ao=pcm \
|
||||
--audio-delay=-1 \
|
||||
--playlist=https://iptv-org.github.io/iptv/index.nsfw.m3u \
|
||||
--idle=yes \
|
||||
--input-ipc-server=/tmp/mpv.ipc \
|
||||
"$@"
|
||||
'')
|
||||
];
|
||||
|
||||
users.users.mainUser.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass-android.pubkey
|
||||
];
|
||||
# http://10.42.0.1:8081/smokeping.fcgi
|
||||
services.smokeping = {
|
||||
enable = true;
|
||||
host = null;
|
||||
targetConfig = ''
|
||||
probe = FPing
|
||||
menu = top
|
||||
@ -84,5 +109,8 @@ with import <stockholm/lib>;
|
||||
host = prism.r
|
||||
'';
|
||||
};
|
||||
|
||||
# for usb internet
|
||||
hardware.usbWwan.enable = true;
|
||||
}
|
||||
|
||||
|
@ -42,4 +42,235 @@ with import <stockholm/lib>;
|
||||
/var/src/secrets/nextcloud.pw /run/nextcloud.pw
|
||||
''}"
|
||||
];
|
||||
|
||||
# mail
|
||||
lass.usershadow.enable = true;
|
||||
services.nginx.virtualHosts."mail.ubikmedia.eu" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
services.roundcube = {
|
||||
enable = true;
|
||||
hostName = "mail.ubikmedia.eu";
|
||||
extraConfig = ''
|
||||
$config['smtp_debug'] = true;
|
||||
$config['smtp_host'] = "localhost:25";
|
||||
'';
|
||||
};
|
||||
services.dovecot2 = {
|
||||
enable = true;
|
||||
showPAMFailure = true;
|
||||
mailLocation = "maildir:~/Mail";
|
||||
sslServerCert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem";
|
||||
sslServerKey = "/var/lib/acme/mail.ubikmedia.eu/key.pem";
|
||||
};
|
||||
krebs.exim-smarthost = {
|
||||
ssl_cert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem";
|
||||
ssl_key = "/var/lib/acme/mail.ubikmedia.eu/key.pem";
|
||||
authenticators.PLAIN = ''
|
||||
driver = plaintext
|
||||
public_name = PLAIN
|
||||
server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
|
||||
'';
|
||||
authenticators.LOGIN = ''
|
||||
driver = plaintext
|
||||
public_name = LOGIN
|
||||
server_prompts = "Username:: : Password::"
|
||||
server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
|
||||
# server_condition = ''${run{/run/current-system/sw/bin/debug_exim ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
|
||||
'';
|
||||
internet-aliases = [
|
||||
{ from = "dma@ubikmedia.de"; to = "domsen"; }
|
||||
{ from = "dma@ubikmedia.eu"; to = "domsen"; }
|
||||
{ from = "hallo@apanowicz.de"; to = "domsen"; }
|
||||
{ from = "bruno@apanowicz.de"; to = "bruno"; }
|
||||
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
|
||||
{ from = "jms@ubikmedia.eu"; to = "jms"; }
|
||||
{ from = "ms@ubikmedia.eu"; to = "ms"; }
|
||||
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
|
||||
{ from = "kontakt@alewis.de"; to ="klabusterbeere"; }
|
||||
{ from = "hallo@jarugadesign.de"; to ="kasia"; }
|
||||
{ from = "noreply@beeshmooth.ch"; to ="besmooth@gmx.ch"; }
|
||||
|
||||
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
|
||||
];
|
||||
sender_domains = [
|
||||
"jla-trading.com"
|
||||
"ubikmedia.eu"
|
||||
"ubikmedia.de"
|
||||
"apanowicz.de"
|
||||
"alewis.de"
|
||||
"jarugadesign.de"
|
||||
"beesmooth.ch"
|
||||
"event-extra.de"
|
||||
];
|
||||
dkim = [
|
||||
{ domain = "ubikmedia.eu"; }
|
||||
{ domain = "apanowicz.de"; }
|
||||
{ domain = "beesmooth.ch"; }
|
||||
];
|
||||
};
|
||||
|
||||
# users
|
||||
users.users.UBIK-SFTP = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "UBIK-SFTP";
|
||||
home = "/home/UBIK-SFTP";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.xanf = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "xanf";
|
||||
group = "xanf";
|
||||
home = "/home/xanf";
|
||||
useDefaultShell = true;
|
||||
createHome = false; # creathome forces permissions
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.domsen = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "domsen";
|
||||
description = "maintenance acc for domsen";
|
||||
home = "/home/domsen";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "syncthing" "download" "xanf" ];
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.bruno = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "bruno";
|
||||
home = "/home/bruno";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.jla-trading = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "jla-trading";
|
||||
home = "/home/jla-trading";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.jms = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "jms";
|
||||
home = "/home/jms";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.ms = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "ms";
|
||||
home = "/home/ms";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.testuser = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "testuser";
|
||||
home = "/home/testuser";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.bui = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "bui";
|
||||
home = "/home/bui";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.klabusterbeere = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "klabusterbeere";
|
||||
home = "/home/klabusterbeere";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.kasia = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "kasia";
|
||||
home = "/home/kasia";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.XANF_TEAM = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "XANF_TEAM";
|
||||
group = "xanf";
|
||||
home = "/home/XANF_TEAM";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.dif = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "dif";
|
||||
home = "/home/dif";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "xanf" ];
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.lavafilms = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "lavafilms";
|
||||
home = "/home/lavafilms";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "xanf" ];
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.movematchers = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "movematchers";
|
||||
home = "/home/movematchers";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "xanf" ];
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.blackphoton = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "blackphoton";
|
||||
home = "/home/blackphoton";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "xanf" ];
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.line = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "line";
|
||||
home = "/home/line";
|
||||
useDefaultShell = true;
|
||||
# extraGroups = [ "xanf" ];
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.avada = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "avada";
|
||||
