Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'cloudkrebs/master' into pre-merge

Browse Source
This commit is contained in:
makefu 2015-11-14 01:51:36 +01:00
commit 773a67a983
40 changed files with 1052 additions and 333 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
krebs/3modules/default.nix
View File

@ -13,6 +13,7 @@ let
./exim-smarthost.nix
./github-hosts-sync.nix
./git.nix
./go.nix
./iptables.nix
./nginx.nix
./per-user.nix

9
lass/3modules/go.nix → krebs/3modules/go.nix
View File

@ -4,10 +4,10 @@ with builtins;
with lib;
let
cfg = config.lass.go;
cfg = config.krebs.go;
out = {
options.lass.go = api;
options.krebs.go = api;
config = mkIf cfg.enable imp;
};
@ -26,6 +26,11 @@ let
};
imp = {
services.redis = {
enable = mkDefault true;
bind = mkDefault "127.0.0.1";
};
users.extraUsers.go = {
name = "go";
uid = 42774411; #genid go

32
krebs/3modules/lass/default.nix
View File

@ -2,35 +2,7 @@
with lib;
let
testHosts = lib.genAttrs [
"test-arch"
"test-centos6"
"test-centos7"
] (name: {
inherit name;
cores = 1;
nets = {
retiolum = {
addrs4 = ["10.243.111.111"];
addrs6 = ["42:0:0:0:0:0:0:7357"];
aliases = [
"test.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd
mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5
TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1
K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8
QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY
VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
});
in {
{
hosts = addNames {
echelon = {
cores = 2;
@ -241,7 +213,7 @@ in {
};
};
} // testHosts;
};
users = addNames {
lass = {
pubkey = readFile ../../Zpubkeys/lass.ssh.pub;

32
krebs/3modules/shared/default.nix
View File

@ -2,7 +2,35 @@
with lib;
{
let
testHosts = lib.genAttrs [
"test-arch"
"test-centos6"
"test-centos7"
] (name: {
inherit name;
cores = 1;
nets = {
retiolum = {
addrs4 = ["10.243.111.111"];
addrs6 = ["42:0:0:0:0:0:0:7357"];
aliases = [
"test.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd
mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5
TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1
K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8
QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY
VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
});
in {
hosts = addNames {
wolf = {
#dc = "shack";
@ -32,7 +60,7 @@ with lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR";
};
};
} // testHosts;
users = addNames {
shared = {
mail = "spam@krebsco.de";

0
lass/5pkgs/go/default.nix → krebs/5pkgs/go/default.nix
View File

0
lass/5pkgs/go/packages.nix → krebs/5pkgs/go/packages.nix
View File

2
lass/1systems/echelon.nix
View File

@ -13,7 +13,7 @@ in {
../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
../2configs/git.nix
../2configs/redis.nix
#../2configs/redis.nix
../2configs/go.nix
../2configs/ircd.nix
../2configs/newsbot-js.nix

29
lass/1systems/mors.nix
View File

@ -18,10 +18,37 @@
../2configs/chromium-patched.nix
../2configs/git.nix
../2configs/retiolum.nix
../2configs/wordpress.nix
#../2configs/wordpress.nix
../2configs/bitlbee.nix
../2configs/firefoxPatched.nix
../2configs/skype.nix
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
];
}
{
#wordpress-test
#imports = singleton (sitesGenerators.createWordpress "testserver.de");
imports = [
../3modules/wordpress_nginx.nix
];
lass.wordpress."testserver.de" = {
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
rootPassword = "<secrets>/mysql_rootPassword";
};
networking.extraHosts = ''
10.243.0.2 testserver.de
'';
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
];
}
];
krebs.build.host = config.krebs.hosts.mors;

29
lass/1systems/prism.nix
View File

@ -10,6 +10,8 @@ in {
../2configs/downloading.nix
../2configs/git.nix
../2configs/ts3.nix
../2configs/bitlbee.nix
../2configs/weechat.nix
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
@ -87,6 +89,33 @@ in {
{
nixpkgs.config.allowUnfree = true;
}
{
#stuff for juhulian
users.extraUsers.juhulian = {
name = "juhulian";
uid = 1339;
home = "/home/juhulian";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
{
environment.systemPackages = [
pkgs.perlPackages.Plack
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
];
}
];
krebs.build.host = config.krebs.hosts.prism;

6
lass/2configs/base.nix
View File

@ -48,7 +48,7 @@ with lib;
source = {
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
rev = "8d1ce129361312334bf914ce0d27e463cb0bb21b";
};
dir.secrets = {
host = config.krebs.hosts.mors;
@ -92,6 +92,10 @@ with lib;
most
rxvt_unicode.terminfo
#monitoring tools
htop
iotop
#network
iptables

