Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse Source
This commit is contained in:
tv 2019-01-16 11:20:14 +01:00
commit 6cef97deb3
53 changed files with 914 additions and 599 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci.nix
View File

@ -16,6 +16,6 @@ let
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts; ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
build = host: owner: build = host: owner:
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";}); ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";});
in mapAttrs (n: h: build n h.owner.name) ci-systems in mapAttrs (n: h: build n h.owner.name) ci-systems

1
krebs/1systems/wolf/config.nix
View File

@ -161,6 +161,7 @@ in
users.extraUsers.root.openssh.authorizedKeys.keys = [ users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users.ulrich.pubkey config.krebs.users.ulrich.pubkey
config.krebs.users.raute.pubkey
config.krebs.users.makefu-omo.pubkey config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
]; ];

6
krebs/2configs/reaktor-krebs.nix
View File

@ -14,12 +14,8 @@ with import <stockholm/lib>;
}; };
plugins = with pkgs.ReaktorPlugins; [ plugins = with pkgs.ReaktorPlugins; [
sed-plugin sed-plugin
task-add
task-delete
task-done
task-list
] ++ ] ++
(attrValues (todo "agenda")) (attrValues (task "agenda"))
; ;
}; };
krebs.secret.files.nix-serve-key = { krebs.secret.files.nix-serve-key = {

6
krebs/2configs/reaktor-retiolum.nix
View File

@ -10,12 +10,8 @@ with import <stockholm/lib>;
}; };
plugins = with pkgs.ReaktorPlugins; [ plugins = with pkgs.ReaktorPlugins; [
sed-plugin sed-plugin
task-add
task-delete
task-done
task-list
] ++ ] ++
(attrValues (todo "agenda")) (attrValues (task "agenda"))
; ;
}; };
} }

484
krebs/3modules/external/default.nix vendored
View File

@ -8,132 +8,34 @@ with import <stockholm/lib>;
} // optionalAttrs (host.nets?retiolum) { } // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr = nets.retiolum.ip6.addr =
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill.ip6.addr =
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
}); });
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in { in {
hosts = mapAttrs hostDefaults { hosts = mapAttrs hostDefaults {
sokrateslaptop = { dpdkm = {
owner = config.krebs.users.sokratess;
nets = {
retiolum = {
ip4.addr = "10.243.142.104";
aliases = [
"sokrateslaptop.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
aliases = [
"kruck.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
scardanelli = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.2";
aliases = [
"scardanelli.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
homeros = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.1";
aliases = [
"homeros.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
+LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
turingmachine = {
owner = config.krebs.users.Mic92; owner = config.krebs.users.Mic92;
nets = { nets = rec {
retiolum = { retiolum = {
ip4.addr = "10.243.29.168"; ip4.addr = "10.243.29.173";
aliases = [ aliases = [ "dpdkm.r" ];
"turingmachine.r"
];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
@ -177,83 +79,6 @@ in {
}; };
}; };
}; };
rock = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.171";
aliases = [ "rock.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
inspector = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "141.76.44.154";
aliases = [ "inspector.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.172";
aliases = [ "inspector.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
dpdkm = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
aliases = [ "dpdkm.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
eve = { eve = {
owner = config.krebs.users.Mic92; owner = config.krebs.users.Mic92;
nets = rec { nets = rec {
@ -289,6 +114,71 @@ in {
}; };
}; };
}; };
homeros = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.1";
aliases = [
"homeros.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
+LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
justraute = {
owner = config.krebs.users.raute; # laptop
nets = {
retiolum = {
ip4.addr = "10.243.183.231";
aliases = [
"justraute.r"
];
tinc.pubkey = tinc-for "justraute";
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
aliases = [
"kruck.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
qubasa = { qubasa = {
owner = config.krebs.users.qubasa; owner = config.krebs.users.qubasa;
nets = { nets = {
@ -314,21 +204,215 @@ in {
}; };
}; };
}; };
rock = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.171";
aliases = [ "rock.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
scardanelli = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.2";
aliases = [
"scardanelli.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
sokrateslaptop = {
owner = config.krebs.users.sokratess;
nets = {
retiolum = {
ip4.addr = "10.243.142.104";
aliases = [
"sokrateslaptop.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
nets = {
retiolum = {
ip4.addr = "10.243.183.236";
aliases = [
"tpsw.r"
];
tinc.pubkey = tinc-for "tpsw";
};
};
};
turingmachine = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.168";
aliases = [
"turingmachine.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
inspector = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "141.76.44.154";
aliases = [ "inspector.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.172";
aliases = [ "inspector.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
matchbox = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.176";
aliases = [ "matchbox.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
miaoski = {
owner = config.krebs.users.miaoski;
nets = {
wiregrill = {
aliases = [ "miaoski.w" ];
wireguard = {
pubkey = "8haz9JX5nAMORzNy89VdHC1Z9XA94ogaZsY3d2Rfkl4=";
};
};
};
};
}; };
users = { users = {
Mic92 = { ciko = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; mail = "wieczorek.stefan@googlemail.com";
mail = "joerg@higgsboson.tk"; };
exco = {
mail = "dickbutt@excogitation.de";
pubkey = ssh-for "exco";
}; };
kmein = { kmein = {
mail = "kieran.meinhardt@gmail.com";
pubkey = ssh-for "kmein";
};
Mic92 = {
mail = "joerg@higgsboson.tk";
pubkey = ssh-for "Mic92";
}; };
palo = { palo = {
}; };
sokratess = {
};
qubasa = { qubasa = {
mail = "luis.nixos@gmail.com"; mail = "luis.nixos@gmail.com";
}; };
raute = {
mail = "macxylo@gmail.com";
pubkey = ssh-for "raute";
};
sokratess = {
};
ulrich = {
mail = "shackspace.de@myvdr.de";
pubkey = ssh-for "ulrich";
};
miaoski = {
};
}; };
} }

1
krebs/3modules/external/ssh/Mic92.pub vendored Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE

0
krebs/3modules/makefu/ssh/exco.pub → krebs/3modules/external/ssh/exco.pub vendored
View File

1
krebs/3modules/external/ssh/kmein.pub vendored Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com

