Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse Source
This commit is contained in:
tv 2019-01-16 11:20:14 +01:00
commit 6cef97deb3
53 changed files with 914 additions and 599 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci.nix
View File

@ -16,6 +16,6 @@ let
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
build = host: owner:
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";});
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";});
in mapAttrs (n: h: build n h.owner.name) ci-systems

1
krebs/1systems/wolf/config.nix
View File

@ -161,6 +161,7 @@ in
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users.ulrich.pubkey
config.krebs.users.raute.pubkey
config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
];

6
krebs/2configs/reaktor-krebs.nix
View File

@ -14,12 +14,8 @@ with import <stockholm/lib>;
};
plugins = with pkgs.ReaktorPlugins; [
sed-plugin
task-add
task-delete
task-done
task-list
] ++
(attrValues (todo "agenda"))
(attrValues (task "agenda"))
;
};
krebs.secret.files.nix-serve-key = {

6
krebs/2configs/reaktor-retiolum.nix
View File

@ -10,12 +10,8 @@ with import <stockholm/lib>;
};
plugins = with pkgs.ReaktorPlugins; [
sed-plugin
task-add
task-delete
task-done
task-list
] ++
(attrValues (todo "agenda"))
(attrValues (task "agenda"))
;
};
}

484
krebs/3modules/external/default.nix vendored
View File

@ -8,132 +8,34 @@ with import <stockholm/lib>;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill.ip6.addr =
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
});
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in {
hosts = mapAttrs hostDefaults {
sokrateslaptop = {
owner = config.krebs.users.sokratess;
nets = {
retiolum = {
ip4.addr = "10.243.142.104";
aliases = [
"sokrateslaptop.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
aliases = [
"kruck.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
scardanelli = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.2";
aliases = [
"scardanelli.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
homeros = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.1";
aliases = [
"homeros.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
+LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
turingmachine = {
dpdkm = {
owner = config.krebs.users.Mic92;
nets = {
nets = rec {
retiolum = {
ip4.addr = "10.243.29.168";
aliases = [
"turingmachine.r"
];
ip4.addr = "10.243.29.173";
aliases = [ "dpdkm.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
@ -177,83 +79,6 @@ in {
};
};
};
rock = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.171";
aliases = [ "rock.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
inspector = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "141.76.44.154";
aliases = [ "inspector.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.172";
aliases = [ "inspector.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
dpdkm = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
aliases = [ "dpdkm.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
eve = {
owner = config.krebs.users.Mic92;
nets = rec {
@ -289,6 +114,71 @@ in {
};
};
};
homeros = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.1";
aliases = [
"homeros.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
+LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
justraute = {
owner = config.krebs.users.raute; # laptop
nets = {
retiolum = {
ip4.addr = "10.243.183.231";
aliases = [
"justraute.r"
];
tinc.pubkey = tinc-for "justraute";
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
aliases = [
"kruck.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
qubasa = {
owner = config.krebs.users.qubasa;
nets = {
@ -314,21 +204,215 @@ in {
};
};
};
rock = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.171";
aliases = [ "rock.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
scardanelli = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.2";
aliases = [
"scardanelli.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
sokrateslaptop = {
owner = config.krebs.users.sokratess;
nets = {
retiolum = {
ip4.addr = "10.243.142.104";
aliases = [
"sokrateslaptop.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
nets = {
retiolum = {
ip4.addr = "10.243.183.236";
aliases = [
"tpsw.r"
];
tinc.pubkey = tinc-for "tpsw";
};
};
};
turingmachine = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.168";
aliases = [
"turingmachine.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
inspector = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "141.76.44.154";
aliases = [ "inspector.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.172";
aliases = [ "inspector.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
matchbox = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.176";
aliases = [ "matchbox.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
miaoski = {
owner = config.krebs.users.miaoski;
nets = {
wiregrill = {
aliases = [ "miaoski.w" ];
wireguard = {
pubkey = "8haz9JX5nAMORzNy89VdHC1Z9XA94ogaZsY3d2Rfkl4=";
};
};
};
};
};
users = {
Mic92 = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
mail = "joerg@higgsboson.tk";
ciko = {
mail = "wieczorek.stefan@googlemail.com";
};
exco = {
mail = "dickbutt@excogitation.de";
pubkey = ssh-for "exco";
};
kmein = {
mail = "kieran.meinhardt@gmail.com";
pubkey = ssh-for "kmein";
};
Mic92 = {
mail = "joerg@higgsboson.tk";
pubkey = ssh-for "Mic92";
};
palo = {
};
sokratess = {
};
qubasa = {
mail = "luis.nixos@gmail.com";
};
raute = {
mail = "macxylo@gmail.com";
pubkey = ssh-for "raute";
};
sokratess = {
};
ulrich = {
mail = "shackspace.de@myvdr.de";
pubkey = ssh-for "ulrich";
};
miaoski = {
};
};
}

1
krebs/3modules/external/ssh/Mic92.pub vendored Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE

0
krebs/3modules/makefu/ssh/exco.pub → krebs/3modules/external/ssh/exco.pub vendored
View File

1
krebs/3modules/external/ssh/kmein.pub vendored Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com

1
krebs/3modules/external/ssh/raute.pub vendored Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH385gr3BAKJ92k1FaOLx2wFMgDFTmupOcww5g/bEAsO raute@wolf

