Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse Source
This commit is contained in:
nin 2018-01-30 23:06:17 +01:00
commit 6849d7aa48
42 changed files with 717 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jeschli/1systems/bln/config.nix
View File

@ -8,6 +8,7 @@
imports =
[ # Include the results of the hardware scan.
<stockholm/jeschli>
<stockholm/jeschli/2configs/virtualbox.nix>
./hardware-configuration.nix
# ./dcso-vpn.nix
];

142
jeschli/1systems/bolide/config.nix Normal file
View File

@ -0,0 +1,142 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
<stockholm/jeschli>
<stockholm/jeschli/2configs/urxvt.nix>
];
krebs.build.host = config.krebs.hosts.bolide;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only
boot.initrd.luks.devices = [ {
name = "bla";
device = "/dev/disk/by-uuid/53f1eeaf-a7ac-456c-a2af-778dd8b8d5b0";
preLVM = true;
allowDiscards = true;
} ];
# networking.hostName = "bolide"; # Define your hostname.
networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.shellAliases = {
n = "nix-shell";
stocki = pkgs.writeDash "deploy" ''
cd ~/stockholm
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bolide"'
'';
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
wget vim
# system helper
ag
curl
copyq
dmenu
git
i3lock
keepass
networkmanagerapplet
rsync
terminator
tmux
wget
# rxvt_unicode
# editors
emacs
# internet
thunderbird
chromium
google-chrome
# programming languages
go
gcc
ghc
python35
python35Packages.pip
# go tools
golint
gotools
# dev tools
elmPackages.elm
gnumake
jetbrains.pycharm-professional
jetbrains.webstorm
jetbrains.goland
# document viewer
zathura
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.bash.enableCompletion = true;
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
services.xserver.displayManager.sddm.enable = true;
services.xserver.windowManager.xmonad.enable = true;
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.extraUsers.jeschli = {
isNormalUser = true;
uid = 1000;
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "17.09"; # Did you read the comment?
}

32
jeschli/1systems/bolide/hardware-configuration.nix Normal file
View File

@ -0,0 +1,32 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
fileSystems."/" =
{ device = "/dev/bolide-pool/bolide-root";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "/dev/bolide-pool/bolide-home";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3aeb67c4-5b6e-4df2-8013-607fe0fb8525";
fsType = "ext4";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = "powersave";
}

4
jeschli/1systems/bolide/source.nix Normal file
View File

@ -0,0 +1,4 @@
import <stockholm/jeschli/source.nix> {
name = "bolide";
secure = true;
}

7
jeschli/1systems/brauerei/config.nix
View File

@ -35,6 +35,13 @@
time.timeZone = "Europe/Amsterdam";
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget
environment.shellAliases = {
n = "nix-shell";
stocki = pkgs.writeDash "deploy" ''
cd ~/stockholm
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="brauerei"'
'';
};
environment.systemPackages = with pkgs; [
# system helper
ag

1
jeschli/1systems/enklave/config.nix
View File

@ -4,6 +4,7 @@
imports = [
<stockholm/jeschli>
<stockholm/jeschli/2configs/retiolum.nix>
<stockholm/jeschli/2configs/IM.nix>
<stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix>
{
networking.dhcpcd.allowInterfaces = [

56
jeschli/2configs/IM.nix Normal file
View File

@ -0,0 +1,56 @@
with (import <stockholm/lib>);
{ config, lib, pkgs, ... }:
let
tmux = pkgs.writeDashBin "tmux" ''
export TERM=xterm-256color
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g default-terminal screen-256color
''} "$@"
'';
in {
services.bitlbee = {
enable = true;
portNumber = 6666;
plugins = [
pkgs.bitlbee-facebook
pkgs.bitlbee-steam
pkgs.bitlbee-discord
];
libpurple_plugins = [ pkgs.telegram-purple ];
};
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey
jeschli-bln.pubkey
jeschli-brauerei.pubkey
];
packages = [ tmux ];
};
systemd.services.chat = {
description = "chat environment setup";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = false;
path = [
pkgs.rxvt_unicode.terminfo
];
serviceConfig = {
User = "chat";
RemainAfterExit = true;
Type = "oneshot";
ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
ExecStop = "${tmux}/bin/tmux kill-session -t IM";
};
};
}

3
jeschli/2configs/default.nix
View File

@ -23,6 +23,9 @@ with import <stockholm/lib>;
proot
populate
# aliases
(writeDashBin "irc" "ssh chat@enklave -t tmux a")
#style
most
rxvt_unicode.terminfo

