Merge branch 'master' of gum:stockholm
This commit is contained in:
commit
8114470587
@ -12,6 +12,7 @@ let
|
||||
./current.nix
|
||||
./exim-retiolum.nix
|
||||
./exim-smarthost.nix
|
||||
./fetchWallpaper.nix
|
||||
./github-hosts-sync.nix
|
||||
./git.nix
|
||||
./go.nix
|
||||
|
89
krebs/3modules/fetchWallpaper.nix
Normal file
89
krebs/3modules/fetchWallpaper.nix
Normal file
@ -0,0 +1,89 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.krebs.fetchWallpaper;
|
||||
|
||||
out = {
|
||||
options.krebs.fetchWallpaper = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "fetch wallpaper";
|
||||
predicate = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
};
|
||||
url = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
timerConfig = mkOption {
|
||||
type = types.unspecified;
|
||||
default = {
|
||||
OnCalendar = "*:00,10,20,30,40,50";
|
||||
};
|
||||
};
|
||||
stateDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/wallpaper";
|
||||
};
|
||||
display = mkOption {
|
||||
type = types.str;
|
||||
default = ":11";
|
||||
};
|
||||
};
|
||||
|
||||
fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" ''
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
${optionalString (cfg.predicate != null) ''
|
||||
if ! ${cfg.predicate}; then
|
||||
echo "predicate failed - will not fetch from remote"
|
||||
exit 0
|
||||
fi
|
||||
''}
|
||||
mkdir -p ${shell.escape cfg.stateDir}
|
||||
curl -s -o ${shell.escape cfg.stateDir}/wallpaper -z ${shell.escape cfg.stateDir}/wallpaper ${shell.escape cfg.url}
|
||||
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
|
||||
'';
|
||||
|
||||
imp = {
|
||||
users.users.fetchWallpaper = {
|
||||
name = "fetchWallpaper";
|
||||
uid = 3332383611; #genid fetchWallpaper
|
||||
description = "fetchWallpaper user";
|
||||
home = cfg.stateDir;
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
systemd.timers.fetchWallpaper = {
|
||||
description = "fetch wallpaper timer";
|
||||
wantedBy = [ "timers.target" ];
|
||||
|
||||
timerConfig = cfg.timerConfig;
|
||||
};
|
||||
systemd.services.fetchWallpaper = {
|
||||
description = "fetch wallpaper";
|
||||
after = [ "network.target" ];
|
||||
|
||||
path = with pkgs; [
|
||||
curl
|
||||
feh
|
||||
];
|
||||
|
||||
environment = {
|
||||
URL = cfg.url;
|
||||
DISPLAY = cfg.display;
|
||||
};
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = fetchWallpaperScript;
|
||||
User = "fetchWallpaper";
|
||||
};
|
||||
};
|
||||
};
|
||||
in out
|
@ -84,6 +84,31 @@ with lib;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
vbob = {
|
||||
cores = 2;
|
||||
dc = "makefu"; #vm local
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.1.91"];
|
||||
addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"];
|
||||
aliases = [
|
||||
"vbob.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
|
||||
4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
|
||||
AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
|
||||
hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
|
||||
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
|
||||
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
flap = rec {
|
||||
cores = 1;
|
||||
dc = "cac"; #vps
|
||||
|
@ -50,6 +50,14 @@ let
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra Configuration to be appended to tinc.conf
|
||||
'';
|
||||
};
|
||||
|
||||
tincPackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.tinc;
|
||||
@ -203,6 +211,7 @@ let
|
||||
Interface = ${cfg.network}
|
||||
${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)}
|
||||
PrivateKeyFile = /tmp/retiolum-rsa_key.priv
|
||||
${cfg.extraConfig}
|
||||
EOF
|
||||
|
||||
# source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up
|
||||
|
@ -1,5 +1,7 @@
|
||||
Address= 195.154.108.70
|
||||
Address= 195.154.108.70 53
|
||||
