Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
6cef97deb3
2
ci.nix
2
ci.nix
@ -16,6 +16,6 @@ let
|
||||
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
|
||||
|
||||
build = host: owner:
|
||||
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";});
|
||||
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";});
|
||||
|
||||
in mapAttrs (n: h: build n h.owner.name) ci-systems
|
||||
|
@ -161,6 +161,7 @@ in
|
||||
|
||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.ulrich.pubkey
|
||||
config.krebs.users.raute.pubkey
|
||||
config.krebs.users.makefu-omo.pubkey
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
|
||||
];
|
||||
|
@ -14,12 +14,8 @@ with import <stockholm/lib>;
|
||||
};
|
||||
plugins = with pkgs.ReaktorPlugins; [
|
||||
sed-plugin
|
||||
task-add
|
||||
task-delete
|
||||
task-done
|
||||
task-list
|
||||
] ++
|
||||
(attrValues (todo "agenda"))
|
||||
(attrValues (task "agenda"))
|
||||
;
|
||||
};
|
||||
krebs.secret.files.nix-serve-key = {
|
||||
|
@ -10,12 +10,8 @@ with import <stockholm/lib>;
|
||||
};
|
||||
plugins = with pkgs.ReaktorPlugins; [
|
||||
sed-plugin
|
||||
task-add
|
||||
task-delete
|
||||
task-done
|
||||
task-list
|
||||
] ++
|
||||
(attrValues (todo "agenda"))
|
||||
(attrValues (task "agenda"))
|
||||
;
|
||||
};
|
||||
}
|
||||
|
484
krebs/3modules/external/default.nix
vendored
484
krebs/3modules/external/default.nix
vendored
@ -8,132 +8,34 @@ with import <stockholm/lib>;
|
||||
} // optionalAttrs (host.nets?retiolum) {
|
||||
nets.retiolum.ip6.addr =
|
||||
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||
} // optionalAttrs (host.nets?wiregrill) {
|
||||
nets.wiregrill.ip6.addr =
|
||||
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
||||
});
|
||||
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
||||
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
|
||||
|
||||
in {
|
||||
hosts = mapAttrs hostDefaults {
|
||||
sokrateslaptop = {
|
||||
owner = config.krebs.users.sokratess;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.142.104";
|
||||
aliases = [
|
||||
"sokrateslaptop.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
|
||||
t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
|
||||
rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
|
||||
egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
|
||||
aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
|
||||
VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
kruck = {
|
||||
owner = config.krebs.users.palo;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.201";
|
||||
aliases = [
|
||||
"kruck.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
|
||||
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
|
||||
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
|
||||
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
|
||||
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
|
||||
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
|
||||
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
|
||||
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
|
||||
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
|
||||
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
|
||||
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
scardanelli = {
|
||||
owner = config.krebs.users.kmein;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.2.2";
|
||||
aliases = [
|
||||
"scardanelli.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
|
||||
MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
|
||||
UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
|
||||
kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
|
||||
gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
|
||||
we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
|
||||
QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
|
||||
SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
|
||||
2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
|
||||
m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
|
||||
FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
|
||||
lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
homeros = {
|
||||
owner = config.krebs.users.kmein;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.2.1";
|
||||
aliases = [
|
||||
"homeros.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
|
||||
ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
|
||||
6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
|
||||
RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
|
||||
vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
|
||||
+LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
|
||||
QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
|
||||
fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
|
||||
VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
|
||||
k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
|
||||
gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
|
||||
mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
turingmachine = {
|
||||
dpdkm = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = {
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.168";
|
||||
aliases = [
|
||||
"turingmachine.r"
|
||||
];
|
||||
ip4.addr = "10.243.29.173";
|
||||
aliases = [ "dpdkm.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
|
||||
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
|
||||
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
|
||||
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
|
||||
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
|
||||
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
|
||||
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
|
||||
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
|
||||
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
|
||||
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
|
||||
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
|
||||
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
|
||||
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
|
||||
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
|
||||
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
|
||||
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
|
||||
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
|
||||
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
|
||||
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
|
||||
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
|
||||
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
|
||||
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
@ -177,83 +79,6 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
rock = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.171";
|
||||
aliases = [ "rock.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
|
||||
DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
|
||||
HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
|
||||
mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
|
||||
Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
|
||||
Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
|
||||
91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
|
||||
fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
|
||||
3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
|
||||
ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
|
||||
cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
inspector = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "141.76.44.154";
|
||||
aliases = [ "inspector.i" ];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.29.172";
|
||||
aliases = [ "inspector.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
|
||||
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
|
||||
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
|
||||
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
|
||||
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
|
||||
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
|
||||
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
|
||||
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
|
||||
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
|
||||
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
|
||||
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
dpdkm = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.173";
|
||||
aliases = [ "dpdkm.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
|
||||
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
|
||||