156
jeschli/2configs/vim.nix
View File

@ -1,5 +1,6 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin {
name = "vim-javascript";
@ -19,69 +20,81 @@ let
sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a";
};
};
in {
# {
environment.systemPackages = [
(pkgs.vim_configurable.customize {
name = "vim";
vimrcConfig.customRC = ''
set nocompatible
:imap jk <Esc>
:vmap v v
:map gr :GoRun<Enter>
:nnoremap <S-TAB> :bnext<CR>
:nnoremap <C-TAB> <c-w><c-w>
:map nf :NERDTreeToggle<CR>
set autowrite
set number
set ruler
set path+=**
set wildmenu
noremap x "_x
set clipboard=unnamedplus
let g:jsx_ext_required = 0
let g:go_list_type = "quickfix"
let g:go_test_timeout = '10s'
let g:go_fmt_command = "goimports"
let g:go_snippet_case_type = "camelcase"
let g:go_highlight_types = 1
let g:go_highlight_fields = 1
let g:go_highlight_functions = 1
let g:go_highlight_methods = 1
let g:go_highlight_extra_types = 1
autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
let g:rehash256 = 1
let g:molokai_original = 1
colorscheme molokai
let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
let g:go_metalinter_autosave = 1
" let g:go_metalinter_autosave_enabled = ['vet', 'golint']
" let g:go_def_mode = 'godef'
" let g:go_decls_includes = "func,type"
" Trigger configuration. Do not use <tab> if you use https://github.com/Valloric/YouCompleteMe.
let g:UltiSnipsExpandTrigger="<c-e>"
let g:UltiSnipsJumpForwardTrigger="<c-t>"
let g:UltiSnipsJumpBackwardTrigger="<c-q>"
" If you want :UltiSnipsEdit to split your window.
let g:UltiSnipsEditSplit="vertical"
if has('persistent_undo') "check if your vim version supports it
set undofile "turn on the feature
set undodir=$HOME/.vim/undo "directory where the undo files will be stored
endif
vimrcConfig.customRC = let
colorscheme = ''colorscheme molokai'';
setStatements = ''
set autowrite
set clipboard=unnamedplus
set nocompatible
set path+=**
set ruler
set undodir=$HOME/.vim/undo "directory where the undo files will be stored
set undofile "turn on the feature
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
set wildmenu
set listchars=trail:
'';
remapStatements = ''
imap jk <Esc>
map gr :GoRun<Enter> " Map gr to execute go run
map nf :NERDTreeToggle<CR>
nnoremap <C-TAB> <c-w><c-w>
nnoremap <S-TAB> :bnext<CR>
noremap x "_x
vmap v v
'';
settingsForGo = ''
let g:go_decls_includes = "func,type"
let g:go_def_mode = 'godef'
let g:go_fmt_command = "goimports"
let g:go_highlight_extra_types = 1
let g:go_highlight_fields = 1
let g:go_highlight_functions = 1
let g:go_highlight_methods = 1
let g:go_highlight_types = 1
let g:go_list_type = "quickfix"
let g:go_metalinter_autosave = 1
let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
let g:go_snippet_case_type = "camelcase"
let g:go_test_timeout = '10s'
let g:jsx_ext_required = 0
let g:molokai_original = 1
let g:rehash256 = 1
'';
settingsForElm = ''
let g:polyglot_disabled = ['elm']
let g:elm_detailed_complete = 1
let g:elm_format_autosave = 1
let g:elm_syntastic_show_warnings = 1
'';
in ''
${colorscheme}
${remapStatements}
${setStatements}
${settingsForElm}
${settingsForGo}
" I dont know what this line is about
autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; }
{ names = [
"ctrlp"
"easymotion"
"molokai"
"nerdtree"
"snipmate"
"surround"
"Syntastic"
"undotree"
"elm-vim"
];
}
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
{ names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode
{ names = [ "vim-javascript" ]; ft_regex = "^js\$"; }
@ -89,4 +102,35 @@ in {
];
})
];
# set up the directories up if they are not there.
# Needs to be changed.
# vim = let
# dirs = {
# backupdir = "$HOME/.cache/vim/backup";
# swapdir = "$HOME/.cache/vim/swap";
# undodir = "$HOME/.cache/vim/undo";
# };
# files = {
# viminfo = "$HOME/.cache/vim/info";
# };
#
# mkdirs = let
# dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
# in assert out != ""; out;
# alldirs = attrValues dirs ++ map dirOf (attrValues files);
# in unique (sort lessThan alldirs);
# in
# pkgs.symlinkJoin {
# name = "vim";
# paths = [
# (pkgs.writeDashBin "vim" ''
# set -efu
# (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
# exec ${pkgs.vim}/bin/vim "$@"
# '')
# pkgs.vim
# ];
# };
}