Address= 195.154.108.70 21031
|
||||
|
||||
Subnet = 10.243.0.211
|
||||
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
|
||||
|
||||
|
9
krebs/Zhosts/vbob
Normal file
9
krebs/Zhosts/vbob
Normal file
@ -0,0 +1,9 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
|
||||
4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
|
||||
AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
|
||||
hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
|
||||
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
|
||||
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
Subnet = 10.243.1.91/32
|
1
krebs/Zpubkeys/makefu_vbob.ssh.pub
Normal file
1
krebs/Zpubkeys/makefu_vbob.ssh.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos
|
@ -22,6 +22,9 @@
|
||||
../2configs/bitlbee.nix
|
||||
../2configs/firefoxPatched.nix
|
||||
../2configs/skype.nix
|
||||
../2configs/teamviewer.nix
|
||||
../2configs/libvirt.nix
|
||||
../2configs/fetchWallpaper.nix
|
||||
{
|
||||
#risk of rain port
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
|
@ -116,6 +116,23 @@ in {
|
||||
{ predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
|
||||
];
|
||||
}
|
||||
{
|
||||
users.users.chat.openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH"
|
||||
];
|
||||
}
|
||||
{
|
||||
time.timeZone = "Europe/Berlin";
|
||||
}
|
||||
{
|
||||
imports = [
|
||||
../2configs/websites/wohnprojekt-rhh.de.nix
|
||||
../2configs/websites/domsen.nix
|
||||
];
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.prism;
|
||||
|
@ -17,6 +17,7 @@ with lib;
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.uriel.pubkey
|
||||
];
|
||||
};
|
||||
mainUser = {
|
||||
@ -30,6 +31,7 @@ with lib;
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.uriel.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
@ -48,7 +50,7 @@ with lib;
|
||||
source = {
|
||||
git.nixpkgs = {
|
||||
url = https://github.com/Lassulus/nixpkgs;
|
||||
rev = "8d1ce129361312334bf914ce0d27e463cb0bb21b";
|
||||
rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251";
|
||||
};
|
||||
dir.secrets = {
|
||||
host = config.krebs.hosts.mors;
|
||||
|
@ -1,16 +1,6 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
simpleScript = name: content:
|
||||
pkgs.stdenv.mkDerivation {
|
||||
inherit name;
|
||||
phases = [ "installPhase" ];
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
ln -s ${pkgs.writeScript name content} $out/bin/${name}
|
||||
'';
|
||||
};
|
||||
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
createChromiumUser = name: extraGroups: packages:
|
||||
{
|
||||
@ -26,8 +16,8 @@ let
|
||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||
'';
|
||||
environment.systemPackages = [
|
||||
(simpleScript name ''
|
||||
sudo -u ${name} -i chromium $@
|
||||
(pkgs.writeScriptBin name ''
|
||||
/var/setuid-wrappers/sudo -u ${name} -i chromium $@
|
||||
'')
|
||||
];
|
||||
};
|
||||
@ -46,8 +36,8 @@ let
|
||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||
'';
|
||||
environment.systemPackages = [
|
||||
(simpleScript name ''
|
||||
sudo -u ${name} -i firefox $@
|
||||
(pkgs.writeScriptBin name ''
|
||||
/var/setuid-wrappers/sudo -u ${name} -i firefox $@
|
||||
'')
|
||||
];
|
||||
};
|
||||
@ -57,7 +47,7 @@ let
|
||||
in {
|
||||
|
||||
environment.systemPackages = [
|
||||
(simpleScript "browser-select" ''
|
||||
(pkgs.writeScriptBin "browser-select" ''
|
||||
BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu)
|
||||
$BROWSER $@
|
||||
'')
|
||||
@ -70,7 +60,7 @@ in {
|
||||
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
|
||||
( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
|
||||
( createChromiumUser "gm" [ ] [ pkgs.chromium ] )
|
||||
# ( createChromiumUser "flash" [ ] [ pkgs.flash ] )
|
||||
( createChromiumUser "flash" [ ] [ pkgs.flash ] )
|
||||
];