1
krebs/3modules/external/ssh/raute.pub vendored Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH385gr3BAKJ92k1FaOLx2wFMgDFTmupOcww5g/bEAsO raute@wolf

0
krebs/3modules/makefu/ssh/ulrich.pub → krebs/3modules/external/ssh/ulrich.pub vendored
View File

14
krebs/3modules/external/tinc/justraute.pub vendored Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0FJ2Wh7y8lgXOLXR2VQh
BsERf4uoWQ2UZexxv5bo6H9aYmyc+pA7q9ScP+ljKIXHLG3RbskIDFJLfs2HHS2u
rCD3Pv71Ihx8fgmP7VdJktvFV8uBbDk2YF28Kd198ggEPL9ki1+LKzauTv0CCBcK
O78VgN8v+l42v+oQSFk30FBYCpvld39dv74etb4/T4zmn7H3RNH+gPU1T0dge4yu
xdlCk4TmNXWcw3cDvcCDDJFblH100IWRZ8enH4wHC5LvSKcYCqiiILsKAPuS8/J0
cUePfRln1ZJDvR8AlO8ejRU7PC7550JbyqRbu0oAro2fLz7BOAJi6v8SbPU4GUaT
uFDwJsIqcRnnC8a7N4DouDyUUnTWdTtuDtl0R/I9SYY/u4MhgmFI8bribhwDMmdC
V7UM+023cC/mM9TqCPP0xdy3oiTXRyWk9aNEWep4box/VXmNsJ0hjeIi/W06eXBZ
0j5T3wKnuxSzktyhq8Jt4zJEuarBfwGBcxNf+3CHuKjfN7SAxmQZCRwS/2cPcNDS
HkApVsqTdOuLaXnoCJQyxvMQt70OCXmOs/bk0ZAcqNRJ+gYot1duplB+15+ro07j
3sLbwUMsfpC40CnHd3s1w74/5l1DAc9Mo4I5xX0QH7PCgVzJ9wEctonaItWzT/q4
vElG9ULoGQb0prlJC35i738CAwEAAQ==
-----END PUBLIC KEY-----

8
krebs/3modules/external/tinc/tpsw.pub vendored Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
-----END RSA PUBLIC KEY-----

13
krebs/3modules/lass/default.nix
View File

@ -91,7 +91,6 @@ in {
}; };
wiregrill = { wiregrill = {
via = internet; via = internet;
ip4.addr = "10.244.1.1";
ip6.addr = w6 "1"; ip6.addr = w6 "1";
aliases = [ aliases = [
"prism.w" "prism.w"
@ -99,7 +98,6 @@ in {
wireguard = { wireguard = {
pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
subnets = [ subnets = [
"10.244.1.0/24"
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
(krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
]; ];
@ -278,7 +276,7 @@ in {
nets = rec { nets = rec {
retiolum = { retiolum = {
ip4.addr = "10.243.133.115"; ip4.addr = "10.243.133.115";
ip6.addr = r6 "dead"; ip6.addr = r6 "daed";
aliases = [ aliases = [
"daedalus.r" "daedalus.r"
"cgit.daedalus.r" "cgit.daedalus.r"
@ -294,8 +292,14 @@ in {
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
}; };
wiregrill = {
ip6.addr = w6 "daed";
aliases = [
"daedalus.w"
];
wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI=";
};
}; };
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
}; };
@ -474,7 +478,6 @@ in {
phone = { phone = {
nets = { nets = {
wiregrill = { wiregrill = {
ip4.addr = "10.244.1.2";
ip6.addr = w6 "a"; ip6.addr = w6 "a";
aliases = [ aliases = [
"phone.w" "phone.w"

62
krebs/3modules/makefu/default.nix
View File

@ -992,57 +992,6 @@ in {
}; };
}; };
}; };
} // { # hosts only maintained in stockholm, not owned by me
muhbaasu = rec {
owner = config.krebs.users.root;
cores = 1;
nets = {
internet = {
ip4.addr = "217.160.206.154";
aliases = [
"muhbaasu.i"
];
};
retiolum = {
ip4.addr = "10.243.139.184";
aliases = [
"muhbaasu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0f4C4xKXpnyV1ig03O2Kef8ag+/5WGkW90uxEBb/h5NY9barex+Z
KqVbkPdHhwoCIINuCVcOnJXzeo0FZtSEq3zVhscVm0PVdNfjct8a9KMsK0iUmuul
5WD9Glh5/1wkEmbRfVxDErhssz1b8YmFOAGQn+ujO/Znn3BLv36uKQvpqU2y5bzb
+rVnq3eE1bCSeuj41bgEve8+vxpforjLO6gbE91mwp3Ol6nkkp6CjpG+aFTuLCAj
YR0MIl2gGwskOGSI38QxlLouOlIGwus5f+KfC94ZP0pMwu5pT45UOUkVnlBXuZ9E
igNHG2Vtm76nB3yYHndOvuDTOufatX61dQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
nets = {
retiolum = {
ip4.addr = "10.243.183.236";
aliases = [
"tpsw.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
}; };
users = rec { users = rec {
makefu = { makefu = {
@ -1079,16 +1028,5 @@ in {
inherit (makefu) mail pgp; inherit (makefu) mail pgp;
pubkey = pub-for "makefu.bob"; pubkey = pub-for "makefu.bob";
}; };
ciko = {
mail = "wieczorek.stefan@googlemail.com";
};
ulrich = {
pubkey = pub-for "ulrich";
mail = "shackspace.de@myvdr.de";
};
exco = {
mail = "dickbutt@excogitation.de";
pubkey = pub-for "exco";
};
}; };
} }

