Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of prism:stockholm

Browse Source
This commit is contained in:
nin 2018-05-02 15:13:40 +02:00
commit 689fb1a77a
157 changed files with 4072 additions and 3258 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
default.nix
View File

@ -3,3 +3,20 @@ import <nixpkgs/nixos/lib/eval-config.nix> {
(import <nixpkgs/nixos/lib/from-env.nix> "NIXOS_CONFIG" <nixos-config>)
];
}
//
{
lib = import ./lib;
systems = with import ./lib; let
ns = getEnv "LOGNAME";
in
genAttrs
(attrNames (filterAttrs (_: eq "directory") (readDir (<stockholm> + "/${ns}/1systems"))))
(name: let
config = import (<stockholm> + "/${ns}/1systems/${name}/config.nix");
source = import (<stockholm> + "/${ns}/1systems/${name}/source.nix");
in import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [ config ];
} // {
inherit source;
});
}

124
jeschli/1systems/bln/config.nix
View File

@ -1,42 +1,19 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
# bln config file
{
imports =
[ # Include the results of the hardware scan.
<stockholm/jeschli>
[ <stockholm/jeschli>
<stockholm/jeschli/2configs/virtualbox.nix>
<stockholm/jeschli/2configs/urxvt.nix>
<stockholm/jeschli/2configs/emacs.nix>
./hardware-configuration.nix
# ./dcso-vpn.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
jeschliFontSize = 20;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.loader.grub.extraEntries = ''
menuentry "Debian GNU/Linux, kernel 4.9.0-4-amd64" {
search --set=drive1 --fs-uuid f169fd32-bf96-4da0-bc34-294249ffa606
linux ($drive1)/vmlinuz-4.9.0-4-amd64 root=/dev/mapper/pool-debian ro
initrd ($drive1)/initrd.img-4.9.0-4-amd64
}
'';
boot.initrd.luks.devices = [
{
name = "root";
device = "/dev/disk/by-uuid/cba5d550-c3c8-423e-a913-14b5210bdd32";
preLVM = true;
allowDiscards = true;
}
];
environment.shellAliases = {
n = "nix-shell";
gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
@ -46,23 +23,13 @@
LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"'
'';
};
networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname.
networking.hostName = lib.mkForce "BLN02NB0232";
networking.networkmanager.enable = true;
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
time.timeZone = "Europe/Berlin";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
# Setup Packages
nixpkgs.config.allowUnfree = true;
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
environment.systemPackages = with pkgs; [
@ -85,7 +52,7 @@
emacs
# databases
sqlite
# internet
# internet
thunderbird
hipchat
chromium
@ -114,79 +81,44 @@
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.bash.enableCompletion = true;
programs.vim.defaultEditor = true;
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
services.printing.enable = true;
services.printing.drivers = [ pkgs.postscript-lexmark ];
# Enable the X11 windowing system.
services.xserver.enable = true;
# services.xserver.xrandrHeads = [
# { output = "eDP1"; }
# { output = "DP-2-2-8"; primary = true; }
# { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; }
# ];
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
services.xserver.videoDrivers = [ "nvidia" ];
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.lightdm.enable = true;
services.xserver.windowManager.xmonad.enable = true;
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
# services.xserver.desktopManager.gnome3.enable = true;
# services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.sddm.enable = true;
#services.xserver.desktopManager.plasma5.enable = true;
# services.xserver.displayManager.sessionCommands = ''
# (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off
#'';
services.xserver.dpi = 100;
fonts.fontconfig.dpi = 100;
# Define a user account. Don't forget to set a password with passwd.
users.extraUsers.markus = {
users.extraUsers.jeschli = {
isNormalUser = true;
extraGroups = ["docker"];
extraGroups = ["docker" "vboxusers"];
uid = 1000;
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "17.09"; # Did you read the comment?
system.stateVersion = "17.09";
# Gogland Debugger workaround
# nixpkgs.config.packageOverrides = super: {
# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: {
# postFixup = ''
# interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
# '';
# });
# };
# nixpkgs.config.packageOverrides = super: {
# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: {
# postFixup = ''
# interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
# '';
# });
# };
# virtualisation.docker.enable = true;
virtualisation.docker.enable = true;
# DCSO Certificates
security.pki.certificateFiles = [
@ -197,7 +129,7 @@
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
];
];
hardware.bluetooth.enable = true;
krebs.build.host = config.krebs.hosts.bln;

25
jeschli/1systems/bln/hardware-configuration.nix
View File

@ -1,6 +1,3 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
@ -8,27 +5,29 @@
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d";
fileSystems."/" =
{ device = "/dev/disk/by-uuid/02144ea4-947d-440e-bbf9-99cab0dccf05";
{ device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/f169fd32-bf96-4da0-bc34-294249ffa606";
fsType = "ext2";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/68ef2163-7b3d-4dbb-add9-d3543ad7c738";
fsType = "ext4";
{ device = "/dev/disk/by-uuid/927E-01A0";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = "powersave";
}

1
jeschli/1systems/bolide/config.nix
View File

@ -10,6 +10,7 @@
./hardware-configuration.nix
<stockholm/jeschli>
<stockholm/jeschli/2configs/urxvt.nix>
<stockholm/jeschli/2configs/emacs.nix>
];
krebs.build.host = config.krebs.hosts.bolide;

31
jeschli/1systems/brauerei/config.nix
View File

@ -5,6 +5,9 @@
<stockholm/jeschli>
./hardware-configuration.nix
<stockholm/jeschli/2configs/urxvt.nix>
<stockholm/jeschli/2configs/emacs.nix>
<stockholm/jeschli/2configs/xdg.nix>
<stockholm/jeschli/2configs/xserver>
];
krebs.build.host = config.krebs.hosts.brauerei;
@ -56,7 +59,6 @@
terminator
tmux
wget
# rxvt_unicode
# editors
emacs
# internet
@ -64,6 +66,7 @@
chromium
google-chrome
# programming languages
exercism
go
gcc
ghc
@ -72,6 +75,9 @@
# go tools
golint
gotools
# rust
cargo
rustc
# dev tools
gnumake
jetbrains.pycharm-professional
@ -104,8 +110,8 @@
# services.printing.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "us";
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
@ -114,18 +120,18 @@
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.xserver.windowManager.xmonad.enable = true;
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
#
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.windowManager.xmonad.enable = true;
# services.xserver.windowManager.xmonad.enableContribAndExtras = true;
#
# Define a user account. Don't forget to set a password with passwd.
users.extraUsers.jeschli = {
users.extraUsers.jeschli = { # TODO: define as krebs.users
isNormalUser = true;
uid = 1000;
};
users.extraUsers.jamie = {
isNormalUser = true;
uid = 1001;
uid = 1001; # TODO genid
};
users.users.root.openssh.authorizedKeys.keys = [
@ -138,4 +144,11 @@
# should.
system.stateVersion = "17.09"; # Did you read the comment?
hardware.trackpoint = {
enable = true;
sensitivity = 220;
speed = 0;
emulateWheel = true;
};
}

74
jeschli/2configs/emacs.nix Normal file
View File

@ -0,0 +1,74 @@
{ config, pkgs, ... }:
let
packageRepos = ''
(require 'package) ;; You might already have this line
(let* ((no-ssl (and (memq system-type '(windows-nt ms-dos))
(not (gnutls-available-p))))
(url (concat (if no-ssl "http" "https") "://melpa.org/packages/")))
(add-to-list 'package-archives (cons "melpa" url) t)
(add-to-list 'package-archives
'("org" . "http://orgmode.org/elpa/") t)
)
(when (< emacs-major-version 24)
;; For important compatibility libraries like cl-lib
(add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/")))
(package-initialize)
'';
evilMode = ''
;; Evil Mode
(add-to-list 'load-path "~/.emacs.d/evil")
(require 'evil)
(evil-mode 1)
(require 'evil-org)
(add-hook 'org-mode-hook 'evil-org-mode)
(evil-org-set-key-theme '(navigation insert textobjects additional calendar))
(require 'evil-org-agenda)
(evil-org-agenda-set-keys)
'';
windowCosmetics = ''
(tool-bar-mode -1) ; Disable the button bar atop screen
(scroll-bar-mode -1) ; Disable scroll bar
(setq inhibit-startup-screen t) ; Disable startup screen with graphics
(setq-default indent-tabs-mode nil) ; Use spaces instead of tabs
(setq default-tab-width 2) ; Two spaces is a tab
(setq tab-width 2) ; Four spaces is a tab
(setq visible-bell nil) ; Disable annoying visual bell graphic
(setq ring-bell-function 'ignore) ; Disable super annoying audio bell
'';
orgMode = ''
(add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode))
(global-set-key "\C-cl" 'org-store-link)
(global-set-key "\C-ca" 'org-agenda)
(global-set-key "\C-cb" 'org-iswitchb)
(if (boundp 'org-user-agenda-files)
(setq org-agenda-files org-user-agenda-files)
(setq org-agenda-files (quote ("~/projects/notes")))
)
'';
recentFiles = ''
(recentf-mode 1)
(setq recentf-max-menu-items 25)
(global-set-key "\C-x\ \C-r" 'recentf-open-files)
'';
dotEmacs = pkgs.writeText "dot-emacs" ''
${packageRepos}
${orgMode}
${recentFiles}
${windowCosmetics}
'';
emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
epkgs.melpaStablePackages.magit
epkgs.melpaPackages.mmm-mode
epkgs.melpaPackages.nix-mode
epkgs.melpaPackages.go-mode
epkgs.melpaPackages.google-this
]);
myEmacs = pkgs.writeDashBin "my-emacs" ''
exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} "$@"
'';
in {
environment.systemPackages = [
myEmacs
];
}

2
jeschli/2configs/virtualbox.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.markus;
mainUser = config.users.extraUsers.jeschli;
in {
#services.virtualboxHost.enable = true;

14
jeschli/2configs/xdg.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
systemd.tmpfiles.rules = let
forUsers = flip map users;
isUser = { name, group, ... }:
name == "root" || hasSuffix "users" group;
users = filter isUser (mapAttrsToList (_: id) config.users.users);
in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -");
}

27
jeschli/2configs/xserver/Xmodmap.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
pkgs.writeText "Xmodmap" ''
!keycode 66 = Caps_Lock
!remove Lock = Caps_Lock
clear Lock
! caps lock
keycode 66 = Mode_switch
keycode 13 = 4 dollar EuroSign cent
keycode 30 = u U udiaeresis Udiaeresis
keycode 32 = o O odiaeresis Odiaeresis
keycode 38 = a A adiaeresis Adiaeresis
keycode 39 = s S ssharp
keycode 33 = p P Greek_pi Greek_PI
keycode 46 = l L Greek_lambda Greek_LAMBDA
keycode 54 = c C cacute Cacute
! BULLET OPERATOR
keycode 17 = 8 asterisk U2219
keycode 27 = r R r U211D
''

52
jeschli/2configs/xserver/Xresources.nix Normal file
View File

@ -0,0 +1,52 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
pkgs.writeText "Xresources" /* xdefaults */ ''
URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}"
URxvt*eightBitInput: false
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
URxvt*scrollBar: false
URxvt*background: #050505
URxvt*foreground: #d0d7d0
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
URxvt*jumpScroll: true
URxvt*allowSendEvents: false
URxvt*charClass: 33:48,37:48,45-47:48,64:48,38:48,61:48,63:48
URxvt*cutNewline: False
URxvt*cutToBeginningOfLine: False
URxvt*color0: #232342
URxvt*color3: #c07000
URxvt*color4: #4040c0
URxvt*color7: #c0c0c0
URxvt*color8: #707070
URxvt*color9: #ff6060
URxvt*color10: #70ff70
URxvt*color11: #ffff70
URxvt*color12: #7070ff
URxvt*color13: #ff50ff
URxvt*color14: #70ffff
URxvt*color15: #ffffff
URxvt*iso14755: False
URxvt*urgentOnBell: True
URxvt*visualBell: True
! ref https://github.com/muennich/urxvt-perls
URxvt*perl-ext: default,url-select
URxvt*keysym.M-u: perl:url-select:select_next
URxvt*url-select.underline: true
URxvt*colorUL: #4682B4
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt*saveLines: 10000
root-urxvt*background: #230000
root-urxvt*foreground: #e0c0c0
root-urxvt*BorderColor: #400000
root-urxvt*color0: #800000
''

141
jeschli/2configs/xserver/default.nix Normal file
View File

@ -0,0 +1,141 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
cfg = {
cacheDir = cfg.dataDir;
configDir = "/var/empty";
dataDir = "/run/xdg/${cfg.user.name}/xmonad";
user = config.krebs.users.jeschli;
};
in {
environment.systemPackages = [
pkgs.font-size
pkgs.gitAndTools.qgit
pkgs.mpv
pkgs.sxiv
pkgs.xdotool
pkgs.xsel
pkgs.zathura
];
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
# TODO dedicated group, i.e. with a single user [per-user-setuid]
# TODO krebs.setuid.slock.path vs /run/wrappers/bin
krebs.setuid.slock = {
filename = "${pkgs.slock}/bin/slock";
group = "wheel";
envp = {
DISPLAY = ":${toString config.services.xserver.display}";
USER = cfg.user.name;
};
};
services.xserver = {
# Don't install feh into systemPackages
# refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
desktopManager.session = mkForce [];
enable = true;
display = 11;
tty = 11;
synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
};
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
XMONAD_CACHE_DIR = cfg.cacheDir;
XMONAD_CONFIG_DIR = cfg.configDir;
XMONAD_DATA_DIR = cfg.dataDir;
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} &
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
wait
'';
# XXX JSON is close enough :)
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
"dashboard" # we start here
"stockholm"
"pycharm"
"chromium"
"iRC"
"git"
"hipbird"
]);
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [
"\${XMONAD_CACHE_DIR}"
"\${XMONAD_CONFIG_DIR}"
"\${XMONAD_DATA_DIR}"
]}";
ExecStart = "${pkgs.xmonad-jeschli}/bin/xmonad";
ExecStop = "${pkgs.xmonad-jeschli}/bin/xmonad --shutdown";
User = cfg.user.name;
WorkingDirectory = cfg.user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString config.services.xserver.display}"
"vt${toString config.services.xserver.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
];
};
};
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = cfg.user.name;
};
};
}

40
jeschli/2configs/xserver/xserver.conf.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

11
jeschli/5pkgs/default.nix Normal file
View File

@ -0,0 +1,11 @@
with import <stockholm/lib>;
self: super:
# Import files and subdirectories like they are overlays.
foldl' mergeAttrs {}
(map
(name: import (./. + "/${name}") self super)
(filter
(name: name != "default.nix" && !hasPrefix "." name)
(attrNames (readDir ./.))))

24
jeschli/5pkgs/simple/default.nix Normal file
View File

@ -0,0 +1,24 @@
with import <stockholm/lib>;
self: super:
let
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
override = self.callPackage path args;
upstream = optionalAttrs (override ? "name")
(super.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
override ? "name" &&
compareVersions upstream.name override.name != -1
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
else override;
in
listToAttrs
(map
(name: nameValuePair (removeSuffix ".nix" name)
(callPackage (./. + "/${name}") {}))
(filter
(name: name != "default.nix" && !hasPrefix "." name)
(attrNames (readDir ./.))))