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs : {
|
||||
|
@ -14,6 +14,9 @@ in {
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
krebs.per-user.elster.packages = [
|
||||
pkgs.chromium
|
||||
];
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(elster) NOPASSWD: ALL
|
||||
'';
|
||||
|
11
lass/2configs/fetchWallpaper.nix
Normal file
11
lass/2configs/fetchWallpaper.nix
Normal file
@ -0,0 +1,11 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
|
||||
in {
|
||||
krebs.fetchWallpaper = {
|
||||
enable = true;
|
||||
url = "echelon/wallpaper.png";
|
||||
};
|
||||
}
|
||||
|
22
lass/2configs/libvirt.nix
Normal file
22
lass/2configs/libvirt.nix
Normal file
@ -0,0 +1,22 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
|
||||
in {
|
||||
virtualisation.libvirtd.enable = true;
|
||||
|
||||
users.extraUsers = {
|
||||
libvirt = {
|
||||
uid = 358821352; # genid libvirt
|
||||
description = "user for running libvirt stuff";
|
||||
home = "/home/libvirt";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "libvirtd" "audio" ];
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(libvirt) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
6
lass/2configs/teamviewer.nix
Normal file
6
lass/2configs/teamviewer.nix
Normal file
@ -0,0 +1,6 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
services.teamviewer.enable = true;
|
||||
}
|
35
lass/2configs/websites/domsen.nix
Normal file
35
lass/2configs/websites/domsen.nix
Normal file
@ -0,0 +1,35 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../3modules/static_nginx.nix
|
||||
../../3modules/owncloud_nginx.nix
|
||||
../../3modules/wordpress_nginx.nix
|
||||
];
|
||||
|
||||
lass.staticPage = {
|
||||
"karlaskop.de" = {};
|
||||
"makeup.apanowicz.de" = {};
|
||||
"pixelpocket.de" = {};
|
||||
"reich-gebaeudereinigung.de" = {};
|
||||
};
|
||||
|
||||
lass.owncloud = {
|
||||
"o.ubikmedia.de" = {
|
||||
instanceid = "oc8n8ddbftgh";
|
||||
};
|
||||
};
|
||||
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
rootPassword = toString (<secrets/mysql_rootPassword>);
|
||||
};
|
||||
|
||||
#lass.wordpress = {
|
||||
# "ubikmedia.de" = {
|
||||
# };
|
||||
#};
|
||||
|
||||
}
|
||||
|
12
lass/2configs/websites/wohnprojekt-rhh.de.nix
Normal file
12
lass/2configs/websites/wohnprojekt-rhh.de.nix
Normal file
@ -0,0 +1,12 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../3modules/static_nginx.nix
|
||||
];
|
||||
|
||||
lass.staticPage = {
|
||||
"wohnprojekt-rhh.de" = {};
|
||||
};
|
||||
}
|
||||
|
@ -108,7 +108,6 @@ let
|
||||
pkgs.rxvt_unicode
|
||||
pkgs.i3lock
|
||||
pkgs.haskellPackages.yeganesh
|
||||
pkgs.haskellPackages.xmobar
|
||||
pkgs.dmenu
|
||||
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
|
||||
settle() {(
|
||||
|
215
lass/3modules/owncloud_nginx.nix
Normal file
215
lass/3modules/owncloud_nginx.nix
Normal file
@ -0,0 +1,215 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.lass.owncloud;
|
||||
|
||||
out = {
|
||||
options.lass.owncloud = api;
|
||||
config = imp;
|
||||
};
|
||||
|
||||
api = mkOption {
|
||||
type = with types; attrsOf (submodule ({ config, ... }: {
|
||||
options = {
|
||||
domain = mkOption {
|
||||
type = str;
|
||||
default = config._module.args.name;
|
||||
};
|
||||
dataDir = mkOption {
|
||||
type = str;
|
||||
default = "${config.folder}/data";
|
||||
};
|
||||
dbUser = mkOption {
|
||||
type = str;
|
||||
default = replaceStrings ["."] ["_"] config.domain;
|
||||
};
|
||||
dbName = mkOption {
|
||||
type = str;
|
||||
default = replaceStrings ["."] ["_"] config.domain;
|
||||
};
|
||||
dbType = mkOption {
|
||||
# TODO: check for valid dbType
|
||||
type = str;
|
||||
default = "mysql";
|
||||
};
|
||||
folder = mkOption {
|
||||
type = str;
|
||||
default = "/srv/http/${config.domain}";
|
||||
};
|
||||
auto = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