68
krebs/5pkgs/simple/Reaktor/plugins.nix
View File

@ -146,58 +146,36 @@ rec {
''; '';
}); });
taskrcFile = builtins.toFile "taskrc" '' task = name: let
confirmation=no rcFile = builtins.toFile "taskrc" ''
''; confirmation=no
'';
task-add = buildSimpleReaktorPlugin "task-add" { in {
pattern = "^task-add: (?P<args>.*)$$"; add = buildSimpleReaktorPlugin "${name}-task-add" {
script = pkgs.writeDash "task-add" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} add "$*"
'';
};
task-list = buildSimpleReaktorPlugin "task-list" {
pattern = "^task-list";
script = pkgs.writeDash "task-list" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"'
'';
};
task-delete = buildSimpleReaktorPlugin "task-delete" {
pattern = "^task-delete: (?P<args>.*)$$";
script = pkgs.writeDash "task-delete" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} delete "$*"
'';
};
task-done = buildSimpleReaktorPlugin "task-done" {
pattern = "^task-done: (?P<args>.*)$$";
script = pkgs.writeDash "task-done" ''
${pkgs.taskwarrior}/bin/task rc:${taskrcFile} done "$*"
'';
};
todo = name: {
add = buildSimpleReaktorPlugin "${name}-add" {
pattern = "^${name}-add: (?P<args>.*)$$"; pattern = "^${name}-add: (?P<args>.*)$$";
script = pkgs.writeDash "${name}-add" '' script = pkgs.writeDash "${name}-add" ''
echo "$*" >> ${name}-todo TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$*"
echo "added ${name} todo"
''; '';
}; };
delete = buildSimpleReaktorPlugin "${name}-delete" {
list = buildSimpleReaktorPlugin "task-list" {
pattern = "^${name}-list";
script = pkgs.writeDash "task-list" ''
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"'
'';
};
delete = buildSimpleReaktorPlugin "task-delete" {
pattern = "^${name}-delete: (?P<args>.*)$$"; pattern = "^${name}-delete: (?P<args>.*)$$";
script = pkgs.writeDash "${name}-delete" '' script = pkgs.writeDash "task-delete" ''
${pkgs.gnugrep}/bin/grep -Fvxe "$*" ${name}-todo > ${name}-todo.tmp TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$*"
${pkgs.coreutils}/bin/mv ${name}-todo.tmp ${name}-todo
echo "removed ${name} todo: $*"
''; '';
}; };
show = buildSimpleReaktorPlugin "${name}-show" {
pattern = "^${name}-show$"; done = buildSimpleReaktorPlugin "task-done" {
script = pkgs.writeDash "${name}-show" '' pattern = "^${name}-done: (?P<args>.*)$$";
${pkgs.coreutils}/bin/cat ${name}-todo script = pkgs.writeDash "task-done" ''
TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$*"
''; '';
}; };
}; };

14
krebs/krops.nix
View File

@ -9,15 +9,15 @@
krebs-source = { test ? false }: rec { krebs-source = { test ? false }: rec {
nixpkgs = if test then { nixpkgs = if test then {
file = { derivation = ''
path = toString (pkgs.fetchFromGitHub { with import <nixpkgs> {};
pkgs.fetchFromGitHub {
owner = "nixos"; owner = "nixos";
repo = "nixpkgs"; repo = "nixpkgs";
rev = (lib.importJSON ./nixpkgs.json).rev; rev = "${(lib.importJSON ./nixpkgs.json).rev}";
sha256 = (lib.importJSON ./nixpkgs.json).sha256; sha256 = "${(lib.importJSON ./nixpkgs.json).sha256}";
}); }
useChecksum = true; '';
};
} else { } else {
git = { git = {
ref = (lib.importJSON ./nixpkgs.json).rev; ref = (lib.importJSON ./nixpkgs.json).rev;

6
krebs/nixpkgs.json
View File

@ -1,7 +1,7 @@
{ {
"url": "https://github.com/NixOS/nixpkgs-channels", "url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c", "rev": "0396345b79436f54920f7eb651ab42acf2eb7973",
"date": "2018-11-24T00:40:22-05:00", "date": "2018-12-30T21:22:33-05:00",
"sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq", "sha256": "10wd0wsair6dlilgaviqw2p9spgcf8qg736bzs08jha0f4zfqjs4",
"fetchSubmodules": false "fetchSubmodules": false
} }

15
lass/1systems/blue/source.nix
View File

@ -1,11 +1,14 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
{ {
nixpkgs = lib.mkForce { nixpkgs = lib.mkForce {
file = toString (pkgs.fetchFromGitHub { derivation = ''
owner = "nixos"; with import <nixpkgs> {};
repo = "nixpkgs"; pkgs.fetchFromGitHub {
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; owner = "nixos";
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; repo = "nixpkgs";
}); rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}";
sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}";
}
'';
}; };
} }

4
lass/1systems/daedalus/config.nix
View File

@ -6,9 +6,8 @@ with import <stockholm/lib>;
<stockholm/lass> <stockholm/lass>
<stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
{ {
# bubsy config # bubsy config
users.users.bubsy = { users.users.bubsy = {
@ -72,6 +71,7 @@ with import <stockholm/lib>;
#remote control #remote control
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
x11vnc x11vnc
torbrowser
]; ];
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }

2
lass/1systems/mors/config.nix
View File

@ -35,6 +35,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/print.nix> <stockholm/lass/2configs/print.nix>
<stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
{ {
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain #risk of rain
@ -147,6 +148,7 @@ with import <stockholm/lib>;
OnCalendar = "00:37"; OnCalendar = "00:37";
}; };
nixpkgs.config.android_sdk.accept_license = true;
programs.adb.enable = true; programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;

31
lass/1systems/prism/config.nix
View File

@ -82,6 +82,13 @@ with import <stockholm/lib>;
]; ];
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
}; };
users.users.kmein = {
uid = genid_uint31 "kmein";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.kmein.pubkey
];
};
} }
{ {
#hotdog #hotdog
@ -309,7 +316,7 @@ with import <stockholm/lib>;
{ precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; } { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
]; ];
krebs.iptables.tables.nat.POSTROUTING.rules = [ krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; } { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; }
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
]; ];
services.dnsmasq = { services.dnsmasq = {
@ -390,6 +397,28 @@ with import <stockholm/lib>;
ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
chown download: /var/download/finished chown download: /var/download/finished
''; '';
fileSystems."/export/download" = {
device = "/var/lib/containers/yellow/var/download";
options = [ "bind" ];
};
services.nfs.server = {
enable = true;
exports = ''
/export 42::/16(insecure,ro,crossmnt)
'';
lockdPort = 4001;
mountdPort = 4002;
statdPort = 4000;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
];
} }
]; ];

