Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
8bea69348a
@ -145,9 +145,10 @@ in
|
|||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
};
|
services.xserver.windowManager.i3.enable = true;
|
||||||
};
|
|
||||||
|
|
||||||
users.extraUsers.jeschli = { # TODO: define as krebs.users
|
users.extraUsers.jeschli = { # TODO: define as krebs.users
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
@ -21,5 +21,4 @@
|
|||||||
|
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
environment.variables.NIX_REMOTE = "daemon";
|
|
||||||
}
|
}
|
||||||
|
@ -48,6 +48,7 @@ let
|
|||||||
./rtorrent.nix
|
./rtorrent.nix
|
||||||
./secret.nix
|
./secret.nix
|
||||||
./setuid.nix
|
./setuid.nix
|
||||||
|
./syncthing.nix
|
||||||
./tinc.nix
|
./tinc.nix
|
||||||
./tinc_graphs.nix
|
./tinc_graphs.nix
|
||||||
./urlwatch.nix
|
./urlwatch.nix
|
||||||
|
@ -106,6 +106,7 @@ in {
|
|||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||||
|
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
|
||||||
};
|
};
|
||||||
archprism = {
|
archprism = {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
@ -204,6 +205,7 @@ in {
|
|||||||
secure = true;
|
secure = true;
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
|
||||||
|
syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
|
||||||
};
|
};
|
||||||
shodan = {
|
shodan = {
|
||||||
cores = 2;
|
cores = 2;
|
||||||
@ -270,6 +272,7 @@ in {
|
|||||||
secure = true;
|
secure = true;
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
|
||||||
|
syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4";
|
||||||
};
|
};
|
||||||
daedalus = {
|
daedalus = {
|
||||||
cores = 2;
|
cores = 2;
|
||||||
@ -324,10 +327,18 @@ in {
|
|||||||
-----END RSA PUBLIC KEY-----
|
-----END RSA PUBLIC KEY-----
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "5ce7";
|
||||||
|
aliases = [
|
||||||
|
"skynet.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU=";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
secure = true;
|
secure = true;
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
|
||||||
|
syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3";
|
||||||
};
|
};
|
||||||
littleT = {
|
littleT = {
|
||||||
cores = 2;
|
cores = 2;
|
||||||
@ -365,10 +376,18 @@ in {
|
|||||||
-----END RSA PUBLIC KEY-----
|
-----END RSA PUBLIC KEY-----
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "771e";
|
||||||
|
aliases = [
|
||||||
|
"littleT.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg=";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
secure = true;
|
secure = true;
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
||||||
|
syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
|
||||||
};
|
};
|
||||||
red = {
|
red = {
|
||||||
monitoring = false;
|
monitoring = false;
|
||||||
@ -474,7 +493,48 @@ in {
|
|||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
|
||||||
|
syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
green = {
|
||||||
|
cores = 1;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.66";
|
||||||
|
ip6.addr = r6 "12ee";
|
||||||
|
aliases = [
|
||||||
|
"green.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk
|
||||||
|
uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx
|
||||||
|
ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477
|
||||||
|
n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI
|
||||||
|
hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6
|
||||||
|
m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6
|
||||||
|
BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1
|
||||||
|
pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy
|
||||||
|
2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk
|
||||||
|
UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA
|
||||||
|
udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT
|
||||||
|