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
|
||||
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
|
||||
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
|
||||
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
|
||||
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
|
||||
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
|
||||
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
|
||||
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
|
||||
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
eve = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = rec {
|
||||
@ -289,6 +114,71 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
homeros = {
|
||||
owner = config.krebs.users.kmein;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.2.1";
|
||||
aliases = [
|
||||
"homeros.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
|
||||
ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
|
||||
6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
|
||||
RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
|
||||
vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
|
||||
+LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
|
||||
QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
|
||||
fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
|
||||
VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
|
||||
k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
|
||||
gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
|
||||
mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
justraute = {
|
||||
owner = config.krebs.users.raute; # laptop
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.183.231";
|
||||
aliases = [
|
||||
"justraute.r"
|
||||
];
|
||||
tinc.pubkey = tinc-for "justraute";
|
||||
};
|
||||
};
|
||||
};
|
||||
kruck = {
|
||||
owner = config.krebs.users.palo;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.201";
|
||||
aliases = [
|
||||
"kruck.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
|
||||
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
|
||||
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
|
||||
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
|
||||
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
|
||||
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
|
||||
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
|
||||
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
|
||||
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
|
||||
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
|
||||
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
qubasa = {
|
||||
owner = config.krebs.users.qubasa;
|
||||
nets = {
|
||||
@ -314,21 +204,215 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
rock = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.171";
|
||||
aliases = [ "rock.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
|
||||
DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
|
||||
HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
|
||||
mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
|
||||
Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
|
||||
Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
|
||||
91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
|
||||
fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
|
||||
3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
|
||||
ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
|
||||
cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
scardanelli = {
|
||||
owner = config.krebs.users.kmein;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.2.2";
|
||||
aliases = [
|
||||
"scardanelli.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
|
||||
MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
|
||||
UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
|
||||
kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
|
||||
gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
|
||||
we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
|
||||
QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
|
||||
SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
|
||||
2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
|
||||
m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
|
||||
FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
|
||||
lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
sokrateslaptop = {
|
||||
owner = config.krebs.users.sokratess;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.142.104";
|
||||
aliases = [
|
||||
"sokrateslaptop.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
|
||||
t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
|
||||
rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
|
||||
egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
|
||||
aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
|
||||
VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
tpsw = {
|
||||
cores = 2;
|
||||
owner = config.krebs.users.ciko; # main laptop
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.183.236";
|
||||
aliases = [
|
||||
"tpsw.r"
|
||||
];
|
||||
tinc.pubkey = tinc-for "tpsw";
|
||||
};
|
||||
};
|
||||
};
|
||||
turingmachine = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.168";
|
||||
aliases = [
|
||||
"turingmachine.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
|
||||
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
|
||||
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
|
||||
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
|
||||
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
|
||||
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
|
||||
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
|
||||
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
|
||||
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
|
||||
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
|
||||
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
inspector = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "141.76.44.154";
|
||||
aliases = [ "inspector.i" ];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.29.172";
|
||||
aliases = [ "inspector.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
|
||||
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
|
||||
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
|
||||
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
|
||||
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
|
||||
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
|
||||
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
|
||||
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
|
||||
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
|
||||
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
|
||||
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
matchbox = {
|
||||
owner = config.krebs.users.Mic92;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.29.176";
|
||||
aliases = [ "matchbox.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
|
||||
VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
|
||||
nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
|
||||
TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
|
||||
TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
|
||||
yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
|
||||
4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
|
||||
Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
|
||||
bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
|
||||
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
|
||||
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
miaoski = {
|
||||
owner = config.krebs.users.miaoski;
|
||||
nets = {
|
||||
wiregrill = {
|
||||
aliases = [ "miaoski.w" ];
|
||||
wireguard = {
|
||||
pubkey = "8haz9JX5nAMORzNy89VdHC1Z9XA94ogaZsY3d2Rfkl4=";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
users = {
|
||||
Mic92 = {
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
|
||||
mail = "joerg@higgsboson.tk";
|
||||
ciko = {
|
||||
mail = "wieczorek.stefan@googlemail.com";
|
||||
};
|
||||
exco = {
|
||||
mail = "dickbutt@excogitation.de";
|
||||
pubkey = ssh-for "exco";
|
||||
};
|
||||
kmein = {
|
||||
mail = "kieran.meinhardt@gmail.com";
|
||||
pubkey = ssh-for "kmein";
|
||||
};
|
||||
Mic92 = {
|
||||
mail = "joerg@higgsboson.tk";
|
||||
pubkey = ssh-for "Mic92";
|
||||
};
|
||||
palo = {
|
||||
};
|
||||
sokratess = {
|
||||
};
|
||||
qubasa = {
|
||||
mail = "luis.nixos@gmail.com";
|
||||
};
|
||||
raute = {
