Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2018-11-10 19:52:37 +01:00
commit 5ea1c2fcbb
107 changed files with 1576 additions and 2430 deletions

View File

@ -10,7 +10,6 @@
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix>

View File

@ -5,7 +5,7 @@
6667 6669
];
services.charybdis = {
krebs.charybdis = {
enable = true;
motd = ''
hello

View File

@ -0,0 +1,110 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkEnableOption mkIf mkOption singleton types;
inherit (pkgs) coreutils charybdis;
cfg = config.krebs.charybdis;
configFile = pkgs.writeText "charybdis.conf" ''
${cfg.config}
'';
in
{
###### interface
options = {
krebs.charybdis = {
enable = mkEnableOption "Charybdis IRC daemon";
config = mkOption {
type = types.string;
description = ''
Charybdis IRC daemon configuration file.
'';
};
statedir = mkOption {
type = types.string;
default = "/var/lib/charybdis";
description = ''
Location of the state directory of charybdis.
'';
};
user = mkOption {
type = types.string;
default = "ircd";
description = ''
Charybdis IRC daemon user.
'';
};
group = mkOption {
type = types.string;
default = "ircd";
description = ''
Charybdis IRC daemon group.
'';
};
motd = mkOption {
type = types.nullOr types.lines;
default = null;
description = ''
Charybdis MOTD text.
Charybdis will read its MOTD from /etc/charybdis/ircd.motd .
If set, the value of this option will be written to this path.
'';
};
};
};
###### implementation
config = mkIf cfg.enable (lib.mkMerge [
{
users.users = singleton {
name = cfg.user;
description = "Charybdis IRC daemon user";
uid = config.ids.uids.ircd;
group = cfg.group;
};
users.groups = singleton {
name = cfg.group;
gid = config.ids.gids.ircd;
};
systemd.services.charybdis = {
description = "Charybdis IRC daemon";
wantedBy = [ "multi-user.target" ];
environment = {
BANDB_DBPATH = "${cfg.statedir}/ban.db";
};
serviceConfig = {
ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}";
Group = cfg.group;
User = cfg.user;
PermissionsStartOnly = true; # preStart needs to run with root permissions
};
preStart = ''
${coreutils}/bin/mkdir -p ${cfg.statedir}
${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir}
'';
};
}
(mkIf (cfg.motd != null) {
environment.etc."charybdis/ircd.motd".text = cfg.motd;
})
]);
}

View File

@ -14,6 +14,7 @@ let
./buildbot/master.nix
./buildbot/slave.nix
./build.nix
./charybdis.nix
./ci.nix
./current.nix
./exim.nix
@ -111,7 +112,6 @@ let
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
{ krebs = import ./nin { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
{
krebs.dns.providers = {

View File

@ -38,7 +38,7 @@ with import <stockholm/lib>;
};
nets = rec {
internet = {
ip4.addr = "46.4.114.247";
ip4.addr = "95.216.1.150";
aliases = [
"prism.i"
"paste.i"
@ -87,6 +87,46 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
};
archprism = {
cores = 1;
nets = rec {
internet = {
ip4.addr = "46.4.114.247";
aliases = [
"archprism.i"
];
ssh.port = 45621;
};
retiolum = {
via = internet;
ip4.addr = "10.243.0.123";
ip6.addr = "42:0:0:0:0:0:0:123";
aliases = [
"archprism.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6dK0jsPSb7kWMGjfyWbG
wQYYt8vi5pY/1/Ohk0iy84+mfb1SCJdm5IOC4WXgHtmfd468OluUpU5etAu13D3n
f0iDeCuohH0uTjP+EojnKrAXYTiTRpySqXjVmhaWwFyMAACFdzKFb9cgMoByrP0U
5qruBcupK8Zwxt+Pe8IadRpPuOmz/bMYS7r+NKwybttoIX+YVm4myNzqdtMT77+H
BYR2mzW99T5YI54YZoCe0+XiIEQsosd6IL/9dP0+6vku6nHLD4qb81Q9AgaT+hte
s/ivHL+Fe2GULEQUi8aoEfXrPwnGFVY+QYxLw2G9A0Gfe9KnYBXDn99HXUGcFu2l
x7duN6mnT3WNC6VReh9m5+rPMnih/3l82W0tH1lBWUtdKcxx6yhkyUFgKOvkm4UP
gf1+EIpxf+bM7jlWylKGc+bD+dTMFV+tzHE6qHlcnzdZQrhYd0zjOXGnm4Kl1ec5
GSlpmqTcjgR+42l6frAENo3fndqYw1WkDtswImDz3Wjuco7BiOULHTJvQN+Ao1DI
l2MQDOWJoN4eYIE4XPqLSvdOSavHQB2WGv+dFDDpWOxnDLNi19aubtynIfpGJXxV
L8s9kUTG00Hdv08BG06hGt0+2Sy1PTVniDcTftHKmEOPS6Y5rJzQih7JdakSUQCc
6j/HwgWTf85Io/tbVMTNtkECAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
};
domsen-nas = {
ci = false;
monitoring = false;
@ -338,6 +378,35 @@ with import <stockholm/lib>;
};
};
};
kruck = {
monitoring = false;
ci = false;
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
ip6.addr = "42:4234:6a6d:600::1";
aliases = [
"kruck.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
turingmachine = {
monitoring = false;
ci = false;

View File

@ -494,6 +494,8 @@ in {
ip6.addr = "42:f9f0::10";
aliases = [
"omo.r"
"dcpp.omo.r"
"torrent.omo.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -554,7 +556,7 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
};
nextgum = rec {
gum = rec {
ci = true;
extraZones = {
"krebsco.de" = ''
@ -563,6 +565,23 @@ in {
graph IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
iso.euer IN A ${nets.internet.ip4.addr}
wg.euer IN A ${nets.internet.ip4.addr}
photostore IN A ${nets.internet.ip4.addr}
o.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
pigstarter IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${nets.internet.ip4.addr}
git.euer IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
share.euer IN A ${nets.internet.ip4.addr}
gum IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
dl.euer IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
io IN NS gum.krebsco.de.
'';
};
cores = 8;
@ -571,6 +590,7 @@ in {
ip4.addr = "144.76.26.247";
ip6.addr = "2a01:4f8:191:12f6::2";
aliases = [
"gum.i"
"nextgum.i"
];
};
@ -594,6 +614,16 @@ in {
"stats.makefu.r"
"backup.makefu.r"
"dcpp.nextgum.r"
"gum.r"
"cgit.gum.r"
"o.gum.r"
"tracker.makefu.r"
"search.makefu.r"
"wiki.makefu.r"
"wiki.gum.r"
"blog.makefu.r"
"blog.gum.r"
"dcpp.gum.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -610,72 +640,6 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
gum = rec {
ci = true;
cores = 2;
extraZones = {
"krebsco.de" = ''
share.euer IN A ${nets.internet.ip4.addr}
mattermost.euer IN A ${nets.internet.ip4.addr}
gum IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
pigstarter IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
o.euer IN A ${nets.internet.ip4.addr}
git.euer IN A ${nets.internet.ip4.addr}
dl.euer IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
photostore IN A ${nets.internet.ip4.addr}
io IN NS gum.krebsco.de.
'';
};
nets = rec {
internet = {
ip4.addr = "185.194.143.140";
ip6.addr = "2a03:4000:1c:43f::1";
aliases = [
"gum.i"
];
};
retiolum = {
via = internet;
ip4.addr = "10.243.0.211";
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
aliases = [
"gum.r"
"cgit.gum.r"
"o.gum.r"
"tracker.makefu.r"
"search.makefu.r"
"wiki.makefu.r"
"wiki.gum.r"
"blog.makefu.r"
"blog.gum.r"
"dcpp.gum.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
# configured manually
# ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
shoney = rec {
ci = true;
cores = 1;

View File

@ -1,111 +0,0 @@
{ config, ... }:
with import <stockholm/lib>;
{
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.nin;
ci = true;
}) {
hiawatha = {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.132.96";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
aliases = [
"hiawatha.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
};
axon= {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.134.66";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
aliases = [
"axon.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
/F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
};
onondaga = {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.132.55";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
aliases = [
"onondaga.r"
"cgit.onondaga.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
};
};
users = {
nin = {
mail = "nin@axon.r";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
};
nin_h = {
mail = "nin@hiawatha.r";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
};
};
}

View File

@ -5,8 +5,8 @@ stdenv.mkDerivation {
src = fetchgit {
url = https://github.com/Lassulus/realwallpaper;
rev = "e0563289c2ab592b669ce4549fc40130246e9d79";
sha256 = "1zgk8ips2d686216h203w62wrw7zy9z0lrndx9f8z6f1vpvjcmqc";
rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0";
sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr";
};
phases = [

View File

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "81f5c2698a87c65b4970c69d472960c574ea0db4",
"date": "2018-10-17T20:48:45-04:00",
"sha256": "0p4x9532d3qlbykyyq8zk62k8py9mxd1s7zgbv54zmv597rs5y35",
"rev": "bf7930d582bcf7953c3b87e649858f3f1873eb9c",
"date": "2018-11-04T19:36:25+01:00",
"sha256": "0nvn6g0pxp0glqjg985qxs7ash0cmcdc80h8jxxk6z4pnr3f2n1m",
"fetchSubmodules": false
}

