Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2022-12-12 19:44:00 +01:00
commit 6eb5e44b7e
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
357 changed files with 3333 additions and 6638 deletions

5
.gitmodules vendored
View File

@ -1,12 +1,9 @@
[submodule "submodules/nix-writers"] [submodule "submodules/nix-writers"]
path = submodules/nix-writers path = submodules/nix-writers
url = http://cgit.krebsco.de/nix-writers url = https://cgit.krebsco.de/nix-writers
[submodule "submodules/krops"] [submodule "submodules/krops"]
path = submodules/krops path = submodules/krops
url = https://cgit.krebsco.de/krops url = https://cgit.krebsco.de/krops
[submodule "lass/5pkgs/autowifi"] [submodule "lass/5pkgs/autowifi"]
path = lass/5pkgs/autowifi path = lass/5pkgs/autowifi
url = https://github.com/Lassulus/autowifi url = https://github.com/Lassulus/autowifi
[submodule "jeschli/2configs/elisp"]
path = jeschli/2configs/elisp
url = https://github.com/Jeschli/misc-elisp-scripts.git

View File

@ -1,125 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
let
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
in
{
imports =
[
./hardware-configuration.nix
<stockholm/jeschli>
<stockholm/jeschli/2configs/urxvt.nix>
<stockholm/jeschli/2configs/i3.nix>
<stockholm/jeschli/2configs/emacs.nix>
<stockholm/jeschli/2configs/rust.nix>
];
krebs.build.host = config.krebs.hosts.bolide;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only
boot.initrd.luks.devices = [ {
name = "bla";
device = "/dev/disk/by-uuid/53f1eeaf-a7ac-456c-a2af-778dd8b8d5b0";
preLVM = true;
allowDiscards = true;
} ];
# networking.hostName = "bolide"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true;
networking.enableB43Firmware = true; #new
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.shellAliases = {
n = "nix-shell";
stocki = pkgs.writeDash "deploy" ''
cd ~/stockholm
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bolide"'
'';
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
rofi
wget vim
# system helper
ag
curl
copyq
dmenu
git
i3lock
keepass
networkmanagerapplet
rsync
terminator
tmux
wget
# rxvt_unicode
# editors
emacs
# internet
thunderbird
chromium
google-chrome
# programming languages
vscode
go
gcc9
ccls
unstable.clang_8
ghc
python37
python37Packages.pip
# go tools
golint
gotools
# dev tools
elmPackages.elm
gnumake
jetbrains.pycharm-professional
jetbrains.webstorm
jetbrains.goland
# document viewer
zathura
];
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
users.extraUsers.jeschli = {
isNormalUser = true;
extraGroups = ["docker" "vboxusers" "audio"];
uid = 1000;
};
hardware.pulseaudio.enable = true;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "17.09"; # Did you read the comment?
}

View File

@ -1,33 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
fileSystems."/" =
{ device = "/dev/bolide-pool/bolide-root";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "/dev/bolide-pool/bolide-home";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3aeb67c4-5b6e-4df2-8013-607fe0fb8525";
fsType = "ext4";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = "powersave";
hardware.pulseaudio.enable = true;
}

View File

@ -1,200 +0,0 @@
{ config, pkgs, lib, ... }:
let
mainUser = config.krebs.build.user.name;
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
in
{
imports = [
<stockholm/jeschli>
./hardware-configuration.nix
<home-manager/nixos>
<stockholm/jeschli/2configs/emacs.nix>
<stockholm/jeschli/2configs/urxvt.nix>
<stockholm/jeschli/2configs/steam.nix>
<stockholm/jeschli/2configs/virtualbox.nix>
];
krebs.build.host = config.krebs.hosts.brauerei;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.efiSupport = true;
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
# or "nodev" for efi only
boot.initrd.luks.devices = [ {
name = "root";
device = "/dev/sda2";
preLVM = true;
allowDiscards = true;
} ];
networking.networkmanager.enable = true;
time.timeZone = "Europe/Amsterdam";
nixpkgs.config.allowUnfree = true;
environment.shellAliases = {
# emacs aliases
ed = "emacsclient";
edc = "emacsclient --create-frame";
# nix aliases
ns = "nix-shell";
# krops
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
$(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
environment.systemPackages = with pkgs; [
# system helper
acpi
ag
copyq
curl
dmenu
aspell
ispell
rofi
xdotool
git
gnupg
i3lock
keepass
networkmanagerapplet
pavucontrol
rsync
terminator
tmux
wget
# editors
emacs
# internet
chromium
firefox
google-chrome
thunderbird
# programming languages
elixir
elmPackages.elm
exercism
gcc9
ccls
unstable.clang_8
ghc
go
python37
python37Packages.pip
pipenv
# dev tools
gnumake
jetbrains.clion
jetbrains.goland
jetbrains.pycharm-professional
jetbrains.webstorm
vscode
# document viewer
evince
zathura
# go tools
golint
gotools
# rust
cargo
rustracer
rustup
# orga tools
taskwarrior
# xorg
xorg.xbacklight
# tokei
tokei
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.bash.enableCompletion = true;
# programs.mtr.enable = true;
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# home-manager.useUserPackages = true;
# home-manager.users.jeschli = {
# home.stateVersion = "19.03";
# };
# home-manager.enable = true;
# home-manager.users.jeschli.home.file = {
# ".emacs.d" = {
# source = pkgs.fetchFromGitHub {
# owner = "jeschli";
# repo = "emacs.d";
# rev = "8ed6c40";
# sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0";
# };
# recursive = true;
# };
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# services.emacs.enable = true;
virtualisation.docker.enable = true;
services.xserver = {
enable = true;
desktopManager = {
xfce.enable = true;
gnome3.enable = true;
};
};
services.xserver.windowManager.i3.enable = true;
users.extraUsers.jeschli = { # TODO: define as krebs.users
isNormalUser = true;
extraGroups = ["docker" "vboxusers" "audio"];
uid = 1000;
};
users.extraUsers.blafoo = {
isNormalUser = true;
extraGroups = ["audio"];
uid = 1002;
};
users.extraUsers.jamie = {
isNormalUser = true;
uid = 1001; # TODO genid
};
users.users.dev = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
"ssh-rsa AAAAB4NzaC1yc2EAAAADAQABAAACAQC1x9+OtNfwv6LxblnLHeBElxoxLfaYUyvqMrBgnrlkaPjylPv711bvPslnt+YgdPsZQLCoQ2t5f0x0j7ZOMYE9eyRrnr67ITO+Od05u3eCypWOZulekkDL0ZDeYdvoZKOWnbKWnQVRfYuLOEL/g5/9E7MLtIdID8e98b/qHzs/+wmuuDR3zHCNic0BKixgET/EgFvLWezWxJ6D/TTv/5sDAfrC+RUN8ad14sxjKIkS3nkAlm8bhrCxQKaHLUcCJWiweW0gPWYSlp64VHS5lchvqCJlPYQdx0XbwolvlLYru0w74ljLbi3eL35GFFyHSeEjQ73EtVwo53uVKTy7SAORU7JNg6xL9H3ChOLOknN9oHs1K7t/maMsATle0HAFcTuaOhELUmHM8dCJh3nPVWIkzHQ4o3fyaogrpt7/V5j6R1/Ozn7P9n4OdqrjiaWqHlz/XHeYNNWte+a0EW+NubC83yS0Cu3uhZ36C3RET2vNM25CyYOBn4ccClAozayQIb6Cif0tCafMRPgkSlogQd8+SqNZpTnmtllIT3VnT5smgrufy6HETDkrHjApDrsqLtMCFY83RFwt4QLv/L93O7IsGifzmEfD9qD7YBSMNs8ihBIUXPk9doHXvYS506YroxWOxe/C0rzzbaogxQT6JMd1ozfXitRD9v7iBIFAT4Kzjw== christopher.kilian@dcso.de"
];
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "17.09"; # Did you read the comment?
hardware.trackpoint = {
enable = true;
sensitivity = 220;
speed = 0;
emulateWheel = true;
};
}

View File

@ -1,34 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e264fc21-45bb-4224-93fc-b0e19c2c3478";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/bd0846ce-7d39-4329-bcb4-7c76becd6ab1";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/42BF-0795";
fsType = "vfat";
};
swapDevices = [ ];
hardware.pulseaudio.enable = true;
nix.maxJobs = lib.mkDefault 4;
}

View File

@ -1,57 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/jeschli>
<stockholm/jeschli/2configs/retiolum.nix>
<stockholm/jeschli/2configs/IM.nix>
<stockholm/jeschli/2configs/git.nix>
<stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix>
{
networking.dhcpcd.allowInterfaces = [
"enp*"
"eth*"
"ens*"
];
}
{
services.openssh.enable = true;
}
{
sound.enable = false;
}
{
users.extraUsers = {
root.initialPassword = "pfeife123";
root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
];
jeschli = {
name = "jeschli";
uid = 1000;
home = "/home/jeschli";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
];
};
};
}
{
services.taskserver = {
enable = true;
fqdn = "enklave.r";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "jeschli" ];
};
networking.firewall.allowedTCPPorts = [ 53589 8001 ];
}
];
krebs.build.host = config.krebs.hosts.enklave;
}

View File

@ -1,10 +0,0 @@
{
services.taskserver = {
enable = true;
fqdn = "enklave.r";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "jeschli" ];
};
networking.firewall.allowedTCPPorts = [ 53589 ];
}

View File

@ -1,91 +0,0 @@
{ config, pkgs, ... }:
{
imports =
[
<stockholm/jeschli>
<stockholm/jeschli/2configs/emacs.nix>
<stockholm/jeschli/2configs/firefox.nix>
<stockholm/jeschli/2configs/rust.nix>
<stockholm/jeschli/2configs/steam.nix>
<stockholm/jeschli/2configs/python.nix>
./desktop.nix
./i3-configuration.nix
./hardware-configuration.nix
];
# EFI systemd boot loader
boot.loader.systemd-boot.enable = true;
# Wireless network with network manager
krebs.build.host = config.krebs.hosts.reagenzglas;
# networking.hostName = "nixos"; # Define your hostname.
networking.networkmanager.enable = true;
# Allow unfree
nixpkgs.config.allowUnfree = true;
# Select internationalisation properties.
i18n = {
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
ag
alacritty
google-chrome
chromium
copyq
direnv
go
git
gitAndTools.hub
sbcl
rofi
vim
wget
];
users.users.ombi = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
};
users.users.jeschli = {
isNormalUser = true;
extraGroups = [ "audio" ];
};
# services.xserver.synaptics.enable = true;
services.xserver.libinput.enable = true;
services.xserver.libinput.disableWhileTyping = true;
hardware.pulseaudio.enable = true;
#Enable ssh daemon
services.openssh.enable = true;
#Enable clight
services.clight.enable = true;
services.geoclue2.enable = true;
location.provider = "geoclue2";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM1xtX/SF2IzfAIzrXvH4HsW05eTBX8U8MYlEPadq0DS/nHC45hW2PSEUOVsH0UhBRAB+yClVLyN+JAYsuOoQacQqAVq9R7HAoFITdYTMJCxVs4urSRv0pWwTopRIh1rlI+Q0QfdMoeVtO2ZKG3KoRM+APDy2dsX8LTtWjXmh/ZCtpGl1O8TZtz2ZyXyv9OVDPnQiFwPU3Jqs2Z036c+kwxWlxYc55FRuqwRtQ48c/ilPMu+ZvQ22j1Ch8lNuliyAg1b8pZdOkMJF3R8b46IQ8FEqkr3L1YQygYw2M50B629FPgHgeGPMz3mVd+5lzP+okbhPJjMrUqZAUwbMGwGzZ ombi@nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFXgtbgeivxlMKkoEJ4ANhtR+LRMSPrsmL4U5grFUME jeschli@nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG7C3bgoL9VeVl8pgu8sp3PCOs6TXk4R9y7JKJAHGsfm root@baeckerei"
];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.03"; # Did you read the comment?
}

View File

@ -1,25 +0,0 @@
# Configuration for the desktop environment
{ config, lib, pkgs, ... }:
{
# Configure basic X-server stuff:
services.xserver = {
enable = true;
xkbOptions = "caps:super";
exportConfiguration = true;
displayManager.lightdm.enable = true;
};
# Configure fonts
fonts = {
fonts = with pkgs; [
corefonts
font-awesome-ttf
noto-fonts-cjk
noto-fonts-emoji
powerline-fonts
helvetica-neue-lt-std
];
};
}

View File

@ -1,37 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.initrd.luks.devices = [
{
name = "root";
device = "/dev/nvme0n1p8";
preLVM = true;
}
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4d01936e-c876-42c3-962a-d4a20ad0e2e0";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D455-E4CC";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