0
krebs/3modules/makefu/ssh/ulrich.pub → krebs/3modules/external/ssh/ulrich.pub vendored
View File

14
krebs/3modules/external/tinc/justraute.pub vendored Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0FJ2Wh7y8lgXOLXR2VQh
BsERf4uoWQ2UZexxv5bo6H9aYmyc+pA7q9ScP+ljKIXHLG3RbskIDFJLfs2HHS2u
rCD3Pv71Ihx8fgmP7VdJktvFV8uBbDk2YF28Kd198ggEPL9ki1+LKzauTv0CCBcK
O78VgN8v+l42v+oQSFk30FBYCpvld39dv74etb4/T4zmn7H3RNH+gPU1T0dge4yu
xdlCk4TmNXWcw3cDvcCDDJFblH100IWRZ8enH4wHC5LvSKcYCqiiILsKAPuS8/J0
cUePfRln1ZJDvR8AlO8ejRU7PC7550JbyqRbu0oAro2fLz7BOAJi6v8SbPU4GUaT
uFDwJsIqcRnnC8a7N4DouDyUUnTWdTtuDtl0R/I9SYY/u4MhgmFI8bribhwDMmdC
V7UM+023cC/mM9TqCPP0xdy3oiTXRyWk9aNEWep4box/VXmNsJ0hjeIi/W06eXBZ
0j5T3wKnuxSzktyhq8Jt4zJEuarBfwGBcxNf+3CHuKjfN7SAxmQZCRwS/2cPcNDS
HkApVsqTdOuLaXnoCJQyxvMQt70OCXmOs/bk0ZAcqNRJ+gYot1duplB+15+ro07j
3sLbwUMsfpC40CnHd3s1w74/5l1DAc9Mo4I5xX0QH7PCgVzJ9wEctonaItWzT/q4
vElG9ULoGQb0prlJC35i738CAwEAAQ==
-----END PUBLIC KEY-----

8
krebs/3modules/external/tinc/tpsw.pub vendored Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
-----END RSA PUBLIC KEY-----

13
krebs/3modules/lass/default.nix
View File

@ -91,7 +91,6 @@ in {
};
wiregrill = {
via = internet;
ip4.addr = "10.244.1.1";
ip6.addr = w6 "1";
aliases = [
"prism.w"
@ -99,7 +98,6 @@ in {
wireguard = {
pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
subnets = [
"10.244.1.0/24"
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
(krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
];
@ -278,7 +276,7 @@ in {
nets = rec {
retiolum = {
ip4.addr = "10.243.133.115";
ip6.addr = r6 "dead";
ip6.addr = r6 "daed";
aliases = [
"daedalus.r"
"cgit.daedalus.r"
@ -294,8 +292,14 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
wiregrill = {
ip6.addr = w6 "daed";
aliases = [
"daedalus.w"
];
wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI=";
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
};
@ -474,7 +478,6 @@ in {
phone = {
nets = {
wiregrill = {
ip4.addr = "10.244.1.2";
ip6.addr = w6 "a";
aliases = [
"phone.w"

62
krebs/3modules/makefu/default.nix
View File

@ -992,57 +992,6 @@ in {
};
};
};
} // { # hosts only maintained in stockholm, not owned by me
muhbaasu = rec {
owner = config.krebs.users.root;
cores = 1;
nets = {
internet = {
ip4.addr = "217.160.206.154";
aliases = [
"muhbaasu.i"
];
};
retiolum = {
ip4.addr = "10.243.139.184";
aliases = [
"muhbaasu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0f4C4xKXpnyV1ig03O2Kef8ag+/5WGkW90uxEBb/h5NY9barex+Z
KqVbkPdHhwoCIINuCVcOnJXzeo0FZtSEq3zVhscVm0PVdNfjct8a9KMsK0iUmuul
5WD9Glh5/1wkEmbRfVxDErhssz1b8YmFOAGQn+ujO/Znn3BLv36uKQvpqU2y5bzb
+rVnq3eE1bCSeuj41bgEve8+vxpforjLO6gbE91mwp3Ol6nkkp6CjpG+aFTuLCAj
YR0MIl2gGwskOGSI38QxlLouOlIGwus5f+KfC94ZP0pMwu5pT45UOUkVnlBXuZ9E
igNHG2Vtm76nB3yYHndOvuDTOufatX61dQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
nets = {
retiolum = {
ip4.addr = "10.243.183.236";
aliases = [
"tpsw.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
};
users = rec {
makefu = {
@ -1079,16 +1028,5 @@ in {
inherit (makefu) mail pgp;
pubkey = pub-for "makefu.bob";
};
ciko = {
mail = "wieczorek.stefan@googlemail.com";
};
ulrich = {
pubkey = pub-for "ulrich";
mail = "shackspace.de@myvdr.de";
};
exco = {
mail = "dickbutt@excogitation.de";
pubkey = pub-for "exco";
};
};
}

