From 7adf24631f14409208376f5554c31db73e4af0c8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 20:42:12 +0200 Subject: [PATCH 01/46] l nixpkgs: d151161 -> 670b4e2 (17.09) --- lass/source.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/lass/source.nix b/lass/source.nix index 01631bef1..5155a272c 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -9,13 +9,8 @@ in { nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { - url = http://cgit.lassul.us/nixpkgs; - # nixos-17.03 - # + copytoram: - # 87a4615 & 334ac4f - # + acme permissions for groups - # fd7a8f1 - ref = "d151161"; + url = https://github.com/nixos/nixpkgs; + ref = "670b4e2"; }; secrets.file = getAttr builder { buildbot = toString ; From 7c1f36ca1bafb4b415a5c9423842d6bef0102813 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 26 Aug 2017 20:03:57 +0200 Subject: [PATCH 02/46] requests2 -> requsts --- krebs/2configs/shack/muell_caller.nix | 2 +- krebs/2configs/shack/radioactive.nix | 2 +- krebs/2configs/shack/worlddomination.nix | 2 +- krebs/5pkgs/simple/Reaktor/default.nix | 2 +- krebs/5pkgs/simple/bepasty-client-cli/default.nix | 2 +- krebs/5pkgs/simple/cac-panel/default.nix | 2 +- krebs/5pkgs/simple/treq/default.nix | 2 +- krebs/5pkgs/simple/urlwatch/default.nix | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index 2d8d78e33..a39d0cc02 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -12,7 +12,7 @@ let buildInputs = [ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ docopt - requests2 + requests paramiko python ])) diff --git a/krebs/2configs/shack/radioactive.nix b/krebs/2configs/shack/radioactive.nix index 378b54056..566146d6e 100644 --- a/krebs/2configs/shack/radioactive.nix +++ b/krebs/2configs/shack/radioactive.nix @@ -12,7 +12,7 @@ let buildInputs = [ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ docopt - requests2 + requests python ])) ]; diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index d0f9f5fa6..828b6cd70 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -37,7 +37,7 @@ let docopt LinkHeader aiocoap - requests2 + requests paramiko python ])) diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix index fc3710820..6989bb02b 100644 --- a/krebs/5pkgs/simple/Reaktor/default.nix +++ b/krebs/5pkgs/simple/Reaktor/default.nix @@ -8,7 +8,7 @@ python3Packages.buildPythonPackage rec { propagatedBuildInputs = with pkgs;[ python3Packages.docopt - python3Packages.requests2 + python3Packages.requests ]; src = fetchurl { url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz"; diff --git a/krebs/5pkgs/simple/bepasty-client-cli/default.nix b/krebs/5pkgs/simple/bepasty-client-cli/default.nix index c58e637b3..7811ef5fc 100644 --- a/krebs/5pkgs/simple/bepasty-client-cli/default.nix +++ b/krebs/5pkgs/simple/bepasty-client-cli/default.nix @@ -5,7 +5,7 @@ with pythonPackages; buildPythonPackage rec { propagatedBuildInputs = [ python_magic click - requests2 + requests ]; src = fetchFromGitHub { diff --git a/krebs/5pkgs/simple/cac-panel/default.nix b/krebs/5pkgs/simple/cac-panel/default.nix index fd4799535..57f58f4de 100644 --- a/krebs/5pkgs/simple/cac-panel/default.nix +++ b/krebs/5pkgs/simple/cac-panel/default.nix @@ -11,7 +11,7 @@ python3Packages.buildPythonPackage rec { propagatedBuildInputs = with python3Packages; [ docopt - requests2 + requests beautifulsoup4 ]; } diff --git a/krebs/5pkgs/simple/treq/default.nix b/krebs/5pkgs/simple/treq/default.nix index 20387b9cb..7cb826a51 100644 --- a/krebs/5pkgs/simple/treq/default.nix +++ b/krebs/5pkgs/simple/treq/default.nix @@ -11,7 +11,7 @@ pythonPackages.buildPythonPackage rec { propagatedBuildInputs = with pythonPackages; [ twisted pyopenssl - requests2 + requests service-identity ]; } diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix index 509555669..adaefbc4d 100644 --- a/krebs/5pkgs/simple/urlwatch/default.nix +++ b/krebs/5pkgs/simple/urlwatch/default.nix @@ -13,7 +13,7 @@ python3Packages.buildPythonPackage rec { minidb pycodestyle pyyaml - requests2 + requests ]; meta = { From 1fd1ff57c82e6684702406ca32bfdca1c5785565 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Sep 2017 19:40:30 +0200 Subject: [PATCH 03/46] bepasty: pythonPackages.bepasty-server -> bepasty --- krebs/3modules/bepasty-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 0ca13366b..dd29a4e17 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -3,7 +3,7 @@ with import ; let gunicorn = pkgs.pythonPackages.gunicorn; - bepasty = pkgs.pythonPackages.bepasty-server; + bepasty = pkgs.bepasty; gevent = pkgs.pythonPackages.gevent; python = pkgs.pythonPackages.python; cfg = config.krebs.bepasty; From c0a4063c2d183ecf1cf7a1dc4e1a35f1f1be0733 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Sep 2017 21:13:53 +0200 Subject: [PATCH 04/46] l bepasty: forceSSL conflicts with enableSSL --- lass/2configs/bepasty.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix index b2d40d4f3..43647892f 100644 --- a/lass/2configs/bepasty.nix +++ b/lass/2configs/bepasty.nix @@ -31,7 +31,6 @@ in { } // genAttrs ext-doms (ext-dom: { nginx = { - enableSSL = true; forceSSL = true; enableACME = true; }; From af52d7028adddabc8f21c3989ea600206fd64666 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 20:59:27 +0200 Subject: [PATCH 05/46] nixpkgs 8ed299f -> 670b4e2 (17.09) --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 1aba3d7ff..e70ee2d8a 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "8ed299faacbf8813fc47b4fca34f32b835d6481e"; # nixos-17.03 @ 2017-09-09 + ref = "670b4e29adc16e0a29aa5b4c126703dcca56aeb6"; # nixos-17.09 @ 2017-09-18 }; } From d973c779eb71749af464edb1ed0216b0d5317eb2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Sep 2017 21:45:42 +0200 Subject: [PATCH 06/46] gitlab-runner: configText -> configFile --- krebs/2configs/gitlab-runner-shackspace.nix | 27 ++++++++++----------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/krebs/2configs/gitlab-runner-shackspace.nix b/krebs/2configs/gitlab-runner-shackspace.nix index d9b4cd589..f4247b6da 100644 --- a/krebs/2configs/gitlab-runner-shackspace.nix +++ b/krebs/2configs/gitlab-runner-shackspace.