3MVh92sFyMVYkJcL7SISk80CAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "12ee";
|
||||||
|
aliases = [
|
||||||
|
"green.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 ";
|
||||||
|
syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
|
||||||
|
};
|
||||||
|
|
||||||
phone = {
|
phone = {
|
||||||
nets = {
|
nets = {
|
||||||
wiregrill = {
|
wiregrill = {
|
||||||
@ -482,11 +542,12 @@ in {
|
|||||||
aliases = [
|
aliases = [
|
||||||
"phone.w"
|
"phone.w"
|
||||||
];
|
];
|
||||||
wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
|
wireguard.pubkey = "MRicxap2VxPnzmXoOqqjQNGWJ54cQC8Tfy28+IXXsxM=";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
external = true;
|
external = true;
|
||||||
ci = false;
|
ci = false;
|
||||||
|
syncthing.id = "DUFMX7V-HNR6WXM-LZB5LJE-TM6QIOH-MTGHEUJ-QSD3XIY-YRFJLOR-G6Y3XQB";
|
||||||
};
|
};
|
||||||
morpheus = {
|
morpheus = {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
|
@ -1 +1 @@
|
|||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPF7RHU4q6w1f3xWcfeAD6u23jDs2fd/H3IuxdT5G1ZL
|
||||||
|
161
krebs/3modules/syncthing.nix
Normal file
161
krebs/3modules/syncthing.nix
Normal file
@ -0,0 +1,161 @@
|
|||||||
|
{ config, pkgs, ... }: with import <stockholm/lib>;
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
cfg = config.krebs.syncthing;
|
||||||
|
|
||||||
|
devices = mapAttrsToList (name: peer: {
|
||||||
|
name = name;
|
||||||
|
deviceID = peer.id;
|
||||||
|
addresses = peer.addresses;
|
||||||
|
}) cfg.peers;
|
||||||
|
|
||||||
|
folders = map (folder: {
|
||||||
|
inherit (folder) path id type;
|
||||||
|
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
|
||||||
|
rescanIntervalS = folder.rescanInterval;
|
||||||
|
fsWatcherEnabled = folder.watch;
|
||||||
|
fsWatcherDelayS = folder.watchDelay;
|
||||||
|
ignorePerms = folder.ignorePerms;
|
||||||
|
}) cfg.folders;
|
||||||
|
|
||||||
|
getApiKey = pkgs.writeDash "getAPIKey" ''
|
||||||
|
${pkgs.libxml2}/bin/xmllint \
|
||||||
|
--xpath 'string(configuration/gui/apikey)'\
|
||||||
|
${config.services.syncthing.dataDir}/config.xml
|
||||||
|
'';
|
||||||
|
|
||||||
|
updateConfig = pkgs.writeDash "merge-syncthing-config" ''
|
||||||
|
set -efu
|
||||||
|
# wait for service to restart
|
||||||
|
${pkgs.untilport}/bin/untilport localhost 8384
|
||||||
|
API_KEY=$(${getApiKey})
|
||||||
|
CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config)
|
||||||
|
echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * {
|
||||||
|
"devices": ${builtins.toJSON devices},
|
||||||
|
"folders": ${builtins.toJSON folders}
|
||||||
|
}' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @-
|
||||||
|
${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST
|
||||||
|
'';
|
||||||
|
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options.krebs.syncthing = {
|
||||||
|
|
||||||
|
enable = mkEnableOption "syncthing-init";
|
||||||
|
|
||||||
|
id = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = config.krebs.build.host.name;
|
||||||
|
};
|
||||||
|
|
||||||
|
cert = mkOption {
|
||||||
|
type = types.nullOr types.absolute-pathname;
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
|
|
||||||
|
key = mkOption {
|
||||||
|
type = types.nullOr types.absolute-pathname;
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
|
|
||||||
|
peers = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf (types.submodule ({
|
||||||
|
options = {
|
||||||
|
|
||||||
|
# TODO make into addr + port submodule
|
||||||
|
addresses = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
};
|
||||||
|
|
||||||
|
#TODO check
|
||||||
|
id = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
};
|
||||||
|
|
||||||
|
folders = mkOption {
|
||||||
|
default = [];
|
||||||
|
type = types.listOf (types.submodule ({ config, ... }: {
|
||||||
|
options = {
|
||||||
|
|
||||||
|
path = mkOption {
|