10
lass/1systems/prism/physical.nix
View File

@ -40,6 +40,16 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/nextcloud" = {
device = "tank/nextcloud";
fsType = "zfs";
};
fileSystems."/var/lib/libvirt" = {
device = "tank/libvirt";
fsType = "zfs";
};
nix.maxJobs = lib.mkDefault 8; nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

1
lass/2configs/baseX.nix
View File

@ -79,7 +79,6 @@ in {
taskwarrior taskwarrior
termite termite
xclip xclip
xephyrify
xorg.xbacklight xorg.xbacklight
xorg.xhost xorg.xhost
xsel xsel

1
lass/2configs/exim-smarthost.nix
View File

@ -95,6 +95,7 @@ with import <stockholm/lib>;
{ from = "lesswrong@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; }
{ from = "nordvpn@lassul.us"; to = lass.mail; } { from = "nordvpn@lassul.us"; to = lass.mail; }
{ from = "csv-direct@lassul.us"; to = lass.mail; } { from = "csv-direct@lassul.us"; to = lass.mail; }
{ from = "nintendo@lassul.us"; to = lass.mail; }
]; ];
system-aliases = [ system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; } { from = "mailer-daemon"; to = "postmaster"; }

2
lass/2configs/gc.nix
View File

@ -3,6 +3,6 @@
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
nix.gc = { nix.gc = {
automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer); automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer);
}; };
} }

2
lass/2configs/mail.nix
View File

@ -51,7 +51,7 @@ let
eloop = [ "to:eloop.org" ]; eloop = [ "to:eloop.org" ];
github = [ "to:github@lassul.us" ]; github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ]; india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
lugs = [ "to:lugs@lug-s.org" ]; lugs = [ "to:lugs@lug-s.org" ];
meetup = [ "to:meetup@lassul.us" ]; meetup = [ "to:meetup@lassul.us" ];

7
lass/2configs/nfs-dl.nix Normal file
View File

@ -0,0 +1,7 @@
{
fileSystems."/mnt/prism" = {
device = "prism.w:/export";
fsType = "nfs";
};
}

14
lass/2configs/websites/domsen.nix
View File

@ -88,6 +88,20 @@ in {
file_uploads = on file_uploads = on
''; '';
services.nextcloud = {
enable = true;
hostName = "o.xanf.org";
config = {
adminpassFile = toString <secrets> + "/nextcloud_pw";
};
#https = true;
nginx.enable = true;
};
services.nginx.virtualHosts."o.xanf.org" = {
enableACME = true;
forceSSL = true;
};
# MAIL STUFF # MAIL STUFF
# TODO: make into its own module # TODO: make into its own module
services.dovecot2 = { services.dovecot2 = {

6
lass/2configs/websites/lassulus.nix
View File

@ -63,6 +63,9 @@ in {
locations."= /retiolum.hosts".extraConfig = '' locations."= /retiolum.hosts".extraConfig = ''
alias ${pkgs.retiolum-hosts}; alias ${pkgs.retiolum-hosts};
''; '';
locations."= /wireguard-key".extraConfig = ''
alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
'';
locations."/tinc".extraConfig = '' locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external; alias ${config.krebs.tinc_graphs.workingDir}/external;
''; '';
@ -98,6 +101,9 @@ in {
locations."/pub".extraConfig = '' locations."/pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
''; '';
locations."/pub1".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
'';
}; };
security.acme.certs."cgit.lassul.us" = { security.acme.certs."cgit.lassul.us" = {

4
lass/2configs/websites/sqlBackup.nix
View File

@ -20,9 +20,7 @@
lass.mysqlBackup = { lass.mysqlBackup = {
enable = true; enable = true;
config.all = { config.all = {};
password = toString (<secrets/mysql_rootPassword>);
};
}; };
} }

1
lass/3modules/default.nix
View File

@ -14,6 +14,5 @@ _:
./umts.nix ./umts.nix
./usershadow.nix ./usershadow.nix
./xjail.nix ./xjail.nix
./xserver
]; ];
} }

16
lass/3modules/mysql-backup.nix
View File

@ -41,7 +41,7 @@ let
}; };
location = mkOption { location = mkOption {
type = str; type = str;
default = "/bku/sql_dumps"; default = "/backups/sql_dumps";
}; };
}; };
})); }));
@ -51,11 +51,9 @@ let
imp = { imp = {
#systemd.timers = services.mysql.ensureUsers = [
# mapAttrs (_: plan: { { ensurePermissions = { "*.*" = "ALL"; }; name = "root"; }
# wantedBy = [ "timers.target" ]; ];
# timerConfig = plan.timerConfig;
#}) cfg.config;
systemd.services = systemd.services =
mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" { mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
@ -75,8 +73,10 @@ let
start = plan: let start = plan: let
backupScript = plan: db: backupScript = plan: db: ''
"mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz"; mkdir -p ${plan.location}
mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz
'';
in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" '' in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
${concatMapStringsSep "\n" (backupScript plan) plan.databases} ${concatMapStringsSep "\n" (backupScript plan) plan.databases}

103
lass/3modules/xserver/default.nix
View File

@ -1,103 +0,0 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
out = {
options.lass.xserver = api;
config = mkIf cfg.enable imp;
};
user = config.krebs.build.user;
cfg = config.lass.xserver;
xcfg = config.services.xserver;
api = {
enable = mkEnableOption "lass xserver";
};
imp = {
services.xserver = {
enable = true;
display = 11;
tty = 11;
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString xcfg.display}";
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${xcfg.displayManager.sessionCommands}
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
fi
export DBUS_SESSION_BUS_ADDRESS
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
wait
'';
XMONAD_DATA_DIR = "/tmp";
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
User = user.name;
WorkingDirectory = user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" xcfg.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString xcfg.display}"
"vt${toString xcfg.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
];
User = user.name;
};
};
krebs.xresources.resources.dpi = ''
${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"}
'';
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
};
in out