|
||||
mail = "macxylo@gmail.com";
|
||||
pubkey = ssh-for "raute";
|
||||
};
|
||||
sokratess = {
|
||||
};
|
||||
ulrich = {
|
||||
mail = "shackspace.de@myvdr.de";
|
||||
pubkey = ssh-for "ulrich";
|
||||
};
|
||||
miaoski = {
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
1
krebs/3modules/external/ssh/Mic92.pub
vendored
Normal file
1
krebs/3modules/external/ssh/Mic92.pub
vendored
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE
|
1
krebs/3modules/external/ssh/kmein.pub
vendored
Normal file
1
krebs/3modules/external/ssh/kmein.pub
vendored
Normal file
@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com
|
1
krebs/3modules/external/ssh/raute.pub
vendored
Normal file
1
krebs/3modules/external/ssh/raute.pub
vendored
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH385gr3BAKJ92k1FaOLx2wFMgDFTmupOcww5g/bEAsO raute@wolf
|
14
krebs/3modules/external/tinc/justraute.pub
vendored
Normal file
14
krebs/3modules/external/tinc/justraute.pub
vendored
Normal file
@ -0,0 +1,14 @@
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0FJ2Wh7y8lgXOLXR2VQh
|
||||
BsERf4uoWQ2UZexxv5bo6H9aYmyc+pA7q9ScP+ljKIXHLG3RbskIDFJLfs2HHS2u
|
||||
rCD3Pv71Ihx8fgmP7VdJktvFV8uBbDk2YF28Kd198ggEPL9ki1+LKzauTv0CCBcK
|
||||
O78VgN8v+l42v+oQSFk30FBYCpvld39dv74etb4/T4zmn7H3RNH+gPU1T0dge4yu
|
||||
xdlCk4TmNXWcw3cDvcCDDJFblH100IWRZ8enH4wHC5LvSKcYCqiiILsKAPuS8/J0
|
||||
cUePfRln1ZJDvR8AlO8ejRU7PC7550JbyqRbu0oAro2fLz7BOAJi6v8SbPU4GUaT
|
||||
uFDwJsIqcRnnC8a7N4DouDyUUnTWdTtuDtl0R/I9SYY/u4MhgmFI8bribhwDMmdC
|
||||
V7UM+023cC/mM9TqCPP0xdy3oiTXRyWk9aNEWep4box/VXmNsJ0hjeIi/W06eXBZ
|
||||
0j5T3wKnuxSzktyhq8Jt4zJEuarBfwGBcxNf+3CHuKjfN7SAxmQZCRwS/2cPcNDS
|
||||
HkApVsqTdOuLaXnoCJQyxvMQt70OCXmOs/bk0ZAcqNRJ+gYot1duplB+15+ro07j
|
||||
3sLbwUMsfpC40CnHd3s1w74/5l1DAc9Mo4I5xX0QH7PCgVzJ9wEctonaItWzT/q4
|
||||
vElG9ULoGQb0prlJC35i738CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
8
krebs/3modules/external/tinc/tpsw.pub
vendored
Normal file
8
krebs/3modules/external/tinc/tpsw.pub
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
|
||||
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
|
||||
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
|
||||
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
|
||||
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
|
||||
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
@ -91,7 +91,6 @@ in {
|
||||
};
|
||||
wiregrill = {
|
||||
via = internet;
|
||||
ip4.addr = "10.244.1.1";
|
||||
ip6.addr = w6 "1";
|
||||
aliases = [
|
||||
"prism.w"
|
||||
@ -99,7 +98,6 @@ in {
|
||||
wireguard = {
|
||||
pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
|
||||
subnets = [
|
||||
"10.244.1.0/24"
|
||||
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
|
||||
(krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
|
||||
];
|
||||
@ -278,7 +276,7 @@ in {
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.133.115";
|
||||
ip6.addr = r6 "dead";
|
||||
ip6.addr = r6 "daed";
|
||||
aliases = [
|
||||
"daedalus.r"
|
||||
"cgit.daedalus.r"
|
||||
@ -294,8 +292,14 @@ in {
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
wiregrill = {
|
||||
ip6.addr = w6 "daed";
|
||||
aliases = [
|
||||
"daedalus.w"
|
||||
];
|
||||
wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI=";
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
|
||||
};
|
||||
@ -474,7 +478,6 @@ in {
|
||||
phone = {
|
||||
nets = {
|
||||
wiregrill = {
|
||||
ip4.addr = "10.244.1.2";
|
||||
ip6.addr = w6 "a";
|
||||
aliases = [
|
||||
"phone.w"
|
||||
|
@ -992,57 +992,6 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
} // { # hosts only maintained in stockholm, not owned by me
|
||||
muhbaasu = rec {
|
||||
owner = config.krebs.users.root;
|
||||
cores = 1;
|
||||
nets = {
|
||||
internet = {
|
||||
ip4.addr = "217.160.206.154";
|
||||
aliases = [
|
||||
"muhbaasu.i"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.139.184";
|
||||
aliases = [
|
||||
"muhbaasu.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0f4C4xKXpnyV1ig03O2Kef8ag+/5WGkW90uxEBb/h5NY9barex+Z
|
||||
KqVbkPdHhwoCIINuCVcOnJXzeo0FZtSEq3zVhscVm0PVdNfjct8a9KMsK0iUmuul
|
||||
5WD9Glh5/1wkEmbRfVxDErhssz1b8YmFOAGQn+ujO/Znn3BLv36uKQvpqU2y5bzb
|
||||
+rVnq3eE1bCSeuj41bgEve8+vxpforjLO6gbE91mwp3Ol6nkkp6CjpG+aFTuLCAj
|
||||
YR0MIl2gGwskOGSI38QxlLouOlIGwus5f+KfC94ZP0pMwu5pT45UOUkVnlBXuZ9E
|
||||
igNHG2Vtm76nB3yYHndOvuDTOufatX61dQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
tpsw = {
|
||||
cores = 2;
|
||||
owner = config.krebs.users.ciko; # main laptop
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.183.236";
|
||||
aliases = [
|
||||
"tpsw.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
|
||||
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
|
||||
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
|
||||
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
|
||||
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
|
||||
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
users = rec {
|
||||
makefu = {
|
||||
@ -1079,16 +1028,5 @@ in {
|
||||
inherit (makefu) mail pgp;
|
||||
pubkey = pub-for "makefu.bob";
|
||||
};
|
||||
ciko = {
|
||||
mail = "wieczorek.stefan@googlemail.com";
|
||||
};
|
||||
ulrich = {
|
||||
pubkey = pub-for "ulrich";
|
||||
mail = "shackspace.de@myvdr.de";
|
||||
};
|
||||
exco = {
|
||||
mail = "dickbutt@excogitation.de";
|
||||
pubkey = pub-for "exco";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -146,58 +146,36 @@ rec {
|
||||
'';
|
||||
});
|
||||
|
||||
taskrcFile = builtins.toFile "taskrc" ''
|
||||
confirmation=no
|
||||
'';
|
||||
|
||||
task-add = buildSimpleReaktorPlugin "task-add" {
|
||||
pattern = "^task-add: (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "task-add" ''
|
||||
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} add "$*"
|
||||
'';
|
||||
};
|
||||
|
||||
task-list = buildSimpleReaktorPlugin "task-list" {
|
||||
pattern = "^task-list";
|
||||
script = pkgs.writeDash "task-list" ''
|
||||
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"'
|
||||
'';
|
||||
};
|
||||
|
||||
task-delete = buildSimpleReaktorPlugin "task-delete" {
|
||||
pattern = "^task-delete: (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "task-delete" ''
|
||||
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} delete "$*"
|
||||
'';
|
||||
};
|
||||
|
||||
task-done = buildSimpleReaktorPlugin "task-done" {
|
||||
pattern = "^task-done: (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "task-done" ''
|
||||
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} done "$*"
|
||||
'';
|
||||
};
|
||||
|
||||
todo = name: {
|
||||
add = buildSimpleReaktorPlugin "${name}-add" {
|
||||
task = name: let
|
||||
rcFile = builtins.toFile "taskrc" ''
|
||||
confirmation=no
|
||||
'';
|
||||
in {
|
||||
add = buildSimpleReaktorPlugin "${name}-task-add" {
|
||||
pattern = "^${name}-add: (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "${name}-add" ''
|
||||
echo "$*" >> ${name}-todo
|
||||
echo "added ${name} todo"
|
||||
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$*"
|
||||
'';
|
||||
};
|
||||
delete = buildSimpleReaktorPlugin "${name}-delete" {
|
||||
|
||||
list = buildSimpleReaktorPlugin "task-list" {
|
||||
pattern = "^${name}-list";
|
||||
script = pkgs.writeDash "task-list" ''
|
||||
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"'
|
||||
'';
|
||||
};
|
||||
|
||||
delete = buildSimpleReaktorPlugin "task-delete" {
|
||||
pattern = "^${name}-delete: (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "${name}-delete" ''
|
||||
${pkgs.gnugrep}/bin/grep -Fvxe "$*" ${name}-todo > ${name}-todo.tmp
|
||||
${pkgs.coreutils}/bin/mv ${name}-todo.tmp ${name}-todo
|
||||
echo "removed ${name} todo: $*"
|
||||
script = pkgs.writeDash "task-delete" ''
|
||||
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$*"
|
||||
'';
|
||||
};
|
||||
show = buildSimpleReaktorPlugin "${name}-show" {
|
||||
pattern = "^${name}-show$";
|
||||
script = pkgs.writeDash "${name}-show" ''
|
||||
${pkgs.coreutils}/bin/cat ${name}-todo
|
||||
|
||||
done = buildSimpleReaktorPlugin "task-done" {
|
||||
pattern = "^${name}-done: (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "task-done" ''
|
||||
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$*"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -9,15 +9,15 @@
|
||||
|
||||
krebs-source = { test ? false }: rec {
|
||||
nixpkgs = if test then {
|
||||
file = {
|
||||
path = toString (pkgs.fetchFromGitHub {
|
||||
derivation = ''
|
||||
with import <nixpkgs> {};
|
||||
pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs";