54
lass/2configs/baseX.nix
View File

@ -5,7 +5,8 @@ let
in {
imports = [
./base.nix
./urxvt.nix
#./urxvt.nix
./xserver
];
users.extraUsers.mainUser.extraGroups = [ "audio" ];
@ -34,38 +35,39 @@ in {
sxiv
much
push
zathura
#window manager stuff
haskellPackages.xmobar
haskellPackages.yeganesh
dmenu2
xlibs.fontschumachermisc
#haskellPackages.xmobar
#haskellPackages.yeganesh
#dmenu2
#xlibs.fontschumachermisc
];
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
#fonts.fonts = [
# pkgs.xlibs.fontschumachermisc
#];
services.xserver = {
enable = true;
#services.xserver = {
# enable = true;
windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [
X11-xshape
];
windowManager.xmonad.enable = true;
windowManager.xmonad.enableContribAndExtras = true;
windowManager.default = "xmonad";
desktopManager.default = "none";
desktopManager.xterm.enable = false;
displayManager.slim.enable = true;
displayManager.auto.enable = true;
displayManager.auto.user = mainUser.name;
# windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [
# X11-xshape
# ];
# windowManager.xmonad.enable = true;
# windowManager.xmonad.enableContribAndExtras = true;
# windowManager.default = "xmonad";
# desktopManager.default = "none";
# desktopManager.xterm.enable = false;
# displayManager.slim.enable = true;
# displayManager.auto.enable = true;
# displayManager.auto.user = mainUser.name;
layout = "us";
xkbModel = "evdev";
xkbVariant = "altgr-intl";
xkbOptions = "caps:backspace";
};
# layout = "us";
# xkbModel = "evdev";
# xkbVariant = "altgr-intl";
# xkbOptions = "caps:backspace";
#};
services.logind.extraConfig = ''
HandleLidSwitch=ignore

16
lass/2configs/bitlbee.nix
View File

@ -1,16 +1,12 @@
{ config, pkgs, ... }:
let
lpkgs = import ../5pkgs { inherit pkgs; };
in {
imports = [
../3modules/bitlbee.nix
];
lass.bitlbee = {
{
services.bitlbee = {
enable = true;
bitlbeePkg = lpkgs.bitlbee;
portNumber = 6666;
plugins = [
pkgs.bitlbee-facebook
pkgs.bitlbee-steam
];
};
}

10
lass/2configs/browsers.nix
View File

@ -1,7 +1,15 @@
{ config, lib, pkgs, ... }:
let
inherit (import ../4lib { inherit pkgs lib; }) simpleScript;
simpleScript = name: content:
pkgs.stdenv.mkDerivation {
inherit name;
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
ln -s ${pkgs.writeScript name content} $out/bin/${name}
'';
};
mainUser = config.users.extraUsers.mainUser;
createChromiumUser = name: extraGroups: packages:

8
lass/2configs/git.nix
View File

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
with import ../../tv/4lib { inherit lib pkgs; };
with lib;
let
@ -43,19 +43,19 @@ let
collaborators = with config.krebs.users; [ tv makefu ];
};
} //
import /root/src/secrets/repos.nix { inherit config lib pkgs; }
import <secrets/repos.nix> { inherit config lib pkgs; }
);
make-public-repo = name: { desc ? null, ... }: {
inherit name desc;
public = true;
hooks = {
post-receive = git.irc-announce {
post-receive = pkgs.git-hooks.irc-announce {
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
channel = "#retiolum";
server = "cd.retiolum";
verbose = config.krebs.build.host.name == "echelon";
verbose = config.krebs.build.host.name == "prism";
};
};
};

5
lass/2configs/go.nix
View File

@ -2,13 +2,10 @@
with lib;
{
imports = [
../3modules/go.nix
];
environment.systemPackages = [
pkgs.go
];
lass.go = {
krebs.go = {
enable = true;
};
krebs.nginx = {

28
lass/2configs/mc.nix
View File

@ -159,37 +159,25 @@ let
### Images ###
type/^GIF
shell/i/.gif
Include=image
type/^JPEG
regex/i/\.jpe?g$
Include=image
type/^PC\ bitmap
shell/i/.bmp
Include=image
type/^PNG
shell/i/.png
Include=image
type/^JNG
shell/i/.jng
Include=image
type/^MNG
shell/i/.mng
Include=image
type/^TIFF
Include=image
type/^PBM
Include=image
type/^PGM
Include=image
type/^PPM
Include=image
type/^Netpbm
shell/i/.tiff
Include=image
shell/.ico
@ -283,7 +271,7 @@ let
### Documents ###
# PDF
type/^PDF
shell/i/.pdf
Open=zathura %f
View=zathura %f

6
lass/2configs/skype.nix
View File

@ -4,10 +4,6 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
imports = [
../3modules/per-user.nix
];
users.extraUsers = {
skype = {
name = "skype";
@ -20,7 +16,7 @@ in {
};
};
lass.per-user.skype.packages = [
krebs.per-user.skype.packages = [
pkgs.skype
];