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: let url = "https://git.shackspace.de/"; # generate token from CI-token via: @@ -6,7 +6,7 @@ let ## cat /etc/gitlab-runner/config.toml token = import ; in { - systemd.services.gitlab-runner.path = [ + systemd.services.gitlab-runner.path = [ "/run/wrappers" # /run/wrappers/bin/su "/" # /bin/sh ]; @@ -16,19 +16,18 @@ in { enable = true; # configFile, configOptions and gracefulTimeout not yet in stable # gracefulTimeout = "120min"; - configText = '' - concurrent = 1 - check_interval = 0 - - [[runners]] - name = "krebs-shell" - url = "${url}" - token = "${token}" - executor = "shell" - shell = "sh" - environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"] - [runners.cache] + configFile = pkgs.writeText "gitlab-runner.cfg" '' + concurrent = 1 + check_interval = 0 + [[runners]] + name = "krebs-shell" + url = "${url}" + token = "${token}" + executor = "shell" + shell = "sh" + environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"] + [runners.cache] ''; }; } From 32a8fc0396769946242ef8c1a48fb64ae572e0db Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 1 Oct 2017 14:31:00 +0200 Subject: [PATCH 07/46] tv gitrepos: #krebs -> #xxx --- tv/2configs/gitrepos.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index bbb1d4128..2c4b4868e 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -100,7 +100,7 @@ let { ); irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate { - channel = "#krebs"; + channel = "#xxx"; # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; server = "irc.r"; From f1908e0fa546bde76a95d3da20521d6170cd08f8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 18:06:27 +0200 Subject: [PATCH 08/46] l nixpkgs: 670b4e2 -> 5ac8389 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 5155a272c..6a6fff9b5 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "670b4e2"; + ref = "5ac8389"; }; secrets.file = getAttr builder { buildbot = toString ; From a02a812fbf02460109425fb3bc4418681c7f832d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 22:55:18 +0200 Subject: [PATCH 09/46] l hosts: update android rsa key --- krebs/3modules/lass/ssh/android.rsa | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa index b39f7ce1e..f5190f45c 100644 --- a/krebs/3modules/lass/ssh/android.rsa +++ b/krebs/3modules/lass/ssh/android.rsa @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGgImN/9D4yJBjYlkAvT3X45kzt4n8hmgsqPcdcHWNC7fofWG4fZe8NNrTLdKsK+xYxTstj49l8Vb3YDvw4fAyyyhms/eFRlD2BRqAISwc39EIeTC4g3PXNeUtUGdczXKxsJf5iWf4kxUrUOuZ3FeKxeYXDMSqzzk1oKalhWNl4PmgRc5FzjeRJ2WziilwFq7ntLswoeTBW3c53fbcp3XuPza3M1/sN3NHJx9ZMpWVfJhZ/CXr+nqpc25ZIr5HZVZbgDTyJQimlTF5JCfU0NiiBIh7ep7x4o93tARmilit7+mWUkkxk6ba+zG6nr+s+zyd85AFAYRioOEczbC6mI44UZUB11KkEzOon5JWSA8pK+DPqsqhFkwWYMHLXZp8zemdp9kushRZ6nuI9MzBwacngro1vAvDL6jrS5MR7zf7rMAo6wexovWoEowvZz629mjC3OAt9iOm4VJdvEmq+rHLfjjznVEY6llF7DUu2QNEazaXhxZH9V9N1gyubIE97SQVqmwDrf8BGC0Hq+hC4OOweqfo4XP0etbqAfDozZbqcqyE1m9Bj8DpjrSXka1PuJf5fgEtoxPadd2qdiHMfIx9sM+4uu2nI5aFvWO3OlJmhF80QzNdFzZWjsyvJ24C1/a2FAyzoab1Sg9ljstQThseTtvlXcX8jfFn0U3RbgXgCgOWad3Oy9vA0OCdsHut0nzv3UO+T5+wv2+lvE3QSSKOlmVtdKMhCFb+Rg+FliKxyd820h9yR3wDYmkurVkAxaj8Kx5MaY/7aypOi8fRAV2FSDtCKkuMyPv4xEtdPi/4lj55pRBEO8lJkeb+WurCzZ7ZeaPdrW1YIQtToPpiz3dXeRhkts6jq8247xIplzHh9Iu18gOrnZ+ygn70g19x842vvcfLQNAghDPS93msJdSe+EtulMCwNTjUaF9LyzhW9ptLG9NmwgbT5kGsFiRw3BFdyfcQVWVzDhuP3hPPx+hjiZtFfpIKpxV9MjO1xQ830Ngk3JpSphMZTQ432yfvu9yEsUWmAa8ax1jxJ361AiIp0U2xioJmdVd3E2sxkpOUYqE89IR9X6hS3fH38Gc5IL5+BnhuZvRgXuA+nrqdU4pMB3TIoC5oXlOMRXpxaS91YiO4ERx2t6WkBRCoaDuRWnLpewV6lhjwi1+4Emlrs2q1R0K64emZTv7O1MKwWRHOlBJD3HLyCCS763OzYW4mEQcfBAQtbm6sTooJ+D/zbmYgbnZt0z/nP9R/n25pzlSPpZ49fCiRV7QN6D9mksISTz8qIiCzNBn1F7DUewXqkrdPopl4npeNVcOyyo7P1lFFGde+jq/7REdzD+vno1h9+17WZbyzQtlOyipQYzb6l4QuXq/zejJrELJAQdN4yRQq5NJzIh0HXaPnPC083T791moBflyqiwPEIWsSMfILqSqL1jVVNgvV4fHnMixgH2zK9f0EyE3fG9PnuRribPR2DlESqpHZTcBixgh660EPKh0gCLYoWKgU= lass-android@XperiaXCompact From ea793ecf797f82dce0b70d0eb5b268f5326ba79b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Oct 2017 11:45:25 +0200 Subject: [PATCH 10/46] Revert "l nixpkgs: 670b4e2 -> 5ac8389" This reverts commit f1908e0fa546bde76a95d3da20521d6170cd08f8. --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 6a6fff9b5..5155a272c 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "5ac8389"; + ref = "670b4e2"; }; secrets.file = getAttr builder { buildbot = toString ; From fdcaa8de73138d590a3702de2f3c3bd1cfacfc40 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Oct 2017 17:57:05 +0200 Subject: [PATCH 11/46] krebs.tinc: import types explicitly --- krebs/3modules/tinc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 8af15c13b..0fd0a35bc 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: with import ; let + inherit (import ) types; out = { options.krebs.tinc = api; config = imp; From d3b17d180642d3a344495468c27355f6a7521d42 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Oct 2017 17:57:24 +0200 Subject: [PATCH 12/46] l nixpkgs: 670b4e2 -> b61d084 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 5155a272c..c6dc127cb 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "670b4e2"; + ref = "b61d084"; }; secrets.file = getAttr builder { buildbot = toString ; From 2ad003037417f90c04df833a2ad27fd5a52c754e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Oct 2017 18:38:28 +0200 Subject: [PATCH 13/46] l ejabberd: RIP --- lass/5pkgs/default.nix | 3 --- lass/5pkgs/ejabberd/default.nix | 28 ---------------------------- 