||||||
|
type = types.absolute-pathname;
|
||||||
|
};
|
||||||
|
|
||||||
|
id = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = config.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
peers = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
};
|
||||||
|
|
||||||
|
rescanInterval = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 3600;
|
||||||
|
};
|
||||||
|
|
||||||
|
type = mkOption {
|
||||||
|
type = types.enum [ "sendreceive" "sendonly" "receiveonly" ];
|
||||||
|
default = "sendreceive";
|
||||||
|
};
|
||||||
|
|
||||||
|
watch = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
watchDelay = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 10;
|
||||||
|
};
|
||||||
|
|
||||||
|
ignorePerms = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = (mkIf cfg.enable) {
|
||||||
|
|
||||||
|
systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
|
||||||
|
preStart = ''
|
||||||
|
${optionalString (cfg.cert != null) ''
|
||||||
|
cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem
|
||||||
|
chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem
|
||||||
|
chmod 400 ${config.services.syncthing.dataDir}/cert.pem
|
||||||
|
''}
|
||||||
|
${optionalString (cfg.key != null) ''
|
||||||
|
cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem
|
||||||
|
chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem
|
||||||
|
chmod 400 ${config.services.syncthing.dataDir}/key.pem
|
||||||
|
''}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.syncthing-init = {
|
||||||
|
after = [ "syncthing.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
User = config.services.syncthing.user;
|
||||||
|
RemainAfterExit = true;
|
||||||
|
Type = "oneshot";
|
||||||
|
ExecStart = updateConfig;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -10,6 +10,10 @@ with import <stockholm/lib>;
|
|||||||
version = "2.2.0";
|
version = "2.2.0";
|
||||||
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
|
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
|
||||||
};
|
};
|
||||||
|
"19.03" = {
|
||||||
|
version = "2.2.0";
|
||||||
|
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
|
||||||
|
};
|
||||||
}.${versions.majorMinor nixpkgsVersion};
|
}.${versions.majorMinor nixpkgsVersion};
|
||||||
|
|
||||||
in mkDerivation {
|
in mkDerivation {
|
||||||
|
@ -15,6 +15,11 @@ with import <stockholm/lib>;
|
|||||||
rev = "refs/tags/v${cfg.version}";
|
rev = "refs/tags/v${cfg.version}";
|
||||||
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
|
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
|
||||||
};
|
};
|
||||||
|
"19.03" = {
|
||||||
|
version = "0.4.1-tv1";
|
||||||
|
rev = "refs/tags/v${cfg.version}";
|
||||||
|
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
|
||||||
|
};
|
||||||
}.${versions.majorMinor nixpkgsVersion};
|
}.${versions.majorMinor nixpkgsVersion};
|
||||||
|
|
||||||
in mkDerivation {
|
in mkDerivation {
|
||||||
|
126
krebs/5pkgs/simple/q-power_supply.nix
Normal file
126
krebs/5pkgs/simple/q-power_supply.nix
Normal file
@ -0,0 +1,126 @@
|
|||||||
|
{ gawk, gnused, writeDashBin }:
|
||||||
|
|
||||||
|
writeDashBin "q-power_supply" ''
|
||||||
|
power_supply() {(
|
||||||
|
set -efu
|
||||||
|
uevent=$1
|
||||||
|
eval "$(${gnused}/bin/sed -n '
|
||||||
|
s/^\([A-Z_]\+=[0-9A-Za-z_-]*\)$/export \1/p
|
||||||
|
' $uevent)"
|
||||||
|
case $POWER_SUPPLY_NAME in
|
||||||
|
AC)
|
||||||
|
exit # not battery
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
exec </dev/null
|
||||||
|
exec ${gawk}/bin/awk '
|
||||||
|
function die(s) {
|
||||||
|
printf "%s: %s\n", name, s
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
function print_hm(h, m) {
|
||||||
|
m = (h - int(h)) * 60
|
||||||
|
return sprintf("%dh%dm", h, m)
|
||||||
|
}
|
||||||
|
|
||||||
|
function print_bar(n, r, t1, t2, t_col) {
|
||||||
|
t1 = int(r * n)
|