23
jeschli/2configs/virtualbox.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.markus;
in {
#services.virtualboxHost.enable = true;
virtualisation.virtualbox.host.enable = true;
users.extraUsers = {
virtual = {
name = "virtual";
description = "user for running VirtualBox";
home = "/home/virtual";
useDefaultShell = true;
extraGroups = [ "vboxusers" "audio" ];
createHome = true;
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(virtual) NOPASSWD: ALL
'';
}

1
krebs/1systems/puyak/config.nix
View File

@ -7,7 +7,6 @@
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
<stockholm/krebs/2configs/buildbot-krebs.nix>
<stockholm/krebs/2configs/stats/puyak-client.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>

9
krebs/1systems/wolf/config.nix
View File

@ -2,6 +2,9 @@
let
shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
influx-host = "127.0.0.1";
ext-if = "et0";
external-mac = "52:54:b0:0b:af:fe";
in
{
imports = [
@ -12,7 +15,6 @@ in
<stockholm/krebs/2configs/stats/wolf-client.nix>
<stockholm/krebs/2configs/graphite.nix>
<stockholm/krebs/2configs/buildbot-krebs.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
@ -112,7 +114,7 @@ in
networking = {
firewall.enable = false;
firewall.allowedTCPPorts = [ 8088 8086 8083 ];
interfaces.enp0s3.ip4 = [{
interfaces."${ext-if}".ip4 = [{
address = shack-ip;
prefixLength = 20;
}];
@ -161,6 +163,9 @@ in
config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
time.timeZone = "Europe/Berlin";
sound.enable = false;

2
krebs/2configs/repo-sync.nix
View File

@ -58,7 +58,7 @@ let
ref = "heads/master";
};
};
krebs.git = defineRepo name true;
krebs.git = defineRepo name false;
};
in {

40
krebs/3modules/jeschli/default.nix
View File

@ -163,6 +163,43 @@ with import <stockholm/lib>;
};
};
bolide = {
nets = {
retiolum = {
ip4.addr = "10.243.27.31";
ip6.addr = "42::31";
aliases = [
"bolide.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEAn9mkcX4WvyClMxiHgpvM7nNFbGuUVIxM71luzhfroTxMxcWBcik+
m7ensF256uQeUw4+y/d3wVj06ARnJubdGa1zrM54ghLp6dDTULnUhPfgIbCeP+Zz
A9hlZsD+yx9ZkPmSMhaakz5dKVlx9KFy4IrS42uGCquXIZ979loZ0372MxYxmPEY
sIiuZXQcLOiJa5ajJMHS2UEkr4rCvpa/nOJ3AcEl0QbCjX1WALjPZEw9Ogrwergy
tv0d8dkXHB80DZ4sEjA7+BxB/sVrI4YpT9diTqEHNlkhjYjk6x9o0aBAIfJoyFYK
Yo2eb8SYN4qwoNbtXr5JLvT0i6thT2R+jXm9h11NIGS91x4cJc2P7eIZI2J33gsV
VOfcZ4BfJSQSbd1G12EpgzM6UlorNGMqG2DfH3XPbQ0Ez19tNlEUqlbT3dnvVA5y
kpwWDEJrZB3SDvwtHQf9/4j/jXFlMNu4GE1kcwm+a4LvGFne37atY3irv3xZ9ih4
ygRbKfFFmxTqK3Cl2Vwxf/dsUm/P+hVF5nzROu7v7wkyU90nYp/AnpXywc4rEAVj
M8/7H6OlY59yqElJkSdsMum7HtytpsvvenQWW85Ycz+/Ti3nmYuaILgme2Q6JfA3
c6aNRv8A31m4GIuacHNGJOi2WfJab076bYw82HnX4bVoft9i2SxjZrXr75euz/4k
jGC4A4YQnrUi4wTBiSc3jm69wb3NXHYoKHjDIwDUUI91vUOKaTO/09RlAYr5EWT3
nekSaOu9nCrpTR6dq+yc4MktFjHBKPs2ReFKfDHkYzKiNSn5Ei9g3QhpCMF1LE19
RDvBbFawXtH3M8JHofalwsek44eso0tWA3RzFmiH2WzSLD2UV8a2la9vIfJbMvw3
LqunwCgC0QWtSTjh+X6H0MBKcGcie5bisKfkXQExx0cnNERDoXpe1E8g5EmJBt2B
8anRC6thNhpAuMTB8hZy+RP9AsRBxUE9lr9oKDH3JrHRBk1S4LktuNL3Zf8UqnRO
s7hGPzr8nw5yXV61xXFmXwA0snBsNfo83XpuiWJgz2qrz6/EWLZBgnLNyq22udxl
O9EGExulbija5rmrSp1MGi7K2K2qAx06KP3C1TerpSY0BW6ZhX/4MK/WIRihDBG4
JLg/gxX/4FES2qGmjCkW74TQDHq6B8xFuJQ3y5nD1cZBN4+VDNb1+mQbR06Zn0Sc
pDASYWimJzqxR+s/cr0a8PwoE/RdjwOYlXIOW4tDcK12Am6XRRf87cycG9ueNzhy
RwrvUJ4JMyUA5sbo2sbumAMqiytNZ7ReRVK6S5IiMpysr4/lHb2OQSPhQArDCprg
KXNgncRZsrL9VgVueVmOp45qkAkapeQ8wQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
};
users = {
@ -176,5 +213,8 @@ with import <stockholm/lib>;
jeschli-brauerei = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos";
};
jeschli-bolide = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnLjnFw3OYJJy/ID9RCWHTtnVcKRfROIj1tJdJZoOWzGMY+kgyCN/WNBg7JJtCW22yU5O3ftSdN851URCBZ6FgYmcvURBxUOKPlyX5EoxUrrnbmtxJM9+OIT3Dt2RWfrqX6aEQ57nwe/qIFKo9UaoedB/FOzsw1f3U5zBxVuWVRQrsnPxkbPWHmPAGB4CvL897tb83uecDexmGZpLe/0dN4768i2nYaSwrNL+HtqZCvkEqEmnfHlmqqXhiuq83q8su/WSXAtDbUVucG3frgOir14YCbrWKf59+MugxhYOEYBqp+KME5+niFGoulg+NBW/HzH6U+DiH4RFBJhCu1Gr jeschli@bolide";
};
};
}