2 files changed, 31 deletions(-) delete mode 100644 lass/5pkgs/ejabberd/default.nix diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 46633ba1a..d04833255 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -4,9 +4,6 @@ nixpkgs.config.packageOverrides = rec { acronym = pkgs.callPackage ./acronym/default.nix {}; dpass = pkgs.callPackage ./dpass {}; - ejabberd = pkgs.callPackage ./ejabberd { - erlang = pkgs.erlangR16; - }; firefoxPlugins = { noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {}; ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; diff --git a/lass/5pkgs/ejabberd/default.nix b/lass/5pkgs/ejabberd/default.nix deleted file mode 100644 index 3a77c5cd1..000000000 --- a/lass/5pkgs/ejabberd/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{stdenv, fetchurl, expat, erlang, zlib, openssl, pam, lib}: - -stdenv.mkDerivation rec { - version = "2.1.13"; - name = "ejabberd-${version}"; - src = fetchurl { - url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz"; - sha256 = "0vf8mfrx7vr3c5h3nfp3qcgwf2kmzq20rjv1h9sk3nimwir1q3d8"; - }; - buildInputs = [ expat erlang zlib openssl pam ]; - patchPhase = '' - sed -i \ - -e "s|erl \\\|${erlang}/bin/erl \\\|" \ - -e 's|EXEC_CMD=\"sh -c\"|EXEC_CMD=\"${stdenv.shell} -c\"|' \ - src/ejabberdctl.template - ''; - preConfigure = '' - cd src - ''; - configureFlags = ["--enable-pam"]; - - meta = { - description = "Open-source XMPP application server written in Erlang"; - license = stdenv.lib.licenses.gpl2; - homepage = http://www.ejabberd.im; - maintainers = [ lib.maintainers.sander ]; - }; -} From 5ab273b5364a35fed96473e4290147940425c6b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Oct 2017 18:45:28 +0200 Subject: [PATCH 14/46] l wine: pkgs.wineFull -> pkgs.wine --- lass/2configs/wine.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 2444d32d3..0d2b731ca 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -5,7 +5,7 @@ let in { krebs.per-user.wine.packages = with pkgs; [ - wineFull + wine #(wineFull.override { wineBuild = "wine64"; }) ]; users.users= { From 336f4315d9364407f209d5789423dfe8831e4caf Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Oct 2017 18:50:19 +0200 Subject: [PATCH 15/46] l prism.r: track nginx changes --- lass/1systems/prism/config.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 5b3091a39..8e44b113b 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -115,7 +115,12 @@ in { }; services.nginx.virtualHosts."hackerfleet.de-s" = { serverName = "hackerfleet.de"; - port = 443; + listen = [ + { + addr = "0.0.0.0"; + port = 443; + } + ]; serverAliases = [ "*.hackerfleet.de" ]; From 32d9ba480b4797baf4ccdc015685f9ea472f036f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 11:11:40 +0200 Subject: [PATCH 16/46] l nixpkgs: b61d084 -> 07ca7b6 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index c6dc127cb..296a20417 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "b61d084"; + ref = "07ca7b6"; }; secrets.file = getAttr builder { buildbot = toString ; From 958e86fadf2a2ca2901e7bd5fd8a0fcc16cbe103 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 11:38:11 +0200 Subject: [PATCH 17/46] l copyq: fix startup --- lass/2configs/copyq.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index b255254f2..fa01a99c9 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -25,12 +25,15 @@ in { environment = { DISPLAY = ":0"; }; + path = with pkgs; [ + qt5.full + ]; serviceConfig = { SyslogIdentifier = "copyq"; ExecStart = "${pkgs.copyq}/bin/copyq"; ExecStartPost = copyqConfig; Restart = "always"; - RestartSec = "2s"; + RestartSec = "15s"; StartLimitBurst = 0; User = "lass"; }; From 613600914d6c7d8c9d5b1b7bfd1292b863ebd6e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 11:44:33 +0200 Subject: [PATCH 18/46] nixpkgs: 670b4e2 -> 07ca7b6 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index e70ee2d8a..09edc817b 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "670b4e29adc16e0a29aa5b4c126703dcca56aeb6"; # nixos-17.09 @ 2017-09-18 + ref = "07ca7b64d2ff2fa7a79e4eab1aba70ff746fed8c"; # nixos-17.09 @ 2017-10-02 }; } From c54d84b9efe01a7f4f8837b2308b7e2d61f1926f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 13:43:13 +0200 Subject: [PATCH 19/46] l sqlBackup: set mysql.dataDir to /var/mysql --- lass/2configs/websites/sqlBackup.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix index 7cb4b320e..2fffa6cc9 100644 --- a/lass/2configs/websites/sqlBackup.nix +++ b/lass/2configs/websites/sqlBackup.nix @@ -3,12 +3,13 @@ { krebs.secret.files.mysql_rootPassword = { path = "${config.services.mysql.dataDir}/mysql_rootPassword"; - owner.name = "root"; + owner.name = "mysql"; source-path = toString + "/mysql_rootPassword"; }; services.mysql = { enable = true; + dataDir = "/var/mysql"; package = pkgs.mariadb; rootPassword = config.krebs.secret.files.mysql_rootPassword.path; }; From c37c047ee6c080f7d76f2e19269162615a9aacfb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 13:43:31 +0200 Subject: [PATCH 20/46] l weechat: open mosh port --- lass/2configs/weechat.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 4b6445619..d5496ac09 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -21,6 +21,11 @@ in { ]; }; + # mosh + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + #systemd.services.chat = { # description = "chat environment setup"; # after = [ "network.target" ]; From 902a65304d1e07ce5a7192a0403d6fa1bed1f135 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 3 Oct 2017 18:40:44 +0200 Subject: [PATCH 21/46] tinc module: workaround nixpkgs's lib.types.types Introduced by nixpkgs 152c63c9ff82276e225ac4a4fa71c791d33e443d --- krebs/3modules/tinc.