||||||
|
t2 = n - t1
|
||||||
|
if (r >= .42) t_col = "1;32"
|
||||||
|
else if (r >= 23) t_col = "1;33"
|
||||||
|
else if (r >= 11) t_col = "1;31"
|
||||||
|
else t_col = "5;1;31"
|
||||||
|
return sgr(t_col) strdup("■", t1) sgr(";30") strdup("■", t2) sgr()
|
||||||
|
}
|
||||||
|
|
||||||
|
function sgr(p) {
|
||||||
|
return "\x1b[" p "m"
|
||||||
|
}
|
||||||
|
|
||||||
|
function strdup(s,n,t) {
|
||||||
|
t = sprintf("%"n"s","")
|
||||||
|
gsub(/ /,s,t)
|
||||||
|
return t
|
||||||
|
}
|
||||||
|
|
||||||
|
END {
|
||||||
|
name = ENVIRON["POWER_SUPPLY_NAME"]
|
||||||
|
|
||||||
|
charge_unit = "Ah"
|
||||||
|
charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6
|
||||||
|
charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6
|
||||||
|
|
||||||
|
current_unit = "A"
|
||||||
|
current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6
|
||||||
|
|
||||||
|
energy_unit = "Wh"
|
||||||
|
energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6
|
||||||
|
energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
|
||||||
|
|
||||||
|
power_unit = "W"
|
||||||
|
power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6
|
||||||
|
|
||||||
|
voltage_unit = "V"
|
||||||
|
voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6
|
||||||
|
voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6
|
||||||
|
|
||||||
|
#printf "charge_now: %s\n", charge_now
|
||||||
|
#printf "charge_full: %s\n", charge_full
|
||||||
|
#printf "current_now: %s\n", current_now
|
||||||
|
#printf "energy_now: %s\n", energy_now
|
||||||
|
#printf "energy_full: %s\n", energy_full
|
||||||
|
#printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"]
|
||||||
|
#printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
|
||||||
|
#printf "power_now: %s\n", power_now
|
||||||
|
#printf "voltage_now: %s\n", voltage_now
|
||||||
|
|
||||||
|
if (current_now == 0 && voltage_now != 0) {
|
||||||
|
current_now = power_now / voltage_now
|
||||||
|
}
|
||||||
|
if (power_now == 0) {
|
||||||
|
power_now = current_now * voltage_now
|
||||||
|
}
|
||||||
|
if (charge_now == 0 && voltage_min_design != 0) {
|
||||||
|
charge_now = energy_now / voltage_min_design
|
||||||
|
}
|
||||||
|
if (energy_now == 0) {
|
||||||
|
energy_now = charge_now * voltage_min_design
|
||||||
|
}
|
||||||
|
if (charge_full == 0 && voltage_min_design != 0) {
|
||||||
|
charge_full = energy_full / voltage_min_design
|
||||||
|
}
|
||||||
|
if (energy_full == 0) {
|
||||||
|
energy_full = charge_full * voltage_min_design
|
||||||
|
}
|
||||||
|
|
||||||
|
if (charge_now == 0 || charge_full == 0) {
|
||||||
|
die("unknown charge")
|
||||||
|
}
|
||||||
|
|
||||||
|
charge_ratio = charge_now / charge_full
|
||||||
|
|
||||||
|
out = out name
|
||||||
|
out = out sprintf(" %s", print_bar(10, charge_ratio))
|
||||||
|
out = out sprintf(" %d%", charge_ratio * 100)
|
||||||
|
out = out sprintf(" %.2f%s", charge_now, charge_unit)
|
||||||
|
if (current_now != 0) {
|
||||||
|
out = out sprintf("/%.1f%s", current_now, current_unit)
|
||||||
|
}
|
||||||
|
out = out sprintf(" %d%s", energy_full, energy_unit)
|
||||||
|
if (power_now != 0) {
|
||||||
|
out = out sprintf("/%.1f%s", power_now, power_unit)
|
||||||
|
}
|
||||||
|
if (current_now != 0) {
|
||||||
|
out = out sprintf(" %s", print_hm(charge_now / current_now))
|
||||||
|
}
|
||||||
|
|
||||||
|
print out
|
||||||
|
}
|
||||||
|
'
|
||||||
|
)}
|
||||||
|
|
||||||
|
for uevent in /sys/class/power_supply/*/uevent; do
|
||||||
|
power_supply "$uevent" || :
|
||||||
|
done
|
||||||
|
''
|
@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs-channels",
|
"url": "https://github.com/NixOS/nixpkgs-channels",
|
||||||
"rev": "8abca4bc7b8b313c6e3073d074d623d1095c0dba",
|
"rev": "5c52b25283a6cccca443ffb7a358de6fe14b4a81",
|
||||||
"date": "2019-03-07T09:54:51+01:00",
|
"date": "2019-04-09T21:48:56+02:00",