68
krebs/5pkgs/simple/Reaktor/plugins.nix
View File

@ -146,58 +146,36 @@ rec {
'';
});
taskrcFile = builtins.toFile "taskrc" ''
confirmation=no
'';
task-add = buildSimpleReaktorPlugin "task-add" {
pattern = "^task-add: (?P<args>.*)$$";
script = pkgs.writeDash "task-add" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} add "$*"
'';
};
task-list = buildSimpleReaktorPlugin "task-list" {
pattern = "^task-list";
script = pkgs.writeDash "task-list" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"'
'';
};
task-delete = buildSimpleReaktorPlugin "task-delete" {
pattern = "^task-delete: (?P<args>.*)$$";
script = pkgs.writeDash "task-delete" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} delete "$*"
'';
};
task-done = buildSimpleReaktorPlugin "task-done" {
pattern = "^task-done: (?P<args>.*)$$";
script = pkgs.writeDash "task-done" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} done "$*"
'';
};
todo = name: {
add = buildSimpleReaktorPlugin "${name}-add" {
task = name: let
rcFile = builtins.toFile "taskrc" ''
confirmation=no
'';
in {
add = buildSimpleReaktorPlugin "${name}-task-add" {
pattern = "^${name}-add: (?P<args>.*)$$";
script = pkgs.writeDash "${name}-add" ''
echo "$*" >> ${name}-todo
echo "added ${name} todo"
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$*"
'';
};
delete = buildSimpleReaktorPlugin "${name}-delete" {
list = buildSimpleReaktorPlugin "task-list" {
pattern = "^${name}-list";
script = pkgs.writeDash "task-list" ''
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"'
'';
};
delete = buildSimpleReaktorPlugin "task-delete" {
pattern = "^${name}-delete: (?P<args>.*)$$";
script = pkgs.writeDash "${name}-delete" ''
${pkgs.gnugrep}/bin/grep -Fvxe "$*" ${name}-todo > ${name}-todo.tmp
${pkgs.coreutils}/bin/mv ${name}-todo.tmp ${name}-todo
echo "removed ${name} todo: $*"
script = pkgs.writeDash "task-delete" ''
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$*"
'';
};
show = buildSimpleReaktorPlugin "${name}-show" {
pattern = "^${name}-show$";
script = pkgs.writeDash "${name}-show" ''
${pkgs.coreutils}/bin/cat ${name}-todo
done = buildSimpleReaktorPlugin "task-done" {
pattern = "^${name}-done: (?P<args>.*)$$";
script = pkgs.writeDash "task-done" ''
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$*"
'';
};
};

14
krebs/krops.nix
View File

@ -9,15 +9,15 @@
krebs-source = { test ? false }: rec {
nixpkgs = if test then {
file = {
path = toString (pkgs.fetchFromGitHub {
derivation = ''
with import <nixpkgs> {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = (lib.importJSON ./nixpkgs.json).rev;
sha256 = (lib.importJSON ./nixpkgs.json).sha256;
});
useChecksum = true;
};
rev = "${(lib.importJSON ./nixpkgs.json).rev}";
sha256 = "${(lib.importJSON ./nixpkgs.json).sha256}";
}
'';
} else {
git = {
ref = (lib.importJSON ./nixpkgs.json).rev;

6
krebs/nixpkgs.json
View File

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c",
"date": "2018-11-24T00:40:22-05:00",
"sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq",
"rev": "0396345b79436f54920f7eb651ab42acf2eb7973",
"date": "2018-12-30T21:22:33-05:00",
"sha256": "10wd0wsair6dlilgaviqw2p9spgcf8qg736bzs08jha0f4zfqjs4",
"fetchSubmodules": false
}

15
lass/1systems/blue/source.nix
View File

@ -1,11 +1,14 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
file = toString (pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
});
derivation = ''
with import <nixpkgs> {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}";
sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}";
}
'';
};
}

4
lass/1systems/daedalus/config.nix
View File

@ -6,9 +6,8 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
{
# bubsy config
users.users.bubsy = {
@ -72,6 +71,7 @@ with import <stockholm/lib>;
#remote control
environment.systemPackages = with pkgs; [
x11vnc
torbrowser
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }

2
lass/1systems/mors/config.nix
View File

@ -35,6 +35,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/print.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
@ -147,6 +148,7 @@ with import <stockholm/lib>;
OnCalendar = "00:37";
};
nixpkgs.config.android_sdk.accept_license = true;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;

31
lass/1systems/prism/config.nix
View File

@ -82,6 +82,13 @@ with import <stockholm/lib>;
];
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
};
users.users.kmein = {
uid = genid_uint31 "kmein";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.kmein.pubkey
];
};
}
{
#hotdog
@ -309,7 +316,7 @@ with import <stockholm/lib>;
{ precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; }
{ v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; }
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
];
services.dnsmasq = {
@ -390,6 +397,28 @@ with import <stockholm/lib>;
ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
chown download: /var/download/finished
'';
fileSystems."/export/download" = {
device = "/var/lib/containers/yellow/var/download";
options = [ "bind" ];
};
services.nfs.server = {
enable = true;
exports = ''
/export 42::/16(insecure,ro,crossmnt)
'';
lockdPort = 4001;
mountdPort = 4002;
statdPort = 4000;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
];
}
];

10
lass/1systems/prism/physical.nix
View File

@ -40,6 +40,16 @@
fsType = "zfs";
};
fileSystems."/var/lib/nextcloud" = {
device = "tank/nextcloud";
fsType = "zfs";
};
fileSystems."/var/lib/libvirt" = {
device = "tank/libvirt";
fsType = "zfs";
};
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