View File

@ -1,181 +0,0 @@
{pkgs, environment, config, lib, ... }:
with pkgs;
let
i3_config_file = pkgs.writeText "config" ''
set $mod Mod4
font pango:monospace 8
#font pango:DejaVu Sans Mono 8
# Before i3 v4.8, we used to recommend this one as the default:
# font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
# The font above is very space-efficient, that is, it looks good, sharp and
# clear in small sizes. However, its unicode glyph coverage is limited, the old
# X core fonts rendering does not support right-to-left and this being a bitmap
# font, it doesnt scale on retina/hidpi displays.
# Use Mouse+$mod to drag floating windows to their wanted position
floating_modifier $mod
# start a terminal
bindsym $mod+Return exec alacritty
# kill focused window
bindsym $mod+Shift+q kill
# start dmenu (a program launcher)
# bindsym $mod+d exec dmenu_run
# start dmenu (a program launcher)
bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run
bindsym $mod+x exec ${pkgs.rofi}/bin/rofi -modi window -show window -auto-select
bindsym $mod+F1 exec xinput --list | grep Touchpad | sed 's/.*id=\([0-9][0-9]\).*/\1/' | xargs xinput disable
bindsym $mod+F2 exec xinput --list | grep Touchpad | sed 's/.*id=\([0-9][0-9]\).*/\1/' | xargs xinput enable
# There also is the (new) i3-dmenu-desktop which only displays applications
# shipping a .desktop file. It is a wrapper around dmenu, so you need that
# installed.
# bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
# change focus
bindsym $mod+j focus left
bindsym $mod+k focus down
bindsym $mod+l focus up
bindsym $mod+semicolon focus right
# alternatively, you can use the cursor keys:
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# move focused window
bindsym $mod+Shift+j move left
bindsym $mod+Shift+k move down
bindsym $mod+Shift+l move up
bindsym $mod+Shift+colon move right
# alternatively, you can use the cursor keys:
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
# split in horizontal orientation
bindsym $mod+h split h
# split in vertical orientation
bindsym $mod+v split v
# enter fullscreen mode for the focused container
bindsym $mod+f fullscreen toggle
# change container layout (stacked, tabbed, toggle split)
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# toggle tiling / floating
bindsym $mod+Shift+space floating toggle
# change focus between tiling / floating windows
bindsym $mod+space focus mode_toggle
# focus the parent container
bindsym $mod+a focus parent
# focus the child container
#bindsym $mod+d focus child
# Define names for default workspaces for which we configure key bindings later on.
# We use variables to avoid repeating the names in multiple places.
set $ws1 "1"
set $ws2 "2"
set $ws3 "3"
set $ws4 "4"
set $ws5 "5"
set $ws6 "6"
set $ws7 "7"
set $ws8 "8"
set $ws9 "9"
set $ws10 "10"
# switch to workspace
bindsym $mod+1 workspace $ws1
bindsym $mod+2 workspace $ws2
bindsym $mod+3 workspace $ws3
bindsym $mod+4 workspace $ws4
bindsym $mod+5 workspace $ws5
bindsym $mod+6 workspace $ws6
bindsym $mod+7 workspace $ws7
bindsym $mod+8 workspace $ws8
bindsym $mod+9 workspace $ws9
bindsym $mod+0 workspace $ws10
# move focused container to workspace
bindsym $mod+Shift+1 move container to workspace $ws1
bindsym $mod+Shift+2 move container to workspace $ws2
bindsym $mod+Shift+3 move container to workspace $ws3
bindsym $mod+Shift+4 move container to workspace $ws4
bindsym $mod+Shift+5 move container to workspace $ws5
bindsym $mod+Shift+6 move container to workspace $ws6
bindsym $mod+Shift+7 move container to workspace $ws7
bindsym $mod+Shift+8 move container to workspace $ws8
bindsym $mod+Shift+9 move container to workspace $ws9
bindsym $mod+Shift+0 move container to workspace $ws10
# reload the configuration file
bindsym $mod+Shift+c reload
# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
bindsym $mod+Shift+r restart
# exit i3 (logs you out of your X session)
bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"
# resize window (you can also use the mouse for that)
mode "resize" {
# These bindings trigger as soon as you enter the resize mode
# Pressing left will shrink the windows width.
# Pressing right will grow the windows width.
# Pressing up will shrink the windows height.
# Pressing down will grow the windows height.
bindsym j resize shrink width 10 px or 10 ppt
bindsym k resize grow height 10 px or 10 ppt
bindsym l resize shrink height 10 px or 10 ppt
bindsym semicolon resize grow width 10 px or 10 ppt
# same bindings, but for the arrow keys
bindsym Left resize shrink width 10 px or 10 ppt
bindsym Down resize grow height 10 px or 10 ppt
bindsym Up resize shrink height 10 px or 10 ppt
bindsym Right resize grow width 10 px or 10 ppt
# back to normal: Enter or Escape or $mod+r
bindsym Return mode "default"
bindsym Escape mode "default"
bindsym $mod+r mode "default"
}
bindsym $mod+r mode "resize"
# Start i3bar to display a workspace bar (plus the system information i3status
# finds out, if available)
bar {
status_command i3status
}
'';
in {
services.xserver.windowManager.i3 = {
enable = true;
package = pkgs.i3;
configFile = i3_config_file;
};
}

View File

@ -1,57 +0,0 @@
with (import <stockholm/lib>);
{ config, lib, pkgs, ... }:
let
tmux = pkgs.writeDashBin "tmux" ''
export TERM=xterm-256color
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g default-terminal screen-256color
''} "$@"
'';
in {
services.bitlbee = {
enable = true;
portNumber = 6666;
plugins = [
pkgs.bitlbee-facebook
pkgs.bitlbee-steam
pkgs.bitlbee-discord
];
libpurple_plugins = [ pkgs.telegram-purple ];
};
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey
jeschli-bln.pubkey
jeschli-brauerei.pubkey
jeschli-bolide.pubkey
];
packages = [ tmux ];
};
systemd.services.chat = {
description = "chat environment setup";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = false;
path = [
pkgs.rxvt_unicode.terminfo
];
serviceConfig = {
User = "chat";
RemainAfterExit = true;
Type = "oneshot";
ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
ExecStop = "${tmux}/bin/tmux kill-session -t IM";
};
};
}

View File

@ -1,72 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
# ./vim.nix
./retiolum.nix
./zsh.nix
<stockholm/lass/2configs/security-workarounds.nix>
{
environment.variables = {
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
};
}
];
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
#stockholm
git
gnumake
jq
parallel
proot
populate
# aliases
(writeDashBin "irc" "ssh chat@enklave -t tmux a")
#style
most
rxvt_unicode.terminfo
#monitoring tools
htop
iotop
#network
iptables
iftop
#stuff for dl
aria2
#neat utils
file
kpaste
krebspaste
mosh
pciutils
psmisc
# q
# rs
tmux
untilport
usbutils
# logify
goify
vim
#unpack stuff
p7zip
unzip
unrar
(pkgs.writeDashBin "sshn" ''
${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
'')
];
krebs.enable = true;
networking.hostName = config.krebs.build.host.name;
}

@ -1 +0,0 @@
Subproject commit 279d6a01f5abbab5d28d3a57549b7fec800a510e

File diff suppressed because it is too large Load Diff

View File

@ -1,119 +0,0 @@
{ config, pkgs, ... }:
let
pkgsWithOverlay = import <nixpkgs-unstable> {
overlays = [
(import (builtins.fetchTarball {
url = https://github.com/nix-community/emacs-overlay/archive/403c14c23be188b58c0b1bc197b428041d8a0cea.tar.gz;
}))
];
};
# The emacs packages that I use
# I differ between
# - stable (Packages that I use for some time - happy with it)
# - unstable (Packages that I use for some time - but may drop)
# - testing (Packages that I try out - the new stuff)
emacsPkgs = epkgs:
(with epkgs.melpaPackages ;
## windows-purpose (testing)
[ window-purpose ] ++
## helm (stable)
# emacs completion engine
[ helm helm-ag ] ++
## deft (testing)
# text search for a directory
[ deft ] ++
## lsp mode (unstable)
# Language Server Protocol mode
# Used for rust
[ company-lsp dap-mode helm-lsp lsp-mode lsp-treemacs lsp-ui ] ++
## emacs convenience (stable)
# Mixed and general purpose
[ ag company direnv evil google-this spacemacs-theme ] ++
## common lisp (testing)
[ slime ] ++
## magit (stable)
[ magit ] ++
## bunch of programming languages (unstable)
[ go-mode haskell-mode nix-mode ] ++
## rust (unstable)
[ racer rust-mode ] ++
## python (stable)
# Python IDE for emacs
[ elpy ]) ++
## org-mode
# Org-Mode has several extensions
# and can be seen as an application of its own.
(with epkgs.melpaPackages ;
# testing
[ org-super-agenda org-bullets org-ql ] ++
# unstable
[ smex org-mime orgit ]
) ++
# stable
(with epkgs.orgPackages ;
[ org-plus-contrib ]) ++
# stable
(with epkgs.elpaPackages ;
[ bbdb which-key ]);
# ## EXWM related (unstable)
# epkgs.exwm
# epkgs.melpaPackages.desktop-environment
# epkgs.melpaPackages.helm-exwm
# ];
emacsWithOverlay = pkgsWithOverlay.emacsWithPackagesFromUsePackage {
config = builtins.readFile ./elisp/init.el;
# Package is optional, defaults to pkgs.emacs
package = pkgsWithOverlay.emacsGit;
# Optionally provide extra packages not in the configuration file
extraEmacsPackages = emacsPkgs;
};
myEmacs = pkgs.writeDashBin "my-emacs" ''
exec ${emacsWithOverlay}/bin/emacs -q "$@"
'';
myEmacsWithDaemon = pkgs.writeDashBin "my-emacs-daemon" ''
exec ${emacsWithOverlay}/bin/emacs -q --daemon -l ${./elisp/init.el}
'';
myEmacsClient = pkgs.writeDashBin "meclient" ''
exec ${emacsWithOverlay}/bin/emacsclient --create-frame "$@"
'';
in {
environment.systemPackages = [
myEmacs myEmacsWithDaemon myEmacsClient emacsWithOverlay
];
## EXWM Config
# services.xserver = {
# enable = true;
# xkbOptions = "caps:super";
# exportConfiguration = true;
#
# displayManager.slim.enable = true;
# windowManager.default = "exwm";
#
# # Set up the login session
# windowManager.session = [{
# name = "exwm";
# start = "${emacsWithOverlay}/bin/emacs -q -l " + builtins.toString ./elisp/init.el;
# }];
# };
}

View File

@ -1,44 +0,0 @@
{ config, pkgs, ... }:
let
wrapper = pkgs.callPackage ../5pkgs/firefox/firefox-with-config.nix { };
myFirefox = wrapper pkgs.firefox-unwrapped {
# these plugins are defined in 5pkgs/firefox
extraExtensions = with pkgs ; [
dark-reader
https-everywhere
ublock-origin
audio-fingerprint-defender
canvas-fingerprint-defender
webgl-fingerprint-defender
font-fingerprint-defender
user-agent-switcher
];
extraPolicies = {
CaptivePortal = false;
};
disablePocket = true;
disableFirefoxSync = true;
allowNonSigned = true;
clearDataOnShutdown = true;
disableDrmPlugin = true;
};
in {
environment.variables = {
BROWSER = ["firefox"];
};
environment.systemPackages = with pkgs; [
myFirefox
];
}

View File

@ -1,78 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
out = {
services.nginx.enable = true;
krebs.git = {
enable = true;
cgit = {
settings = {
root-title = "public repositories at ${config.krebs.build.host.name}";
root-desc = "keep calm and engage";
};
enable = true;
};
repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
rules = rules;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
];
};
repos = public-repos;
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
stockholm = {
cgit.desc = "Bonbon aus Git - die ganze Nacht";
};
krebs-page = {
cgit.desc = "Die Krebs Page";
};
xmonad-stockholm = {
cgit.desc = "XMonad Stockholm";
};
};
make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
channel = "#xxx";
nick = config.krebs.build.host.name;
refs = [
"refs/heads/master"
];
server = "irc.r";
verbose = true;
};
};
};
make-rules =
with git // config.krebs.users;
repo:
singleton {
user = [ jeschli jeschli-brauerei jeschli-bolide];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
} ++
optional (length (repo.collaborators or []) > 0) {
user = repo.collaborators;
repo = [ repo ];
perm = fetch;
};
in out

View File

@ -1,18 +0,0 @@
{ config, pkgs, ... }:
let
all-hies = import (fetchTarball "https://github.com/infinisil/all-hies/tarball/master") {};
in
{
environment.systemPackages = with pkgs; [
cabal2nix
gcc
ghc
haskellPackages.cabal-install
haskellPackages.ghcid
haskellPackages.hindent
haskellPackages.hlint
haskellPackages.hoogle
haskellPackages.stack
(all-hies.selection { selector = p: {inherit (p) ghc864; }; })
];
}

View File

@ -1,9 +0,0 @@
{
imports = [
<home-manager/nixos>
];
home-manager.useUserPackages = true;
home-manager.users.jeschli = {
home.stateVersion = "19.03";
};
}