294
jeschli/5pkgs/simple/xmonad-jeschli/default.nix Normal file
View File

@ -0,0 +1,294 @@
{ pkgs, ... }:
pkgs.writeHaskell "xmonad-jeschli" {
executables.xmonad = {
extra-depends = [
"containers"
"extra"
"unix"
"X11"
"xmonad"
"xmonad-contrib"
"xmonad-stockholm"
];
text = /* haskell */ ''
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE ScopedTypeVariables #-}
module Main where
import Control.Exception
import Control.Monad.Extra (whenJustM)
import Graphics.X11.ExtraTypes.XF86
import Text.Read (readEither)
import XMonad
import System.IO (hPutStrLn, stderr)
import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv)
import System.Posix.Process (executeFile)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
, removeEmptyWorkspace)
import XMonad.Actions.GridSelect
import XMonad.Actions.CycleWS (toggleWS)
--import XMonad.Actions.CopyWindow ( copy )
import XMonad.Layout.NoBorders ( smartBorders )
import qualified XMonad.StackSet as W
import Data.Map (Map)
import qualified Data.Map as Map
-- TODO import XMonad.Layout.WorkspaceDir
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
-- import XMonad.Layout.Tabbed
--import XMonad.Layout.MouseResizableTile
import XMonad.Layout.Reflect (reflectVert)
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
import XMonad.Layout.PerWorkspace (onWorkspace)
--import XMonad.Layout.BinarySpacePartition
--import XMonad.Actions.Submap
import XMonad.Stockholm.Pager
import XMonad.Stockholm.Rhombus
import XMonad.Stockholm.Shutdown
amixerPath :: FilePath
amixerPath = "${pkgs.alsaUtils}/bin/amixer"
urxvtcPath :: FilePath
urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc"
myFont :: String
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
main :: IO ()
main = getArgs >>= \case
["--shutdown"] -> sendShutdownEvent
_ -> mainNoArgs
mainNoArgs :: IO ()
mainNoArgs = do
workspaces0 <- getWorkspaces0
xmonad
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
-- urgencyConfig { remindWhen = Every 1 }
-- $ withUrgencyHook borderUrgencyHook "magenta"
-- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def
{ terminal = urxvtcPath
, modMask = mod4Mask
, keys = myKeys
, workspaces = workspaces0
, layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
--, handleEventHook = handleTimerEvent
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook =
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing)
, normalBorderColor = "#1c1c1c"
, focusedBorderColor = "#f000b0"
, handleEventHook = handleShutdownEvent
}
getWorkspaces0 :: IO [String]
getWorkspaces0 =
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
Left e -> warn (displaySomeException e)
Right p -> try (readFile p) >>= \case
Left e -> warn (displaySomeException e)
Right x -> case readEither x of
Left e -> warn e
Right y -> return y
where
warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
displaySomeException :: SomeException -> String
displaySomeException = displayException
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
forkFile path args env =
xfork (executeFile path False args env) >> return ()
spawnRootTerm :: X ()
spawnRootTerm =
forkFile
urxvtcPath
["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"]
Nothing
spawnTermAt :: String -> X ()
spawnTermAt ws = do
env <- liftIO getEnvironment
let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
forkFile urxvtcPath [] (Just env')
myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
myKeys conf = Map.fromList $
[ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing)
, ((_4S , xK_c ), kill)
, ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing)
, ((_4 , xK_x ), chooseAction spawnTermAt)
, ((_4C , xK_x ), spawnRootTerm)
--, ((_4 , xK_F1 ), withFocused jojo)
--, ((_4 , xK_F1 ), printAllGeometries)
, ((0 , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
, ((_S , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
, ((_C , xK_Print ), toggleWS)
, ((_4 , xK_Print ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] )
-- %! Rotate through the available layout algorithms
, ((_4 , xK_space ), sendMessage NextLayout)
, ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout
---- BinarySpacePartition
--, ((_4 , xK_l), sendMessage $ ExpandTowards R)
--, ((_4 , xK_h), sendMessage $ ExpandTowards L)
--, ((_4 , xK_j), sendMessage $ ExpandTowards D)
--, ((_4 , xK_k), sendMessage $ ExpandTowards U)
--, ((_4S , xK_l), sendMessage $ ShrinkFrom R)
--, ((_4S , xK_h), sendMessage $ ShrinkFrom L)
--, ((_4S , xK_j), sendMessage $ ShrinkFrom D)
--, ((_4S , xK_k), sendMessage $ ShrinkFrom U)
--, ((_4 , xK_n), sendMessage Rotate)
--, ((_4S , xK_n), sendMessage Swap)
---- mouseResizableTile
--, ((_4 , xK_u), sendMessage ShrinkSlave)
--, ((_4 , xK_i), sendMessage ExpandSlave)
-- move focus up or down the window stack
--, ((_4 , xK_m ), windows W.focusMaster)
, ((_4 , xK_j ), windows W.focusDown)
, ((_4 , xK_k ), windows W.focusUp)
-- modifying the window order
, ((_4S , xK_m ), windows W.swapMaster)
, ((_4S , xK_j ), windows W.swapDown)
, ((_4S , xK_k ), windows W.swapUp)
-- resizing the master/slave ratio
, ((_4 , xK_h ), sendMessage Shrink) -- %! Shrink the master area
, ((_4 , xK_l ), sendMessage Expand) -- %! Expand the master area
-- floating layer support
, ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling
-- increase or decrease number of windows in the master area
, ((_4 , xK_comma ), sendMessage $ IncMasterN 1)
, ((_4 , xK_period ), sendMessage $ IncMasterN (-1))
, ((_4 , xK_a ), addWorkspacePrompt def)
, ((_4 , xK_r ), renameWorkspace def)
, ((_4 , xK_Delete ), removeEmptyWorkspace)
, ((_4 , xK_Return ), toggleWS)
--, (0 , xK_Print ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
--, (_4 , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
--, (_4S , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.shift)
--, (_4 , xK_b ) & \k -> (k, goToSelected wGSConfig { gs_navigate = makeGSNav k })
, ((noModMask, xF86XK_AudioLowerVolume), amixer ["sset", "Master", "5%-"])
, ((noModMask, xF86XK_AudioRaiseVolume), amixer ["sset", "Master", "5%+"])
, ((noModMask, xF86XK_AudioMute), amixer ["sset", "Master", "toggle"])
]
where
_4 = mod4Mask
_C = controlMask
_S = shiftMask
_M = mod1Mask
_4C = _4 .|. _C
_4S = _4 .|. _S
_4M = _4 .|. _M
_4CM = _4 .|. _C .|. _M
_4SM = _4 .|. _S .|. _M
amixer args = forkFile amixerPath args Nothing
pagerConfig :: PagerConfig
pagerConfig = def
{ pc_font = myFont
, pc_cellwidth = 64
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
--, pc_borderwidth = 1
--, pc_matchcolor = "#f0b000"
, pc_matchmethod = MatchPrefix
--, pc_colors = pagerWorkspaceColors
, pc_windowColors = windowColors
}
where
windowColors _ _ _ True _ = ("#ef4242","#ff2323")
windowColors wsf m c u wf = do
let y = defaultWindowColors wsf m c u wf
if m == False && wf == True
then ("#402020", snd y)
else y
horseConfig :: RhombusConfig
horseConfig = def
{ rc_font = myFont
, rc_cellwidth = 64
--, rc_cellheight = 36 -- TODO automatically keep screen aspect
--, rc_borderwidth = 1
--, rc_matchcolor = "#f0b000"
, rc_matchmethod = MatchPrefix
--, rc_colors = pagerWorkspaceColors
--, rc_paint = myPaint
}
wGSConfig :: GSConfig Window
wGSConfig = def
{ gs_cellheight = 20
, gs_cellwidth = 192
, gs_cellpadding = 5
, gs_font = myFont
, gs_navigate = navNSearch
}
-- wsGSConfig = def
-- { gs_cellheight = 20
-- , gs_cellwidth = 64
-- , gs_cellpadding = 5
-- , gs_font = myFont
-- , gs_navigate = navNSearch
-- }
-- custom navNSearch
--makeGSNav :: (KeyMask, KeySym) -> TwoD a (Maybe a)
--makeGSNav esc = nav
-- where
-- nav = makeXEventhandler $ shadowWithKeymap keyMap navNSearchDefaultHandler
-- keyMap = Map.fromList
-- [ (esc , cancel)
-- , ((0,xK_Escape) , cancel)
-- , ((0,xK_Return) , select)
-- , ((0,xK_Left) , move (-1, 0) >> nav)
-- , ((0,xK_Right) , move ( 1, 0) >> nav)
-- , ((0,xK_Down) , move ( 0, 1) >> nav)
-- , ((0,xK_Up) , move ( 0,-1) >> nav)
-- , ((0,xK_BackSpace) , transformSearchString (\s -> if (s == "") then "" else init s) >> nav)
-- ]
-- -- The navigation handler ignores unknown key symbols, therefore we const
-- navNSearchDefaultHandler (_,s,_) = do
-- transformSearchString (++ s)
-- nav
(&) :: a -> (a -> c) -> c
(&) = flip ($)
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
allWorkspaceNames ws =
return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
'';
};
}

6
jeschli/default.nix
View File

@ -1,9 +1,9 @@
_:
{ pkgs, ... }:
{
imports = [
../krebs
./2configs
# ./3modules
# ./5pkgs
];
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
}

5
jeschli/source.nix
View File

@ -13,10 +13,7 @@ in
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "0653b73";
};
nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
secrets.file = getAttr builder {
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
jeschli = "${getEnv "HOME"}/secrets/${name}";

1
krebs/1systems/hotdog/config.nix
View File

@ -21,4 +21,5 @@
boot.isContainer = true;
networking.useDHCP = false;
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
environment.variables.NIX_REMOTE = "daemon";
}

44
krebs/1systems/onebutton/config.nix Normal file
View File

@ -0,0 +1,44 @@
{ config, pkgs, lib, ... }:
{
imports = [
<stockholm/krebs>
<stockholm/krebs/2configs>
{ # minimal disk usage
environment.noXlibs = true;
nix.gc.automatic = true;
nix.gc.dates = "03:10";
programs.info.enable = false;
programs.man.enable = false;
services.journald.extraConfig = "SystemMaxUse=50M";
services.nixosManual.enable = false;
}
];
krebs.build.host = config.krebs.hosts.onebutton;
# NixOS wants to enable GRUB by default
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
# !!! If your board is a Raspberry Pi 1, select this:
boot.kernelPackages = pkgs.linuxPackages_rpi;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
# !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
# boot.kernelParams = ["cma=32M"];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
services.openssh.enable = true;
}

16
krebs/1systems/onebutton/source.nix Normal file
View File

@ -0,0 +1,16 @@
with import <stockholm/lib>;
let
pkgs = import <nixpkgs> {};
nixpkgs = pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs-channels";
rev = "6c064e6b"; # only binary cache for unstable arm6
sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd";
};
in import <stockholm/krebs/source.nix> {
name = "onebutton";
override.nixpkgs = mkForce {
file = toString nixpkgs;
};
}

1
krebs/2configs/buildbot-all.nix
View File

@ -5,6 +5,5 @@ with import <stockholm/lib>;
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
krebs.ci.tests = [ "deploy" ];
}

3
krebs/2configs/news-spam.nix
View File

@ -2,6 +2,7 @@
{
krebs.newsbot-js.news-spam = {
urlShortenerHost = "go.lassul.us";
feeds = pkgs.writeText "feeds" ''
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
@ -120,7 +121,7 @@
[SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
[SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews
[SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
[SPAM]shackspace|http://blog.shackspace.de/?feed=rss2|#snews
[SPAM]shackspace|http://shackspace.de/atom.xml|#snews
[SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
[SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
[SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews

2
krebs/2configs/news.nix
View File

@ -11,7 +11,7 @@
painload|https://github.com/krebscode/painload/commits/master.atom|#news
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
shackspace|http://blog.shackspace.de/?feed=rss2|#news
shackspace|http://shackspace.de/atom.xml|#news
tinc|http://tinc-vpn.org/news/index.rss|#news
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
weechat|http://dev.weechat.org/feed/atom|#news

72
krebs/2configs/shack/worlddomination.nix
View File

@ -2,8 +2,56 @@
with import <stockholm/lib>;
let
pkg = pkgs.stdenv.mkDerivation {
name = "worlddomination-2018-04-21";
src = pkgs.fetchgit {
url = "https://github.com/shackspace/worlddomination/";
rev = "1b32403b9";
sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i";
};
buildInputs = [
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
docopt
LinkHeader
aiocoap
grequests
paramiko
python
]))
];
installPhase = ''
install -m755 -D backend/push_led.py $out/bin/push-led
install -m755 -D backend/loop_single.py $out/bin/loop-single
# copy the provided file to the package
install -m755 -D backend/wd.lst $out/${wdpath}
'';
};
pythonPackages = pkgs.python3Packages;
# https://github.com/chrysn/aiocoap
grequests = pythonPackages.buildPythonPackage rec {
pname = "grequests";
version = "0.3.1";
name = "${pname}-${version}";
src = pkgs.fetchFromGitHub {
owner = "kennethreitz";
repo = "grequests";
rev = "d1e70eb";
sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc";
};
doCheck = false;
propagatedBuildInputs = with pythonPackages; [ requests gevent ];
meta = with lib;{
description = "Asynchronous HTTP requests";
homepage = https://github.com/kennethreitz/grequests;
license = with licenses; [ bsd2 ];
maintainers = with maintainers; [ matejc ];
};
};
aiocoap = pythonPackages.buildPythonPackage {
name = "aiocoap-0.3";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
@ -25,30 +73,6 @@ let
description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
};
};
pkg = pkgs.stdenv.mkDerivation {
name = "worlddomination-2017-06-10";
src = pkgs.fetchgit {
url = "https://github.com/shackspace/worlddomination/";
rev = "72fc9b5";
sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf";
};
buildInputs = [
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
docopt
LinkHeader
aiocoap
requests
paramiko
python
]))
];
installPhase = ''
install -m755 -D backend/push_led.py $out/bin/push-led
install -m755 -D backend/loop_single.py $out/bin/loop-single
# copy the provided file to the package
install -m755 -D backend/wd.lst $out/${wdpath}
'';
};
wdpath = "/usr/worlddomination/wd.lst";
esphost = "10.42.24.7"; # esp8266
timeout = 10; # minutes

31
krebs/3modules/krebs/default.nix
View File

@ -91,6 +91,37 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
};
onebutton = {
cores = 1;
owner = config.krebs.users.krebs;
nets = {
retiolum = {
ip4.addr = "10.243.0.101";
ip6.addr = "42:0:0:0:0:0:0:101";
aliases = [
"onebutton.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA11w6votRExwE0ZEiQmPa
9WGNsMfNAZEd14iHaHCZH7UPQEH+cH/T6isGPpaysindroMnqFe9mUf/cdYChb6N
aaFreApwGBQaJPUcdy4cfphrFpzmOClpOFuFbnV7ZvAk/wefBad3kUzsq/lK4HvB
7nPKeOB9kljphLrkzuLL/h2yOenMpO2ZdvwxyWN8HKmUNgvpBQjIr+Hka6cgy7Gp
pBVFHfSnad/eHeEvq91O/bHxrAxzH5N5DVagPDpkbiWYGl+0XVGP/h0CApr15Ael
+j2pJYc0ZlaXIp4KmNRqbd/fLe52JLrWbnFX4rRuY/DhoMqK8kjECEZ7gLiNSpCC
KlnlJ2LXX9c+d79ubzl5yLAJ3d6T4IJqkbAWJDuCrj821M9ZDk/qZwerayhrrvkF
tMYkQoGSe8MvSOU0rTEoH5iSRwDC7M0XzUe4l8/yZLFyD4Prz/dq6coqANfk/tlE
DnH3vDu9lmFvYrLcd6yDWzFfI3mWDJoUa6AKKoScCOaCkRfIM4Aew0i73+h1nJLO
59AAbZIkDYyWs53QniIG4EQteI9y/9j/628nPAVj68V5oIN76RDXfFHWDWq4DxmU
PpGVmoIKcKZmnl7RrDomRVpuGMdyQ+kCzIGH3XYe12v8Y5beHZBrd3OajgHZ/Tfp
jP873cT6h0hsGm9glgOYho8CAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
};
puyak = {
ci = true;
owner = config.krebs.users.krebs;