18
krebs/3modules/lass/default.nix
View File

@ -3,6 +3,9 @@
with import <stockholm/lib>;
{
dns.providers = {
"lassul.us" = "zones";
};
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass;
ci = true;
@ -80,6 +83,18 @@ with import <stockholm/lib>;
prism IN A ${nets.internet.ip4.addr}
paste IN A ${nets.internet.ip4.addr}
'';
"lassul.us" = ''
$TTL 3600
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
60 IN NS ns16.ovh.net.
60 IN NS dns16.ovh.net.
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
60 IN TXT v=spf1 mx -all
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
internet = {
@ -443,7 +458,8 @@ with import <stockholm/lib>;
external = true;
nets = rec {
internet = {
ip4.addr = "129.215.90.4";
# eddie.thalheim.io
ip4.addr = "129.215.197.11";
aliases = [ "eddie.i" ];
};
retiolum = rec {

34
krebs/3modules/tv/default.nix
View File

@ -32,40 +32,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
};
ju = {
external = true;
nets = {
gg23 = {
ip4.addr = "10.23.1.144";
aliases = [
"ju.gg23"
];
};
retiolum = {
ip4.addr = "10.243.13.39";
ip6.addr = "42::1339";
aliases = [
"ju.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAy2xyuOJ/G7uuXz8SfL8mkeX/YwAqnty98/h4BGHwd4ENLt2cUtim
BUjVFIWdIMRds+4H8UtveGSeuYgRs3CpQeNuAeq20YlwoxeZgsc8mA+FP/zeN10n
OAaP/+BTLKAHQ3Ixq41vLrFXU4Ah53YhOw1LqxQG80Tcr4J8Yehx+mrdGhcDnp2p
4QpMLtMoAn0dQ3K5muZUQzGMHamLIril8hDKkJPqBVN0DRQ2lAVcK70AcqyuFIUM
rWkG8gI7AT1bhZ3viIMX9wjpuA3BaitqIEyUCjWv2ZLy2HmTDGGfhEqNYdx/pXKt
HToZk1XPnNfopFFtOHiSh1P06VqPex6MIHpbgEf7cVlxxNUOH2qssPGbo6ulzGyo
YLeJZNP+1GxPLtyBBSiFApGdJBH8aMlQlz0vjFIdmJbIbUhSSi1TOtbQuB1SCvYO
rp9Hm9Ah0508kxLfGlmKdQ3zO3wKbmPqCjwqSGsgtHn3KZzhgr+pTwgHIKdur1VU
yW0vvj2ofyajgAb53cM77ScIHwbimkZ0/CbAVeM1z7OXOQ5ruXW/FVCZPe+clY2F
ah6UOM5FdI+AYWOhkbP1EP0DGugHs5YUgTxOMMwot1TkxD/y4CZ/ctukoWZrIHHR
vKpLhs9nWcnVXRP/trLtVl2okhs1vTYqgArgH6C0jbSXoNQbnZ+a860CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM6dL0fQ8Bd0hER0Xa3I2pAWVHdnwOBaAZhbDlLJmUu";
};
kaepsele = {
external = true;
nets = {