40
lass/3modules/xserver/xserver.conf.nix
View File

@ -1,40 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

7
lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -11,10 +11,7 @@ pkgs.writeHaskellPackage "xmonad-lass" {
"xmonad-stockholm" "xmonad-stockholm"
]; ];
text = /* haskell */ '' text = /* haskell */ ''
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
{-# LANGUAGE LambdaCase #-} {-# LANGUAGE LambdaCase #-}
{-# LANGUAGE ScopedTypeVariables #-}
module Main where module Main where
@ -28,7 +25,7 @@ import System.Environment (getArgs, lookupEnv)
import System.Exit (exitFailure) import System.Exit (exitFailure)
import System.IO (hPutStrLn, stderr) import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile) import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CopyWindow (copy, copyToAll, kill1)
import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace)
@ -149,6 +146,8 @@ myKeyMap =
, ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
, ("M4-<F2>", windows copyToAll)
, ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" '' , ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" ''
export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"

3
makefu/1systems/cake/config.nix
View File

@ -38,6 +38,9 @@
}) })
]; ];
networking.wireless.enable = true; networking.wireless.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users.Mic92.pubkey
];
# File systems configuration for using the installer's partition layout # File systems configuration for using the installer's partition layout
fileSystems = { fileSystems = {

3
makefu/1systems/gum/config.nix
View File

@ -21,6 +21,7 @@ in {
]; ];
}; };
} }
<stockholm/makefu/2configs/support-nixos.nix>
# <stockholm/makefu/2configs/stats/client.nix> # <stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/stats/netdata-server.nix> <stockholm/makefu/2configs/stats/netdata-server.nix>
@ -123,7 +124,6 @@ in {
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
# <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> # <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix> <stockholm/makefu/2configs/nginx/iso.euer.nix>
<stockholm/krebs/2configs/cache.nsupdate.info.nix>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix> <stockholm/makefu/2configs/deployment/graphs.nix>
@ -131,6 +131,7 @@ in {
<stockholm/makefu/2configs/deployment/boot-euer.nix> <stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix> <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
<stockholm/makefu/2configs/bgt/hidden_service.nix> <stockholm/makefu/2configs/bgt/hidden_service.nix>
<stockholm/makefu/2configs/bgt/backup.nix>
# <stockholm/makefu/2configs/logging/client.nix> # <stockholm/makefu/2configs/logging/client.nix>

1
makefu/1systems/omo/config.nix
View File

@ -11,6 +11,7 @@ in {
./hw/omo.nix ./hw/omo.nix
#./hw/tsp.nix #./hw/tsp.nix
<stockholm/makefu> <stockholm/makefu>
<stockholm/makefu/2configs/support-nixos.nix>
<stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/backup/state.nix> <stockholm/makefu/2configs/backup/state.nix>
<stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/exim-retiolum.nix>

20
makefu/2configs/bgt/backup.nix Normal file
View File

@ -0,0 +1,20 @@
{
# Manual steps:
# 1. ssh-copy-id root ssh-key to the remotes you want to back up
# 2. run `rsnapshot hourly` manually as root to check if everything works
services.rsnapshot = {
enable = true;
cronIntervals = {
daily = "50 21 * * *";
hourly = "0 */4 * * *";
};
extraConfig = ''
retain hourly 5
retain daily 365
snapshot_root /var/backup
backup root@binaergewitter.jit.computer:/opt/isso jit
backup root@binaergewitter.jit.computer:/etc/systemd/system/isso.service jit
backup root@binaergewitter.jit.computer:/etc/nginx/conf.d/isso.conf jit
'';
};
}

30
makefu/2configs/bgt/download.binaergewitter.de.nix
View File

@ -3,6 +3,8 @@
with import <stockholm/lib>; with import <stockholm/lib>;
let let
ident = (builtins.readFile ./auphonic.pub); ident = (builtins.readFile ./auphonic.pub);
bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
in { in {
services.openssh = { services.openssh = {
allowSFTP = true; allowSFTP = true;
@ -21,6 +23,19 @@ in {
useDefaultShell = true; useDefaultShell = true;
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
}; };
services.logrotate = {
enable = true;
config = ''
${bgtaccess} ${bgterror} {
rotate 5
weekly
create 600 nginx nginx
postrotate
${pkgs.systemd}/bin/systemctl reload nginx
endscript
}
'';
};
services.nginx = { services.nginx = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@ -29,10 +44,21 @@ in {
serverAliases = [ "dl2.binaergewitter.de" ]; serverAliases = [ "dl2.binaergewitter.de" ];
root = "/var/www/binaergewitter"; root = "/var/www/binaergewitter";
extraConfig = '' extraConfig = ''
access_log /var/spool/nginx/logs/binaergewitter.access.log combined; access_log ${bgtaccess} combined;
error_log /var/spool/nginx/logs/binaergewitter.error.log error; error_log ${bgterror} error;
autoindex on; autoindex on;
''; '';
}; };
}; };
environment.etc."netdata/python.d/web_log.conf".text = ''
nginx_log3:
name: 'nginx'
path: '/var/spool/nginx/logs/access.log'
nginx_log4:
name: 'bgt'
path: '${bgtaccess}'
'';
users.users.netdata.extraGroups = [ "nginx" ];
} }

1
makefu/2configs/deployment/owncloud.nix
View File

@ -169,6 +169,7 @@ in {
( serveCloud [ "o.euer.krebsco.de" ] ) ( serveCloud [ "o.euer.krebsco.de" ] )
]; ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.redis.enable = true; services.redis.enable = true;
services.mysql = { services.mysql = {
enable = false; enable = false;