134
krebs/3modules/lass/default.nix
View File

@ -9,6 +9,7 @@ with import <stockholm/lib>;
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass;
ci = true;
monitoring = true;
}) {
dishfire = {
cores = 4;
@ -43,39 +44,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
};
echelon = {
cores = 2;
nets = rec {
internet = {
ip4.addr = "64.137.242.41";
aliases = [
"echelon.i"
];
ssh.port = 45621;
};
retiolum = {
via = internet;
ip4.addr = "10.243.206.103";
ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763";
aliases = [
"echelon.r"
"cgit.echelon.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
};
prism = rec {
cores = 4;
extraZones = {
@ -86,14 +54,17 @@ with import <stockholm/lib>;
"lassul.us" = ''
$TTL 3600
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
60 IN NS ns16.ovh.net.
60 IN NS dns16.ovh.net.
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
60 IN TXT v=spf1 mx -all
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
60 IN NS ns16.ovh.net.
60 IN NS dns16.ovh.net.
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
60 IN TXT v=spf1 mx a:lassul.us -all
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
@ -149,6 +120,7 @@ with import <stockholm/lib>;
};
domsen-nas = {
ci = false;
monitoring = false;
external = true;
nets = rec {
internet = {
@ -161,6 +133,7 @@ with import <stockholm/lib>;
};
};
uriel = {
monitoring = false;
cores = 1;
nets = {
gg23 = {
@ -399,10 +372,12 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
};
iso = {
monitoring = false;
ci = false;
cores = 1;
};
sokrateslaptop = {
monitoring = false;
ci = false;
external = true;
nets = {
@ -426,6 +401,7 @@ with import <stockholm/lib>;
};
};
turingmachine = {
monitoring = false;
ci = false;
external = true;
nets = {
@ -454,6 +430,7 @@ with import <stockholm/lib>;
};
};
eddie = {
monitoring = false;
ci = false;
external = true;
nets = rec {
@ -494,6 +471,7 @@ with import <stockholm/lib>;
};
};
borg = {
monitoring = false;
ci = false;
external = true;
nets = {
@ -521,6 +499,7 @@ with import <stockholm/lib>;
};
};
inspector = {
monitoring = false;
ci = false;
external = true;
nets = rec {
@ -552,6 +531,7 @@ with import <stockholm/lib>;
};
};
dpdkm = {
monitoring = false;
ci = false;
external = true;
nets = rec {
@ -618,6 +598,78 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
};
cabal = {
cores = 2;
nets = rec {
retiolum = {
ip4.addr = "10.243.1.4";
ip6.addr = "42::1:4";
aliases = [
"cabal.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
};
red = {
monitoring = false;
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.0.13";
ip6.addr = "42:0:0:0:0:0:0:12ed";
aliases = [
"red.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
};
};
users = {
lass = {

1
krebs/3modules/makefu/default.nix
View File

@ -539,6 +539,7 @@ with import <stockholm/lib>;
dl.euer IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}

1
krebs/3modules/newsbot-js.nix
View File

@ -93,6 +93,7 @@ let
User = "newsbot-js";
Restart = "always";
ExecStart = "${newsbot.package}/bin/newsbot";
WatchdogSec = "86400";
};
}
) cfg;

7
krebs/3modules/os-release.nix
View File

@ -1,8 +1,11 @@
{ config, ... }:
with import <stockholm/lib>;
let
nixos-version-id = "${config.system.nixosVersion}";
nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})";
nixos-version-id = if (hasAttr "nixos" config.system) then
"${config.system.nixos.version}" else "${config.system.nixosVersion}";
nixos-codeName = if (hasAttr "nixos" config.system) then
"${config.system.nixos.codeName}" else "${config.system.nixosCodeName}";
nixos-version = "${nixos-version-id} (${nixos-codeName})";
nixos-pretty-name = "NixOS ${nixos-version}";
stockholm-version-id = let

25
krebs/5pkgs/haskell/nix-diff/default.nix
View File

@ -1,25 +0,0 @@
{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl
, nix-derivation, optparse-generic, stdenv, system-filepath, text
, unix, vector
}:
mkDerivation {
pname = "nix-diff";
version = "1.0.0-krebs1";
src = fetchgit {
url = "https://github.com/Gabriel439/nix-diff";
sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k";
rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d";
};
patches = [
./nixos-system.patch
];
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
attoparsec base containers Diff mtl nix-derivation optparse-generic
system-filepath text unix vector
];
homepage = "https://github.com/Gabriel439/nix-diff";
description = "Explain why two Nix derivations differ";
license = stdenv.lib.licenses.bsd3;
}

18
krebs/5pkgs/haskell/nix-diff/nixos-system.patch
View File

@ -1,18 +0,0 @@
diff --git a/src/Main.hs b/src/Main.hs
index 959ab8e..d3b6077 100644
--- a/src/Main.hs
+++ b/src/Main.hs
@@ -95,7 +95,12 @@ pathToText path =
underneath `/nix/store`, but this is the overwhelmingly common use case
-}
derivationName :: FilePath -> Text
-derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText
+derivationName p =
+ if Data.Text.isPrefixOf "nixos-system" s
+ then "nixos-system"
+ else s
+ where
+ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p
-- | Group input derivations by their name
groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text))

23
krebs/5pkgs/simple/Reaktor/plugins.nix
View File

@ -120,11 +120,24 @@ rec {
url-title = (buildSimpleReaktorPlugin "url-title" {
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$";
path = with pkgs; [ curl perl ];
script = pkgs.writeDash "lambda-pl" ''
if [ "$#" -gt 0 ]; then
curl -SsL --max-time 5 "$1" |
perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si'
fi
script = pkgs.writePython3 [ "beautifulsoup4" "lxml" ] "url-title" ''
import sys
import urllib.request
from bs4 import BeautifulSoup
try:
soup = BeautifulSoup(urllib.request.urlopen(sys.argv[1]), "lxml")
title = soup.find('title').string
if title:
if len(title) > 512:
print('message to long, skipped')
elif len(title.split('\n')) > 5:
print('to many lines, skipped')
else:
print(title)
except: # noqa: E722
pass
'';
});

17
krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
View File

@ -18,20 +18,27 @@ def is_regex(line):
myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$')
return myre.match(line)
line = argv[1]
if is_regex(line):
last = d.get(usr, None)
if last:
from subprocess import Popen, PIPE
p = Popen(['sed', line], stdin=PIPE, stdout=PIPE)
p = Popen(['sed', line], stdin=PIPE, stdout=PIPE, stderr=PIPE)
so, se = p.communicate(bytes("{}\n".format(last), "UTF-8"))
if p.returncode:
print("something went wrong when trying to process your regex: {}".format(se.decode()))
print("something went wrong when trying to process your regex: {}".format(line.strip()))
ret = so.decode()
print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
if ret:
d[usr] = ret
if len(ret) > 512:
print('message to long, skipped')
elif len(ret.split('\n')) > 5:
print('to many lines, skipped')
else:
if last.strip() != ret.strip():
print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
if ret:
d[usr] = ret
else:
print("no last message")

7
krebs/5pkgs/simple/buildbot-classic/default.nix
View File

@ -2,16 +2,15 @@
python2Packages.buildPythonApplication rec {
name = "buildbot-classic-${version}";
version = "0.8.14";
version = "0.8.16";
namePrefix = "";
patches = [];
src = fetchFromGitHub {
owner = "krebscode";
repo = "buildbot-classic";
# rev = "v${version}";
rev = "843463911";
sha256 = "1ybl52ybjw5p09yik6bck9i1pvnvg94i0d32zqrwy67s77yx1mfd";
rev = version;
sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha";
};
postUnpack = "sourceRoot=\${sourceRoot}/master";

123
krebs/5pkgs/simple/ejabberd/default.nix Normal file
View File

@ -0,0 +1,123 @@
{ stdenv, writeScriptBin, lib, fetchurl, git, cacert
, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
, flock
, withMysql ? false
, withPgsql ? false
, withSqlite ? false, sqlite
, withPam ? false, pam
, withZlib ? true, zlib
, withRiak ? false
, withElixir ? false, elixir
, withIconv ? true
, withTools ? false
, withRedis ? false
}:
let
fakegit = writeScriptBin "git" ''
#! ${stdenv.shell} -e
if [ "$1" = "describe" ]; then
[ -r .rev ] && cat .rev || true
fi
'';
ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ];
in stdenv.mkDerivation rec {
version = "18.01";
name = "ejabberd-${version}";
src = fetchurl {
url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6";
};
nativeBuildInputs = [ fakegit ];
buildInputs = [ erlang openssl expat libyaml gd ]
++ lib.optional withSqlite sqlite
++ lib.optional withPam pam
++ lib.optional withZlib zlib
++ lib.optional withElixir elixir
;
# Apparently needed for Elixir
LANG = "en_US.UTF-8";
deps = stdenv.mkDerivation {
name = "ejabberd-deps-${version}";
inherit src;
configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ];
nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ];
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
makeFlags = [ "deps" ];
phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ];
installPhase = ''
for i in deps/*; do
( cd $i
git reset --hard
git clean -ffdx
git describe --always --tags > .rev
rm -rf .git
)
done
rm deps/.got
cp -r deps $out
'';
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk";
};
configureFlags =
[ (lib.enableFeature withMysql "mysql")
(lib.enableFeature withPgsql "pgsql")
(lib.enableFeature withSqlite "sqlite")
(lib.enableFeature withPam "pam")
(lib.enableFeature withZlib "zlib")
(lib.enableFeature withRiak "riak")
(lib.enableFeature withElixir "elixir")
(lib.enableFeature withIconv "iconv")
(lib.enableFeature withTools "tools")
(lib.enableFeature withRedis "redis")
] ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}";
enableParallelBuilding = true;
patches = [
./ejabberdctl.patch
];
preBuild = ''
cp -r $deps deps
chmod -R +w deps
patchShebangs deps
'';
postInstall = ''
sed -i \
-e '2iexport PATH=${ctlpath}:$PATH' \
-e 's,\(^ *FLOCK=\).*,\1${flock}/bin/flock,' \
-e 's,\(^ *JOT=\).*,\1,' \
-e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
$out/sbin/ejabberdctl
'';
meta = with stdenv.lib; {
description = "Open-source XMPP application server written in Erlang";
license = licenses.gpl2;
homepage = http://www.ejabberd.im;
platforms = platforms.linux;
maintainers = with maintainers; [ sander abbradar ];
broken = withElixir;
};
}

32
krebs/5pkgs/simple/ejabberd/ejabberdctl.patch Normal file
View File

@ -0,0 +1,32 @@
--- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100
+++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200
@@ -42,19 +42,18 @@
esac
# parse command line parameters
-for arg; do
- case $arg in
- -n|--node) ERLANG_NODE_ARG=$2; shift;;
- -s|--spool) SPOOL_DIR=$2; shift;;
- -l|--logs) LOGS_DIR=$2; shift;;
- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;;
- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;;
- -d|--config-dir) ETC_DIR=$2; shift;;
- -t|--no-timeout) NO_TIMEOUT="--no-timeout";;
- --) :;;
+while test $# -gt 0; do
+ case $1 in
+ -n|--node) ERLANG_NODE_ARG=$2; shift 2;;
+ -s|--spool) SPOOL_DIR=$2; shift 2;;
+ -l|--logs) LOGS_DIR=$2; shift 2;;
+ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;;
+ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;;
+ -d|--config-dir) ETC_DIR=$2; shift 2;;
+ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;;
+ # --) :;; what is this for?
*) break;;
esac
- shift
done
# define ejabberd variables if not already defined from the command line

64
krebs/5pkgs/simple/electron-cash/default.nix
View File

@ -1,64 +0,0 @@
{ stdenv, fetchFromGitHub, python2Packages }:
python2Packages.buildPythonApplication rec {
name = "electron-cash-${src.rev}";
src = fetchFromGitHub {
owner = "fyookball";
repo = "electrum";
rev = "a2245ea";
sha256 = "1a0ym94azfd1yn97n2jcky344ajbj2amr9l6jpx30pqxndffpbgv";
};
propagatedBuildInputs = with python2Packages; [
dns
ecdsa
jsonrpclib
pbkdf2
pyaes
pycrypto
pyqt4
pysocks
qrcode
requests
tlslite
# plugins
keepkey
trezor
];
preBuild = ''
sed -i 's,usr_share = .*,usr_share = "'$out'/share",g' setup.py
pyrcc4 icons.qrc -o gui/qt/icons_rc.py
# Recording the creation timestamps introduces indeterminism to the build
sed -i '/Created: .*/d' gui/qt/icons_rc.py
'';
postInstall = ''
# Despite setting usr_share above, these files are installed under
# $out/nix ...
mv $out/lib/python2.7/site-packages/nix/store"/"*/share $out
rm -rf $out/lib/python2.7/site-packages/nix
substituteInPlace $out/share/applications/electron.desktop \
--replace "Exec=electrum %u" "Exec=$out/bin/electrum %u"
'';
doInstallCheck = true;
installCheckPhase = ''
$out/bin/electrum help >/dev/null
'';
meta = with stdenv.lib; {
description = "A lightweight Bitcoin wallet";
longDescription = ''
An easy-to-use Bitcoin client featuring wallets generated from
mnemonic seeds (in addition to other, more advanced, wallet options)
and the ability to perform transactions without downloading a copy
of the blockchain.
'';
homepage = https://electrum.org/;
license = licenses.mit;
};
}

26
krebs/5pkgs/simple/font-size.nix Normal file
View File

@ -0,0 +1,26 @@
{ writeDashBin }:
writeDashBin "font-size" ''
set -efu
# set_font NORMAL_FONT BOLD_FONT
set_font() {
printf '\033]710;%s\007' "$1"
printf '\033]711;%s\007' "$2"
}
case ''${1-} in
'''|0|--reset)
set_font \
-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 \
-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 \
;;
[1-9]|[1-9][0-9]|[1-9][0-9][0-9])
set_font \
xft:Monospace:size=$1 \
xft:Monospace:size=$1:bold \
;;
*)
echo "$0: bad argument: $1" >&2
exit 1
esac
''

46
krebs/5pkgs/simple/generate-secrets/default.nix Normal file
View File

@ -0,0 +1,46 @@
{ pkgs }:
pkgs.writeDashBin "generate-secrets" ''
HOSTNAME="$1"
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
cat <<EOF > $TMPDIR/hashedPasswords.nix
{
root = "$HASHED_PASSWORD";
}
EOF
cd $TMPDIR
for x in *; do
${pkgs.coreutils}/bin/cat $x | ${pkgs.brain}/bin/brain insert -m krebs-secrets/$HOSTNAME/$x > /dev/null
done
echo $PASSWORD | ${pkgs.brain}/bin/brain insert -m hosts/$HOSTNAME/root > /dev/null
cat <<EOF
$HOSTNAME = {
cores = 1;
owner = config.krebs.users.krebs;
nets = {
retiolum = {
ip4.addr = "10.243.0.changeme";
ip6.addr = "42:0:0:0:0:0:0:changeme";
aliases = [
"$HOSTNAME.r"
];
tinc.pubkey = ${"''"}
$(cat $TMPDIR/retiolum.rsa_key.pub)
${"''"};
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
};
EOF
rm -rf $TMPDIR
''

35
krebs/5pkgs/simple/go-shortener/default.nix
View File

@ -1,25 +1,26 @@
{ stdenv, makeWrapper, callPackage, lib, buildEnv, fetchgit, nodePackages, nodejs }:
{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-8_x, pkgs }:
with lib;
let
np = (callPackage <nixpkgs/pkgs/top-level/node-packages.nix>) {
generated = ./packages.nix;
self = np;
nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> {
inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile;
nodejs = nodejs-8_x;
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
};
node_env = buildEnv {
name = "node_env";
paths = [
np.redis
np."formidable"
];
pathsToLink = [ "/lib" ];
ignoreCollisions = true;
node_env = pkgs.buildEnv {
name = "go-node_env";
paths = attrValues (import ./node-packages.nix {
inherit (pkgs) fetchurl fetchgit;
inherit nodeEnv;
});
};
in np.buildNodePackage {
in stdenv.mkDerivation {
packageName = "go";
name = "go-shortener";
version = "0.0.0";
src = fetchgit {
url = "http://cgit.lassul.us/go/";
@ -32,10 +33,8 @@ in np.buildNodePackage {
"installPhase"
];
deps = (filter (v: nixType v == "derivation") (attrValues np));
buildInputs = [
nodejs
nodejs-8_x
makeWrapper
];
@ -44,14 +43,14 @@ in np.buildNodePackage {
cp index.js $out/
cat > $out/go << EOF
${nodejs}/bin/node $out/index.js
${nodejs-8_x}/bin/node $out/index.js
EOF
chmod +x $out/go
wrapProgram $out/go \
--prefix NODE_PATH : ${node_env}/lib/node_modules
ln -s $out/go /$out/bin/go
ln -s $out/go /$out/bin/go
'';
}