1
lass/2configs/baseX.nix
View File

@ -79,7 +79,6 @@ in {
taskwarrior
termite
xclip
xephyrify
xorg.xbacklight
xorg.xhost
xsel

1
lass/2configs/exim-smarthost.nix
View File

@ -95,6 +95,7 @@ with import <stockholm/lib>;
{ from = "lesswrong@lassul.us"; to = lass.mail; }
{ from = "nordvpn@lassul.us"; to = lass.mail; }
{ from = "csv-direct@lassul.us"; to = lass.mail; }
{ from = "nintendo@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

2
lass/2configs/gc.nix
View File

@ -3,6 +3,6 @@
with import <stockholm/lib>;
{
nix.gc = {
automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer);
};
}

2
lass/2configs/mail.nix
View File

@ -51,7 +51,7 @@ let
eloop = [ "to:eloop.org" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ];
india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
lugs = [ "to:lugs@lug-s.org" ];
meetup = [ "to:meetup@lassul.us" ];

7
lass/2configs/nfs-dl.nix Normal file
View File

@ -0,0 +1,7 @@
{
fileSystems."/mnt/prism" = {
device = "prism.w:/export";
fsType = "nfs";
};
}

14
lass/2configs/websites/domsen.nix
View File

@ -88,6 +88,20 @@ in {
file_uploads = on
'';
services.nextcloud = {
enable = true;
hostName = "o.xanf.org";
config = {
adminpassFile = toString <secrets> + "/nextcloud_pw";
};
#https = true;
nginx.enable = true;
};
services.nginx.virtualHosts."o.xanf.org" = {
enableACME = true;
forceSSL = true;
};
# MAIL STUFF
# TODO: make into its own module
services.dovecot2 = {

6
lass/2configs/websites/lassulus.nix
View File

@ -63,6 +63,9 @@ in {
locations."= /retiolum.hosts".extraConfig = ''
alias ${pkgs.retiolum-hosts};
'';
locations."= /wireguard-key".extraConfig = ''
alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
'';
locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external;
'';
@ -98,6 +101,9 @@ in {
locations."/pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
'';
locations."/pub1".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
'';
};
security.acme.certs."cgit.lassul.us" = {

4
lass/2configs/websites/sqlBackup.nix
View File

@ -20,9 +20,7 @@
lass.mysqlBackup = {
enable = true;
config.all = {
password = toString (<secrets/mysql_rootPassword>);
};
config.all = {};
};
}

1
lass/3modules/default.nix
View File

@ -14,6 +14,5 @@ _:
./umts.nix
./usershadow.nix
./xjail.nix
./xserver
];
}

16
lass/3modules/mysql-backup.nix
View File

@ -41,7 +41,7 @@ let
};
location = mkOption {
type = str;
default = "/bku/sql_dumps";
default = "/backups/sql_dumps";
};
};
}));
@ -51,11 +51,9 @@ let
imp = {
#systemd.timers =
# mapAttrs (_: plan: {
# wantedBy = [ "timers.target" ];
# timerConfig = plan.timerConfig;
#}) cfg.config;
services.mysql.ensureUsers = [
{ ensurePermissions = { "*.*" = "ALL"; }; name = "root"; }
];
systemd.services =
mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
@ -75,8 +73,10 @@ let
start = plan: let
backupScript = plan: db:
"mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz";
backupScript = plan: db: ''
mkdir -p ${plan.location}
mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz
'';
in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
${concatMapStringsSep "\n" (backupScript plan) plan.databases}

103
lass/3modules/xserver/default.nix
View File

@ -1,103 +0,0 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
out = {
options.lass.xserver = api;
config = mkIf cfg.enable imp;
};
user = config.krebs.build.user;
cfg = config.lass.xserver;
xcfg = config.services.xserver;
api = {
enable = mkEnableOption "lass xserver";
};
imp = {
services.xserver = {
enable = true;
display = 11;
tty = 11;
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString xcfg.display}";
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${xcfg.displayManager.sessionCommands}
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
fi
export DBUS_SESSION_BUS_ADDRESS
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
wait
'';
XMONAD_DATA_DIR = "/tmp";
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
User = user.name;
WorkingDirectory = user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" xcfg.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString xcfg.display}"
"vt${toString xcfg.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
];
User = user.name;
};
};
krebs.xresources.resources.dpi = ''
${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"}
'';
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
};
in out

40
lass/3modules/xserver/xserver.conf.nix
View File

@ -1,40 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

7
lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -11,10 +11,7 @@ pkgs.writeHaskellPackage "xmonad-lass" {
"xmonad-stockholm"
];
text = /* haskell */ ''
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE ScopedTypeVariables #-}
module Main where
@ -28,7 +25,7 @@ import System.Environment (getArgs, lookupEnv)
import System.Exit (exitFailure)
import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1)
import XMonad.Actions.CopyWindow (copy, copyToAll, kill1)
import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
import XMonad.Actions.DynamicWorkspaces (withWorkspace)
@ -149,6 +146,8 @@ myKeyMap =
, ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
, ("M4-<F2>", windows copyToAll)
, ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" ''
export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"

3
makefu/1systems/cake/config.nix
View File

@ -38,6 +38,9 @@
})
];
networking.wireless.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users.Mic92.pubkey
];
# File systems configuration for using the installer's partition layout
fileSystems = {