31
lass/2configs/weechat.nix
View File

@ -1,22 +1,37 @@
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
../3modules/per-user.nix
];
lass.per-user.chat.packages = [
krebs.per-user.chat.packages = [
pkgs.weechat
pkgs.tmux
];
users.extraUsers.chat = {
home = "/home/chat";
uid = 986764891; # genid chat
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = map readFile [
../../krebs/Zpubkeys/lass.ssh.pub
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
#systemd.services.chat = {
# description = "chat environment setup";
# after = [ "network.target" ];
# wantedBy = [ "multi-user.target" ];
# path = with pkgs; [
# weechat
# tmux
# ];
# restartIfChanged = true;
# serviceConfig = {
# User = "chat";
# Restart = "always";
# ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat";
# };
#};
}

27
lass/2configs/xserver/Xresources.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
with lib;
pkgs.writeText "Xresources" ''
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
! ref https://github.com/muennich/urxvt-perls
URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.url-select.launcher: browser-select
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.intensityStyles: false
URxvt*background: #000000
URxvt*foreground: #ffffff
!change unreadable blue
URxvt*color4: #268bd2
''

161
lass/2configs/xserver/default.nix Normal file
View File

@ -0,0 +1,161 @@
{ config, lib, pkgs, ... }@args:
with lib;
let
# TODO krebs.build.user
user = config.users.users.mainUser;
out = {
services.xserver = {
display = 11;
tty = 11;
synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
};
#keyboard stuff
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "caps:backspace";
};
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
systemd.services.urxvtd = {
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
serviceConfig = {
ExecReload = need-reload "urxvtd.service";
ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
User = user.name;
};
};
environment.systemPackages = [
pkgs.gitAndTools.qgit
pkgs.mpv
pkgs.pavucontrol
pkgs.slock
pkgs.sxiv
pkgs.xsel
pkgs.zathura
];
security.setuidPrograms = [
"slock"
];
systemd.services.display-manager = mkForce {};
services.xserver.enable = true;
systemd.services.xmonad = {
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = xmonad-environment;
serviceConfig = {
ExecStart = "${xmonad-start}/bin/xmonad";
ExecStop = "${xmonad-stop}/bin/xmonad-stop";
User = user.name;
WorkingDirectory = user.home;
};
};
systemd.services.xserver = {
after = [
"systemd-udev-settle.service"
"local-fs.target"
"acpid.service"
];
reloadIfChanged = true;
environment = xserver-environment;
serviceConfig = {
ExecReload = need-reload "xserver.service";
ExecStart = "${xserver}/bin/xserver";
};
};
};
xmonad-environment = {
DISPLAY = ":${toString config.services.xserver.display}";
XMONAD_STATE = "/tmp/xmonad.state";
# XXX JSON is close enough :)
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
"cr"
"gm"
"ff"
"IM"
"mail"
"stockholm"
]);
};
xmonad-start = pkgs.writeScriptBin "xmonad" ''
#! ${pkgs.bash}/bin/bash
set -efu
export PATH; PATH=${makeSearchPath "bin" ([
pkgs.rxvt_unicode
pkgs.i3lock
pkgs.haskellPackages.yeganesh
pkgs.haskellPackages.xmobar
pkgs.dmenu
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
settle() {(
# Use PATH for a clean journal
command=''${1##*/}
PATH=''${1%/*}; export PATH
shift
until "$command" "$@"; do
${pkgs.coreutils}/bin/sleep 1
done
)&}
settle ${pkgs.xorg.xhost}/bin/xhost +LOCAL:
settle ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args}
settle ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c'
exec ${pkgs.xmonad-lass}/bin/xmonad
'';
xmonad-stop = pkgs.writeScriptBin "xmonad-stop" ''
#! /bin/sh
exec ${pkgs.xmonad-lass}/bin/xmonad --shutdown
'';
xserver-environment = {
XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
};
xserver = pkgs.writeScriptBin "xserver" ''
#! /bin/sh
set -efu
exec ${pkgs.xorg.xorgserver}/bin/X \
:${toString config.services.xserver.display} \
vt${toString config.services.xserver.tty} \
-config ${import ./xserver.conf.nix args} \
-logfile /var/log/X.${toString config.services.xserver.display}.log \
-nolisten tcp \
-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb \
'';
need-reload = s: let
pkg = pkgs.writeScriptBin "need-reload" ''
#! /bin/sh
echo "$*"
'';
in "${pkg}/bin/need-reload ${s}";
in out

40
lass/2configs/xserver/xserver.conf.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver;
in
pkgs.stdenv.mkDerivation {
name = "xserver.conf";
xfs = optionalString (cfg.useXFS != false)
''FontPath "${toString cfg.useXFS}"'';
inherit (cfg) config;
buildCommand =
''
echo 'Section "Files"' >> $out
echo $xfs >> $out
for i in ${toString config.fonts.fonts}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString cfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo 'EndSection' >> $out
echo "$config" >> $out
'';
}