76
krebs/5pkgs/simple/go-shortener/node-packages.nix Normal file
View File

@ -0,0 +1,76 @@
# This file has been generated by node2nix 1.5.3. Do not edit!
{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}:
let
sources = {
"double-ended-queue-2.1.0-0" = {
name = "double-ended-queue";
packageName = "double-ended-queue";
version = "2.1.0-0";
src = fetchurl {
url = "https://registry.npmjs.org/double-ended-queue/-/double-ended-queue-2.1.0-0.tgz";
sha1 = "103d3527fd31528f40188130c841efdd78264e5c";
};
};
"redis-commands-1.3.5" = {
name = "redis-commands";
packageName = "redis-commands";
version = "1.3.5";
src = fetchurl {
url = "https://registry.npmjs.org/redis-commands/-/redis-commands-1.3.5.tgz";
sha512 = "2q8pai3gf0dczb03jjig3mpaz4j2kvw8icpgf8hp4fryr3d6c0mjkvxxdmlyhainybx4zhgqsw9ghc9p986alzdzd2n2p4cxvr8b0by";
};
};
"redis-parser-2.6.0" = {
name = "redis-parser";
packageName = "redis-parser";
version = "2.6.0";
src = fetchurl {
url = "https://registry.npmjs.org/redis-parser/-/redis-parser-2.6.0.tgz";
sha1 = "52ed09dacac108f1a631c07e9b69941e7a19504b";
};
};
};
in
{
formidable = nodeEnv.buildNodePackage {
name = "formidable";
packageName = "formidable";
version = "1.2.1";
src = fetchurl {
url = "https://registry.npmjs.org/formidable/-/formidable-1.2.1.tgz";
sha512 = "1x0n2rfaiasdjbw1mm7s29z84f68c7iji7lb1gkxvpknvv6q7bwns7z55ijcf4vkh4kvis12rbgaaih49jf9lj53s30mllb1d35bkqn";
};
buildInputs = globalBuildInputs;
meta = {
description = "A node.js module for parsing form data, especially file uploads.";
homepage = https://github.com/felixge/node-formidable;
license = "MIT";
};
production = true;
bypassCache = true;
};
redis = nodeEnv.buildNodePackage {
name = "redis";
packageName = "redis";
version = "2.8.0";
src = fetchurl {
url = "https://registry.npmjs.org/redis/-/redis-2.8.0.tgz";
sha512 = "3a3044ax6qdvss83xgjfx10h5q91ls0mwgs3wpsnxcdsiipq3cnmqzsh6glyq0r7vsmpw49jp84c2jnfrhi2bgycrkd9hhhf6ia8lrk";
};
dependencies = [
sources."double-ended-queue-2.1.0-0"
sources."redis-commands-1.3.5"
sources."redis-parser-2.6.0"
];
buildInputs = globalBuildInputs;
meta = {
description = "Redis client library";
homepage = https://github.com/NodeRedis/node_redis;
license = "MIT";
};
production = true;
bypassCache = true;
};
}

44
krebs/5pkgs/simple/go-shortener/packages.nix
View File

@ -1,44 +0,0 @@
{ self, fetchurl, fetchgit ? null, lib }:
{
by-spec."formidable"."*" =
self.by-version."formidable"."1.0.17";
by-version."formidable"."1.0.17" = self.buildNodePackage {
name = "formidable-1.0.17";
version = "1.0.17";
bin = false;
src = fetchurl {
url = "http://registry.npmjs.org/formidable/-/formidable-1.0.17.tgz";
name = "formidable-1.0.17.tgz";
sha1 = "ef5491490f9433b705faa77249c99029ae348559";
};
deps = {
};
optionalDependencies = {
};
peerDependencies = [];
os = [ ];
cpu = [ ];
};
"formidable" = self.by-version."formidable"."1.0.17";
by-spec."redis"."*" =
self.by-version."redis"."2.1.0";
by-version."redis"."2.1.0" = self.buildNodePackage {
name = "redis-2.1.0";
version = "2.1.0";
bin = false;
src = fetchurl {
url = "http://registry.npmjs.org/redis/-/redis-2.1.0.tgz";
name = "redis-2.1.0.tgz";
sha1 = "38acb208f90750250f9451219b73ff08ae907f94";
};
deps = {
};
optionalDependencies = {
};
peerDependencies = [];
os = [ ];
cpu = [ ];
};
"redis" = self.by-version."redis"."2.1.0";
}

4
krebs/5pkgs/simple/go-shortener/pkgs.json Normal file
View File

@ -0,0 +1,4 @@
[
"formidable",
"redis"
]

2
krebs/5pkgs/simple/go-shortener/update.sh Executable file
View File

@ -0,0 +1,2 @@
node2nix -8 -i pkgs.json -c combine.nix
rm node-env.nix combine.nix

4
krebs/5pkgs/simple/hashPassword/default.nix
View File

@ -1,7 +1,7 @@
{ lib, pkgs, ... }:
pkgs.writeDashBin "hashPassword" ''
# usage: hashPassword
# usage: hashPassword [...]
set -euf
export PATH=${lib.makeBinPath (with pkgs; [
@ -11,5 +11,5 @@ pkgs.writeDashBin "hashPassword" ''
])}
salt=$(openssl rand -base64 16 | tr -d '+=' | head -c 16)
exec mkpasswd -m sha-512 -S "$salt"
exec mkpasswd -m sha-512 -S "$salt" "$@"
''

7
krebs/5pkgs/simple/kops.nix Normal file
View File

@ -0,0 +1,7 @@
{ fetchgit, ... }:
fetchgit {
url = https://cgit.krebsco.de/kops;
rev = "refs/tags/v1.1.0";
sha256 = "0k3zhv2830z4bljcdvf6ciwjihk2zzcn9y23p49c6sba5hbsd6jb";
}

39
krebs/5pkgs/simple/newsbot-js/default.nix
View File

@ -1,27 +1,27 @@
{ stdenv, makeWrapper, callPackage, lib, buildEnv, fetchgit, nodePackages, nodejs }:
{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-8_x, pkgs, icu }:
with lib;
let
np = (callPackage <nixpkgs/pkgs/top-level/node-packages.nix>) {
generated = ./packages.nix;
self = np;
nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> {
inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile;
nodejs = nodejs-8_x;
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
};
node_env = buildEnv {
name = "node_env";
paths = [
np.feedparser
np.form-data
np.irc
np.request
np.shell-quote
];
pathsToLink = [ "/lib" ];
ignoreCollisions = true;
node_env = pkgs.buildEnv {
name = "go-node_env";
paths = attrValues (import ./node-packages.nix {
inherit (pkgs) fetchurl fetchgit;
inherit nodeEnv;
globalBuildInputs = [
icu.dev
];
});
};
in np.buildNodePackage {
in stdenv.mkDerivation {
name = "newsbot-js";
src = fetchgit {
@ -32,14 +32,11 @@ in np.buildNodePackage {
phases = [
"unpackPhase"
"patchPhase"
"installPhase"
];
deps = (filter (v: nixType v == "derivation") (attrValues np));
buildInputs = [
nodejs
nodejs-8_x
makeWrapper
];
@ -48,7 +45,7 @@ in np.buildNodePackage {
cp newsbot.js $out/
cat > $out/newsbot << EOF
${nodejs}/bin/node $out/newsbot.js
${nodejs-8_x}/bin/node $out/newsbot.js
EOF
chmod +x $out/newsbot