30
makefu/2configs/home-manager/cli.nix
View File

@ -1,4 +1,5 @@
{pkgs, ... }: { {pkgs, ... }: {
imports = [ ./zsh.nix ];
home-manager.users.makefu = { home-manager.users.makefu = {
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
@ -9,7 +10,34 @@
enableSshSupport = true; enableSshSupport = true;
enableScDaemon = true; enableScDaemon = true;
}; };
programs.fzf.enable = true; # alt-c programs.direnv = {
stdlib = ''
use_nix() {
local cache=".direnv.$(nixos-version --hash)"
if [[ ! -e "$cache" ]] || \
[[ "$HOME/.direnvrc" -nt "$cache" ]] || \
[[ ".envrc" -nt "$cache" ]] || \
[[ "default.nix" -nt "$cache" ]] || \
[[ "shell.nix" -nt "$cache" ]];
then
local tmp="$(mktemp "$${cache}.tmp-XXXXXXXX")"
trap "rm -rf '$tmp' >/dev/null" EXIT
nix-shell --show-trace "$@" --run 'direnv dump' > "$tmp" && \
mv "$tmp" "$cache"
fi
direnv_load cat "$cache"
if [[ $# = 0 ]]; then
watch_file default.nix
watch_file shell.nix
rm direnv.* 2>/dev/null
fi
}
'';
enableZshIntegration = true;
};
}; };
services.udev.packages = [ services.udev.packages = [
pkgs.libu2f-host pkgs.libu2f-host

7
makefu/2configs/home-manager/desktop.nix
View File

@ -1,11 +1,13 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
{ {
users.users.makefu.packages = with pkgs;[ bat direnv ];
home-manager.users.makefu = { home-manager.users.makefu = {
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
programs.firefox.enable = true; programs.firefox.enable = true;
programs.obs-studio.enable = true;
xdg.enable = true;
services.network-manager-applet.enable = true; services.network-manager-applet.enable = true;
systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
services.blueman-applet.enable = true; services.blueman-applet.enable = true;
services.pasystray.enable = true; services.pasystray.enable = true;
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) ); systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
@ -34,7 +36,6 @@
}; };
Service = { Service = {
Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
ExecStart = "${pkgs.clipit}/bin/clipit"; ExecStart = "${pkgs.clipit}/bin/clipit";
Restart = "on-abort"; Restart = "on-abort";
}; };

126
makefu/2configs/home-manager/zsh.nix Normal file
View File

@ -0,0 +1,126 @@
{ pkgs, ... }:
{
imports = [
{ #direnv
home-manager.users.makefu.home.packages = [ pkgs.direnv ];
home-manager.users.makefu.home.file.".direnvrc".text = ''
use_nix() {
local path="$(nix-instantiate --find-file nixpkgs)"
if [ -f "$${path}/.version-suffix" ]; then
local version="$(< $path/.version-suffix)"
elif [ -f "$path/.version" ]; then
local version="$(< $path/.version)"
else
local version="$(< $(< $path/.git/HEAD))"
fi
local cache=".direnv/cache-''${version:-unknown}"
if [[ ! -e "$cache" ]] || \
[[ "$HOME/.direnvrc" -nt "$cache" ]] || \
[[ .envrc -nt "$cache" ]] || \
[[ default.nix -nt "$cache" ]] || \
[[ shell.nix -nt "$cache" ]];
then
[ -d .direnv ] || mkdir .direnv
local tmp=$(nix-shell --show-trace "$@" \
--run "\"$direnv\" dump bash")
echo "$tmp" > "$cache"
fi
local path_backup=$PATH term_backup=$TERM
direnv_load cat "$cache"
export PATH=$PATH:$path_backup TERM=$term_backup
if [[ $# = 0 ]]; then
watch_file default.nix
watch_file shell.nix
fi
}
'';
home-manager.users.makefu.programs.zsh.initExtra = ''
nixify() {
if [ ! -e ./.envrc ]; then
echo "use nix" > .envrc
direnv allow
fi
if [ ! -e default.nix ]; then
cat > default.nix <<'EOF'
with import <nixpkgs> {};
stdenv.mkDerivation {
name = "env";
buildInputs = [
bashInteractive
];
}
EOF
${EDITOR:-vim} default.nix
fi
}
eval "$(direnv hook zsh)"
'';
}
{ # bat
home-manager.users.makefu.home.packages = [ pkgs.bat ];
home-manager.users.makefu.programs.zsh.shellAliases = {
cat = "bat";
catn = "${pkgs.coreutils}/bin/cat";
};
}
];
environment.pathsToLink = [ "/share/zsh" ];
home-manager.users.makefu = {
programs.fzf.enable = false; # alt-c
programs.zsh = {
enable = true;
enableAutosuggestions = false;
enableCompletion = true;
oh-my-zsh.enable = false;
history = {
size = 900001;
save = 900001;
ignoreDups = true;
extended = true;
share = true;
};
sessionVariables = {
TERM = "rxvt-unicode-256color";
LANG = "en_US.UTF8";
LS_COLORS = ":di=1;31:";
EDITOR = "vim";
};
shellAliases = {
lsl = "ls -lAtr";
t = "task";
xo = "mimeopen";
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
};
initExtra = ''
bindkey -e
# shift-tab
bindkey '^[[Z' reverse-menu-complete
bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
setopt HIST_IGNORE_ALL_DUPS
setopt HIST_IGNORE_SPACE
setopt HIST_FIND_NO_DUPS
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
compdef _pass brain
zstyle ':completion::complete:brain::' prefix "$HOME/brain"
compdef _pass secrets
zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
# ctrl-x ctrl-e
autoload -U edit-command-line
zle -N edit-command-line
bindkey '^xe' edit-command-line
bindkey '^x^e' edit-command-line
'';
};
};
}

4
makefu/2configs/hw/ssd.nix Normal file
View File

@ -0,0 +1,4 @@
{
# ssd trimming
services.fstrim.enable = true;
}

2
makefu/2configs/hw/tp-x2x0.nix
View File

@ -4,6 +4,7 @@ with import <stockholm/lib>;
{ {
imports = [ imports = [
./tpm.nix ./tpm.nix
./ssd.nix
]; ];
boot.kernelModules = [ boot.kernelModules = [
@ -50,6 +51,7 @@ with import <stockholm/lib>;
CPU_MAX_PERF_ON_BAT=30 CPU_MAX_PERF_ON_BAT=30
''; '';
powerManagement.resumeCommands = '' powerManagement.resumeCommands = ''
${pkgs.rfkill}/bin/rfkill unblock all ${pkgs.rfkill}/bin/rfkill unblock all
''; '';