home = "/home/avada";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.familienrat = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "familienrat";
|
||||
home = "/home/familienrat";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -1,6 +1,7 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
systemd.services.antimicrox = {
|
||||
after = [ "display-manager.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
DISPLAY = ":0";
|
||||
@ -8,18 +9,23 @@
|
||||
serviceConfig = {
|
||||
User = config.users.users.mainUser.name;
|
||||
ExecStartPre = lib.singleton (pkgs.writeDash "init_state" "echo 0 > /tmp/gamepad.state");
|
||||
ExecStart = "${pkgs.antimicrox}/bin/antimicrox --no-tray --hidden --profile ${./mouse.amgp}";
|
||||
ExecStart = "${pkgs.antimicrox}/bin/antimicrox --hidden --profile ${./mouse.gamecontroller.amgp}";
|
||||
};
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_node=uinput"
|
||||
'';
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.antimicrox
|
||||
(pkgs.writers.writeDashBin "gamepad_mouse_disable" ''
|
||||
echo 1 > /tmp/gamepad.state
|
||||
${pkgs.antimicrox}/bin/antimicrox --profile ${./empty.amgp}
|
||||
${pkgs.antimicrox}/bin/antimicrox --profile ${./empty.gamecontroller.amgp}
|
||||
'')
|
||||
(pkgs.writers.writeDashBin "gamepad_mouse_enable" ''
|
||||
echo 0 > /tmp/gamepad.state
|
||||
${pkgs.antimicrox}/bin/antimicrox --profile ${./mouse.amgp}
|
||||
${pkgs.antimicrox}/bin/antimicrox --profile ${./mouse.gamecontroller.amgp}
|
||||
'')
|
||||
(pkgs.writers.writeDashBin "gamepad_mouse_toggle" ''
|
||||
state=$(${pkgs.coreutils}/bin/cat /tmp/gamepad.state)
|
||||
|
@ -23,7 +23,8 @@
|
||||
<maxZone>29501</maxZone>
|
||||
<modifierZone>1412</modifierZone>
|
||||
<diagonalRange>90</diagonalRange>
|
||||
<stickbutton index="7">
|
||||
<squareStick>100</squareStick>
|
||||
<stickbutton index="1">
|
||||
<mousespeedx>74</mousespeedx>
|
||||
<mousespeedy>74</mousespeedy>
|
||||
<accelerationmultiplier>4</accelerationmultiplier>
|
||||
@ -32,12 +33,26 @@
|
||||
<extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>3</code>
|
||||
<code>1</code>
|
||||
<mode>mousemovement</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</stickbutton>
|
||||
<stickbutton index="6">
|
||||
<stickbutton index="3">
|
||||
<mousespeedx>74</mousespeedx>
|
||||
<mousespeedy>74</mousespeedy>
|
||||
<accelerationmultiplier>4</accelerationmultiplier>
|
||||
<startaccelmultiplier>20</startaccelmultiplier>
|
||||
<minaccelthreshold>3</minaccelthreshold>
|
||||
<extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>4</code>
|
||||
<mode>mousemovement</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</stickbutton>
|
||||
<stickbutton index="2">
|
||||
<mousespeedx>74</mousespeedx>
|
||||
<mousespeedy>74</mousespeedy>
|
||||
</stickbutton>
|
||||
@ -59,7 +74,7 @@
|
||||
<mousespeedx>74</mousespeedx>
|
||||
<mousespeedy>74</mousespeedy>
|
||||
</stickbutton>
|
||||
<stickbutton index="3">
|
||||
<stickbutton index="7">
|
||||
<mousespeedx>74</mousespeedx>
|
||||
<mousespeedy>74</mousespeedy>
|
||||
<accelerationmultiplier>4</accelerationmultiplier>
|
||||
@ -68,29 +83,15 @@
|
||||
<extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>4</code>
|
||||
<code>3</code>
|
||||
<mode>mousemovement</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</stickbutton>
|
||||
<stickbutton index="2">
|
||||
<stickbutton index="6">
|
||||
<mousespeedx>74</mousespeedx>
|
||||
<mousespeedy>74</mousespeedy>
|
||||
</stickbutton>
|
||||
<stickbutton index="1">
|
||||
<mousespeedx>74</mousespeedx>
|
||||
<mousespeedy>74</mousespeedy>
|
||||
<accelerationmultiplier>4</accelerationmultiplier>
|
||||
<startaccelmultiplier>20</startaccelmultiplier>
|
||||
<minaccelthreshold>3</minaccelthreshold>
|
||||
<extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>1</code>
|
||||
<mode>mousemovement</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</stickbutton>
|
||||
<stickbutton index="8">
|
||||
<mousespeedx>74</mousespeedx>
|
||||
<mousespeedy>74</mousespeedy>
|
||||
@ -99,16 +100,25 @@
|
||||
<stick index="1">
|
||||
<deadZone>2578</deadZone>
|
||||
<maxZone>30799</maxZone>
|
||||
<stickbutton index="7">
|
||||
<stickbutton index="1">
|
||||
<mouseacceleration>linear</mouseacceleration>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>6</code>
|
||||
<code>4</code>
|
||||
<mode>mousebutton</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</stickbutton>
|
||||
<stickbutton index="6">
|
||||
<stickbutton index="3">
|
||||
<mouseacceleration>linear</mouseacceleration>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>7</code>
|
||||
<mode>mousebutton</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</stickbutton>
|
||||
<stickbutton index="2">
|
||||
<mouseacceleration>linear</mouseacceleration>
|
||||
</stickbutton>
|
||||
<stickbutton index="5">
|
||||
@ -123,42 +133,33 @@
|
||||
<stickbutton index="4">
|
||||
<mouseacceleration>linear</mouseacceleration>
|
||||
</stickbutton>
|
||||
<stickbutton index="3">
|
||||
<stickbutton index="7">
|
||||
<mouseacceleration>linear</mouseacceleration>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>7</code>
|
||||
<code>6</code>
|
||||
<mode>mousebutton</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</stickbutton>
|
||||
<stickbutton index="2">
|
||||
<stickbutton index="6">
|
||||
<mouseacceleration>linear</mouseacceleration>
|
||||
</stickbutton>
|
||||
<stickbutton index="1">
|
||||
<mouseacceleration>linear</mouseacceleration>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>4</code>
|
||||
<mode>mousebutton</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</stickbutton>
|
||||
<stickbutton index="8">
|
||||
<mouseacceleration>linear</mouseacceleration>
|
||||
</stickbutton>
|
||||
</stick>
|
||||
<dpad index="1">
|
||||
<dpadbutton index="6">
|
||||
<dpadbutton index="12">
|
||||
<wheelspeedx>2</wheelspeedx>
|
||||
<wheelspeedy>10</wheelspeedy>
|
||||
</dpadbutton>
|
||||
<dpadbutton index="4">
|
||||
<wheelspeedx>2</wheelspeedx>
|
||||
<dpadbutton index="1">
|
||||
<wheelspeedx>10</wheelspeedx>
|
||||
<wheelspeedy>10</wheelspeedy>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>0x1000017</code>
|
||||
<code>0x1000013</code>
|
||||
<mode>keyboard</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
@ -172,22 +173,22 @@
|
||||
<wheelspeedy>10</wheelspeedy>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>0x1000011</code>
|
||||
<code>0x1000014</code>
|
||||
<mode>keyboard</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</dpadbutton>
|
||||
<dpadbutton index="1">
|
||||
<wheelspeedx>10</wheelspeedx>
|
||||
<dpadbutton index="4">