3
makefu/1systems/gum/config.nix
View File

@ -21,6 +21,7 @@ in {
];
};
}
<stockholm/makefu/2configs/support-nixos.nix>
# <stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/stats/netdata-server.nix>
@ -123,7 +124,6 @@ in {
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
# <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
<stockholm/krebs/2configs/cache.nsupdate.info.nix>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
@ -131,6 +131,7 @@ in {
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
<stockholm/makefu/2configs/bgt/hidden_service.nix>
<stockholm/makefu/2configs/bgt/backup.nix>
# <stockholm/makefu/2configs/logging/client.nix>

1
makefu/1systems/omo/config.nix
View File

@ -11,6 +11,7 @@ in {
./hw/omo.nix
#./hw/tsp.nix
<stockholm/makefu>
<stockholm/makefu/2configs/support-nixos.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/backup/state.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>

20
makefu/2configs/bgt/backup.nix Normal file
View File

@ -0,0 +1,20 @@
{
# Manual steps:
# 1. ssh-copy-id root ssh-key to the remotes you want to back up
# 2. run `rsnapshot hourly` manually as root to check if everything works
services.rsnapshot = {
enable = true;
cronIntervals = {
daily = "50 21 * * *";
hourly = "0 */4 * * *";
};
extraConfig = ''
retain hourly 5
retain daily 365
snapshot_root /var/backup
backup root@binaergewitter.jit.computer:/opt/isso jit
backup root@binaergewitter.jit.computer:/etc/systemd/system/isso.service jit
backup root@binaergewitter.jit.computer:/etc/nginx/conf.d/isso.conf jit
'';
};
}

30
makefu/2configs/bgt/download.binaergewitter.de.nix
View File

@ -3,6 +3,8 @@
with import <stockholm/lib>;
let
ident = (builtins.readFile ./auphonic.pub);
bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
in {
services.openssh = {
allowSFTP = true;
@ -21,6 +23,19 @@ in {
useDefaultShell = true;
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
};
services.logrotate = {
enable = true;
config = ''
${bgtaccess} ${bgterror} {
rotate 5
weekly
create 600 nginx nginx
postrotate
${pkgs.systemd}/bin/systemctl reload nginx
endscript
}
'';
};
services.nginx = {
enable = lib.mkDefault true;
recommendedGzipSettings = true;
@ -29,10 +44,21 @@ in {
serverAliases = [ "dl2.binaergewitter.de" ];
root = "/var/www/binaergewitter";
extraConfig = ''
access_log /var/spool/nginx/logs/binaergewitter.access.log combined;
error_log /var/spool/nginx/logs/binaergewitter.error.log error;
access_log ${bgtaccess} combined;
error_log ${bgterror} error;
autoindex on;
'';
};
};
environment.etc."netdata/python.d/web_log.conf".text = ''
nginx_log3:
name: 'nginx'
path: '/var/spool/nginx/logs/access.log'
nginx_log4:
name: 'bgt'
path: '${bgtaccess}'
'';
users.users.netdata.extraGroups = [ "nginx" ];
}

1
makefu/2configs/deployment/owncloud.nix
View File

@ -169,6 +169,7 @@ in {
( serveCloud [ "o.euer.krebsco.de" ] )
];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.redis.enable = true;
services.mysql = {
enable = false;

30
makefu/2configs/home-manager/cli.nix
View File

@ -1,4 +1,5 @@
{pkgs, ... }: {
imports = [ ./zsh.nix ];
home-manager.users.makefu = {
services.gpg-agent = {
enable = true;
@ -9,7 +10,34 @@
enableSshSupport = true;
enableScDaemon = true;
};
programs.fzf.enable = true; # alt-c
programs.direnv = {
stdlib = ''
use_nix() {
local cache=".direnv.$(nixos-version --hash)"
if [[ ! -e "$cache" ]] || \
[[ "$HOME/.direnvrc" -nt "$cache" ]] || \
[[ ".envrc" -nt "$cache" ]] || \
[[ "default.nix" -nt "$cache" ]] || \
[[ "shell.nix" -nt "$cache" ]];
then
local tmp="$(mktemp "$${cache}.tmp-XXXXXXXX")"
trap "rm -rf '$tmp' >/dev/null" EXIT
nix-shell --show-trace "$@" --run 'direnv dump' > "$tmp" && \
mv "$tmp" "$cache"
fi
direnv_load cat "$cache"
if [[ $# = 0 ]]; then
watch_file default.nix
watch_file shell.nix
rm direnv.* 2>/dev/null
fi
}
'';
enableZshIntegration = true;
};
};
services.udev.packages = [
pkgs.libu2f-host

7
makefu/2configs/home-manager/desktop.nix
View File

@ -1,11 +1,13 @@
{ pkgs, lib, ... }:
{ pkgs, lib, ... }:
{
users.users.makefu.packages = with pkgs;[ bat direnv ];
home-manager.users.makefu = {
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
programs.firefox.enable = true;
programs.obs-studio.enable = true;
xdg.enable = true;
services.network-manager-applet.enable = true;
systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
services.blueman-applet.enable = true;
services.pasystray.enable = true;
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
@ -34,7 +36,6 @@
};
Service = {
Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
ExecStart = "${pkgs.clipit}/bin/clipit";
Restart = "on-abort";
};