3
krebs/4lib/infest/prepare.sh
View File

@ -81,6 +81,9 @@ prepare_debian() {
}
prepare_nixos_iso() {
_which() (
type -p "$1"
)
mountpoint /mnt
type git 2>/dev/null || nix-env -iA nixos.git

2
krebs/5pkgs/simple/Reaktor/plugins.nix
View File

@ -123,7 +123,7 @@ rec {
script = pkgs.writeDash "lambda-pl" ''
if [ "$#" -gt 0 ]; then
curl -SsL --max-time 5 "$1" |
perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)(?: - youtube)?\s*<\/title/si'
perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si'
fi
'';
});

51
krebs/5pkgs/simple/ftb/default.nix Normal file
View File

@ -0,0 +1,51 @@
{ stdenv, fetchurl, makeDesktopItem
, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm
, openjdk
, mesa, openal
, useAlsa ? false, alsaOss ? null }:
with stdenv.lib;
assert useAlsa -> alsaOss != null;
let
desktopItem = makeDesktopItem {
name = "minecraft";
exec = "minecraft";
icon = "minecraft";
comment = "A sandbox-building game";
desktopName = "Minecraft";
genericName = "minecraft";
categories = "Game;";
};
in stdenv.mkDerivation {
name = "ftb";
src = fetchurl {
url = "http://ftb.cursecdn.com/FTB2/launcher/FTB_Launcher.jar";
sha256 = "10ga4jgyfsj5dy4rj2rla0fpnfpnxv8r3bmxpqpwn7fsry4il79v";
};
phases = "installPhase";
installPhase = ''
set -x
mkdir -pv $out/bin
cp -v $src $out/ftb.jar
cat > $out/bin/ftb << EOF
#!${stdenv.shell}
export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]}
${if useAlsa then "${alsaOss}/bin/aoss" else "" } \
${jre}/bin/java -jar $out/ftb.jar
EOF
chmod +x $out/bin/ftb
mkdir -p $out/share/applications
ln -s ${desktopItem}/share/applications/* $out/share/applications/
${openjdk}/bin/jar xf $out/ftb.jar favicon.png
'';
}

33
krebs/source.nix
View File

@ -1,22 +1,25 @@
with import <stockholm/lib>;
host@{ name, secure ? false }: let
host@{ name, secure ? false, override ? {} }: let
builder = if getEnv "dummy_secrets" == "true"
then "buildbot"
else "krebs";
_file = <stockholm> + "/krebs/1systems/${name}/source.nix";
in
evalSource (toString _file) {
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
secrets = getAttr builder {
buildbot.file = toString <stockholm/krebs/6tests/data/secrets>;
krebs.pass = {
dir = "${getEnv "HOME"}/brain";
name = "krebs-secrets/${name}";
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
secrets = getAttr builder {
buildbot.file = toString <stockholm/krebs/6tests/data/secrets>;
krebs.pass = {
dir = "${getEnv "HOME"}/brain";
name = "krebs-secrets/${name}";
};
};
};
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04
};
}
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "b222a0713f4a689519686421b3fbf5ca0c9bd3da"; # nixos-17.09 @ 2018-01-23
};
}
override
]

3
lass/1systems/daedalus/config.nix
View File

@ -40,6 +40,9 @@ with import <stockholm/lib>;
zathura
skype
wine
geeqie
vlc
minecraft
];
nixpkgs.config.firefox.enableAdobeFlash = true;
services.xserver.enable = true;

1
lass/1systems/helios/config.nix
View File

@ -131,7 +131,6 @@ with import <stockholm/lib>;
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
${pkgs.systemd}/bin/systemctl start xresources.service
'';
networking.hostName = lib.mkForce "BLN02NB0162";

2
lass/1systems/mors/config.nix
View File

@ -192,7 +192,7 @@ with import <stockholm/lib>;
'';
};
#nix.package = pkgs.nixUnstable;
nix.package = pkgs.nixUnstable;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ];
}

11
lass/1systems/prism/config.nix
View File

@ -289,13 +289,6 @@ in {
alias /var/realwallpaper/realwallpaper.png;
'';
}
{
services.minecraft-server.enable = true;
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
];
}
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix>
{
@ -307,7 +300,7 @@ in {
jeschli-brauerei
];
repo = [ config.krebs.git.repos.stockholm ];
perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ];
perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ];
}
];
}
@ -318,6 +311,8 @@ in {
RandomizedDelaySec = "2min";
};
}
<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
];
krebs.build.host = config.krebs.hosts.prism;