844
krebs/5pkgs/simple/newsbot-js/node-packages.nix Normal file
View File

@ -0,0 +1,844 @@
# This file has been generated by node2nix 1.5.3. Do not edit!
{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}:
let
sources = {
"addressparser-1.0.1" = {
name = "addressparser";
packageName = "addressparser";
version = "1.0.1";
src = fetchurl {
url = "https://registry.npmjs.org/addressparser/-/addressparser-1.0.1.tgz";
sha1 = "47afbe1a2a9262191db6838e4fd1d39b40821746";
};
};
"ajv-5.5.2" = {
name = "ajv";
packageName = "ajv";
version = "5.5.2";
src = fetchurl {
url = "https://registry.npmjs.org/ajv/-/ajv-5.5.2.tgz";
sha1 = "73b5eeca3fab653e3d3f9422b341ad42205dc965";
};
};
"array-filter-0.0.1" = {
name = "array-filter";
packageName = "array-filter";
version = "0.0.1";
src = fetchurl {
url = "https://registry.npmjs.org/array-filter/-/array-filter-0.0.1.tgz";
sha1 = "7da8cf2e26628ed732803581fd21f67cacd2eeec";
};
};
"array-indexofobject-0.0.1" = {
name = "array-indexofobject";
packageName = "array-indexofobject";
version = "0.0.1";
src = fetchurl {
url = "https://registry.npmjs.org/array-indexofobject/-/array-indexofobject-0.0.1.tgz";
sha1 = "aaa128e62c9b3c358094568c219ff64fe489d42a";
};
};
"array-map-0.0.0" = {
name = "array-map";
packageName = "array-map";
version = "0.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/array-map/-/array-map-0.0.0.tgz";
sha1 = "88a2bab73d1cf7bcd5c1b118a003f66f665fa662";
};
};
"array-reduce-0.0.0" = {
name = "array-reduce";
packageName = "array-reduce";
version = "0.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/array-reduce/-/array-reduce-0.0.0.tgz";
sha1 = "173899d3ffd1c7d9383e4479525dbe278cab5f2b";
};
};
"asn1-0.2.3" = {
name = "asn1";
packageName = "asn1";
version = "0.2.3";
src = fetchurl {
url = "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz";
sha1 = "dac8787713c9966849fc8180777ebe9c1ddf3b86";
};
};
"assert-plus-1.0.0" = {
name = "assert-plus";
packageName = "assert-plus";
version = "1.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz";
sha1 = "f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525";
};
};
"asynckit-0.4.0" = {
name = "asynckit";
packageName = "asynckit";
version = "0.4.0";
src = fetchurl {
url = "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz";
sha1 = "c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79";
};
};
"aws-sign2-0.7.0" = {
name = "aws-sign2";
packageName = "aws-sign2";
version = "0.7.0";
src = fetchurl {
url = "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz";
sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8";
};
};
"aws4-1.6.0" = {
name = "aws4";
packageName = "aws4";
version = "1.6.0";
src = fetchurl {
url = "https://registry.npmjs.org/aws4/-/aws4-1.6.0.tgz";
sha1 = "83ef5ca860b2b32e4a0deedee8c771b9db57471e";
};
};
"bcrypt-pbkdf-1.0.1" = {
name = "bcrypt-pbkdf";
packageName = "bcrypt-pbkdf";
version = "1.0.1";
src = fetchurl {
url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz";
sha1 = "63bc5dcb61331b92bc05fd528953c33462a06f8d";
};
};
"boom-4.3.1" = {
name = "boom";
packageName = "boom";
version = "4.3.1";
src = fetchurl {
url = "https://registry.npmjs.org/boom/-/boom-4.3.1.tgz";
sha1 = "4f8a3005cb4a7e3889f749030fd25b96e01d2e31";
};
};
"boom-5.2.0" = {
name = "boom";
packageName = "boom";
version = "5.2.0";
src = fetchurl {
url = "https://registry.npmjs.org/boom/-/boom-5.2.0.tgz";
sha512 = "19h20yqpvca08dns1rs4f057f10w63v0snxfml4h5khsk266x3x1im0w72bza4k2xn0kfz6jlv001dhcvxsjr09bmbqnysils9m7437";
};
};
"caseless-0.12.0" = {
name = "caseless";
packageName = "caseless";
version = "0.12.0";
src = fetchurl {
url = "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz";
sha1 = "1b681c21ff84033c826543090689420d187151dc";
};
};
"co-4.6.0" = {
name = "co";
packageName = "co";
version = "4.6.0";
src = fetchurl {
url = "https://registry.npmjs.org/co/-/co-4.6.0.tgz";
sha1 = "6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184";
};
};
"combined-stream-1.0.6" = {
name = "combined-stream";
packageName = "combined-stream";
version = "1.0.6";
src = fetchurl {
url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.6.tgz";
sha1 = "723e7df6e801ac5613113a7e445a9b69cb632818";
};
};
"core-util-is-1.0.2" = {
name = "core-util-is";
packageName = "core-util-is";
version = "1.0.2";
src = fetchurl {
url = "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz";
sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7";
};
};
"cryptiles-3.1.2" = {
name = "cryptiles";
packageName = "cryptiles";
version = "3.1.2";
src = fetchurl {
url = "https://registry.npmjs.org/cryptiles/-/cryptiles-3.1.2.tgz";
sha1 = "a89fbb220f5ce25ec56e8c4aa8a4fd7b5b0d29fe";
};
};
"dashdash-1.14.1" = {
name = "dashdash";
packageName = "dashdash";
version = "1.14.1";
src = fetchurl {
url = "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz";
sha1 = "853cfa0f7cbe2fed5de20326b8dd581035f6e2f0";
};
};
"delayed-stream-1.0.0" = {
name = "delayed-stream";
packageName = "delayed-stream";
version = "1.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz";
sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619";
};
};
"ecc-jsbn-0.1.1" = {
name = "ecc-jsbn";
packageName = "ecc-jsbn";
version = "0.1.1";
src = fetchurl {
url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz";
sha1 = "0fc73a9ed5f0d53c38193398523ef7e543777505";
};
};
"extend-3.0.1" = {
name = "extend";
packageName = "extend";
version = "3.0.1";
src = fetchurl {
url = "https://registry.npmjs.org/extend/-/extend-3.0.1.tgz";
sha1 = "a755ea7bc1adfcc5a31ce7e762dbaadc5e636444";
};
};
"extsprintf-1.3.0" = {
name = "extsprintf";
packageName = "extsprintf";
version = "1.3.0";
src = fetchurl {
url = "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz";
sha1 = "96918440e3041a7a414f8c52e3c574eb3c3e1e05";
};
};
"fast-deep-equal-1.1.0" = {
name = "fast-deep-equal";
packageName = "fast-deep-equal";
version = "1.1.0";
src = fetchurl {
url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-1.1.0.tgz";
sha1 = "c053477817c86b51daa853c81e059b733d023614";
};
};
"fast-json-stable-stringify-2.0.0" = {
name = "fast-json-stable-stringify";
packageName = "fast-json-stable-stringify";
version = "2.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz";
sha1 = "d5142c0caee6b1189f87d3a76111064f86c8bbf2";
};
};
"forever-agent-0.6.1" = {
name = "forever-agent";
packageName = "forever-agent";
version = "0.6.1";
src = fetchurl {
url = "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz";
sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91";
};
};
"form-data-2.3.2" = {
name = "form-data";
packageName = "form-data";
version = "2.3.2";
src = fetchurl {
url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz";
sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099";
};
};
"getpass-0.1.7" = {
name = "getpass";
packageName = "getpass";
version = "0.1.7";
src = fetchurl {
url = "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz";
sha1 = "5eff8e3e684d569ae4cb2b1282604e8ba62149fa";
};
};
"har-schema-2.0.0" = {
name = "har-schema";
packageName = "har-schema";
version = "2.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz";
sha1 = "a94c2224ebcac04782a0d9035521f24735b7ec92";
};
};
"har-validator-5.0.3" = {
name = "har-validator";
packageName = "har-validator";
version = "5.0.3";
src = fetchurl {
url = "https://registry.npmjs.org/har-validator/-/har-validator-5.0.3.tgz";
sha1 = "ba402c266194f15956ef15e0fcf242993f6a7dfd";
};
};
"hawk-6.0.2" = {
name = "hawk";
packageName = "hawk";
version = "6.0.2";
src = fetchurl {
url = "https://registry.npmjs.org/hawk/-/hawk-6.0.2.tgz";
sha512 = "1nl2hjr2mnhj5jlaz8mh54z7acwz5j5idkch04qgjk78756gw5d0fjk4a2immil5ij9ijdssb9ndpryvnh2xpcbgcjv8lxybn330als";
};
};
"hoek-4.2.1" = {
name = "hoek";
packageName = "hoek";
version = "4.2.1";
src = fetchurl {
url = "https://registry.npmjs.org/hoek/-/hoek-4.2.1.tgz";
sha512 = "1y8kprb3qldxqj31zai5n8dvhydsl9nn5w4rskhnbzzhldn6pm6n5lcyam3sfkb61a62d5m58k8im7z6ngwbd9cw9zp4zm4y7ckrf20";
};
};
"http-signature-1.2.0" = {
name = "http-signature";
packageName = "http-signature";
version = "1.2.0";
src = fetchurl {
url = "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz";
sha1 = "9aecd925114772f3d95b65a60abb8f7c18fbace1";
};
};
"iconv-2.2.3" = {
name = "iconv";
packageName = "iconv";
version = "2.2.3";
src = fetchurl {
url = "https://registry.npmjs.org/iconv/-/iconv-2.2.3.tgz";
sha1 = "e084d60eeb7d73da7f0a9c096e4c8abe090bfaed";
};
};
"inherits-2.0.3" = {
name = "inherits";
packageName = "inherits";
version = "2.0.3";
src = fetchurl {
url = "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz";
sha1 = "633c2c83e3da42a502f52466022480f4208261de";
};
};
"irc-colors-1.4.2" = {
name = "irc-colors";
packageName = "irc-colors";
version = "1.4.2";
src = fetchurl {
url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.4.2.tgz";
sha512 = "0f75yhavbhr8lbh3lh83rvyfrrrcxjawnd2rz7sacjd3zxj5524xr28j66f2l11vlngdkbplxz5xsq9dnwrcyqa0jh64k2pvzhn17a1";
};
};
"is-typedarray-1.0.0" = {
name = "is-typedarray";
packageName = "is-typedarray";
version = "1.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz";
sha1 = "e479c80858df0c1b11ddda6940f96011fcda4a9a";
};
};
"isarray-1.0.0" = {
name = "isarray";
packageName = "isarray";
version = "1.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz";
sha1 = "bb935d48582cba168c06834957a54a3e07124f11";
};
};
"isstream-0.1.2" = {
name = "isstream";
packageName = "isstream";
version = "0.1.2";
src = fetchurl {
url = "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz";
sha1 = "47e63f7af55afa6f92e1500e690eb8b8529c099a";
};
};
"jsbn-0.1.1" = {
name = "jsbn";
packageName = "jsbn";
version = "0.1.1";
src = fetchurl {
url = "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz";
sha1 = "a5e654c2e5a2deb5f201d96cefbca80c0ef2f513";
};
};
"json-schema-0.2.3" = {
name = "json-schema";
packageName = "json-schema";
version = "0.2.3";
src = fetchurl {
url = "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz";
sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13";
};
};
"json-schema-traverse-0.3.1" = {
name = "json-schema-traverse";
packageName = "json-schema-traverse";
version = "0.3.1";
src = fetchurl {
url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz";
sha1 = "349a6d44c53a51de89b40805c5d5e59b417d3340";
};
};
"json-stringify-safe-5.0.1" = {
name = "json-stringify-safe";
packageName = "json-stringify-safe";
version = "5.0.1";
src = fetchurl {
url = "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz";
sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb";
};
};
"jsonify-0.0.0" = {
name = "jsonify";
packageName = "jsonify";
version = "0.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz";
sha1 = "2c74b6ee41d93ca51b7b5aaee8f503631d252a73";
};
};
"jsprim-1.4.1" = {
name = "jsprim";
packageName = "jsprim";
version = "1.4.1";
src = fetchurl {
url = "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz";
sha1 = "313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2";
};
};
"lodash.assign-4.2.0" = {
name = "lodash.assign";
packageName = "lodash.assign";
version = "4.2.0";
src = fetchurl {
url = "https://registry.npmjs.org/lodash.assign/-/lodash.assign-4.2.0.tgz";
sha1 = "0d99f3ccd7a6d261d19bdaeb9245005d285808e7";
};
};
"lodash.get-4.4.2" = {
name = "lodash.get";
packageName = "lodash.get";
version = "4.4.2";
src = fetchurl {
url = "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz";
sha1 = "2d177f652fa31e939b4438d5341499dfa3825e99";
};
};
"lodash.has-4.5.2" = {
name = "lodash.has";
packageName = "lodash.has";
version = "4.5.2";
src = fetchurl {
url = "https://registry.npmjs.org/lodash.has/-/lodash.has-4.5.2.tgz";
sha1 = "d19f4dc1095058cccbe2b0cdf4ee0fe4aa37c862";
};
};
"lodash.uniq-4.5.0" = {
name = "lodash.uniq";
packageName = "lodash.uniq";
version = "4.5.0";
src = fetchurl {
url = "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz";
sha1 = "d0225373aeb652adc1bc82e4945339a842754773";
};
};
"mime-db-1.33.0" = {
name = "mime-db";
packageName = "mime-db";
version = "1.33.0";
src = fetchurl {
url = "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz";
sha512 = "36xnw59ik9fqym00cmwb5nyzg0l03k70cp413f7639j93wgmzk1mh0xjc7i6zz3r6k9xnwh0g5cm5a1f3y8c6plgy4qld7fm887ywh4";
};
};
"mime-types-2.1.18" = {
name = "mime-types";
packageName = "mime-types";
version = "2.1.18";
src = fetchurl {
url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz";
sha512 = "22krj1kw7n9z10zdyx7smcaim4bzwqsqzhspwha06q58gcrxfp93hw2cd0vk5crhq5p2dwzqlpacg32lrmp5sjzb798zdzy35mdmkwm";
};
};
"mri-1.1.0" = {
name = "mri";
packageName = "mri";
version = "1.1.0";
src = fetchurl {
url = "https://registry.npmjs.org/mri/-/mri-1.1.0.tgz";
sha1 = "5c0a3f29c8ccffbbb1ec941dcec09d71fa32f36a";
};
};
"nan-2.10.0" = {
name = "nan";
packageName = "nan";
version = "2.10.0";
src = fetchurl {
url = "https://registry.npmjs.org/nan/-/nan-2.10.0.tgz";
sha512 = "349rr7x0djrlkav4gbhkg355852ingn965r0kkch8rr4cwp7qki9676zpq8cq988yszzd2hld6szsbbnd1v6rghzf11abn1nyzlj1vc";
};
};
"node-icu-charset-detector-0.2.0" = {
name = "node-icu-charset-detector";
packageName = "node-icu-charset-detector";
version = "0.2.0";
src = fetchurl {
url = "https://registry.npmjs.org/node-icu-charset-detector/-/node-icu-charset-detector-0.2.0.tgz";
sha1 = "c2320da374ddcb671fc54cb4a0e041e156ffd639";
};
};
"oauth-sign-0.8.2" = {
name = "oauth-sign";
packageName = "oauth-sign";
version = "0.8.2";
src = fetchurl {
url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz";
sha1 = "46a6ab7f0aead8deae9ec0565780b7d4efeb9d43";
};
};
"performance-now-2.1.0" = {
name = "performance-now";
packageName = "performance-now";
version = "2.1.0";
src = fetchurl {
url = "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz";
sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b";
};
};
"process-nextick-args-2.0.0" = {
name = "process-nextick-args";
packageName = "process-nextick-args";
version = "2.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz";
sha512 = "0rw8xpqqkhs91722slvzf8icxfaimqp4w8zb3840jxr7r8n8035byl6dhdi5bm0yr6x7sdws0gf3m025fg6hqgaklwlbl4d7bah5l9j";
};
};
"punycode-1.4.1" = {
name = "punycode";
packageName = "punycode";
version = "1.4.1";
src = fetchurl {
url = "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz";
sha1 = "c0d5a63b2718800ad8e1eb0fa5269c84dd41845e";
};
};
"qs-6.5.1" = {
name = "qs";
packageName = "qs";
version = "6.5.1";
src = fetchurl {
url = "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz";
sha512 = "3waqapyj1k4g135sgj636rmswiaixq19is1rw0rpv4qp6k7dl0a9nwy06m7yl5lbdk9p6xpwwngnggbzlzaz6rh11c86j2nvnnf273r";
};
};
"readable-stream-2.3.6" = {
name = "readable-stream";
packageName = "readable-stream";
version = "2.3.6";
src = fetchurl {
url = "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz";
sha512 = "0mj9b6190amln9rg89x5pq2n195s3v0gzicpdamv1kbabg69aw5m71l34jsjn7bqil7405l6l35x9ijnb3h4jz5vx2i00l8sl1ll2xm";
};
};
"safe-buffer-5.1.1" = {
name = "safe-buffer";
packageName = "safe-buffer";
version = "5.1.1";
src = fetchurl {
url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz";
sha512 = "1p28rllll1w65yzq5azi4izx962399xdsdlfbaynn7vmp981hiss05jhiy9hm7sbbfk3b4dhlcv0zy07fc59mnc07hdv6wcgqkcvawh";
};
};
"sax-1.2.4" = {
name = "sax";
packageName = "sax";
version = "1.2.4";
src = fetchurl {
url = "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz";
sha512 = "1dn291mjsda42w8kldlbmngk6dhjxfbvvd5lckyqmwbjaj6069iq3wx0nvcfglwnpddz2qa93lzf4hv77iz43bd2qixa079sjzl799n";
};
};
"sntp-2.1.0" = {
name = "sntp";
packageName = "sntp";
version = "2.1.0";
src = fetchurl {
url = "https://registry.npmjs.org/sntp/-/sntp-2.1.0.tgz";
sha512 = "0k2smmr24w5hb1cpql6vcgh58vzp4pmh9anf0bgz3arlsgq1mapnlq9fjqr6xs10aq1cmxaw987fwknqi62frax0fvs9bj3q3kmpg8l";
};
};
"sshpk-1.14.1" = {
name = "sshpk";
packageName = "sshpk";
version = "1.14.1";
src = fetchurl {
url = "https://registry.npmjs.org/sshpk/-/sshpk-1.14.1.tgz";
sha1 = "130f5975eddad963f1d56f92b9ac6c51fa9f83eb";
};
};
"string_decoder-1.1.1" = {
name = "string_decoder";
packageName = "string_decoder";
version = "1.1.1";
src = fetchurl {
url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz";
sha512 = "315yd4vzwrwk3vwj1klf46y1cj2jbvf88066y2rnwhksb98phj46jkxixbwsp3h607w7czy7cby522s7sx8mvspdpdm3s72y2ga3x4z";
};
};
"stringstream-0.0.5" = {
name = "stringstream";
packageName = "stringstream";
version = "0.0.5";
src = fetchurl {
url = "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz";
sha1 = "4e484cd4de5a0bbbee18e46307710a8a81621878";
};
};
"tough-cookie-2.3.4" = {
name = "tough-cookie";
packageName = "tough-cookie";
version = "2.3.4";
src = fetchurl {
url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.4.tgz";
sha512 = "0ncm6j3cjq1f26mzjf04k9bkw1b08w53s4qa3a11c1bdj4pgnqv1422c1xs5jyy6y1psppjx52fhagq5zkjkgrcpdkxcdiry96r77jd";
};
};
"tunnel-agent-0.6.0" = {
name = "tunnel-agent";
packageName = "tunnel-agent";
version = "0.6.0";
src = fetchurl {
url = "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz";
sha1 = "27a5dea06b36b04a0a9966774b290868f0fc40fd";
};
};
"tweetnacl-0.14.5" = {
name = "tweetnacl";
packageName = "tweetnacl";
version = "0.14.5";
src = fetchurl {
url = "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz";
sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64";
};
};
"util-deprecate-1.0.2" = {
name = "util-deprecate";
packageName = "util-deprecate";
version = "1.0.2";
src = fetchurl {
url = "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz";
sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf";
};
};
"uuid-3.2.1" = {
name = "uuid";
packageName = "uuid";
version = "3.2.1";
src = fetchurl {
url = "https://registry.npmjs.org/uuid/-/uuid-3.2.1.tgz";
sha512 = "0843vl1c974n8kw5kn0kvhvhwk8y8jydr0xkwwl2963xxmkw4ingk6xj9c8m48jw2i95giglxzq5aw5v5mij9kv7fzln8pxav1cr6cd";
};
};
"verror-1.10.0" = {
name = "verror";
packageName = "verror";
version = "1.10.0";
src = fetchurl {
url = "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz";
sha1 = "3a105ca17053af55d6e270c1f8288682e18da400";
};
};
};
in
{
feedparser = nodeEnv.buildNodePackage {
name = "feedparser";
packageName = "feedparser";
version = "2.2.9";
src = fetchurl {
url = "https://registry.npmjs.org/feedparser/-/feedparser-2.2.9.tgz";
sha1 = "9138197dafdae05fcadde0036beeaf6066c2c5e9";
};
dependencies = [
sources."addressparser-1.0.1"
sources."array-indexofobject-0.0.1"
sources."core-util-is-1.0.2"
sources."inherits-2.0.3"
sources."isarray-1.0.0"
sources."lodash.assign-4.2.0"
sources."lodash.get-4.4.2"
sources."lodash.has-4.5.2"
sources."lodash.uniq-4.5.0"
sources."mri-1.1.0"
sources."process-nextick-args-2.0.0"
sources."readable-stream-2.3.6"
sources."safe-buffer-5.1.1"
sources."sax-1.2.4"
sources."string_decoder-1.1.1"
sources."util-deprecate-1.0.2"
];
buildInputs = globalBuildInputs;
meta = {
description = "Robust RSS Atom and RDF feed parsing using sax js";
homepage = http://github.com/danmactough/node-feedparser;
license = "MIT";
};
production = true;
bypassCache = true;
};
form-data = nodeEnv.buildNodePackage {
name = "form-data";
packageName = "form-data";
version = "2.3.2";
src = fetchurl {
url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz";
sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099";
};
dependencies = [
sources."asynckit-0.4.0"
sources."combined-stream-1.0.6"
sources."delayed-stream-1.0.0"
sources."mime-db-1.33.0"
sources."mime-types-2.1.18"
];
buildInputs = globalBuildInputs;
meta = {
description = "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.";
license = "MIT";
};
production = true;
bypassCache = true;
};
irc = nodeEnv.buildNodePackage {
name = "irc";
packageName = "irc";
version = "0.5.2";
src = fetchurl {
url = "https://registry.npmjs.org/irc/-/irc-0.5.2.tgz";
sha1 = "3714f4768365a96d0b2f776bc91166beb2464bbc";
};
dependencies = [
sources."iconv-2.2.3"
sources."irc-colors-1.4.2"
sources."nan-2.10.0"
sources."node-icu-charset-detector-0.2.0"
];
buildInputs = globalBuildInputs;
meta = {
description = "An IRC client library for node";
homepage = "https://github.com/martynsmith/node-irc#readme";
license = "GPL-3.0";
};
production = true;
bypassCache = true;
};
request = nodeEnv.buildNodePackage {
name = "request";
packageName = "request";
version = "2.85.0";
src = fetchurl {
url = "https://registry.npmjs.org/request/-/request-2.85.0.tgz";
sha512 = "2d3hg10zs5ycnr8prmiwdhacf88fl0x0bi6szs0z2r07zcbk419laixwpjp8sqapbc2ifyyih7p3r60wgr58bmcncz3pqnx523c8zph";
};
dependencies = [
sources."ajv-5.5.2"
sources."asn1-0.2.3"
sources."assert-plus-1.0.0"
sources."asynckit-0.4.0"
sources."aws-sign2-0.7.0"
sources."aws4-1.6.0"
sources."bcrypt-pbkdf-1.0.1"
sources."boom-4.3.1"
sources."caseless-0.12.0"
sources."co-4.6.0"
sources."combined-stream-1.0.6"
sources."core-util-is-1.0.2"
(sources."cryptiles-3.1.2" // {
dependencies = [
sources."boom-5.2.0"
];
})
sources."dashdash-1.14.1"
sources."delayed-stream-1.0.0"
sources."ecc-jsbn-0.1.1"
sources."extend-3.0.1"
sources."extsprintf-1.3.0"
sources."fast-deep-equal-1.1.0"
sources."fast-json-stable-stringify-2.0.0"
sources."forever-agent-0.6.1"
sources."form-data-2.3.2"
sources."getpass-0.1.7"
sources."har-schema-2.0.0"
sources."har-validator-5.0.3"
sources."hawk-6.0.2"
sources."hoek-4.2.1"
sources."http-signature-1.2.0"
sources."is-typedarray-1.0.0"
sources."isstream-0.1.2"
sources."jsbn-0.1.1"
sources."json-schema-0.2.3"
sources."json-schema-traverse-0.3.1"
sources."json-stringify-safe-5.0.1"
sources."jsprim-1.4.1"
sources."mime-db-1.33.0"
sources."mime-types-2.1.18"
sources."oauth-sign-0.8.2"
sources."performance-now-2.1.0"
sources."punycode-1.4.1"
sources."qs-6.5.1"
sources."safe-buffer-5.1.1"
sources."sntp-2.1.0"
sources."sshpk-1.14.1"
sources."stringstream-0.0.5"
sources."tough-cookie-2.3.4"
sources."tunnel-agent-0.6.0"
sources."tweetnacl-0.14.5"
sources."uuid-3.2.1"
sources."verror-1.10.0"
];
buildInputs = globalBuildInputs;
meta = {
description = "Simplified HTTP request client.";
homepage = "https://github.com/request/request#readme";
license = "Apache-2.0";
};
production = true;
bypassCache = true;
};
shell-quote = nodeEnv.buildNodePackage {
name = "shell-quote";
packageName = "shell-quote";
version = "1.6.1";
src = fetchurl {
url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.6.1.tgz";
sha1 = "f4781949cce402697127430ea3b3c5476f481767";
};
dependencies = [
sources."array-filter-0.0.1"
sources."array-map-0.0.0"
sources."array-reduce-0.0.0"
sources."jsonify-0.0.0"
];
buildInputs = globalBuildInputs;
meta = {
description = "quote and parse shell commands";
homepage = "https://github.com/substack/node-shell-quote#readme";
license = "MIT";
};
production = true;
bypassCache = true;
};
}