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 0fd0a35bc..b032f3148 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -1,7 +1,6 @@ -{ config, pkgs, lib, ... }: with import ; +{ config, pkgs, ... }: let - inherit (import ) types; out = { options.krebs.tinc = api; config = imp; @@ -12,7 +11,7 @@ let description = '' define a tinc network ''; - type = with types; attrsOf (submodule (tinc: { + type = types.attrsOf (types.submodule (tinc: { options = let netname = tinc.config._module.args.name; in { @@ -117,7 +116,7 @@ let phases = [ "installPhase" ]; installPhase = '' mkdir $out - ${concatStrings (lib.mapAttrsToList (_: host: '' + ${concatStrings (mapAttrsToList (_: host: '' echo ${shell.escape host.nets."${tinc.config.netname}".tinc.config} \ > $out/${shell.escape host.name} '') tinc.config.hosts)} From d2df693f21815319524c26450c44b650d7404494 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 3 Oct 2017 18:49:51 +0200 Subject: [PATCH 22/46] tv nixpkgs: 17.03 -> 17.09 --- tv/source.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tv/source.nix b/tv/source.nix index 18733ee5c..f3bda2715 100644 --- a/tv/source.nix +++ b/tv/source.nix @@ -9,8 +9,8 @@ in { nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; nixpkgs.git = { - # nixos-17.03 - ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78"; + # nixos-17.09 + ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887"; url = https://github.com/NixOS/nixpkgs; }; secrets.file = getAttr builder { From 748d28fd7a410402737a7fb45dbfdbce3c19c1e9 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 3 Oct 2017 19:01:57 +0200 Subject: [PATCH 23/46] tv mfcl2700dn*: RIP nixpkgs-17.09 fixup --- tv/2configs/br.nix | 1 - .../simple/mfcl2700dncupswrapper/default.nix | 45 ------------------- tv/5pkgs/simple/mfcl2700dnlpr/default.nix | 44 ------------------ 3 files changed, 90 deletions(-) delete mode 100644 tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix delete mode 100644 tv/5pkgs/simple/mfcl2700dnlpr/default.nix diff --git a/tv/2configs/br.nix b/tv/2configs/br.nix index c7eb20e90..d660ebc35 100644 --- a/tv/2configs/br.nix +++ b/tv/2configs/br.nix @@ -45,5 +45,4 @@ with import ; ]; }; - systemd.services.cups.serviceConfig.PrivateTmp = true; } diff --git a/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix b/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix deleted file mode 100644 index 1ef018b33..000000000 --- a/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ coreutils, dpkg, fetchurl, gnugrep, gnused, makeWrapper, mfcl2700dnlpr, -perl, stdenv }: - -stdenv.mkDerivation rec { - name = "mfcl2700dncupswrapper-${meta.version}"; - - src = fetchurl { - url = "http://download.brother.com/welcome/dlf102086/${name}.i386.deb"; - sha256 = "07w48mah0xbv4h8vsh1qd5cd4b463bx8y6gc5x9pfgsxsy6h6da1"; - }; - - nativeBuildInputs = [ dpkg makeWrapper ]; - - phases = [ "installPhase" ]; - - installPhase = '' - dpkg-deb -x $src $out - - basedir=${mfcl2700dnlpr}/opt/brother/Printers/MFCL2700DN - dir=$out/opt/brother/Printers/MFCL2700DN - - substituteInPlace $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \ - --replace /usr/bin/perl ${perl}/bin/perl \ - --replace "basedir =~" "basedir = \"$basedir\"; #" \ - --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #" - - wrapProgram $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \ - --prefix PATH : ${stdenv.lib.makeBinPath [ coreutils gnugrep gnused ]} - - mkdir -p $out/lib/cups/filter - mkdir -p $out/share/cups/model - - ln $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN $out/lib/cups/filter - ln $dir/cupswrapper/brother-MFCL2700DN-cups-en.ppd $out/share/cups/model - ''; - - meta = { - description = "Brother MFC-L2700DN CUPS wrapper driver"; - homepage = "http://www.brother.com/"; - license = stdenv.lib.licenses.gpl2Plus; - maintainers = [ stdenv.lib.maintainers.tv ]; - platforms = stdenv.lib.platforms.linux; - version = "3.2.0-1"; - }; -} diff --git a/tv/5pkgs/simple/mfcl2700dnlpr/default.nix b/tv/5pkgs/simple/mfcl2700dnlpr/default.nix deleted file mode 100644 index fc11b53e9..000000000 --- a/tv/5pkgs/simple/mfcl2700dnlpr/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ coreutils, dpkg, fetchurl, ghostscript, gnugrep, gnused, pkgsi686Linux, makeWrapper, perl, stdenv, which }: - -stdenv.mkDerivation rec { - name = "mfcl2700dnlpr-${meta.version}"; - - src = fetchurl { - url = "http://download.brother.com/welcome/dlf102085/${name}.i386.deb"; - sha256 = "170qdzxlqikzvv2wphvfb37m19mn13az4aj88md87ka3rl5knk4m"; - }; - - nativeBuildInputs = [ dpkg makeWrapper ]; - - phases = [ "installPhase" ]; - - installPhase = '' - dpkg-deb -x $src $out - - dir=$out/opt/brother/Printers/MFCL2700DN - - substituteInPlace $dir/lpd/filter_MFCL2700DN \ - --replace /usr/bin/perl ${perl}/bin/perl \ - --replace "BR_PRT_PATH =~" "BR_PRT_PATH = \"$dir\"; #" \ - --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #" - - wrapProgram $dir/lpd/filter_MFCL2700DN \ - --prefix PATH : ${stdenv.lib.makeBinPath [ - coreutils ghostscript gnugrep gnused which - ]} - - interpreter=${pkgsi686Linux.stdenv.cc.libc.out}/lib/ld-linux.so.2 - patchelf --set-interpreter "$interpreter" $dir/inf/braddprinter - patchelf --set-interpreter "$interpreter" $dir/lpd/brprintconflsr3 - patchelf --set-interpreter "$interpreter" $dir/lpd/rawtobr3 - ''; - - meta = { - description = "Brother MFC-L2700DN LPR driver"; - homepage = "http://www.brother.com/"; - license = stdenv.lib.licenses.unfree; - maintainers = [ stdenv.lib.maintainers.tv ]; - platforms = stdenv.lib.platforms.linux; - version = "3.2.0-1"; - }; -} From 2e8cebc497817dc8c9b40448d472d946f2ed10ed Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 3 Oct 2017 19:03:17 +0200 Subject: [PATCH 24/46] tv gnupg: gnupg21 -> gnupg22 nixpkgs-17.09 fixup --- tv/5pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 1796609a9..261871e62 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -32,7 +32,7 @@ foldl' mergeAttrs {} exec ${self.firefoxWrapper}/bin/firefox "$@" ''; - gnupg = self.gnupg21; + gnupg = self.gnupg22; # https://github.com/NixOS/nixpkgs/issues/16113 wvdial = let From aa5bccf9e3f49b7e0aaef541a54e5ff58f89fcf7 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 3 Oct 2017 20:55:47 +0200 Subject: [PATCH 25/46] tv brscan4: init at 0.4.4-4 Refs https://github.com/NixOS/nixpkgs/pull/30065 --- tv/5pkgs/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 261871e62..9dc7ae7b1 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -13,6 +13,14 @@ foldl' mergeAttrs {} // { + brscan4 = overrideDerivation super.brscan4 (original: rec { + name = "brscan4-0.4.4-4"; + src = super.fetchurl { + url = "http://download.brother.com/welcome/dlf006645/${name}.amd64.deb"; + sha256 = "0xy5px96y1saq9l80vwvfn6anr2q42qlxdhm6ci2a0diwib5q9fd"; + }; + }); + # TODO use XDG_RUNTIME_DIR? cr = self.writeDashBin "cr" '' set -efu From a41a30d709ae7bacb7d89c21dd11afa610648972 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 3 Oct 2017 21:36:53 +0200 Subject: [PATCH 26/46] tv alnus nixpkgs: 17.03 -> 17.09 --- tv/1systems/alnus/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix index c3ed4dcfb..9fd2f668c 100644 --- a/tv/1systems/alnus/source.nix +++ b/tv/1systems/alnus/source.nix @@ -1,4 +1,4 @@ import { name = "alnus"; - override.nixpkgs.git.ref = "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; + override.nixpkgs.git.ref = "d0f0657ca06cc8cb239cb94f430b53bcdf755887"; } From b7b7ee5d5227402bea5c6a802f11dcfefe5c234a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 3 Oct 2017 21:37:13 +0200 Subject: [PATCH 27/46] mv stro nixpkgs: 17.03 -> 17.09 --- mv/source.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mv/source.nix b/mv/source.nix index 5dea13e73..2fa53a13e 100644 --- a/mv/source.nix +++ b/mv/source.nix @@ -9,8 +9,8 @@ in { nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix"; nixpkgs.git = { - # nixos-17.03 - ref = mkDefault "3d04a557b72aa0987d9bf079e1445280b6bfd907"; + # nixos-17.09 + ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887"; url = https://github.com/NixOS/nixpkgs; }; secrets.file = getAttr builder { From 5e51d98c4be96d992b8def3983e2a2c07cf11499 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 21:40:21 +0200 Subject: [PATCH 28/46] ircd: raise default_floodcount to 1000 --- krebs/2configs/ircd.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 116337733..38f58952e 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -92,6 +92,7 @@ }; general { #maybe we want ident someday? + default_floodcount = 1000; disable_auth = yes; throttle_duration = 1; throttle_count = 1000; From 6179ec63628b21905393c7deb15d6e9b272756a4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 21:40:47 +0200 Subject: [PATCH 29/46] buildbot slave service: clean workingDir on change --- krebs/3modules/buildbot/slave.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 544f9c4e0..0af553c5d 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -160,6 +160,8 @@ let # TODO: maybe also prepare buildbot.tac? ExecStartPre = pkgs.writeDash "buildbot-master-init" '' set -efux + #remove garbage from old versions + rm -r ${workdir} mkdir -p ${workdir}/info cp ${buildbot-slave-init} ${workdir}/buildbot.tac echo ${contact} > ${workdir}/info/admin From 213356531dd1ba8c807ae90fc85a92ebbc301be0 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 3 Oct 2017 21:53:52 +0200 Subject: [PATCH 30/46] tv mu systemPackages: build KDE locale manually Because nixpkgs d7e9248debe66225bae1788c347bfe6c62e38a6e nixpkgs-17.09 fixup --- tv/1systems/mu/config.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index f3e7b515b..501200c1f 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -52,11 +52,13 @@ with import ; networking.networkmanager.enable = true; environment.systemPackages = with pkgs; [ + (pkgs.kdeApplications.callPackage + (import "de" {}) + {}) chromium firefoxWrapper gimp iptables - kdeApplications.l10n.de.qt5 libreoffice pidginotr pidgin-with-plugins From 3be76df6c9ea70c56eee66935476bd4738912171 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 23:51:11 +0200 Subject: [PATCH 31/46] l websites lass: use addSSL --- lass/2configs/websites/lassulus.nix | 32 +++-------------------------- 1 file changed, 3 insertions(+), 29 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 17c39a5f4..77790e8b8 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -73,17 +73,6 @@ in { allowKeysForGroup = true; group = "lasscert"; }; - certs."cgit.lassul.us" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/acme-challenges"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - ]; - group = "nginx"; - allowKeysForGroup = true; - }; }; krebs.tinc_graphs.enable = true; @@ -119,6 +108,7 @@ in { ]; services.nginx.virtualHosts."lassul.us" = { + addSSL = true; enableACME = true; serverAliases = [ "lassul.us" ]; locations."/".extraConfig = '' @@ -158,30 +148,14 @@ in { in '' alias ${initscript}; ''; - - enableSSL = true; - extraConfig = '' - listen 80; - listen [::]:80; - ''; - sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/lassul.us/key.pem"; }; services.nginx.virtualHosts.cgit = { + addSSL = true; + enableACME = true; serverAliases = [ "cgit.lassul.us" ]; - locations."