32
lass/2configs/baseX.nix
View File

@ -53,6 +53,7 @@ in {
time.timeZone = "Europe/Berlin";
programs.ssh.agentTimeout = "10m";
programs.ssh.startAgent = true;
services.openssh.forwardX11 = true;
@ -85,6 +86,8 @@ in {
screengrab
slock
sxiv
timewarrior
taskwarrior
termite
xclip
xorg.xbacklight
@ -104,15 +107,40 @@ in {
xlibs.fontschumachermisc
];
lass.xserver.enable = true;
#lass.xserver.enable = true;
services.xserver = {
enable = true;
layout = "us";
display = mkForce 0;
xkbModel = "evdev";
xkbVariant = "altgr-intl";
xkbOptions = "caps:backspace";
displayManager.lightdm.enable = true;
windowManager.default = "xmonad";
windowManager.session = [{
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
${pkgs.coreutils}/bin/sleep infinity
'';
}];
};
systemd.user.services.xmonad = {
wantedBy = [ "graphical-session.target" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
RXVT_SOCKET = "%t/urxvtd-socket";
XMONAD_DATA_DIR = "/tmp";
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
};
restartIfChanged = false;
};
services.urxvtd.enable = true;
krebs.xresources.enable = true;
lass.screenlock.enable = true;
}

20
lass/2configs/browsers.nix
View File

@ -35,7 +35,10 @@ let
useDefaultShell = true;
createHome = true;
};
lass.browser.paths.${name}.path = bin;
lass.browser.paths.${name} = {
path = bin;
inherit precedence;
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
@ -80,6 +83,14 @@ in {
browser-select
];
programs.chromium = {
enable = true;
extensions = [
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
];
};
imports = [
{
options.lass.browser.select = mkOption {
@ -102,8 +113,9 @@ in {
( createFirefoxUser "ff" [ "audio" ] 10 )
( createChromiumUser "cr" [ "video" "audio" ] 9 )
( createChromiumUser "gm" [ "video" "audio" ] 8 )
( createChromiumUser "wk" [ "video" "audio" ] )
( createChromiumUser "fb" [ "video" "audio" ] )
( createChromiumUser "com" [ "video" "audio" ] )
( createChromiumUser "wk" [ "video" "audio" ] 0 )
( createChromiumUser "fb" [ "video" "audio" ] 0 )
( createChromiumUser "com" [ "video" "audio" ] 0 )
( createChromiumUser "fin" [] (-1) )
];
}

7
lass/2configs/copyq.nix
View File

@ -19,9 +19,9 @@ let
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
systemd.services.copyq = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
systemd.user.services.copyq = {
wantedBy = [ "graphical-session.target" ];
requires = [ "xmonad.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
@ -35,7 +35,6 @@ in {
Restart = "always";
RestartSec = "15s";
StartLimitBurst = 0;
User = "lass";
};
};
}

11
lass/2configs/default.nix
View File

@ -2,11 +2,12 @@ with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
../2configs/binary-cache/client.nix
../2configs/gc.nix
../2configs/mc.nix
../2configs/vim.nix
../2configs/monitoring/client.nix
./binary-cache/client.nix
./gc.nix
./mc.nix
./vim.nix
./monitoring/client.nix
./zsh.nix
./htop.nix
./backups.nix
./security-workarounds.nix

5
lass/2configs/exim-smarthost.nix
View File

@ -54,6 +54,11 @@ with import <stockholm/lib>;
{ from = "bitstamp@lassul.us"; to = lass.mail; }
{ from = "bitcoin.de@lassul.us"; to = lass.mail; }
{ from = "ableton@lassul.us"; to = lass.mail; }
{ from = "dhl@lassul.us"; to = lass.mail; }
{ from = "sipgate@lassul.us"; to = lass.mail; }
{ from = "coinexchange@lassul.us"; to = lass.mail; }
{ from = "verwaltung@lassul.us"; to = lass.mail; }
{ from = "gearbest@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

4
lass/2configs/games.nix
View File

@ -73,6 +73,10 @@ in {
extraGroups = [ "audio" "video" "input" "loot" ];
createHome = true;
useDefaultShell = true;
packages = with pkgs; [
ftb
minecraft
];
};
};

4
lass/2configs/git.nix
View File

@ -81,7 +81,7 @@ let
server = "irc.r";
verbose = config.krebs.build.host.name == "prism";
# TODO define branches in some kind of option per repo
branches = [ "master" "staging*" ];
branches = [ "master" ];
};
};
};
@ -100,7 +100,7 @@ let
nick = config.krebs.build.host.name;
channel = "#xxx";
server = "irc.r";
verbose = true;
verbose = false;
# TODO define branches in some kind of option per repo
branches = [ "master" "staging*" ];
};