|
||||
rev = (lib.importJSON ./nixpkgs.json).rev;
|
||||
sha256 = (lib.importJSON ./nixpkgs.json).sha256;
|
||||
});
|
||||
useChecksum = true;
|
||||
};
|
||||
rev = "${(lib.importJSON ./nixpkgs.json).rev}";
|
||||
sha256 = "${(lib.importJSON ./nixpkgs.json).sha256}";
|
||||
}
|
||||
'';
|
||||
} else {
|
||||
git = {
|
||||
ref = (lib.importJSON ./nixpkgs.json).rev;
|
||||
|
@ -1,7 +1,7 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs-channels",
|
||||
"rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c",
|
||||
"date": "2018-11-24T00:40:22-05:00",
|
||||
"sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq",
|
||||
"rev": "0396345b79436f54920f7eb651ab42acf2eb7973",
|
||||
"date": "2018-12-30T21:22:33-05:00",
|
||||
"sha256": "10wd0wsair6dlilgaviqw2p9spgcf8qg736bzs08jha0f4zfqjs4",
|
||||
"fetchSubmodules": false
|
||||
}
|
||||
|
@ -1,11 +1,14 @@
|
||||
{ lib, pkgs, ... }:
|
||||
{
|
||||
nixpkgs = lib.mkForce {
|
||||
file = toString (pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs";
|
||||
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
|
||||
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
|
||||
});
|
||||
derivation = ''
|
||||
with import <nixpkgs> {};
|
||||
pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs";
|
||||
rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}";
|
||||
sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}";
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
@ -6,9 +6,8 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
<stockholm/lass/2configs/nfs-dl.nix>
|
||||
{
|
||||
# bubsy config
|
||||
users.users.bubsy = {
|
||||
@ -72,6 +71,7 @@ with import <stockholm/lib>;
|
||||
#remote control
|
||||
environment.systemPackages = with pkgs; [
|
||||
x11vnc
|
||||
torbrowser
|
||||
];
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
|
||||
|
@ -35,6 +35,7 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/print.nix>
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
<stockholm/lass/2configs/network-manager.nix>
|
||||
<stockholm/lass/2configs/nfs-dl.nix>
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
#risk of rain
|
||||
@ -147,6 +148,7 @@ with import <stockholm/lib>;
|
||||
OnCalendar = "00:37";
|
||||
};
|
||||
|
||||
nixpkgs.config.android_sdk.accept_license = true;
|
||||
programs.adb.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
||||
virtualisation.docker.enable = true;
|
||||
|
@ -82,6 +82,13 @@ with import <stockholm/lib>;
|
||||
];
|
||||
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
|
||||
};
|
||||
users.users.kmein = {
|
||||
uid = genid_uint31 "kmein";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.kmein.pubkey
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
#hotdog
|
||||
@ -309,7 +316,7 @@ with import <stockholm/lib>;
|
||||
{ precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
|
||||
];
|
||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||
{ v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; }
|
||||
{ v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; }
|
||||
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
|
||||
];
|
||||
services.dnsmasq = {
|
||||
@ -390,6 +397,28 @@ with import <stockholm/lib>;
|
||||
ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
|
||||
chown download: /var/download/finished
|
||||
'';
|
||||
|
||||
fileSystems."/export/download" = {
|
||||
device = "/var/lib/containers/yellow/var/download";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
services.nfs.server = {
|
||||
enable = true;
|
||||
exports = ''
|
||||
/export 42::/16(insecure,ro,crossmnt)
|
||||
'';
|
||||
lockdPort = 4001;
|
||||
mountdPort = 4002;
|
||||
statdPort = 4000;
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
|
||||
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
|
||||
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
|
||||
{ predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
|
||||
{ predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
|
||||
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -40,6 +40,16 @@
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/nextcloud" = {
|
||||
device = "tank/nextcloud";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/libvirt" = {
|
||||
device = "tank/libvirt";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
nix.maxJobs = lib.mkDefault 8;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
|
||||
|
@ -79,7 +79,6 @@ in {
|
||||
taskwarrior
|
||||
termite
|
||||
xclip
|
||||
xephyrify
|
||||
xorg.xbacklight
|
||||
xorg.xhost
|
||||
xsel
|
||||
|
@ -95,6 +95,7 @@ with import <stockholm/lib>;
|
||||
{ from = "lesswrong@lassul.us"; to = lass.mail; }
|
||||
{ from = "nordvpn@lassul.us"; to = lass.mail; }
|
||||
{ from = "csv-direct@lassul.us"; to = lass.mail; }
|
||||
{ from = "nintendo@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
@ -3,6 +3,6 @@
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
nix.gc = {
|
||||
automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
|
||||
automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer);
|
||||
};
|
||||
}
|
||||
|
@ -51,7 +51,7 @@ let
|
||||
eloop = [ "to:eloop.org" ];
|
||||
github = [ "to:github@lassul.us" ];
|
||||
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
|
||||
india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ];
|
||||
india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ];
|
||||
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
|
||||
lugs = [ "to:lugs@lug-s.org" ];
|
||||
meetup = [ "to:meetup@lassul.us" ];
|
||||
|
7
lass/2configs/nfs-dl.nix
Normal file
7
lass/2configs/nfs-dl.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{
|
||||
fileSystems."/mnt/prism" = {
|
||||
device = "prism.w:/export";
|
||||
fsType = "nfs";
|
||||
};
|
||||
}
|
||||
|
@ -88,6 +88,20 @@ in {
|
||||
file_uploads = on
|
||||
'';
|
||||
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
hostName = "o.xanf.org";
|
||||
config = {
|
||||
adminpassFile = toString <secrets> + "/nextcloud_pw";
|
||||
};
|
||||
#https = true;
|
||||
nginx.enable = true;
|
||||
};
|
||||
services.nginx.virtualHosts."o.xanf.org" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
|
||||
# MAIL STUFF
|
||||
# TODO: make into its own module
|
||||
services.dovecot2 = {
|
||||
|
@ -63,6 +63,9 @@ in {
|
||||
locations."= /retiolum.hosts".extraConfig = ''
|
||||
alias ${pkgs.retiolum-hosts};
|
||||
'';
|
||||
locations."= /wireguard-key".extraConfig = ''
|
||||
alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
|
||||
'';
|
||||
locations."/tinc".extraConfig = ''
|
||||
alias ${config.krebs.tinc_graphs.workingDir}/external;
|
||||
'';
|
||||
@ -98,6 +101,9 @@ in {
|
||||
locations."/pub".extraConfig = ''
|
||||
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
|
||||
'';
|
||||
locations."/pub1".extraConfig = ''
|
||||
alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
|
||||
'';
|
||||
};
|
||||
|
||||
security.acme.certs."cgit.lassul.us" = {
|
||||
|
@ -20,9 +20,7 @@
|
||||
|
||||
lass.mysqlBackup = {
|
||||
enable = true;
|
||||
config.all = {
|
||||
password = toString (<secrets/mysql_rootPassword>);
|
||||
};
|
||||
config.all = {};
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -14,6 +14,5 @@ _:
|
||||
./umts.nix
|
||||
./usershadow.nix
|
||||
./xjail.nix
|
||||
./xserver
|
||||
];
|
||||
}
|
||||
|
@ -41,7 +41,7 @@ let
|
||||
};
|
||||
location = mkOption {
|
||||
type = str;
|
||||
default = "/bku/sql_dumps";
|
||||
default = "/backups/sql_dumps";
|
||||
};
|
||||
};
|
||||
}));
|
||||
@ -51,11 +51,9 @@ let
|
||||
|
||||
imp = {
|
||||
|
||||
#systemd.timers =
|
||||
# mapAttrs (_: plan: {
|
||||
# wantedBy = [ "timers.target" ];
|
||||
# timerConfig = plan.timerConfig;
|
||||
#}) cfg.config;
|
||||
services.mysql.ensureUsers = [
|
||||
{ ensurePermissions = { "*.*" = "ALL"; }; name = "root"; }
|
||||
];
|
||||
|
||||
systemd.services =
|
||||
mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
|
||||
@ -75,8 +73,10 @@ let
|
||||
|
||||
|
||||
start = plan: let
|
||||
backupScript = plan: db:
|
||||
"mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz";
|
||||
backupScript = plan: db: ''
|
||||
mkdir -p ${plan.location}
|
||||
mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz
|
||||
'';
|
||||
|
||||
in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
|
||||
${concatMapStringsSep "\n" (backupScript plan) plan.databases}
|
||||
|
@ -1,103 +0,0 @@
|
||||
{ config, pkgs, ... }@args:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
|
||||
out = {
|
||||