2
lass/3modules/default.nix
View File

@ -4,10 +4,10 @@ _:
./xresources.nix
./bitlbee.nix
./folderPerms.nix
./go.nix
./newsbot-js.nix
./per-user.nix
./urxvtd.nix
./xresources.nix
./wordpress_nginx.nix
];
}

195
lass/3modules/wordpress_nginx.nix Normal file
View File

@ -0,0 +1,195 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.lass.wordpress;
out = {
options.lass.wordpress = api;
config = imp;
};
api = mkOption {
type = with types; attrsOf (submodule ({ config, ... }: {
options = {
domain = mkOption {
type = str;
default = config._module.args.name;
};
dbUser = mkOption {
type = str;
default = replaceStrings ["."] ["_"] config.domain;
};
dbName = mkOption {
type = str;
default = replaceStrings ["."] ["_"] config.domain;
};
folder = mkOption {
type = str;
default = "/srv/http/${config.domain}";
};
auto = mkOption {
type = bool;
default = false;
};
charset = mkOption {
type = str;
default = "utf8mb4";
};
collate = mkOption {
type = str;
default = "";
};
debug = mkOption {
type = bool;
default = false;
};
};
}));
default = {};
};
dataFolder = "/srv/http";
user = config.services.nginx.user;
group = config.services.nginx.group;
imp = {
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, ... }: {
server-names = [
"${domain}"
"www.${domain}"
];
locations = [
(nameValuePair "/" ''
try_files $uri $uri/ /index.php?$args;
'')
(nameValuePair "~ \.php$" ''
fastcgi_pass unix:${dataFolder}/${domain}/phpfpm.pool;
include ${pkgs.nginx}/conf/fastcgi.conf;
'')
(nameValuePair "~ /\\." ''
deny all;
'')
];
extraConfig = ''
root ${dataFolder}/${domain}/;
index index.php;
access_log /tmp/nginx_acc.log;
error_log /tmp/nginx_err.log;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
'';
});
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, ... }: ''
listen = ${dataFolder}/${domain}/phpfpm.pool
user = ${user}
group = ${group}
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
listen.owner = ${user}
listen.group = ${group}
# errors to journal
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
catch_workers_output = yes
'');
systemd.services = flip mapAttrs' cfg (name: { domain, folder, charset, collate, dbName, dbUser, debug, ... }: {
name = "wordpressInit-${name}";
value = {
path = [
pkgs.mysql
pkgs.su
pkgs.gawk
pkgs.jq
];
requiredBy = [ "nginx.service" ];
serviceConfig = let
php.define = name: value:
"define(${php.newdoc name}, ${php.newdoc value});";
php.toString = x:
"'${x}'";
php.newdoc = s:
let b = "EOF${builtins.hashString "sha256" s}"; in
''<<<'${b}'
${s}
${b}
'';
in {
Type = "oneshot";
ExecStart = pkgs.writeScript "wordpressInit" ''
#!/bin/sh
set -euf
wp_secrets=${shell.escape "${toString <secrets>}/${domain}/wp-secrets"}
db_password=$(cat ${shell.escape "${toString <secrets>}/${domain}/sql-db-pw"})
get_secret() {
echo "define('$1', $(jq -r ."$1" "$wp_secrets" | to_php_string));"
}
to_php_string() {
echo "base64_decode('$(base64)')"
}
{
cat ${toString <secrets/mysql_rootPassword>}
password=$(cat ${shell.escape (toString (<secrets/mysql_rootPassword>))})
# TODO passwordhash=$(su nobody2 -c mysql <<< "SELECT PASSWORD($(toSqlString <<< "$password"));")
# TODO as package pkgs.sqlHashPassword
# TODO not using mysql
# SET SESSION sql_mode = 'NO_BACKSLASH_ESCAPES';
passwordhash=$(su nobody2 -c 'mysql -u nobody --silent' <<< "SELECT PASSWORD('$db_password');")
user=${shell.escape dbUser}@localhost
database=${shell.escape dbName}
cat << EOF
CREATE DATABASE IF NOT EXISTS $database;
GRANT USAGE ON *.* TO $user IDENTIFIED BY PASSWORD '$passwordhash';
GRANT ALL PRIVILEGES ON $database.* TO $user;
FLUSH PRIVILEGES;
EOF
} | mysql -u root -p
# TODO nix2php for wp-config.php
cat > ${folder}/wp-config.php << EOF
<?php
define('DB_PASSWORD', '$db_password');
define('DB_HOST', 'localhost');
${concatStringsSep "\n" (mapAttrsToList (name: value:
"define('${name}', $(printf '%s' ${shell.escape value} | to_php_string));"
) {
DB_NAME = dbName;
DB_USER = dbUser;
DB_CHARSET = charset;
DB_COLLATE = collate;
})}
${concatMapStringsSep "\n" (key: "$(get_secret ${shell.escape key})") [
"AUTH_KEY"
"SECURE_AUTH_KEY"
"LOGGED_IN_KEY"
"NONCE_KEY"
"AUTH_SALT"
"SECURE_AUTH_SALT"
"LOGGED_IN_SALT"
"NONCE_SALT"
]}
\$table_prefix = 'wp_';
define('WP_DEBUG', ${toJSON debug});
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
EOF
'';
};
};
});
users.users.nobody2 = {
uid = 125816384; # genid nobody2
useDefaultShell = true;
};
};
in out

