diff --git a/.rsync-filter b/.rsync-filter index d7657cd00..364a79864 100644 --- a/.rsync-filter +++ b/.rsync-filter @@ -1,2 +1,3 @@ - /.git - /.graveyard +P /.version-suffix diff --git a/krebs/1systems/hope/config.nix b/krebs/1systems/hope/config.nix new file mode 100644 index 000000000..c19b210c5 --- /dev/null +++ b/krebs/1systems/hope/config.nix @@ -0,0 +1,41 @@ +with import ; +{ config, pkgs, ... }: let + + ip = config.krebs.build.host.nets.internet.ip4.addr; + bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1"; + +in { + imports = [ + + + + + + { + users.extraUsers = { + satan = { + name = "satan"; + uid = 1338; + home = "/home/satan"; + group = "users"; + createHome = true; + useDefaultShell = true; + initialPassword = "test"; + }; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.hope; + + networking = let + address = config.krebs.build.host.nets.internet.ip4.addr; + in { + defaultGateway = bestGuessGateway address; + interfaces.enp2s1.ip4 = singleton { + inherit address; + prefixLength = 24; + }; + nameservers = ["8.8.8.8"]; + }; +} diff --git a/krebs/1systems/hope/source.nix b/krebs/1systems/hope/source.nix new file mode 100644 index 000000000..7121d1d9d --- /dev/null +++ b/krebs/1systems/hope/source.nix @@ -0,0 +1,3 @@ +import { + name = "hope"; +} diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index d4a4941ca..31cc024af 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -11,6 +11,9 @@ + + + ]; krebs.build.host = config.krebs.hosts.puyak; diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index acd806d6e..8a647012f 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -1,3 +1,4 @@ +with import ; { lib, config, pkgs, ... }: { imports = [ @@ -7,10 +8,6 @@ networking.firewall.allowedTCPPorts = [ 80 8010 9989 ]; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; - krebs.ci.users.krebs.all = true; - krebs.ci.users.lass.all = true; - krebs.ci.users.makefu.all = true; - krebs.ci.users.nin.all = true; - krebs.ci.users.tv.all = true; + krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts); } diff --git a/krebs/2configs/buildbot-krebs.nix b/krebs/2configs/buildbot-krebs.nix index 40ca3c66d..a09b3b98b 100644 --- a/krebs/2configs/buildbot-krebs.nix +++ b/krebs/2configs/buildbot-krebs.nix @@ -1,3 +1,4 @@ +with import ; { lib, config, pkgs, ... }: { imports = [ @@ -7,7 +8,5 @@ networking.firewall.allowedTCPPorts = [ 80 8010 9989 ]; krebs.ci.enable = true; krebs.ci.treeStableTimer = 120; - krebs.ci.users.krebs.hosts = [ - config.networking.hostName - ]; + krebs.ci.hosts = [ config.krebs.build.host ]; } diff --git a/lass/2configs/go.nix b/krebs/2configs/go.nix similarity index 100% rename from lass/2configs/go.nix rename to krebs/2configs/go.nix diff --git a/lass/2configs/ircd.nix b/krebs/2configs/ircd.nix similarity index 93% rename from lass/2configs/ircd.nix rename to krebs/2configs/ircd.nix index b72e2b087..116337733 100644 --- a/lass/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -1,8 +1,8 @@ { config, pkgs, ... }: { - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 6667"; target = "ACCEPT"; } + networking.firewall.allowedTCPPorts = [ + 6667 6669 ]; services.charybdis = { @@ -13,7 +13,6 @@ sid = "1as"; description = "miep!"; network_name = "irc.retiolum"; - network_desc = "Retiolum IRC Network"; hub = yes; vhost = "0.0.0.0"; diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix new file mode 100644 index 000000000..d9176c328 --- /dev/null +++ b/krebs/2configs/news.nix @@ -0,0 +1,176 @@ +{ config, pkgs, ... }: + +let +in { + environment.systemPackages = [ + pkgs.newsbot-js + ]; + krebs.newsbot-js = { + enable = true; + ircServer = "localhost"; + urlShortenerHost = "go"; + urlShortenerPort = "80"; + feeds = pkgs.writeText "feeds" '' + aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news + allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#news + antirez|http://antirez.com/rss|#news + arbor|http://feeds2.feedburner.com/asert/|#news + archlinux|http://www.archlinux.org/feeds/news/|#news + ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news + augustl|http://augustl.com/atom.xml|#news + bbc|http://feeds.bbci.co.uk/news/rss.xml|#news + bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#news + bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag + bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag + bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news + bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial + cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news + carta|http://feeds2.feedburner.com/carta-standard-rss|#news + catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#news + cbc_busi|http://rss.cbc.ca/lineup/business.xml|#news + cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#news + cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#news + cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#news + cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#news + ccc|http://www.ccc.de/rss/updates.rdf|#news + chan_b|https://boards.4chan.org/b/index.rss|#brainfuck + chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck + chan_g|https://boards.4chan.org/g/index.rss|#news + chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck + chan_sci|https://boards.4chan.org/sci/index.rss|#news + chan_x|https://boards.4chan.org/x/index.rss|#news + c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news + cryptogon|http://www.cryptogon.com/?feed=rss2|#news + csm|http://rss.csmonitor.com/feeds/csm|#news + csm_world|http://rss.csmonitor.com/feeds/world|#news + danisch|http://www.danisch.de/blog/feed/|#news + dod|http://www.defense.gov/news/afps2.xml|#news + dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news + ecat|http://ecat.com/feed|#news + eia_press|http://www.eia.gov/rss/press_rss.xml|#news + eia_today|http://www.eia.gov/rss/todayinenergy.xml|#news + embargowatch|https://embargowatch.wordpress.com/feed/|#news + ethereum-comments|http://blog.ethereum.org/comments/feed|#news + ethereum|http://blog.ethereum.org/feed|#news + europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#news + eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#news + exploitdb|http://www.exploit-db.com/rss.xml|#news + fars|http://www.farsnews.com/rss.php|#news #test + faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news + faz_politik|http://www.faz.net/rss/aktuell/politik/|#news + faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news + fbi|https://www.fbi.gov/news/rss.xml|#news + fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news + fefe|http://blog.fefe.de/rss.xml|#news + forbes|http://www.forbes.com/forbes/feed2/|#news + forbes_realtime|http://www.forbes.com/real-time/feed2/|#news + fox|http://feeds.foxnews.com/foxnews/latest|#news + geheimorganisation|http://geheimorganisation.org/feed/|#news + GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news + gmanet|http://www.gmanetwork.com/news/rss/news|#news + golem|https://rss.golem.de/rss.php|#news + google|http://news.google.com/?output=rss|#news + greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news + guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news + gulli|http://ticker.gulli.com/rss/|#news + hackernews|https://news.ycombinator.com/rss|#news + handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial + heise|https://www.heise.de/newsticker/heise-atom.xml|#news + hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial + hindu|http://www.thehindu.com/?service=rss|#news + ign|http://feeds.ign.com/ign/all|#news + independent|http://www.independent.com/rss/headlines/|#news + indymedia|https://de.indymedia.org/rss.xml|#news + info_libera|http://www.informationliberation.com/rss.xml|#news + klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#news + korea_herald|http://www.koreaherald.com/rss_xml.php|#news + linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#news + lisp|http://planet.lisp.org/rss20.xml|#news + liveleak|http://www.liveleak.com/rss|#news + lolmythesis|http://lolmythesis.com/rss|#news + LtU|http://lambda-the-ultimate.org/rss.xml|#news + lukepalmer|http://lukepalmer.wordpress.com/feed/|#news + mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#news + mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news + nds|http://www.nachdenkseiten.de/?feed=atom|#news + netzpolitik|https://netzpolitik.org/feed/|#news + newsbtc|http://newsbtc.com/feed/|#news #financial + nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#news + npr_busi|http://www.npr.org/rss/rss.php?id=1006|#news + npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news + npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news + npr_world|http://www.npr.org/rss/rss.php?id=1004|#news + nsa|https://www.nsa.gov/rss.xml|#news #bullerei + nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news + painload|https://github.com/krebscode/painload/commits/master.atom|#news + phys|http://phys.org/rss-feed/|#news + piraten|https://www.piratenpartei.de/feed/|#news + polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#news #bullerei + presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#news #bullerei + presseportal|http://www.presseportal.de/rss/presseportal.rss2|#news + prisonplanet|http://prisonplanet.com/feed.rss|#news + rawstory|http://www.rawstory.com/rs/feed/|#news + reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck + reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news + reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#news #financial + reddit_consp|http://reddit.com/r/conspiracy/.rss|#news + reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news + reddit_nix|http://www.reddit.com/r/nixos/.rss|#news + reddit_prog|http://www.reddit.com/r/programming/new/.rss|#news + reddit_sci|http://www.reddit.com/r/science/.rss|#news + reddit_tech|http://www.reddit.com/r/technology/.rss|#news + reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#news #tpp + reddit_world|http://www.reddit.com/r/worldnews/.rss|#news + r-ethereum|http://www.reddit.com/r/ethereum/.rss|#news + reuters|http://feeds.reuters.com/Reuters/worldNews|#news + reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#news + rt|http://rt.com/rss/news/|#news + schallurauch|http://feeds.feedburner.com/SchallUndRauch|#news + sciencemag|http://news.sciencemag.org/rss/current.xml|#news + scmp|http://www.scmp.com/rss/91/feed|#news + sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news + shackspace|http://blog.shackspace.de/?feed=rss2|#news + shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news + sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#news + sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#news + sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#news + sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#news + sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#news + slashdot|http://rss.slashdot.org/Slashdot/slashdot|#news + slate|http://feeds.slate.com/slate|#news + spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news + spiegelfechter|http://feeds.feedburner.com/DerSpiegelfechter?format=xml|#news + spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#news + standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#news + stern|http://www.stern.de/feed/standard/all/|#news + stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news + sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news + sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news #financial + sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#news + tagesschau|http://www.tagesschau.de/newsticker.rdf|#news + taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news + telegraph|http://www.telegraph.co.uk/rss.xml|#news + telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news + the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news + tigsource|http://www.tigsource.com/feed/|#news + tinc|http://tinc-vpn.org/news/index.rss|#news + topix_b|http://www.topix.com/rss/wire/de/berlin|#news + torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news + torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news + torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news + travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news + un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news + un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news + un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news + un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#news + un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#news + un_top|http://www.un.org/apps/news/rss/rss_top.asp|#news + us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#news + vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news + weechat|http://dev.weechat.org/feed/atom|#news + wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news + xkcd|https://xkcd.com/rss.xml|#news + zdnet|http://www.zdnet.com/news/rss.xml|#news + ''; + }; +} diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index b55827e3a..dab87792e 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -17,30 +17,12 @@ in default = 10; description = "how long to wait until we test changes (in minutes)"; }; - users = mkOption { - type = with types; attrsOf (submodule { - options = { - all = mkOption { - type = bool; - default = false; - }; - hosts = mkOption { - type = listOf str; - default = []; - }; - }; - }); - example = { - lass.all = true; - krebs = { - all = true; - hosts = [ - "test-all-krebs-modules" - "test-arch" - ]; - }; - }; - default = {}; + hosts = mkOption { + type = types.listOf types.host; + default = []; + description = '' + List of hosts that should be build + ''; }; }; @@ -132,23 +114,9 @@ in timeout=90001 ) - ${let - user-hosts = mapAttrs (user: a: let - managed-hosts = attrNames (filterAttrs (_: h: (h.owner.name == user) && h.managed) config.krebs.hosts); - defined-hosts = a.hosts; - in - defined-hosts ++ (optionals a.all managed-hosts) - ) cfg.users; - - in - concatStringsSep "\n" ( - (mapAttrsToList (user: hosts: - concatMapStringsSep "\n" (host: - "build_host(\"${user}\", \"${host}\")" - ) hosts - ) user-hosts) - ) - } + ${concatMapStringsSep "\n" (host: + "build_host(\"${host.owner.name}\", \"${host.name}\")" + ) cfg.hosts} bu.append( util.BuilderConfig( diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 27fbb7088..2fe3e5115 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -30,15 +30,48 @@ let }); in { hosts = { - hotdog = { + hope = { + ci = true; + owner = config.krebs.users.krebs; + nets = { + internet = { + ip4.addr = "45.62.225.18"; + aliases = [ + "hope.i" + ]; + ssh.port = 45621; + }; + retiolum = { + ip4.addr = "10.243.77.4"; + ip6.addr = "42:0:0:0:0:0:77:4"; + aliases = [ + "hope.