options.lass.xserver = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
user = config.krebs.build.user;
|
||||
|
||||
cfg = config.lass.xserver;
|
||||
xcfg = config.services.xserver;
|
||||
api = {
|
||||
enable = mkEnableOption "lass xserver";
|
||||
};
|
||||
imp = {
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
display = 11;
|
||||
tty = 11;
|
||||
};
|
||||
|
||||
systemd.services.display-manager.enable = false;
|
||||
|
||||
systemd.services.xmonad = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "xserver.service" ];
|
||||
environment = {
|
||||
DISPLAY = ":${toString xcfg.display}";
|
||||
|
||||
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
|
||||
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
|
||||
${xcfg.displayManager.sessionCommands}
|
||||
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
|
||||
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
|
||||
fi
|
||||
export DBUS_SESSION_BUS_ADDRESS
|
||||
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
|
||||
wait
|
||||
'';
|
||||
|
||||
XMONAD_DATA_DIR = "/tmp";
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "xmonad";
|
||||
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
|
||||
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
|
||||
User = user.name;
|
||||
WorkingDirectory = user.home;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.xserver = {
|
||||
after = [
|
||||
"systemd-udev-settle.service"
|
||||
"local-fs.target"
|
||||
"acpid.service"
|
||||
];
|
||||
reloadIfChanged = true;
|
||||
environment = {
|
||||
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
|
||||
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
|
||||
LD_LIBRARY_PATH = concatStringsSep ":" (
|
||||
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
|
||||
++ concatLists (catAttrs "libPath" xcfg.drivers));
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "xserver";
|
||||
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||
ExecStart = toString [
|
||||
"${pkgs.xorg.xorgserver}/bin/X"
|
||||
":${toString xcfg.display}"
|
||||
"vt${toString xcfg.tty}"
|
||||
"-config ${import ./xserver.conf.nix args}"
|
||||
"-logfile /dev/null -logverbose 0 -verbose 3"
|
||||
"-nolisten tcp"
|
||||
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
|
||||
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
|
||||
];
|
||||
User = user.name;
|
||||
};
|
||||
};
|
||||
krebs.xresources.resources.dpi = ''
|
||||
${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"}
|
||||
'';
|
||||
systemd.services.urxvtd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
reloadIfChanged = true;
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "urxvtd";
|
||||
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||
ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
|
||||
Restart = "always";
|
||||
RestartSec = "2s";
|
||||
StartLimitBurst = 0;
|
||||
User = user.name;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
in out
|
@ -1,40 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
cfg = config.services.xserver;
|
||||
in
|
||||
|
||||
pkgs.stdenv.mkDerivation {
|
||||
name = "xserver.conf";
|
||||
|
||||
xfs = optionalString (cfg.useXFS != false)
|
||||
''FontPath "${toString cfg.useXFS}"'';
|
||||
|
||||
inherit (cfg) config;
|
||||
|
||||
buildCommand =
|
||||
''
|
||||
echo 'Section "Files"' >> $out
|
||||
echo $xfs >> $out
|
||||
|
||||
for i in ${toString config.fonts.fonts}; do
|
||||
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
|
||||
for j in $(find $i -name fonts.dir); do
|
||||
echo " FontPath \"$(dirname $j)\"" >> $out
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
for i in $(find ${toString cfg.modules} -type d); do
|
||||
if test $(echo $i/*.so* | wc -w) -ne 0; then
|
||||
echo " ModulePath \"$i\"" >> $out
|
||||
fi
|
||||
done
|
||||
|
||||
echo 'EndSection' >> $out
|
||||
|
||||
echo "$config" >> $out
|
||||
'';
|
||||
}
|
@ -11,10 +11,7 @@ pkgs.writeHaskellPackage "xmonad-lass" {
|
||||
"xmonad-stockholm"
|
||||
];
|
||||
text = /* haskell */ ''
|
||||
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
|
||||
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
|
||||
{-# LANGUAGE LambdaCase #-}
|
||||
{-# LANGUAGE ScopedTypeVariables #-}
|
||||
|
||||
|
||||
module Main where
|
||||
@ -28,7 +25,7 @@ import System.Environment (getArgs, lookupEnv)
|
||||
import System.Exit (exitFailure)
|
||||
import System.IO (hPutStrLn, stderr)
|
||||
import System.Posix.Process (executeFile)
|
||||
import XMonad.Actions.CopyWindow (copy, kill1)
|
||||
import XMonad.Actions.CopyWindow (copy, copyToAll, kill1)
|
||||
import XMonad.Actions.CycleWS (toggleWS)
|
||||
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
|
||||
import XMonad.Actions.DynamicWorkspaces (withWorkspace)
|
||||
@ -149,6 +146,8 @@ myKeyMap =
|
||||
|
||||
, ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
|
||||
|
||||
, ("M4-<F2>", windows copyToAll)
|
||||
|
||||
, ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" ''
|
||||
export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
|
||||
exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
|
||||
|
@ -38,6 +38,9 @@
|
||||
})
|
||||
];
|
||||
networking.wireless.enable = true;
|
||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.Mic92.pubkey
|
||||
];
|
||||
|
||||
# File systems configuration for using the installer's partition layout
|
||||
fileSystems = {
|
||||
|
@ -21,6 +21,7 @@ in {
|
||||
];
|
||||
};
|
||||
}
|
||||
<stockholm/makefu/2configs/support-nixos.nix>
|
||||
# <stockholm/makefu/2configs/stats/client.nix>
|
||||
<stockholm/makefu/2configs/stats/netdata-server.nix>
|
||||
|
||||
@ -123,7 +124,6 @@ in {
|
||||
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
||||
# <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
||||
<stockholm/makefu/2configs/nginx/iso.euer.nix>
|
||||
<stockholm/krebs/2configs/cache.nsupdate.info.nix>
|
||||
|
||||
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
||||
<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||
@ -131,6 +131,7 @@ in {
|
||||
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
||||
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
|
||||
<stockholm/makefu/2configs/bgt/hidden_service.nix>
|
||||
<stockholm/makefu/2configs/bgt/backup.nix>
|
||||
|
||||
# <stockholm/makefu/2configs/logging/client.nix>
|
||||
|
||||
|
@ -11,6 +11,7 @@ in {
|
||||
./hw/omo.nix
|
||||
#./hw/tsp.nix
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/support-nixos.nix>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/backup/state.nix>
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
|
20
makefu/2configs/bgt/backup.nix
Normal file
20
makefu/2configs/bgt/backup.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{
|
||||
# Manual steps:
|
||||
# 1. ssh-copy-id root ssh-key to the remotes you want to back up
|
||||
# 2. run `rsnapshot hourly` manually as root to check if everything works
|
||||
services.rsnapshot = {
|
||||
enable = true;
|
||||
cronIntervals = {
|
||||
daily = "50 21 * * *";
|
||||
hourly = "0 */4 * * *";
|
||||
};
|
||||
extraConfig = ''
|
||||
retain hourly 5
|
||||
retain daily 365
|
||||
snapshot_root /var/backup
|
||||
backup root@binaergewitter.jit.computer:/opt/isso jit
|
||||
backup root@binaergewitter.jit.computer:/etc/systemd/system/isso.service jit
|
||||
backup root@binaergewitter.jit.computer:/etc/nginx/conf.d/isso.conf jit
|
||||
'';
|
||||
};
|
||||
}
|
@ -3,6 +3,8 @@
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
ident = (builtins.readFile ./auphonic.pub);
|
||||
bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
|
||||
bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
|
||||
in {
|
||||
services.openssh = {
|
||||
allowSFTP = true;
|
||||
@ -21,6 +23,19 @@ in {
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
|
||||
};
|
||||
services.logrotate = {
|
||||
enable = true;
|
||||
config = ''
|
||||
${bgtaccess} ${bgterror} {
|
||||
rotate 5
|
||||
weekly
|
||||
create 600 nginx nginx
|
||||
postrotate
|
||||
${pkgs.systemd}/bin/systemctl reload nginx
|
||||
endscript
|
||||
}
|
||||
'';
|
||||
};
|
||||
services.nginx = {
|
||||
enable = lib.mkDefault true;
|
||||
recommendedGzipSettings = true;
|
||||
@ -29,10 +44,21 @@ in {
|
||||
serverAliases = [ "dl2.binaergewitter.de" ];
|
||||
root = "/var/www/binaergewitter";
|
||||
extraConfig = ''
|
||||
access_log /var/spool/nginx/logs/binaergewitter.access.log combined;
|
||||
error_log /var/spool/nginx/logs/binaergewitter.error.log error;
|
||||
access_log ${bgtaccess} combined;
|
||||