/.well-known/acme-challenge".extraConfig = '' - root /var/lib/acme/acme-challenges; - ''; - enableSSL = true; - extraConfig = '' - listen 80; - listen [::]:80; - ''; - sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; }; users.users.blog = { From 632195921e4c69f3ba4d50a49f0192de16cf576c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 23:53:09 +0200 Subject: [PATCH 32/46] l ejabberd: copy tv's stuff --- lass/3modules/ejabberd/config.nix | 218 +++++++++++++++++------------ lass/3modules/ejabberd/default.nix | 41 +++++- 2 files changed, 161 insertions(+), 98 deletions(-) diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index b1fca08d3..68bcfa340 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -1,93 +1,129 @@ -{ config, ... }: with import ; let - cfg = config.lass.ejabberd; +with import ; +{ config, ... }: let - # XXX this is a placeholder that happens to work the default strings. - toErlang = builtins.toJSON; -in toFile "ejabberd.conf" '' - {loglevel, 3}. - {hosts, ${toErlang cfg.hosts}}. - {listen, - [ - {5222, ejabberd_c2s, [ - starttls, - {certfile, ${toErlang cfg.certfile.path}}, - {access, c2s}, - {shaper, c2s_shaper}, - {max_stanza_size, 65536} - ]}, - {5269, ejabberd_s2s_in, [ - {shaper, s2s_shaper}, - {max_stanza_size, 131072} - ]}, - {5280, ejabberd_http, [ - captcha, - http_bind, - http_poll, - web_admin - ]} - ]}. - {s2s_use_starttls, required}. - {s2s_certfile, ${toErlang cfg.s2s_certfile.path}}. - {auth_method, internal}. - {shaper, normal, {maxrate, 1000}}. - {shaper, fast, {maxrate, 50000}}. - {max_fsm_queue, 1000}. - {acl, local, {user_regexp, ""}}. - {access, max_user_sessions, [{10, all}]}. - {access, max_user_offline_messages, [{5000, admin}, {100, all}]}. - {access, local, [{allow, local}]}. - {access, c2s, [{deny, blocked}, - {allow, all}]}. - {access, c2s_shaper, [{none, admin}, - {normal, all}]}. - {access, s2s_shaper, [{fast, all}]}. - {access, announce, [{allow, admin}]}. - {access, configure, [{allow, admin}]}. - {access, muc_admin, [{allow, admin}]}. - {access, muc_create, [{allow, local}]}. - {access, muc, [{allow, all}]}. - {access, pubsub_createnode, [{allow, local}]}. - {access, register, [{allow, local}]}. - {language, "en"}. - {modules, - [ - {mod_adhoc, []}, - {mod_announce, [{access, announce}]}, - {mod_blocking,[]}, - {mod_caps, []}, - {mod_configure,[]}, - {mod_disco, []}, - {mod_irc, []}, - {mod_http_bind, []}, - {mod_last, []}, - {mod_muc, [ - {access, muc}, - {access_create, muc_create}, - {access_persistent, muc_create}, - {access_admin, muc_admin} - ]}, - {mod_offline, [{access_max_user_messages, max_user_offline_messages}]}, - {mod_ping, []}, - {mod_privacy, []}, - {mod_private, []}, - {mod_pubsub, [ - {access_createnode, pubsub_createnode}, - {ignore_pep_from_offline, true}, - {last_item_cache, false}, - {plugins, ["flat", "hometree", "pep"]} - ]}, - {mod_register, [ - {welcome_message, {"Welcome!", - "Hi.\nWelcome to this XMPP server."}}, - {ip_access, [{allow, "127.0.0.0/8"}, - {allow, "0.0.0.0/0"}]}, - {access, register} - ]}, - {mod_roster, []}, - {mod_shared_roster,[]}, - {mod_stats, []}, - {mod_time, []}, - {mod_vcard, []}, - {mod_version, []} - ]}. + # See https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example + + ciphers = concatStringsSep ":" [ + "ECDHE-ECDSA-AES256-GCM-SHA384" + "ECDHE-RSA-AES256-GCM-SHA384" + "ECDHE-ECDSA-CHACHA20-POLY1305" + "ECDHE-RSA-CHACHA20-POLY1305" + "ECDHE-ECDSA-AES128-GCM-SHA256" + "ECDHE-RSA-AES128-GCM-SHA256" + "ECDHE-ECDSA-AES256-SHA384" + "ECDHE-RSA-AES256-SHA384" + "ECDHE-ECDSA-AES128-SHA256" + "ECDHE-RSA-AES128-SHA256" + ]; + + protocol_options = [ + "no_sslv2" + "no_sslv3" + "no_tlsv1" + "no_tlsv1_10" + ]; + +in /* yaml */ '' + + access_rules: + announce: + - allow: admin + local: + - allow: local + configure: + - allow: admin + register: + - allow + s2s: + - allow + trusted_network: + - allow: loopback + + acl: + local: + user_regexp: "" + loopback: + ip: + - "127.0.0.0/8" + - "::1/128" + - "::FFFF:127.0.0.1/128" + + hosts: ${toJSON config.hosts} + + language: "en" + + listen: + - + port: 5222 + ip: "::" + module: ejabberd_c2s + shaper: c2s_shaper + certfile: ${toJSON config.certfile.path} + ciphers: ${toJSON ciphers} + dhfile: ${toJSON config.dhfile.path} + protocol_options: ${toJSON protocol_options} + starttls: true + starttls_required: true + tls: false + tls_compression: false + max_stanza_size: 65536 + - + port: 5269 + ip: "::" + module: ejabberd_s2s_in + shaper: s2s_shaper + max_stanza_size: 131072 + + loglevel: 4 + + modules: + mod_adhoc: {} + mod_admin_extra: {} + mod_announce: + access: announce + mod_caps: {} + mod_carboncopy: {} + mod_client_state: {} + mod_configure: {} + mod_disco: {} + mod_echo: {} + mod_irc: {} + mod_bosh: {} + mod_last: {} + mod_offline: + access_max_user_messages: max_user_offline_messages + mod_ping: {} + mod_privacy: {} + mod_private: {} + mod_register: + access_from: deny + access: register + ip_access: trusted_network + registration_watchers: ${toJSON config.registration_watchers} + mod_roster: {} + mod_shared_roster: {} + mod_stats: {} + mod_time: {} + mod_vcard: + search: false + mod_version: {} + mod_http_api: {} + + s2s_access: s2s + s2s_certfile: ${toJSON config.s2s_certfile.path} + s2s_ciphers: ${toJSON ciphers} + s2s_dhfile: ${toJSON config.dhfile.path} + s2s_protocol_options: ${toJSON protocol_options} + s2s_tls_compression: false + s2s_use_starttls: required + + shaper_rules: + max_user_offline_messages: + - 5000: admin + - 100 + max_user_sessions: 10 + c2s_shaper: + - none: admin + - normal + s2s_shaper: fast '' diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix index e2fba5ff5..4838a9093 100644 --- a/lass/3modules/ejabberd/default.nix +++ b/lass/3modules/ejabberd/default.nix @@ -1,5 +1,16 @@ { config, lib, pkgs, ... }@args: with import ; let cfg = config.lass.ejabberd; + + gen-dhparam = pkgs.writeDash "gen-dhparam" '' + set -efu + path=$1 + bits=2048 + # TODO regenerate dhfile after some time? + if ! test -e "$path"; then + ${pkgs.openssl}/bin/openssl dhparam "$bits" > "$path" + fi + ''; + in { options.lass.ejabberd = { enable = mkEnableOption "lass.ejabberd"; @@ -11,20 +22,36 @@ in { source-path = "/var/lib/acme/lassul.us/full.pem"; }; }; + dhfile = mkOption { + type = types.secret-file; + default = { + path = "${cfg.user.home}/dhparams.pem"; + owner = cfg.user; + source-path = "/dev/null"; + }; + }; hosts = mkOption { type = with types; listOf str; }; pkgs.ejabberdctl = mkOption { type = types.package; default = pkgs.writeDashBin "ejabberdctl" '' - set -efu - export SPOOLDIR=${shell.escape cfg.user.home} - export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)} exec ${pkgs.ejabberd}/bin/ejabberdctl \ + --config ${toFile "ejabberd.yaml" (import ./config.nix { + inherit pkgs; + config = cfg; + })} \ --logs ${shell.escape cfg.user.home} \ + --spool ${shell.escape cfg.user.home} \ "$@" ''; }; + registration_watchers = mkOption { + type = types.listOf types.str; + default = [ + config.krebs.users.tv.mail + ]; + }; s2s_certfile = mkOption { type = types.secret-file; default = cfg.certfile; @@ -50,12 +77,12 @@ in { requires = [ "secret.service" ]; after = [ "network.target" "secret.service" ]; serviceConfig = { - Type = "oneshot"; - RemainAfterExit = "yes"; - PermissionsStartOnly = "true"; + ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}"; + ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground"; + PermissionsStartOnly = true; SyslogIdentifier = "ejabberd"; User = cfg.user.name; - ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start"; + TimeoutStartSec = 60; }; }; From 387bf34e82a5cb5cf82288cf3c58fff5b1bb4ce5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 23:53:43 +0200 Subject: [PATCH 33/46] l pass: gnupg1 -> gnupg --- lass/2configs/pass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 5bd2f2f7f..43eb0db9b 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -3,7 +3,7 @@ { krebs.per-user.lass.packages = with pkgs; [ pass - gnupg1 + gnupg ]; } From 9cd1869b8a8a2a54d13e93539b0d0b3743e20adf Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 04:37:19 +0200 Subject: [PATCH 34/46] l nixpkgs: 07ca7b6 -> 1987983 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 296a20417..e0af7d83c 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "07ca7b6"; + ref = "1987983"; }; secrets.file = getAttr builder { buildbot = toString ; From edb062dd11a17286aac72fefa72239f6b740bb78 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 04:38:08 +0200 Subject: [PATCH 35/46] l hosts: add internet address for inspector & eddit --- krebs/3modules/lass/default.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 4b553fac2..534eac716 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -432,8 +432,13 @@ with import ; eddie = { ci = false; external = true; - nets = { + nets = rec { + internet = { + ip4.addr = "129.215.90.4"; + aliases = [ "eddie.i" ]; + }; retiolum = { + via = internet; ip4.addr = "10.243.29.170"; ip6.addr = "42:4992:6a6d:700::1"; aliases = [ "eddie.r" ]; @@ -485,8 +490,13 @@ with import ; inspector = { ci = false; external = true; - nets = { + nets = rec { + internet = { + ip4.addr = "141.76.44.154"; + aliases = [ "inspector.i" ]; + }; retiolum = { + via = internet; ip4.addr = "10.243.29.172"; ip6.addr = "42:4992:6a6d:800::1"; aliases = [ "inspector.r" ]; From 579b2cbecf8cec8786864bb2bdf6ffaf6bcf65b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 05:01:00 +0200 Subject: [PATCH 36/46] l websites: remove deprecated attributes --- lass/2configs/websites/lassulus.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 77790e8b8..6e185a4d6 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -110,7 +110,6 @@ in { services.nginx.virtualHosts."lassul.us" = { addSSL = true; enableACME = true; - serverAliases = [ "lassul.us" ]; locations."/".extraConfig = '' root /srv/http/lassul.us; ''; @@ -151,11 +150,9 @@ in { }; services.nginx.virtualHosts.cgit = { + serverName = "cgit.lassul.us"; addSSL = true; enableACME = true; - serverAliases = [ - "cgit.lassul.us" - ]; }; users.users.blog = { From fcc9e7e942de7212f2b568255c1597ae487ef939 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 05:02:06 +0200 Subject: [PATCH 37/46] l pkgs.xmonad: add more default workspaces --- lass/5pkgs/xmonad-lass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 0a2945c21..16719d540 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -70,7 +70,7 @@ mainNoArgs = do , normalBorderColor = "#1c1c1c" , focusedBorderColor = "#f000b0" , handleEventHook = handleShutdownEvent - , workspaces = [ "dashboard" ] + , workspaces = [ "dashboard", "sys", "wp" ] } `additionalKeysP` myKeyMap myLayoutHook = defLayout From 9624545b97fc480d9ed5d262ea02eb8895b64b80 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 05:02:37 +0200 Subject: [PATCH 38/46] l pkgs.xmonad: use greedyView --- lass/5pkgs/xmonad-lass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 16719d540..fe294e909 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -119,7 +119,7 @@ myKeyMap = , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) - , ("M4-v", withWorkspace autoXPConfig (windows . W.view)) + , ("M4-v", withWorkspace autoXPConfig (windows . W.greedyView)) , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift)) , ("M4-C-v", withWorkspace autoXPConfig (windows . copy)) From ed3153dd9865799782df2014f4178271955c0e38 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 05:03:10 +0200 Subject: [PATCH 39/46] l pkgs.xmonad: move keys around --- lass/5pkgs/xmonad-lass.