View File

@ -0,0 +1,356 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/libvirt.nix>
{
services.nginx.enable = true;
imports = [
<stockholm/lass/2configs/websites/domsen.nix>
<stockholm/lass/2configs/websites/lassulus.nix>
];
# needed by domsen.nix ^^
lass.usershadow = {
enable = true;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
{ # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
uid = genid "riot";
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
];
};
# TODO write function for proxy_pass (ssl/nonssl)
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
];
}
{
users.users.tv = {
uid = genid "tv";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
};
users.users.makefu = {
uid = genid "makefu";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey
];
};
users.users.nin = {
uid = genid "nin";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
};
users.extraUsers.dritter = {
uid = genid "dritter";
isNormalUser = true;
extraGroups = [
"download"
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
];
};
users.extraUsers.juhulian = {
uid = 1339;
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
];
};
users.users.hellrazor = {
uid = genid "hellrazor";
isNormalUser = true;
extraGroups = [
"download"
];
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
};
}
{
#hotdog
systemd.services."container@hotdog".reloadIfChanged = mkForce false;
containers.hotdog = {
config = { ... }: {
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.1";
localAddress = "10.233.2.2";
};
}
{
#onondaga
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
containers.onondaga = {
config = { ... }: {
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.nin.pubkey
];
};
autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.5";
localAddress = "10.233.2.6";
};
}
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
<stockholm/lass/2configs/iodined.nix>
<stockholm/lass/2configs/paste.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
{ # quasi bepasty.nix
imports = [
<stockholm/lass/2configs/bepasty.nix>
];
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
return 403;
}
'';
}
{
services.tor = {
enable = true;
};
}
{
lass.ejabberd = {
enable = true;
hosts = [ "lassul.us" ];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
];
}
{
imports = [
<stockholm/lass/2configs/realwallpaper.nix>
];
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
alias /var/realwallpaper/realwallpaper.png;
'';
}
{
users.users.jeschli = {
uid = genid "jeschli";
isNormalUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey
jeschli-bln.pubkey
jeschli-bolide.pubkey
jeschli-brauerei.pubkey
];
};
krebs.git.rules = [
{
user = with config.krebs.users; [
jeschli
jeschli-bln
jeschli-bolide
jeschli-brauerei
];
repo = [ config.krebs.git.repos.xmonad-stockholm ];
perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ];
}
{
user = with config.krebs.users; [
jeschli
jeschli-bln
jeschli-bolide
jeschli-brauerei
];
repo = [ config.krebs.git.repos.stockholm ];
perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ];
}
];
}
{
krebs.repo-sync.repos.stockholm.timerConfig = {
OnBootSec = "5min";
OnUnitInactiveSec = "2min";
RandomizedDelaySec = "2min";
};
}
<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
{
services.taskserver = {
enable = true;
fqdn = "lassul.us";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "lass" "android" ];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
];
}
#<stockholm/lass/2configs/go.nix>
{
environment.systemPackages = [ pkgs.cryptsetup ];
systemd.services."container@red".reloadIfChanged = mkForce false;
containers.red = {
config = { ... }: {
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.3";
localAddress = "10.233.2.4";
};
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
extraConfig = ''
proxy_set_header Host rote-allez-fraktion.de;
proxy_pass http://10.233.2.4;
'';
};
};
}
#{
# imports = [ <stockholm/lass/2configs/backup.nix> ];
# lass.restic = genAttrs [
# "daedalus"
# "icarus"
# "littleT"
# "mors"
# "shodan"
# "skynet"
# ] (dest: {
# dirs = [
# "/home/chat/.weechat"
# "/bku/sql_dumps"
# ];
# passwordFile = (toString <secrets>) + "/restic/${dest}";
# repo = "sftp:backup@${dest}.r:/backups/prism";
# extraArguments = [
# "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
# ];
# timerConfig = {
# OnCalendar = "00:05";
# RandomizedDelaySec = "5h";
# };
# });
#}
{
users.users.download.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
];
}
{
}
{
lass.nichtparasoup.enable = true;
services.nginx = {
enable = true;
virtualHosts."lol.lassul.us" = {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:5001;
'';
};
};
}
{
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
];
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.1.1/24" ];
listenPort = 51820;
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
peers = [
{
# lass-android
allowedIPs = [ "10.244.1.2/32" ];
publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
}
];
};
}
{
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
{
services.murmur.enable = true;
services.murmur.registerName = "lassul.us";
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
];
}
];
krebs.build.host = config.krebs.hosts.archprism;
services.earlyoom = {
enable = true;
freeMemThreshold = 5;
};
}

View File

@ -0,0 +1,77 @@
{ config, lib, pkgs, ... }:
{
imports = [
./config.nix
{
boot.kernelParams = [ "net.ifnames=0" ];
networking = {
defaultGateway = "46.4.114.225";
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
interfaces.eth0 = {
ipAddress = "46.4.114.247";
prefixLength = 27;
};
};
# TODO use this network config
networking.interfaces.eth0.ipv4.addresses = [
{
address = config.krebs.build.host.nets.internet.ip4.addr;
prefixLength = 27;
}
{
address = "46.4.114.243";
prefixLength = 27;
}
];
#networking.defaultGateway = "46.4.114.225";
#networking.nameservers = [
# "8.8.8.8"
#];
#services.udev.extraRules = ''
# SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
#'';
}
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
networking.hostId = "fb4173ea";
boot.loader.grub = {
devices = [
"/dev/sda"
"/dev/sdb"
];
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
"ahci" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
sound.enable = false;
nixpkgs.config.allowUnfree = true;
time.timeZone = "Europe/Berlin";
fileSystems."/" = {
device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
fsType = "ext4";
};
}
];
}

View File

@ -57,13 +57,6 @@ with import <stockholm/lib>;
config.krebs.users.makefu.pubkey
];
};
users.users.nin = {
uid = genid "nin";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
};
users.extraUsers.dritter = {
uid = genid "dritter";
isNormalUser = true;
@ -119,7 +112,6 @@ with import <stockholm/lib>;
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.nin.pubkey
];
};
autoStart = true;
@ -349,8 +341,6 @@ with import <stockholm/lib>;
];
krebs.build.host = config.krebs.hosts.prism;
# workaround because grub store paths are broken
boot.copyKernels = true;
services.earlyoom = {
enable = true;
freeMemThreshold = 5;

View File

@ -1,77 +1,56 @@
{ config, lib, pkgs, ... }:
{
imports = [
./config.nix
{
boot.kernelParams = [ "net.ifnames=0" ];
networking = {
defaultGateway = "46.4.114.225";
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
interfaces.eth0 = {
ipAddress = "46.4.114.247";
prefixLength = 27;
};
};
# TODO use this network config
#networking.interfaces.et0.ipv4.addresses = [
# {
# address = config.krebs.build.host.nets.internet.ip4.addr;
# prefixLength = 27;
# }
# {
# address = "46.4.114.243";
# prefixLength = 27;
# }
#];
#networking.defaultGateway = "46.4.114.225";
#networking.nameservers = [
# "8.8.8.8"
#];
#services.udev.extraRules = ''
# SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
#'';
}
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
networking.hostId = "fb4173ea";
boot.loader.grub = {
devices = [
"/dev/sda"
"/dev/sdb"
];
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
"ahci" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
sound.enable = false;
nixpkgs.config.allowUnfree = true;
time.timeZone = "Europe/Berlin";
fileSystems."/" = {
device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
fsType = "ext4";
};
}
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = {
device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804";
fsType = "ext4";
};
fileSystems."/srv/http" = {
device = "tank/srv-http";
fsType = "zfs";
};
fileSystems."/var/lib/containers" = {
device = "tank/containers";
fsType = "zfs";
};
fileSystems."/home" = {
device = "tank/home";
fsType = "zfs";
};
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
boot.kernelParams = [ "net.ifnames=0" ];
networking = {
hostId = "2283aaae";
defaultGateway = "95.216.1.129";
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
interfaces.eth0 = {
ipAddress = "95.216.1.150";
prefixLength = 26;
};
};
}

View File

@ -74,7 +74,6 @@ in {
nmap
pavucontrol
powertop
push
rxvt_unicode_with-plugins
sxiv
taskwarrior

View File

@ -15,6 +15,7 @@ with (import <stockholm/lib>);
dic
nmap
git-preview
l-gen-secrets
];
services.tor.enable = true;

View File

@ -19,5 +19,9 @@ with import <stockholm/lib>;
"slash16.net"
];
};
system.activationScripts.user-shadow = ''
${pkgs.coreutils}/bin/chmod +x /home/ciko
'';
}

View File

@ -90,6 +90,7 @@ with import <stockholm/lib>;
{ from = "afra@lassul.us"; to = lass.mail; }
{ from = "ksp@lassul.us"; to = lass.mail; }
{ from = "ccc@lassul.us"; to = lass.mail; }
{ from = "neocron@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

View File

@ -75,6 +75,8 @@ in {
packages = with pkgs; [
ftb
minecraft
steam-run
dolphinEmu
];
};
};

View File

@ -21,6 +21,10 @@ let
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
];
system.activationScripts.spool-chmod = ''
${pkgs.coreutils}/bin/chmod +x /var/spool
'';
};
cgit-clear-cache = pkgs.cgit-clear-cache.override {

View File

@ -51,7 +51,7 @@ let
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
lugs = [ "to:lugs@lug-s.org" ];
nix-devel = [ "to:nix-devel@googlegroups.com" ];
nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ];
patreon = [ "to:patreon@lassul.us" ];
paypal = [ "to:paypal@lassul.us" ];
ptl = [ "to:ptl@posttenebraslab.ch" ];

View File

@ -11,7 +11,6 @@
enable = true;
dataDir = "/var/mysql";
package = pkgs.mariadb;
rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
};
systemd.services.mysql = {

View File

@ -96,9 +96,9 @@ in /* yaml */ ''
mod_privacy: {}
mod_private: {}
mod_register:
access_from: deny
access_from: allow
access: register
ip_access: trusted_network
# ip_access: trusted_network
registration_watchers: ${toJSON config.registration_watchers}
mod_roster: {}
mod_shared_roster: {}

View File

@ -8,16 +8,21 @@ in {
imports = [
<stockholm/makefu>
./hardware-config.nix
{
users.users.lass = {
uid = 9002;
isNormalUser = true;
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
makefu.pubkey
];
};
}
<stockholm/makefu/2configs/headless.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
<stockholm/makefu/2configs/backup.nix>
# <stockholm/makefu/2configs/mattermost-docker.nix>
# <stockholm/makefu/2configs/disable_v6.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
@ -26,83 +31,90 @@ in {
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/sec.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/mosh.nix>
# <stockholm/makefu/2configs/gui/xpra.nix>
# networking
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
#<stockholm/makefu/2configs/dnscrypt/server.nix>
<stockholm/makefu/2configs/iodined.nix>
# <stockholm/makefu/2configs/backup.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
# ci
# <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
<stockholm/makefu/2configs/shack/gitlab-runner>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/taskd.nix>
# services
<stockholm/makefu/2configs/share/gum.nix>
# <stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/mosh.nix>
# <stockholm/makefu/2configs/retroshare.nix>
<stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/mail/mail.euer.nix>
# network
# sharing
<stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/torrent.nix>
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
{ # ncdc
environment.systemPackages = [ pkgs.ncdc ];
networking.firewall = {
allowedUDPPorts = [ 51411 ];
allowedTCPPorts = [ 51411 ];
};
}
# <stockholm/makefu/2configs/opentracker.nix>
## network
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
<stockholm/makefu/2configs/binary-cache/server.nix>
<stockholm/makefu/2configs/backup/server.nix>
<stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/bitlbee.nix>
<stockholm/makefu/2configs/wireguard/server.nix>
# buildbot
<stockholm/makefu/2configs/remote-build/slave.nix>
## Web
<stockholm/makefu/2configs/nginx/share-download.nix>
<stockholm/makefu/2configs/nginx/euer.test.nix>
# Removed until move: no extra mails
<stockholm/makefu/2configs/urlwatch>
# Removed until move: avoid letsencrypt ban
### Web
#<stockholm/makefu/2configs/nginx/share-download.nix>
#<stockholm/makefu/2configs/nginx/euer.test.nix>
<stockholm/makefu/2configs/nginx/euer.mon.nix>
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
<stockholm/makefu/2configs/nginx/euer.blog.nix>
# <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/public_html.nix>
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
#<stockholm/makefu/2configs/nginx/public_html.nix>
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
<stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
{
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
services.taskserver.listenHost = "::";
services.taskserver.organisations.home.users = [ "makefu" ];
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
'';
}
# <stockholm/makefu/2configs/ipfs.nix>
<stockholm/makefu/2configs/syncthing.nix>
# <stockholm/makefu/2configs/opentracker.nix>
<stockholm/makefu/2configs/dcpp/hub.nix>
<stockholm/makefu/2configs/dcpp/client.nix>
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
# Temporary:
# sharing
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
<stockholm/makefu/2configs/dcpp/hub.nix>
## Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
#{
# services.dockerRegistry.enable = true;
# networking.firewall.allowedTCPPorts = [ 8443 ];
# services.nginx.virtualHosts."euer.krebsco.de" = {
# forceSSL = true;
# enableACME = true;
# extraConfig = ''
# client_max_body_size 1000M;
# '';
# locations."/".proxyPass = "http://localhost:5000";
# };
#}
<stockholm/makefu/2configs/wireguard/server.nix>
{ # iperf3
networking.firewall.allowedUDPPorts = [ 5201 ];
networking.firewall.allowedTCPPorts = [ 5201 ];
}
# krebs infrastructure services
<stockholm/makefu/2configs/stats/server.nix>
];
makefu.dl-dir = "/var/download";
@ -120,9 +132,7 @@ in {
ListenAddress = ${external-ip} 21031
'';
connectTo = [
"muhbaasu" "tahoe" "flap" "wry"
"ni"
"fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
"prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
];
};
@ -137,10 +147,11 @@ in {
environment.systemPackages = with pkgs;[
weechat
bepasty-client-cli
get
tmux
];
# Hardware
# Network
networking = {
firewall = {
@ -179,4 +190,5 @@ in {
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
boot.tmpOnTmpfs = true;
state = [ "/home/makefu/.weechat" ];
}