12
lass/4lib/default.nix
View File

@ -1,19 +1,9 @@
{ lib, pkgs, ... }:
{ lib, ... }:
with lib;
{
simpleScript = name: content:
pkgs.stdenv.mkDerivation {
inherit name;
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
ln -s ${pkgs.writeScript name content} $out/bin/${name}
'';
};
getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);

20
lass/5pkgs/bitlbee-dev.nix
View File

@ -1,20 +0,0 @@
{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python }:
stdenv.mkDerivation rec {
name = "bitlbee-3.4.1";
src = fetchurl {
url = "mirror://bitlbee/src/${name}.tar.gz";
sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh";
};
buildInputs = [ gnutls glib pkgconfig libotr python ];
buildPhase = "";
installPhase = ''
make install-dev
'';
}

31
lass/5pkgs/bitlbee-steam.nix
View File

@ -1,31 +0,0 @@
{ stdenv, fetchgit, autoconf, automake, bitlbee-dev, glib, libgcrypt, libtool, pkgconfig }:
stdenv.mkDerivation rec {
name = "bitlbee-steam-1.3.1";
src = fetchgit {
url = "https://github.com/jgeboski/bitlbee-steam";
rev = "439d777c7e8d06712ffc15c3e51d61799f4c0d0c";
sha256 = "493924da1083a3b23073c595a9e1989a7ae09a196524ad66ca99c4d8ccc20d2a";
};
buildInputs = [
autoconf
automake
bitlbee-dev
glib
libgcrypt
libtool
pkgconfig
];
configurePhase = ''
./autogen.sh
'';
installPhase = ''
mkdir -p $out
cp steam/.libs/steam.la $out/
cp steam/.libs/steam.so $out/
'';
}

71
lass/5pkgs/bitlbee.nix
View File

@ -1,71 +0,0 @@
{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python
, bitlbee-facebook ? null
, bitlbee-steam ? null
}:
with stdenv.lib;
stdenv.mkDerivation rec {
name = "bitlbee-3.4.1";
src = fetchurl {
url = "mirror://bitlbee/src/${name}.tar.gz";
sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh";
};
buildInputs = [ gnutls glib pkgconfig libotr python ]
++ optional doCheck check;
configureFlags = [
"--gcov=1"
"--otr=1"
"--ssl=gnutls"
];
postBuild = ''
${if (bitlbee-steam != null) then
''
mkdir -p $out/lib/bitlbee/
find ${bitlbee-steam}
cp ${bitlbee-steam}/* $out/lib/bitlbee/
''
else
""
}
'';
#${concatMapStringsSep "\n" ([] ++
# (if (bitlbee-facebook != null) then
# "cp ${bitlbee-faceook}/* $out/"
# else
# ""
# ) ++
# (if (bitlbee-steam != null) then
# "cp ${bitlbee-steam}/* $out/"
# else
# ""
# )
#)}
doCheck = true;
meta = {
description = "IRC instant messaging gateway";
longDescription = ''
BitlBee brings IM (instant messaging) to IRC clients. It's a
great solution for people who have an IRC client running all the
time and don't want to run an additional MSN/AIM/whatever
client.
BitlBee currently supports the following IM networks/protocols:
XMPP/Jabber (including Google Talk), MSN Messenger, Yahoo!
Messenger, AIM and ICQ.
'';
homepage = http://www.bitlbee.org/;
license = licenses.gpl2Plus;
maintainers = with maintainers; [ wkennington pSub ];
platforms = platforms.gnu; # arbitrary choice
};
}

7
lass/5pkgs/default.nix
View File

@ -5,14 +5,13 @@ let
in
rec {
bitlbee-dev = callPackage ./bitlbee-dev.nix {};
bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; };
bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; };
firefoxPlugins = {
noscript = callPackage ./firefoxPlugins/noscript.nix {};
ublock = callPackage ./firefoxPlugins/ublock.nix {};
vimperator = callPackage ./firefoxPlugins/vimperator.nix {};
};
go = callPackage ./go/default.nix {};
newsbot-js = callPackage ./newsbot-js/default.nix {};
xmonad-lass =
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
pkgs.haskellPackages.callPackage src {};
}

1
lass/5pkgs/xmonad-lass/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/shell.nix