126
makefu/2configs/home-manager/zsh.nix Normal file
View File

@ -0,0 +1,126 @@
{ pkgs, ... }:
{
imports = [
{ #direnv
home-manager.users.makefu.home.packages = [ pkgs.direnv ];
home-manager.users.makefu.home.file.".direnvrc".text = ''
use_nix() {
local path="$(nix-instantiate --find-file nixpkgs)"
if [ -f "$${path}/.version-suffix" ]; then
local version="$(< $path/.version-suffix)"
elif [ -f "$path/.version" ]; then
local version="$(< $path/.version)"
else
local version="$(< $(< $path/.git/HEAD))"
fi
local cache=".direnv/cache-''${version:-unknown}"
if [[ ! -e "$cache" ]] || \
[[ "$HOME/.direnvrc" -nt "$cache" ]] || \
[[ .envrc -nt "$cache" ]] || \
[[ default.nix -nt "$cache" ]] || \
[[ shell.nix -nt "$cache" ]];
then
[ -d .direnv ] || mkdir .direnv
local tmp=$(nix-shell --show-trace "$@" \
--run "\"$direnv\" dump bash")
echo "$tmp" > "$cache"
fi
local path_backup=$PATH term_backup=$TERM
direnv_load cat "$cache"
export PATH=$PATH:$path_backup TERM=$term_backup
if [[ $# = 0 ]]; then
watch_file default.nix
watch_file shell.nix
fi
}
'';
home-manager.users.makefu.programs.zsh.initExtra = ''
nixify() {
if [ ! -e ./.envrc ]; then
echo "use nix" > .envrc
direnv allow
fi
if [ ! -e default.nix ]; then
cat > default.nix <<'EOF'
with import <nixpkgs> {};
stdenv.mkDerivation {
name = "env";
buildInputs = [
bashInteractive
];
}
EOF
${EDITOR:-vim} default.nix
fi
}
eval "$(direnv hook zsh)"
'';
}
{ # bat
home-manager.users.makefu.home.packages = [ pkgs.bat ];
home-manager.users.makefu.programs.zsh.shellAliases = {
cat = "bat";
catn = "${pkgs.coreutils}/bin/cat";
};
}
];
environment.pathsToLink = [ "/share/zsh" ];
home-manager.users.makefu = {
programs.fzf.enable = false; # alt-c
programs.zsh = {
enable = true;
enableAutosuggestions = false;
enableCompletion = true;
oh-my-zsh.enable = false;
history = {
size = 900001;
save = 900001;
ignoreDups = true;
extended = true;
share = true;
};
sessionVariables = {
TERM = "rxvt-unicode-256color";
LANG = "en_US.UTF8";
LS_COLORS = ":di=1;31:";
EDITOR = "vim";
};
shellAliases = {
lsl = "ls -lAtr";
t = "task";
xo = "mimeopen";
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
};
initExtra = ''
bindkey -e
# shift-tab
bindkey '^[[Z' reverse-menu-complete
bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
setopt HIST_IGNORE_ALL_DUPS
setopt HIST_IGNORE_SPACE
setopt HIST_FIND_NO_DUPS
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
compdef _pass brain
zstyle ':completion::complete:brain::' prefix "$HOME/brain"
compdef _pass secrets
zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
# ctrl-x ctrl-e
autoload -U edit-command-line
zle -N edit-command-line
bindkey '^xe' edit-command-line
bindkey '^x^e' edit-command-line
'';
};
};
}

4
makefu/2configs/hw/ssd.nix Normal file
View File

@ -0,0 +1,4 @@
{
# ssd trimming
services.fstrim.enable = true;
}

2
makefu/2configs/hw/tp-x2x0.nix
View File

@ -4,6 +4,7 @@ with import <stockholm/lib>;
{
imports = [
./tpm.nix
./ssd.nix
];
boot.kernelModules = [
@ -50,6 +51,7 @@ with import <stockholm/lib>;
CPU_MAX_PERF_ON_BAT=30
'';
powerManagement.resumeCommands = ''
${pkgs.rfkill}/bin/rfkill unblock all
'';