error_log ${bgterror} error;
|
||||
autoindex on;
|
||||
'';
|
||||
};
|
||||
};
|
||||
environment.etc."netdata/python.d/web_log.conf".text = ''
|
||||
nginx_log3:
|
||||
name: 'nginx'
|
||||
path: '/var/spool/nginx/logs/access.log'
|
||||
nginx_log4:
|
||||
name: 'bgt'
|
||||
path: '${bgtaccess}'
|
||||
'';
|
||||
|
||||
users.users.netdata.extraGroups = [ "nginx" ];
|
||||
|
||||
}
|
||||
|
@ -169,6 +169,7 @@ in {
|
||||
( serveCloud [ "o.euer.krebsco.de" ] )
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
services.redis.enable = true;
|
||||
services.mysql = {
|
||||
enable = false;
|
||||
|
@ -1,4 +1,5 @@
|
||||
{pkgs, ... }: {
|
||||
imports = [ ./zsh.nix ];
|
||||
home-manager.users.makefu = {
|
||||
services.gpg-agent = {
|
||||
enable = true;
|
||||
@ -9,7 +10,34 @@
|
||||
enableSshSupport = true;
|
||||
enableScDaemon = true;
|
||||
};
|
||||
programs.fzf.enable = true; # alt-c
|
||||
programs.direnv = {
|
||||
stdlib = ''
|
||||
use_nix() {
|
||||
local cache=".direnv.$(nixos-version --hash)"
|
||||
|
||||
if [[ ! -e "$cache" ]] || \
|
||||
[[ "$HOME/.direnvrc" -nt "$cache" ]] || \
|
||||
[[ ".envrc" -nt "$cache" ]] || \
|
||||
[[ "default.nix" -nt "$cache" ]] || \
|
||||
[[ "shell.nix" -nt "$cache" ]];
|
||||
then
|
||||
local tmp="$(mktemp "$${cache}.tmp-XXXXXXXX")"
|
||||
trap "rm -rf '$tmp' >/dev/null" EXIT
|
||||
nix-shell --show-trace "$@" --run 'direnv dump' > "$tmp" && \
|
||||
mv "$tmp" "$cache"
|
||||
fi
|
||||
|
||||
direnv_load cat "$cache"
|
||||
|
||||
if [[ $# = 0 ]]; then
|
||||
watch_file default.nix
|
||||
watch_file shell.nix
|
||||
rm direnv.* 2>/dev/null
|
||||
fi
|
||||
}
|
||||
'';
|
||||
enableZshIntegration = true;
|
||||
};
|
||||
};
|
||||
services.udev.packages = [
|
||||
pkgs.libu2f-host
|
||||
|
@ -1,11 +1,13 @@
|
||||
{ pkgs, lib, ... }:
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
users.users.makefu.packages = with pkgs;[ bat direnv ];
|
||||
home-manager.users.makefu = {
|
||||
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
|
||||
programs.firefox.enable = true;
|
||||
programs.obs-studio.enable = true;
|
||||
xdg.enable = true;
|
||||
services.network-manager-applet.enable = true;
|
||||
systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
|
||||
services.blueman-applet.enable = true;
|
||||
services.pasystray.enable = true;
|
||||
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
|
||||
@ -34,7 +36,6 @@
|
||||
};
|
||||
|
||||
Service = {
|
||||
Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
|
||||
ExecStart = "${pkgs.clipit}/bin/clipit";
|
||||
Restart = "on-abort";
|
||||
};
|
||||
|
126
makefu/2configs/home-manager/zsh.nix
Normal file
126
makefu/2configs/home-manager/zsh.nix
Normal file
@ -0,0 +1,126 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
{ #direnv
|
||||
home-manager.users.makefu.home.packages = [ pkgs.direnv ];
|
||||
home-manager.users.makefu.home.file.".direnvrc".text = ''
|
||||
use_nix() {
|
||||
local path="$(nix-instantiate --find-file nixpkgs)"
|
||||
|
||||
if [ -f "$${path}/.version-suffix" ]; then
|
||||
local version="$(< $path/.version-suffix)"
|
||||
elif [ -f "$path/.version" ]; then
|
||||
local version="$(< $path/.version)"
|
||||
else
|
||||
local version="$(< $(< $path/.git/HEAD))"
|
||||
fi
|
||||
|
||||
local cache=".direnv/cache-''${version:-unknown}"
|
||||
|
||||
if [[ ! -e "$cache" ]] || \
|
||||
[[ "$HOME/.direnvrc" -nt "$cache" ]] || \
|
||||
[[ .envrc -nt "$cache" ]] || \
|
||||
[[ default.nix -nt "$cache" ]] || \
|
||||
[[ shell.nix -nt "$cache" ]];
|
||||
then
|
||||
[ -d .direnv ] || mkdir .direnv
|
||||
local tmp=$(nix-shell --show-trace "$@" \
|
||||
--run "\"$direnv\" dump bash")
|
||||
echo "$tmp" > "$cache"
|
||||
fi
|
||||
|
||||
local path_backup=$PATH term_backup=$TERM
|
||||
direnv_load cat "$cache"
|
||||
|
||||
export PATH=$PATH:$path_backup TERM=$term_backup
|
||||
|
||||
if [[ $# = 0 ]]; then
|
||||
watch_file default.nix
|
||||
watch_file shell.nix
|
||||
fi
|
||||
}
|
||||
'';
|
||||
home-manager.users.makefu.programs.zsh.initExtra = ''
|
||||
nixify() {
|
||||
if [ ! -e ./.envrc ]; then
|
||||
echo "use nix" > .envrc
|
||||
direnv allow
|
||||
fi
|
||||
if [ ! -e default.nix ]; then
|
||||
cat > default.nix <<'EOF'
|
||||
with import <nixpkgs> {};
|
||||
stdenv.mkDerivation {
|
||||
name = "env";
|
||||
buildInputs = [
|
||||
bashInteractive
|
||||
];
|
||||
}
|
||||
EOF
|
||||
${EDITOR:-vim} default.nix
|
||||
fi
|
||||
}
|
||||
eval "$(direnv hook zsh)"
|
||||
'';
|
||||
}
|
||||
{ # bat
|
||||
home-manager.users.makefu.home.packages = [ pkgs.bat ];
|
||||
home-manager.users.makefu.programs.zsh.shellAliases = {
|
||||
cat = "bat";
|
||||
catn = "${pkgs.coreutils}/bin/cat";
|
||||
};
|
||||
}
|
||||
];
|
||||
environment.pathsToLink = [ "/share/zsh" ];
|
||||
home-manager.users.makefu = {
|
||||
programs.fzf.enable = false; # alt-c
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
enableAutosuggestions = false;
|
||||
enableCompletion = true;
|
||||
oh-my-zsh.enable = false;
|
||||
history = {
|
||||
size = 900001;
|
||||
save = 900001;
|
||||
ignoreDups = true;
|
||||
extended = true;
|
||||
share = true;
|
||||
};
|
||||
sessionVariables = {
|
||||
TERM = "rxvt-unicode-256color";
|
||||
LANG = "en_US.UTF8";
|
||||
LS_COLORS = ":di=1;31:";
|
||||
EDITOR = "vim";
|
||||
};
|
||||
shellAliases = {
|
||||
lsl = "ls -lAtr";
|
||||
t = "task";
|
||||
xo = "mimeopen";
|
||||
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
|
||||
};
|
||||
initExtra = ''
|
||||
bindkey -e
|
||||
# shift-tab
|
||||
bindkey '^[[Z' reverse-menu-complete
|
||||
bindkey "\e[3~" delete-char
|
||||
zstyle ':completion:*' menu select
|
||||
|
||||
setopt HIST_IGNORE_ALL_DUPS
|
||||
setopt HIST_IGNORE_SPACE
|
||||
setopt HIST_FIND_NO_DUPS
|
||||
|
||||
unset SSH_AGENT_PID
|
||||
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
|
||||
compdef _pass brain
|
||||
zstyle ':completion::complete:brain::' prefix "$HOME/brain"
|
||||
compdef _pass secrets
|
||||
zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
|
||||
|
||||
# ctrl-x ctrl-e
|
||||
autoload -U edit-command-line
|
||||
zle -N edit-command-line
|
||||
bindkey '^xe' edit-command-line
|
||||
bindkey '^x^e' edit-command-line
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
4
makefu/2configs/hw/ssd.nix
Normal file
4
makefu/2configs/hw/ssd.nix
Normal file
@ -0,0 +1,4 @@
|
||||
{
|
||||
# ssd trimming
|
||||
services.fstrim.enable = true;
|
||||
}
|
@ -4,6 +4,7 @@ with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
./tpm.nix
|
||||
./ssd.nix
|
||||
];
|
||||
|
||||
boot.kernelModules = [
|
||||
@ -50,6 +51,7 @@ with import <stockholm/lib>;
|
||||
CPU_MAX_PERF_ON_BAT=30
|
||||
'';
|
||||
|
||||
|
||||
powerManagement.resumeCommands = ''
|
||||
${pkgs.rfkill}/bin/rfkill unblock all
|
||||
'';
|
||||
|
1
makefu/2configs/support-nixos.nix
Normal file
1
makefu/2configs/support-nixos.nix
Normal file
@ -0,0 +1 @@
|
||||
{ makefu.distrobump.enable = true; }
|
@ -1,83 +1,11 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
##
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
mainUser = config.krebs.build.user.name;
|
||||
in
|
||||
{
|
||||
users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
|
||||
programs.zsh= {
|
||||
enable = true;
|
||||
enableCompletion = true ; #manually at the end
|
||||
interactiveShellInit = ''
|
||||
HISTSIZE=900001
|
||||
HISTFILESIZE=$HISTSIZE
|
||||
SAVEHIST=$HISTSIZE
|
||||
HISTFILE=$HOME/.zsh_history
|
||||
|
||||
setopt HIST_IGNORE_ALL_DUPS
|
||||
setopt HIST_IGNORE_SPACE
|
||||
setopt HIST_FIND_NO_DUPS
|
||||
bindkey -e
|
||||
# shift-tab
|
||||
bindkey '^[[Z' reverse-menu-complete
|
||||
bindkey "\e[3~" delete-char
|
||||
zstyle ':completion:*' menu select
|
||||
|
||||
${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null
|
||||
GPG_TTY=$(tty)
|
||||
export GPG_TTY
|
||||
LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
|
||||
|
||||
unset SSH_AGENT_PID
|
||||
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
|
||||
|
||||
# fzf
|
||||
__fsel_fzf() {
|
||||
local cmd="''${FZF_CTRL_T_COMMAND:-"command find -L . -mindepth 1 \\( -path '*/\\.*' -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' \\) -prune \
|
||||
-o -type f -print \
|
||||
-o -type d -print \
|
||||
-o -type l -print 2> /dev/null | cut -b3-"}"
|
||||
setopt localoptions pipefail 2> /dev/null
|
||||
eval "$cmd" | FZF_DEFAULT_OPTS="--height ''${FZF_TMUX_HEIGHT:-40%} --reverse $FZF_DEFAULT_OPTS $FZF_CTRL_T_OPTS" $(__fzfcmd) -m "$@" | while read item; do
|
||||
echo -n "''${(q)item} "
|
||||
done
|
||||
local ret=$?