1747
krebs/5pkgs/simple/newsbot-js/packages.nix
View File

File diff suppressed because it is too large Load Diff

7
krebs/5pkgs/simple/newsbot-js/pkgs.json Normal file
View File

@ -0,0 +1,7 @@
[
"feedparser",
"form-data",
"irc",
"request",
"shell-quote"
]

2
krebs/5pkgs/simple/newsbot-js/update.sh Executable file
View File

@ -0,0 +1,2 @@
node2nix -8 -i pkgs.json -c combine.nix
rm node-env.nix combine.nix

30
krebs/5pkgs/simple/pass-otp/default.nix Normal file
View File

@ -0,0 +1,30 @@
{ stdenv, fetchFromGitHub, oathToolkit }:
stdenv.mkDerivation rec {
name = "pass-otp-${version}";
version = "1.1.0";
src = fetchFromGitHub {
owner = "tadfisher";
repo = "pass-otp";
rev = "v${version}";
sha256 = "1cgj4zc8fq88n3h6c0vkv9i5al785mdprpgpbv5m22dz9p1wqvbb";
};
buildInputs = [ oathToolkit ];
patchPhase = ''
sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash
'';
installPhase = ''
make PREFIX=$out install
'';
meta = with stdenv.lib; {
description = "A pass extension for managing one-time-password (OTP) tokens";
homepage = https://github.com/tadfisher/pass-otp;
license = licenses.gpl3;
maintainers = with maintainers; [ jwiegley tadfisher ];
platforms = platforms.unix;
};
}

121
krebs/5pkgs/simple/pass/default.nix Normal file
View File

@ -0,0 +1,121 @@
{ stdenv, lib, fetchurl, fetchFromGitHub
, coreutils, gnused, getopt, git, tree, gnupg, which, procps, qrencode
, makeWrapper
, pass-otp
, xclip ? null, xdotool ? null, dmenu ? null
, x11Support ? !stdenv.isDarwin
, tombPluginSupport ? false, tomb
}:
with lib;
assert x11Support -> xclip != null
&& xdotool != null
&& dmenu != null;
let
plugins = map (p: (fetchFromGitHub {
owner = "roddhjav";
repo = "pass-${p.name}";
inherit (p) rev sha256;
}))
([
{ name = "import";
rev = "491935bd275f29ceac2b876b3a288011d1ce31e7";
sha256 = "02mbh05ab8h7kc30hz718d1d1vkjz43b96c7p0xnd92610d2q66q"; }
{ name = "update";
rev = "cf576c9036fd18efb9ed29e0e9f811207b556fde";
sha256 = "1hhbrg6a2walrvla6q4cd3pgrqbcrf9brzjkb748735shxfn52hd"; }
] ++ stdenv.lib.optional tombPluginSupport {
name = "tomb";
rev = "3368134898a42c1b758fabac625ec240e125c6be";
sha256 = "0qqmxfg4w3r088qhlkhs44036mya82vjflsjjhw2hk8y0wd2i6ds"; }
);
in stdenv.mkDerivation rec {
version = "1.7.1";
name = "pass-${version}";
src = fetchurl {
url = "http://git.zx2c4.com/password-store/snapshot/${name}.tar.xz";
sha256 = "0scqkpll2q8jhzcgcsh9kqz0gwdpvynivqjmmbzax2irjfaiklpn";
};
patches = [ ./set-correct-program-name-for-sleep.patch
] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch;
nativeBuildInputs = [ makeWrapper ];
installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ];
postInstall = ''
# plugins
${stdenv.lib.concatStringsSep "\n" (map (plugin: ''
pushd ${plugin}
PREFIX=$out make install
popd
'') plugins)}
ln -s \
${pass-otp}/lib/password-store/extensions/otp.bash \
$out/lib/password-store/extensions/
ln -s \
${pass-otp}/share/man/man1/pass-otp.1.gz \
$out/share/man/man1/
# Install Emacs Mode. NOTE: We can't install the necessary
# dependencies (s.el and f.el) here. The user has to do this
# himself.
mkdir -p "$out/share/emacs/site-lisp"
cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/"
'' + optionalString x11Support ''
cp "contrib/dmenu/passmenu" "$out/bin/"
'';
wrapperPath = with stdenv.lib; makeBinPath ([
coreutils
getopt
git
gnupg
gnused
tree
which
qrencode
] ++ optional tombPluginSupport tomb
++ optional stdenv.isLinux procps
++ ifEnable x11Support [ dmenu xclip xdotool ]);
postFixup = ''
# Fix program name in --help
substituteInPlace $out/bin/pass \
--replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass"
# Ensure all dependencies are in PATH
wrapProgram $out/bin/pass \
--prefix PATH : "${wrapperPath}"
'' + stdenv.lib.optionalString x11Support ''
# We just wrap passmenu with the same PATH as pass. It doesn't
# need all the tools in there but it doesn't hurt either.
wrapProgram $out/bin/passmenu \
--prefix PATH : "$out/bin:${wrapperPath}"
'';
meta = with stdenv.lib; {
description = "Stores, retrieves, generates, and synchronizes passwords securely";
homepage = https://www.passwordstore.org/;
license = licenses.gpl2Plus;
maintainers = with maintainers; [ lovek323 the-kenny fpletz ];
platforms = platforms.unix;
longDescription = ''
pass is a very simple password store that keeps passwords inside gpg2
encrypted files inside a simple directory tree residing at
~/.password-store. The pass utility provides a series of commands for
manipulating the password store, allowing the user to add, remove, edit,
synchronize, generate, and manipulate passwords.
'';
};
}

9
krebs/5pkgs/simple/pass/no-darwin-getopt.patch Normal file
View File

@ -0,0 +1,9 @@
diff -Naur password-store-1.6.5-orig/src/platform/darwin.sh password-store-1.6.5/src/platform/darwin.sh
--- password-store-1.6.5-orig/src/platform/darwin.sh 2015-01-28 16:43:02.000000000 +0000
+++ password-store-1.6.5/src/platform/darwin.sh 2015-02-15 16:09:02.000000000 +0000
@@ -31,5 +31,4 @@
mount -t hfs -o noatime -o nobrowse "$DARWIN_RAMDISK_DEV" "$SECURE_TMPDIR" || die "Error: could not mount filesystem on ramdisk."
}
-GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt"
SHRED="srm -f -z"

57
krebs/5pkgs/simple/pass/rofi-pass.nix Normal file
View File

@ -0,0 +1,57 @@
{ stdenv, fetchFromGitHub, pass, rofi, coreutils, utillinux, xdotool, gnugrep
, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper
}:
stdenv.mkDerivation rec {
name = "rofi-pass-${version}";
version = "1.5.3";
src = fetchFromGitHub {
owner = "carnager";
repo = "rofi-pass";
rev = version;
sha256 = "1fn1j2rf3abc5qb44zfc8z8ffw6rva4xfp7597hwr1g3szacazpq";
};
buildInputs = [ makeWrapper ];
dontBuild = true;
installPhase = ''
mkdir -p $out/bin
cp -a rofi-pass $out/bin/rofi-pass
mkdir -p $out/share/doc/rofi-pass/
cp -a config.example $out/share/doc/rofi-pass/config.example
'';
wrapperPath = with stdenv.lib; makeBinPath [
coreutils
findutils
gawk
gnugrep
gnused
libnotify
pass
pwgen
rofi
utillinux
xclip
xdotool
];
fixupPhase = ''
patchShebangs $out/bin
wrapProgram $out/bin/rofi-pass \
--prefix PATH : "${wrapperPath}"
'';
meta = {
description = "A script to make rofi work with password-store";
homepage = https://github.com/carnager/rofi-pass;
maintainers = with stdenv.lib.maintainers; [ the-kenny garbas ];
license = stdenv.lib.licenses.gpl3;
platforms = with stdenv.lib.platforms; linux;
};
}

69
krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch Normal file
View File

@ -0,0 +1,69 @@
From 25b44e00ed5df8ffe2782d38ad5cd9f514379599 Mon Sep 17 00:00:00 2001
From: "Andrew R. M" <andrewmiller237@gmail.com>
Date: Sat, 8 Apr 2017 13:50:01 -0400
Subject: [PATCH] Patch the clip() function to work even when using
single-binary coreutils
---
src/password-store.sh | 4 ++--
src/platform/cygwin.sh | 4 ++--
src/platform/darwin.sh | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/password-store.sh b/src/password-store.sh
index 6a4172d..4dbd6b8 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -155,11 +155,11 @@ clip() {
# variable. Specifically, it cannot store nulls nor (non-trivally) store
# trailing new lines.
local sleep_argv0="password store sleep on display $DISPLAY"
- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
+ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)"
echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard"
(
- ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" )
+ ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") )
local now="$(xclip -o -selection "$X_SELECTION" | base64)"
[[ $now != $(echo -n "$1" | base64) ]] && before="$now"
diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh
index 6e5dd86..f3574c4 100644
--- a/src/platform/cygwin.sh
+++ b/src/platform/cygwin.sh
@@ -3,11 +3,11 @@
clip() {
local sleep_argv0="password store sleep on display $DISPLAY"
- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
+ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
local before="$(base64 < /dev/clipboard)"
echo -n "$1" > /dev/clipboard
(
- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" )
+ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") )
local now="$(base64 < /dev/clipboard)"
[[ $now != $(echo -n "$1" | base64) ]] && before="$now"
echo "$before" | base64 -d > /dev/clipboard
diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh
index 86eb325..deb04c4 100644
--- a/src/platform/darwin.sh
+++ b/src/platform/darwin.sh
@@ -3,11 +3,11 @@
clip() {
local sleep_argv0="password store sleep for user $(id -u)"
- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
+ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
local before="$(pbpaste | openssl base64)"
echo -n "$1" | pbcopy
(
- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" )
+ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") )
local now="$(pbpaste | openssl base64)"
[[ $now != $(echo -n "$1" | openssl base64) ]] && before="$now"
echo "$before" | openssl base64 -d | pbcopy
--
2.12.2

36
krebs/5pkgs/simple/pssh/default.nix
View File

@ -1,36 +0,0 @@
{ writeDashBin }:
writeDashBin "pssh" ''
set -efu
case ''${1-} in
# TODO create plog with -o json | jq ... | map date
# usage: pssh {-j,--journal} host...
# Follow journal at each host.
-j|--journal)
shift
"$0" journalctl -n0 -ocat --follow --all ::: "$@" \
| while read line; do
printf '%s %s\n' "$(date --rfc-3339=s)" "$line"
done
;;
-*)
echo $0: unknown option: $1 >&2
exit 1
;;
# usage: pssh command [arg...] ::: host...
# Run command at each host.
*)
exec parallel \
--line-buffer \
-j0 \
--no-notice \
--tagstring {} \
ssh -T {} "$@"
;;
esac
''

60
krebs/5pkgs/simple/stockholm/default.nix
View File

@ -9,7 +9,6 @@
#
cmds.deploy = pkgs.withGetopt {
diff = { default = /* sh */ "false"; switch = true; };
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
@ -25,65 +24,6 @@
. ${init.env}
. ${init.proxy "deploy" opts}
if \test ${opts.diff.ref} = true; then
system_profile=/nix/var/nix/profiles/system
system_drv_cur=/etc/system.drv
system_drv_new=$(
${pkgs.nix}/bin/nix-instantiate \
-Q \
-I "$target_path" \
-E '
(import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [ <nixos-config> ];
}).config.system.build.toplevel
'
)
if \test -e "$system_drv_cur"; then
system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur")
system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new")
if \test "$system_drv_cur_c" = "$system_drv_new_c"; then
echo "$0: system up to date" >&2
exit 0
fi
system_drv_cur=$system_drv_cur_c \
system_drv_new=$system_drv_new_c \
${pkgs.utillinux}/bin/script \
--command '
${pkgs.haskellPackages.nix-diff}/bin/nix-diff \
"$system_drv_cur" "$system_drv_new"
' \
--quiet \
--return \
/dev/null
printf 'deploy? [N/y] ' >&2
read -r REPLY
if \test "$REPLY" != y; then
echo "$0: abort!" >&2
exit 1
fi
else
echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2
fi
new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new")
${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system"
PATH=${lib.makeBinPath [
pkgs.systemd
]} \
"$system_profile"/bin/switch-to-configuration switch
${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur"
exit
fi
# Use system's nixos-rebuild, which is not self-contained
export PATH=/run/current-system/sw/bin
exec ${utils.with-whatsupnix} \

15
krebs/5pkgs/simple/ucspi-tcp/chmod.patch
View File

@ -1,15 +0,0 @@
diff --git a/hier.c b/hier.c
index 5663ada..1d73b84 100644
--- a/hier.c
+++ b/hier.c
@@ -2,8 +2,8 @@
void hier()
{
- h(auto_home,-1,-1,02755);
- d(auto_home,"bin",-1,-1,02755);
+ h(auto_home,-1,-1,0755);
+ d(auto_home,"bin",-1,-1,0755);
c(auto_home,"bin","tcpserver",-1,-1,0755);
c(auto_home,"bin","tcprules",-1,-1,0755);

86
krebs/5pkgs/simple/ucspi-tcp/default.nix
View File

@ -1,86 +0,0 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
name = "ucspi-tcp-0.88";
src = fetchurl {
url = "http://cr.yp.to/ucspi-tcp/${name}.tar.gz";
sha256 = "171yl9kfm8w7l17dfxild99mbf877a9k5zg8yysgb1j8nz51a1ja";
};
# Plain upstream tarball doesn't build, get patches from Debian
patches = [
(fetchurl {
url = "http://ftp.de.debian.org/debian/pool/main/u/ucspi-tcp/ucspi-tcp_0.88-3.diff.gz";
sha256 = "0mzmhz8hjkrs0khmkzs5i0s1kgmgaqz07h493bd5jj5fm5njxln6";
})
./chmod.patch
];
# Apply Debian patches
postPatch = ''
for fname in debian/diff/*.diff; do
echo "Applying patch $fname"
patch < "$fname"
done
'';
# The build system is weird; 'make install' doesn't install anything, instead
# it builds an executable called ./install (from C code) which installs
# binaries to the directory given on line 1 in ./conf-home.
#
# Also, assume getgroups and setgroups work, instead of doing a build time
# test that breaks on NixOS (I think because nixbld users lack CAP_SETGID
# capability).
preBuild = ''
echo "$out" > conf-home
echo "main() { return 0; }" > chkshsgr.c
'';
installPhase = ''
mkdir -p "$out/bin"
mkdir -p "$out/share/man/man1"
# run the newly built installer
./install
# Install Debian man pages (upstream has none)
cp debian/ucspi-tcp-man/*.1 "$out/share/man/man1"
'';
meta = with stdenv.lib; {
description = "Command-line tools for building TCP client-server applications";
longDescription = ''
tcpserver waits for incoming connections and, for each connection, runs a
program of your choice. Your program receives environment variables
showing the local and remote host names, IP addresses, and port numbers.
tcpserver offers a concurrency limit to protect you from running out of
processes and memory. When you are handling 40 (by default) simultaneous
connections, tcpserver smoothly defers acceptance of new connections.
tcpserver also provides TCP access control features, similar to
tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules
are compiled into a hashed format with cdb, so it can easily deal with
thousands of different hosts.
This package includes a recordio tool that monitors all the input and
output of a server.
tcpclient makes a TCP connection and runs a program of your choice. It
sets up the same environment variables as tcpserver.
This package includes several sample clients built on top of tcpclient:
who@, date@, finger@, http@, tcpcat, and mconnect.
tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program
Interface, using the TCP protocol. UCSPI tools are available for several
different networks.
'';
homepage = http://cr.yp.to/ucspi-tcp.html;
license = licenses.publicDomain;
platforms = platforms.linux;
maintainers = [ maintainers.bjornfor ];
};
}