1
makefu/2configs/support-nixos.nix Normal file
View File

@ -0,0 +1 @@
{ makefu.distrobump.enable = true; }

82
makefu/2configs/zsh-user.nix
View File

@ -1,83 +1,11 @@
{ config, lib, pkgs, ... }:
##
with import <stockholm/lib>;
let
mainUser = config.krebs.build.user.name;
in
{
users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
programs.zsh= {
enable = true;
enableCompletion = true ; #manually at the end
interactiveShellInit = ''
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
SAVEHIST=$HISTSIZE
HISTFILE=$HOME/.zsh_history
setopt HIST_IGNORE_ALL_DUPS
setopt HIST_IGNORE_SPACE
setopt HIST_FIND_NO_DUPS
bindkey -e
# shift-tab
bindkey '^[[Z' reverse-menu-complete
bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null
GPG_TTY=$(tty)
export GPG_TTY
LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# fzf
__fsel_fzf() {
local cmd="''${FZF_CTRL_T_COMMAND:-"command find -L . -mindepth 1 \\( -path '*/\\.*' -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' \\) -prune \
-o -type f -print \
-o -type d -print \
-o -type l -print 2> /dev/null | cut -b3-"}"
setopt localoptions pipefail 2> /dev/null
eval "$cmd" | FZF_DEFAULT_OPTS="--height ''${FZF_TMUX_HEIGHT:-40%} --reverse $FZF_DEFAULT_OPTS $FZF_CTRL_T_OPTS" $(__fzfcmd) -m "$@" | while read item; do
echo -n "''${(q)item} "
done
local ret=$?
echo
return $ret
}
__fzf_use_tmux__() {
[ -n "$TMUX_PANE" ] && [ "''${FZF_TMUX:-0}" != 0 ] && [ ''${LINES:-40} -gt 15 ]
}
__fzfcmd() {
__fzf_use_tmux__ &&
echo "fzf-tmux -d''${FZF_TMUX_HEIGHT:-40%}" || echo "fzf"
}
fzf-file-widget() {
LBUFFER="''${LBUFFER}$(__fsel_fzf)"
local ret=$?
zle redisplay
typeset -f zle-line-init >/dev/null && zle zle-line-init
return $ret
}
zle -N fzf-file-widget
bindkey '^T' fzf-file-widget
compdef _pass brain
zstyle ':completion::complete:brain::' prefix "$HOME/brain"
compdef _pass secrets
zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
# ctrl-x ctrl-e
autoload -U edit-command-line
zle -N edit-command-line
bindkey '^xe' edit-command-line
bindkey '^x^e' edit-command-line
'';
enableCompletion = false; #manually at the end
promptInit = ''
RPROMPT=""
@ -93,8 +21,8 @@ in
'';
};
users.users.${mainUser}.packages = [
pkgs.nix-zsh-completions
pkgs.fzf
];
users.users.${mainUser} = {
shell = "/run/current-system/sw/bin/zsh";
packages = [ pkgs.nix-zsh-completions ];
};
}

31
makefu/3modules/bump-distrowatch.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, lib, pkgs, ... }:
let
cfg = config.makefu.distrobump;
imp = {
systemd.services.distrobump = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.curl ];
restartIfChanged = false;
startAt = "daily";
serviceConfig = {
PrivateTmp = true;
Type = "oneshot";
ExecStart = pkgs.writeDash "bump-distrowatch" ''
set -euf
UA='Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0'
curl -Lvc /tmp/cookie.jar -A "$UA" 'https://distrowatch.com/' >/dev/null
sleep $(shuf -i 3-15 -n1).$(shuf -i 0-9 -n1)
curl -Lvc /tmp/cookie.jar -A "$UA" -e 'https://distrowatch.com/' 'https://distrowatch.com/nixos?frphr' >/dev/null
'';
RandomizedDelaySec = 28800;
};
};
};
in
{
options.makefu.distrobump.enable = lib.mkEnableOption "distrobump";
config = lib.mkIf cfg.enable imp;
}

1
makefu/3modules/default.nix
View File

@ -3,6 +3,7 @@ _:
{
imports = [
./awesome-extra.nix
./bump-distrowatch.nix
./deluge.nix
./forward-journal.nix
./netdata.nix

9
makefu/5pkgs/ns-atmosphere-programmer/default.nix
View File

@ -10,15 +10,16 @@ stdenv.mkDerivation rec {
version = "0.1";
src = fetchzip {
url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip";
sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0";
url = "https://archive.org/download/ns-atmosphere-programmer/ns-atmosphere-programmer-ubuntu-64bit-v01.zip";
# original source: http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-ubuntu-64bit-v01.zip
sha256 = "1cnyydsmrcpfwpdiry7qybh179499wpbvlzq5rk442hq9ak416ri";
};
buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ];
nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
installPhase = ''
install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere
install -D -m755 NS-Atmosphere $out/bin/NS-Atmosphere
wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
--suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share'
'';
@ -26,7 +27,7 @@ stdenv.mkDerivation rec {
dontStrip = true;
meta = with stdenv.lib; {
description = "Payload programmer for ns-atmosphere injector";
description = "Payload programmer for ns-atmosphere injector for nintendo switch";
homepage = http://www.ns-atmosphere.com;
maintainers = [ maintainers.makefu ];
platforms = platforms.linux;