|
||||
<wheelspeedx>2</wheelspeedx>
|
||||
<wheelspeedy>10</wheelspeedy>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>0x1000016</code>
|
||||
<code>0x1000015</code>
|
||||
<mode>keyboard</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</dpadbutton>
|
||||
<dpadbutton index="12">
|
||||
<dpadbutton index="6">
|
||||
<wheelspeedx>2</wheelspeedx>
|
||||
<wheelspeedy>10</wheelspeedy>
|
||||
</dpadbutton>
|
||||
@ -200,7 +201,7 @@
|
||||
<wheelspeedy>10</wheelspeedy>
|
||||
<slots>
|
||||
<slot>
|
||||
<code>0x1000010</code>
|
||||
<code>0x1000012</code>
|
||||
<mode>keyboard</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
@ -235,22 +236,6 @@
|
||||
</slot>
|
||||
</slots>
|
||||
</button>
|
||||
<button index="5">
|
||||
<slots>
|
||||
<slot>
|
||||
<code>1</code>
|
||||
<mode>mousebutton</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</button>
|
||||
<button index="3">
|
||||
<slots>
|
||||
<slot>
|
||||
<code>2</code>
|
||||
<mode>mousebutton</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</button>
|
||||
<button index="2">
|
||||
<slots>
|
||||
<slot>
|
||||
@ -267,6 +252,30 @@
|
||||
</slot>
|
||||
</slots>
|
||||
</button>
|
||||
<button index="4">
|
||||
<slots>
|
||||
<slot>
|
||||
<code>0x1000004</code>
|
||||
<mode>keyboard</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</button>
|
||||
<button index="3">
|
||||
<slots>
|
||||
<slot>
|
||||
<code>2</code>
|
||||
<mode>mousebutton</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</button>
|
||||
<button index="5">
|
||||
<slots>
|
||||
<slot>
|
||||
<code>1</code>
|
||||
<mode>mousebutton</mode>
|
||||
</slot>
|
||||
</slots>
|
||||
</button>
|
||||
</set>
|
||||
</sets>
|
||||
</gamecontroller>
|
@ -1,38 +1,10 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
services.postgresql = {
|
||||
services.atuin = {
|
||||
enable = true;
|
||||
dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
|
||||
ensureDatabases = [ "atuin" ];
|
||||
ensureUsers = [{
|
||||
name = "atuin";
|
||||
ensurePermissions."DATABASE atuin" = "ALL PRIVILEGES";
|
||||
}];
|
||||
};
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/state/postgresql 0700 postgres postgres -"
|
||||
];
|
||||
users.groups.atuin = {};
|
||||
users.users.atuin = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "atuin";
|
||||
isSystemUser = true;
|
||||
group = "atuin";
|
||||
home = "/run/atuin";
|
||||
createHome = true;
|
||||
host = "0.0.0.0";
|
||||
maxHistoryLength = 1000000;
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
systemd.services.atuin = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
ATUIN_HOST = "0.0.0.0";
|
||||
ATUIN_PORT = "8888";
|
||||
ATUIN_OPEN_REGISTRATION = "true";
|
||||
ATUIN_DB_URI = "postgres:///atuin";
|
||||
};
|
||||
serviceConfig = {
|
||||
User = "atuin";
|
||||
ExecStart = "${pkgs.atuin}/bin/atuin server start";
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 8888 ];
|
||||
}
|
||||
|
@ -89,16 +89,30 @@ in {
|
||||
x11vnc
|
||||
xclip
|
||||
xephyrify
|
||||
xorg.xmodmap
|
||||
xorg.xhost
|
||||
xdotool
|
||||
xsel
|
||||
zathura
|
||||
flameshot
|
||||
(pkgs.writeDashBin "screenshot" ''
|
||||
set -efu
|
||||
|
||||
${pkgs.flameshot}/bin/flameshot gui
|
||||
${pkgs.flameshot}/bin/flameshot gui &&
|
||||
${pkgs.klem}/bin/klem
|
||||
'')
|
||||
(pkgs.writers.writeDashBin "IM" ''
|
||||
${pkgs.mosh}/bin/mosh green.r -- tmux new-session -A -s IM -- weechat
|
||||
'')
|
||||
(pkgs.writers.writeDashBin "deploy_hm" ''
|
||||
target=$1
|
||||
shift
|
||||
|
||||
hm_profile=$(${pkgs.home-manager}/bin/home-manager -f ~/sync/stockholm/lass/2configs/home-manager.nix build "$@")
|
||||
nix-copy-closure --to "$target" "$hm_profile"
|
||||
ssh "$target" -- "$hm_profile"/activate
|
||||
'')
|
||||
zbar
|
||||
];
|
||||
|
||||
services.udev.extraRules = ''
|
||||
@ -114,6 +128,7 @@ in {
|
||||
xkbVariant = "altgr-intl";
|
||||
xkbOptions = "caps:escape";
|
||||
libinput.enable = true;
|
||||
exportConfiguration = true;
|
||||
displayManager = {
|
||||
lightdm.enable = true;
|
||||
defaultSession = "none+xmonad";
|
||||
@ -130,7 +145,6 @@ in {
|
||||
};
|
||||
|
||||
krebs.xresources.enable = true;
|
||||
lass.screenlock.enable = true;
|
||||
|
||||
lass.klem = {
|
||||
kpaste.script = pkgs.writeDash "kpaste-wrapper" ''
|
||||
@ -152,7 +166,7 @@ in {
|
||||
qrcode = {
|
||||
target = "image";
|
||||
script = pkgs.writeDash "zbar" ''
|
||||
${pkgs.zbar}/bin/zbarimg -q -
|
||||
${pkgs.zbar}/bin/zbarimg -q --raw -
|
||||
'';
|
||||
};
|
||||
ocr = {
|
||||
|
11
lass/2configs/boot/universal.nix
Normal file
11
lass/2configs/boot/universal.nix
Normal file
@ -0,0 +1,11 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
boot = {
|
||||
loader.grub.enable = true;
|
||||
loader.grub.version = 2;
|
||||
loader.grub.device = "/dev/sda";
|
||||
loader.grub.efiSupport = true;
|
||||
loader.grub.efiInstallAsRemovable = true;
|
||||
};
|
||||
}
|
@ -21,7 +21,7 @@ in {
|
||||
};
|
||||
|
||||
security.acme.certs.${domain}.group = "hedgecert";
|
||||
users.groups.hedgecert.members = [ "codimd" "nginx" ];
|
||||
users.groups.hedgecert.members = [ "hedgedoc" "nginx" ];
|
||||
|
||||
security.dhparams = {
|
||||
enable = true;
|
||||
@ -35,10 +35,10 @@ in {
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
configuration.allowOrigin = [ domain ];
|
||||
configuration = {
|
||||
settings = {
|
||||
db = {
|
||||
dialect = "sqlite";
|
||||
storage = "/var/lib/codimd/db.codimd.sqlite";
|
||||
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
|
||||
};
|
||||
useCDN = false;
|
||||
port = 3091;
|
||||
|
@ -12,6 +12,7 @@ with import <stockholm/lib>;
|
||||
./wiregrill.nix
|
||||
./tmux.nix
|
||||
./tor-ssh.nix
|
||||
./networkd.nix
|
||||
{
|
||||
users.extraUsers =
|
||||
mapAttrs (_: h: { hashedPassword = h; })
|
||||
|
@ -41,8 +41,7 @@ in {
|
||||
configWritable = true;
|
||||
lovelaceConfigWritable = true;
|
||||
config = let
|
||||
tasmota_s20 = name: topic: {
|
||||
platform = "mqtt";
|
||||
tasmota = name: topic: {
|
||||
inherit name;
|
||||
state_topic = "stat/${topic}/POWER";
|
||||
command_topic = "cmnd/${topic}/POWER";
|
||||
@ -57,7 +56,7 @@ in {
|
||||
longitude = "13.41489";
|
||||
elevation = 90;
|
||||
unit_system = "metric";
|
||||
customize = friendly_names;
|
||||
# customize = friendly_names;
|
||||
};
|
||||
config = {};
|
||||
sun.elevation = 66;
|
||||
@ -65,36 +64,37 @@ in {
|
||||
discovery = {};
|
||||
frontend = {};
|
||||
http = {};
|
||||
mqtt = {
|
||||
broker = "localhost";
|
||||
port = 1883;
|
||||
client_id = "home-assistant";
|
||||
username = "gg23";
|
||||
password = "gg23-mqtt";