View File

@ -1,26 +1,24 @@
{ config, ... }:
let
external-mac = "2a:c5:6e:d2:fc:7f";
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
external-gw = "185.194.140.1";
external-mac = "50:46:5d:9f:63:6b";
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
external-gw = "144.76.26.225";
# single partition, label "nixos"
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
# static
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
external-ip = "144.76.26.247";
external-ip6 = "2a01:4f8:191:12f6::2";
external-gw6 = "fe80::1";
external-netmask = 22;
external-netmask = 27;
external-netmask6 = 64;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
ext-if = "et0"; # gets renamed on the fly
in {
imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
];
makefu.server.primary-itf = ext-if;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
@ -40,7 +38,62 @@ in {
defaultGateway = external-gw;
};
boot.kernelParams = [ ];
boot.loader.grub.device = main-disk;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ main-disk ];
boot.initrd.kernelModules = [ "dm-raid" ];
boot.initrd.availableKernelModules = [
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
fsType = "ext4";
};
fileSystems."/var/lib" = {
device = "/dev/mapper/nixos-lib";
fsType = "ext4";
};
fileSystems."/var/download" = {
device = "/dev/mapper/nixos-download";
fsType = "ext4";
};
fileSystems."/var/lib/borgbackup" = {
device = "/dev/mapper/nixos-backup";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/sda2";
fsType = "vfat";
};
# parted -s -a optimal "$disk" \
# mklabel gpt \
# mkpart no-fs 0 1024KiB \
# set 1 bios_grub on \
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
# mkpart primary 1025MiB 100%
# parted -s -a optimal "/dev/sdb" \
# mklabel gpt \
# mkpart primary 1M 100%
#mkfs.vfat /dev/sda2
#pvcreate /dev/sda3
#pvcreate /dev/sdb1
#vgcreate nixos /dev/sda3 /dev/sdb1
#lvcreate -L 120G -m 1 -n root nixos
#lvcreate -L 50G -m 1 -n lib nixos
#lvcreate -L 100G -n download nixos
#lvcreate -L 100G -n backup nixos
#mkfs.ext4 /dev/mapper/nixos-root
#mkfs.ext4 /dev/mapper/nixos-lib
#mkfs.ext4 /dev/mapper/nixos-download
#mkfs.ext4 /dev/mapper/nixos-borgbackup
#mount /dev/mapper/nixos-root /mnt
#mkdir /mnt/boot
#mount /dev/sda2 /mnt/boot
#mkdir -p /mnt/var/src
#touch /mnt/var/src/.populate
}

View File

@ -0,0 +1,11 @@
mount /dev/mapper/nixos-root /mnt
mount /dev/sda2 /mnt/boot
chroot-prepare /mnt
chroot /mnt /bin/sh
journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild

View File

@ -1,5 +1,5 @@
{
name="gum";
name="nextgum";
torrent = true;
clever_kexec = true;
}

View File

@ -1,253 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
ext-if = config.makefu.server.primary-itf;
in {
imports = [
<stockholm/makefu>
./hardware-config.nix
./transfer-config.nix
<stockholm/makefu/2configs/headless.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
# Tools
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/sec.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/mosh.nix>
<stockholm/makefu/2configs/gui/xpra.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
<stockholm/makefu/2configs/backup.nix>
# <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
# services
<stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/mail/mail.euer.nix>
# sharing
<stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/torrent.nix>
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
{ # ncdc
environment.systemPackages = [ pkgs.ncdc ];
networking.firewall = {
allowedUDPPorts = [ 51411 ];
allowedTCPPorts = [ 51411 ];
};
}
# <stockholm/makefu/2configs/opentracker.nix>
## network
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
<stockholm/makefu/2configs/binary-cache/server.nix>
<stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/bitlbee.nix>
## buildbot
<stockholm/makefu/2configs/remote-build/slave.nix>
# Removed until move: no extra mails
<stockholm/makefu/2configs/urlwatch>
# Removed until move: avoid double-update of domain
# <stockholm/makefu/2configs/hub.nix>
# Removed until move: avoid letsencrypt ban
### Web
#<stockholm/makefu/2configs/nginx/share-download.nix>
#<stockholm/makefu/2configs/nginx/euer.test.nix>
#<stockholm/makefu/2configs/nginx/euer.mon.nix>
#<stockholm/makefu/2configs/nginx/euer.wiki.nix>
#<stockholm/makefu/2configs/nginx/euer.blog.nix>
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
#<stockholm/makefu/2configs/nginx/public_html.nix>
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
<stockholm/makefu/2configs/deployment/events-publisher>
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/graphs.nix>
#<stockholm/makefu/2configs/deployment/owncloud.nix>
#<stockholm/makefu/2configs/deployment/boot-euer.nix>
#<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
{
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
services.taskserver.listenHost = "::";
services.taskserver.organisations.home.users = [ "makefu" ];
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
'';
}
<stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
# <stockholm/makefu/2configs/logging/client.nix>
## Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
#{
# services.dockerRegistry.enable = true;
# networking.firewall.allowedTCPPorts = [ 8443 ];
# services.nginx.virtualHosts."euer.krebsco.de" = {
# forceSSL = true;
# enableACME = true;
# extraConfig = ''
# client_max_body_size 1000M;
# '';
# locations."/".proxyPass = "http://localhost:5000";
# };
#}
{ # wireguard server
# opkg install wireguard luci-proto-wireguard
# TODO: networking.nat
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
# conf.all.proxy_arp =1
networking.firewall = {
allowedUDPPorts = [ 51820 ];
extraCommands = ''
iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
'';
};
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.0.1/24" ];
listenPort = 51820;
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
peers = [
{
# x
allowedIPs = [ "10.244.0.2/32" ];
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
}
{
# vbob
allowedIPs = [ "10.244.0.3/32" ];
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
}
{
# x-test
allowedIPs = [ "10.244.0.4/32" ];
publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
}
{
# work-router
allowedIPs = [ "10.244.0.5/32" ];
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
}
{
# workr
allowedIPs = [ "10.244.0.6/32" ];
publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
}
];
};
}
{ # iperf3
networking.firewall.allowedUDPPorts = [ 5201 ];
networking.firewall.allowedTCPPorts = [ 5201 ];
}
# krebs infrastructure services
<stockholm/makefu/2configs/stats/server.nix>
];
makefu.dl-dir = "/var/download";
services.openssh.hostKeys = [
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
krebs.build.host = config.krebs.hosts.gum;
krebs.tinc.retiolum = {
extraConfig = ''
ListenAddress = ${external-ip} 53
ListenAddress = ${external-ip} 655
ListenAddress = ${external-ip} 21031
'';
connectTo = [
"muhbaasu" "tahoe" "flap" "wry"
"ni"
"fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
];
};
# access
users.users = {
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
};
# Chat
environment.systemPackages = with pkgs;[
weechat
bepasty-client-cli
tmux
];
# Hardware
# Network
networking = {
firewall = {
allowPing = true;
logRefusedConnections = false;
allowedTCPPorts = [
# smtp
25
# http
80 443
# httptunnel
8080 8443
# tinc
655
# tinc-shack
21032
# tinc-retiolum
21031
# taskserver
53589
# temp vnc
18001
# temp reverseshell
31337
];
allowedUDPPorts = [
# tinc
655 53
# tinc-retiolum
21031
# tinc-shack
21032
];
};
nameservers = [ "8.8.8.8" ];
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
boot.tmpOnTmpfs = true;
}

View File

@ -1,99 +0,0 @@
{ config, ... }:
let
external-mac = "50:46:5d:9f:63:6b";
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
external-gw = "144.76.26.225";
# single partition, label "nixos"
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
# static
external-ip = "144.76.26.247";
external-ip6 = "2a01:4f8:191:12f6::2";
external-gw6 = "fe80::1";
external-netmask = 27;
external-netmask6 = 64;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
ext-if = "et0"; # gets renamed on the fly
in {
imports = [
];
makefu.server.primary-itf = ext-if;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
networking = {
interfaces."${ext-if}" = {
ipv4.addresses = [{
address = external-ip;
prefixLength = external-netmask;
}];
ipv6.addresses = [{
address = external-ip6;
prefixLength = external-netmask6;
}];
};
defaultGateway6 = external-gw6;
defaultGateway = external-gw;
};
boot.kernelParams = [ ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ main-disk ];
boot.initrd.kernelModules = [ "dm-raid" ];
boot.initrd.availableKernelModules = [
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
fsType = "ext4";
};
fileSystems."/var/lib" = {
device = "/dev/mapper/nixos-lib";
fsType = "ext4";
};
fileSystems."/var/download" = {
device = "/dev/mapper/nixos-download";
fsType = "ext4";
};
fileSystems."/var/lib/borgbackup" = {
device = "/dev/mapper/nixos-backup";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/sda2";
fsType = "vfat";
};
# parted -s -a optimal "$disk" \
# mklabel gpt \
# mkpart no-fs 0 1024KiB \
# set 1 bios_grub on \
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
# mkpart primary 1025MiB 100%
# parted -s -a optimal "/dev/sdb" \
# mklabel gpt \
# mkpart primary 1M 100%
#mkfs.vfat /dev/sda2
#pvcreate /dev/sda3
#pvcreate /dev/sdb1
#vgcreate nixos /dev/sda3 /dev/sdb1
#lvcreate -L 120G -m 1 -n root nixos
#lvcreate -L 50G -m 1 -n lib nixos
#lvcreate -L 100G -n download nixos
#lvcreate -L 100G -n backup nixos
#mkfs.ext4 /dev/mapper/nixos-root
#mkfs.ext4 /dev/mapper/nixos-lib
#mkfs.ext4 /dev/mapper/nixos-download
#mkfs.ext4 /dev/mapper/nixos-borgbackup
#mount /dev/mapper/nixos-root /mnt
#mkdir /mnt/boot
#mount /dev/sda2 /mnt/boot
#mkdir -p /mnt/var/src
#touch /mnt/var/src/.populate
}