190
lass/5pkgs/xmonad-lass/Main.hs Normal file
View File

@ -0,0 +1,190 @@
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE ScopedTypeVariables #-}
module Main where
import Control.Exception
import Text.Read (readEither)
import XMonad
import System.IO (hPutStrLn, stderr)
import System.Environment (getArgs, withArgs, getEnv, getEnvironment)
import System.Posix.Process (executeFile)
import XMonad.Prompt (defaultXPConfig)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
, removeEmptyWorkspace)
import XMonad.Actions.GridSelect
import XMonad.Actions.CycleWS (toggleWS)
--import XMonad.Actions.CopyWindow ( copy )
import XMonad.Layout.NoBorders ( smartBorders )
import qualified XMonad.StackSet as W
import Data.Map (Map)
import qualified Data.Map as Map
-- TODO import XMonad.Layout.WorkspaceDir
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
-- import XMonad.Layout.Tabbed
--import XMonad.Layout.MouseResizableTile
import XMonad.Layout.Reflect (reflectVert)
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
import XMonad.Layout.PerWorkspace (onWorkspace)
--import XMonad.Layout.BinarySpacePartition
import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Prompt (autoComplete, defaultXPConfig, XPConfig, mkXPrompt)
import XMonad.Hooks.UrgencyHook (focusUrgent, withUrgencyHook, urgencyBorderColor, BorderUrgencyHook(BorderUrgencyHook))
import XMonad.Actions.DynamicWorkspaces (addWorkspacePrompt, removeEmptyWorkspace, renameWorkspace, withWorkspace)
import XMonad.Hooks.FloatNext (floatNext, floatNextHook)
import XMonad.Prompt.Workspace
import XMonad.Actions.CopyWindow (copy, kill1)
import qualified Data.Map as M
import XMonad.Hooks.ManageDocks (avoidStruts, manageDocks, ToggleStruts(ToggleStruts))
--import XMonad.Actions.Submap
import XMonad.Stockholm.Pager
import XMonad.Stockholm.Rhombus
import XMonad.Stockholm.Shutdown
myTerm :: String
myTerm = "urxvtc"
myRootTerm :: String
myRootTerm = "urxvtc -name root-urxvt -e su -"
myFont :: String
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
main :: IO ()
main = getArgs >>= \case
["--shutdown"] -> sendShutdownEvent
_ -> mainNoArgs
mainNoArgs :: IO ()
mainNoArgs = do
xmonad'
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
-- urgencyConfig { remindWhen = Every 1 }
-- $ withUrgencyHook borderUrgencyHook "magenta"
-- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ defaultConfig
{ terminal = myTerm
, modMask = mod4Mask
, layoutHook = smartBorders $ myLayoutHook
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
--, handleEventHook = handleTimerEvent
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook = spawn "echo emit XMonadStartup"
, normalBorderColor = "#1c1c1c"
, focusedBorderColor = "#f000b0"
, handleEventHook = handleShutdownEvent
} `additionalKeysP` myKeyMap
myLayoutHook = defLayout
where
defLayout = (avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
xmonad' conf = do
path <- getEnv "XMONAD_STATE"
try (readFile path) >>= \case
Right content -> do
hPutStrLn stderr ("resuming from " ++ path)
withArgs ("--resume" : lines content) (xmonad conf)
Left e -> do
hPutStrLn stderr (displaySomeException e)
xmonad conf
displaySomeException :: SomeException -> String
displaySomeException = displayException
myKeyMap =
[ ("M4-<F11>", spawn "i3lock -i ~/lock.png -u" )
, ("M4-p", spawn "passmenu --type")
, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
-- , ("M4-r", io (readProcess "yeganesh" ["-x"] "" >>= putStrLn ) )
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
, ("<XF86Launch1>", gridselectWorkspace myWSConfig W.view)
, ("M4-a", focusUrgent)
, ("M4-S-r", renameWorkspace defaultXPConfig)
, ("M4-S-a", addWorkspacePrompt defaultXPConfig)
, ("M4-S-<Backspace>", removeEmptyWorkspace)
, ("M4-S-c", kill1)
, ("M4-<Esc>", toggleWS)
, ("M4-S-<Enter>", spawn myTerm)
, ("M4-x", floatNext True >> spawn myTerm)
, ("M4-f", floatNext True)
, ("M4-b", sendMessage ToggleStruts)
, ("M4-v", withWorkspace myXPConfig (windows . W.view))
, ("M4-S-v", withWorkspace myXPConfig (windows . W.shift))
, ("M4-C-v", withWorkspace myXPConfig (windows . copy))
-- , (_4 , xK_q ) & \k -> (k, goToSelected myCNConfig { gs_navigate = makeGSNav k } )
-- , (_4S, xK_q ) & \k -> (k, bringSelected myCNConfig { gs_navigate = makeGSNav k } )
-- , (_4C, xK_q ) & \k -> (k, withSelectedWindow ( \a -> get >>= \s -> put s { windowset = copyWindow a (W.tag $ W.workspace $ W.current $ windowset s) (windowset s) } ) myCNConfig { gs_navigate = makeGSNav k } )
--, ("M4-<F1>", perWorkspaceAction workspaceConfigs)
, ("M4-S-q", return ())
]
myGSConfig = defaultGSConfig
{ gs_cellheight = 50
, gs_cellpadding = 2
, gs_navigate = navNSearch
, gs_font = myFont
}
myXPConfig :: XPConfig
myXPConfig = defaultXPConfig
{ autoComplete = Just 5000
}
myWSConfig = myGSConfig
{ gs_cellwidth = 50
}
pagerConfig :: PagerConfig
pagerConfig = defaultPagerConfig
{ pc_font = myFont
, pc_cellwidth = 64
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
--, pc_borderwidth = 1
--, pc_matchcolor = "#f0b000"
, pc_matchmethod = MatchPrefix
--, pc_colors = pagerWorkspaceColors
, pc_windowColors = windowColors
}
where
windowColors _ _ _ True _ = ("#ef4242","#ff2323")
windowColors wsf m c u wf = do
let def = defaultWindowColors wsf m c u wf
if m == False && wf == True
then ("#402020", snd def)
else def
wGSConfig :: GSConfig Window
wGSConfig = defaultGSConfig
{ gs_cellheight = 20
, gs_cellwidth = 192
, gs_cellpadding = 5
, gs_font = myFont
, gs_navigate = navNSearch
}
(&) :: a -> (a -> c) -> c
(&) = flip ($)
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
allWorkspaceNames ws =
return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]