View File

@ -1,247 +0,0 @@
{pkgs, environment, config, lib, ... }:
with pkgs;
let
i3_conf_file = pkgs.writeText "config" ''
# i3 config file (v4)
# doc: https://i3wm.org/docs/userguide.html
set $mod Mod4
# Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below.
font pango:monospace 8
# Use Mouse+$mod to drag floating windows to their wanted position
floating_modifier $mod
# start a terminal
bindsym $mod+Return exec i3-sensible-terminal
# kill focused window
bindsym $mod+Shift+q kill
# start rofi program launcher
bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run
# Switch windows with rofi
bindsym $mod+x exec ${pkgs.rofi}/bin/rofi -modi window -show window -auto-select
# There also is the (new) i3-dmenu-desktop which only displays applications
# shipping a .desktop file. It is a wrapper around dmenu, so you need that
# installed.
# bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
# change focus
bindsym $mod+j focus left
bindsym $mod+k focus down
bindsym $mod+l focus up
bindsym $mod+semicolon focus right
# alternatively, you can use the cursor keys:
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# move focused window
bindsym $mod+Shift+j move left
bindsym $mod+Shift+k move down
bindsym $mod+Shift+l move up
bindsym $mod+Shift+semicolon move right
# alternatively, you can use the cursor keys:
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
# split in horizontal orientation
bindsym $mod+h split h
# split in vertical orientation
bindsym $mod+v split v
# enter fullscreen mode for the focused container
bindsym $mod+f fullscreen toggle
# change container layout (stacked, tabbed, toggle split)
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# toggle tiling / floating
bindsym $mod+Shift+space floating toggle
# change focus between tiling / floating windows
bindsym $mod+space focus mode_toggle
# focus the parent container
bindsym $mod+a focus parent
# focus the child container
#bindsym $mod+d focus child
# Define names for default workspaces for which we configure key bindings later on.
# We use variables to avoid repeating the names in multiple places.
set $ws1 "1"
set $ws2 "2"
set $ws3 "3: Emacs"
set $ws4 "4"
set $ws5 "5"
set $ws6 "6"
set $ws7 "7"
set $ws8 "8"
set $ws9 "9"
set $ws10 "10"
assign [class="emacs"] $ws3
# switch to workspace
bindsym $mod+1 workspace $ws1
bindsym $mod+2 workspace $ws2
bindsym $mod+3 workspace $ws3
bindsym $mod+4 workspace $ws4
bindsym $mod+5 workspace $ws5
bindsym $mod+6 workspace $ws6
bindsym $mod+7 workspace $ws7
bindsym $mod+8 workspace $ws8
bindsym $mod+9 workspace $ws9
bindsym $mod+0 workspace $ws10
# move focused container to workspace
bindsym $mod+Shift+1 move container to workspace $ws1
bindsym $mod+Shift+2 move container to workspace $ws2
bindsym $mod+Shift+3 move container to workspace $ws3
bindsym $mod+Shift+4 move container to workspace $ws4
bindsym $mod+Shift+5 move container to workspace $ws5
bindsym $mod+Shift+6 move container to workspace $ws6
bindsym $mod+Shift+7 move container to workspace $ws7
bindsym $mod+Shift+8 move container to workspace $ws8
bindsym $mod+Shift+9 move container to workspace $ws9
bindsym $mod+Shift+0 move container to workspace $ws10
# reload the configuration file
bindsym $mod+Shift+c reload
# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
bindsym $mod+Shift+r restart
# exit i3 (logs you out of your X session)
bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"
# resize window (you can also use the mouse for that)
mode "resize" {
# These bindings trigger as soon as you enter the resize mode
# Pressing left will shrink the windows width.
# Pressing right will grow the windows width.
# Pressing up will shrink the windows height.
# Pressing down will grow the windows height.
bindsym j resize shrink width 10 px or 10 ppt
bindsym k resize grow height 10 px or 10 ppt
bindsym l resize shrink height 10 px or 10 ppt
bindsym semicolon resize grow width 10 px or 10 ppt
# same bindings, but for the arrow keys
bindsym Left resize shrink width 10 px or 10 ppt
bindsym Down resize grow height 10 px or 10 ppt
bindsym Up resize shrink height 10 px or 10 ppt
bindsym Right resize grow width 10 px or 10 ppt
# back to normal: Enter or Escape or $mod+r
bindsym Return mode "default"
bindsym Escape mode "default"
bindsym $mod+r mode "default"
}
bindsym $mod+r mode "resize"
bar {
status_command i3status
position top
}
#######################
# #
# AUTORUNS #
# #
#######################
# Start firefox
exec --no-startup-id ${pkgs.firefox}/bin/firefox --new-instance --setDefaultBrowser
# Start my-emacs server
exec --no-startup-id my-emacs-daemon
'';
in {
#######################
# #
# AUTORANDR #
# #
#######################
# Start autorandr on display change
services.autorandr = {
enable = true;
defaultTarget = "mobile";
};
# What to execute after resolution has been changed
environment.etc."xdg/autorandr/postswitch" = {
text = '' sleep 4 && i3-msg "restart" '';
};
# Start autorandr once on startup
systemd.user.services.boot-autorandr = {
description = "Autorandr service";
partOf = [ "graphical-session.target" ];
wantedBy = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = "${pkgs.autorandr}/bin/autorandr -c";
Type = "oneshot";
};
};
#######################
# #
# XSERVER #
# #
#######################
services.xserver.enable = true;
# Enable i3 Window Manager
services.xserver.windowManager.i3 = {
enable = true;
package = pkgs.i3;
configFile = i3_conf_file;
};
# ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name}
# ${pkgs.xorg.xhost}/bin/xhost -LOCAL:
services.xserver.windowManager.default = "i3";
services.xserver.desktopManager.xterm.enable = false;
# Enable the X11 windowing system.
services.xserver.displayManager.lightdm.enable = true;
# Allow users in video group to change brightness
environment.systemPackages = with pkgs; [
rofi # Dmenu replacement
acpilight # Replacement for xbacklight
brightnessctl
arandr # Xrandr gui
feh
wirelesstools # To get wireless statistics
acpi
xorg.xhost
xorg.xauth
];
}

View File

@ -1,19 +0,0 @@
{ config, pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: {
openvpn = pkgs.openvpn.override { pkcs11Support = true; useSystemd = false;};
};
environment.systemPackages = with pkgs; [
opensc
openvpn
yubikey-manager
];
services.pcscd.enable = true;
# To start the vpn manually execute
# $ openvpn --config clien.ovpn
}

View File

@ -1,16 +0,0 @@
_:
{
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
boot.loader.grub = {
device = "/dev/sda";
splashImage = null;
};
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
}

View File

@ -1,9 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
python37
python37Packages.pip
pipenv
];
}

View File

@ -1,26 +0,0 @@
{ config, pkgs, ... }:
{
krebs.tinc.retiolum = {
enable = true;
connectTo = [
"prism"
"gum"
"ni"
"dishfire"
"enklave"
];
};
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
networking.firewall.allowedTCPPorts = [ 80 655 ];
networking.firewall.allowedUDPPorts = [ 655 ];
environment.systemPackages = [
pkgs.tinc
];
}

View File

@ -1,8 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
rustup
gcc
];
}

View File

@ -1,12 +0,0 @@
{ config, pkgs, ... }:
{
nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
steam
];
hardware.opengl.driSupport32Bit = true;
#ports for inhome streaming
}

View File

@ -1,39 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
options.jeschliFontSize = mkOption {
type = types.int;
default = 12;
};
config = {
services.urxvtd.enable = true;
krebs.xresources.enable = true;
krebs.xresources.resources.urxvt = ''
*foreground: rgb:a8/a8/a8
*background: rgb:00/00/00
*faceName: DejaVu Sans Mono
*faceSize: ${toString config.jeschliFontSize}
*color0: rgb:00/00/00
*color1: rgb:a8/00/00
*color2: rgb:00/a8/00
*color3: rgb:a8/54/00
*color4: rgb:26/8b/d2
*color5: rgb:a8/00/a8
*color6: rgb:00/a8/a8
*color7: rgb:a8/a8/a8
*color8: rgb:54/54/54
*color9: rgb:fc/54/54
*color10: rgb:54/fc/54
*color11: rgb:fc/fc/54
*color12: rgb:54/54/fc
*color13: rgb:fc/54/fc
*color14: rgb:54/fc/fc
*color15: rgb:fc/fc/fc
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*font: xft:DejaVu Sans Mono:pixelsize=${toString config.jeschliFontSize}
URXvt*faceSize: ${toString config.jeschliFontSize}
'';
};
}

View File

@ -1,151 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin {
name = "vim-javascript";
src = pkgs.fetchFromGitHub {
owner = "pangloss";
repo = "vim-javascript";
rev = "1.2.5.1";
sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7";
};
};
customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin {
name = "vim-jsx";
src = pkgs.fetchFromGitHub {
owner = "mxw";
repo = "vim-jsx";
rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a";
sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a";
};
};
customPlugins.vim-fileline = pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchFromGitHub {
owner = "bogado";
repo = "file-line";
rev = "1.0";
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
};
};
in {
environment.systemPackages = [
(pkgs.vim_configurable.customize {
name = "vim";
vimrcConfig.customRC = let
colorscheme = ''colorscheme molokai'';
highlightTrailingWhiteSpaces = ''
au Syntax * syn match Garbage containedin=ALL /\s\+$/
'';
setStatements = ''
set autowrite
set clipboard=unnamedplus
set listchars=trail:
set mouse=a
set nocompatible
set path+=**
set ruler
set undodir=$HOME/.vim/undo "directory where the undo files will be stored
set undofile "turn on the feature
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
set wildmenu
'';
remapStatements = ''
imap jk <Esc>
map gr :GoRun<Enter> " Map gr to execute go run
map tt :GoTest<Enter> " Map tt to execute go test
map nf :NERDTreeToggle<CR>
nnoremap <C-TAB> <c-w><c-w>
nnoremap <S-TAB> :bnext<CR>
noremap x "_x
vmap v v
'';
settingsForGo = ''
let g:go_decls_includes = "func,type"
let g:go_def_mode = 'godef'
let g:go_fmt_command = "goimports"
let g:go_highlight_extra_types = 1
let g:go_highlight_fields = 1
let g:go_highlight_functions = 1
let g:go_highlight_methods = 1
let g:go_highlight_types = 1
let g:go_list_type = "quickfix"
let g:go_metalinter_autosave = 1
let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
let g:go_snippet_case_type = "camelcase"
let g:go_test_timeout = '10s'
let g:jsx_ext_required = 0
let g:molokai_original = 1
let g:rehash256 = 1
'';
settingsForElm = ''
let g:polyglot_disabled = ['elm']
let g:elm_detailed_complete = 1
let g:elm_format_autosave = 1
let g:elm_syntastic_show_warnings = 1
'';
in ''
${colorscheme}
${highlightTrailingWhiteSpaces}
${remapStatements}
${setStatements}
${settingsForElm}
${settingsForGo}
" dont expand tabs in go files and show it with four whitespaces.
autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ names = [
"ctrlp"
"easymotion"
"elm-vim"
"vim-fileline"
"molokai"
"nerdtree"
"snipmate"
"surround"
"Syntastic"
"undotree"
];
}
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
{ names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode
{ names = [ "vim-javascript" ]; ft_regex = "^js\$"; }
{ names = [ "vim-jsx" ]; ft_regex = "^js\$"; }
];
})
];
# set up the directories up if they are not there.
# Needs to be changed.
# vim = let
# dirs = {
# backupdir = "$HOME/.cache/vim/backup";
# swapdir = "$HOME/.cache/vim/swap";
# undodir = "$HOME/.cache/vim/undo";
# };
# files = {
# viminfo = "$HOME/.cache/vim/info";
# };
#
# mkdirs = let
# dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
# in assert out != ""; out;
# alldirs = attrValues dirs ++ map dirOf (attrValues files);
# in unique (sort lessThan alldirs);
# in
# pkgs.symlinkJoin {
# name = "vim";
# paths = [
# (pkgs.writeDashBin "vim" ''
# set -efu
# (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
# exec ${pkgs.vim}/bin/vim "$@"
# '')
# pkgs.vim
# ];
# };
}

View File

@ -1,23 +0,0 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.jeschli;
in {
#services.virtualboxHost.enable = true;
virtualisation.virtualbox.host.enable = true;
users.extraUsers = {
virtual = {
name = "virtual";
description = "user for running VirtualBox";
home = "/home/virtual";
useDefaultShell = true;
extraGroups = [ "vboxusers" "audio" ];
createHome = true;
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(virtual) NOPASSWD: ALL
'';
}

View File

@ -1,14 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
systemd.tmpfiles.rules = let
forUsers = flip map users;
isUser = { name, group, ... }:
name == "root" || hasSuffix "users" group;
users = filter isUser (mapAttrsToList (_: id) config.users.users);
in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -");
}

View File

@ -1,27 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
pkgs.writeText "Xmodmap" ''
!keycode 66 = Caps_Lock
!remove Lock = Caps_Lock
clear Lock
! caps lock
keycode 66 = Mode_switch
keycode 13 = 4 dollar EuroSign cent
keycode 30 = u U udiaeresis Udiaeresis
keycode 32 = o O odiaeresis Odiaeresis
keycode 38 = a A adiaeresis Adiaeresis
keycode 39 = s S ssharp
keycode 33 = p P Greek_pi Greek_PI
keycode 46 = l L Greek_lambda Greek_LAMBDA
keycode 54 = c C cacute Cacute
! BULLET OPERATOR
keycode 17 = 8 asterisk U2219
keycode 27 = r R r U211D
''