1
makefu/2configs/support-nixos.nix Normal file
View File

@ -0,0 +1 @@
{ makefu.distrobump.enable = true; }

82
makefu/2configs/zsh-user.nix
View File

@ -1,83 +1,11 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
##
with import <stockholm/lib>;
let let
mainUser = config.krebs.build.user.name; mainUser = config.krebs.build.user.name;
in in
{ {
users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
programs.zsh= { programs.zsh= {
enable = true; enable = true;
enableCompletion = true ; #manually at the end enableCompletion = false; #manually at the end
interactiveShellInit = ''
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
SAVEHIST=$HISTSIZE
HISTFILE=$HOME/.zsh_history
setopt HIST_IGNORE_ALL_DUPS
setopt HIST_IGNORE_SPACE
setopt HIST_FIND_NO_DUPS
bindkey -e
# shift-tab
bindkey '^[[Z' reverse-menu-complete
bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null
GPG_TTY=$(tty)
export GPG_TTY
LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# fzf
__fsel_fzf() {
local cmd="''${FZF_CTRL_T_COMMAND:-"command find -L . -mindepth 1 \\( -path '*/\\.*' -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' \\) -prune \
-o -type f -print \
-o -type d -print \
-o -type l -print 2> /dev/null | cut -b3-"}"
setopt localoptions pipefail 2> /dev/null
eval "$cmd" | FZF_DEFAULT_OPTS="--height ''${FZF_TMUX_HEIGHT:-40%} --reverse $FZF_DEFAULT_OPTS $FZF_CTRL_T_OPTS" $(__fzfcmd) -m "$@" | while read item; do
echo -n "''${(q)item} "
done
local ret=$?
echo
return $ret
}
__fzf_use_tmux__() {
[ -n "$TMUX_PANE" ] && [ "''${FZF_TMUX:-0}" != 0 ] && [ ''${LINES:-40} -gt 15 ]
}
__fzfcmd() {
__fzf_use_tmux__ &&
echo "fzf-tmux -d''${FZF_TMUX_HEIGHT:-40%}" || echo "fzf"
}
fzf-file-widget() {
LBUFFER="''${LBUFFER}$(__fsel_fzf)"
local ret=$?
zle redisplay
typeset -f zle-line-init >/dev/null && zle zle-line-init
return $ret
}
zle -N fzf-file-widget
bindkey '^T' fzf-file-widget
compdef _pass brain
zstyle ':completion::complete:brain::' prefix "$HOME/brain"
compdef _pass secrets
zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
# ctrl-x ctrl-e
autoload -U edit-command-line
zle -N edit-command-line
bindkey '^xe' edit-command-line
bindkey '^x^e' edit-command-line
'';
promptInit = '' promptInit = ''
RPROMPT="" RPROMPT=""
@ -93,8 +21,8 @@ in
''; '';
}; };
users.users.${mainUser}.packages = [ users.users.${mainUser} = {
pkgs.nix-zsh-completions shell = "/run/current-system/sw/bin/zsh";
pkgs.fzf packages = [ pkgs.nix-zsh-completions ];
]; };
} }

31
makefu/3modules/bump-distrowatch.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, lib, pkgs, ... }:
let
cfg = config.makefu.distrobump;
imp = {
systemd.services.distrobump = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.curl ];
restartIfChanged = false;
startAt = "daily";
serviceConfig = {
PrivateTmp = true;
Type = "oneshot";
ExecStart = pkgs.writeDash "bump-distrowatch" ''
set -euf
UA='Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0'
curl -Lvc /tmp/cookie.jar -A "$UA" 'https://distrowatch.com/' >/dev/null
sleep $(shuf -i 3-15 -n1).$(shuf -i 0-9 -n1)
curl -Lvc /tmp/cookie.jar -A "$UA" -e 'https://distrowatch.com/' 'https://distrowatch.com/nixos?frphr' >/dev/null
'';
RandomizedDelaySec = 28800;
};
};
};
in
{
options.makefu.distrobump.enable = lib.mkEnableOption "distrobump";
config = lib.mkIf cfg.enable imp;
}

1
makefu/3modules/default.nix
View File

@ -3,6 +3,7 @@ _:
{ {
imports = [ imports = [
./awesome-extra.nix ./awesome-extra.nix
./bump-distrowatch.nix
./deluge.nix ./deluge.nix
./forward-journal.nix ./forward-journal.nix
./netdata.nix ./netdata.nix

9
makefu/5pkgs/ns-atmosphere-programmer/default.nix
View File

@ -10,15 +10,16 @@ stdenv.mkDerivation rec {
version = "0.1"; version = "0.1";
src = fetchzip { src = fetchzip {
url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip"; url = "https://archive.org/download/ns-atmosphere-programmer/ns-atmosphere-programmer-ubuntu-64bit-v01.zip";
sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0"; # original source: http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-ubuntu-64bit-v01.zip
sha256 = "1cnyydsmrcpfwpdiry7qybh179499wpbvlzq5rk442hq9ak416ri";
}; };
buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ]; buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ];
nativeBuildInputs = [ autoPatchelfHook makeWrapper ]; nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
installPhase = '' installPhase = ''
install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere install -D -m755 NS-Atmosphere $out/bin/NS-Atmosphere
wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
--suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share' --suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share'
''; '';
@ -26,7 +27,7 @@ stdenv.mkDerivation rec {
dontStrip = true; dontStrip = true;
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "Payload programmer for ns-atmosphere injector"; description = "Payload programmer for ns-atmosphere injector for nintendo switch";
homepage = http://www.ns-atmosphere.com; homepage = http://www.ns-atmosphere.com;
maintainers = [ maintainers.makefu ]; maintainers = [ maintainers.makefu ];
platforms = platforms.linux; platforms = platforms.linux;