instanceid = mkOption {
|
||||
type = str;
|
||||
};
|
||||
ssl = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
|
||||
imp = {
|
||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
|
||||
server-names = [
|
||||
"${domain}"
|
||||
"www.${domain}"
|
||||
];
|
||||
locations = [
|
||||
(nameValuePair "/" ''
|
||||
# The following 2 rules are only needed with webfinger
|
||||
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
|
||||
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
|
||||
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
|
||||
|
||||
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
|
||||
|
||||
try_files $uri $uri/ /index.php;
|
||||
'')
|
||||
(nameValuePair "~ \.php$" ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_pass unix:${folder}/phpfpm.pool;
|
||||
'')
|
||||
(nameValuePair "~ /\\." ''
|
||||
deny all;
|
||||
'')
|
||||
];
|
||||
extraConfig = ''
|
||||
root ${folder}/;
|
||||
#index index.php;
|
||||
access_log /tmp/nginx_acc.log;
|
||||
error_log /tmp/nginx_err.log;
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 10G;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
|
||||
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
|
||||
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
|
||||
|
||||
error_page 403 /core/templates/403.php;
|
||||
error_page 404 /core/templates/404.php;
|
||||
'';
|
||||
});
|
||||
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
|
||||
listen = ${folder}/phpfpm.pool
|
||||
user = ${user}
|
||||
group = ${group}
|
||||
pm = dynamic
|
||||
pm.max_children = 5
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
listen.owner = ${user}
|
||||
listen.group = ${group}
|
||||
# errors to journal
|
||||
php_admin_value[error_log] = 'stderr'
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
'');
|
||||
#systemd.services = flip mapAttrs' cfg (name: { domain, folder, dbName, dbUser, dbType, dataDir, instanceid, ... }: {
|
||||
# name = "owncloudInit-${name}";
|
||||
# value = {
|
||||
# path = [
|
||||
# pkgs.mysql
|
||||
# pkgs.su
|
||||
# pkgs.gawk
|
||||
# pkgs.jq
|
||||
# ];
|
||||
# requiredBy = [ "nginx.service" ];
|
||||
# serviceConfig = let
|
||||
# php.define = name: value:
|
||||
# "define(${php.newdoc name}, ${php.newdoc value});";
|
||||
# php.toString = x:
|
||||
# "'${x}'";
|
||||
# php.newdoc = s:
|
||||
# let b = "EOF${builtins.hashString "sha256" s}"; in
|
||||
# ''<<<'${b}'
|
||||
# ${s}
|
||||
# ${b}
|
||||
# '';
|
||||
# in {
|
||||
# Type = "oneshot";
|
||||
# ExecStart = pkgs.writeScript "wordpressInit" ''
|
||||
# #!/bin/sh
|
||||
# set -euf
|
||||
# oc_secrets=${shell.escape "${toString <secrets>}/${domain}/oc-secrets"}
|
||||
# db_password=$(cat ${shell.escape "${toString <secrets>}/${domain}/sql-db-pw"})
|
||||
# get_secret() {
|
||||
# echo "'$1' => $(jq -r ."$1" "$oc_secrets" | to_php_string),"
|
||||
# }
|
||||
# to_php_string() {
|
||||
# echo "base64_decode('$(base64)')"
|
||||
# }
|
||||
# {
|
||||
# cat ${toString <secrets/mysql_rootPassword>}
|
||||
# password=$(cat ${shell.escape (toString (<secrets/mysql_rootPassword>))})
|
||||
# # TODO passwordhash=$(su nobody_oc -c mysql <<< "SELECT PASSWORD($(toSqlString <<< "$password"));")
|
||||
# # TODO as package pkgs.sqlHashPassword
|
||||
# # TODO not using mysql
|
||||
# # SET SESSION sql_mode = 'NO_BACKSLASH_ESCAPES';
|
||||
# passwordhash=$(su nobody_oc -c 'mysql -u nobody --silent' <<< "SELECT PASSWORD('$db_password');")
|
||||
# user=${shell.escape dbUser}@localhost
|
||||
# database=${shell.escape dbName}
|
||||
# cat << EOF
|
||||
# CREATE DATABASE IF NOT EXISTS $database;
|
||||
# GRANT USAGE ON *.* TO $user IDENTIFIED BY PASSWORD '$passwordhash';
|
||||
# GRANT ALL PRIVILEGES ON $database.* TO $user;
|
||||
# FLUSH PRIVILEGES;
|
||||
# EOF
|
||||
# } | mysql -u root -p
|