|
||||
keepalive = 60;
|
||||
protocol = 3.1;
|
||||
# mqtt = {
|
||||
# broker = "localhost";
|
||||
# port = 1883;
|
||||
# client_id = "home-assistant";
|
||||
# username = "gg23";
|
||||
# password = "gg23-mqtt";
|
||||
# keepalive = 60;
|
||||
# protocol = 3.1;
|
||||
|
||||
discovery = true;
|
||||
birth_message = {
|
||||
topic = "/hass/status";
|
||||
payload = "online";
|
||||
};
|
||||
will_message = {
|
||||
topic = "/hass/status";
|
||||
payload = "offline";
|
||||
};
|
||||
};
|
||||
# discovery = true;
|
||||
# birth_message = {
|
||||
# topic = "/hass/status";
|
||||
# payload = "online";
|
||||
# };
|
||||
# will_message = {
|
||||
# topic = "/hass/status";
|
||||
# payload = "offline";
|
||||
# };
|
||||
# };
|
||||
sensor = [
|
||||
{
|
||||
platform = "dwd_weather_warnings";
|
||||
region_name = "Berlin";
|
||||
}
|
||||
];
|
||||
switch = [
|
||||
(tasmota_s20 "TV" "tv")
|
||||
(tasmota_s20 "Drucker Strom" "drucker")
|
||||
(tasmota_s20 "Waschmaschine" "wasch")
|
||||
(tasmota_s20 "Stereo Anlage" "stereo")
|
||||
mqtt.switch = [
|
||||
(tasmota "TV" "tv")
|
||||
(tasmota "Drucker Strom" "drucker")
|
||||
(tasmota "Waschmaschine" "wasch")
|
||||
(tasmota "Stereo Anlage" "stereo")
|
||||
(tasmota "Wohnzimmer Lampe" "wohn_lampe")
|
||||
];
|
||||
mobile_app = {};
|
||||
weather = [
|
||||
@ -106,6 +106,10 @@ in {
|
||||
system_health = {};
|
||||
history = {};
|
||||
shopping_list = {};
|
||||
media_player = {
|
||||
platform = "snapcast";
|
||||
host = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -1,24 +1,24 @@
|
||||
{ lib, ... }:
|
||||
rec {
|
||||
lights = {
|
||||
bett = "0x0017880106ed3bd8";
|
||||
essen = "0x0017880108327622";
|
||||
arbeit = "0x0017880106ee2865";
|
||||
nass = "0x00178801082e9f2f";
|
||||
bett = "l_bett";
|
||||
essen = "l_essen";
|
||||
arbeit = "l_arbeit";
|
||||
nass = "l_nass";
|
||||
};
|
||||
|
||||
switches = {
|
||||
dimmer = {
|
||||
bett = "0x00178801086ac38c";
|
||||
essen = "0x00178801086ad1fb";
|
||||
nass = "0x00178801086ac373";
|
||||
bett = "i_bett";
|
||||
essen = "i_essen";
|
||||
nass = "i_nass";
|
||||
};
|
||||
};
|
||||
|
||||
sensors = {
|
||||
movement = {
|
||||
essen = "0x0017880106f772f2";
|
||||
nass = "0x0017880106f77f30";
|
||||
essen = "s_essen";
|
||||
nass = "s_nass";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -34,117 +34,42 @@ in {
|
||||
advanced = {
|
||||
pan_id = 4222;
|
||||
};
|
||||
devices = let
|
||||
set_device = id: name:
|
||||
lib.nameValuePair id {
|
||||
};
|
||||
in {
|
||||
# lights https://www.zigbee2mqtt.io/devices/9290022166.html#philips-9290022166
|
||||
"0x0017880106ed3bd8".friendly_name = "l_bett";
|
||||
"0x0017880108327622".friendly_name = "l_essen";
|
||||
"0x0017880106ee2865".friendly_name = "l_arbeit";
|
||||
"0x00178801082e9f2f".friendly_name = "l_nass";
|
||||
|
||||
# switches https://www.zigbee2mqtt.io/devices/324131092621.html#philips-324131092621
|
||||
"0x00178801086ac38c".friendly_name = "i_bett";
|
||||
"0x00178801086ad1fb".friendly_name = "i_essen";
|
||||
"0x00178801086ac373".friendly_name = "i_nass";
|
||||
|
||||
# sensors https://www.zigbee2mqtt.io/devices/9290012607.html#philips-9290012607
|
||||
"0x0017880106f772f2".friendly_name = "s_essen";
|
||||
"0x0017880106f77f30".friendly_name = "s_nass";
|
||||
|
||||
# heat https://www.zigbee2mqtt.io/devices/701721.html#popp-701721
|
||||
"0x842e14fffe27109a".friendly_name = "t_bett";
|
||||
"0x842e14fffe269a73".friendly_name = "t_nass";
|
||||
"0x842e14fffe269a56".friendly_name = "t_arbeit";
|
||||
|
||||
# rotation https://www.zigbee2mqtt.io/devices/E1744.html
|
||||
"0x8cf681fffe065493" = {
|
||||
friendly_name = "r_test";
|
||||
device_id = "r_test";
|
||||
simulated_brightness = {
|
||||
delta = 2;
|
||||
interval = 100;
|
||||
};
|
||||
};
|
||||
|
||||
services.home-assistant.config = {
|
||||
sensor = [
|
||||
# Sensor for monitoring the bridge state
|
||||
{
|
||||
platform = "mqtt";
|
||||
name = "Zigbee2mqtt Bridge state";
|
||||
state_topic = "/zigbee2mqtt/bridge/state";
|
||||
icon = "mdi:router-wireless";
|
||||
}
|
||||
# Sensor for Showing the Zigbee2mqtt Version
|
||||
{
|
||||
platform = "mqtt";
|
||||
name = "Zigbee2mqtt Version";
|
||||
state_topic = "/zigbee2mqtt/bridge/config";
|
||||
value_template = "{{ value_json.version }}";
|
||||
icon = "mdi:zigbee";
|
||||
}
|
||||
# Sensor for Showing the Coordinator Version
|
||||
{
|
||||
platform = "mqtt";
|
||||
name = "Coordinator Version";
|
||||
state_topic = "/zigbee2mqtt/bridge/config";
|
||||
value_template = "{{ value_json.coordinator }}";
|
||||
icon = "mdi:chip";
|
||||
}
|
||||
];
|
||||
switch = [
|
||||
{
|
||||
platform = "mqtt";
|
||||
name = "zigbee2mqtt_join";
|
||||
state_topic = "/zigbee2mqtt/bridge/config/permit_join";
|
||||
command_topic = "/zigbee2mqtt/bridge/config/permit_join";
|
||||
payload_on = "true";
|
||||
payload_off = "false";
|
||||
}
|
||||
];
|
||||
automation = [
|
||||
#{
|
||||
# alias = "Zigbee2mqtt Log Level";
|
||||
# initial_state = "on";
|
||||
# trigger = {
|
||||
# platform = "state";
|
||||
# entity_id = "input_select.zigbee2mqtt_log_level";
|
||||
# };
|
||||
# action = [
|
||||
# {
|
||||
# service = "mqtt.publish";
|
||||
# data = {
|
||||
# payload_template = "{{ states('input_select.zigbee2mqtt_log_level') }}";
|
||||
# topic = "/zigbee2mqtt/bridge/config/log_level";
|
||||
# };
|
||||
# }
|
||||
# ];
|
||||
#}
|
||||
# Automation to start timer when enable join is turned on
|
||||
{
|
||||
id = "zigbee_join_enabled";
|
||||
alias = "";
|
||||
trigger = {
|
||||
platform = "state";
|
||||
entity_id = "switch.zigbee2mqtt_join";
|
||||
to = "on";
|
||||
};
|
||||
action = {
|
||||
service = "timer.start";
|
||||
entity_id = "timer.zigbee_permit_join";
|
||||
};
|
||||
}
|
||||
# Automation to stop timer when switch turned off and turn off switch when timer finished
|
||||
{
|
||||
id = "zigbee_join_disabled";
|
||||
trigger = [
|
||||
{
|
||||
platform = "event";
|
||||
event_type = "timer.finished";
|
||||
event_data.entity_id = "timer.zigbee_permit_join";
|
||||
}
|
||||
{
|
||||
platform = "state";
|
||||
entity_id = "switch.zigbee2mqtt_join";
|
||||
to = "off";
|
||||
}
|
||||
];
|
||||
action = [
|
||||
{ service = "timer.cancel";
|
||||
data.entity_id = "timer.zigbee_permit_join";
|
||||
}
|
||||
{ service = "switch.turn_off";
|
||||
entity_id = "switch.zigbee2mqtt_join";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
#input_select.zigbee2mqtt_log_level = {
|
||||
# name = "Zigbee2mqtt Log Level";
|
||||
# options = [
|
||||
# "debug"
|
||||
# "info"
|
||||
# "warn"
|
||||
# "error"
|
||||