195
makefu/5pkgs/xdcc-dl/default.nix Normal file
View File

@ -0,0 +1,195 @@
# generated using pypi2nix tool (version: 1.8.0)
# See more at: https://github.com/garbas/pypi2nix
#
# COMMAND:
# pypi2nix -V 3.6 -r ./lol
#
{ pkgs ? import <nixpkgs> {}
}:
let
inherit (pkgs) makeWrapper;
inherit (pkgs.stdenv.lib) fix' extends inNixShell;
pythonPackages =
import "${toString pkgs.path}/pkgs/top-level/python-packages.nix" {
inherit pkgs;
inherit (pkgs) stdenv;
python = pkgs.python36;
};
commonBuildInputs = [];
commonDoCheck = false;
withPackages = pkgs':
let
pkgs = builtins.removeAttrs pkgs' ["__unfix__"];
interpreter = pythonPackages.buildPythonPackage {
name = "python36-interpreter";
buildInputs = [ makeWrapper ] ++ (builtins.attrValues pkgs);
buildCommand = ''
mkdir -p $out/bin
ln -s ${pythonPackages.python.interpreter} $out/bin/${pythonPackages.python.executable}
for dep in ${builtins.concatStringsSep " " (builtins.attrValues pkgs)}; do
if [ -d "$dep/bin" ]; then
for prog in "$dep/bin/"*; do
if [ -f $prog ]; then
ln -s $prog $out/bin/`basename $prog`
fi
done
fi
done
for prog in "$out/bin/"*; do
wrapProgram "$prog" --prefix PYTHONPATH : "$PYTHONPATH"
done
pushd $out/bin
ln -s ${pythonPackages.python.executable} python
popd
'';
passthru.interpreter = pythonPackages.python;
};
in {
__old = pythonPackages;
inherit interpreter;
mkDerivation = pythonPackages.buildPythonPackage;
packages = pkgs;
overrideDerivation = drv: f:
pythonPackages.buildPythonPackage (drv.drvAttrs // f drv.drvAttrs);
withPackages = pkgs'':
withPackages (pkgs // pkgs'');
};
python = withPackages {};
generated = self: {
inherit (pythonPackages) requests irc beautifulsoup4 six pyqt5;
"PyExecJS" = python.mkDerivation {
name = "PyExecJS-1.5.0";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/1c/a0/359e179605bbf3f6c6ed96c44e056eebed39732b67427f30d56e259934f2/PyExecJS-1.5.0.tar.gz"; sha256 = "99315766f8155eea195a3f4179b35cd8dc64b2360c081ae29d92c603c26aeaaa"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [
self."six"
];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = licenses.mit;
description = "Run JavaScript code from Python";
};
};
"bs4" = python.mkDerivation {
name = "bs4-0.0.1";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/10/ed/7e8b97591f6f456174139ec089c769f89a94a1a4025fe967691de971f314/bs4-0.0.1.tar.gz"; sha256 = "36ecea1fd7cc5c0c6e4a1ff075df26d50da647b75376626cc186e2212886dd3a"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [
self."beautifulsoup4"
];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = licenses.mit;
description = "Screen-scraping library";
};
};
"certifi" = python.mkDerivation {
name = "certifi-2017.11.5";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/23/3f/8be01c50ed24a4bd6b8da799839066ce0288f66f5e11f0367323467f0cbc/certifi-2017.11.5.tar.gz"; sha256 = "5ec74291ca1136b40f0379e1128ff80e866597e4e2c1e755739a913bbc3613c0"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [ ];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = "MPL-2.0";
description = "Python package for providing Mozilla's CA Bundle.";
};
};
"cfscrape" = python.mkDerivation {
name = "cfscrape-1.9.1";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/cf/9a/50d3844d67fe5507217fd47c9e382e769ab5f7d967b41c25ba3712c441c3/cfscrape-1.9.1.tar.gz"; sha256 = "9cee3708c643904eaa010a64dd1715890457bb77010d87405fc1bfeb892508d7"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [
self."PyExecJS"
self."requests"
];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = "";
description = "A simple Python module to bypass Cloudflare's anti-bot page. See https://github.com/Anorov/cloudflare-scrape for more information.";
};
};
"typing" = python.mkDerivation {
name = "typing-3.6.2";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/ca/38/16ba8d542e609997fdcd0214628421c971f8c395084085354b11ff4ac9c3/typing-3.6.2.tar.gz"; sha256 = "d514bd84b284dd3e844f0305ac07511f097e325171f6cc4a20878d11ad771849"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [ ];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = licenses.psfl;
description = "Type Hints for Python";
};
};
"urwid" = python.mkDerivation {
name = "urwid-1.3.1";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/85/5d/9317d75b7488c335b86bd9559ca03a2a023ed3413d0e8bfe18bea76f24be/urwid-1.3.1.tar.gz"; sha256 = "cfcec03e36de25a1073e2e35c2c7b0cc6969b85745715c3a025a31d9786896a1"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [ ];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = licenses.lgpl2;
description = "A full-featured console (xterm et al.) user interface library";
};
};
"xdcc-dl" = python.mkDerivation {
name = "xdcc-dl-2.1.0";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/52/5a/1f1c8e77c212074d508701f208440bdfac4c6366de3f74fc9772a09369ef/xdcc_dl-2.1.0.tar.gz"; sha256 = "7071fca28de83ab0944b086a6dac0af053225b5663d9cf28a8dac868d81b2fc6"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [
self."bs4"
self."cfscrape"
self."irc"
self."requests"
self."typing"
self."urwid"
];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = licenses.gpl3;
description = "An XDCC File Downloader based on the irclib framework";
};
};
};
in python.withPackages
(fix' (pkgs.lib.fold
extends
generated
[]
)
)

14
makefu/krops.nix
View File

@ -27,15 +27,15 @@
# TODO: we want to track the unstable channel
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
} else {
file = {
path = toString (pkgs.fetchFromGitHub {
derivation = ''
with import <nixpkgs> {};
pkgs.fetchFromGitHub {
owner = "makefu";
repo = "nixpkgs";
rev = nixpkgs-src.rev;
sha256 = nixpkgs-src.sha256;
});
useChecksum = true;
};
rev = "${nixpkgs-src.rev}";
sha256 = "${nixpkgs-src.sha256}";
}
'';
};
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";