||||
# # TODO nix2php for wp-config.php
|
||||
# mkdir -p ${folder}/config
|
||||
# cat > ${folder}/config/config.php << EOF
|
||||
# <?php
|
||||
# \$CONFIG = array (
|
||||
# 'dbhost' => 'localhost',
|
||||
# 'dbtableprefix' => 'oc_',
|
||||
# 'dbpassword' => '$db_password',
|
||||
# 'installed' => 'true',
|
||||
# 'trusted_domains' =>
|
||||
# array (
|
||||
# 0 => '${domain}',
|
||||
# ),
|
||||
# 'overwrite.cli.url' => 'http://${domain}',
|
||||
|
||||
# ${concatStringsSep "\n" (mapAttrsToList (name: value:
|
||||
# "'${name}' => $(printf '%s' ${shell.escape value} | to_php_string),"
|
||||
# ) {
|
||||
# instanceid = instanceid;
|
||||
# datadirectory = dataDir;
|
||||
# dbtype = dbType;
|
||||
# dbname = dbName;
|
||||
# dbuser = dbUser;
|
||||
# })}
|
||||
|
||||
# ${concatMapStringsSep "\n" (key: "$(get_secret ${shell.escape key})") [
|
||||
# "secret"
|
||||
# "passwordsalt"
|
||||
# ]}
|
||||
# );
|
||||
# EOF
|
||||
# '';
|
||||
# };
|
||||
# };
|
||||
#});
|
||||
users.users.nobody_oc = {
|
||||
uid = 1651469147; # genid nobody_oc
|
||||
useDefaultShell = true;
|
||||
};
|
||||
};
|
||||
|
||||
in out
|
49
lass/3modules/static_nginx.nix
Normal file
49
lass/3modules/static_nginx.nix
Normal file
@ -0,0 +1,49 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.lass.staticPage;
|
||||
|
||||
out = {
|
||||
options.lass.staticPage = api;
|
||||
config = imp;
|
||||
};
|
||||
|
||||
api = mkOption {
|
||||
type = with types; attrsOf (submodule ({ config, ... }: {
|
||||
options = {
|
||||
domain = mkOption {
|
||||
type = str;
|
||||
default = config._module.args.name;
|
||||
};
|
||||
folder = mkOption {
|
||||
type = str;
|
||||
default = "/srv/http/${config.domain}";
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
|
||||
imp = {
|
||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
|
||||
server-names = [
|
||||
"${domain}"
|
||||
"www.${domain}"
|
||||
];
|
||||
locations = [
|
||||
(nameValuePair "/" ''
|
||||
root ${folder};
|
||||
'')
|
||||
(nameValuePair "~ /\\." ''
|
||||
deny all;
|
||||
'')
|
||||
];
|
||||
});
|
||||
};
|
||||
|
||||
in out
|
@ -45,35 +45,70 @@ let
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
multiSite = mkOption {
|
||||
type = attrsOf str;
|
||||
default = {};
|
||||
example = {
|
||||
"0" = "bla.testsite.de";
|
||||
"1" = "test.testsite.de";
|
||||
};
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
|
||||
dataFolder = "/srv/http";
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
|
||||
imp = {
|
||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, ... }: {
|
||||
#services.nginx.appendConfig = mkIf (cfg.multiSite != {}) ''
|
||||
# map $http_host $blogid {
|
||||
# ${concatStringsSep "\n" (mapAttrsToList (n: v: indent "v n;") multiSite)}
|
||||
# }
|
||||
#'';
|
||||
|
||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ... }: {
|
||||
server-names = [
|
||||
"${domain}"
|
||||
"www.${domain}"
|
||||
];
|
||||
locations = [
|
||||
#(mkIf (multiSite != {})
|
||||
#)
|
||||
locations = (if (multiSite != {}) then
|
||||
[
|
||||
(nameValuePair "~ ^/files/(.*)$" ''
|
||||
try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ;
|
||||
'')
|
||||
(nameValuePair "^~ /blogs.dir" ''
|
||||
internal;
|
||||
alias ${folder}/wp-content/blogs.dir ;
|
||||
access_log off; log_not_found off; expires max;
|
||||
'')
|
||||
]
|
||||
else
|
||||
[]
|
||||
) ++
|
||||
[
|
||||
(nameValuePair "/" ''
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
'')
|
||||
(nameValuePair "~ \.php$" ''
|
||||
fastcgi_pass unix:${dataFolder}/${domain}/phpfpm.pool;
|
||||
fastcgi_pass unix:${folder}/phpfpm.pool;
|
||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||
'')
|
||||
(nameValuePair "~ /\\." ''
|
||||
deny all;
|
||||
'')
|
||||
#Directives to send expires headers and turn off 404 error logging.