# ];
|
||||
# initial = "info";
|
||||
# icon = "mdi:format-list-bulleted";
|
||||
#};
|
||||
|
||||
timer.zigbee_permit_join = {
|
||||
name = "Zigbee Time remaining";
|
||||
duration = 120;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
48
lass/2configs/mail/internet-gateway.nix
Normal file
48
lass/2configs/mail/internet-gateway.nix
Normal file
@ -0,0 +1,48 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
security.acme.certs."mail.lassul.us" = {
|
||||
group = "lasscert";
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
};
|
||||
users.groups.lasscert.members = [
|
||||
"exim"
|
||||
"nginx"
|
||||
];
|
||||
|
||||
krebs.exim-smarthost = {
|
||||
enable = true;
|
||||
primary_hostname = "lassul.us";
|
||||
dkim = [
|
||||
{ domain = "lassul.us"; }
|
||||
];
|
||||
ssl_cert = "/var/lib/acme/mail.lassul.us/fullchain.pem";
|
||||
ssl_key = "/var/lib/acme/mail.lassul.us/key.pem";
|
||||
local_domains = [
|
||||
"localhost"
|
||||
"lassul.us"
|
||||
"ubikmedia.eu"
|
||||
"ubikmedia.de"
|
||||
"apanowicz.de"
|
||||
"alewis.de"
|
||||
"jarugadesign.de"
|
||||
"beesmooth.ch"
|
||||
"event-extra.de"
|
||||
"jla-trading.com"
|
||||
];
|
||||
extraRouters = ''
|
||||
forward_lassul_us:
|
||||
driver = manualroute
|
||||
domains = lassul.us
|
||||
transport = remote_smtp
|
||||
route_list = * orange.r
|
||||
no_more
|
||||
|
||||
forward_ubik:
|
||||
driver = manualroute
|
||||
domains = ubikmedia.eu:ubikmedia.de:apanowicz.de:alewis.de:jarugadesign.de:beesmooth.ch:event-extra.de:jla-trading.com
|
||||
transport = remote_smtp
|
||||
route_list = * ubik.r
|
||||
no_more
|
||||
'';
|
||||
};
|
||||
}
|
208
lass/2configs/monitoring/alert-rules.nix
Normal file
208
lass/2configs/monitoring/alert-rules.nix
Normal file
@ -0,0 +1,208 @@
|
||||
# inspiration from https://github.com/Mic92/dotfiles/blob/master/nixos/eva/modules/prometheus/alert-rules.nix
|
||||
{ lib }:
|
||||
|
||||
lib.mapAttrsToList
|
||||
(name: opts: {
|
||||
alert = name;
|
||||
expr = opts.condition;
|
||||
for = opts.time or "2m";
|
||||
labels = { };
|
||||
annotations.description = opts.description;
|
||||
})
|
||||
({
|
||||
prometheus_too_many_restarts = {
|
||||
condition = ''changes(process_start_time_seconds{job=~"prometheus|pushgateway|alertmanager|telegraf"}[15m]) > 2'';
|
||||
description = "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping.";
|
||||
};
|
||||
|
||||
alert_manager_config_not_synced = {
|
||||
condition = ''count(count_values("config_hash", alertmanager_config_hash)) > 1'';
|
||||
description = "Configurations of AlertManager cluster instances are out of sync.";
|
||||
};
|
||||
|
||||
prometheus_not_connected_to_alertmanager = {
|
||||
condition = "prometheus_notifications_alertmanagers_discovered < 1";
|
||||
description = "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}\n LABELS = {{ $labels }}";
|
||||
};
|
||||
|
||||
prometheus_rule_evaluation_failures = {
|
||||
condition = "increase(prometheus_rule_evaluation_failures_total[3m]) > 0";
|
||||
description = "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}";
|
||||
};
|
||||
|
||||
prometheus_template_expansion_failures = {
|
||||
condition = "increase(prometheus_template_text_expansion_failures_total[3m]) > 0";
|
||||
time = "0m";
|
||||
description = "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}";
|
||||
};
|
||||
|
||||
promtail_request_errors = {
|
||||
condition = ''100 * sum(rate(promtail_request_duration_seconds_count{status_code=~"5..|failed"}[1m])) by (namespace, job, route, instance) / sum(rate(promtail_request_duration_seconds_count[1m])) by (namespace, job, route, instance) > 10'';
|
||||
time = "15m";
|
||||
description = ''{{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}% errors.'';
|
||||
};
|
||||
|
||||
promtail_file_lagging = {
|
||||
condition = ''abs(promtail_file_bytes_total - promtail_read_bytes_total) > 1e6'';
|
||||
time = "15m";
|
||||
description = ''{{ $labels.instance }} {{ $labels.job }} {{ $labels.path }} has been lagging by more than 1MB for more than 15m.'';
|
||||
};
|
||||
|
||||
filesystem_full_80percent = {
|
||||
condition = ''disk_used_percent{mode!="ro"} >= 95'';
|
||||
time = "10m";
|
||||
description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 20% space left on its filesystem.";
|
||||
};
|
||||
|
||||
filesystem_full_krebs = {
|
||||
condition = ''disk_used_percent{mode!="ro", org="krebs"} >= 95'';
|
||||
time = "10m";
|
||||
description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 5% space left on its filesystem.";
|
||||
};
|
||||
|
||||
filesystem_inodes_full = {
|
||||
condition = ''disk_inodes_free / disk_inodes_total < 0.10'';
|
||||
time = "10m";
|
||||
description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 10% inodes left on its filesystem.";
|
||||
};
|
||||
|
||||
daily_task_not_run = {
|
||||
# give 6 hours grace period
|
||||
condition = ''time() - task_last_run{state="ok",frequency="daily"} > (24 + 6) * 60 * 60'';
|
||||
description = "{{$labels.host}}: {{$labels.name}} was not run in the last 24h";
|
||||
};
|
||||
|
||||
daily_task_failed = {
|
||||
condition = ''task_last_run{state="fail"}'';
|
||||
description = "{{$labels.host}}: {{$labels.name}} failed to run";
|
||||
};
|
||||
|
||||
swap_using_30percent = {
|
||||
condition = "mem_swap_total - (mem_swap_cached + mem_swap_free) > mem_swap_total * 0.3";
|
||||
time = "30m";
|
||||
description = "{{$labels.host}} is using 30% of its swap space for at least 30 minutes.";
|
||||
};
|
||||
|
||||
systemd_service_failed = {
|
||||
condition = ''systemd_units_active_code{name!~"nixpkgs-update-.*.service"} == 3'';
|
||||
description = "{{$labels.host}} failed to (re)start service {{$labels.name}}.";
|
||||
};
|
||||
|
||||
service_not_running = {
|
||||
condition = ''systemd_units_active_code{name=~"teamspeak3-server.service|tt-rss.service", sub!="running"}'';
|
||||
description = "{{$labels.host}} should have a running {{$labels.name}}.";
|
||||
};
|
||||
|
||||
nfs_export_not_present = {
|
||||
condition = "nfs_export_present == 0";
|
||||
time = "1h";
|
||||
description = "{{$labels.host}} cannot reach nfs export [{{$labels.server}}]:{{$labels.path}}";
|
||||
};
|
||||
|
||||
ram_using_90percent = {
|
||||
condition = "mem_buffered + mem_free + mem_cached < mem_total * 0.1";
|
||||
time = "1h";
|
||||
description = "{{$labels.host}} is using at least 90% of its RAM for at least 1 hour.";
|
||||
};
|
||||
load15 = {
|
||||
condition = ''system_load15 / system_n_cpus{org!="nix-community"} >= 2.0'';
|
||||
time = "10m";
|
||||
description = "{{$labels.host}} is running with load15 > 1 for at least 5 minutes: {{$value}}";