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index fe294e909..c0893a40c 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -131,12 +131,12 @@ myKeyMap = , ("M4-S-q", return ()) - , ("M4-w", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") + , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") - , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") - , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") - , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") - , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") + , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") + , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") + , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") + , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") ] forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () From a5430f2b87fce6d42d13a63ed9547ec85e51adaf Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 05:04:01 +0200 Subject: [PATCH 40/46] l helios.r: use nvidia drivers --- lass/1systems/helios/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 6ff3fbb86..b50f3d9b8 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -94,4 +94,6 @@ with import ; programs.ssh.startAgent = lib.mkForce true; services.tlp.enable = true; + + services.xserver.videoDrivers = [ "nvidia" ]; } From 612926846d729751d2a4b130290f6bfa62d372ab Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 05:04:31 +0200 Subject: [PATCH 41/46] l helios.r: add certificateFiles --- lass/1systems/helios/config.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index b50f3d9b8..dd576e0fb 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -96,4 +96,15 @@ with import ; services.tlp.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; + + security.pki.certificateFiles = [ + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) + + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + ]; } From be4bfed6eddb2e957301a6734725a99d181d3753 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 05:05:00 +0200 Subject: [PATCH 42/46] l pass: activate gnupg-agent --- lass/2configs/pass.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 43eb0db9b..1c253a6c5 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -6,4 +6,5 @@ gnupg ]; + programs.gnupg.agent.enable = true; } From 4e6827b8cd1e1edce7a27a6d6b2afda6ce6b7bc9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 05:28:32 +0200 Subject: [PATCH 43/46] l gc: deactivate on helios --- lass/2configs/gc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index 00f318e51..ad015180a 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import ; { nix.gc = { - automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ]; + automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ]; }; } From ba663f044508ec596b6f9ab22a43e39677bcf3c2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 15:50:45 +0200 Subject: [PATCH 44/46] l helios.r: add dcsovpn --- lass/1systems/helios/config.nix | 1 + lass/2configs/dcso-vpn.nix | 44 +++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 lass/2configs/dcso-vpn.nix diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index dd576e0fb..a94bbd3e9 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -11,6 +11,7 @@ with import ; + { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix new file mode 100644 index 000000000..0a5623bf0 --- /dev/null +++ b/lass/2configs/dcso-vpn.nix @@ -0,0 +1,44 @@ +with import ; +{ ... }: + +{ + + users.extraUsers = { + dcsovpn = rec { + name = "dcsovpn"; + uid = genid "dcsovpn"; + description = "user for running dcso openvpn"; + home = "/home/${name}"; + }; + }; + + users.extraGroups.dcsovpn.gid = genid "dcsovpn"; + + services.openvpn.servers = { + dcso = { + config = '' + client + dev tun + tun-mtu 1356 + mssfix + proto udp + float + remote 217.111.55.41 1194 + nobind + user dcsovpn + group dcsovpn + persist-key + persist-tun + ca ${toString } + cert ${toString } + key ${toString } + verb 3 + mute 20 + auth-user-pass ${toString } + route-method exe + route-delay 2 + ''; + updateResolvConf = true; + }; + }; +} From 54d20b612f126ae64c807aa2b68f18836e824d69 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 16:08:55 +0200 Subject: [PATCH 45/46] l dummy-secrets: add dcsovpn --- lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem | 0 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key | 0 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem | 0 lass/2configs/tests/dummy-secrets/dcsovpn/login.txt | 0 4 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/login.txt diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem new file mode 100644 index 000000000..e69de29bb diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key new file mode 100644 index 000000000..e69de29bb diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem new file mode 100644 index 000000000..e69de29bb diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt b/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt new file mode 100644 index 000000000..e69de29bb From a8db051451d2827d7c7ad38f005284013e63c039 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 16:17:12 +0200 Subject: [PATCH 46/46] l pkgs.xmonad: pointer follows focus --- lass/5pkgs/xmonad-lass.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index c0893a40c..b86ce358e 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -31,6 +31,7 @@ import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch) +import XMonad.Actions.UpdatePointer (updatePointer) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) @@ -63,14 +64,15 @@ mainNoArgs = do xmonad' $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def - { terminal = urxvtcPath - , modMask = mod4Mask - , layoutHook = smartBorders $ myLayoutHook - , manageHook = placeHook (smart (1,0)) <+> floatNextHook + { terminal = urxvtcPath + , modMask = mod4Mask + , layoutHook = smartBorders $ myLayoutHook + , logHook = updatePointer (0.25, 0.25) (0.25, 0.25) + , manageHook = placeHook (smart (1,0)) <+> floatNextHook , normalBorderColor = "#1c1c1c" , focusedBorderColor = "#f000b0" - , handleEventHook = handleShutdownEvent - , workspaces = [ "dashboard", "sys", "wp" ] + , handleEventHook = handleShutdownEvent + , workspaces = [ "dashboard", "sys", "wp" ] } `additionalKeysP` myKeyMap myLayoutHook = defLayout