View File

@ -1,5 +0,0 @@
{
name="nextgum";
torrent = true;
clever_kexec = true;
}

View File

@ -1,7 +0,0 @@
{ config, lib, ... }:
# configuration which is only required for the time of the transfer
{
krebs.tinc.retiolum.connectTo = [ "gum" ];
krebs.build.host = lib.mkForce config.krebs.hosts.nextgum;
}

View File

@ -8,11 +8,11 @@ let
in {
imports =
[
#./hw/omo.nix
./hw/tsp.nix
./hw/omo.nix
#./hw/tsp.nix
<stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/backup.nix>
<stockholm/makefu/2configs/backup/state.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix>
@ -25,6 +25,22 @@ in {
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
<stockholm/makefu/2configs/share/omo.nix>
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
{ krebs.airdcpp.dcpp.shares = let
d = path: "/media/cryptX/${path}";
in {
emu.path = d "emu";
audiobooks.path = lib.mkForce (d "audiobooks");
incoming.path = lib.mkForce (d "torrent");
anime.path = d "anime";
};
krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp";
}
{
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
#services.sabnzbd.enable = true;
#systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
}
# <stockholm/makefu/2configs/share/omo-timemachine.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
@ -41,12 +57,22 @@ in {
<stockholm/makefu/2configs/stats/arafetch.nix>
# services
<stockholm/makefu/2configs/syncthing.nix>
{
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [ 80 ];
}
# <stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
<stockholm/makefu/2configs/deployment/homeautomation>
{
makefu.ps3netsrv = {
enable = true;
servedir = "/media/cryptX/emu/ps3";
};
}
{
hardware.pulseaudio.systemWide = true;
makefu.mpd.musicDirectory = "/media/cryptX/music";
@ -74,7 +100,7 @@ in {
krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
downloadDir = lib.mkForce "/media/cryptX/torrent";
extraConfig = ''
upload_rate = 200
upload_rate = 500
'';
};
users.groups.share = {
@ -83,14 +109,7 @@ in {
};
networking.firewall.trustedInterfaces = [ primaryInterface ];
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
makefu.ps3netsrv = {
enable = true;
servedir = "/media/cryptX/emu/ps3";
};
users.users.misa = {
uid = 9002;

View File

@ -11,10 +11,10 @@ in {
<stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/disable_v6.nix>
# <stockholm/makefu/2configs/tools/core-gui.nix>
# <stockholm/makefu/2configs/tools/extra-gui.nix>
# <stockholm/makefu/2configs/tools/media.nix>
# <stockholm/makefu/2configs/disable_v6.nix>
<stockholm/makefu/2configs/tools/core-gui.nix>
<stockholm/makefu/2configs/tools/extra-gui.nix>
<stockholm/makefu/2configs/tools/media.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
@ -33,9 +33,6 @@ in {
<stockholm/makefu/2configs/share/wbob.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
{
users.users.makefu.extraGroups = [ "pulse" ];
}
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
@ -46,10 +43,11 @@ in {
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
{ environment.systemPackages = [ pkgs.vlc ]; }
<stockholm/makefu/2configs/deployment/bureautomation>
<stockholm/makefu/2configs/deployment/bureautomation/mpd.nix>
<stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
(let
collectd-port = 25826;
@ -174,20 +172,4 @@ in {
fsType = "ext4";
};
};
# DualHead on NUC
# TODO: update synergy package with these extras (username)
# TODO: add crypto layer
systemd.services."synergy-client" = {
environment.DISPLAY = ":0";
serviceConfig.User = user;
};
services.synergy = {
client = {
enable = true;
screenName = "wbob";
serverAddress = "x.r";
};
};
}

View File

@ -15,7 +15,7 @@
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/laptop-backup.nix>
<stockholm/makefu/2configs/backup/state.nix>
# <stockholm/makefu/2configs/dnscrypt/client.nix>
<stockholm/makefu/2configs/avahi.nix>
@ -74,6 +74,7 @@
<stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
<stockholm/makefu/2configs/hw/irtoy.nix>
<stockholm/makefu/2configs/hw/switch.nix>
<stockholm/makefu/2configs/hw/bluetooth.nix>
# <stockholm/makefu/2configs/hw/rad1o.nix>
<stockholm/makefu/2configs/hw/smartcard.nix>
@ -83,11 +84,11 @@
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
{
programs.adb.enable = true;
}
{ programs.adb.enable = true; }
# temporary
{ services.redis.enable = true; }
<stockholm/makefu/2configs/pyload.nix>
# <stockholm/makefu/2configs/dcpp/airdcpp.nix>
# <stockholm/makefu/2configs/nginx/rompr.nix>
# <stockholm/makefu/2configs/lanparty/lancache.nix>
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
@ -121,13 +122,11 @@
];
makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
nixpkgs.config.allowUnfree = true;
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
networking.firewall.allowedUDPPorts = [ 665 26061 ];
networking.firewall.trustedInterfaces = [ "vboxnet0" ];
@ -144,14 +143,25 @@
# avoid full boot dir
boot.loader.grub.configurationLimit = 3;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
environment.systemPackages = [ pkgs.passwdqc-utils ];
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
state = [
"/home/makefu/stockholm"
"/home/makefu/backup/borgun"
"/home/makefu/.mail/"
"/home/makefu/.ssh/"
"/home/makefu/.zsh_history"
"/home/makefu/.bash_history"
"/home/makefu/.zshrc"
"/home/makefu/bin"
"/home/makefu/.gnupg"
"/home/makefu/.imapfilter"
"/home/makefu/.mutt"
"/home/makefu/docs"
"/home/makefu/.password-store"
"/home/makefu/.secrets-pass"
"/home/makefu/autosync/Database.kdb"
];
services.syncthing.user = lib.mkForce "makefu";
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
}

View File

@ -1,52 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
# preparation:
# mkdir -p defaultBackupDir/host.name/src
# as root on omo:
# ssh-copy-id root@src
startAt = "0,6,12,18:00";
defaultBackupServer = config.krebs.hosts.omo;
defaultBackupDir = "/home/backup";
defaultPull = host: src: {
method = "pull";
src = {
inherit host;
path = src;
};
dst = {
host = defaultBackupServer;
path = "${defaultBackupDir}/${host.name}${src}";
};
startAt = "0,6,12,18:00";
snapshots = {
hourly = { format = "%Y-%m-%dT%H"; retain = 4; };
daily = { format = "%Y-%m-%d"; retain = 7; };
weekly = { format = "%YW%W"; retain = 4; };
monthly = { format = "%Y-%m"; retain = 12; };
yearly = { format = "%Y"; };
};
};
in {
krebs.backup.plans = {
# wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )//
{
dst.path = "/media/cryptX/backup/gum/var-download";
dst.host = defaultBackupServer;
startAt = "19:00";
};
gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )//
{
dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de";
dst.host = defaultBackupServer;
startAt = "05:00";
};
# wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
};
environment.systemPackages = [
pkgs.borgbackup
];
}

View File

@ -0,0 +1,11 @@
{lib, ... }:
let
hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh );
in {
# TODO: for all enabled machines
services.borgbackup.repos = lib.genAttrs hosts (host: {
authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ];
path = "/var/lib/borgbackup/${host}";
user = "borg-${host}";
}) ;
}

View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x

View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x

View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x

View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x

View File

@ -0,0 +1,25 @@
{ config, ... }:
# back up all state
let
sec = toString <secrets>;
sshkey = sec + "/borg.priv";
phrase = sec + "/borg.pw";
in
{
services.borgbackup.jobs.state = {
repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:.";
paths = config.state;
encryption = {
mode = "repokey";
passCommand = "cat ${phrase}";
};
environment.BORG_RSH = "ssh -i ${sshkey}";
prune.keep =
{ daily = 7;
weekly = 4;
monthly = -1; # Keep at least one archive for each month
};
compression = "auto,lzma";
startAt = "daily";
};
}

View File

@ -32,6 +32,11 @@ in {
"paste.${config.krebs.build.host.name}"
"paste.r"
];
extraConfig = ''
if ( $server_addr = "${external-ip}" ) {
return 403;
}
'';
};
defaultPermissions = "admin,list,create,read,delete";
secretKeyFile = secKey;

View File

@ -57,6 +57,8 @@ in {
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-switch-on-connect
load-module module-equalizer-sink
load-module module-dbus-protocol
#load-module module-bluez5-device
#load-module module-bluez5-discover
'';

View File

@ -44,5 +44,6 @@
'';
};
state = map (f: "${config.krebs.airdcpp.stateDir}/${f}")
[ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ];
}