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5 + uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a + 2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4 + A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK + fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC + K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/"; + }; + hotdog = { + ci = true; owner = config.krebs.users.krebs; - managed = true; nets = { retiolum = { ip4.addr = "10.243.77.3"; ip6.addr = "42:0:0:0:0:0:77:3"; aliases = [ "hotdog.r" + "build.r" "build.hotdog.r" "cgit.hotdog.r" ]; @@ -58,8 +91,8 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp"; }; puyak = { + ci = true; owner = config.krebs.users.krebs; - managed = true; nets = { retiolum = { ip4.addr = "10.243.77.2"; @@ -68,6 +101,7 @@ in { "puyak.r" "build.puyak.r" "cgit.puyak.r" + "go.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -85,8 +119,8 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY"; }; wolf = { + ci = true; owner = config.krebs.users.krebs; - managed = true; nets = { shack = { ip4.addr = "10.42.2.150" ; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 4e50ef577..257268af2 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -5,7 +5,7 @@ with import ; { hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; - managed = true; + ci = true; }) { dishfire = { cores = 4; @@ -43,7 +43,7 @@ with import ; cores = 2; nets = rec { internet = { - ip4.addr = "104.233.79.118"; + ip4.addr = "45.62.226.163"; aliases = [ "echelon.i" ]; @@ -56,7 +56,6 @@ with import ; aliases = [ "echelon.r" "cgit.echelon.r" - "go.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -117,6 +116,8 @@ with import ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; domsen-nas = { + ci = false; + external = true; nets = rec { internet = { aliases = [ @@ -126,40 +127,6 @@ with import ; ssh.port = 2223; }; }; - managed = false; - }; - cloudkrebs = { - cores = 1; - nets = rec { - internet = { - ip4.addr = "104.167.113.104"; - aliases = [ - "cloudkrebs.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.206.102"; - ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f762"; - aliases = [ - "cloudkrebs.r" - "cgit.cloudkrebs.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA - OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF - QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v - 3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC - sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO - TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7oYx7Lbkc0wPYNp92LQF93DCtxsGzOkVD91FJQzVZl"; }; uriel = { cores = 1; @@ -328,10 +295,12 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; }; iso = { + ci = false; cores = 1; - managed = false; }; sokrateslaptop = { + ci = false; + external = true; nets = { retiolum = { ip4.addr = "10.243.142.104"; @@ -351,7 +320,6 @@ with import ; ''; }; }; - managed = false; }; }; users = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 21ea7e23c..6e0e876b8 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -5,8 +5,8 @@ with import ; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { drop = rec { + ci = true; cores = 1; - managed = true; nets = { retiolum = { ip4.addr = "10.243.177.9"; @@ -28,8 +28,8 @@ with import ; }; }; studio = rec { + ci = true; cores = 4; - managed = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; nets = { @@ -54,8 +54,8 @@ with import ; }; fileleech = rec { + ci = true; cores = 4; - managed = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; nets = { @@ -80,8 +80,8 @@ with import ; }; pnp = { + ci = true; cores = 1; - managed = true; nets = { retiolum = { ip4.addr = "10.243.0.210"; @@ -104,8 +104,8 @@ with import ; }; }; darth = { + ci = true; cores = 4; - managed = true; nets = { retiolum = { ip4.addr = "10.243.0.84"; @@ -176,7 +176,7 @@ with import ; }; }; tsp = { - managed = true; + ci = true; cores = 1; nets = { retiolum = { @@ -204,7 +204,7 @@ with import ; }; }; x = { - managed = true; + ci = true; cores = 4; nets = { retiolum = { @@ -249,8 +249,8 @@ with import ; }; vbob = { + ci = true; cores = 2; - managed = true; nets = { retiolum = { ip4.addr = "10.243.1.91"; @@ -312,8 +312,8 @@ with import ; }; }; wry = rec { + ci = true; cores = 1; - managed = true; extraZones = { "krebsco.de" = '' wry IN A ${nets.internet.ip4.addr} @@ -357,8 +357,8 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry"; }; filepimp = rec { + ci = true; cores = 1; - managed = true; nets = { lan = { ip4.addr = "192.168.1.12"; @@ -387,8 +387,8 @@ with import ; }; omo = rec { + ci = true; cores = 2; - managed = true; nets = { lan = { @@ -421,8 +421,8 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH"; }; wbob = rec { + ci = true; cores = 4; - managed = true; nets = { siem = { ip4.addr = "10.8.10.7"; @@ -463,8 +463,8 @@ with import ; }; gum = rec { + ci = true; cores = 2; - managed = true; extraZones = { "krebsco.de" = '' @@ -526,8 +526,8 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; shoney = rec { + ci = true; cores = 1; - managed = true; nets = rec { siem = { via = internet; @@ -575,8 +575,8 @@ with import ; }; }; sdev = rec { + ci = true; cores = 1; - managed = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev"; nets = { diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix index 7876ab79e..c8d138a44 100644 --- a/krebs/3modules/mv/default.nix +++ b/krebs/3modules/mv/default.nix @@ -5,6 +5,7 @@ with import ; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) { stro = { + ci = true; cores = 4; nets = { retiolum = { diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 81db2d411..79fa27bad 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -8,8 +8,8 @@ with import ; }; hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) { alnus = { + ci = true; cores = 2; - managed = true; nets = { retiolum = { ip4.addr = "10.243.21.1"; @@ -33,6 +33,7 @@ with import ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; cd = { + ci = true; cores = 2; extraZones = { # TODO generate krebsco.de zone from nets and don't use extraZones at all @@ -40,7 +41,6 @@ with import ; cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} ''; }; - managed = true; nets = { internet = { ip4.addr = "45.62.237.203"; @@ -79,6 +79,7 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6"; }; ju = { + external = true; nets = { gg23 = { ip4.addr = "10.23.1.144"; @@ -112,15 +113,8 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM6dL0fQ8Bd0hER0Xa3I2pAWVHdnwOBaAZhbDlLJmUu"; }; kaepsele = { + external = true; nets = { - internet = { - ip4.addr = "92.222.10.169"; - aliases = [ - "kaepsele.i" - "kaepsele.internet" - # TODO "kaepsele.org" - ]; - }; retiolum = { ip4.addr = "10.243.166.2"; ip6.addr = "42:b9d:6660:d07c:2bb7:4e91:1a01:2e7d"; @@ -129,21 +123,22 @@ with import ; ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/ - Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo - rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y - y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu - yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5 - FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB + MIIBCgKCAQEA4+kDaKhCBNlpHqRCA2R6c4UEFk0OaiPwHvjmBBjpihTJVyffIEYm + QFZ5ZNkaVumSOAgKk9ygppO9WsNasl1ag+IRWik9oupdzEkNjgvOMBVJGhcwGZGF + 6UEY5sdA1n0qg74og5BGSiXUBiaahVM0rAfCNk8gV3qrot5kWJMQLb9BKabJ56eb + JrgWepxuVaw3BoEhz6uusuvw5i1IF382L8R11hlvyefifXONFOAUjCrCr0bCb4uK + ZZcRUU35pbHLDXXTOrOarOO1tuVGu85VXo3S1sLaaouHYjhTVT8bxqbwcNhxBXYf + ONLv0f7G5XwecgUNbE6ZTfjV5PQKaww3lwIDAQAB -----END RSA PUBLIC KEY----- ''; }; }; - ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF"; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wr36T0MmB8pnSO5/pw9/Dfe5+IMgVHOhm6EUa55jj"; }; mu = { + ci = true; cores = 2; - managed = true; nets = { retiolum = { ip4.addr = "10.243.20.1"; @@ -212,8 +207,8 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb"; }; nomic = { + ci = true; cores = 2; - managed = true; nets = { gg23 = { ip4.addr = "10.23.1.110"; @@ -244,6 +239,7 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic"; }; ok = { + external = true; nets = { gg23 = { ip4.addr = "10.23.1.1"; @@ -252,6 +248,7 @@ with import ; }; }; schnabeldrucker = { + external = true; nets = { gg23 = { ip4.addr = "10.23.1.21"; @@ -260,6 +257,7 @@ with import ; }; }; schnabelscanner = { + external = true; nets = { gg23 = { ip4.addr = "10.23.1.22"; @@ -268,8 +266,8 @@ with import ; }; }; wu = { + ci = true; cores = 4; - managed = true; nets = { gg23 = { ip4.addr = "10.23.1.37"; @@ -306,8 +304,8 @@ with import ; binary-cache = { pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s="; }; + ci = true; cores = 4; - managed = true; nets = { gg23 = { ip4.addr = "10.23.1.38"; @@ -342,8 +340,8 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; zu = { + ci = true; cores = 4; - managed = true; nets = { gg23 = { ip4.addr = "10.23.1.39"; diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index e85e41cfe..c611d7471 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -128,4 +128,24 @@ rec { ''; }); + wiki-todo-add = buildSimpleReaktorPlugin "wiki-todo-add" { + pattern = "^wiki-todo: (?P.*)$$"; + script = pkgs.writeDash "wiki-todo-add" '' + echo "$*" >> wiki-todo + echo "added todo. check on http://lassul.us/wiki-todo" + ''; + }; + wiki-todo-done = buildSimpleReaktorPlugin "wiki-todo-done" { + pattern = "^wiki-done: (?P.*)$$"; + script = pkgs.writeDash "wiki-todo-done" '' + ${pkgs.gnugrep}/bin/grep -Fvxe "$*" wiki-todo > wiki-todo.tmp + ${pkgs.coreutils}/bin/mv wiki-todo.tmp wiki-todo + echo "thank you for resolving todo: $*" + ''; + }; + wiki-todo-show = buildSimpleReaktorPlugin "wiki-todo" { + script = pkgs.writeDash "wiki-todo-add" '' + ${pkgs.coreutils}/bin/cat wiki-todo + ''; + }; } diff --git a/krebs/5pkgs/simple/dic/default.nix b/krebs/5pkgs/simple/dic/default.nix index ffd1092f7..6533a1b9b 100644 --- a/krebs/5pkgs/simple/dic/default.nix +++ b/krebs/5pkgs/simple/dic/default.nix @@ -1,12 +1,12 @@ -{ stdenv, fetchgit, coreutils, curl, gnused, gnugrep, ... }: +{ coreutils, curl, fetchgit, gnugrep, gnused, stdenv, utillinux }: stdenv.mkDerivation { name = "dic"; src = fetchgit { url = http://cgit.ni.krebsco.de/dic; - rev = "refs/tags/v1.0.2"; - sha256 = "133x2z3dr5synckdvgnyc9fa7jdca43vj0973v148i13x4dqgr36"; + rev = "refs/tags/v1.1.0"; + sha256 = "1xzn20b9kfz96nvjli8grpi11v80jbl0dmifksmirwcj5v81ndav"; }; phases = [ @@ -21,6 +21,7 @@ stdenv.mkDerivation { curl gnused gnugrep + utillinux ]; in '' diff --git a/krebs/5pkgs/simple/populate/default.nix b/krebs/5pkgs/simple/populate/default.nix index 48afee037..1ed268cf0 100644 --- a/krebs/5pkgs/simple/populate/default.nix +++ b/krebs/5pkgs/simple/populate/default.nix @@ -13,12 +13,12 @@ in stdenv.mkDerivation rec { name = "populate"; - version = "1.2.2"; + version = "1.2.3"; src = fetchgit { url = http://cgit.ni.krebsco.de/populate; rev = "refs/tags/v${version}"; - sha256 = "041rpyhss6kby3jm14k7lhvagmg7hwvwxli06b00p76s110is40w"; + sha256 = "14p9v28d5vcr5384qgycmgjh1angi2zx7qvi51651i7nd9qkjzmi"; }; phases = [ diff --git a/krebs/source.nix b/krebs/source.nix index db30e1e35..085f3c0d3 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "0590ecbe9e6b9a076065be29370701da758c61f1"; # nixos-17.03 @ 2017-07-30 + ref = "56da88a298a6f549701a10bb12072804a1ebfbd5"; # nixos-17.03 @ 2017-09-03 }; } diff --git a/lass/1systems/cloudkrebs/config.nix b/lass/1systems/cloudkrebs/config.nix deleted file mode 100644 index aa9a1f1ab..000000000 --- a/lass/1systems/cloudkrebs/config.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import { inherit pkgs lib; }) getDefaultGateway; - ip = config.krebs.build.host.nets.internet.ip4.addr; -in { - imports = [ - - - - - - - - { - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = getDefaultGateway ip; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.cloudkrebs; -} diff --git a/lass/1systems/cloudkrebs/source.nix b/lass/1systems/cloudkrebs/source.nix deleted file mode 100644 index 99e71e755..000000000 --- a/lass/1systems/cloudkrebs/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "cloudkrebs"; -} diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 290d8a780..e1bce5da8 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -1,23 +1,86 @@ +with import ; { config, pkgs, ... }: { imports = [ - + - - - - - - - - + { + # bubsy config + users.users.bubsy = { + uid = genid "bubsy"; + home = "/home/bubsy"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + }; + networking.networkmanager.enable = true; + networking.wireless.enable = mkForce false; + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + environment.systemPackages = with pkgs; [ + pavucontrol + firefox + hexchat + networkmanagerapplet + libreoffice + ]; + services.xserver.enable = true; + services.xserver.displayManager.lightdm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.layout = "de"; + } + { + krebs.per-user.bitcoin.packages = [ + pkgs.electrum + ]; + users.extraUsers = { + bitcoin = { + name = "bitcoin"; + description = "user for bitcoin stuff"; + home = "/home/bitcoin"; + useDefaultShell = true; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + bubsy ALL=(bitcoin) NOPASSWD: ALL + ''; + } + { + #remote control + environment.systemPackages = with pkgs; [ + x11vnc + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } + ]; + } ]; + time.timeZone = "Europe/Berlin"; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + krebs.build.host = config.krebs.hosts.daedalus; fileSystems = { @@ -29,7 +92,7 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; } diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix index 77958267d..6f96883bf 100644 --- a/lass/1systems/echelon/config.nix +++ b/lass/1systems/echelon/config.nix @@ -9,12 +9,8 @@ in { - - - - { networking.interfaces.enp2s1.ip4 = [ { diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 0b048a2b1..be064bed2 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -37,6 +37,7 @@ with import ; }; }; boot.kernelParams = [ "copytoram" ]; + networking.hostName = "lass-iso"; } { krebs.enable = true; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 2cb6a7519..4d2f8b0f8 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -5,7 +5,7 @@ with import ; imports = [ - + @@ -24,30 +24,17 @@ with import ; - + + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } ]; } - { - services.elasticsearch = { - enable = true; - }; - } - { - #zalando project - services.postgresql = { - enable = true; - package = pkgs.postgresql; - }; - virtualisation.docker.enable = true; - #users.users.mainUser.extraGroups = [ "docker" ]; - } { lass.umts = { enable = true; @@ -91,6 +78,9 @@ with import ; client.enable = true; }; } + { + services.mongodb.enable = true; + } ]; krebs.build.host = config.krebs.hosts.mors; @@ -104,8 +94,8 @@ with import ; }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0" ''; #TODO activationScripts seem broken, fix them! @@ -139,7 +129,6 @@ with import ; urban mk_sql_pair remmina - thunderbird iodine diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 5d05ae399..b3f547452 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -39,9 +39,10 @@ in { - + + { lass.pyload.enable = true; } @@ -244,10 +245,6 @@ in { OnUnitInactiveSec = "2min"; RandomizedDelaySec = "2min"; }; - krebs.repo-sync.repos.nixpkgs.timerConfig = { - OnBootSec = "90min"; - OnUnitInactiveSec = "24h"; - }; } { lass.usershadow = { @@ -298,6 +295,22 @@ in { localAddress = "10.233.2.2"; }; } + { + #kaepsele + containers.kaepsele = { + config = { ... }: { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + tv.pubkey + ]; + }; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.3"; + localAddress = "10.233.2.4"; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index b6d49d6e4..ef015aebc 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -41,7 +41,11 @@ with import ; "/boot" = { device = "/dev/sda1"; }; - + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; "/tmp" = { device = "tmpfs"; fsType = "tmpfs"; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index a48df02b9..0b9499982 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -42,7 +42,11 @@ with import ; } ]; - krebs.build.host = config.krebs.hosts.daedalus; + krebs.build.host = config.krebs.hosts.skynet; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; #fileSystems = { # "/bku" = { diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 86d0ac7c1..3a99e65a0 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -48,6 +48,7 @@ in { acpi dic dmenu + gi gitAndTools.qgit lm_sensors haskellPackages.hledger diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 22a7b1c19..e96f4dc7e 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -200,6 +200,7 @@ with import ; filter.INPUT.policy = "DROP"; filter.FORWARD.policy = "DROP"; filter.INPUT.rules = [ + { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 728e265f6..a70d58828 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -40,6 +40,8 @@ with import ; { from = "patreon@lassul.us"; to = lass.mail; } { from = "steam@lassul.us"; to = lass.mail; } { from = "securityfocus@lassul.us"; to = lass.mail; } + { from = "radio@lassul.us"; to = lass.mail; } + { from = "btce@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index d3f5d1f39..61a352bde 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -34,6 +34,10 @@ let cgit.desc = "take a rss feed and a timeout and print it to stdout"; cgit.section = "software"; }; + nixpkgs = { + cgit.desc = "nixpkgs fork"; + cgit.section = "configuration"; + }; stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; cgit.section = "configuration"; @@ -80,7 +84,7 @@ let public = true; }; - make-restricted-repo = name: { collaborators ? [], announce ? false, ... }: { + make-restricted-repo = name: { collaborators ? [], announce ? false, hooks ? {}, ... }: { inherit collaborators name; public = false; hooks = optionalAttrs announce { @@ -93,7 +97,7 @@ let # TODO define branches in some kind of option per repo branches = [ "master" "staging*" ]; }; - }; + } // hooks; }; make-rules = diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index ee0c3f938..7a9881186 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -72,17 +72,19 @@ let ''} %r |" virtual-mailboxes \ + "Unread" "notmuch://?query=tag:unread"\ "INBOX" "notmuch://?query=tag:inbox \ and NOT tag:killed \ and NOT to:shackspace \ and NOT to:c-base \ and NOT from:security-alert@hpe.com \ - and NOT to:nix-devel"\ - "Unread" "notmuch://?query=tag:unread"\ + and NOT to:nix-devel\ + and NOT to:radio"\ "shack" "notmuch://?query=to:shackspace"\ "c-base" "notmuch://?query=to:c-base"\ "security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\ "nix" "notmuch://?query=to:nix-devel"\ + "radio" "notmuch://?query=to:radio or tag:radio"\ "TODO" "notmuch://?query=tag:TODO"\ "Starred" "notmuch://?query=tag:*"\ "Archive" "notmuch://?query=tag:archive"\ @@ -126,7 +128,7 @@ let bind index t noop bind pager t noop - macro index t "+TODO\n" # tag as Archived + macro index t "" # tag as Archived # top index bar in email view set pager_index_lines=7 diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 04fd9213e..b3de42c7b 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -2,40 +2,16 @@ let - scripts = lib.concatStringsSep "," [ - good - delete - ]; - mpv = pkgs.symlinkJoin { name = "mpv"; paths = [ (pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv --no-config --script=${scripts} "$@" + exec ${pkgs.mpv}/bin/mpv --no-config "$@" '') pkgs.mpv ]; }; - moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" '' - tmp_dir = "${dir}" - - function move_current_track_${key}() - track = mp.get_property("path") - os.execute("mkdir -p '" .. tmp_dir .. "'") - os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'") - print("moved '" .. track .. "' to " .. tmp_dir) - end - - mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key}) - ''; - - good = moveToDir "G" "./.good"; - delete = moveToDir "D" "./.graveyard"; - - up = moveToDir "U" "./up"; - down = moveToDir "Y" "./down"; - in { environment.systemPackages = [ mpv diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix deleted file mode 100644 index 070795d14..000000000 --- a/lass/2configs/newsbot-js.nix +++ /dev/null @@ -1,184 +0,0 @@ -{ config, pkgs, ... }: - -let - newsfile = pkgs.writeText "feeds" '' - aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news - allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#news - antirez|http://antirez.com/rss|#news - arbor|http://feeds2.feedburner.com/asert/|#news - archlinux|http://www.archlinux.org/feeds/news/|#news - ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news - augustl|http://augustl.com/atom.xml|#news - bbc|http://feeds.bbci.co.uk/news/rss.xml|#news - bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#news - bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag - bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag - bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news - bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial - c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news - cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news - carta|http://feeds2.feedburner.com/carta-standard-rss|#news - catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#news - cbc_busi|http://rss.cbc.ca/lineup/business.xml|#news - cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#news - cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#news - cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#news - cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#news - ccc|http://www.ccc.de/rss/updates.rdf|#news - chan_b|https://boards.4chan.org/b/index.rss|#brainfuck - chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck - chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck - coinspotting|http://coinspotting.com/rss|#news #financial - cryptocoinsnews|http://www.cryptocoinsnews.com/feed/|#news #financial - cryptogon|http://www.cryptogon.com/?feed=rss2|#news - csm|http://rss.csmonitor.com/feeds/csm|#news - csm_world|http://rss.csmonitor.com/feeds/world|#news - danisch|http://www.danisch.de/blog/feed/|#news - dod|http://www.defense.gov/news/afps2.xml|#news - dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news - ecat|http://ecat.com/feed|#news - eia_press|http://www.eia.gov/rss/press_rss.xml|#news - eia_today|http://www.eia.gov/rss/todayinenergy.xml|#news - embargowatch|https://embargowatch.wordpress.com/feed/|#news - ethereum-comments|http://blog.ethereum.org/comments/feed|#news - ethereum|http://blog.ethereum.org/feed|#news - europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#news - eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#news - exploitdb|http://www.exploit-db.com/rss.xml|#news - fars|http://www.farsnews.com/rss.php|#news #test - faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news - faz_politik|http://www.faz.net/rss/aktuell/politik/|#news - faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news - fbi|https://www.fbi.gov/news/rss.xml|#news - fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news - fefe|http://blog.fefe.de/rss.xml|#news - forbes|http://www.forbes.com/forbes/feed2/|#news - forbes_realtime|http://www.forbes.com/real-time/feed2/|#news - fox|http://feeds.foxnews.com/foxnews/latest|#news - geheimorganisation|http://geheimorganisation.org/feed/|#news - GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news - gmanet|http://www.gmanetwork.com/news/rss/news|#news - golem|https://rss.golem.de/rss.php|#news - google|http://news.google.com/?output=rss|#news - greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news - guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news - gulli|http://ticker.gulli.com/rss/|#news - handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial - heise|https://www.heise.de/newsticker/heise-atom.xml|#news - hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial - hindu|http://www.thehindu.com/?service=rss|#news - ign|http://feeds.ign.com/ign/all|#news - independent|http://www.independent.com/rss/headlines/|#news - indymedia|https://de.indymedia.org/rss.xml|#news - info_libera|http://www.informationliberation.com/rss.xml|#news - klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#news - korea_herald|http://www.koreaherald.com/rss_xml.php|#news - linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#news - lisp|http://planet.lisp.org/rss20.xml|#news - liveleak|http://www.liveleak.com/rss|#news - lolmythesis|http://lolmythesis.com/rss|#news - LtU|http://lambda-the-ultimate.org/rss.xml|#news - lukepalmer|http://lukepalmer.wordpress.com/feed/|#news - mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#news - mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news - nds|http://www.nachdenkseiten.de/?feed=atom|#news - netzpolitik|https://netzpolitik.org/feed/|#news - newsbtc|http://newsbtc.com/feed/|#news #financial - nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#news - npr_busi|http://www.npr.org/rss/rss.php?id=1006|#news - npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news - npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news - npr_world|http://www.npr.org/rss/rss.php?id=1004|#news - nsa|https://www.nsa.gov/rss.xml|#news #bullerei - nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news - painload|https://github.com/krebscode/painload/commits/master.atom|#news - phys|http://phys.org/rss-feed/|#news - piraten|https://www.piratenpartei.de/feed/|#news - polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#news #bullerei - presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#news #bullerei - presseportal|http://www.presseportal.de/rss/presseportal.rss2|#news - prisonplanet|http://prisonplanet.com/feed.rss|#news - proofmarket|https://proofmarket.org/feed_problem|#news - rawstory|http://www.rawstory.com/rs/feed/|#news - reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck - reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news - reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#news #financial - reddit_prog|http://www.reddit.com/r/programming/new/.rss|#news - reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#news #tpp - reddit_world|http://www.reddit.com/r/worldnews/.rss|#news - r-ethereum|http://www.reddit.com/r/ethereum/.rss|#news - reuters|http://feeds.reuters.com/Reuters/worldNews|#news - reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#news - rt|http://rt.com/rss/news/|#news - schallurauch|http://feeds.feedburner.com/SchallUndRauch|#news - sciencemag|http://news.sciencemag.org/rss/current.xml|#news - scmp|http://www.scmp.com/rss/91/feed|#news - sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news - shackspace|http://shackspace.de/?feed=rss2|#news - shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news - sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#news - sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#news - sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#news - sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#news - sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#news - slashdot|http://rss.slashdot.org/Slashdot/slashdot|#news - slate|http://feeds.slate.com/slate|#news - spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news - spiegelfechter|http://feeds.feedburner.com/DerSpiegelfechter?format=xml|#news - spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#news - standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#news - stern|http://www.stern.de/feed/standard/all/|#news - stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news - sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news - sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news #financial - sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#news - tagesschau|http://www.tagesschau.de/newsticker.rdf|#news - taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news - telegraph_finance|http://www.telegraph.co.uk/finance/rss|#news #financial - telegraph_pol|http://www.telegraph.co.uk/news/politics/rss|#news - telegraph_uk|http://www.telegraph.co.uk/news/uknews/rss|#news - telegraph_world|http://www.telegraph.co.uk/news/worldnews/rss|#news - telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news - the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news - tigsource|http://www.tigsource.com/feed/|#news - tinc|http://tinc-vpn.org/news/index.rss|#news - topix_b|http://www.topix.com/rss/wire/de/berlin|#news - torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news - torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news - torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news - travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news - un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news - un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news - un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news - un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#news - un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#news - un_top|http://www.un.org/apps/news/rss/rss_top.asp|#news - us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#news - vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news - weechat|http://dev.weechat.org/feed/atom|#news - wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news - xkcd|https://xkcd.com/rss.xml|#news - zdnet|http://www.zdnet.com/news/rss.xml|#news - - chan_g|https://boards.4chan.org/g/index.rss|#news - chan_x|https://boards.4chan.org/x/index.rss|#news - chan_sci|https://boards.4chan.org/sci/index.rss|#news - reddit_consp|http://reddit.com/r/conspiracy/.rss|#news - reddit_sci|http://www.reddit.com/r/science/.rss|#news - reddit_tech|http://www.reddit.com/r/technology/.rss|#news - reddit_nix|http://www.reddit.com/r/nixos/.rss|#news - reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news - hackernews|https://news.ycombinator.com/rss|#news - ''; -in { - environment.systemPackages = [ - pkgs.newsbot-js - ]; - krebs.newsbot-js = { - enable = true; - ircServer = "localhost"; - feeds = newsfile; - urlShortenerHost = "go"; - urlShortenerPort = "80"; - }; -} diff --git a/lass/2configs/coders-irc.nix b/lass/2configs/reaktor-coders.nix similarity index 100% rename from lass/2configs/coders-irc.nix rename to lass/2configs/reaktor-coders.nix diff --git a/lass/2configs/reaktor-krebs.nix b/lass/2configs/reaktor-krebs.nix new file mode 100644 index 000000000..6b17b457d --- /dev/null +++ b/lass/2configs/reaktor-krebs.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: +with import ; + +{ + krebs.Reaktor.krebs = { + nickname = "Reaktor|krebs"; + channels = [ + "#krebs" + "#nixos-wiki" + ]; + extraEnviron = { + REAKTOR_HOST = "irc.freenode.org"; + }; + plugins = with pkgs.ReaktorPlugins; [ + sed-plugin + wiki-todo-add + wiki-todo-done + wiki-todo-show + ]; + }; + services.nginx.virtualHosts."lassul.us".locations."/wiki-todo".extraConfig = '' + default_type "text/plain"; + alias /var/lib/Reaktor/state/wiki-todo; + ''; +} diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 0b6cd8231..f0c0ebfee 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -107,7 +107,6 @@ in { (sync-remote "painload" "https://github.com/krebscode/painload") (sync-remote "Reaktor" "https://github.com/krebscode/Reaktor") (sync-remote "nixos-wiki" "https://github.com/Mic92/nixos-wiki.wiki.git") - (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-retiolum "go") (sync-retiolum "much") (sync-retiolum "newsbot-js") diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix index b5ba3df14..2fbc31677 100644 --- a/lass/2configs/xresources.nix +++ b/lass/2configs/xresources.nix @@ -14,7 +14,9 @@ let ! ref https://github.com/muennich/urxvt-perls URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select + ${optionalString (hasAttr "browser" config.lass) + "URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select" + } URxvt.url-select.underline: true URxvt.keysym.M-u: perl:url-select:select_next URxvt.keysym.M-Escape: perl:keyboard-select:activate diff --git a/lass/3modules/hosts.nix b/lass/3modules/hosts.nix index 7e3af10be..37cbf3ed3 100644 --- a/lass/3modules/hosts.nix +++ b/lass/3modules/hosts.nix @@ -6,7 +6,7 @@ with import ; options.lass.hosts = mkOption { type = types.attrsOf types.host; default = - filterAttrs (_: host: host.owner.name == "lass" && host.managed) + filterAttrs (_: host: host.owner.name == "lass" && host.ci) config.krebs.hosts; }; } diff --git a/lass/3modules/umts.nix b/lass/3modules/umts.nix index 83de4d403..c93c65ad2 100644 --- a/lass/3modules/umts.nix +++ b/lass/3modules/umts.nix @@ -31,6 +31,16 @@ let type = types.str; default = "default"; }; + pppDefaults = mkOption { + type = types.str; + default = '' + noipdefault + usepeerdns + defaultroute + persist + noauth + ''; + }; }; nixpkgs-1509 = import (pkgs.fetchFromGitHub { @@ -71,7 +81,16 @@ let lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts ''; - environment.wvdial.dialerDefaults = wvdial-defaults; + environment.etc = [ + { + source = pkgs.writeText "wvdial.conf" wvdial-defaults; + target = "wvdial.conf"; + } + { + source = pkgs.writeText "wvdial" cfg.pppDefaults; + target = "ppp/peers/wvdial"; + } + ]; systemd.services.umts = { description = "UMTS wvdial Service"; diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 22ec7efa9..67a1dc787 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -98,6 +98,7 @@ myKeyMap = [ ("M4-", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") + , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") @@ -129,6 +130,11 @@ myKeyMap = , ("M4-S-q", return ()) , ("M4-w", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") + + , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") + , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") + , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") + , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") ] forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () diff --git a/lass/source.nix b/lass/source.nix index 7d60730f1..52b0d99f2 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -1,24 +1,27 @@ with import ; -host@{ name, secure ? false }: let +host@{ name, secure ? false, override ? {} }: let builder = if getEnv "dummy_secrets" == "true" then "buildbot" else "lass"; _file = + "/lass/1systems/${name}/source.nix"; in - evalSource (toString _file) { - nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; - secrets.file = getAttr builder { - buildbot = toString ; - lass = "/home/lass/secrets/${name}"; - }; - stockholm.file = toString ; - nixpkgs.git = { - url = https://cgit.lassul.us/nixpkgs; - # nixos-17.03 - # + copytoram: - # 87a4615 & 334ac4f - # + acme permissions for groups - # fd7a8f1 - ref = "d9c85b3"; - }; - } + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; + nixpkgs.git = { + url = http://cgit.lassul.us/nixpkgs; + # nixos-17.03 + # + copytoram: + # 87a4615 & 334ac4f + # + acme permissions for groups + # fd7a8f1 + ref = "fe46ffc"; + }; + secrets.file = getAttr builder { + buildbot = toString ; + lass = "/home/lass/secrets/${name}"; + }; + stockholm.file = toString ; + } + override + ] diff --git a/lib/types.nix b/lib/types.nix index 8c6846887..70570a6b3 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -31,9 +31,20 @@ rec { default = null; }; - managed = mkOption { + ci = mkOption { description = '' - If true, then the host's configuration is defined in stockholm. + If true, then the host wants to be tested by some CI