View File

@ -1,56 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
pkgs.writeText "Xresources" /* xdefaults */ ''
Xcursor.theme: aero-large-drop
Xcursor.size: 128
URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}"
URxvt*eightBitInput: false
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
URxvt*scrollBar: false
URxvt*background: #050505
URxvt*foreground: #d0d7d0
URxvt*cursorColor: #f042b0
URxvt*cursorColor2: #f0b000
URxvt*cursorBlink: off
URxvt*jumpScroll: true
URxvt*allowSendEvents: false
URxvt*charClass: 33:48,37:48,45-47:48,64:48,38:48,61:48,63:48
URxvt*cutNewline: False
URxvt*cutToBeginningOfLine: False
URxvt*font: xft:Monospace:size=12
URxvt*font: xft:Monospace:size=12:bold
URxvt*color0: #232342
URxvt*color3: #c07000
URxvt*color4: #4040c0
URxvt*color7: #c0c0c0
URxvt*color8: #707070
URxvt*color9: #ff6060
URxvt*color10: #70ff70
URxvt*color11: #ffff70
URxvt*color12: #7070ff
URxvt*color13: #ff50ff
URxvt*color14: #70ffff
URxvt*color15: #ffffff
URxvt*iso14755: False
URxvt*urgentOnBell: True
URxvt*visualBell: True
! ref https://github.com/muennich/urxvt-perls
URxvt*perl-ext: default,url-select
URxvt*keysym.M-u: perl:url-select:select_next
URxvt*url-select.underline: true
URxvt*colorUL: #4682B4
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt*saveLines: 10000
root-urxvt*background: #230000
root-urxvt*foreground: #e0c0c0
root-urxvt*BorderColor: #400000
root-urxvt*color0: #800000
''

View File

@ -1,130 +0,0 @@
{ config, pkgs, ... }@args:
with import <stockholm/lib>;
let
cfg = {
cacheDir = cfg.dataDir;
configDir = "/var/empty";
dataDir = "/run/xdg/${cfg.user.name}/xmonad";
user = config.krebs.users.jeschli;
};
in {
environment.systemPackages = [
pkgs.font-size
pkgs.gitAndTools.qgit
pkgs.mpv
pkgs.sxiv
pkgs.xdotool
pkgs.xsel
pkgs.zathura
];
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
# TODO dedicated group, i.e. with a single user [per-user-setuid]
# TODO krebs.setuid.slock.path vs /run/wrappers/bin
krebs.setuid.slock = {
filename = "${pkgs.slock}/bin/slock";
group = "wheel";
envp = {
DISPLAY = ":${toString config.services.xserver.display}";
USER = cfg.user.name;
};
};
systemd.services.display-manager.enable = false;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
XMONAD_CACHE_DIR = cfg.cacheDir;
XMONAD_CONFIG_DIR = cfg.configDir;
XMONAD_DATA_DIR = cfg.dataDir;
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} &
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
${config.services.xserver.displayManager.sessionCommands}
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
fi
export DBUS_SESSION_BUS_ADDRESS
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
wait
'';
# XXX JSON is close enough :)
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
"dashboard" # we start here
"stockholm"
"pycharm"
"chromium"
"iRC"
"git"
"hipbird"
]);
};
serviceConfig = {
SyslogIdentifier = "xmonad";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [
"\${XMONAD_CACHE_DIR}"
"\${XMONAD_CONFIG_DIR}"
"\${XMONAD_DATA_DIR}"
]}";
ExecStart = "${pkgs.xmonad-jeschli}/bin/xmonad";
ExecStop = "${pkgs.xmonad-jeschli}/bin/xmonad --shutdown";
User = cfg.user.name;
WorkingDirectory = cfg.user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
};
serviceConfig = {
SyslogIdentifier = "xserver";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = toString [
"${pkgs.xorg.xorgserver}/bin/X"
":${toString config.services.xserver.display}"
"vt${toString config.services.xserver.tty}"
"-config ${import ./xserver.conf.nix args}"
"-logfile /dev/null -logverbose 0 -verbose 3"
"-nolisten tcp"
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
];
};
};
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = cfg.user.name;
};
};
}

View File

@ -1,40 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

View File

@ -1,138 +0,0 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [ pkgs.fzf ];
programs.zsh = {
enable = true;
shellInit = ''
#disable config wizard
zsh-newuser-install() { :; }
'';
interactiveShellInit = ''
setopt autocd extendedglob
bindkey -e
#history magic
bindkey "" up-line-or-local-history
bindkey "" down-line-or-local-history
up-line-or-local-history() {
zle set-local-history 1
zle up-line-or-history
zle set-local-history 0
}
zle -N up-line-or-local-history
down-line-or-local-history() {
zle set-local-history 1
zle down-line-or-history
zle set-local-history 0
}
zle -N down-line-or-local-history
setopt share_history
setopt hist_ignore_dups
# setopt inc_append_history
bindkey '^R' history-incremental-search-backward
#C-x C-e open line in editor
autoload -z edit-command-line
zle -N edit-command-line
bindkey "^X^E" edit-command-line
#fzf inclusion
source ${pkgs.fzf}/share/fzf/completion.zsh
source ${pkgs.fzf}/share/fzf/key-bindings.zsh
#completion magic
autoload -Uz compinit
compinit
zstyle ':completion:*' menu select
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
}}/LS_COLORS)
#beautiful colors
alias ls='ls --color'
# zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
bindkey "[7~" beginning-of-line
bindkey "[8~" end-of-line
bindkey "Oc" emacs-forward-word
bindkey "Od" emacs-backward-word
#aliases
alias ll='ls -l'
alias la='ls -la'
#fancy window title magic
'';
promptInit = ''
# TODO: figure out why we need to set this here
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
SAVEHIST=$HISTSIZE
autoload -U promptinit
promptinit
p_error='%(?..%F{red}%?%f )'
t_error='%(?..%? )'
case $UID in
0)
p_username='%F{red}root%f'
t_username='root'
;;
1337)
p_username=""
t_username=""
;;
*)
p_username='%F{blue}%n%f'
t_username='%n'
;;
esac
if test -n "$SSH_CLIENT"; then
p_hostname='@%F{magenta}%M%f '
t_hostname='@%M '
else
p_hostname=""
t_hostname=""
fi
#check if in nix shell
if test -n "$buildInputs"; then
p_nixshell='%F{green}[s]%f '
t_nixshell='[s] '
else
p_nixshell=""
t_nixshell=""
fi
PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ "
TITLE="$t_error$t_username$t_hostname$t_nixshell%~"
case $TERM in
(*xterm* | *rxvt*)
function precmd {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED\007"
}
# This is seen while the shell waits for a command to complete.
function preexec {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
}
;;
esac
'';
};
users.defaultUserShell = "/run/current-system/sw/bin/zsh";
}

View File

@ -1,11 +0,0 @@
with import <stockholm/lib>;
self: super:
# Import files and subdirectories like they are overlays.
foldl' mergeAttrs {}
(map
(name: import (./. + "/${name}") self super)
(filter
(name: name != "default.nix" && !hasPrefix "." name)
(attrNames (readDir ./.))))

View File

@ -1,40 +0,0 @@
{ stdenv, fetchurl, unzip, jq, zip }:
stdenv.mkDerivation rec {
pname = "audio-fingerprint-defender-${version}";
version = "0.1.3";
extid = "@audio-fingerprint-defender";
signed = false;
src = fetchurl {
url = "https://addons.mozilla.org/firefox/downloads/file/3363623/audiocontext_fingerprint_defender-${version}-an+fx.xpi";
sha256 = "0yfk5vqwjg4g25c98psj56sw3kv8imxav3nss4hbibflgla1h5pb";
};
phases = [ "buildPhase" ];
buildInputs = [ zip unzip jq ];
buildPhase = ''
mkdir -p $out/${extid}
unzip ${src} -d $out/${extid}
NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
cd $out/${extid}
zip -r -FS $out/${extid}.xpi *
rm -r $out/${extid}
'';
meta = with stdenv.lib; {
description = "Audio context fingerprint defender firefox browser addon";
homepage = https://mybrowseraddon.com/audiocontext-defender.html;
license = {
fullName = "Mozilla Public License Version 2.0";
shortName = "moz2";
spdxId = "mozilla-2.0";
url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
maintainers = [];
platforms = stdenv.lib.platforms.all;
};
}

View File

@ -1,40 +0,0 @@
{ stdenv, fetchurl, unzip, jq, zip }:
stdenv.mkDerivation rec {
pname = "canvas-fingerprint-defender-${version}";
version = "0.1.5";
extid = "@canvas-fingerprint-defender";
signed = false;
src = fetchurl {
url = "https://addons.mozilla.org/firefox/downloads/file/3362272/canvas_fingerprint_defender-${version}-an+fx.xpi?src=recommended";
sha256 = "1hg00zsrw7ij7bc222j83g2wm3ml1aj34zg5im1802cjq4qqvbld";
};
phases = [ "buildPhase" ];
buildInputs = [ zip unzip jq ];
buildPhase = ''
mkdir -p $out/${extid}
unzip ${src} -d $out/${extid}
NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
cd $out/${extid}
zip -r -FS $out/${extid}.xpi *
rm -r $out/${extid}
'';
meta = with stdenv.lib; {
description = "Canvas fingerprint defender firefox browser addon";
homepage = https://mybrowseraddon.com/webgl-defender.html;
license = {
fullName = "Mozilla Public License Version 2.0";
shortName = "moz2";
spdxId = "mozilla-2.0";
url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
maintainers = [];
platforms = stdenv.lib.platforms.all;
};
}

View File

@ -1,28 +0,0 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
pname = "dark-reader-${version}";
version = "4.8.1";
extid = "addon@darkreader.org";
signed = true;
src = fetchurl {
url = "https://addons.mozilla.org/firefox/downloads/file/3404143/dark_reader-${version}-an+fx.xpi";
sha256 = "0ic0i56jhmxymvy68bs5hqcjvdvw3vks5r58i2ygmpsm190rlldb";
};
phases = [ "installPhase" ];
installPhase = ''
install -D ${src} "$out/${extid}.xpi"
'';
meta = with stdenv.lib; {
description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing.";
homepage = https://github.com/darkreader/darkreader;
license = licenses.mit;
maintainers = [];
platforms = stdenv.lib.platforms.all;
};
}

View File

@ -1,18 +0,0 @@
with import <stockholm/lib>;
self: super:
let
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
override = self.callPackage path args;
upstream = optionalAttrs (override ? "name")
(super.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
override ? "name" &&
compareVersions upstream.name override.name != -1
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
else override;
in
mapNixDir (path: callPackage path {}) ./.