6
lass/5pkgs/xmonad-lass/Makefile Normal file
View File

@ -0,0 +1,6 @@
.PHONY: ghci
ghci: shell.nix
nix-shell --command 'exec ghci -Wall'
shell.nix: xmonad.cabal
cabal2nix --shell . > $@

52
lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs Normal file
View File

@ -0,0 +1,52 @@
module Util.PerWorkspaceConfig
( WorkspaceConfig (..)
, WorkspaceConfigs
, switchToWorkspace
, defaultWorkspaceConfig
, perWorkspaceAction
, perWorkspaceTermAction
-- , myLayoutHack
)
where
import XMonad
import XMonad.Core (LayoutClass)
import Control.Monad (when)
import qualified Data.Map as M
import qualified XMonad.StackSet as W
data WorkspaceConfig l =
WorkspaceConfig
{ switchAction :: X ()
, startAction :: X ()
, keyAction :: X ()
, termAction :: X ()
}
type WorkspaceConfigs l = M.Map WorkspaceId (WorkspaceConfig l)
defaultWorkspaceConfig = WorkspaceConfig
{ switchAction = return ()
, startAction = return ()
, keyAction = return ()
, termAction = spawn "urxvtc"
}
whenLookup wsId cfg a =
when (M.member wsId cfg) (a $ cfg M.! wsId)
switchToWorkspace :: WorkspaceConfigs l -> WorkspaceId -> X ()
switchToWorkspace cfg wsId = do
windows $ W.greedyView wsId
wins <- gets (W.integrate' . W.stack . W.workspace . W.current . windowset)
when (null wins) $ whenLookup wsId cfg startAction
whenLookup wsId cfg switchAction
perWorkspaceAction :: WorkspaceConfigs l -> X ()
perWorkspaceAction cfg = withWindowSet $ \s -> whenLookup (W.currentTag s) cfg keyAction
perWorkspaceTermAction :: WorkspaceConfigs l -> X ()
perWorkspaceTermAction cfg = withWindowSet $ \s -> case M.lookup (W.currentTag s) cfg of
Just x -> termAction x
_ -> termAction defaultWorkspaceConfig

17
lass/5pkgs/xmonad-lass/xmonad.cabal Normal file
View File

@ -0,0 +1,17 @@
Author: lass
Build-Type: Simple
Cabal-Version: >= 1.2
License: MIT
Name: xmonad-lass
Version: 0
Executable xmonad
Build-Depends:
base,
containers,
unix,
xmonad,
xmonad-contrib,
xmonad-stockholm
GHC-Options: -Wall -O3 -threaded -rtsopts
Main-Is: Main.hs

8
lass/1systems/test-arch.nix → shared/1systems/test-arch.nix
View File

@ -1,10 +1,6 @@
{ config, lib, pkgs, ... }:
{ config, pkgs, ... }:
let
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
in {
{
imports = [
../2configs/base.nix
{

4
lass/1systems/test-centos6.nix → shared/1systems/test-centos6.nix
View File

@ -1,10 +1,10 @@
{ config, lib, pkgs, ... }:
let
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
ip = "168.235.148.52";
gw = "168.235.148.1";
in {
imports = [
../2configs/base.nix
@ -16,7 +16,7 @@ in {
prefixLength = 24;
}
];
networking.defaultGateway = getDefaultGateway ip;
networking.defaultGateway = gw;
networking.nameservers = [
"8.8.8.8"
];

4
lass/1systems/test-centos7.nix → shared/1systems/test-centos7.nix
View File

@ -1,10 +1,10 @@
{ config, lib, pkgs, ... }:
let
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
ip = "168.235.145.85";
gw = "168.235.145.1";
in {
imports = [
../2configs/base.nix
@ -16,7 +16,7 @@ in {
prefixLength = 24;
}
];
networking.defaultGateway = getDefaultGateway ip;
networking.defaultGateway = gw;
networking.nameservers = [
"8.8.8.8"
];