View File

@ -11,6 +11,11 @@ let
payload_available= "Online";
payload_not_available= "Offline";
};
tasmota_stecki = name: topic:
( tasmota_plug name topic) //
{ state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
};
espeasy_dht22 = name: [
{ platform = "mqtt";
name = "${name} DHT22 Temperature";
@ -38,9 +43,6 @@ let
};
in {
networking.firewall.allowedTCPPorts = [ 8123 ];
nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.65.5"
];
services.home-assistant = {
enable = true;
@ -48,6 +50,9 @@ in {
homeassistant = {
name = "Bureautomation";
time_zone = "Europe/Berlin";
latitude = "48.8265";
longitude = "9.0676";
elevation = 303;
};
mqtt = {
@ -72,7 +77,7 @@ in {
switch = [
(tasmota_plug "Bauarbeiterlampe" "plug")
(tasmota_plug "Blitzdings" "plug2")
(tasmota_plug "Fernseher" "plug3")
(tasmota_stecki "Fernseher" "fernseher")
(tasmota_plug "Pluggy" "plug4")
];
binary_sensor = [
@ -96,26 +101,140 @@ in {
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
{ platform = "influxdb";
queries = [
{ name = "mean value of feinstaub P1";
where = '' "node" = 'esp8266-1355142' '';
measurement = "feinstaub";
database = "telegraf";
field = "P1";
}
{ name = "mean value of feinstaub P2";
where = '' "node" = 'esp8266-1355142' '';
measurement = "feinstaub";
database = "telegraf";
field = "P2";
}
];
{ platform = "darksky";
api_key = lib.removeSuffix "\n"
(builtins.readFile <secrets/hass/darksky.apikey>);
language = "de";
monitored_conditions = [ "summary" "icon"
"nearest_storm_distance" "precip_probability"
"precip_intensity"
"temperature" # "temperature_high" "temperature_low"
"apparent_temperature"
"hourly_summary" # next 24 hours text
"minutely_summary"
"humidity"
"pressure"
"uv_index" ];
units = "si" ;
update_interval = {
days = 0;
hours = 0;
minutes = 30;
seconds = 0;
};
}
#{ platform = "influxdb";
# queries = [
# { name = "mean value of feinstaub P1";
# where = '' "node" = 'esp8266-1355142' '';
# measurement = "feinstaub";
# database = "telegraf";
# field = "P1";
# }
# { name = "mean value of feinstaub P2";
# where = '' "node" = 'esp8266-1355142' '';
# measurement = "feinstaub";
# database = "telegraf";
# field = "P2";
# }
# ];
#}
];
camera = [
{ name = "Baumarkt";
platform = "generic";
still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
}
{ name = "Autobahn Heilbronn";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
}
{ name = "Autobahn Singen";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
}
];
frontend = { };
http = { };
feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
conversation = {};
history = {};
logbook = {};
tts = [ { platform = "google";} ];
recorder = {};
group =
{ default_view =
{ view = "yes";
entities = [
"group.sensors"
"group.outside"
"group.switches"
"group.automation"
"group.camera"
];
};
automation = [
"automation.turn_off_fernseher_10_minutes_after_last_movement"
];
switches = [
"switch.bauarbeiterlampe"
"switch.blitzdings"
"switch.fernseher"
"switch.pluggy"
];
camera = [
"camera.Baumarkt"
"camera.Autobahn_Heilbronn"
"camera.Autobahn_Singen"
];
sensors = [
"binary_sensor.motion"
"sensor.easy2_dht22_humidity"
"sensor.easy2_dht22_temperature"
];
outside = [
"sensor.ditzingen_pm10"
"sensor.ditzingen_pm25"
"sensor.dark_sky_temperature"
"sensor.dark_sky_humidity"
"sensor.dark_sky_pressure"
"sensor.dark_sky_hourly_summary"
"sensor.dark_sky_minutely_summary"
];
};
# only for automation
# feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
automation = [
{ alias = "Turn on Fernseher on movement";
trigger = {
platform = "state";
entity_id = "binary_sensor.motion";
to = "on";
};
action = {
service= "homeassistant.turn_on";
entity_id= "switch.fernseher";
};
}
{ alias = "Turn off Fernseher 10 minutes after last movement";
trigger = {
platform = "state";
entity_id = "binary_sensor.motion";
to = "off";
for.minutes = 10;
};
action = {
service= "homeassistant.turn_off";
entity_id= "switch.fernseher";
};
condition = [{
condition = "time";
before = "06:30:00"; #only turn off between 6:30 and 18:00
after = "18:00:00";
weekday = [ "mon" "tue" "wed" "thu" "fri" ];
}];
}
];
};
};
}

View File

@ -1,67 +0,0 @@
{ pkgs, lib, ... }:
let
firetv = "192.168.1.238";
in {
systemd.services.firetv = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
};
};
services.home-assistant = {
#panel_iframe:
#configurator:
# title: Configurator
# icon: mdi:wrench
# url: http://hassio.local:3218
# sensor:
# - platform: random
enable = true;
config = {
homeassistant = {
name = "Bureautomation";
time_zone = "Europe/Berlin";
};
panel_iframe = {
euer_blog = {
title = "Euer Blog";
icon = "mdi:wrench";
url = "https://euer.krebsco.de";
};
};
media_player = [
{ platform = "kodi";
host = firetv;
}
{ platform = "firetv";
# assumes python-firetv running
}
];
sensor = [
{
platform = "luftdaten";
name = "Shack 1";
sensorid = "50";
monitored_conditions = [ "P1" "P2" ];
}
{
platform = "luftdaten";
name = "Shack 2";
sensorid = "658";
monitored_conditions = [ "P1" "P2" ];
}
{
platform = "luftdaten";
name = "Ditzingen";
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
{ platform = "random"; }
];
frontend = { };
http = { };
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
};
};
}

View File

@ -0,0 +1,9 @@
{lib,pkgs, ... }:
{
systemd.services."ympd-wbob" = {
description = "mpd ";
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody";
};
}

View File

@ -6,11 +6,6 @@ let
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
hn = config.krebs.build.host.name;
in {
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
if ( $server_addr = "${external-ip}" ) {
return 403;
}
'';
krebs.tinc_graphs = {
enable = true;
nginx = {

View File

@ -1,9 +1,60 @@
{ pkgs, config, ... }:
{ pkgs, lib, config, ... }:
# Ideas:
## wake-on-lan server
##
let
tasmota_rgb = name: topic:
# LED WS2812b
# effect_state_topic: "stat/led/Scheme"
# effect_command_topic: "cmnd/led/Scheme"
# effect_value_template: "{{ value_json.Scheme }}"
{ platform = "mqtt";
inherit name;
retain = false;
qos = 1;
optimistic = false;
# state
# TODO: currently broken, will not use the custom state topic
#state_topic = "/ham/${topic}/stat/POWER";
state_topic = "/ham/${topic}/stat/POWER";
command_topic = "/ham/${topic}/cmnd/POWER";
availability_topic = "/ham/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
# brightness
brightness_state_topic = "/ham/${topic}/stat/Dimmer";
brightness_command_topic = "/ham/${topic}/cmnd/Dimmer";
brightness_value_template = "{{ value_json.Dimmer }}";
brightness_scale = 100;
# color
rgb_state_topic = "/ham/${topic}/stat/Color";
rgb_command_topic = "/ham/${topic}/cmnd/Color2";
rgb_command_mode = "hex";
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
# effects
effect_state_topic = "/ham/${topic}/stat/Scheme";
effect_command_topic = "/ham/${topic}/cmnd/Scheme";
effect_value_template = "{{ value_json.Scheme }}";
effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
};
# switchmode 1 - also toggle power
# switchtopic flurlicht
tasmota_motion = name: topic:
{ platform = "mqtt";
device_class = "motion";
inherit name;
# TODO: currently broken, will not use the custom state topic
state_topic = "/ham/${topic}/stat/POWER";
payload_on = "ON";
payload_off = "OFF";
availability_topic = "/ham/${topic}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
};
firetv = "192.168.1.238";
tasmota_plug = name: topic:
{ platform = "mqtt";
@ -36,20 +87,31 @@ let
unit_of_measurement = "hPa";
}
];
tasmota_am2301 = name: topic:
[ { platform = "mqtt";
name = "${name} Temperatur";
state_topic = "/ham/${topic}/tele/SENSOR";
value_template = "{{ value_json.AM2301.Temperature }}";
unit_of_measurement = "°C";
}
{ platform = "mqtt";
name = "${name} Luftfeuchtigkeit";
state_topic = "/ham/${topic}/tele/SENSOR";
value_template = "{{ value_json.AM2301.Humidity }}";
unit_of_measurement = "%";
}
];
in {
imports = [
./mqtt.nix
];
systemd.services.firetv = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
};
};
nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.65.5"
];
#systemd.services.firetv = {
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# User = "nobody";
# ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
# };
#};
services.home-assistant = {
config = {
homeassistant = {
@ -58,7 +120,7 @@ in {
longitude = "9.2478";
elevation = 247;
};
discovery = {};
#discovery = {};
conversation = {};
history = {};
logbook = {};
@ -71,16 +133,16 @@ in {
{ platform = "kodi";
host = firetv;
}
{ platform = "firetv";
# assumes python-firetv running
}
#{ platform = "firetv";
# # assumes python-firetv running
#}
];
mqtt = {
broker = "localhost";
port = 1883;
client_id = "home-assistant";
username = "hass";
password = builtins.readFile <secrets/mqtt/hass>;
password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/hass>);
keepalive = 60;
protocol = 3.1;
birth_message = {
@ -96,43 +158,100 @@ in {
retain = true;
};
};
binary_sensor = [
(tasmota_motion "Flur Bewegung" "flurlicht")
];
sensor = [
{ platform = "speedtest";
monitored_conditions = [ "ping" "download" "upload" ];
}
# broken
#{ platform = "speedtest";
# monitored_conditions = [ "ping" "download" "upload" ];
#}
{ platform = "luftdaten";
name = "Ditzingen";
name = "Wangen";
sensorid = "663";
monitored_conditions = [ "P1" "P2" ];
}
# https://www.home-assistant.io/cookbook/automation_for_rainy_days/
{ platform = "darksky";
api_key = "c73619e6ea79e553a585be06aacf3679";
api_key = lib.removeSuffix "\n"
(builtins.readFile <secrets/hass/darksky.apikey>);
language = "de";
monitored_conditions = [ "summary" "icon"
"nearest_storm_distance" "precip_probability"
"precip_intensity"
"temperature" # "temperature_high" "temperature_low"
"temperature"
"apparent_temperature"
"hourly_summary"
"humidity"
"pressure"
"uv_index" ];
units = "si" ;
update_interval = {
days = 0;
hours = 0;
minutes = 10;
minutes = 30;
seconds = 0;
};
}
] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer");
]
++ (tasmota_bme "Schlafzimmer" "schlafzimmer")
++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer");
frontend = { };
#group = [
# { default_view = { view = "yes"; entities = [
# "sensor.luftdaten"
# ]}
#];
group =
{ default_view =
{ view = "yes";
entities = [
"group.flur"
"group.schlafzimmer"
"group.draussen"
"group.wohnzimmer"
"group.arbeitszimmer"
];
};
flur = [
"light.flurlicht"
"binary_sensor.flur_bewegung"
];
wohnzimmer = [
"media_player.kodi"
];
draussen = [
"sensor.dark_sky_temperature"
"sensor.dark_sky_hourly_summary"
"sensor.wangen_pm10"
"sensor.wangen_pm25"
];
schlafzimmer = [
"sensor.schlafzimmer_temperatur"
"sensor.schlafzimmer_luftdruck"
"sensor.schlafzimmer_luftfeuchtigkeit"
"switch.lichterkette_schlafzimmer"
];
arbeitszimmer = [
"switch.strom_staubsauger"
"sensor.arbeitszimmer_temperatur"
"sensor.arbeitszimmer_luftfeuchtigkeit"
];
};
http = { };
switch = [
(tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer")
(tasmota_plug "Strom Staubsauger" "arbeitszimmer")
];
light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ];
automation = [
{ alias = "Staubsauger Strom aus nach 6h";
trigger = {
platform = "state";
entity_id = "switch.strom_staubsauger";
to = "on";
for.hours = 6;
};
action = {
service= "homeassistant.turn_off";
entity_id= "switch.strom_staubsauger";
};
}
];
};
enable = true;

View File

@ -41,6 +41,7 @@ let
autosync = { };
fenkins = { };
pass = { };
secrets = { };
};
connector-repos = mapAttrs make-priv-repo {