View File

@ -1,487 +0,0 @@
{ stdenv, lib, pkgs, makeDesktopItem, makeWrapper, lndir, replace, config
## various stuff that can be plugged in
, flashplayer, hal-flash
, MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2
, jrePlugin, icedtea_web
, bluejeans, djview4, adobe-reader
, fribid, gnome3/*.gnome-shell*/
, esteidfirefoxplugin ? ""
, browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow
, udev
, kerberos
}:
## configurability of the wrapper itself
browser:
let
wrapper =
{ browserName ? browser.browserName or (builtins.parseDrvName browser.name).name
, name ? (browserName + "-" + (builtins.parseDrvName browser.name).version)
, desktopName ? # browserName with first letter capitalized
(lib.toUpper (lib.substring 0 1 browserName) + lib.substring 1 (-1) browserName)
, nameSuffix ? ""
, icon ? browserName
, extraPlugins ? []
, extraPrefs ? ""
, extraExtensions ? [ ]
, allowNonSigned ? false
, disablePocket ? false
, disableTelemetry ? true
, disableDrmPlugin ? false
, showPunycodeUrls ? true
, disableFirefoxStudies ? true
, disableFirefoxSync ? false
, useSystemCertificates ? true
, dontCheckDefaultBrowser ? false
# For more information about anti tracking
# vist https://wiki.kairaven.de/open/app/firefox
, activateAntiTracking ? true
, disableFeedbackCommands ? true
, disableDNSOverHTTPS ? true
, disableGoogleSafebrowsing ? false
, clearDataOnShutdown ? false
, homepage ? "about:blank"
# For more information about policies visit
# https://github.com/mozilla/policy-templates#enterprisepoliciesenabled
, extraPolicies ? {}
, extraNativeMessagingHosts ? []
, gdkWayland ? false
}:
assert gdkWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used
let
# If extraExtensions has been set disable manual extensions
disableManualExtensions = if lib.count (x: true) extraExtensions > 0 then true else false;
cfg = config.${browserName} or {};
enableAdobeFlash = cfg.enableAdobeFlash or false;
ffmpegSupport = browser.ffmpegSupport or false;
gssSupport = browser.gssSupport or false;
jre = cfg.jre or false;
icedtea = cfg.icedtea or false;
supportsJDK =
stdenv.hostPlatform.system == "i686-linux" ||
stdenv.hostPlatform.system == "x86_64-linux" ||
stdenv.hostPlatform.system == "armv7l-linux" ||
stdenv.hostPlatform.system == "aarch64-linux";
plugins =
assert !(jre && icedtea);
if builtins.hasAttr "enableVLC" cfg
then throw "The option \"${browserName}.enableVLC\" has been removed since Firefox no longer supports npapi plugins"
else
([ ]
++ lib.optional enableAdobeFlash flashplayer
++ lib.optional (cfg.enableDjvu or false) (djview4)
++ lib.optional (cfg.enableMPlayer or false) (MPlayerPlugin browser)
++ lib.optional (supportsJDK && jre && jrePlugin ? mozillaPlugin) jrePlugin
++ lib.optional icedtea icedtea_web
++ lib.optional (cfg.enableFriBIDPlugin or false) fribid
++ lib.optional (cfg.enableGnomeExtensions or false) gnome3.gnome-shell
++ lib.optional (cfg.enableBluejeans or false) bluejeans
++ lib.optional (cfg.enableAdobeReader or false) adobe-reader
++ lib.optional (cfg.enableEsteid or false) esteidfirefoxplugin
++ extraPlugins
);
nativeMessagingHosts =
([ ]
++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass)
++ lib.optional (cfg.enableBukubrow or false) bukubrow
++ lib.optional (cfg.enableGnomeExtensions or false) chrome-gnome-shell
++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator
++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma-browser-integration
++ extraNativeMessagingHosts
);
libs = lib.optional stdenv.isLinux udev
++ lib.optional ffmpegSupport ffmpeg
++ lib.optional gssSupport kerberos
++ lib.optionals (cfg.enableQuakeLive or false)
(with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsaLib zlib ])
++ lib.optional (enableAdobeFlash && (cfg.enableAdobeFlashDRM or false)) hal-flash
++ lib.optional (config.pulseaudio or true) libpulseaudio;
gtk_modules = [ libcanberra-gtk2 ];
enterprisePolicies =
{
policies = {
DisableAppUpdate = true;
} // lib.optionalAttrs disableManualExtensions (
{
ExtensionSettings = {
"*" = {
blocked_install_message = "You can't have manual extension mixed with nix extensions";
installation_mode = "blocked";
};
} // lib.foldr (e: ret:
ret // {
"${e.extid}" = {
installation_mode = "allowed";
};
}
) {} extraExtensions;
}
) // lib.optionalAttrs disablePocket (
{
DisablePocket = true;
}
) // lib.optionalAttrs disableTelemetry (
{
DisableTelemetry = true;
}
) // lib.optionalAttrs disableFirefoxStudies (
{
DisableFirefoxStudies = true;
}
) // lib.optionalAttrs disableFirefoxSync (
{
DisableFirefoxAccounts = true;
}
) // lib.optionalAttrs useSystemCertificates (
{
# Disable useless firefox certificate store
Certificates = {
ImportEnterpriseRoots = true;
};
}
) // lib.optionalAttrs (
if lib.count (x: true) extraExtensions > 0 then true else false) (
{
# Don't try to update nix installed addons
DisableSystemAddonUpdate = true;
# But update manually installed addons
ExtensionUpdate = false;
}
) // lib.optionalAttrs dontCheckDefaultBrowser (
{
DontCheckDefaultBrowser = true;
}
)// lib.optionalAttrs disableDNSOverHTTPS (
{
DNSOverHTTPS = {
Enabled = false;
};
}
) // lib.optionalAttrs clearDataOnShutdown (
{
SanitizeOnShutdown = true;
}
) // lib.optionalAttrs disableFeedbackCommands (
{
DisableFeedbackCommands = true;
}
) // lib.optionalAttrs ( if homepage == "" then false else true) (
{
Homepage = {
URL = homepage;
Locked = true;
};
}
) // extraPolicies ;} ;
extensions = builtins.map (a:
if ! (builtins.hasAttr "signed" a) || ! (builtins.isBool a.signed) then
throw "Addon ${a.pname} needs boolean attribute 'signed' "
else if ! (builtins.hasAttr "extid" a) || ! (builtins.isString a.extid) then
throw "Addon ${a.pname} needs a string attribute 'extid'"
else if a.signed == false && !allowNonSigned then
throw "Disable signature checking in firefox if you want ${a.pname} addon"
else a
) extraExtensions;
policiesJson = builtins.toFile "policies.json"
(builtins.toJSON enterprisePolicies);
mozillaCfg = builtins.toFile "mozilla.cfg" ''
// First line must be a comment
// Remove default top sites
lockPref("browser.newtabpage.pinned", "");
lockPref("browser.newtabpage.activity-stream.default.sites", "");
// Deactivate first run homepage
lockPref("browser.startup.firstrunSkipsHomepage", false);
// If true, don't show the privacy policy tab on first run
lockPref("datareporting.policy.dataSubmissionPolicyBypassNotification", true);
${
if allowNonSigned == true then
''lockPref("xpinstall.signatures.required", false)''
else
""
}
${
if showPunycodeUrls == true then
''
lockPref("network.IDN_show_punycode", true);
''
else
""
}
${
if disableManualExtensions == true then
''
lockPref("extensions.getAddons.showPane", false);
lockPref("extensions.htmlaboutaddons.recommendations.enabled", false);
lockPref("app.update.auto", false);
''
else
""
}
${
if disableDrmPlugin == true then
''
lockPref("media.gmp-gmpopenh264.enabled", false);
lockPref("media.gmp-widevinecdm.enabled", false);
''
else
""
}
${
if activateAntiTracking == true then
''
// Tracking
lockPref("browser.send_pings", false);
lockPref("browser.send_pings.require_same_host", true);
lockPref("network.dns.disablePrefetch", true);
lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false);
lockPref("browser.search.geoip.url", "");
lockPref("privacy.firstparty.isolate", true);
lockPref("privacy.userContext.enabled", true);
lockPref("privacy.userContext.ui.enabled", true);
lockPref("privacy.firstparty.isolate.restrict_opener_access", false);
lockPref("network.http.referer.XOriginPolicy", 1);
lockPref("network.http.referer.hideOnionSource", true);
lockPref(" privacy.spoof_english", true);
// This option is currently not usable because of bug:
// https://bugzilla.mozilla.org/show_bug.cgi?id=1557620
// lockPref("privacy.resistFingerprinting", true);
''
else ""
}
${
if disableTelemetry == true then
''
// Telemetry
lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false);
lockPref("browser.ping-centre.telemetry", false);
lockPref("devtools.onboarding.telemetry.logged", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.bhrPing.enabled", false);
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.firstShutdownPing.enabled", false);
lockPref("toolkit.telemetry.hybridContent.enabled", false);
lockPref("toolkit.telemetry.newProfilePing.enabled", false);
lockPref("toolkit.telemetry.shutdownPingSender.enabled", false);
lockPref("toolkit.telemetry.reportingpolicy.firstRun", false);
lockPref("dom.push.enabled", false);
lockPref("browser.newtabpage.activity-stream.feeds.snippets", false);
lockPref("security.ssl.errorReporting.enabled", false);
''
else ""
}
${
if disableGoogleSafebrowsing == true then
''
// Google data sharing
lockPref("browser.safebrowsing.blockedURIs.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.safebrowsing.passwords.enabled", false);
lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.safebrowsing.phishing.enabled", false);
lockPref("browser.safebrowsing.provider.mozilla.gethashURL", "");
lockPref("browser.safebrowsing.provider.mozilla.updateURL", "");
''
else ""
}
// User customization
${extraPrefs}
'';
in stdenv.mkDerivation {
inherit name;
desktopItem = makeDesktopItem {
name = browserName;
exec = "${browserName}${nameSuffix} %U";
inherit icon;
comment = "";
desktopName = "${desktopName}${nameSuffix}${lib.optionalString gdkWayland " (Wayland)"}";
genericName = "Web Browser";
categories = "Application;Network;WebBrowser;";
mimeType = stdenv.lib.concatStringsSep ";" [
"text/html"
"text/xml"
"application/xhtml+xml"
"application/vnd.mozilla.xul+xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
"x-scheme-handler/ftp"
];
};
nativeBuildInputs = [ makeWrapper lndir ];
buildInputs = lib.optional (browser ? gtk3) browser.gtk3;
buildCommand = lib.optionalString stdenv.isDarwin ''
mkdir -p $out/Applications
cp -R --no-preserve=mode,ownership ${browser}/Applications/${browserName}.app $out/Applications
rm -f $out${browser.execdir or "/bin"}/${browserName}
'' + ''
# Link the runtime. The executable itself has to be copied,
# because it will resolve paths relative to its true location.
# Any symbolic links have to be replicated as well.
cd "${browser}"
find . -type d -exec mkdir -p "$out"/{} \;
find . -type f \( -not -name "${browserName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \;
find . -type f -name "${browserName}" -print0 | while read -d $'\0' f; do
cp -P --no-preserve=mode,ownership "${browser}/$f" "$out/$f"
chmod a+rwx "$out/$f"
done
# fix links and absolute references
cd "${browser}"
find . -type l -print0 | while read -d $'\0' l; do
target="$(readlink "$l" | ${replace}/bin/replace-literal -es -- "${browser}" "$out")"
ln -sfT "$target" "$out/$l"
done
# This will not patch binaries, only "text" files.
# Its there for the wrapper mostly.
cd "$out"
${replace}/bin/replace-literal -esfR -- "${browser}" "$out"
# create the wrapper
executablePrefix="$out${browser.execdir or "/bin"}"
executablePath="$executablePrefix/${browserName}"
if [ ! -x "$executablePath" ]
then
echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'"
exit 1
fi
if [ ! -L "$executablePath" ]
then
# Careful here, the file at executablePath may already be
# a wrapper. That is why we postfix it with -old instead
# of -wrapped.
oldExe="$executablePrefix"/".${browserName}"-old
mv "$executablePath" "$oldExe"
else
oldExe="$(readlink -v --canonicalize-existing "$executablePath")"
fi
makeWrapper "$oldExe" "$out${browser.execdir or "/bin"}/${browserName}${nameSuffix}" \
--suffix-each MOZ_PLUGIN_PATH ':' "$plugins" \
--suffix LD_LIBRARY_PATH ':' "$libs" \
--suffix-each GTK_PATH ':' "$gtk_modules" \
--suffix-each LD_PRELOAD ':' "$(cat $(filterExisting $(addSuffix /extra-ld-preload $plugins)))" \
--prefix-contents PATH ':' "$(filterExisting $(addSuffix /extra-bin-path $plugins))" \
--suffix PATH ':' "$out${browser.execdir or "/bin"}" \
--set MOZ_APP_LAUNCHER "${browserName}${nameSuffix}" \
--set MOZ_SYSTEM_DIR "$out/lib/mozilla" \
${lib.optionalString gdkWayland ''
--set GDK_BACKEND "wayland" \
''}${lib.optionalString (browser ? gtk3)
''--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
--suffix XDG_DATA_DIRS : '${gnome3.adwaita-icon-theme}/share'
''
}
if [ -e "${browser}/share/icons" ]; then
mkdir -p "$out/share"
ln -s "${browser}/share/icons" "$out/share/icons"
else
for res in 16 32 48 64 128; do
mkdir -p "$out/share/icons/hicolor/''${res}x''${res}/apps"
icon=( "${browser}/lib/"*"/browser/chrome/icons/default/default''${res}.png" )
if [ -e "$icon" ]; then ln -s "$icon" \
"$out/share/icons/hicolor/''${res}x''${res}/apps/${browserName}.png"
fi
done
fi
install -D -t $out/share/applications $desktopItem/share/applications/*
mkdir -p $out/lib/mozilla
for ext in ${toString nativeMessagingHosts}; do
lndir -silent $ext/lib/mozilla $out/lib/mozilla
done
# For manpages, in case the program supplies them
mkdir -p $out/nix-support
echo ${browser} > $out/nix-support/propagated-user-env-packages
# user customization
mkdir -p $out/lib/firefox
# creating policies.json
mkdir -p "$out/lib/firefox/distribution"
cat > "$out/lib/firefox/distribution/policies.json" < ${policiesJson}
# preparing for autoconfig
mkdir -p "$out/lib/firefox/defaults/pref"
cat > "$out/lib/firefox/defaults/pref/autoconfig.js" <<EOF
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF
cat > "$out/lib/firefox/mozilla.cfg" < ${mozillaCfg}
mkdir -p $out/lib/firefox/distribution/extensions
for i in ${toString extensions}; do
ln -s -t $out/lib/firefox/distribution/extensions $i/*
done
'';
preferLocalBuild = true;
# Let each plugin tell us (through its `mozillaPlugin') attribute
# where to find the plugin in its tree.
plugins = map (x: x + x.mozillaPlugin) plugins;
libs = lib.makeLibraryPath libs + ":" + lib.makeSearchPathOutput "lib" "lib64" libs;
gtk_modules = map (x: x + x.gtkModule) gtk_modules;
passthru = { unwrapped = browser; };
disallowedRequisites = [ stdenv.cc ];
meta = browser.meta // {
description =
browser.meta.description
+ " (with plugins: "
+ lib.concatStrings (lib.intersperse ", " (map (x: x.name) plugins))
+ ")";
hydraPlatforms = [];
priority = (browser.meta.priority or 0) - 1; # prefer wrapper over the package
};
};
in
lib.makeOverridable wrapper