71
shared/1systems/wolf.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
../2configs/base.nix
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/collectd-base.nix
];
@ -13,34 +12,6 @@ with lib;
krebs.build.user = config.krebs.users.shared;
krebs.build.target = "wolf";
krebs.enable = true;
krebs.retiolum = {
enable = true;
connectTo = [
# TODO remove connectTo cd, this was only used for bootstrapping
"cd"
"gum"
"pigstarter"
];
};
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
};
dir.secrets = {
host = config.krebs.current.host;
path = "${getEnv "HOME"}/secrets/krebs/wolf";
};
dir.stockholm = {
host = config.krebs.current.host;
path = "${getEnv "HOME"}/stockholm";
};
};
networking.hostName = config.krebs.build.host.name;
boot.kernel.sysctl = {
# Enable IPv6 Privacy Extensions
"net.ipv6.conf.all.use_tempaddr" = 2;
@ -63,45 +34,5 @@ with lib;
{ device = "/dev/disk/by-label/swap"; }
];
nix.maxJobs = 1;
nix.trustedBinaryCaches = [
"https://cache.nixos.org"
"http://cache.nixos.org"
"http://hydra.nixos.org"
];
nix.useChroot = true;
nixpkgs.config.packageOverrides = pkgs: {
nano = pkgs.vim;
};
environment.systemPackages = with pkgs; [
git
rxvt_unicode.terminfo
];
time.timeZone = "Europe/Berlin";
programs.ssh.startAgent = false;
services.openssh = {
enable = true;
hostKeys = [
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
services.cron.enable = false;
services.nscd.enable = false;
services.ntp.enable = false;
users.mutableUsers = false;
users.extraUsers.root.openssh.authorizedKeys.keys = [
# TODO
config.krebs.users.lass.pubkey
config.krebs.users.makefu.pubkey
config.krebs.users.tv.pubkey
];
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09";
}

74
shared/2configs/base.nix Normal file
View File

@ -0,0 +1,74 @@
{ config, lib, pkgs, ... }:
with lib;
{
krebs.enable = true;
krebs.retiolum = {
enable = true;
connectTo = [
# TODO remove connectTo cd, this was only used for bootstrapping
"cd"
"gum"
"pigstarter"
];
};
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
};
dir.secrets = {
host = config.krebs.current.host;
path = "${getEnv "HOME"}/secrets/krebs/wolf";
};
dir.stockholm = {
host = config.krebs.current.host;
path = "${getEnv "HOME"}/stockholm";
};
};
networking.hostName = config.krebs.build.host.name;
nix.maxJobs = 1;
nix.trustedBinaryCaches = [
"https://cache.nixos.org"
"http://cache.nixos.org"
"http://hydra.nixos.org"
];
nix.useChroot = true;
nixpkgs.config.packageOverrides = pkgs: {
nano = pkgs.vim;
};
environment.systemPackages = with pkgs; [
git
rxvt_unicode.terminfo
];
programs.ssh.startAgent = false;
services.openssh = {
enable = true;
hostKeys = [
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
services.cron.enable = false;
services.nscd.enable = false;
services.ntp.enable = false;
users.mutableUsers = false;
users.extraUsers.root.openssh.authorizedKeys.keys = [
# TODO
config.krebs.users.lass.pubkey
config.krebs.users.makefu.pubkey
config.krebs.users.tv.pubkey
];
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09";
}

47
shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix Normal file
View File

@ -0,0 +1,47 @@
_:
{
boot.loader.grub = {
device = "/dev/sda";
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
];
fileSystems."/" = {
device = "/dev/VolGroup/lv_root";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/sda1";
fsType = "ext4";
};
swapDevices = [
{ device = "/dev/VolGroup/lv_swap"; }
];
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
# Docs: man:tmpfiles.d(5)
# man:systemd-tmpfiles(8)
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
# Main PID: 19272 (code=exited, status=1/FAILURE)
#
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
# warning: error(s) occured while switching to the new configuration
lock.gid = 10001;
};
}

47
shared/2configs/os-templates/CAC-CentOS-7-64bit.nix Normal file
View File

@ -0,0 +1,47 @@
_:
{
boot.loader.grub = {
device = "/dev/sda";
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
];
fileSystems."/" = {
device = "/dev/centos/root";
fsType = "xfs";
};
fileSystems."/boot" = {
device = "/dev/sda1";
fsType = "xfs";
};
swapDevices = [
{ device = "/dev/centos/swap"; }
];
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
# Docs: man:tmpfiles.d(5)
# man:systemd-tmpfiles(8)
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
# Main PID: 19272 (code=exited, status=1/FAILURE)
#
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
# warning: error(s) occured while switching to the new configuration
lock.gid = 10001;
};
}