|
||||
echo
|
||||
return $ret
|
||||
}
|
||||
|
||||
__fzf_use_tmux__() {
|
||||
[ -n "$TMUX_PANE" ] && [ "''${FZF_TMUX:-0}" != 0 ] && [ ''${LINES:-40} -gt 15 ]
|
||||
}
|
||||
|
||||
__fzfcmd() {
|
||||
__fzf_use_tmux__ &&
|
||||
echo "fzf-tmux -d''${FZF_TMUX_HEIGHT:-40%}" || echo "fzf"
|
||||
}
|
||||
|
||||
fzf-file-widget() {
|
||||
LBUFFER="''${LBUFFER}$(__fsel_fzf)"
|
||||
local ret=$?
|
||||
zle redisplay
|
||||
typeset -f zle-line-init >/dev/null && zle zle-line-init
|
||||
return $ret
|
||||
}
|
||||
zle -N fzf-file-widget
|
||||
bindkey '^T' fzf-file-widget
|
||||
|
||||
compdef _pass brain
|
||||
zstyle ':completion::complete:brain::' prefix "$HOME/brain"
|
||||
compdef _pass secrets
|
||||
zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
|
||||
|
||||
# ctrl-x ctrl-e
|
||||
autoload -U edit-command-line
|
||||
zle -N edit-command-line
|
||||
bindkey '^xe' edit-command-line
|
||||
bindkey '^x^e' edit-command-line
|
||||
|
||||
'';
|
||||
enableCompletion = false; #manually at the end
|
||||
|
||||
promptInit = ''
|
||||
RPROMPT=""
|
||||
@ -93,8 +21,8 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
users.users.${mainUser}.packages = [
|
||||
pkgs.nix-zsh-completions
|
||||
pkgs.fzf
|
||||
];
|
||||
users.users.${mainUser} = {
|
||||
shell = "/run/current-system/sw/bin/zsh";
|
||||
packages = [ pkgs.nix-zsh-completions ];
|
||||
};
|
||||
}
|
||||
|
31
makefu/3modules/bump-distrowatch.nix
Normal file
31
makefu/3modules/bump-distrowatch.nix
Normal file
@ -0,0 +1,31 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.makefu.distrobump;
|
||||
|
||||
imp = {
|
||||
systemd.services.distrobump = {
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.curl ];
|
||||
restartIfChanged = false;
|
||||
startAt = "daily";
|
||||
serviceConfig = {
|
||||
PrivateTmp = true;
|
||||
Type = "oneshot";
|
||||
ExecStart = pkgs.writeDash "bump-distrowatch" ''
|
||||
set -euf
|
||||
UA='Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0'
|
||||
curl -Lvc /tmp/cookie.jar -A "$UA" 'https://distrowatch.com/' >/dev/null
|
||||
sleep $(shuf -i 3-15 -n1).$(shuf -i 0-9 -n1)
|
||||
curl -Lvc /tmp/cookie.jar -A "$UA" -e 'https://distrowatch.com/' 'https://distrowatch.com/nixos?frphr' >/dev/null
|
||||
'';
|
||||
RandomizedDelaySec = 28800;
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options.makefu.distrobump.enable = lib.mkEnableOption "distrobump";
|
||||
config = lib.mkIf cfg.enable imp;
|
||||
}
|
@ -3,6 +3,7 @@ _:
|
||||
{
|
||||
imports = [
|
||||
./awesome-extra.nix
|
||||
./bump-distrowatch.nix
|
||||
./deluge.nix
|
||||
./forward-journal.nix
|
||||
./netdata.nix
|
||||
|
@ -10,15 +10,16 @@ stdenv.mkDerivation rec {
|
||||
version = "0.1";
|
||||
|
||||
src = fetchzip {
|
||||
url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip";
|
||||
sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0";
|
||||
url = "https://archive.org/download/ns-atmosphere-programmer/ns-atmosphere-programmer-ubuntu-64bit-v01.zip";
|
||||
# original source: http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-ubuntu-64bit-v01.zip
|
||||
sha256 = "1cnyydsmrcpfwpdiry7qybh179499wpbvlzq5rk442hq9ak416ri";
|
||||
};
|
||||
|
||||
buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ];
|
||||
nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
|
||||
|
||||
installPhase = ''
|
||||
install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere
|
||||
install -D -m755 NS-Atmosphere $out/bin/NS-Atmosphere
|
||||
wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
|
||||
--suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share'
|
||||
'';
|
||||
@ -26,7 +27,7 @@ stdenv.mkDerivation rec {
|
||||
dontStrip = true;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Payload programmer for ns-atmosphere injector";
|
||||
description = "Payload programmer for ns-atmosphere injector for nintendo switch";
|
||||
homepage = http://www.ns-atmosphere.com;
|
||||
maintainers = [ maintainers.makefu ];
|
||||
platforms = platforms.linux;
|
||||
|
195
makefu/5pkgs/xdcc-dl/default.nix
Normal file
195
makefu/5pkgs/xdcc-dl/default.nix
Normal file
@ -0,0 +1,195 @@
|
||||
# generated using pypi2nix tool (version: 1.8.0)
|
||||
# See more at: https://github.com/garbas/pypi2nix
|
||||
#
|
||||
# COMMAND:
|
||||
# pypi2nix -V 3.6 -r ./lol
|
||||
#
|
||||
|
||||
{ pkgs ? import <nixpkgs> {}
|
||||
}:
|
||||
|
||||
let
|
||||
|
||||
inherit (pkgs) makeWrapper;
|
||||
inherit (pkgs.stdenv.lib) fix' extends inNixShell;
|
||||
|
||||
pythonPackages =
|
||||
import "${toString pkgs.path}/pkgs/top-level/python-packages.nix" {
|
||||
inherit pkgs;
|
||||
inherit (pkgs) stdenv;
|
||||
python = pkgs.python36;
|
||||
};
|
||||
|
||||
commonBuildInputs = [];
|
||||
commonDoCheck = false;
|
||||
|
||||
withPackages = pkgs':
|
||||
let
|
||||
pkgs = builtins.removeAttrs pkgs' ["__unfix__"];
|
||||
interpreter = pythonPackages.buildPythonPackage {
|
||||
name = "python36-interpreter";
|
||||
buildInputs = [ makeWrapper ] ++ (builtins.attrValues pkgs);
|
||||
buildCommand = ''
|
||||
mkdir -p $out/bin
|
||||
ln -s ${pythonPackages.python.interpreter} $out/bin/${pythonPackages.python.executable}
|
||||
for dep in ${builtins.concatStringsSep " " (builtins.attrValues pkgs)}; do
|
||||
if [ -d "$dep/bin" ]; then
|
||||
for prog in "$dep/bin/"*; do
|
||||
if [ -f $prog ]; then
|
||||
ln -s $prog $out/bin/`basename $prog`
|
||||
fi
|
||||
done
|
||||
fi
|
||||
done
|
||||
for prog in "$out/bin/"*; do
|
||||
wrapProgram "$prog" --prefix PYTHONPATH : "$PYTHONPATH"
|
||||
done
|
||||
pushd $out/bin
|
||||
ln -s ${pythonPackages.python.executable} python
|
||||
popd
|
||||
'';
|
||||
passthru.interpreter = pythonPackages.python;
|
||||
};
|
||||
in {
|
||||
__old = pythonPackages;
|
||||
inherit interpreter;
|