View File

@ -1,40 +0,0 @@
{ stdenv, fetchurl, unzip, jq, zip }:
stdenv.mkDerivation rec {
pname = "font-fingerprint-defender-${version}";
version = "0.1.0";
extid = "@font-fingerprint-defender";
signed = false;
src = fetchurl {
url = "https://addons.mozilla.org/firefox/downloads/file/3387637/font_fingerprint_defender-${version}-an+fx.xpi";
sha256 = "1aidkvisnx6qd7hn2x756rvzmbnaz6laqbwq0j5yd86g1kc56dr0";
};
phases = [ "buildPhase" ];
buildInputs = [ zip unzip jq ];
buildPhase = ''
mkdir -p $out/${extid}
unzip ${src} -d $out/${extid}
NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
cd $out/${extid}
zip -r -FS $out/${extid}.xpi *
rm -r $out/${extid}
'';
meta = with stdenv.lib; {
description = "Font fingerprint defender firefox browser addon";
homepage = https://mybrowseraddon.com/font-defender.html;
license = {
fullName = "Mozilla Public License Version 2.0";
shortName = "moz2";
spdxId = "mozilla-2.0";
url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
maintainers = [];
platforms = stdenv.lib.platforms.all;
};
}

View File

@ -1,45 +0,0 @@
{ stdenv, fetchurl, pkgs, makeWrapper, lib }:
stdenv.mkDerivation rec {
name = "${pname}-${version}";
pname = "hopper";
version = "4.5.16";
rev = "v${lib.versions.major version}";
src = fetchurl {
url = "https://d2ap6ypl1xbe4k.cloudfront.net/Hopper-${rev}-${version}-Linux.pkg.tar.xz";
sha256 = "0gjnn7f6ibfx46k4bbj8ra7k04s0mrpq7316brgzks6x5yd1m584";
};
sourceRoot = ".";
ldLibraryPath = with pkgs; stdenv.lib.makeLibraryPath [
libbsd.out libffi.out gmpxx.out python27Full.out python27Packages.libxml2.out qt5.qtbase zlib xlibs.libX11.out xorg_sys_opengl.out xlibs.libXrender.out gcc-unwrapped.lib
];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
mkdir -p $out/lib
mkdir -p $out/share
cp $sourceRoot/opt/hopper-${rev}/bin/Hopper $out/bin/hopper
cp -r $sourceRoot/opt/hopper-${rev}/lib $out
cp -r $sourceRoot/usr/share $out/share
patchelf \
--set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \
$out/bin/hopper
# Details: https://nixos.wiki/wiki/Qt
wrapProgram $out/bin/hopper \
--suffix LD_LIBRARY_PATH : ${ldLibraryPath} \
--suffix QT_PLUGIN_PATH : ${pkgs.qt5.qtbase}/lib/qt-${pkgs.qt5.qtbase.qtCompatVersion}/plugins
'';
meta = {
homepage = "https://www.hopperapp.com/index.html";
description = "A macOS and Linux Disassembler";
license = stdenv.lib.licenses.unfree;
maintainers = [ stdenv.lib.maintainers.luis ];
platforms = stdenv.lib.platforms.linux;
};
}

View File

@ -1,29 +0,0 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
pname = "https-everywhere-${version}";
version = "2019.6.27";
extid = "https-everywhere@eff.org";
signed = true;
src = fetchurl {
url = "https://addons.mozilla.org/firefox/downloads/file/3060290/https_everywhere-${version}-an+fx.xpi";
sha256 = "0743lhn9phn7n6c0886h9ddn1n8vhzbl0vrw177zs43995aj3frp";
};
phases = [ "installPhase" ];
installPhase = ''
install -D ${src} "$out/${extid}.xpi"
'';
meta = {
description = "Https everywhere browser addon";
homepage = https://www.eff.org/https-everywhere;
license = stdenv.lib.licenses.gpl2Plus;
maintainers = [];
platforms = stdenv.lib.platforms.all;
};
}

View File

@ -1,26 +0,0 @@
{ lib, python37Packages }:
python37Packages.buildPythonPackage rec {
pname = "pyocclient";
version = "0.4";
src = python37Packages.fetchPypi {
inherit pname version;
sha256 = "19k3slrk2idixsdw61in9a3jxglvkigkn5kvwl37lj8hrwr4yq6q";
};
doCheck = false;
propagatedBuildInputs = with python37Packages; [
requests
six
];
meta = with lib; {
homepage = https://github.com/owncloud/pyocclient/;
description = "Nextcloud / Owncloud library for python";
license = licenses.mit;
maintainers = with maintainers; [ ];
};
}

View File

@ -1,34 +0,0 @@
{ stdenv, fetchgit, makeWrapper, lib, pkgs ? import <nixpkgs> {} }:
with pkgs;
stdenv.mkDerivation rec {
name = "rmount-${version}";
version = "1.0.1";
rev = "v${version}";
src = fetchgit {
rev = "9df124780d2e66f01c70afaecf92090669c5ffb6";
url = "https://github.com/Luis-Hebendanz/rmount";
sha256 = "0ydb6sspfnfa3y6gg1r8sk4r58il6636lpqwb2rw7dzmb4b8hpd2";
};
buildInputs = [ stdenv makeWrapper ];
installPhase = ''
mkdir -p $out/bin
mkdir -p $out/share/man/man1
cp ${src}/rmount.man $out/share/man/man1/rmount.1
cp ${src}/rmount.bash $out/bin/rmount-noenv
cp ${src}/config.json $out/share/config.json
chmod +x $out/bin/rmount-noenv
makeWrapper $out/bin/rmount-noenv $out/bin/rmount \
--prefix PATH : ${lib.makeBinPath [ nmap jq cifs-utils sshfs ]}
'';
meta = {
homepage = "https://github.com/Luis-Hebendanz/rmount";
description = "Remote mount utility which parses a json file";
license = stdenv.lib.licenses.mit;
};
}

View File

@ -1,28 +0,0 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
pname = "ublock-origin-${version}";
version = "1.21.2";
extid = "uBlock0@raymondhill.net";
signed = true;
src = fetchurl {
url = "https://addons.mozilla.org/firefox/downloads/file/3361355/ublock_origin-${version}-an+fx.xpi";
sha256 = "0ypdq3z61mrymknl37qlq6379bx9f2fsgbgr0czbhqs9f2vwszkc";
};
phases = [ "installPhase" ];
installPhase = ''
install -D ${src} "$out/${extid}.xpi"
'';
meta = with stdenv.lib; {
description = "ublock origin firefox browser addon";
homepage = https://github.com/gorhill/uBlock;
license = licenses.gpl3;
maintainers = [];
platforms = stdenv.lib.platforms.all;
};
}

View File

@ -1,40 +0,0 @@
{ stdenv, fetchurl, unzip, jq, zip }:
stdenv.mkDerivation rec {
pname = "user-agent-switcher-${version}";
version = "0.3.2";
extid = "@user-agent-switcher";
signed = false;
src = fetchurl {
url = "https://addons.mozilla.org/firefox/downloads/file/3370255/user_agent_switcher_and_manager-${version}-an+fx.xpi";
sha256 = "0lrw1xf6fsxr47bifkayfxpysv8s2p9ghmbmw2s7ymhrgy42i6v5";
};
phases = [ "buildPhase" ];
buildInputs = [ zip unzip jq ];
buildPhase = ''
mkdir -p $out/${extid}
unzip ${src} -d $out/${extid}
NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
cd $out/${extid}
zip -r -FS $out/${extid}.xpi *
rm -r $out/${extid}
'';
meta = with stdenv.lib; {
description = "User agent switcher";
homepage = https://add0n.com/useragent-switcher.html;
license = {
fullName = "Mozilla Public License Version 2.0";
shortName = "moz2";
spdxId = "mozilla-2.0";
url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
maintainers = [];
platforms = stdenv.lib.platforms.all;
};
}

View File

@ -1,40 +0,0 @@
{ stdenv, fetchurl, unzip, jq, zip }:
stdenv.mkDerivation rec {
pname = "webgl-fingerprint-defender-${version}";
version = "0.1.2";
extid = "@webgl-fingerprint-defender";
signed = false;
src = fetchurl {
url = "https://addons.mozilla.org/firefox/downloads/file/3362869/webgl_fingerprint_defender-${version}-an+fx.xpi";
sha256 = "06hfr5hxr4qw0jx6i9fi9gdk5211z08brnvqj2jlmpyc3dwl4pif";
};
phases = [ "buildPhase" ];
buildInputs = [ zip unzip jq ];
buildPhase = ''
mkdir -p $out/${extid}
unzip ${src} -d $out/${extid}
NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json)
echo "$NEW_MANIFEST" > $out/${extid}/manifest.json
cd $out/${extid}
zip -r -FS $out/${extid}.xpi *
rm -r $out/${extid}
'';
meta = with stdenv.lib; {
description = "Canvas defender firefox browser addon";
homepage = https://mybrowseraddon.com/webgl-defender.html;
license = {
fullName = "Mozilla Public License Version 2.0";
shortName = "moz2";
spdxId = "mozilla-2.0";
url = "https://www.mozilla.org/en-US/MPL/2.0/"; };
maintainers = [];
platforms = stdenv.lib.platforms.all;
};
}

View File

@ -1,25 +0,0 @@
{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig
, wayland, wayland-protocols }:
stdenv.mkDerivation rec {
pname = "wl-clipboard";
version = "2.0.0";
src = fetchFromGitHub {
owner = "bugaevc";
repo = "wl-clipboard";
rev = "v${version}";
sha256 = "0c4w87ipsw09aii34szj9p0xfy0m00wyjpll0gb0aqmwa60p0c5d";
};
nativeBuildInputs = [ meson ninja pkgconfig wayland-protocols ];
buildInputs = [ wayland ];
meta = with stdenv.lib; {
description = "Command-line copy/paste utilities for Wayland";
homepage = https://github.com/bugaevc/wl-clipboard;
license = licenses.gpl3;
maintainers = with maintainers; [ dywedir ];
platforms = platforms.linux;
};
}

View File

@ -1,18 +0,0 @@
with import <stockholm/lib>;
self: super:
let
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
override = self.callPackage path args;
upstream = optionalAttrs (override ? "name")
(super.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
override ? "name" &&
compareVersions upstream.name override.name != -1
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
else override;
in
mapNixDir (path: callPackage path {}) ./.

View File

@ -1,9 +0,0 @@
{ pkgs, ... }:
{
imports = [
../krebs
./2configs
];
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
}

View File

@ -1,43 +0,0 @@
{ name }: let
inherit (import ../krebs/krops.nix { inherit name; })
krebs-source
lib
pkgs
;
source = { test }: lib.evalSource [
(krebs-source { test = test; })
{
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
nixpkgs-unstable.git = {
url = "https://github.com/nixos/nixpkgs";
ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
};
secrets = if test then {
file = toString ./2configs/tests/dummy-secrets;
} else {
file = "${lib.getEnv "HOME"}/secrets/${name}";
};
}
{
home-manager.git = {
url = https://github.com/rycee/home-manager;
ref = "2ccbf43";
};
}
];
in {
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
source = source { test = false; };
inherit target;
};
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
test = { target }: pkgs.krops.writeTest "${name}-test" {
force = true;
inherit target;
source = source { test = true; };
};
}

View File

@ -1,4 +1,4 @@
with import <stockholm/lib>; with import ../../lib;
{ config, ... }: { config, ... }:
let let
hostDefaults = hostName: host: flip recursiveUpdate host ({ hostDefaults = hostName: host: flip recursiveUpdate host ({

18
kartei/default.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, lib, ... }: let
removeTemplate =
# TODO don't remove during CI
lib.flip builtins.removeAttrs ["template"];
in {
config =
lib.mkMerge
(lib.mapAttrsToList
(name: _type: let
path = ./. + "/${name}";
in {
krebs = import path { inherit config; };
})
(removeTemplate
(lib.filterAttrs
(_name: type: type == "directory")
(builtins.readDir ./.))));
}

View File

@ -1,4 +1,4 @@
with import <stockholm/lib>; with import ../../lib;
{ config, ... }: let { config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({ hostDefaults = hostName: host: flip recursiveUpdate host ({

View File

@ -1,4 +1,4 @@
with import <stockholm/lib>; with import ../../lib;
{ config, ... }: { config, ... }:
let let
maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else []; maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else [];
@ -82,6 +82,8 @@ in
"makanek.r" "makanek.r"
"makanek.kmein.r" "makanek.kmein.r"
"grafana.kmein.r" "grafana.kmein.r"
"alertmanager.kmein.r"
"prometheus.kmein.r"
"names.kmein.r" "names.kmein.r"
"graph.r" "graph.r"
"rrm.r" "rrm.r"
@ -138,6 +140,28 @@ in
wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ=";
}; };
}; };
tabula = {
nets.retiolum = {
ip4.addr = "10.243.2.78";
aliases = [ "tabula.r" "tabula.kmein.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA4cdFDoKRA9t+r686w6gH1u4UjEQJBmhsf3tkPEkv7nyVr4ahcZQk
rQwlhNRJwv0wekwO0qG19VoAmBkVMzYu5JWn9WeYfIEUtP3ndPa7tqWQ4qIkYh8q
4KQ03Y3CZav5ClK9rLO7gj+dsP+BhVdqhte4pJANs4CyglYkyu6p0P4+R2P0tfcq
LTl8RB+SXuafqzhoQD+yhhA1HR8O1o9gHJjKiEVrSLwSFfD8WWH55yeWzIYAbuv8
8a5VzhS5zvDYUFTP1WUPTeGlKsJdslSZqsrZmBDpkh1iEpRzQUnwQNMJ/uGXIldE
3FKKoL9LKlvr1Iz9IcuxO4QLk+DoC8+Jc7yQrwIiQQCwAfwdyY6KcRDAqna1WZRd
MFRvPd6y1BmLVJMG43VpWm5POE9Gw5nj5IzSNAFshoNljf246y2+wf8EtULqtrJD
DMckquiYRnzQPco9PgjLfH/6SnlB/oXhvT4+rB4KceSoFKOLWq1pFogDGDy0xyB0
ufkPsXiYE2KRnkozDJWlKSqrkM3GSR2lTM5cAmLh8VzxkI6LeJu8/6qxFa6J6tn4
+kH8yjbcLqjmuUykfOZ2eL4GniaFexDvZcGgLD1I5f1ylEmSuU6boyx83WkCH7NH
1cmaBDQsy4x0gMUYlLDVDW7X2PECoq5mQ61FHBNkdNOujOM/JPnYf4UCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "eZsnMScJdH5k/W3Y5fILnz5Kc01R+dRzjjE/cnu96VF";
};
};
tahina = { tahina = {
nets.retiolum = { nets.retiolum = {
ip4.addr = "10.243.2.74"; ip4.addr = "10.243.2.74";