|
||||
(nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" ''
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
'')
|
||||
];
|
||||
extraConfig = ''
|
||||
root ${dataFolder}/${domain}/;
|
||||
root ${folder}/;
|
||||
index index.php;
|
||||
access_log /tmp/nginx_acc.log;
|
||||
error_log /tmp/nginx_err.log;
|
||||
@ -81,8 +116,8 @@ let
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
'';
|
||||
});
|
||||
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, ... }: ''
|
||||
listen = ${dataFolder}/${domain}/phpfpm.pool
|
||||
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
|
||||
listen = ${folder}/phpfpm.pool
|
||||
user = ${user}
|
||||
group = ${group}
|
||||
pm = dynamic
|
||||
@ -97,7 +132,7 @@ let
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
'');
|
||||
systemd.services = flip mapAttrs' cfg (name: { domain, folder, charset, collate, dbName, dbUser, debug, ... }: {
|
||||
systemd.services = flip mapAttrs' cfg (name: { domain, folder, charset, collate, dbName, dbUser, debug, multiSite, ... }: {
|
||||
name = "wordpressInit-${name}";
|
||||
value = {
|
||||
path = [
|
||||
@ -175,6 +210,13 @@ let
|
||||
]}
|
||||
|
||||
\$table_prefix = 'wp_';
|
||||
|
||||
${if (multiSite != {}) then
|
||||
"define('WP_ALLOW_MULTISITE', true);"
|
||||
else
|
||||
""
|
||||
}
|
||||
|
||||
define('WP_DEBUG', ${toJSON debug});
|
||||
if ( !defined('ABSPATH') )
|
||||
define('ABSPATH', dirname(__FILE__) . '/');
|
||||
@ -186,10 +228,12 @@ let
|
||||
};
|
||||
};
|
||||
});
|
||||
users.users.nobody2 = {
|
||||
uid = 125816384; # genid nobody2
|
||||
useDefaultShell = true;
|
||||
users.users.nobody2 = mkDefault {
|
||||
uid = mkDefault 125816384; # genid nobody2
|
||||
useDefaultShell = mkDefault true;
|
||||
};
|
||||
};
|
||||
|
||||
indent = replaceChars ["\n"] ["\n "];
|
||||
|
||||
in out
|
||||
|
@ -49,6 +49,7 @@ import XMonad.Stockholm.Pager
|
||||
import XMonad.Stockholm.Rhombus
|
||||
import XMonad.Stockholm.Shutdown
|
||||
|
||||
|
||||
myTerm :: String
|
||||
myTerm = "urxvtc"
|
||||
|
||||
@ -65,6 +66,7 @@ main = getArgs >>= \case
|
||||
|
||||
mainNoArgs :: IO ()
|
||||
mainNoArgs = do
|
||||
workspaces0 <- getWorkspaces0
|
||||
xmonad'
|
||||
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
|
||||
-- urgencyConfig { remindWhen = Every 1 }
|
||||
@ -74,6 +76,7 @@ mainNoArgs = do
|
||||
$ defaultConfig
|
||||
{ terminal = myTerm
|
||||
, modMask = mod4Mask
|
||||
, workspaces = workspaces0
|
||||
, layoutHook = smartBorders $ myLayoutHook
|
||||
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
|
||||
--, handleEventHook = handleTimerEvent
|
||||
@ -100,16 +103,26 @@ xmonad' conf = do
|
||||
hPutStrLn stderr (displaySomeException e)
|
||||
xmonad conf
|
||||
|
||||
getWorkspaces0 :: IO [String]
|
||||
getWorkspaces0 =
|
||||
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
|
||||
Left e -> warn (displaySomeException e)
|
||||
Right p -> try (readFile p) >>= \case
|
||||
Left e -> warn (displaySomeException e)
|
||||
Right x -> case readEither x of
|
||||
Left e -> warn e
|
||||
Right y -> return y
|
||||
where
|
||||
warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
|
||||
|
||||
displaySomeException :: SomeException -> String
|
||||
displaySomeException = displayException
|
||||
|
||||
|
||||
myKeyMap =
|
||||
[ ("M4-<F11>", spawn "i3lock -i ~/lock.png -u" )
|
||||
[ ("M4-<F11>", spawn "/var/setuid-wrappers/slock")
|
||||
, ("M4-p", spawn "passmenu --type")
|
||||
, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
|
||||
-- , ("M4-r", io (readProcess "yeganesh" ["-x"] "" >>= putStrLn ) )
|
||||
--, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
|
||||
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
|
||||
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
|