system. + See + ''; + type = bool; + default = false; + }; + + external = mkOption { + description = '' + Whether the host is defined externally (in contrast to being defined + in ). This is useful e.g. when legacy and/or adopted + hosts should be part of retiolum or some other component. ''; type = bool; default = false; diff --git a/mv/1systems/stro.nix b/mv/1systems/stro/config.nix similarity index 84% rename from mv/1systems/stro.nix rename to mv/1systems/stro/config.nix index bb37aedda..669655eec 100644 --- a/mv/1systems/stro.nix +++ b/mv/1systems/stro/config.nix @@ -8,18 +8,6 @@ with import ; build = { user = config.krebs.users.mv; host = config.krebs.hosts.stro; - source = let - HOME = getEnv "HOME"; - host = config.krebs.build.host; - in { - nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix"; - secrets.file = "${HOME}/secrets/${host.name}"; - stockholm.file = "${HOME}/stockholm"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f"; - }; - }; }; }; @@ -27,7 +15,7 @@ with import ; - + @@ -40,7 +28,6 @@ with import ; - ]; boot.kernel.sysctl = { @@ -124,13 +111,13 @@ with import ; nix = { binaryCaches = ["https://cache.nixos.org"]; - # TODO check if both are required: - chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ]; requireSignedBinaryCaches = true; - useChroot = true; + # TODO check if both are required: + sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ]; + useSandbox = true; }; - nixpkgs.config.allowUnfree = false; + nixpkgs.config.packageOverrides = import pkgs; users = { defaultUserShell = "/run/current-system/sw/bin/bash"; diff --git a/mv/1systems/stro/source.nix b/mv/1systems/stro/source.nix new file mode 100644 index 000000000..888d616c8 --- /dev/null +++ b/mv/1systems/stro/source.nix @@ -0,0 +1,3 @@ +import { + name = "stro"; +} diff --git a/mv/dummy_secrets/default.nix b/mv/dummy_secrets/default.nix new file mode 100644 index 000000000..84a5e1186 --- /dev/null +++ b/mv/dummy_secrets/default.nix @@ -0,0 +1,8 @@ +{ config, ... }: +{ + users.users.root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.mv.pubkey + ]; + }; +} diff --git a/mv/dummy_secrets/ssh.ed25519 b/mv/dummy_secrets/ssh.ed25519 new file mode 100644 index 000000000..a7d2adab4 --- /dev/null +++ b/mv/dummy_secrets/ssh.ed25519 @@ -0,0 +1,3 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +dummy +-----END OPENSSH PRIVATE KEY----- diff --git a/mv/source.nix b/mv/source.nix new file mode 100644 index 000000000..aa2b13fd8 --- /dev/null +++ b/mv/source.nix @@ -0,0 +1,23 @@ +with import ; +host@{ name, override ? {} }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "mv"; + _file = + "/mv/1systems/${name}/source.nix"; +in + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix"; + nixpkgs.git = { + # nixos-17.03 + ref = mkDefault "56da88a298a6f549701a10bb12072804a1ebfbd5"; + url = https://github.com/NixOS/nixpkgs; + }; + secrets.file = getAttr builder { + buildbot = toString ; + mv = "/home/mv/secrets/${name}"; + }; + stockholm.file = toString ; + } + override + ] diff --git a/shell.nix b/shell.nix index bc14fe7d8..a4ccc3187 100644 --- a/shell.nix +++ b/shell.nix @@ -9,6 +9,7 @@ let # usage: deploy # [--force-populate] # [--quiet] + # [--source=PATH] # --system=SYSTEM # [--target=TARGET] # [--user=USER] @@ -20,6 +21,7 @@ let \test -n "''${quiet-}" || quiet=false \test -n "''${target-}" || target=$system \test -n "''${user-}" || user=$LOGNAME + \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} . ${init.proxy} @@ -29,6 +31,7 @@ let # usage: install # [--force-populate] # [--quiet] + # [--source=PATH] # --system=SYSTEM # --target=TARGET # [--user=USER] @@ -39,6 +42,7 @@ let . ${init.args} \test -n "''${quiet-}" || quiet=false \test -n "''${user-}" || user=$LOGNAME + \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} if \test "''${using_proxy-}" != true; then @@ -76,6 +80,7 @@ let # usage: test # [--force-populate] # [--quiet] + # [--source=PATH] # --system=SYSTEM # --target=TARGET # [--user=USER] @@ -88,6 +93,7 @@ let . ${init.args} \test -n "''${quiet-}" || quiet=false \test -n "''${user-}" || user=$LOGNAME + \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} . ${init.proxy} @@ -160,14 +166,16 @@ let init.args = pkgs.writeText "init.args" /* sh */ '' args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \ -o Qs:t:u: \ - -l force-populate,quiet,system:,target:,user: \ + -l force-populate,quiet,source:,system:,target:,user: \ -- "$@") if \test $? != 0; then exit 1; fi eval set -- "$args" force_populate=false + source_file= while :; do case $1 in - --force-populate) force_populate=true; shift;; + --force-populate) force_populate=true; shift;; -Q|--quiet) quiet=true; shift;; + --source) source_file=$2; shift 2;; -s|--system) system=$2; shift 2;; -t|--target) target=$2; shift 2;; -u|--user) user=$2; shift 2;; @@ -196,7 +204,6 @@ let init.proxy = pkgs.writeText "init.proxy" /* sh */ '' if \test "''${using_proxy-}" != true; then - source_file=$user/1systems/$system/source.nix source=$(get-source "$source_file") qualified_target=$target_user@$target_host:$target_port$target_path if \test "$force_populate" = true; then @@ -269,7 +276,7 @@ in pkgs.stdenv.mkDerivation { name = "stockholm"; shellHook = /* sh */ '' export OLD_PATH="$PATH" - export NIX_PATH=stockholm=$PWD:nixpkgs=${toString } + export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString } if test -e /nix/var/nix/daemon-socket/socket; then export NIX_REMOTE=daemon fi diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 089481872..f3e7b515b 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -15,9 +15,9 @@ with import ; tv.x0vncserver.enable = true; # hardware configuration - boot.initrd.luks.devices = [ - { name = "vgmu1"; device = "/dev/sda2"; } - ]; + boot.initrd.luks.devices.muca = { + device = "/dev/disk/by-uuid/a8796bb3-6c03-4ddf-b2e4-c2e44c51d352"; + }; boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; boot.initrd.availableKernelModules = [ "ahci" ]; boot.kernelModules = [ "fbcon" "kvm-intel" ]; @@ -25,16 +25,17 @@ with import ; fileSystems = { "/" = { - device = "/dev/vgmu1/nixroot"; - fsType = "ext4"; - options = [ "defaults" "noatime" ]; + device = "/dev/mapper/muvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; "/home" = { - device = "/dev/vgmu1/home"; - options = [ "defaults" "noatime" ]; + device = "/dev/mapper/muvga-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; "/boot" = { - device = "/dev/sda1"; + device = "/dev/disk/by-uuid/DC38-F165"; }; }; @@ -51,18 +52,19 @@ with import ; networking.networkmanager.enable = true; environment.systemPackages = with pkgs; [ + chromium + firefoxWrapper + gimp + iptables + kdeApplications.l10n.de.qt5 + libreoffice + pidginotr + pidgin-with-plugins + skype slock tinc_pre - iptables vim - gimp xsane - firefoxWrapper - chromium - skype - libreoffice - pidgin-with-plugins - pidginotr #foomatic_filters #gutenprint diff --git a/tv/5pkgs/simple/viljetic-pages/index.html b/tv/5pkgs/simple/viljetic-pages/index.html index c06b3f97b..fc186d6ed 100644 --- a/tv/5pkgs/simple/viljetic-pages/index.html +++ b/tv/5pkgs/simple/viljetic-pages/index.html @@ -3,8 +3,7 @@ This page intentionally left blank.