View File

@ -1,4 +1,4 @@
with import <stockholm/lib>; with import ../../lib;
{ config, ... }: let { config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({ hostDefaults = hostName: host: flip recursiveUpdate host ({
@ -78,6 +78,7 @@ in {
"build.r" "build.r"
"build.hotdog.r" "build.hotdog.r"
"ca.r" "ca.r"
"calendar.r"
"cgit.hotdog.r" "cgit.hotdog.r"
"irc.r" "irc.r"
"wiki.r" "wiki.r"
@ -164,12 +165,20 @@ in {
ponte = { ponte = {
cores = 1; cores = 1;
owner = config.krebs.users.krebs; owner = config.krebs.users.krebs;
extraZones = {
"krebsco.de" = /* bindzone */ ''
krebsco.de. 60 IN A ${config.krebs.hosts.ponte.nets.internet.ip4.addr}
'';
};
nets = rec { nets = rec {
internet = { internet = {
ip4 = { ip4 = rec {
addr = "141.147.36.79"; addr = "141.147.36.79";
prefix = "0.0.0.0/0"; prefix = "${addr}/32";
}; };
aliases = [
"ponte.i"
];
}; };
retiolum = { retiolum = {
via = internet; via = internet;

View File

@ -1,12 +1,6 @@
with import <stockholm/lib>; with import ../../lib;
{ config, ... }: let { config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host {
ci = true;
monitoring = true;
owner = config.krebs.users.lass;
};
r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address;
w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address;
@ -16,6 +10,7 @@ in {
}; };
hosts = mapAttrs (_: recursiveUpdate { hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass; owner = config.krebs.users.lass;
consul = true;
ci = true; ci = true;
monitoring = true; monitoring = true;
}) { }) {
@ -64,11 +59,12 @@ in {
cores = 4; cores = 4;
extraZones = { extraZones = {
"krebsco.de" = '' "krebsco.de" = ''
cache IN A ${nets.internet.ip4.addr} cache 60 IN A ${nets.internet.ip4.addr}
p IN A ${nets.internet.ip4.addr} p 60 IN A ${nets.internet.ip4.addr}
c IN A ${nets.internet.ip4.addr} c 60 IN A ${nets.internet.ip4.addr}
paste IN A ${nets.internet.ip4.addr} paste 60 IN A ${nets.internet.ip4.addr}
prism IN A ${nets.internet.ip4.addr} prism 60 IN A ${nets.internet.ip4.addr}
social 60 IN A ${nets.internet.ip4.addr}
''; '';
"lassul.us" = '' "lassul.us" = ''
$TTL 3600 $TTL 3600
@ -78,7 +74,7 @@ in {
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
IN MX 5 mail.lassul.us. IN MX 5 mail.lassul.us.
60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT "v=spf1 mx -all"
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
@ -418,6 +414,7 @@ in {
}; };
xerxes = { xerxes = {
cores = 2; cores = 2;
consul = false;
nets = rec { nets = rec {
retiolum = { retiolum = {
ip4.addr = "10.243.1.3"; ip4.addr = "10.243.1.3";
@ -592,7 +589,53 @@ in {
syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
}; };
massulus = {
cores = 1;
ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.0.113";
ip6.addr = r6 "113";
aliases = [
"massulus.r"
];
tinc = {
pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt
ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN
ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K
zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3
F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e
v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd
kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF
LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW
EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb
KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl
oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00
yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ==
-----END PUBLIC KEY-----
'';
pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM";
port = 1655;
};
};
wiregrill = {
ip6.addr = w6 "113";
aliases = [
"massulus.w"
];
wireguard.pubkey = ''
4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ=
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 ";
};
phone = { phone = {
consul = false;
nets = { nets = {
wiregrill = { wiregrill = {
ip4.addr = "10.244.1.13"; ip4.addr = "10.244.1.13";
@ -608,6 +651,7 @@ in {
syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
}; };
tablet = { tablet = {
consul = false;
nets = { nets = {
wiregrill = { wiregrill = {
ip4.addr = "10.244.1.14"; ip4.addr = "10.244.1.14";
@ -622,6 +666,7 @@ in {
ci = false; ci = false;
}; };
hilum = { hilum = {
consul = false;
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
@ -797,6 +842,7 @@ in {
}; };
lasspi = { lasspi = {
consul = false;
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
@ -840,6 +886,7 @@ in {
}; };
domsen-pixel = { domsen-pixel = {
consul = false;
nets = { nets = {
wiregrill = { wiregrill = {
ip4.addr = "10.244.1.17"; ip4.addr = "10.244.1.17";