|
||||
};
|
||||
reboot = {
|
||||
condition = "system_uptime < 300";
|
||||
description = "{{$labels.host}} just rebooted.";
|
||||
};
|
||||
uptime = {
|
||||
# too scared to upgrade matchbox
|
||||
condition = ''system_uptime {host!~"^(matchbox|grandalf)$"} > 2592000'';
|
||||
description = "Uptime monster: {{$labels.host}} has been up for more than 30 days.";
|
||||
};
|
||||
telegraf_down = {
|
||||
condition = ''min(up{job=~"telegraf",type!='mobile'}) by (source, job, instance, org) == 0'';
|
||||
time = "3m";
|
||||
description = "{{$labels.instance}}: {{$labels.job}} telegraf exporter from {{$labels.source}} is down.";
|
||||
};
|
||||
ping = {
|
||||
condition = "ping_result_code{type!='mobile'} != 0";
|
||||
description = "{{$labels.url}}: ping from {{$labels.instance}} has failed!";
|
||||
};
|
||||
ping_high_latency = {
|
||||
condition = "ping_average_response_ms{type!='mobile'} > 5000";
|
||||
description = "{{$labels.instance}}: ping probe from {{$labels.source}} is encountering high latency!";
|
||||
};
|
||||
http = {
|
||||
condition = "http_response_result_code != 0";
|
||||
description = "{{$labels.server}} : http request failed from {{$labels.instance}}: {{$labels.result}}!";
|
||||
};
|
||||
http_match_failed = {
|
||||
condition = "http_response_response_string_match == 0";
|
||||
description = "{{$labels.server}} : http body not as expected; status code: {{$labels.status_code}}!";
|
||||
};
|
||||
dns_query = {
|
||||
condition = "dns_query_result_code != 0";
|
||||
description = "{{$labels.domain}} : could retrieve A record {{$labels.instance}} from server {{$labels.server}}: {{$labels.result}}!";
|
||||
};
|
||||
secure_dns_query = {
|
||||
condition = "secure_dns_state != 0";
|
||||
description = "{{$labels.domain}} : could retrieve A record {{$labels.instance}} from server {{$labels.server}}: {{$labels.result}} for protocol {{$labels.protocol}}!";
|
||||
};
|
||||
connection_failed = {
|
||||
condition = "net_response_result_code != 0";
|
||||
description = "{{$labels.server}}: connection to {{$labels.port}}({{$labels.protocol}}) failed from {{$labels.instance}}";
|
||||
};
|
||||
healthchecks = {
|
||||
condition = "hc_check_up == 0";
|
||||
description = "{{$labels.instance}}: healtcheck {{$labels.job}} fails!";
|
||||
};
|
||||
cert_expiry = {
|
||||
condition = "x509_cert_expiry < 7*24*3600";
|
||||
description = "{{$labels.instance}}: The TLS certificate from {{$labels.source}} will expire in less than 7 days: {{$value}}s";
|
||||
};
|
||||
|
||||
postfix_queue_length = {
|
||||
condition = "avg_over_time(postfix_queue_length[1h]) > 10";
|
||||
description = "{{$labels.instance}}: postfix mail queue has undelivered {{$value}} items";
|
||||
};
|
||||
|
||||
zfs_errors = {
|
||||
condition = "zfs_arcstats_l2_io_error + zfs_dmu_tx_error + zfs_arcstats_l2_writes_error > 0";
|
||||
description = "{{$labels.instance}} reports: {{$value}} ZFS IO errors.";
|
||||
};
|
||||
|
||||
# ignore devices that disabled S.M.A.R.T (example if attached via USB)
|
||||
smart_errors = {
|
||||
condition = ''smart_device_health_ok{enabled!="Disabled"} != 1'';
|
||||
description = "{{$labels.instance}}: S.M.A.R.T reports: {{$labels.device}} ({{$labels.model}}) has errors.";
|
||||
};
|
||||
|
||||
oom_kills = {
|
||||
condition = "increase(kernel_vmstat_oom_kill[5m]) > 0";
|
||||
description = "{{$labels.instance}}: OOM kill detected";
|
||||
};
|
||||
|
||||
unusual_disk_read_latency = {
|
||||
condition = "rate(diskio_read_time[1m]) / rate(diskio_reads[1m]) > 0.1 and rate(diskio_reads[1m]) > 0";
|
||||
description = "{{$labels.instance}}: Disk latency is growing (read operations > 100ms)\n";
|
||||
};
|
||||
|
||||
unusual_disk_write_latency = {
|
||||
condition = "rate(diskio_write_time[1m]) / rate(diskio_write[1m]) > 0.1 and rate(diskio_write[1m]) > 0";
|
||||
description = "{{$labels.instance}}: Disk latency is growing (write operations > 100ms)\n";
|
||||
};
|
||||
|
||||
host_memory_under_memory_pressure = {
|
||||
condition = "rate(node_vmstat_pgmajfault[1m]) > 1000";
|
||||
description = "{{$labels.instance}}: The node is under heavy memory pressure. High rate of major page faults: {{$value}}";
|
||||
};
|
||||
|
||||
ext4_errors = {
|
||||
condition = "ext4_errors_value > 0";
|
||||
description = "{{$labels.instance}}: ext4 has reported {{$value}} I/O errors: check /sys/fs/ext4/*/errors_count";
|
||||
};
|
||||
|
||||
alerts_silences_changed = {
|
||||
condition = ''abs(delta(alertmanager_silences{state="active"}[1h])) >= 1'';
|
||||
description = "alertmanager: number of active silences has changed: {{$value}}";
|
||||
};
|
||||
})
|
110
lass/2configs/monitoring/prometheus.nix
Normal file
110
lass/2configs/monitoring/prometheus.nix
Normal file
@ -0,0 +1,110 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
#prometheus
|
||||
krebs.iptables = {
|
||||
enable = true;
|
||||
tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } # nginx
|
||||
# { predicate = "-i retiolum -p tcp --dport 3012"; target = "ACCEPT"; } # grafana
|
||||
# { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } # alertmanager
|
||||
# { predicate = "-i retiolum -p tcp --dport 9223"; target = "ACCEPT"; } # alertmanager
|
||||
];
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"prometheus.lass.r" = {
|
||||
locations."/".proxyPass = "http://localhost:9090";
|
||||
};
|
||||
"alert.lass.r" = {
|
||||
locations."/".proxyPass = "http://localhost:9093";
|
||||
};
|
||||
"grafana.lass.r" = {
|
||||
locations."/".proxyPass = "http://localhost:3012";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
addr = "0.0.0.0";
|
||||
port = 3012;
|
||||
auth.anonymous = {
|
||||
enable = true;
|
||||
org_role = "Admin";
|
||||
};
|
||||
};
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
ruleFiles = [
|
||||
(pkgs.writeText "prometheus-rules.yml" (builtins.toJSON {
|
||||
groups = [{
|
||||
name = "alerting-rules";
|
||||
rules = import ./alert-rules.nix { inherit lib; };
|
||||
}];
|
||||
}))
|
||||
];
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "telegraf";
|
||||
scrape_interval = "60s";
|
||||
metrics_path = "/metrics";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"prism.r:9273"
|
||||
"dishfire.r:9273"
|
||||
"yellow.r:9273"
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
alertmanagers = [
|
||||
{ scheme = "http";
|
||||
path_prefix = "/";
|
||||
static_configs = [ { targets = [ "localhost:9093" ]; } ];
|
||||
}
|
||||
];
|
||||
alertmanager = {
|
||||
enable = true;
|
||||
webExternalUrl = "https://alert.lass.r";
|
||||
listenAddress = "[::1]";