34
lass/2configs/mail.nix
View File

@ -1,3 +1,4 @@
with import <stockholm/lib>;
{ pkgs, ... }:
let
@ -19,6 +20,14 @@ let
text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput;
'';
mailboxes = {
wireguard = [ "wireguard@lists.zx2c4" ];
c-base = [ "c-base.org" ];
security = [ "seclists.org" "security" "bugtraq" ];
nix-devel = [ "nix-devel@googlegroups.com" ];
shack = [ "shackspace.de" ];
};
muttrc = pkgs.writeText "muttrc" ''
# gpg
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
@ -72,22 +81,15 @@ let
''} %r |"
virtual-mailboxes \
"Unread" "notmuch://?query=tag:unread"\
"INBOX" "notmuch://?query=tag:inbox \
and NOT to:nix-devel\
and NOT to:shackspace\
and NOT to:security\
and NOT to:c-base" \
"shack" "notmuch://?query=to:shackspace"\
"c-base" "notmuch://?query=to:c-base"\
"security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\
"nix" "notmuch://?query=to:nix-devel"\
"radio" "notmuch://?query=to:radio or tag:radio"\
"TODO" "notmuch://?query=tag:TODO"\
"Starred" "notmuch://?query=tag:*"\
"Archive" "notmuch://?query=tag:archive"\
"Sent" "notmuch://?query=tag:sent"\
"Junk" "notmuch://?query=tag:junk"
"Unread" "notmuch://?query=tag:unread"\
"INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\
${concatMapStringsSep "\n" (i: ''${" "}"${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)}
"BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\
"TODO" "notmuch://?query=tag:TODO"\
"Starred" "notmuch://?query=tag:*"\
"Archive" "notmuch://?query=tag:archive"\
"Sent" "notmuch://?query=tag:sent"\
"Junk" "notmuch://?query=tag:junk"
tag-transforms "junk" "k" \
"unread" "u" \

21
lass/2configs/minecraft.nix Normal file
View File

@ -0,0 +1,21 @@
{ pkgs, ... }:
{
users.users = {
mc = {
name = "mc";
description = "user playing mc";
home = "/home/mc";
createHome = true;
useDefaultShell = true;
packages = with pkgs; [
tmux
];
};
};
krebs.per-user.mc.packages = [ pkgs.jdk ];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
];
}

1
lass/2configs/radio.nix
View File

@ -118,6 +118,7 @@ in {
if test $(timeLeft) -le $LIMIT; then
${add_random}/bin/add_random
fi
${pkgs.mpc_cli}/bin/mpc play > /dev/null
'';
in {
description = "radio playlist autoadder";

86
lass/2configs/zsh.nix
View File

@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [ pkgs.fzf ];
programs.zsh = {
enable = true;
shellInit = ''
@ -7,10 +8,8 @@
zsh-newuser-install() { :; }
'';
interactiveShellInit = ''
#unsetopt nomatch
setopt autocd extendedglob
bindkey -e
zstyle :compinstall filename '/home/lass/.zshrc'
#history magic
bindkey "" up-line-or-local-history
@ -39,8 +38,11 @@
zle -N edit-command-line
bindkey "^X^E" edit-command-line
#fzf inclusion
source ${pkgs.fzf}/share/fzf/completion.zsh
source ${pkgs.fzf}/share/fzf/key-bindings.zsh
#completion magic
fpath=(~/.zsh/completions $fpath)
autoload -Uz compinit
compinit
zstyle ':completion:*' menu select
@ -48,14 +50,16 @@
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
#eval $( dircolors -b ~/.LS_COLORS )
# export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -'
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
rev = "master";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
}}/LS_COLORS)
#beautiful colors
alias ls='ls --color'
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
# zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
bindkey "[7~" beginning-of-line
@ -66,27 +70,8 @@
#aliases
alias ll='ls -l'
alias la='ls -la'
alias pinginet='ping 8.8.8.8'
alias du='du -hd1'
alias qiv="qiv -f -m"
alias zshres="source ~/.zshrc"
#fancy window title magic
case $TERM in
(*xterm* | *rxvt*)
# Write some info to terminal title.
# This is seen when the shell prompts for input.
function precmd {
print -Pn "\e]0;%(1j,%j job%(2j|s|); ,)%~\a"
}
# Write command and args to terminal title.
# This is seen while the shell waits for a command to complete.
function preexec {
printf "\033]0;%s\a" "$1"
}
;;
esac
'';
promptInit = ''
# TODO: figure out why we need to set this here
@ -97,26 +82,59 @@
autoload -U promptinit
promptinit
error='%(?..%F{red}%?%f )'
p_error='%(?..%F{red}%?%f )'
t_error='%(?..%? )'
case $UID in
0)
username='%F{red}root%f '
p_username='%F{red}root%f'
t_username='root'
;;
1337)
username=""
p_username=""
t_username=""
;;
*)
username='%F{blue}%n%f '
p_username='%F{blue}%n%f'
t_username='%n'
;;
esac
if test -n "$SSH_CLIENT"; then
PROMPT="$error$username@%F{magenta}%M%f %~ "
p_hostname='@%F{magenta}%M%f '
t_hostname='@%M '
else
PROMPT="$error$username%~ "
p_hostname=""
t_hostname=""
fi
#check if in nix shell
if test -n "$buildInputs"; then
p_nixshell='%F{green}[s]%f '
t_nixshell='[s] '
else
p_nixshell=""
t_nixshell=""
fi
PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ "
TITLE="$t_error$t_username$t_hostname$t_nixshell%~"
case $TERM in
(*xterm* | *rxvt*)
function precmd {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED\007"
}
# This is seen while the shell waits for a command to complete.
function preexec {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
}
;;
esac
'';
};
users.users.mainUser.shell = "/run/current-system/sw/bin/zsh";
environment.shellAliases.ns = "nix-shell --command zsh";
users.defaultUserShell = "/run/current-system/sw/bin/zsh";
}