View File

@ -66,7 +66,7 @@ in
cat |derp <<EOF
XTerm*background: black
XTerm*foreground: white
XTerm*FaceName : xft:xos4 Terminus:pixelsize=11
XTerm*FaceName : xft:Terminus:pixelsize=12
URxvt*termName: rxvt
URxvt*saveLines: 10000
@ -78,7 +78,7 @@ in
URxvt.background: black
URxvt.urgentOnBell: true
URxvt.visualBell: false
URxvt.font : xft:xos4 Terminus:size=11
URxvt.font : xft:Terminus:size=12
! blue

View File

@ -4,22 +4,38 @@
imports = [
./base.nix
];
users.users.makefu.packages = [ pkgs.chromium ];
users.users.makefu = {
packages = [ pkgs.chromium ];
extraGroups = [ "audio" "pulse" ];
};
services.xserver = {
layout = lib.mkForce "de";
xkbVariant = lib.mkForce "";
windowManager = lib.mkForce {
awesome.enable = false;
default = "none";
};
desktopManager.xfce.enable = true;
desktopManager.xfce = {
extraSessionCommands = ''
${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms
${pkgs.xlibs.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1
'';
enable = true;
};
# xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms
displayManager.sessionCommands = ''
xset -display :0 s off -dpms
xrandr --output HDMI2 --right-of HDMI1
'';
};
systemd.services.xset-off = {
after = [ "display-manager.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms";
RemainAfterExit = "yes";
TimeoutSec = "5s";
RestartSec="5s";
Restart = "on-failure";
};
};
}

View File

@ -1,12 +1,18 @@
{
{pkgs, ... }: {
home-manager.users.makefu = {
services.gpg-agent = {
enable = true;
defaultCacheTtl = 900;
maxCacheTtl = 7200;
defaultCacheTtlSsh = 3600;
maxCacheTtlSsh = 86400;
enableSshSupport = true;
enableScDaemon = true;
};
programs.fzf.enable = true; # alt-c
};
services.udev.packages = [
pkgs.libu2f-host
pkgs.yubikey-personalization
];
}

View File

@ -4,4 +4,7 @@
];
home-manager.users.makefu = {
};
environment.variables = {
GTK_DATA_PREFIX = "/run/current-system/sw";
};
}

View File

@ -1,31 +1,43 @@
{pkgs, ... }: {
{ pkgs, lib, ... }:
{
home-manager.users.makefu = {
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
programs.firefox.enable = true;
services.network-manager-applet.enable = true;
systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
services.blueman-applet.enable = true;
services.pasystray.enable = true;
systemd.user.services.network-manager-applet.Service.Environment = ''
XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
'';
systemd.user.services.clipit = {
Unit = {
Description = "clipboard manager";
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
programs.chromium = {
enable = true;
extensions = [
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
# "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold
"fpnmgdkabkmnadcjpehmlllkndpkmiak" # wayback machine
"gcknhkkoolaabfmlnjonogaaifnjlfnp" # foxyproxy
"abkfbakhjpmblaafnpgjppbmioombali" # memex
"kjacjjdnoddnpbbcjilcajfhhbdhkpgk" # forest
];
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
systemd.user.services.clipit = {
Unit = {
Description = "clipboard manager";
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
};
Service = {
Environment = ''
XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
'';
ExecStart = "${pkgs.clipit}/bin/clipit";
Restart = "on-abort";
Install = {
WantedBy = [ "graphical-session.target" ];
};
Service = {
Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
ExecStart = "${pkgs.clipit}/bin/clipit";
Restart = "on-abort";
};
};
};
};
}

View File

@ -1,5 +1,6 @@
{
home-manager.users.makefu = {
accounts.email.maildirBasePath = "/home/makefu/Mail";
accounts.email.accounts.syntaxfehler = {
address = "felix.richter@syntax-fehler.de";
userName = "Felix.Richter@syntax-fehler.de";
@ -27,7 +28,7 @@
};
primary = true;
realName = "Felix Richter";
passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg";
passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.gnupg/mail/syntax-fehler.gpg";
};
programs.offlineimap.enable = true;
programs.offlineimap.extraConfig = {

View File

@ -1,9 +1,7 @@
{ pkgs, ... }:
{ # bluetooth+pulse config
# for blueman-applet
users.users.makefu.packages = [
pkgs.blueman
];
users.users.makefu.packages = [ pkgs.blueman ];
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
@ -39,4 +37,5 @@
Enable=Source,Sink,Media,Socket
'';
};
services.dbus.packages = [ pkgs.blueman ];
}

View File

@ -27,4 +27,7 @@
powersave = true;
scanRandMacAddress = true;
};
state = [
"/etc/NetworkManager/system-connections" #NM stateful config files
];
}

View File

@ -0,0 +1,10 @@
{ config, lib, pkgs, ... }:
{
users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "plugdev" ];
services.udev.extraRules = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev"
'';
}

View File

@ -1,12 +0,0 @@
{config, lib, pkgs, ... }:
{
systemd.user.services.duply-secrets = {
description = "run daily secrets backup";
startAt = "daily";
serviceConfig = {
Type = "oneshot";
ExecStart = "{pkgs.duply}/bin/duply omo-secrets backup";
};
};
}

View File

@ -39,4 +39,5 @@ in {
};
};
};
state = [ base-dir ];
}

View File

@ -21,6 +21,7 @@ let
tw-pass-file = "${sec}/tw-pass.ini";
in {
state = [ base-dir ];
services.phpfpm = {
# phpfpm does not have an enable option
poolConfigs = {

View File

@ -5,11 +5,11 @@ let
in {
services.printing = {
enable = true;
drivers = [
pkgs.samsungUnifiedLinuxDriver
pkgs.cups-dymo # dymo labelwriter
pkgs.foo2zjs # magicolor 1690mf
pkgs.zj-58
drivers = with pkgs; [
samsungUnifiedLinuxDriver
cups-dymo # dymo labelwriter
foo2zjs # magicolor 1690mf
cups-zj-58
];
};

View File

@ -1,19 +0,0 @@
_:
let
listenPort = 60123;
xml-port = 5000;
authfile = <torrent-secrets/authfile>;
in {
makefu.rtorrent = {
enable = true;
web = {
enable = true;
enableAuth = true;
inherit authfile;
};
rutorrent.enable = true;
enableXMLRPC = true;
logLevel = "debug";
inherit listenPort;
};
}

View File

@ -2,8 +2,8 @@
with import <stockholm/lib>;
let
shack-announce = pkgs.callPackage (builtins.fetchTarball {
url = "https://github.com/makefu/events-publisher/archive/c5218195e6afdc646cb7682d8f355a7ec2b90716.tar.gz";
sha256 = "0xk74q7gah3l5zy3bkvih3k9fr1hclvf71rm3ixcmslhicl7khav";
url = "https://github.com/makefu/events-publisher/archive/670f4d7182a41b6763296e301612499d2986f213.tar.gz";
sha256 = "1yf9cb08v4rc6x992yx5lcyn62sm3p8i2b48rsmr4m66xdi4bpnd";
}) {} ;
home = "/var/lib/shackannounce";
user = "shackannounce";

View File

@ -0,0 +1,31 @@
{
systemd.services.gitlab-runner.path = [
"/run/wrappers" # /run/wrappers/bin/su
"/" # /bin/sh
];
services.gitlab-runner = {
enable = true;
configOptions =
{ concurrent = 1;
runners = [
{ builds_dir = "";
#docker =
#{ cache_dir = "";
# disable_cache = true;
# host = ""; image = "nixos/nix:2.1.3";
# privileged = true;
#};
#executor = "docker";
# name = "docker-nix";
name = "gum-shell";
executor = "shell";
environment = [ "PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ];
# generate via `gitlab-runner register`
token = import <secrets/shackspace-gitlab-ci-token.nix>;
url = "https://git.shackspace.de/";
}
];
};
};
}

View File

@ -27,12 +27,14 @@ in {
systemd.services.arafetch = {
startAt = "Mon,Wed,Fri 09:15:00";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
environment = {
OUTDIR = home;
};
path = [ pkg pkgs.git pkgs.wget ];
serviceConfig = {
User = "arafetch";
Restart = "always";
WorkingDirectory = home;
PrivateTmp = true;
ExecStart = pkgs.writeDash "start-weekrun" ''

11
makefu/2configs/taskd.nix Normal file
View File

@ -0,0 +1,11 @@
{config, ... }:
{
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
services.taskserver.listenHost = "::";
services.taskserver.organisations.home.users = [ "makefu" ];
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
'';
}

View File

@ -9,7 +9,7 @@
dex2jar
apktool
jd-gui
android-studio
# android-studio
jdk
jre
openssl

View File

@ -3,7 +3,7 @@
{
users.users.makefu.packages = with pkgs; [
taskwarrior
pass
(pass.withExtensions (ext: [ ext.pass-otp ]))
gopass
mutt
weechat

View File

@ -6,7 +6,6 @@
gimp
inkscape
libreoffice
quodlibet
# skype
synergy
tdesktop

View File

@ -7,10 +7,12 @@
vlc
mumble
mplayer
quodlibet
quodlibet # exfalso
plowshare
streamripper
youtube-dl
pulseeffects
];
}

View File

@ -7,6 +7,8 @@
rclone
exfat
(pkgs.callPackage ./secrets.nix {})
opensc pcsctools libu2f-host
];
# boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];

View File

@ -1,7 +1,7 @@
{ pass, write, writeDash, ... }:
write "secrets" {
"/bin/secrets".link = writeDash "brain" ''
"/bin/secrets".link = writeDash "secrets" ''
PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \
exec ${pass}/bin/pass $@
'';

View File

@ -3,12 +3,11 @@
with import <stockholm/lib>;
let
daemon-user = "tor";
basicAuth = import <torrent-secrets/auth.nix>;
peer-port = 51412;
web-port = 8112;
daemon-port = 58846;
base-dir = config.makefu.dl-dir;
base-dir = config.krebs.rtorrent.workDir;
in {
users.users = {
@ -23,17 +22,6 @@ in {
};
};
# todo: race condition, do this after download user has been created
system.activationScripts."download-dir-chmod" = ''
for i in finished watch; do
if test ! -d $i;then
mkdir -p "${base-dir}/$i"
chown rtorrent:download "${base-dir}/$i"
chmod 775 "${base-dir}/$i"
fi
done
'';
users.extraGroups = {
download = {
gid = lib.mkDefault (genid "download");
@ -57,15 +45,17 @@ in {
rutorrent.enable = true;
enableXMLRPC = true;
listenPort = peer-port;
downloadDir = base-dir + "/finished";
watchDir = base-dir + "/watch";
downloadDir = config.makefu.dl-dir;
# dump old torrents into watch folder to have them re-added
};
services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
networking.firewall.extraCommands = ''
iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
'';
networking.firewall.allowedTCPPorts = [ peer-port ];
networking.firewall.allowedUDPPorts = [ peer-port ];
state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
}