||||
mkDerivation = pythonPackages.buildPythonPackage;
|
||||
packages = pkgs;
|
||||
overrideDerivation = drv: f:
|
||||
pythonPackages.buildPythonPackage (drv.drvAttrs // f drv.drvAttrs);
|
||||
withPackages = pkgs'':
|
||||
withPackages (pkgs // pkgs'');
|
||||
};
|
||||
|
||||
python = withPackages {};
|
||||
|
||||
generated = self: {
|
||||
inherit (pythonPackages) requests irc beautifulsoup4 six pyqt5;
|
||||
"PyExecJS" = python.mkDerivation {
|
||||
name = "PyExecJS-1.5.0";
|
||||
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/1c/a0/359e179605bbf3f6c6ed96c44e056eebed39732b67427f30d56e259934f2/PyExecJS-1.5.0.tar.gz"; sha256 = "99315766f8155eea195a3f4179b35cd8dc64b2360c081ae29d92c603c26aeaaa"; };
|
||||
doCheck = commonDoCheck;
|
||||
buildInputs = commonBuildInputs;
|
||||
propagatedBuildInputs = [
|
||||
self."six"
|
||||
];
|
||||
meta = with pkgs.stdenv.lib; {
|
||||
homepage = "";
|
||||
license = licenses.mit;
|
||||
description = "Run JavaScript code from Python";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
||||
"bs4" = python.mkDerivation {
|
||||
name = "bs4-0.0.1";
|
||||
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/10/ed/7e8b97591f6f456174139ec089c769f89a94a1a4025fe967691de971f314/bs4-0.0.1.tar.gz"; sha256 = "36ecea1fd7cc5c0c6e4a1ff075df26d50da647b75376626cc186e2212886dd3a"; };
|
||||
doCheck = commonDoCheck;
|
||||
buildInputs = commonBuildInputs;
|
||||
propagatedBuildInputs = [
|
||||
self."beautifulsoup4"
|
||||
];
|
||||
meta = with pkgs.stdenv.lib; {
|
||||
homepage = "";
|
||||
license = licenses.mit;
|
||||
description = "Screen-scraping library";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
"certifi" = python.mkDerivation {
|
||||
name = "certifi-2017.11.5";
|
||||
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/23/3f/8be01c50ed24a4bd6b8da799839066ce0288f66f5e11f0367323467f0cbc/certifi-2017.11.5.tar.gz"; sha256 = "5ec74291ca1136b40f0379e1128ff80e866597e4e2c1e755739a913bbc3613c0"; };
|
||||
doCheck = commonDoCheck;
|
||||
buildInputs = commonBuildInputs;
|
||||
propagatedBuildInputs = [ ];
|
||||
meta = with pkgs.stdenv.lib; {
|
||||
homepage = "";
|
||||
license = "MPL-2.0";
|
||||
description = "Python package for providing Mozilla's CA Bundle.";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
"cfscrape" = python.mkDerivation {
|
||||
name = "cfscrape-1.9.1";
|
||||
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/cf/9a/50d3844d67fe5507217fd47c9e382e769ab5f7d967b41c25ba3712c441c3/cfscrape-1.9.1.tar.gz"; sha256 = "9cee3708c643904eaa010a64dd1715890457bb77010d87405fc1bfeb892508d7"; };
|
||||
doCheck = commonDoCheck;
|
||||
buildInputs = commonBuildInputs;
|
||||
propagatedBuildInputs = [
|
||||
self."PyExecJS"
|
||||
self."requests"
|
||||
];
|
||||
meta = with pkgs.stdenv.lib; {
|
||||
homepage = "";
|
||||
license = "";
|
||||
description = "A simple Python module to bypass Cloudflare's anti-bot page. See https://github.com/Anorov/cloudflare-scrape for more information.";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
"typing" = python.mkDerivation {
|
||||
name = "typing-3.6.2";
|
||||
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/ca/38/16ba8d542e609997fdcd0214628421c971f8c395084085354b11ff4ac9c3/typing-3.6.2.tar.gz"; sha256 = "d514bd84b284dd3e844f0305ac07511f097e325171f6cc4a20878d11ad771849"; };
|
||||
doCheck = commonDoCheck;
|
||||
buildInputs = commonBuildInputs;
|
||||
propagatedBuildInputs = [ ];
|
||||
meta = with pkgs.stdenv.lib; {
|
||||
homepage = "";
|
||||
license = licenses.psfl;
|
||||
description = "Type Hints for Python";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
||||
"urwid" = python.mkDerivation {
|
||||
name = "urwid-1.3.1";
|
||||
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/85/5d/9317d75b7488c335b86bd9559ca03a2a023ed3413d0e8bfe18bea76f24be/urwid-1.3.1.tar.gz"; sha256 = "cfcec03e36de25a1073e2e35c2c7b0cc6969b85745715c3a025a31d9786896a1"; };
|
||||
doCheck = commonDoCheck;
|
||||
buildInputs = commonBuildInputs;
|
||||
propagatedBuildInputs = [ ];
|
||||
meta = with pkgs.stdenv.lib; {
|
||||
homepage = "";
|
||||
license = licenses.lgpl2;
|
||||
description = "A full-featured console (xterm et al.) user interface library";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
"xdcc-dl" = python.mkDerivation {
|
||||
name = "xdcc-dl-2.1.0";
|
||||
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/52/5a/1f1c8e77c212074d508701f208440bdfac4c6366de3f74fc9772a09369ef/xdcc_dl-2.1.0.tar.gz"; sha256 = "7071fca28de83ab0944b086a6dac0af053225b5663d9cf28a8dac868d81b2fc6"; };
|
||||
doCheck = commonDoCheck;
|
||||
buildInputs = commonBuildInputs;
|
||||
propagatedBuildInputs = [
|
||||
self."bs4"
|
||||
self."cfscrape"
|
||||
self."irc"
|
||||
self."requests"
|
||||
self."typing"
|
||||
self."urwid"
|
||||
];
|
||||
meta = with pkgs.stdenv.lib; {
|
||||
homepage = "";
|
||||
license = licenses.gpl3;
|
||||
description = "An XDCC File Downloader based on the irclib framework";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
in python.withPackages
|
||||
(fix' (pkgs.lib.fold
|
||||
extends
|
||||
generated
|
||||
[]
|
||||
)
|
||||
)
|
@ -27,15 +27,15 @@
|
||||
# TODO: we want to track the unstable channel
|
||||
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
|
||||
} else {
|
||||
file = {
|
||||
path = toString (pkgs.fetchFromGitHub {
|
||||
derivation = ''
|
||||
with import <nixpkgs> {};
|
||||
pkgs.fetchFromGitHub {
|
||||
owner = "makefu";
|
||||
repo = "nixpkgs";
|
||||
rev = nixpkgs-src.rev;
|
||||
sha256 = nixpkgs-src.sha256;
|
||||
});
|
||||
useChecksum = true;
|
||||
};
|
||||
rev = "${nixpkgs-src.rev}";
|
||||
sha256 = "${nixpkgs-src.sha256}";
|
||||
}
|
||||
'';
|
||||
};
|
||||
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user