5
lass/source.nix
View File

@ -8,10 +8,7 @@ in
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "d202e30";
};
nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
secrets = getAttr builder {
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
lass.pass = {

16
makefu/1systems/gum/config.nix
View File

@ -109,6 +109,8 @@ in {
#}
{ # wireguard server
# opkg install wireguard luci-proto-wireguard
# TODO: networking.nat
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
@ -136,9 +138,23 @@ in {
allowedIPs = [ "10.244.0.3/32" ];
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
}
{
# x-test
allowedIPs = [ "10.244.0.4/32" ];
publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
}
{
# work-router
allowedIPs = [ "10.244.0.5/32" ];
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
}
];
};
}
{ # iperf3
networking.firewall.allowedUDPPorts = [ 5201 ];
networking.firewall.allowedTCPPorts = [ 5201 ];
}
];
makefu.dl-dir = "/var/download";

6
makefu/1systems/x/config.nix
View File

@ -61,7 +61,7 @@ with import <stockholm/lib>;
<stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/wwan.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix>
# Filesystem
@ -86,6 +86,7 @@ with import <stockholm/lib>;
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ pkgs.passwdqc-utils ];
# configure pulseAudio to provide a HDMI sink as well
@ -103,7 +104,4 @@ with import <stockholm/lib>;
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
nix.package = pkgs.nixUnstable;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
}

18
makefu/2configs/deployment/photostore.krebsco.de.nix
View File

@ -26,14 +26,16 @@ in {
services.nginx = {
enable = mkDefault true;
virtualHosts."photostore.krebsco.de" = {
locations = {
"/".extraConfig = ''
uwsgi_pass unix://${wsgi-sock};
uwsgi_param UWSGI_CHDIR ${workdir};
uwsgi_param UWSGI_MODULE cuserver.main;
uwsgi_param UWSGI_CALLABLE app;
include ${pkgs.nginx}/conf/uwsgi_params;
'';
enableACME = true;
forceSSL = true;
locations = {
"/".extraConfig = ''
uwsgi_pass unix://${wsgi-sock};
uwsgi_param UWSGI_CHDIR ${workdir};
uwsgi_param UWSGI_MODULE cuserver.main;
uwsgi_param UWSGI_CALLABLE app;
include ${pkgs.nginx}/conf/uwsgi_params;
'';
};
};
};

9
makefu/2configs/git/cgit-retiolum.nix
View File

@ -53,15 +53,6 @@ let
make-krebs-repo = with git; name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = config.krebs.build.host.name == "gum";
channel = "#xxx";
# TODO remove the hardcoded hostname
server = "irc.r";
};
};
};

13
makefu/2configs/hw/stk1160.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, lib, ... }:
{
# TODO: un-pin linuxPackages somehow
nixpkgs.config.packageOverrides = pkgs: {
linux_4_14 = pkgs.linux_4_14.override {
extraConfig = ''
MEDIA_ANALOG_TV_SUPPORT y
VIDEO_STK1160_COMMON m
VIDEO_STK1160 m
'';
};
};
}

4
tv/2configs/vim.nix
View File

@ -297,7 +297,7 @@ let {
viminfo = "$HOME/.cache/vim/info";
};
mkdirs = let
need-dirs = let
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
in assert out != ""; out;
alldirs = attrValues dirs ++ map dirOf (attrValues files);
@ -308,7 +308,7 @@ let {
paths = [
(pkgs.writeDashBin "vim" ''
set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString need-dirs})
exec ${pkgs.vim}/bin/vim "$@"
'')
pkgs.vim