|
||||
configuration = {
|
||||
global = {
|
||||
# The smarthost and SMTP sender used for mail notifications.
|
||||
smtp_smarthost = "localhost:587";
|
||||
smtp_from = "alertmanager@alert.lass.r";
|
||||
# smtp_auth_username = "alertmanager@thalheim.io";
|
||||
# smtp_auth_password = "$SMTP_PASSWORD";
|
||||
};
|
||||
route = {
|
||||
receiver = "default";
|
||||
routes = [
|
||||
{
|
||||
group_by = [ "host" ];
|
||||
group_wait = "30s";
|
||||
group_interval = "2m";
|
||||
repeat_interval = "2h";
|
||||
receiver = "all";
|
||||
}
|
||||
];
|
||||
};
|
||||
receivers = [
|
||||
{
|
||||
name = "all";
|
||||
webhook_configs = [{
|
||||
url = "http://127.0.0.1:9223/";
|
||||
max_alerts = 5;
|
||||
}];
|
||||
}
|
||||
{
|
||||
name = "default";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
72
lass/2configs/monitoring/telegraf.nix
Normal file
72
lass/2configs/monitoring/telegraf.nix
Normal file
@ -0,0 +1,72 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules;
|
||||
in {
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 9273"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
systemd.services.telegraf.path = [ pkgs.nvme-cli ];
|
||||
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
agent.interval = "60s";
|
||||
inputs = {
|
||||
http_response = [
|
||||
{ urls = [
|
||||
"http://localhost:8080/about/health/"
|
||||
]; }
|
||||
];
|
||||
prometheus.metric_version = 2;
|
||||
kernel_vmstat = { };
|
||||
# smart = lib.mkIf (!isVM) {
|
||||
# path = pkgs.writeShellScript "smartctl" ''
|
||||
# exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@"
|
||||
# '';
|
||||
# };
|
||||
system = { };
|
||||
mem = { };
|
||||
file = [{
|
||||
data_format = "influx";
|
||||
file_tag = "name";
|
||||
files = [ "/var/log/telegraf/*" ];
|
||||
}] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) {
|
||||
name_override = "ext4_errors";
|
||||
files = [ "/sys/fs/ext4/*/errors_count" ];
|
||||
data_format = "value";
|
||||
};
|
||||
exec = lib.optionalAttrs (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems) {
|
||||
## Commands array
|
||||
commands = [
|
||||
(pkgs.writeScript "zpool-health" ''
|
||||
#!${pkgs.gawk}/bin/awk -f
|
||||
BEGIN {
|
||||
while ("${pkgs.zfs}/bin/zpool status" | getline) {
|
||||
if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 }
|
||||
if ($1 ~ /state:/) { printf " state=\"%s\",", $2 }
|
||||
if ($1 ~ /errors:/) {
|
||||
if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2
|
||||
}
|
||||
}
|
||||
}
|
||||
'')
|
||||
];
|
||||
data_format = "influx";
|
||||
};
|
||||
systemd_units = { };
|
||||
swap = { };
|
||||
disk.tagdrop = {
|
||||
fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ];
|
||||
device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ];
|
||||
};
|
||||
diskio = { };
|
||||
};
|
||||
outputs.prometheus_client = {
|
||||
listen = ":9273";
|
||||
metric_version = 2;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -78,7 +78,7 @@ let
|
||||
exec ${pkgs.mpv.override {
|
||||
scripts = with pkgs.mpvScripts; [
|
||||
sponsorblock
|
||||
youtube-quality
|
||||
quality-menu
|
||||
];
|
||||
}}/bin/mpv \
|
||||
--no-config \
|
||||
|
20
lass/2configs/networkd.nix
Normal file
20
lass/2configs/networkd.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;
|
||||
systemd.services.systemd-networkd.stopIfChanged = false;
|
||||
# Services that are only restarted might be not able to resolve when resolved is stopped before
|
||||
systemd.services.systemd-resolved.stopIfChanged = false;
|
||||
|
||||
networking.useNetworkd = true;
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks.wl0 = {
|
||||
matchConfig.Name = "wl0";
|
||||
DHCP = "yes";
|
||||
networkConfig = {
|
||||
IgnoreCarrierLoss = "3s";
|
||||
};
|
||||
dhcpV4Config.UseDNS = true;
|
||||
};
|
||||
};
|
||||
}
|
@ -7,5 +7,15 @@
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
locations = config.services.nginx.virtualHosts.cgit.locations;
|
||||
extraConfig = ''
|
||||
client_max_body_size 300M;
|
||||
client_body_timeout 2024;
|
||||
client_header_timeout 2024;
|
||||
|
||||
fastcgi_buffers 16 512k;
|
||||
fastcgi_buffer_size 512k;
|
||||
fastcgi_read_timeout 500;
|
||||
fastcgi_send_timeout 500;
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
@ -9,5 +9,15 @@
|
||||
proxyWebsockets = true;
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
extraConfig = ''
|
||||
client_max_body_size 300M;
|
||||
client_body_timeout 2024;
|
||||
client_header_timeout 2024;
|
||||
|
||||
fastcgi_buffers 16 512k;
|
||||
fastcgi_buffer_size 512k;
|
||||
fastcgi_read_timeout 500;
|
||||
fastcgi_send_timeout 500;
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
@ -169,6 +169,7 @@ in {
|
||||
|
||||
# allow reaktor2 to modify files
|
||||
systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = lib.mkForce false;
|
||||
systemd.services."reaktor2-the_playlist".serviceConfig.Group = lib.mkForce "radio";
|
||||
|
||||
krebs.reaktor2.the_playlist = {
|
||||
hostname = "irc.hackint.org";
|
||||
|
@ -1,7 +1,7 @@
|
||||
{
|
||||
services.syncthing.folders.decsync = {
|
||||
path = "/home/lass/decsync";
|
||||
devices = [ "mors" "blue" "green" "phone" ];
|
||||
devices = [ "mors" "blue" "green" "phone" "massulus" ];
|
||||
};
|
||||
|
||||
krebs.acl."/home/lass/decsync"."u:syncthing:X".parents = true;
|
||||
|
@ -1,6 +1,13 @@
|
||||
{
|
||||
services.syncthing.folders."/home/lass/sync" = {
|
||||
devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" "coaxmetal" ];
|
||||
devices = [
|
||||
"mors"
|
||||
"xerxes"
|
||||
"green"
|
||||
"blue"
|
||||
"coaxmetal"
|
||||
"aergia"
|
||||
];
|
||||
};
|
||||
krebs.acl."/home/lass/sync"."u:syncthing:X".parents = true;
|
||||
krebs.acl."/home/lass/sync"."u:syncthing:rwX" = {};
|
||||
|
@ -4,6 +4,7 @@ with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
@ -96,6 +96,7 @@ in {
|
||||
file_uploads = on