29
krebs/5pkgs/simple/urlwatch/default.nix
View File

@ -1,29 +0,0 @@
{ stdenv, fetchFromGitHub, python3Packages }:
python3Packages.buildPythonApplication rec {
name = "urlwatch-${version}";
version = "2.8";
src = fetchFromGitHub {
owner = "thp";
repo = "urlwatch";
rev = version;
sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4";
};
propagatedBuildInputs = with python3Packages; [
appdirs
keyring
minidb
pycodestyle
pyyaml
requests
];
meta = with stdenv.lib; {
description = "A tool for monitoring webpages for updates";
homepage = https://thp.io/2008/urlwatch/;
license = licenses.bsd3;
maintainers = with maintainers; [ tv ];
};
}

83
krebs/5pkgs/simple/zandronum-bin/default.nix
View File

@ -1,83 +0,0 @@
{ stdenv
, atk
, bzip2
, cairo
, fetchurl
, fluidsynth
, fontconfig
, freetype
, gdk_pixbuf
, glib
, gtk2
, libjpeg_turbo
, mesa_glu
, mesa_noglu
, openssl
, pango
, SDL
, zlib
, makeWrapper
}:
stdenv.mkDerivation rec {
name = "zandronum-3.0";
src = fetchurl {
url = "http://zandronum.com/downloads/testing/3.0/ZandroDev3.0-170205-2117linux-x86_64.tar.bz2";
sha256 = "17vrzk0m5b17sp3sqcg57r7812ma97lp3qxn9hmd39fwl1z40fz3";
};
libPath = stdenv.lib.makeLibraryPath [
atk
bzip2
cairo
fluidsynth
fontconfig
freetype
gdk_pixbuf
glib
gtk2
libjpeg_turbo
mesa_glu
mesa_noglu
openssl
pango
SDL
stdenv.cc.cc
zlib
];
nativeBuildInputs = [ makeWrapper ];
phases = [ "unpackPhase" "installPhase" ];
sourceRoot = ".";
installPhase = ''
mkdir -p $out/bin
mkdir -p $out/share/zandronum
cp *.so *.pk3 zandronum zandronum-server $out/share/zandronum
patchelf \
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
--set-rpath $libPath:$out/share/zandronum \
$out/share/zandronum/zandronum
patchelf \
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
--set-rpath $libPath \
$out/share/zandronum/zandronum-server
# If we don't set absolute argv0, zandronum.wad file is not found.
makeWrapper $out/share/zandronum/zandronum $out/bin/zandronum
makeWrapper $out/share/zandronum/zandronum-server $out/bin/zandronum-server
'';
meta = {
homepage = http://zandronum.com/;
description = "Multiplayer oriented port, based off Skulltag, for Doom and Doom II by id Software. Binary version for online play";
maintainers = [ stdenv.lib.maintainers.lassulus ];
# Binary version has different version string than source code version.
license = stdenv.lib.licenses.unfreeRedistributable;
platforms = [ "x86_64-linux" ];
};
}

3
krebs/5pkgs/writers.nix
View File

@ -57,7 +57,8 @@ with import <stockholm/lib>;
passAsFile = [ "text" ];
} /* sh */ ''
PATH=${makeBinPath (with pkgs; [
binutils
# TODO remove if everyone migrated to 18.03
(if hasAttr "binutils-unwrapped" pkgs then binutils-unwrapped else binutils)
coreutils
gcc
])}

64
krebs/kops.nix Normal file
View File

@ -0,0 +1,64 @@
{ name }: rec {
kops = (import <nixpkgs> {}).fetchgit {
url = https://cgit.krebsco.de/kops/;
rev = "e89cf20d4310070a877c2e24a287659546b561c9";
sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb";
};
lib = import "${kops}/lib";
# TODO document why pkgs should be used like this
pkgs = import "${kops}/pkgs" {};
krebs-source = {
nixpkgs.git = {
ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7";
url = https://github.com/NixOS/nixpkgs;
};
stockholm.file = toString ../.;
stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" ''
set -efu
cd $HOME/stockholm
V=$(${pkgs.coreutils}/bin/date +%y.%m)
if test -d .git; then
V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty)
case $V in (*-dirty)
V=$V@''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}
esac
fi
printf %s "$V"
'');
};
source ={ test }: lib.evalSource [
krebs-source
{
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
secrets =
if test
then {
file = toString <stockholm/krebs/6tests/data/secrets>;
}
else {
pass = {
dir = "${lib.getEnv "HOME"}/brain";
name = "krebs-secrets/${name}";
};
}
;
}
];
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
deploy = pkgs.kops.writeDeploy "${name}-deploy" {
source = source { test = false; };
target = "root@${name}/var/src";
};
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test)
test = pkgs.kops.writeTest "${name}-test" {
source = source { test = true; };
target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src";
};
}

5
krebs/source.nix
View File

@ -22,10 +22,7 @@ in
};
stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27
};
nixpkgs = (import ./kops.nix { name = ""; }).krebs-source.nixpkgs;
}
override
]

34
lass/1systems/cabal/config.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
];
krebs.build.host = config.krebs.hosts.cabal;
#fileSystems = {
# "/bku" = {
# device = "/dev/mapper/pool-bku";
# fsType = "btrfs";
# options = ["defaults" "noatime" "ssd" "compress=lzo"];
# };
#};
#services.udev.extraRules = ''
# SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
#'';
}

4
lass/1systems/cabal/source.nix Normal file
View File

@ -0,0 +1,4 @@
import <stockholm/lass/source.nix> {
name = "cabal";
secure = true;
}

2
lass/1systems/daedalus/config.nix
View File

@ -8,9 +8,9 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/boot/coreboot.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/backup.nix>
{
# bubsy config
users.users.bubsy = {

50
lass/1systems/echelon/config.nix
View File

@ -1,50 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
ip = config.krebs.build.host.nets.internet.ip4.addr;
in {
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/git.nix>
{
networking.interfaces.enp2s1.ip4 = [
{
address = ip;
prefixLength = 24;
}
];
networking.defaultGateway = getDefaultGateway ip;
networking.nameservers = [
"8.8.8.8"
];
}
{
sound.enable = false;
}
{
users.extraUsers = {
satan = {
name = "satan";
uid = 1338;
home = "/home/satan";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com"
];
};
};
}
];
krebs.build.host = config.krebs.hosts.echelon;
}

5
lass/1systems/helios/config.nix
View File

@ -17,6 +17,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
@ -131,7 +132,7 @@ with import <stockholm/lib>;
];
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
'';
networking.hostName = lib.mkForce "BLN02NB0162";
@ -168,8 +169,6 @@ with import <stockholm/lib>;
'')
];
lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];

2
lass/1systems/icarus/config.nix
View File

@ -14,9 +14,9 @@
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
];
krebs.build.host = config.krebs.hosts.icarus;

2
lass/1systems/littleT/config.nix
View File

@ -8,7 +8,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/steam.nix>
{
users.users.blacky = {

75
lass/1systems/mors/config.nix
View File

@ -33,6 +33,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/ableton.nix>
<stockholm/lass/2configs/dunst.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@ -140,6 +141,18 @@ with import <stockholm/lib>;
dpass
dnsutils
woeusb
l-gen-secrets
generate-secrets
(pkgs.writeDashBin "btc-coinbase" ''
${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
'')
(pkgs.writeDashBin "btc-wex" ''
${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg'
'')
(pkgs.writeDashBin "btc-kraken" ''
${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]'
'')
];
#TODO: fix this shit
@ -167,34 +180,8 @@ with import <stockholm/lib>;
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
export PATH=${makeBinPath [
pkgs.bash
pkgs.coreutils
pkgs.nix
(pkgs.writeDashBin "is-git-crypt-locked" ''
magic=$(dd status=none if="$1" skip=1 bs=1 count=8)
test "$magic" = GITCRYPT
'')
]}
cd ~/stockholm
export SYSTEM="$1"
if is-git-crypt-locked ~/secrets/ready; then
echo 'secrets are crypted' >&2
exit 23
else
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
fi
'';
predeploy = pkgs.writeDash "predeploy" ''
set -eu
export PATH=${makeBinPath [
pkgs.bash
pkgs.coreutils
pkgs.nix
]}
cd ~/stockholm
export SYSTEM="$1"
exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate'
$(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
@ -202,4 +189,38 @@ with import <stockholm/lib>;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
services.redshift = {
enable = true;
provider = "geoclue2";
};
lass.restic = genAttrs [
"daedalus"
"icarus"
"littleT"
"prism"
"shodan"
"skynet"
] (dest: {
dirs = [
"/home/lass/src"
"/home/lass/work"
"/home/lass/.gnupg"
"/home/lass/Maildir"
"/home/lass/stockholm"
"/home/lass/.password-store"
"/home/bitcoin"
"/home/bch"
];
passwordFile = (toString <secrets>) + "/restic/${dest}";
repo = "sftp:backup@${dest}.r:/backups/mors";
#sshPrivateKey = config.krebs.build.host.ssh.privkey.path;
extraArguments = [
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
];
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
});
}

89
lass/1systems/prism/config.nix
View File

@ -8,11 +8,15 @@ in {
imports = [
<stockholm/lass>
{
networking.interfaces.et0.ip4 = [
networking.interfaces.et0.ipv4.addresses = [
{
address = ip;
prefixLength = 27;
}
{
address = "46.4.114.243";
prefixLength = 27;
}
];
networking.defaultGateway = "46.4.114.225";
networking.nameservers = [
@ -100,6 +104,7 @@ in {
];
}
{ # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
uid = genid "riot";
isNormalUser = true;
@ -110,29 +115,13 @@ in {
};
# TODO write function for proxy_pass (ssl/nonssl)
services.nginx.virtualHosts."hackerfleet.de" = {
serverAliases = [
"*.hackerfleet.de"
];
locations."/".extraConfig = ''
proxy_pass http://192.168.122.92:80;
'';
};
services.nginx.virtualHosts."hackerfleet.de-s" = {
serverName = "hackerfleet.de";
listen = [
{
addr = "0.0.0.0";
port = 443;
}
];
serverAliases = [
"*.hackerfleet.de"
];
locations."/".extraConfig = ''
proxy_pass http://192.168.122.92:443;
'';
};
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
];
}
{
users.users.tv = {
@ -201,26 +190,6 @@ in {
localAddress = "10.233.2.2";
};
}
{
#kaepsele
systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
containers.kaepsele = {
config = { ... }: {
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
tv.pubkey
];
};
autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.3";
localAddress = "10.233.2.4";
};
}
{
#onondaga
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
@ -249,13 +218,12 @@ in {
<stockholm/lass/2configs/repo-sync.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
<stockholm/lass/2configs/iodined.nix>
<stockholm/lass/2configs/monitoring/server.nix>
<stockholm/lass/2configs/monitoring/monit-alarms.nix>
<stockholm/lass/2configs/paste.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
{ # quasi bepasty.nix
imports = [
<stockholm/lass/2configs/bepasty.nix>
@ -336,6 +304,35 @@ in {
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
];
}
<stockholm/lass/2configs/go.nix>
{
environment.systemPackages = [ pkgs.cryptsetup ];
systemd.services."container@red".reloadIfChanged = mkForce false;
containers.red = {
config = { ... }: {
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.3";
localAddress = "10.233.2.4";
};
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
enableACME = true;
addSSL = true;
locations."/" = {
extraConfig = ''
proxy_set_header Host rote-allez-fraktion.de;
proxy_pass http://10.233.2.4;
'';
};
};
}
];
krebs.build.host = config.krebs.hosts.prism;

31
lass/1systems/red/config.nix Normal file
View File

@ -0,0 +1,31 @@
with import <stockholm/lib>;
{ config, lib, pkgs, ... }:
let
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
servephpBB
;
in
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/websites>
<stockholm/lass/2configs/websites/sqlBackup.nix>
(servephpBB [ "rote-allez-fraktion.de" ])
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
];
krebs.build.host = config.krebs.hosts.red;
boot.isContainer = true;
networking.useDHCP = false;
services.nginx.enable = true;
environment.variables.NIX_REMOTE = "daemon";
environment.systemPackages = [
pkgs.mk_sql_pair
];
}

3
lass/1systems/echelon/source.nix → lass/1systems/red/source.nix
View File

@ -1,3 +1,4 @@
import <stockholm/lass/source.nix> {
name = "echelon";
name = "red";
secure = true;
}

2
lass/1systems/shodan/config.nix
View File

@ -15,9 +15,9 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
];
krebs.build.host = config.krebs.hosts.shodan;

1
lass/1systems/skynet/config.nix
View File

@ -9,7 +9,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
#<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/backups.nix>
{
# discordius config
services.xserver.enable = true;

6
lass/1systems/xerxes/source.nix
View File

@ -2,10 +2,4 @@ with import <stockholm/lib>;
import <stockholm/lass/source.nix> {
name = "xerxes";
secure = true;
override = {
nixpkgs.git = mkForce {
url = https://github.com/lassulus/nixpkgs;
ref = "3eccd0b";
};
};
}

20
lass/2configs/backup.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, ... }:
with import <stockholm/lib>;
{
fileSystems = {
"/backups" = {
device = "/dev/pool/backup";
fsType = "ext4";
};
};
users.users.backup = {
useDefaultShell = true;
home = "/backups";
createHome = true;
openssh.authorizedKeys.keys = with config.krebs.hosts; [
mors.ssh.pubkey
prism.ssh.pubkey
];
};
}

173
lass/2configs/backups.nix
View File

@ -1,173 +0,0 @@
{ config, lib, ... }:
with import <stockholm/lib>;
{
# TODO add timerConfig to krebs.backup and randomize startup
# TODO define plans more abstract
krebs.backup.plans = {
} // mapAttrs (_: recursiveUpdate {
snapshots = {
daily = { format = "%Y-%m-%d"; retain = 7; };
weekly = { format = "%YW%W"; retain = 4; };
monthly = { format = "%Y-%m"; retain = 12; };
yearly = { format = "%Y"; };
};
}) {
dishfire-http-prism = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
startAt = "03:00";
};
dishfire-http-icarus = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-http"; };
startAt = "03:10";
};
dishfire-http-mors = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
startAt = "03:05";
};
dishfire-http-shodan = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-http"; };
startAt = "03:10";
};
dishfire-sql-prism = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
startAt = "03:15";
};
dishfire-sql-icarus = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-sql"; };
startAt = "03:25";
};
dishfire-sql-mors = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
startAt = "03:20";
};
dishfire-sql-shodan = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-sql"; };
startAt = "03:25";
};
prism-bitlbee-icarus = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-bitlbee"; };
startAt = "03:25";
};
prism-bitlbee-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
startAt = "03:25";
};
prism-bitlbee-shodan = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-bitlbee"; };
startAt = "03:25";
};
prism-chat-icarus = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-chat"; };
startAt = "03:35";
};
prism-chat-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
startAt = "03:30";
};
prism-chat-shodan = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-chat"; };
startAt = "03:35";
};
prism-sql-icarus = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-sql_dumps"; };
startAt = "03:45";
};
prism-sql-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
startAt = "03:40";
};
prism-sql-shodan = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-sql_dumps"; };
startAt = "03:45";
};
prism-http-icarus = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-http"; };
startAt = "03:55";
};
prism-http-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
startAt = "03:50";
};
prism-http-shodan = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-http"; };
startAt = "03:55";
};
icarus-home-mors = {
method = "pull";
src = { host = config.krebs.hosts.icarus; path = "/home"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/icarus-home"; };
startAt = "05:00";
};
icarus-home-shodan = {
method = "push";
src = { host = config.krebs.hosts.icarus; path = "/home"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/icarus-home"; };
startAt = "05:00";
};
mors-home-icarus = {
method = "push";
src = { host = config.krebs.hosts.mors; path = "/home"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/mors-home"; };
startAt = "05:00";
};
mors-home-shodan = {
method = "push";
src = { host = config.krebs.hosts.mors; path = "/home"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; };
startAt = "05:00";
};
shodan-home-icarus = {
method = "pull";
src = { host = config.krebs.hosts.shodan; path = "/home"; };
dst = { host = config.krebs.hosts.icarus; path = "/bku/shodan-home"; };
startAt = "04:00";
};
shodan-home-mors = {
method = "pull";
src = { host = config.krebs.hosts.shodan; path = "/home"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/shodan-home"; };
startAt = "04:00";
};
};
}