View File

@ -1,26 +1,9 @@
{ config, lib, pkgs, ... }:
let
mainUser = config.krebs.build.user;
vboxguestpkg = lib.stdenv.mkDerivation rec {
name = "Virtualbox-Extensions-${version}-${rev}";
version = "5.0.20";
rev = "106931";
src = pkgs.fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
};
};
in {
{
virtualisation.virtualbox.host.enable = true;
nixpkgs.config.virtualbox.enableExtensionPack = true;
virtualisation.virtualbox.host.enableHardening = false;
users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
nixpkgs.config.packageOverrides = super: {
boot.kernelPackages.virtualbox = super.boot.kernelPackages.virtualbox.override {
buildInputs = super.boot.kernelPackages.virtualBox.buildInputs
++ [ vboxguestpkg ];
};
};
users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ];
}

View File

@ -1,33 +1,31 @@
{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }:
{ stdenv, lib, fetchFromGitHub, mbedtls, python2, perl }:
let
mymbedtls = lib.overrideDerivation mbedtls (old: rec {
name = "mbedtls-${version}";
version = "2.13.0";
src = fetchFromGitHub {
owner = "ARMmbed";
repo = "mbedtls";
rev = name;
sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j";
};
buildInputs = old.buildInputs ++ [ python2 ];
postConfigure = ''
perl scripts/config.pl set MBEDTLS_CMAC_C
'';
doCheck = false;
});
in stdenv.mkDerivation rec {
name = "4nxci-${version}";
version = "1.30";
version = "1.35";
src = fetchFromGitHub {
owner = "The-4n";
repo = "4NXCI";
rev = "v${version}";
sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh";
sha256 = "0yq0irxzi4wi71ajw8ld01zfpkrgknpq7g3m76pbnwmdzkm7dra6";
};
mymbedtls = stdenv.mkDerivation {
name = "mbedtls-${version}";
version = "2.6.1";
doCheck = false;
inherit src;
buildInputs = [ perl ];
phases = [ "unpackPhase" "buildPhase" "installPhase" ];
makeFlags = [ "DESTDIR=$(out)" ];
buildPhase = ''
cp config.mk.template config.mk
cd mbedtls
make
'';
};
in stdenv.mkDerivation rec {
name = "4nxci-${version}";
inherit src version;
buildPhase = ''
cp config.mk.template config.mk
sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile

View File

@ -572,9 +572,9 @@ local os = {
do
local cmds =
{
"@networkmanagerapplet@/bin/nm-applet",
"@blueman@/bin/blueman-applet",
"@clipit@/bin/clipit"
-- "@networkmanagerapplet@/bin/nm-applet",
-- "@blueman@/bin/blueman-applet",
-- "@clipit@/bin/clipit"
}
for _,i in pairs(cmds) do

View File

@ -1,95 +0,0 @@
{ stdenv, fetchFromGitHub
, ninja
, boost
, meson
, pkgconfig
, wrapGAppsHook
, appstream-glib
, desktop-file-utils
, gtk3
, glib
, gst_all_1
, gobjectIntrospection
, python3Packages
, file
, cairo , sqlite , gettext
, gnome3
}:
let
peewee = with python3Packages; buildPythonPackage rec {
# https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/python-peewee
pname = "peewee";
version = "3.6.4";
src = fetchPypi {
inherit pname version;
sha256 = "1fi4z9n86ri79gllwav0gv3hmwipzmkvivzfyszfqn9fi5zpp3ak";
};
doCheck = false;
checkPhase = ''
python runtests.py
'';
buildInputs = [
cython
sqlite
# psycopg2
# mysql-connector
];
meta.license = stdenv.lib.licenses.mit;
};
in
stdenv.mkDerivation rec {
name = "cozy-${version}";
version = "0.6.0";
src = fetchFromGitHub {
owner = "geigi";
repo = "cozy";
rev = version;
sha256 = "1afl3qsn9h4k8fgp63z0ab9p5ashrg3g936a9rh3i9qydv6s3srd";
};
postPatch = ''
chmod +x data/meson_post_install.py
patchShebangs data/meson_post_install.py
substituteInPlace cozy/magic/magic.py --replace "ctypes.util.find_library('magic')" "'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'"
'';
postInstall = ''
wrapProgram $out/bin/com.github.geigi.cozy \
--prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)"
'';
wrapPrefixVariables = [ "PYTHONPATH" ];
nativeBuildInputs = [
meson ninja pkgconfig
wrapGAppsHook
appstream-glib
desktop-file-utils
gobjectIntrospection
];
buildInputs = with gst_all_1; [ gtk3 glib
gstreamer gst-plugins-good gst-plugins-ugly gst-plugins-base cairo gettext
gnome3.defaultIconTheme gnome3.gsettings-desktop-schemas
]
++ (with python3Packages; [
python gst-python pygobject3 dbus-python mutagen peewee magic
]);
checkPhase = ''
ninja test
'';
meta = with stdenv.lib; {
description = ''
A modern audio book player for Linux using GTK+ 3
'';
maintainers = [ maintainers.makefu ];
license = licenses.mit;
};
}

View File

@ -1,12 +0,0 @@
--- ./share/extensions/dxf_outlines.py 2017-10-08 17:28:45.553368917 +0200
+++ ./share/extensions/dxf_outlines.py.new 2017-10-08 17:29:20.172554152 +0200
@@ -341,7 +341,7 @@
if not scale:
scale = 25.4/96 # if no scale is specified, assume inch as baseunit
scale /= self.unittouu('1px')
- h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0])
+ h = self.unittouu(self.documentHeight())
self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]]
doc = self.document.getroot()
self.process_group(doc)

View File

@ -30,9 +30,6 @@ in {
qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { };
inherit (callPackage ./devpi {}) devpi-web ;
nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {};
inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
patches = [ ./custom/inkscape/dxf_fix.patch ];
});
}
// (mapAttrs (_: flip callPackage {})

View File

@ -1,32 +0,0 @@
{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }:
stdenv.mkDerivation rec {
name = "${pname}-2-35-0";
pname = "esniper";
version = "2.35.0";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${name}.tgz";
sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9";
};
buildInputs = [ openssl curl ];
# Add support for CURL_CA_BUNDLE variable.
# Fix <http://sourceforge.net/p/esniper/bugs/648/>.
patches = [ ./find-ca-bundle.patch ];
postInstall = ''
sed <"frontends/snipe" >"$out/bin/snipe" \
-e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\""
chmod 555 "$out/bin/snipe"
'';
meta = with stdenv.lib; {
description = "Simple, lightweight tool for sniping eBay auctions";
homepage = http://esniper.sourceforge.net;
license = licenses.gpl2;
maintainers = with maintainers; [ lovek323 peti ];
platforms = platforms.all;
};
}

View File

@ -1,26 +0,0 @@
diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c
--- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100
+++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200
@@ -200,6 +200,9 @@
int
initCurlStuff(void)
{
+ /* Path to OpenSSL bundle file. */
+ const char *ssl_capath=NULL;
+
/* list for custom headers */
struct curl_slist *slist=NULL;
@@ -241,6 +244,12 @@
if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, "")))
return initCurlStuffFailed();
+ /* If the environment variable CURL_CA_BUNDLE is set, pass through its
+ * contents to curl. */
+ if ((ssl_capath = getenv("CURL_CA_BUNDLE")))
+ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath)))
+ return initCurlStuffFailed();
+
slist = curl_slist_append(slist, "Accept: text/*");
slist = curl_slist_append(slist, "Accept-Language: en");
slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8");

View File

@ -1,45 +0,0 @@
{ stdenv, fetchFromGitHub , pkgconfig
, pcsclite
, autoreconfHook
, libnfc
}:
stdenv.mkDerivation rec {
name = "ifdnfc-${version}";
version = "2016-03-01";
src = fetchFromGitHub {
owner = "nfc-tools";
repo = "ifdnfc";
rev = "0e48e8e";
sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg";
};
nativeBuildInputs = [ pkgconfig autoreconfHook ];
buildInputs = [ pcsclite libnfc ];
configureFlags = [ "--prefix=$(out)" ];
makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ];
meta = with stdenv.lib; {
description = "PC/SC IFD Handler based on libnfc";
long_description =
'' libnfc Interface Plugin to be used in <code>services.pcscd.plugins</code>.
It provides support for all readers which are not supported by ccid but by libnfc.
For activating your reader you need to run
<code>ifdnfc-activate yes<code> with this package in your
<code>environment.systemPackages</code>
To use your reader you may need to blacklist your reader kernel modules:
<code>boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ];</code>
Supports the pn533 smart-card reader chip which is for example used in
the SCM SCL3711.
'';
homepage = https://github.com/nfc-tools/ifdnfc;
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = with maintainers; [ makefu ];
};
}

View File

@ -1,36 +0,0 @@
{ stdenv, lib, pkgs, fetchurl, jre, makeWrapper, unzip }:
stdenv.mkDerivation rec {
name = "${packageName}-${version}";
packageName = "jd-gui";
version = "1.4.0";
src = fetchurl {
url = "https://github.com/java-decompiler/jd-gui/releases/download/v${version}/${name}.jar";
sha256 = "0rvbplkhafb6s9aiwgcq4ffz4bvzyp7q511pd46hx4ahhzfg7lmx";
};
nativeBuildInputs = [ makeWrapper unzip ];
phases = [ "installPhase" ];
installPhase = ''
f=$out/lib/jd-gui/
bin=$out/bin
name=$(basename $src)
mkdir -p $f $bin
# fixup path to java
cp $src $f
cat > $bin/jd-gui <<EOF
#!/bin/sh
exec ${pkgs.jre}/bin/java -jar $f/$name \$@
EOF
chmod +x $bin/jd-gui
'';
meta = {
homepage = https://github.com/java-decompiler/jd-gui;
description = "A standalone Java Decompiler GUI";
license = lib.licenses.gpl3;
};
}

View File

@ -1,24 +0,0 @@
{ pkgs, lib ,python2Packages, fetchurl, gtk3}:
python2Packages.buildPythonPackage rec {
name = "mcomix-${version}";
version = "1.2.1";
src = fetchurl {
url = "mirror://sourceforge/mcomix/${name}.tar.bz2";
sha256 = "0fzsf9pklhfs1rzwzj64c0v30b74nk94p93h371rpg45qnfiahvy";
};
propagatedBuildInputs = with python2Packages;
[ python2Packages.pygtk gtk3 python2Packages.pillow ];
# for module in sys.modules.itervalues():
# RuntimeError: dictionary changed size during iteration
doCheck = false;
meta = {
homepage = https://github.com/pyload/pyload;
description = "Free and Open Source download manager written in Python";
license = lib.licenses.gpl3;
maintainers = with lib.maintainers; [ makefu ];
};
}

View File

@ -0,0 +1,36 @@
{ stdenv, fetchzip
, makeWrapper
, autoPatchelfHook
, xlibs
, gnome3
, libpng12
}:
stdenv.mkDerivation rec {
name = "ns-atmosphere-programmer-${version}";
version = "0.1";
src = fetchzip {
url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip";
sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0";
};
buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ];
nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
installPhase = ''
install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere
wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
--suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share'
'';
dontStrip = true;
meta = with stdenv.lib; {
description = "Payload programmer for ns-atmosphere injector";
homepage = http://www.ns-atmosphere.com;
maintainers = [ maintainers.makefu ];
platforms = platforms.linux;
license = with licenses; [ unfree ];
};
}