157
kartei/lass/pgp/yubikey.pgp Normal file
View File

@ -0,0 +1,157 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF2iTTQBEAChyVXMTAd7NWUHV1iepW+ZjvCedpr5AQR7kT6btSYPJCjiCNEy
aCesw0OFyodQDhEZhKldBdvCnvTxKF/GtBuSKrvFhm7uxJgtT7/VS82IB57Ezmog
3AaX95D7tRHKf0I0coWKk+5Yaq2SpNyjTYmG65y93/Hf1PMt4v+oySGfEz/f+R4P
rsyIJBfpXOyVKwd7zy4Hj0mqzbsNy9aP7Fk3zMUv+M3A0D33XCd+dm/ogzQpI4vw
xlzd5my5R+b7uGwrCHZg9Egp4gbeSChgQc/5ZIcYrUncVVP6OMAjlHfdJFQEOmru
eLtuoXwSSSlU8c85O2PV/1/ClkrGGn2zT+UmKnOz1RK405MCOB35wkyboZ4efk2m
28LVoYRaoN1yTW7c3CsHpOAIXLsP91LmcHmRI59UHAkNmtlZKS95titv6Dwe3yZj
iyOE7McfxpxR0K9P3vUSr42XRYHLJFQuZDCDeReMomGzy8X9EQhUi0cH1BcfZfSD
dvcXC9IWpdWickU2wFkDkTECSyJTbC4JPpTQQtj/LAP+zya3tdobnpPn9Msj99WX
yLFkKUGWy9yxmDRYst6ErAZMY84J+dqZkm+mLQw9x1jKWIVZDNlwP+Jrz7VMqc1g
S2gg1BVl6Nts8Z7foZV6w5IYLr7g3noUm7+NhD83jKTJw8AsHU5RIaJnwwARAQAB
tB1sYXNzdWx1cyA8bGFzc3VsdXNAbGFzc3VsLnVzPokCTAQTAQoANhYhBNvNdXhG
Bps5LqlAHWZXvoqNHugHBQJdok00AhsBBAsJCAcEFQoJCAUWAgMBAAIeAQIXgAAK
CRBmV76KjR7oB3AdD/0TaW3wUWaUhNr5B3clDrTOHL94Ztzsg/Xjr1b/KT1sygad
WAanuwGvdmFr4x+eshrTijIXmh5giBwi+QnG7+VX2hlOKuJ+j+0zR2n7i4KVwAuQ
SRcQ8TGnBCrWLl80NjnGOky5Nmq4qCzpxhtuFcWixaqlBa3GnXDfecDfBDrcD1T9
z63gPJ2Ghovoub1UGp01A+4ZBXD4yc1ZEGmhLFA8Aih4BPdsD6cfXWsAi5Nx8FmC
KvNEg4FeMGV13ZEAF8cxaIS/xq9R2xdgYt+lImaDson/ODIoeg+k5B9ntSGs2H9N
YoFDlSiB4/a6mBkZm6BA649aL2FjbfOaIB3V07ynzkrSDeUvES9ybnyqbkvd2Slf
4us4me9zroOo2UQn1fJVWfPFRFb7aAoBIAIHNVmf1vtMYe9tQQ5o1Mcxb0sixaqO
To4fBaaz1WOtrH6NdEWD3OHUkJrFJb/2dVfvR4bHxdWxtF+WdKkbRfdRmYPVAwVf
PhasEaaTOZ5r0QghOnjF0YL0YAqvJLx/roz54mNTgavH5BzXjYd9koW0csbWghXd
p7BfBwGjfaJfPq6MK+Ifk0WH2Dr5mbSFUw1QdEx9dYZJUDuwu7np5ctd62sjZkwY
ppZlgf+gp+OVjGz+yiTAlQ3PB3wCs23qKtdypxsA7G056TNNkwMcBLN16ngLD7kC
DQRdok2SARAA/FdD3ji4pAe3C8ziLQfxq2LJX2QPmySoqr0nZWZ2XmZu58w9fVZh
SSaKpdmqXfR1qSxIw8Pz+7i5Hh2dcG6dJleAMNYYTc7sm4EUDqLtUaQSNVtXrmCE
SwWcsOPybgHwQNIBd6CTgtQON+iNe6xA/b6nLw5/4ITalkTe43Kv3yVZbvo7X8x+
c+eIyhYx1UZjbndagH26FXB+WJ22QsNgQrPAYdltn57eQ2m8u9LBCtQl00DLUbv4
+1SDvVAlal3Es62m0u97tKx2FOoJBehMBc+Czle5/6hS6xKgKgArdKfUcfLch7Au
FtOd2n+HpCCUskApEgH9s7pcMFmioL9V366x1sgTZoRE+qhs81255hjnK8oWQ6+E
F+D3YHPKb8b9wDLMfvwXZLPQPyNpAuDczDBrbAZ7s2CvQ4icOYJLBGzQo0bHAHTs
N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs
8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4
bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr
s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE
cgQYAQoAJgIbAhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY99AkDB
dCAEGQEKAB0WIQRUCi2fioiGp7ze92x+F4aKnXyczwUCXaJNkgAKCRB+F4aKnXyc
z0NXEAC6pfuLO111u22Qh83rlHlck+PPs1GDQAjwb7WqeS8Xdza582Mv74ElK+Vu
L/ai/3ZL7QI8XTwTiQOweMD8kzvzYPqUN9JmW1bhgEGqQll22I8SVwioiEzoRft+
zcCD9GNRU9vi1iQfbTFw2HKX7RF0G5K9HT4o5dcF+g2azJAzj+FQqJZbe8Y5k4GZ
g81y8BBwyz6ngPkkdBw7LGC1fKJdT9XG9RYjtwfojt1pENMVHcvjNegitHCoSDEi
qh/ZmbiyagcMt9fEZCtyOPp4qSf+C39PupjGeFwbmC5LYPAhrLlzvFXXG4HukOAz
U6fnqF4PbUMji+1dedOSOjv/qGzDZ7pMFyfb3l8R6S8G6lhXBrN58FKWvZ/fHGUO
93fkPm1ZlFUaynPE7XkNxNpOCU5421GdgZHAfAT+2InQbS7AZ+9ojTF57G6GdN+8
SSknhIn+IyX4Wk7DsjfkfubPwytE0yO1H4SzyDO7DuE0SuZuHRItm912g+eq32QX
xrIDWLPVf0qIGSSPcRu8j32NiN0MObmWzEJkotJfiv0ynbforoMwaWJ9E3YB91fO
JeE8AFCQoTmbuRyfWAAuf0xyDkeB5dN3FqfpA/fnKAO2Y2V0kYQ/4BYBnhHBoUrw
/f+ipD/xeGeTAfmfZI93xZCqeV2+u1qNTNR6C8lSy0tLkHVMVAkQZle+io0e6Afj
AQ/+Lzh1018ILwq/IvV57GrjsYp2lBlcp2n/jZ5KlCVpVPsYjkGT+e2XYvcloPBK
IXzkHr88/U4iyJGJeIC+a/pYJ6RpR6EzPb1kDB2i0kGbZinoxZwix0b4wvkMoSbT
KDMkZYEIe0/v6CEU3mCbE9gnNWhPSF+XwXYxNyFNfMqaSqx4mjC6LAuFZA4AgqHB
uGudBgeIQ+sP8zJTSHKtePgK1JgAMYPGUHgfJHE3tcMDxMgKr2x3PN1Z6/YH/ifZ
wq1oUFPbB0LGZhkwrSDzgIya5FBoBfnawAwbh562LRuphHdqk+wBYigfFBztbmQx
MqtA6pmH+k8vNUq6QY/CbZfvcpkRAAR1ib2QaZYXTlq7jqb+nLM9EbACxj9651SQ
D7u4ShvPtxqFf+mv/4eHYx2akBIIUQYAf5OYGnE3E0kqiuK4qHKgt1NI5z1mSd9D
duWIuoRbBUrApTKsHgwtMxNrNVioGIE1dTRuu56drhwY2ZPyzVtSb7q/hRU/a3UZ
5S6EsrmDGIIlAHrgKfKfuerESE5VzN1Nn3QHpfjwX+gq51cosTqlRiu4oMesPk31
ZmPcuG6H/m7nGagX9+l00sDsqISqMG4lZCJAFa020OS/g6V3q6LCqggky6+4sQTG
5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLiJBGwEGAEKACACGwIW
IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCY1E8SAJAwXQgBBkBCgAdFiEEVAotn4qI
hqe83vdsfheGip18nM8FAl2iTZIACgkQfheGip18nM9DVxAAuqX7iztddbttkIfN
65R5XJPjz7NRg0AI8G+1qnkvF3c2ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA
/JM782D6lDfSZltW4YBBqkJZdtiPElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhy
l+0RdBuSvR0+KOXXBfoNmsyQM4/hUKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxg
tXyiXU/VxvUWI7cH6I7daRDTFR3L4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6
eKkn/gt/T7qYxnhcG5guS2DwIay5c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7
/6hsw2e6TBcn295fEekvBupYVwazefBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTa
TglOeNtRnYGRwHwE/tiJ0G0uwGfvaI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7m
z8MrRNMjtR+Es8gzuw7hNErmbh0SLZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99
jYjdDDm5lsxCZKLSX4r9Mp236K6DMGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9M
cg5HgeXTdxan6QP35ygDtmNldJGEP+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQ
qnldvrtajUzUegvJUstLS5B1TFQJEGZXvoqNHugHrtcP+waicH+WhpbvPoHJW//U
c7IwcrsOpWNuh0gKV1+LvBV9dGzGZDlhwsncMeNzT8tnxDwhD1CiJ1uzO2H1m+yX
CeljVnYFlP0sl9IT/AiV8NNiuaIpOc5RjRY1yvOZ017/J7Hyhnaw0iap1vNDNOwH
t7tzB1PvM3p6an4Jh0AJZF5adReQTbi9Zw7MW2Yf0XHTT4rFX+Mn5gcuvsV9n39d
6U3k5G6Hf1bSROsXNVwOwF6VbO8NvBm6ehgNyRcGsino/f82HRwvnQPhJgEakZ1h
WWUUnakK14mRRMUns8CMNfFh+50ciK1Q8kAVgYLVA1H1NXM0+68YZMl5CiiaD3pM
17flwcWUdkIu3uWAvc3hSCNw6i9F4Kx1yD/ZdiT0vBapa3ehUXIo5g79NcFl9xnQ
fnYG+nnl2bLZSHP8b+LZsGivOEZuBHoR2ComeTqqJxeT8ZsEdtLcloaSaf2Em2xf
b9OfhGOC7hKfS4HAlLFbEydWuZuA8EpTXd6eqINCFbOb9BjpKvSCCLs5S3s7T4WE
FQB7yHXQQgB1EzYaJxFZstkiD8exu/hiWfwVLaho09QbtPmt2u1lvbxiSxtCdphi
hoKc6wjhD8F9YM5xxitcF7iAV7oEDZ/1JVkvi/1gWFgW0UmEKuy2KN/Eb/mr41NJ
bMauCCfjnCbAzoW6dhHpbO45uQINBF2iTdYBEADTC8saHpJxpU7ZBuuNFD+WZFBK
I8F8ZZ4t79naVhGhCTvcqr5BCwlrpuaUc/og86AxUpVD5z92ClRZC2wJZOemmyAE
OlSu8JDkhwsNRey5QmPN9G0ZIBifP2/LrPSqRE+gJnouzhmFbajQVKHRCYul5B+a
vUS0HlUfu8p7dC0wMTv5jBWHN54XHK4Wnbm4Yea03Xv1HMQS/82MfLQgctheHqeg
J8dNhzmrk8GqpOCi4QfSHHUvLCUBxWO4hFVjXKL8BfJbhhBjyTnTj0zGc+Iw+Glh
am0+q2oFmhvLYrCxHvVIRE9iy96/+AyIACWOG8IOU2civ9Y/jY9SMmJEPQOmBfem
OVwovQxdDGKvTcrVjZzAk/BeEAgg0VoYKpe9ePxK/6n8J09jOpvD+DktbAB7+bww
2F3swdFqyTbLWL4bR4YuHLbqJQbsDm+58iAZWaL4ZOf+iABZqFKa3xhzrrbRHD00
Qxr+9+3EdXGGs+UDLs9rLzVN4ryP7WHyEMDAI7/OAGTdsJet0JIIWKP3ZvWuRMe/
AjcGQ/8+xzhN8w/kXdAvf4Vy6VVYTdJipg84CRz1KFQ5P/z92IMzPnbVFljydRX2
k89ueN1fTMFVlCUI9AyIJeJ6Cx198JHf3eIGBgIZVpAcZG0DyeDU+xCgRZOOH2ug
1bhjhmrQQMSkKtRn7QARAQABiQI8BBgBCgAmAhsMFiEE2811eEYGmzkuqUAdZle+
io0e6AcFAl+Jdg8FCQWpjzkACgkQZle+io0e6Afw7A//ekxnx2ugVtb9pFMh1Cpq
XZOtlIWc+PZ07DrtSXjCNnAzC5Cmj8nii7Eac1dqnDqBtXWpe3YI7cyrFnc9B8a6
2xLNKwSTuMTpoNdkr/X7bU6HE7dm0DHt3dtFYoW4vjQxMdj3sp3GLpQ3fDzXw5If
L1lCUKE4aopl6FQEcCjbh9qA8rRnHiKfgWSzh/B0c9BEh/ZwgBsN4FV+r0D7Y2zI
KCFxwJwCZCHtm6MslB7tmZg+gho8RkkiAjM0oXA7zZHMjyhuQWzhkaW3oWjHDjoh
h9DbLnVDzrMsULfdGz/1Plhz4bzkxpND6hmjn/EAxLGhpQoXd8FSvrghpetLM3MU
LG4M5REFVBt7U1uEBn8y91yuWx77ho9N1W+OdNOWOOlAlD+GZBGA7MNR65+W5Dzj
/z3PEs9TELfp8NVN0F2xy8S2/HwfNgeqAzGpBz4GsO9x8WMG2lw7MAW+gVU3POkZ
l0R9fkrTmw4iafodehKnbEsqdebUjPNBkX9SmjSsXDAODe/4u4/TP89nylk+70wB
nXIPL4WR9DA0Pb0ZmLLkGbaDYnmVV58kPyCwID4Yi6Xcj330FdAaVinevAvJBIaD
D9A94elI/PGTrmqcjgr7Kwb0e0kDlYfi/ijI4dV4MVrzybqFOCaMeKIPOfxs9FIv
BETmMh4Ocqj6rAQZs+ofBe6JAjYEGAEKACACGwwWIQTbzXV4RgabOS6pQB1mV76K
jR7oBwUCY1E8SAAKCRBmV76KjR7oBwM+D/0evufvIWftzdge63hol1k4LdZSiSD9
bh+h8fb/Mm+2HIS8RweHr1+CS8CW/Om9MJoW0ZDsCmC0vU44/vLL3JzbP4+BDuVF
dky1XX/9Z73Fn/LpakITyXd6YJMsknzAA4ZEzhe4uModNSH5IU818I+/Vyvbe1nX
Hfg2FYva4zVn9E5Gd4vpHBF7D99dGg0vUINtux06WKfdsDB59MiZxCSWfqty+yTM
XWwh5fuFIxwjlkKVdrb45101MnUtzJDmxwPxjOpF+z2tJ0qIvs6Zu6FDEh7fcaJM
mKAPtVXKRxTYaS6j7fpNk5ACFgiHDb+0mI60fH0eiQSqp9Q7cyYbt1yiW2bKY4Pg
qDOtcLT+uIYYVmxBHTLx38gT3Gp83O7WqNZ9ouctIXAXHWwTNsKzMhwgaEmmPbkP
7VO8oZZ9hVphirmijgNO1Oz7Qqh5ORYwsGdvYtbPXD4ZUSpqFT5bTMHS5TKPHf70
5alkwYuwYfLs4m2zYsKadQ+vq12ZX7Z6+DbjfzWAEhzqLP2Y8yGnFSBSmULsALnj
Zg3RN5sxJe3fhTze09Fm8OTopTLoDH5fR91VPhRLGHahvV1Sm/H4ZdtAXTPsHP20
phAc8mK2DgEM0k7vDO5RtV4xTLjBopiciXIBL+TzCKGmDRX2+9nTyF3Kx9qjN52H
EFFJ1mTed/J7VrkCDQRdok4KARAAyG97rjKhP8Uie1i/16SekDo+GkpodBmvhrZi
Zdwg75YxriHhgioe2AKKmQItOdZOY+mVqMA63FmByDlPodHmQnrIAn/gr7p5V3lM
+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBkL6P2cPPaTpcv76qWl/WcMiEflPNSAFax
yIapq04rafthcIILWmOBbQ+liMn9YT7a6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAc
eQQYAqIrlu8F5y1AQVWHjtyCPee1z/8lPNnPg40lSbXozg5kQDP965Pge6XReUoU
VVRcgeiSUfkHdYPIkh/tkFy1MtzTNizebuadqE41Ds6BD1maO5cpGc5iFnf+YY01
vWIhwvgPMbAsUKrPOw/RyvYSwOrnWeghpKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm
64rKyYS8RIilqTCmIHnpoSIq3n1wOlMVX4sB4N4CfAZRAbI9LZfx1QEYn0dst9+m
CDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1
MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BP
g6qZH7JeMnlOZXXOg8K5VcLkiGuL1brOHlg94Axha8ffMmqjsde6XOAgvSl5P9k4
7SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJf
iXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP+gJ01mSEs3+0jriWqg7V+Q59rulMVrUd
V2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOicz
GClK+yWSm/CM02+HATFws66umAl4GQ4XqAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCA
dn55u4pf+B1rmkA3cWhN51SvAriA/YcGqmyJZgXO+qZOPWNHxNUdgq9lVEO132dh
DzH1b9ufnvQMDxF2V681fQ7E3zWEJZZbYLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU1
61jSawblBTcIRXK9c4hv178xQWAInMjtHst4YCpvclG26ypZLCzvw6swfnXf3A6Q
4A8pZQVvogWZ01dlgofwHm8qlYxT7wSqeicOu3FkSHD8vNwkXnMLqxwkFr4BcSef
zCiXulyMcb3h67ZfXAYAFGrrR581vGEtXy+xfXK5PqBX7CWEl3Vs2an9whEncZuv
1I9iyXDUmGP7Y373JjqNtpS2GMMPA73knB7eI/zpVS5qoxUlqw35Pldvt+L4E3hv
rvE7iZE3w4lB9WUyY1OnSRDU10l2rqWtPtyk3LE2ed5hz5I+gy8/RsXrAooMBXIG
V/GJrhye45wf5F/XQqPulnj38sKhmrQCQTubPgJwG/kTpNdrA3YukE3E7T5ejaGT
T2n5nKat6bj7iQI2BBgBCgAgAhsgFiEE2811eEYGmzkuqUAdZle+io0e6AcFAmNR
PEgACgkQZle+io0e6AfQpg/+K0gD0WVyXYLOEM6jCvtz5/f9nDQnqj90ck9VfpuN
QG+cMSK/u3T4ya0k3UDWxEyRih0BzChOlmwnaupBwN7ZbYAzxM0sglwseSdAPpCE
s63RTnaAxpSWFocsUxtJngSoPnnmD1fVbWL3/j9j6jZkT4NB/l2ekDngMyRqt104
BmabaLdz44X1VDgg0tXyACkZ8c/8ISBOoPSFg2n9FuCmhI9Atu6hjCFQZOA/youA
fXzeUxU3iFw5UhyNP084jZ9AK2xwp+rB3JzvzMdiqO3OBFemuiU4/ZKQKFg5a/n4
UAZtO8V2DGe76o1N9uFUvQ41RSAXolPUOTXiZvP4GfiGIhJUXV96QaPHhKWybKlr
4MWG5PpwfuWnGoP8vXtLmz2TDRUfEBOQBzYRBRvXmzekq8nFQCM7dGofLLEchMRv
lYHab2fquGmXiY3LfzyQX+vS3FO9/m2POJcdXcQvSq4MXIzOEzXnJKw5HemfZ3ae
/AlTTfE4og/AYLwacECY6CZqUFOYtQeVx9hSXV97XnoKotde66D4RyFgzFbsIBM/
bA5qyvdpKb60hqjpj/rhXjlnhH8KwAwOlaPVgI1cgnW8uJTElJEtqHPhuRkU6y9f
au4EZ+tsmaxJ0whuziG1/3LJ62AIM9ZpixDEj4GQYaRdkFrx/1IKiUOlw5GQC3y2
zxs=
=MmP2
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -2,7 +2,7 @@
# tinc generate-keys # tinc generate-keys
# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
with import <stockholm/lib>; with import ../../lib;
{ config, ... }: let { config, ... }: let
hostDefaults = hostName: host: foldl' recursiveUpdate {} [ hostDefaults = hostName: host: foldl' recursiveUpdate {} [

Some files were not shown because too many files have changed in this diff Show More