|
||||
'';
|
||||
|
||||
systemd.services.nextcloud-setup.after = [ "secret-nextcloud_pw.service" ];
|
||||
krebs.secret.files.nextcloud_pw = {
|
||||
path = "/run/nextcloud.pw";
|
||||
owner.name = "nextcloud";
|
||||
@ -121,18 +122,17 @@ in {
|
||||
# MAIL STUFF
|
||||
# TODO: make into its own module
|
||||
|
||||
# workaround for android 7
|
||||
security.acme.certs."lassul.us".keyType = "rsa4096";
|
||||
|
||||
services.roundcube = {
|
||||
enable = true;
|
||||
hostName = "mail.lassul.us";
|
||||
extraConfig = ''
|
||||
$config['smtp_port'] = 25;
|
||||
$config['smtp_debug'] = true;
|
||||
$config['smtp_host'] = "localhost:25";
|
||||
'';
|
||||
};
|
||||
services.dovecot2 = {
|
||||
enable = true;
|
||||
showPAMFailure = true;
|
||||
mailLocation = "maildir:~/Mail";
|
||||
sslServerCert = "/var/lib/acme/lassul.us/fullchain.pem";
|
||||
sslServerKey = "/var/lib/acme/lassul.us/key.pem";
|
||||
@ -142,6 +142,17 @@ in {
|
||||
{ predicate = "-p tcp --dport imaps"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.writers.writeDashBin "debug_exim" ''
|
||||
set -ef
|
||||
export PATH="${lib.makeBinPath [ pkgs.coreutils ]}"
|
||||
echo "$@" >> /tmp/xxx
|
||||
/run/wrappers/bin/shadow_verify_arg "${config.lass.usershadow.pattern}" "$2" "$3" 2>>/tmp/xxx1
|
||||
echo "ok" >> /tmp/yyy
|
||||
exit 23
|
||||
'')
|
||||
];
|
||||
|
||||
krebs.exim-smarthost = {
|
||||
authenticators.PLAIN = ''
|
||||
driver = plaintext
|
||||
@ -153,6 +164,7 @@ in {
|
||||
public_name = LOGIN
|
||||
server_prompts = "Username:: : Password::"
|
||||
server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
|
||||
# server_condition = ''${run{/run/current-system/sw/bin/debug_exim ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
|
||||
'';
|
||||
internet-aliases = [
|
||||
{ from = "dma@ubikmedia.de"; to = "domsen"; }
|
||||
@ -180,14 +192,13 @@ in {
|
||||
"alewis.de"
|
||||
"jarugadesign.de"
|
||||
"beesmooth.ch"
|
||||
"event-extra.de"
|
||||
];
|
||||
dkim = [
|
||||
{ domain = "ubikmedia.eu"; }
|
||||
{ domain = "apanowicz.de"; }
|
||||
{ domain = "beesmooth.ch"; }
|
||||
];
|
||||
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
|
||||
ssl_key = "/var/lib/acme/lassul.us/key.pem";
|
||||
};
|
||||
|
||||
users.users.UBIK-SFTP = {
|
||||
|
@ -9,8 +9,6 @@ let
|
||||
in {
|
||||
imports = [
|
||||
./default.nix
|
||||
../git.nix
|
||||
./ref.ptkk.de
|
||||
];
|
||||
|
||||
security.acme = {
|
||||
@ -66,23 +64,11 @@ in {
|
||||
locations."= /gpg.pub".extraConfig = ''
|
||||
alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pgp.pubkeys.default};
|
||||
'';
|
||||
};
|
||||
|
||||
security.acme.certs."cgit.lassul.us" = {
|
||||
email = "lassulus@lassul.us";
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
group = "nginx";
|
||||
};
|
||||
|
||||
|
||||
services.nginx.virtualHosts.cgit = {
|
||||
serverName = "cgit.lassul.us";
|
||||
addSSL = true;
|
||||
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
|
||||
locations."/.well-known/acme-challenge".extraConfig = ''
|
||||
root /var/lib/acme/acme-challenge;
|
||||
locations."= /ip".extraConfig = ''
|
||||
return 200 '$remote_addr';
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
@ -34,6 +34,18 @@ in {
|
||||
net {
|
||||
protocol a;
|
||||
ping-int 10;
|
||||
csums-alg crc32c;
|
||||
connect-int 3;
|
||||
after-sb-0pri discard-older-primary;
|
||||
after-sb-1pri discard-secondary;
|
||||
|
||||
# seems to be drbd-proxy premium feature
|
||||
on-congestion pull-ahead;
|
||||
congestion-fill 1G;
|
||||
congestion-extents 500;
|
||||
|
||||
sndbuf-size 10M;
|
||||
max-epoch-size 20000;
|
||||
}
|
||||
device minor ${toString config.blockMinor};
|
||||
disk ${config.disk};
|
||||
|
@ -1,6 +1,10 @@
|
||||
{ pkgs, ... }:
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
pkgs.writeDashBin "nm-dmenu" ''
|
||||
export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
|
||||
export PATH=$PATH:${lib.makeBinPath [
|
||||
pkgs.dmenu
|
||||
pkgs.networkmanagerapplet
|
||||
pkgs.procps
|
||||
]}
|
||||
exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
|
||||
''
|
||||
|
@ -1,10 +1,11 @@
|
||||
{ pkgs }:
|
||||
pkgs.writeDashBin "otpmenu" ''
|
||||
pkgs.writers.writeDashBin "otpmenu" ''
|
||||
set -efux
|
||||
x=$(${pkgs.pass}/bin/pass git ls-files '*/otp.gpg' \
|
||||
| ${pkgs.gnused}/bin/sed 's:/otp\.gpg$::' \
|
||||
| ${pkgs.dmenu}/bin/dmenu
|
||||
)
|
||||
|
||||
otp=$(${(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))}/bin/pass otp code "$x/otp")
|
||||
printf %s "$otp" | ${pkgs.xdotool}/bin/xdotool type -f -
|
||||
printf %s "$otp" | ${pkgs.wtype}/bin/wtype -s 1 - || printf %s "$otp" | ${pkgs.xdotool}/bin/xdotool type -f -
|
||||
''
|
||||
|
@ -62,6 +62,7 @@
|
||||
ᕦ(ò_óˇ)ᕤ strong flex muscle bicep
|
||||
(๑>ᴗ<๑) excite
|
||||
(∩ ` -´)⊃━━☆゚.*・。゚ wizard spell magic
|
||||
╰( ͡° ͜ʖ ͡° )つ──☆*:・゚ wizard spell magic
|
||||
◕ ◡ ◕ puss in boots big eye
|
||||
≋≋≋≋≋̯̫⌧̯̫(ˆ•̮ ̮•ˆ) nyan cat
|
||||
ʕ•ᴥ•ʔ bear
|
||||
@ -71,6 +72,15 @@
|
||||
\(º □ º )/ panic
|
||||
𓂺 penis
|
||||
𓂸 penis
|
||||
__〆( ̄ー ̄ ) write down
|
||||
__〆(º □ º) write down
|
||||
__〆(^_^) write down
|
||||
C= C= C= C= C=┌(;・ω・)┘ running fast here
|
||||
▓▒░(°◡°)░▒▓ dont care
|
||||
(๑ᵔ⤙ᵔ๑) nom food eating
|
||||
(·•᷄ࡇ •᷅ ) ohoh sad
|
||||
ᕕ( ᐛ )ᕗ hehe lol letsgo
|
||||
(^_~) wink
|
||||
'';
|
||||
in
|
||||
# ref https://github.com/LukeSmithxyz/voidrice/blob/9fe6802122f6e0392c7fe20eefd30437771d7f8e/.local/bin/dmenuunicode
|
||||
|
@ -27,7 +27,7 @@
|
||||
'';
|
||||
} else {
|
||||
git = {
|
||||
ref = (lib.importJSON ../krebs/nixpkgs.json).rev;
|
||||
ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
shallow = true;
|
||||
};
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit df3a607ad7ee431f4831a51af2c464aa8a8813f4
|
||||
Subproject commit 7b186e0f812a7c54a1fa86b8f7c0f01afecc69c2
|
Loading…
Reference in New Issue
Block a user