195
makefu/5pkgs/xdcc-dl/default.nix Normal file
View File

@ -0,0 +1,195 @@
# generated using pypi2nix tool (version: 1.8.0)
# See more at: https://github.com/garbas/pypi2nix
#
# COMMAND:
# pypi2nix -V 3.6 -r ./lol
#
{ pkgs ? import <nixpkgs> {}
}:
let
inherit (pkgs) makeWrapper;
inherit (pkgs.stdenv.lib) fix' extends inNixShell;
pythonPackages =
import "${toString pkgs.path}/pkgs/top-level/python-packages.nix" {
inherit pkgs;
inherit (pkgs) stdenv;
python = pkgs.python36;
};
commonBuildInputs = [];
commonDoCheck = false;
withPackages = pkgs':
let
pkgs = builtins.removeAttrs pkgs' ["__unfix__"];
interpreter = pythonPackages.buildPythonPackage {
name = "python36-interpreter";
buildInputs = [ makeWrapper ] ++ (builtins.attrValues pkgs);
buildCommand = ''
mkdir -p $out/bin
ln -s ${pythonPackages.python.interpreter} $out/bin/${pythonPackages.python.executable}
for dep in ${builtins.concatStringsSep " " (builtins.attrValues pkgs)}; do
if [ -d "$dep/bin" ]; then
for prog in "$dep/bin/"*; do
if [ -f $prog ]; then
ln -s $prog $out/bin/`basename $prog`
fi
done
fi
done
for prog in "$out/bin/"*; do
wrapProgram "$prog" --prefix PYTHONPATH : "$PYTHONPATH"
done
pushd $out/bin
ln -s ${pythonPackages.python.executable} python
popd
'';
passthru.interpreter = pythonPackages.python;
};
in {
__old = pythonPackages;
inherit interpreter;
mkDerivation = pythonPackages.buildPythonPackage;
packages = pkgs;
overrideDerivation = drv: f:
pythonPackages.buildPythonPackage (drv.drvAttrs // f drv.drvAttrs);
withPackages = pkgs'':
withPackages (pkgs // pkgs'');
};
python = withPackages {};
generated = self: {
inherit (pythonPackages) requests irc beautifulsoup4 six pyqt5;
"PyExecJS" = python.mkDerivation {
name = "PyExecJS-1.5.0";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/1c/a0/359e179605bbf3f6c6ed96c44e056eebed39732b67427f30d56e259934f2/PyExecJS-1.5.0.tar.gz"; sha256 = "99315766f8155eea195a3f4179b35cd8dc64b2360c081ae29d92c603c26aeaaa"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [
self."six"
];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = licenses.mit;
description = "Run JavaScript code from Python";
};
};
"bs4" = python.mkDerivation {
name = "bs4-0.0.1";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/10/ed/7e8b97591f6f456174139ec089c769f89a94a1a4025fe967691de971f314/bs4-0.0.1.tar.gz"; sha256 = "36ecea1fd7cc5c0c6e4a1ff075df26d50da647b75376626cc186e2212886dd3a"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [
self."beautifulsoup4"
];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = licenses.mit;
description = "Screen-scraping library";
};
};
"certifi" = python.mkDerivation {
name = "certifi-2017.11.5";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/23/3f/8be01c50ed24a4bd6b8da799839066ce0288f66f5e11f0367323467f0cbc/certifi-2017.11.5.tar.gz"; sha256 = "5ec74291ca1136b40f0379e1128ff80e866597e4e2c1e755739a913bbc3613c0"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [ ];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = "MPL-2.0";
description = "Python package for providing Mozilla's CA Bundle.";
};
};
"cfscrape" = python.mkDerivation {
name = "cfscrape-1.9.1";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/cf/9a/50d3844d67fe5507217fd47c9e382e769ab5f7d967b41c25ba3712c441c3/cfscrape-1.9.1.tar.gz"; sha256 = "9cee3708c643904eaa010a64dd1715890457bb77010d87405fc1bfeb892508d7"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [
self."PyExecJS"
self."requests"
];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = "";
description = "A simple Python module to bypass Cloudflare's anti-bot page. See https://github.com/Anorov/cloudflare-scrape for more information.";
};
};
"typing" = python.mkDerivation {
name = "typing-3.6.2";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/ca/38/16ba8d542e609997fdcd0214628421c971f8c395084085354b11ff4ac9c3/typing-3.6.2.tar.gz"; sha256 = "d514bd84b284dd3e844f0305ac07511f097e325171f6cc4a20878d11ad771849"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [ ];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = licenses.psfl;
description = "Type Hints for Python";
};
};
"urwid" = python.mkDerivation {
name = "urwid-1.3.1";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/85/5d/9317d75b7488c335b86bd9559ca03a2a023ed3413d0e8bfe18bea76f24be/urwid-1.3.1.tar.gz"; sha256 = "cfcec03e36de25a1073e2e35c2c7b0cc6969b85745715c3a025a31d9786896a1"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [ ];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = licenses.lgpl2;
description = "A full-featured console (xterm et al.) user interface library";
};
};
"xdcc-dl" = python.mkDerivation {
name = "xdcc-dl-2.1.0";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/52/5a/1f1c8e77c212074d508701f208440bdfac4c6366de3f74fc9772a09369ef/xdcc_dl-2.1.0.tar.gz"; sha256 = "7071fca28de83ab0944b086a6dac0af053225b5663d9cf28a8dac868d81b2fc6"; };
doCheck = commonDoCheck;
buildInputs = commonBuildInputs;
propagatedBuildInputs = [
self."bs4"
self."cfscrape"
self."irc"
self."requests"
self."typing"
self."urwid"
];
meta = with pkgs.stdenv.lib; {
homepage = "";
license = licenses.gpl3;
description = "An XDCC File Downloader based on the irclib framework";
};
};
};
in python.withPackages
(fix' (pkgs.lib.fold
extends
generated
[]
)
)

14
makefu/krops.nix
View File

@ -27,15 +27,15 @@
# TODO: we want to track the unstable channel # TODO: we want to track the unstable channel
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
} else { } else {
file = { derivation = ''
path = toString (pkgs.fetchFromGitHub { with import <nixpkgs> {};
pkgs.fetchFromGitHub {
owner = "makefu"; owner = "makefu";
repo = "nixpkgs"; repo = "nixpkgs";
rev = nixpkgs-src.rev; rev = "${nixpkgs-src.rev}";
sha256 = nixpkgs-src.sha256; sha256 = "${nixpkgs-src.sha256}";
}); }
useChecksum = true; '';
};
}; };
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix"; nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";