1
lass/2configs/baseX.nix
View File

@ -9,7 +9,6 @@ in {
./power-action.nix
./copyq.nix
./livestream.nix
./dns-stuff.nix
./urxvt.nix
./network-manager.nix
{

10
lass/2configs/bitcoin.nix
View File

@ -10,9 +10,6 @@ in {
krebs.per-user.bitcoin.packages = [
pkgs.electrum
];
krebs.per-user.ethereum.packages = [
pkgs.go-ethereum
];
users.extraUsers = {
bch = {
name = "bch";
@ -28,13 +25,6 @@ in {
useDefaultShell = true;
createHome = true;
};
ethereum = {
name = "ethereum";
description = "user for ethereum stuff";
home = "/home/ethereum";
useDefaultShell = true;
createHome = true;
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL

79
lass/2configs/browsers.nix
View File

@ -21,59 +21,37 @@ let
$BIN "$@"
'';
createChromiumUser = name: extraGroups: precedence:
let
bin = pkgs.writeScriptBin name ''
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
'';
in {
users.extraUsers.${name} = {
inherit name;
inherit extraGroups;
home = "/home/${name}";
uid = genid name;
useDefaultShell = true;
createHome = true;
createUser = script: name: groups: precedence: dpi:
{
lass.xjail.${name} = {
inherit script groups dpi;
};
environment.systemPackages = [
config.lass.xjail-bins.${name}
(pkgs.writeDashBin "cx-${name}" ''
DISPLAY=:${toString (genid_signed name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip
'')
];
lass.browser.paths.${name} = {
path = bin;
path = config.lass.xjail-bins.${name};
inherit precedence;
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
environment.systemPackages = [
bin
];
};
createFirefoxUser = name: extraGroups: precedence:
let
bin = pkgs.writeScriptBin name ''
/var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@
'';
in {
users.extraUsers.${name} = {
inherit name;
inherit extraGroups;
home = "/home/${name}";
uid = genid name;
useDefaultShell = true;
createHome = true;
};
lass.browser.paths.${name} = {
path = bin;
inherit precedence;
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
environment.systemPackages = [
bin
];
};
createChromiumUser = name: groups: precedence:
createUser (pkgs.writeDash name ''
${pkgs.chromium}/bin/chromium "$@"
'') name groups precedence 80;
#TODO: abstract this
createFirefoxUser = name: groups: precedence:
createUser (pkgs.writeDash name ''
${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@"
'') name groups precedence 80;
createQuteUser = name: groups: precedence:
createUser (pkgs.writeDash name ''
${pkgs.qutebrowser}/bin/qutebrowser "$@"
'') name groups precedence 60;
in {
@ -110,12 +88,13 @@ in {
}));
};
}
( createQuteUser "qb" [ "audio" ] 20 )
( createFirefoxUser "ff" [ "audio" ] 10 )
( createChromiumUser "cr" [ "video" "audio" ] 9 )
( createChromiumUser "cr" [ "audio" ] 9 )
( createChromiumUser "gm" [ "video" "audio" ] 8 )
( createChromiumUser "wk" [ "video" "audio" ] 0 )
( createChromiumUser "fb" [ "video" "audio" ] 0 )
( createChromiumUser "com" [ "video" "audio" ] 0 )
( createChromiumUser "wk" [ "audio" ] 0 )
( createChromiumUser "fb" [ "audio" ] 0 )
( createChromiumUser "com" [ "audio" ] 0 )
( createChromiumUser "fin" [] (-1) )
];
}

1
lass/2configs/dcso-dev.nix
View File

@ -9,6 +9,7 @@ in {
dev = {
name = "dev";
uid = genid "dev";
extraGroups = [ "docker" ];
description = "user for collaborative development";
home = "/home/dev";
useDefaultShell = true;

3
lass/2configs/default.nix
View File

@ -6,10 +6,9 @@ with import <stockholm/lib>;
./gc.nix
./mc.nix
./vim.nix
./monitoring/client.nix
./monitoring/node-exporter.nix
./zsh.nix
./htop.nix
./backups.nix
./security-workarounds.nix
{
users.extraUsers =

16
lass/2configs/dns-stuff.nix
View File

@ -1,16 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
services.dnscrypt-proxy = {
enable = true;
localAddress = "127.1.0.1";
customResolver = {
address = config.krebs.hosts.gum.nets.internet.ip4.addr;
port = 15251;
name = "2.dnscrypt-cert.euer.krebsco.de";
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
};
};
services.resolved.enable = true;
services.resolved.fallbackDns = [ "127.1.0.1" ];
}

2
lass/2configs/exim-smarthost.nix
View File

@ -78,6 +78,8 @@ with import <stockholm/lib>;
{ from = "github@lassul.us"; to = lass.mail; }
{ from = "ovh@lassul.us"; to = lass.mail; }
{ from = "hetzner@lassul.us"; to = lass.mail; }
{ from = "allygator@lassul.us"; to = lass.mail; }
{ from = "immoscout@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

4
lass/2configs/games.nix
View File

@ -3,7 +3,7 @@
let
mainUser = config.users.extraUsers.mainUser;
vdoom = pkgs.writeDash "vdoom" ''
${pkgs.zandronum-bin}/bin/zandronum \
${pkgs.zandronum}/bin/zandronum \
-fov 120 \
"$@"
'';
@ -50,7 +50,7 @@ let
vdoomserver = pkgs.writeDashBin "vdoomserver" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${pkgs.zandronum-bin}/bin/zandronum-server \
${pkgs.zandronum}/bin/zandronum-server \
+exec ${doomservercfg} \
"$@"
'';

2
lass/2configs/gc.nix
View File

@ -3,6 +3,6 @@
with import <stockholm/lib>;
{
nix.gc = {
automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ];
automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
};
}

14
lass/2configs/git.nix
View File

@ -57,6 +57,16 @@ let
cgit.desc = "Fork of nix-user-chroot my lethalman";
cgit.section = "software";
};
nixos-aws = {
collaborators = [ {
name = "fabio";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
} ];
};
krops = {
cgit.desc = "krebs deployment";
cgit.section = "software";
};
} // mapAttrs make-public-repo-silent {
};
@ -70,8 +80,8 @@ let
import <secrets/repos.nix> { inherit config lib pkgs; }
);
make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name;
make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: {
inherit cgit collaborators name;
public = true;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {

19
lass/2configs/go.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
{
krebs.go = {
enable = true;
};
services.nginx = {
enable = true;
virtualHosts.go = {
locations."/".extraConfig = ''
proxy_set_header Host go.lassul.us;
proxy_pass http://localhost:1337;
'';
serverAliases = [
"go.lassul.us"
];
};
};
}

23
lass/2configs/mail.nix
View File

@ -8,6 +8,16 @@ let
logfile ~/.msmtp.log
account prism
host prism.r
account c-base
from lassulus@c-base.org
host c-mail.c-base.org
port 465
tls on
tls_starttls off
tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4
auth on
user lassulus
passwordeval pass show c-base/pass
account default: prism
'';
@ -36,9 +46,11 @@ let
];
dezentrale = [ "to:dezentrale.space" ];
dhl = [ "to:dhl@lassul.us" ];
eloop = [ "to:eloop.org" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
lugs = [ "to:lugs@lug-s.org" ];
nix-devel = [ "to:nix-devel@googlegroups.com" ];
patreon = [ "to:patreon@lassul.us" ];
paypal = [ "to:paypal@lassul.us" ];
@ -63,9 +75,9 @@ let
muttrc = pkgs.writeText "muttrc" ''
# gpg
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc
set pgp_use_gpg_agent = yes
set pgp_sign_as = 0x976A7E4D
set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D
set crypt_autosign = yes
set crypt_replyencrypt = yes
set crypt_verify_sig = yes
@ -183,7 +195,7 @@ let
name = "mutt";
paths = [
(pkgs.writeDashBin "mutt" ''
exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@
exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@
'')
pkgs.neomutt
];
@ -194,8 +206,11 @@ in {
msmtp
mutt
pkgs.much
pkgs.notmuch
tag-new-mails
tag-old-mails
];
nixpkgs.config.packageOverrides = opkgs: {
notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; }));
};
}

26
lass/2configs/monitoring/client.nix
View File

@ -1,26 +0,0 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
{
services.telegraf = {
enable = true;
extraConfig = {
agent.interval = "1s";
outputs = {
influxdb = {
urls = ["http://prism:8086"];
database = "telegraf_db";
user_agent = "telegraf";
};
};
inputs = {
cpu = {
percpu = false;
totalcpu = true;
};
mem = {};
net = {};
};
};
};
}

44
lass/2configs/monitoring/monit-alarms.nix
View File

@ -1,44 +0,0 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
let
echoToIrc = msg:
pkgs.writeDash "echo_irc" ''
set -euf
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
'';
in {
krebs.monit = {
enable = true;
http.enable = true;
alarms = {
nirwanabluete = {
test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
alarm = echoToIrc "test nirwanabluete failed";
};
ubik = {
test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
alarm = echoToIrc "test ubik failed";
};
cac-panel = {
test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
alarm = echoToIrc "test cac-panel failed";
};
radio = {
test = pkgs.writeBash "check_stream" ''
${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
| ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
| ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
'';
alarm = echoToIrc "test radio failed";
};
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
];
}

15
lass/2configs/monitoring/node-exporter.nix Normal file
View File

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
{
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
];
services.prometheus.exporters = {
node = {
enable = true;
enabledCollectors = [
"systemd"
];
};
};
}

217
lass/2configs/monitoring/prometheus-server.nix Normal file
View File

@ -0,0 +1,217 @@
{ pkgs, lib, config, ... }:
{
#networking = {
# firewall.allowedTCPPorts = [
# 3000 # grafana
# 9090 # prometheus
# 9093 # alertmanager
# ];
# useDHCP = true;
#};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; }
];
services = {
prometheus = {
enable = true;
extraFlags = [
"-storage.local.retention 8760h"
"-storage.local.series-file-shrink-ratio 0.3"
"-storage.local.memory-chunks 2097152"
"-storage.local.max-chunks-to-persist 1048576"
"-storage.local.index-cache-size.fingerprint-to-metric 2097152"
"-storage.local.index-cache-size.fingerprint-to-timerange 1048576"
"-storage.local.index-cache-size.label-name-to-label-values 2097152"
"-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
];
alertmanagerURL = [ "http://localhost:9093" ];
rules = [
''
ALERT node_down
IF up == 0
FOR 5m
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: Node is down.",
description = "{{$labels.alias}} has been down for more than 5 minutes."
}
ALERT node_systemd_service_failed
IF node_systemd_unit_state{state="failed"} == 1
FOR 4m
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
}
ALERT node_filesystem_full_90percent
IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
FOR 5m
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
}
ALERT node_filesystem_full_in_4h
IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
FOR 5m
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
}
ALERT node_filedescriptors_full_in_3h
IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
FOR 20m
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
}
ALERT node_load1_90percent
IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
FOR 1h
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: Running on high load.",
description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
}
ALERT node_cpu_util_90percent
IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
FOR 1h
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: High CPU utilization.",
description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
}
ALERT node_ram_using_90percent
IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
FOR 30m
LABELS {
severity="page"
}
ANNOTATIONS {
summary="{{$labels.alias}}: Using lots of RAM.",
description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
}
ALERT node_swap_using_80percent
IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8
FOR 10m
LABELS {
severity="page"
}
ANNOTATIONS {
summary="{{$labels.alias}}: Running out of swap soon.",
description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
}
''
];
scrapeConfigs = [
{
job_name = "node";
scrape_interval = "10s";
static_configs = [
{
targets = [
] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts));
#labels = {
# alias = "prometheus.example.com";
#};
}
];
}
];
alertmanager = {
enable = true;
listenAddress = "0.0.0.0";
configuration = {
"global" = {
"smtp_smarthost" = "smtp.example.com:587";
"smtp_from" = "alertmanager@example.com";
};
"route" = {
"group_by" = [ "alertname" "alias" ];
"group_wait" = "30s";
"group_interval" = "2m";
"repeat_interval" = "4h";
"receiver" = "team-admins";
};
"receivers" = [
{
"name" = "team-admins";
"email_configs" = [
{
"to" = "devnull@example.com";
"send_resolved" = true;
}
];
"webhook_configs" = [
{
"url" = "https://example.com/prometheus-alerts";
"send_resolved" = true;
}
];
}
];
};
};
};
grafana = {
enable = true;
addr = "0.0.0.0";
domain = "grafana.example.com";
rootUrl = "https://grafana.example.com/";
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
};
};
services.logstash = {
enable = true;
inputConfig = ''
http {
port => 14813
host => "127.0.0.1"
}
'';
filterConfig = ''
if ([alerts]) {
ruby {
code => '
lines = []
event["alerts"].each {|p|
lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}"
}
event["output"] = lines.join("\n")
'
}
}
'';
outputConfig = ''
file { path => "/tmp/logs.json" codec => "json_lines" }
irc {
channels => [ "#noise" ]
host => "irc.r"
nick => "alarm"
codec => "json_lines"
format => "%{output}"
}
'';
#plugins = [ ];
};
}

87
lass/2configs/monitoring/server.nix
View File

@ -1,87 +0,0 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
{
services.influxdb.enable = true;
services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":8086";
admin.bind-address = ":8083";
http.log-enabled = false;
monitoring = {
enabled = false;
# write-interval = "24h";
};
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
database = "collectd_db";
port = 25826;
}];
};
krebs.kapacitor =
let
db = "telegraf_db";
echoToIrc = pkgs.writeDash "echo_irc" ''
set -euf
data="$(${pkgs.jq}/bin/jq -r .message)"
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
irc.r 6667 prism-alarm \#noise "$data" >/dev/null
'';
in {
enable = true;
alarms = {
cpu = {
database = db;
text = ''
var data = batch
|query(${"'''"}
SELECT mean("usage_user") AS mean
FROM "${db}"."default"."cpu"
${"'''"})
.period(10m)
.every(1m)
.groupBy('host')
data |alert()
.crit(lambda: "mean" > 90)
.exec('${echoToIrc}')
data |deadman(1.0,5m)
.stateChangesOnly()
.exec('${echoToIrc}')
'';
};
ram = {
database = db;
text = ''
var data = batch
|query(${"'''"}
SELECT mean("used_percent") AS mean
FROM "${db}"."default"."mem"
${"'''"})
.period(10m)
.every(1m)
.groupBy('host')
data |alert()
.crit(lambda: "mean" > 90)
.exec('${echoToIrc}')
'';
};
};
};
services.grafana = {
enable = true;
addr = "0.0.0.0";
auth.anonymous.enable = true;
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
];
}

8
lass/2configs/network-manager.nix
View File

@ -14,7 +14,13 @@
RestartSec = "5";
};
};
networking.networkmanager.enable = true;
networking.networkmanager = {
enable = true;
unmanaged = [
"docker*"
"vboxnet*"
];
};
users.users.mainUser = {
extraGroups = [ "networkmanager" ];
packages = with pkgs; [

5
lass/2configs/privoxy.nix
View File

@ -3,10 +3,5 @@
{
services.privoxy = {
enable = true;
extraConfig = ''
#use polipo
forward / localhost:8123
'';
};
services.polipo.enable = true;
}

Some files were not shown because too many files have changed in this diff Show More