||||
, ("<XF86Launch1>", gridselectWorkspace myWSConfig W.view)
|
||||
|
@ -14,14 +14,20 @@ in {
|
||||
# ../2configs/iodined.nix
|
||||
../2configs/git/cgit-retiolum.nix
|
||||
../2configs/mattermost-docker.nix
|
||||
../2configs/nginx/euer.test.nix
|
||||
];
|
||||
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||
|
||||
###### stable
|
||||
krebs.build.target = "root@gum.krebsco.de";
|
||||
krebs.build.host = config.krebs.hosts.gum;
|
||||
|
||||
krebs.retiolum.extraConfig = ''
|
||||
ListenAddress = ${external-ip} 53
|
||||
ListenAddress = ${external-ip} 655
|
||||
ListenAddress = ${external-ip} 21031
|
||||
'';
|
||||
|
||||
# Chat
|
||||
environment.systemPackages = with pkgs;[
|
||||
@ -53,10 +59,18 @@ in {
|
||||
80 443
|
||||
# tinc
|
||||
655
|
||||
# tinc-shack
|
||||
21032
|
||||
# tinc-retiolum
|
||||
21031
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
# tinc
|
||||
655 53
|
||||
# tinc-retiolum
|
||||
21031
|
||||
# tinc-shack
|
||||
21032
|
||||
];
|
||||
};
|
||||
interfaces.et0.ip4 = [{
|
||||
|
44
makefu/1systems/vbob.nix
Normal file
44
makefu/1systems/vbob.nix
Normal file
@ -0,0 +1,44 @@
|
||||
#
|
||||
#
|
||||
#
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
krebs.build.host = config.krebs.hosts.vbob;
|
||||
krebs.build.target = "root@10.10.10.220";
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
<nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
|
||||
../2configs/main-laptop.nix #< base-gui
|
||||
|
||||
# environment
|
||||
../2configs/zsh-user.nix
|
||||
../2configs/virtualization.nix
|
||||
];
|
||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||
environment.systemPackages = with pkgs;[
|
||||
get
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
25
|
||||
80
|
||||
];
|
||||
|
||||
krebs.retiolum = {
|
||||
enable = true;
|
||||
extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
|
||||
hosts = ../../krebs/Zhosts;
|
||||
connectTo = [
|
||||
"gum"
|
||||
];
|
||||
|
||||
};
|
||||
networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
|
||||
fileSystems."/media/share" = {
|
||||
fsType = "vboxsf";
|
||||
device = "share";
|
||||
options = "rw,uid=9001,gid=9001";
|
||||
};
|
||||
|
||||
}
|
@ -80,7 +80,14 @@ with lib;
|
||||
"d /tmp 1777 root root - -"
|
||||
];
|
||||
|
||||
environment.variables.EDITOR = mkForce "vim";
|
||||
environment.variables = {
|
||||
NIX_PATH = with config.krebs.build.source; with dir; with git;
|
||||
mkForce (concatStringsSep ":" [
|
||||
"nixpkgs=${nixpkgs.target-path}"
|
||||
"${nixpkgs.target-path}"
|
||||
]);
|
||||
EDITOR = mkForce "vim";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
jq
|
||||
@ -124,6 +131,14 @@ with lib;
|
||||
|
||||
services.cron.enable = false;
|
||||
services.nscd.enable = false;
|
||||
services.ntp.enable = false;
|
||||
services.timesyncd.enable = true;
|
||||
services.ntp.servers = [
|
||||
"pool.ntp.org"
|
||||
"time.windows.com"
|
||||
"time.apple.com"
|
||||
"time.nist.gov"
|
||||
];
|
||||
|
||||
security.setuidPrograms = [ "sendmail" ];
|
||||
services.journald.extraConfig = ''
|
||||
|
24
makefu/2configs/fetchWallpaper.nix
Normal file
24
makefu/2configs/fetchWallpaper.nix
Normal file
@ -0,0 +1,24 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
# check if laptop runs on umts
|
||||
weaksauce-internet = with pkgs;writeScript "weaksauce-internet" ''
|
||||
#! /bin/sh
|
||||
if ${iproute}/bin/ip addr show dev ppp0 2>/dev/null \
|
||||
| ${gnugrep}/bin/grep -q inet;then
|
||||
exit 1
|
||||
fi
|
||||
'';
|
||||
|
||||
in {
|
||||
krebs.fetchWallpaper = {
|
||||
enable = true;
|
||||
display = ":0";
|
||||
predicate = weaksauce-internet;
|
||||
timerConfig = {
|
||||
OnCalendar = "*:0/30";
|
||||
};
|
||||
url = "http://echelon/wallpaper.png";
|
||||
};
|
||||
}
|
||||
|