View File

@ -0,0 +1,24 @@
{ lib, pkgs, python3Packages, ... }:
with python3Packages; buildPythonPackage rec {
name = "nodemcu-uploader-${version}";
version = "0.1.0";
src = pkgs.fetchFromGitHub {
owner = "ksmit799";
repo = "switch-launcher";
rev = version;
sha256 = "0j24dwiqqjiks59s8gilnplsls130mp1jssg2rpjrvj0jg0w52zz";
};
propagatedBuildInputs = [
pyusb
];
meta = {
homepage = https://github.com/ksmit799/switch-launcher;
description = "Desktop switch payload launcher based on a modified reswitched injector";
license = lib.licenses.bsd3;
};
}

View File

@ -0,0 +1,64 @@
{ pkgs, fetchFromGitHub, ... }:
with pkgs.python2Packages;
let
version = "2.1";
rtslib = buildPythonPackage rec {
pname = "rtslib";
inherit version;
src = fetchFromGitHub {
owner = "datera";
repo = "rtslib";
rev = version;
sha256 = "1d58k9i4xigfqgycyismsqzkz65ssjdri2v9fg0wpica1klyyv22";
};
propagatedBuildInputs = [ ipaddr netifaces configobj ];
};
configshell = buildPythonPackage rec {
pname = "configshell";
version = "1.6";
src = fetchFromGitHub {
owner = "datera";
repo = "configshell";
rev = version;
sha256 = "14n7xbcaicsvwajv1aihz727dlkn6zfaqjbnn7mcpns83c2hms7y";
};
propagatedBuildInputs = [ pyparsing ];
};
tcm-py = buildPythonPackage rec {
pname = "tcm-py";
version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
src = fetchFromGitHub {
owner = "datera";
repo = "lio-utils";
rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
} + "/tcm-py";
propagatedBuildInputs = [ ];
};
lio-py = buildPythonPackage rec {
pname = "lio-py";
version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
src = fetchFromGitHub {
owner = "datera";
repo = "lio-utils";
rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
} + "/lio-py";
propagatedBuildInputs = [ ];
};
in buildPythonApplication rec {
pname = "targetcli";
inherit version;
propagatedBuildInputs = [ rtslib configshell lio-py tcm-py ];
src = fetchFromGitHub {
owner = "datera";
repo = "targetcli";
rev = version;
sha256 = "10nax7761g93qzky01y3hra8i4s11cgyy9w5w6l8781lj21lgi3d";
};
}

View File

@ -1,30 +0,0 @@
{stdenv, fetchFromGitHub, cups}:
stdenv.mkDerivation rec {
name = "cups-zj58-2018-02-22";
src = fetchFromGitHub {
owner = "klirichek";
repo = "zj-58";
rev = "e4212cd";
sha256 = "1w2qkspm4qqg5h8n6gmakzhiww7gag64chvy9kf89xsl3wsyp6pi";
};
buildInputs = [cups];
installPhase = ''
mkdir -p $out/lib/cups/filter
cp rastertozj $out/lib/cups/filter
mkdir -p $out/share/cups/model/zjiang
cp ZJ-58.ppd $out/share/cups/model/zjiang/
'';
meta = {
description = "CUPS filter for thermal printer Zjiang ZJ-58";
homepage = https://github.com/klirichek/zj-58;
platforms = stdenv.lib.platforms.linux;
};
}

View File

@ -69,7 +69,7 @@
(lib.mkIf ( host-src.home-manager ) {
home-manager.git = {
url = https://github.com/rycee/home-manager;
ref = "6eea2a4";
ref = "f947faf";
};
})
];

View File

@ -1,7 +1,7 @@
{
"url": "https://github.com/makefu/nixpkgs",
"rev": "8f991294288b27b9dec05cc1e07ec6a360bb39c8",
"date": "2018-08-06T14:29:01+02:00",
"sha256": "0zan8kdjk1pwdzm1rwc3ka87k11j0zmw4mdnj70r6pm38x2fa9n6",
"rev": "86fb1e9ae6ba6dfedc814b82abd8db5cfa4f4687",
"date": "2018-10-07T23:33:42+02:00",
"sha256": "015yxs3qj299mgqfmz5vgszj2gxqwazifsdsjw6xadris3ri41d3",
"fetchSubmodules": true
}

View File

@ -1 +0,0 @@
{}

View File

@ -1,132 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
<stockholm/nin>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
#../2configs/copyq.nix
<stockholm/nin/2configs/ableton.nix>
<stockholm/nin/2configs/games.nix>
<stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/termite.nix>
];
krebs.build.host = config.krebs.hosts.axon;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/pool/root";
fsType = "ext4";
};
fileSystems."/tmp" =
{ device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "ext2";
};
boot.initrd.luks.devices.crypted.device = "/dev/sda2";
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# nin config
time.timeZone = "Europe/Berlin";
services.xserver = {
enable = true;
displayManager.lightdm.enable = true;
};
networking.networkmanager.enable = true;
#networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
hardware.bluetooth.enable = true;
hardware.opengl.driSupport32Bit = true;
#nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
atom
chromium
firefox
git
htop
keepassx
lmms
networkmanagerapplet
openvpn
python
ruby
steam
taskwarrior
thunderbird
vim
virtmanager
];
nixpkgs.config = {
allowUnfree = true;
};
#services.logind.extraConfig = "HandleLidSwitch=ignore";
services.xserver.synaptics = {
enable = true;
};
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xhost}/bin/xhost + local:
'';
services.xserver.desktopManager.xfce = let
xbindConfig = pkgs.writeText "xbindkeysrc" ''
"${pkgs.pass}/bin/passmenu --type"
Control + p
'';
in {
enable = true;
extraSessionCommands = ''
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
'';
};
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
}

View File

@ -1,126 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
<stockholm/nin>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
#../2configs/copyq.nix
<stockholm/nin/2configs/games.nix>
<stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/termite.nix>
];
krebs.build.host = config.krebs.hosts.hiawatha;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
fsType = "ext4";
};
fileSystems."/tmp" =
{ device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/home" =
{ device = "/dev/fam/home";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
fsType = "ext2";
};
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
fileSystems."/home/nin/.local/share/Steam" = {
device = "/dev/fam/steam";
};
# nin config
time.timeZone = "Europe/Berlin";
services.xserver.enable = true;
networking.networkmanager.enable = true;
#networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
hardware.bluetooth.enable = true;
hardware.opengl.driSupport32Bit = true;
#nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
firefox
git
lmms
networkmanagerapplet
python
steam
thunderbird
vim
virtmanager
];
nixpkgs.config = {
allowUnfree = true;
};
#services.logind.extraConfig = "HandleLidSwitch=ignore";
services.xserver.synaptics = {
enable = true;
};
services.xserver.desktopManager.xfce = let
xbindConfig = pkgs.writeText "xbindkeysrc" ''
"${pkgs.pass}/bin/passmenu --type"
Control + p
'';
in {
enable = true;
extraSessionCommands = ''
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
'';
};
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
}

View File

@ -1,23 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/nin>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/weechat.nix>
<stockholm/nin/2configs/git.nix>
];
krebs.build.host = config.krebs.hosts.onondaga;
boot.isContainer = true;
networking.useDHCP = false;
time.timeZone = "Europe/Amsterdam";
services.openssh.enable = true;
}

View File

@ -1,20 +0,0 @@
{ config, pkgs, ... }: let
mainUser = config.users.extraUsers.nin;
in {
users.users= {
ableton = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
];
packages = [
pkgs.wine
pkgs.winetricks
];
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(ableton) NOPASSWD: ALL
'';
}

View File

@ -1,38 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
copyqConfig = pkgs.writeDash "copyq-config" ''
${pkgs.copyq}/bin/copyq config check_clipboard true
${pkgs.copyq}/bin/copyq config check_selection true
${pkgs.copyq}/bin/copyq config copy_clipboard true
${pkgs.copyq}/bin/copyq config copy_selection true
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
${pkgs.copyq}/bin/copyq config item_popup_interval true
${pkgs.copyq}/bin/copyq config maxitems 1000
${pkgs.copyq}/bin/copyq config move true
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
systemd.user.services.copyq = {
after = [ "graphical.target" ];
wants = [ "graphical.target" ];
wantedBy = [ "default.target" ];
environment = {
DISPLAY = ":0";
};
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
ExecStartPost = copyqConfig;
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
};
};
}

View File

@ -1,173 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
../2configs/vim.nix
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
(import <secrets/hashedPasswords.nix>);
}
{
users.users = {
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
config.krebs.users.nin_h.pubkey
];
};
nin = {
name = "nin";
uid = 1337;
home = "/home/nin";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
"audio"
"fuse"
];
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
config.krebs.users.nin_h.pubkey
];
};
};
}
{
environment.variables = {
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
};
}
(let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
environment.variables = {
CURL_CA_BUNDLE = ca-bundle;
GIT_SSL_CAINFO = ca-bundle;
SSL_CERT_FILE = ca-bundle;
};
})
];
networking.hostName = config.krebs.build.host.name;
nix.maxJobs = config.krebs.build.host.cores;
krebs = {
enable = true;
search-domain = "r";
build = {
user = config.krebs.users.nin;
};
};
nix.useSandbox = true;
users.mutableUsers = false;
services.timesyncd.enable = true;
#why is this on in the first place?
services.nscd.enable = false;
boot.tmpOnTmpfs = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
'';
nixpkgs.config.allowUnfree = true;
environment.shellAliases = {
gs = "git status";
};
environment.systemPackages = with pkgs; [
#stockholm
git
gnumake
jq
proot
pavucontrol
populate
p7zip
termite
unzip
unrar
hashPassword
];
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
elif test $UID = 1337; then
PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
else
PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
fi
'';
};
services.openssh = {
enable = true;
hostKeys = [
# XXX bits here make no science
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
krebs.iptables = {
enable = true;
tables = {
nat.PREROUTING.rules = [
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
];
nat.OUTPUT.rules = [
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
];
};
};
networking.dhcpcd.extraConfig = ''
noipv4ll
'';
}

View File

@ -1,60 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
out = {
services.nginx.enable = true;
krebs.git = {
enable = true;
cgit = {
settings = {
root-title = "public repositories at ${config.krebs.build.host.name}";
root-desc = "keep calm and engage";
};
};
repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
rules = rules;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
];
};
repos = public-repos;
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
stockholm = {
cgit.desc = "take all the computers hostage, they'll love you!";
};
};
make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
};
make-rules =
with git // config.krebs.users;
repo:
singleton {
user = [ nin nin_h ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
} ++
optional (length (repo.collaborators or []) > 0) {
user = repo.collaborators;
repo = [ repo ];
perm = fetch;
};
in out

Some files were not shown because too many files have changed in this diff Show More