@ -24,6 +24,7 @@ let
|
||||
|
||||
connector-repos = mapAttrs make-priv-repo {
|
||||
connector = { };
|
||||
minikrebs = { };
|
||||
mattermost = {
|
||||
desc = "Mattermost Docker files";
|
||||
};
|
||||
@ -42,7 +43,7 @@ let
|
||||
hooks = {
|
||||
post-receive = pkgs.git-hooks.irc-announce {
|
||||
nick = config.networking.hostName;
|
||||
verbose = config.krebs.build.host.name == "pnp";
|
||||
verbose = config.krebs.build.host.name == "gum";
|
||||
channel = "#retiolum";
|
||||
# TODO remove the hardcoded hostname
|
||||
server = "cd.retiolum";
|
||||
@ -54,7 +55,7 @@ let
|
||||
|
||||
# TODO: get the list of all krebsministers
|
||||
krebsminister = with config.krebs.users; [ lass tv uriel ];
|
||||
all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
|
||||
all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ];
|
||||
all-exco = with config.krebs.users; [ exco ];
|
||||
|
||||
priv-rules = repo: set-owners repo all-makefu;
|
||||
@ -85,6 +86,10 @@ in {
|
||||
name = "makefu-omo" ;
|
||||
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
|
||||
};
|
||||
makefu-vbob = {
|
||||
name = "makefu-vbob" ;
|
||||
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub;
|
||||
};
|
||||
makefu-tsp = {
|
||||
name = "makefu-tsp" ;
|
||||
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
|
||||
|
@ -6,7 +6,10 @@
|
||||
|
||||
with lib;
|
||||
{
|
||||
imports = [ ./base-gui.nix ];
|
||||
imports = [
|
||||
./base-gui.nix
|
||||
./fetchWallpaper.nix
|
||||
];
|
||||
environment.systemPackages = with pkgs;[
|
||||
vlc
|
||||
firefox
|
||||
|
@ -9,6 +9,7 @@ with lib;
|
||||
"gum"
|
||||
"pigstarter"
|
||||
"fastpoke"
|
||||
"ire"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -12,6 +12,8 @@ local beautiful = require("beautiful")
|
||||
local naughty = require("naughty")
|
||||
local menubar = require("menubar")
|
||||
|
||||
|
||||
|
||||
-- {{{ Error handling
|
||||
-- Check if awesome encountered an error during startup and fell back to
|
||||
-- another config (This code will only ever execute for the fallback config)
|
||||
@ -90,6 +92,20 @@ vicious.register(batwidget, vicious.widgets.bat, "$2%", 61, "BAT0")
|
||||
--
|
||||
-- beautiful.init("/nix/store/qbx8r72yzaxpz41zq00902zwajl31b5h-awesome-3.5.6/share/awesome/themes/default/theme.lua")
|
||||
|
||||
function find_default_theme()
|
||||
-- find the default lua theme in the package path
|
||||
for path in package.path:gmatch('([^;]+);') do
|
||||
if path:match('awesome.*share') then
|
||||
theme_path = path:match('^([^?]*)') .. '../themes/default/theme.lua'
|
||||
if awful.util.file_readable(theme_path) then return theme_path end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
beautiful.init(find_default_theme())
|
||||
client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end)
|
||||
client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end)
|
||||
|
||||
-- This is used later as the default terminal and editor to run.
|
||||
terminal = "urxvt"
|
||||
editor = os.getenv("EDITOR") or "vim"
|
||||
@ -494,21 +510,9 @@ local os = {
|
||||
date = os.date,
|
||||
time = os.time
|
||||
}
|
||||
|
||||
-- }}}
|
||||
|
||||
|
||||
|
||||
function find_default_theme()
|
||||
-- find the default lua theme in the package path
|
||||
for path in package.path:gmatch('([^;]+);') do
|
||||
if path:match('awesome.*share') then
|
||||
theme_path = path:match('^([^?]*)') .. '../themes/default/theme.lua'
|
||||
if awful.util.file_readable(theme_path) then return theme_path end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
beautiful.init(find_default_theme())
|
||||
client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end)
|
||||
client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end)
|
||||
-- }}}
|
||||
|
Loading…
Reference in New Issue
Block a user