|
||||||
"sha256": "1qhhlqkwzxwhq8ga4n7p4zg4nrhl79m6x4qd0pgaic6n4z5m82gr",
|
"sha256": "0fhbl6bgabhi1sw1lrs64i0hibmmppy1bh256lq8hxy3a2p1haip",
|
||||||
"fetchSubmodules": false
|
"fetchSubmodules": false
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,7 @@ dir=$(dirname $0)
|
|||||||
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||||
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
|
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
|
||||||
--url https://github.com/NixOS/nixpkgs-channels \
|
--url https://github.com/NixOS/nixpkgs-channels \
|
||||||
--rev refs/heads/nixos-18.09' \
|
--rev refs/heads/nixos-19.03' \
|
||||||
> $dir/nixpkgs.json
|
> $dir/nixpkgs.json
|
||||||
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||||
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
|
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
|
||||||
|
@ -8,21 +8,29 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||||
|
|
||||||
<stockholm/lass/2configs/blue.nix>
|
<stockholm/lass/2configs/blue.nix>
|
||||||
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.blue;
|
krebs.build.host = config.krebs.hosts.blue;
|
||||||
|
|
||||||
|
krebs.syncthing.folders = [
|
||||||
|
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
||||||
|
];
|
||||||
|
lass.ensure-permissions = [
|
||||||
|
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
||||||
|
];
|
||||||
|
|
||||||
environment.shellAliases = {
|
environment.shellAliases = {
|
||||||
deploy = pkgs.writeDash "deploy" ''
|
deploy = pkgs.writeDash "deploy" ''
|
||||||
set -eu
|
set -eu
|
||||||
export SYSTEM="$1"
|
export SYSTEM="$1"
|
||||||
$(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
|
$(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.nameservers = [ "1.1.1.1" ];
|
networking.nameservers = [ "1.1.1.1" ];
|
||||||
|
|
||||||
lass.restic = genAttrs [
|
services.restic.backups = genAttrs [
|
||||||
"daedalus"
|
"daedalus"
|
||||||
"icarus"
|
"icarus"
|
||||||
"littleT"
|
"littleT"
|
||||||
@ -30,20 +38,19 @@ with import <stockholm/lib>;
|
|||||||
"shodan"
|
"shodan"
|
||||||
"skynet"
|
"skynet"
|
||||||
] (dest: {
|
] (dest: {
|
||||||
dirs = [
|
initialize = true;
|
||||||
|
extraOptions = [
|
||||||
|
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
||||||
|
];
|
||||||
|
repository = "sftp:backup@${dest}.r:/backups/blue";
|
||||||
|
passwordFile = (toString <secrets>) + "/restic/${dest}";
|
||||||
|
timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
|
||||||
|
paths = [
|
||||||
"/home/"
|
"/home/"
|
||||||
"/var/lib"
|
"/var/lib"
|
||||||
];
|
];
|
||||||
passwordFile = (toString <secrets>) + "/restic/${dest}";
|
|
||||||
repo = "sftp:backup@${dest}.r:/backups/blue";
|
|
||||||
extraArguments = [
|
|
||||||
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
|
||||||
];
|
|
||||||
timerConfig = {
|
|
||||||
OnCalendar = "00:05";
|
|
||||||
RandomizedDelaySec = "5h";
|
|
||||||
};
|
|
||||||
});
|
});
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
|
users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
|
||||||
}
|
}
|
||||||
|
@ -4,5 +4,4 @@
|
|||||||
];
|
];
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
environment.variables.NIX_REMOTE = "daemon";
|
|
||||||
}
|
}
|
||||||
|
@ -1,20 +1,14 @@
|
|||||||
{ lib, pkgs, ... }:
|
{ lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
nixpkgs = lib.mkForce {
|
nixpkgs = lib.mkForce {
|
||||||
derivation = let
|
file = {
|
||||||
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
|
path = toString (pkgs.fetchFromGitHub {
|
||||||
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
|
|
||||||
in ''
|
|
||||||
with import (builtins.fetchTarball {
|
|
||||||
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
|
||||||
sha256 = "${sha256}";
|
|
||||||
}) {};
|
|
||||||
pkgs.fetchFromGitHub {
|
|
||||||
owner = "nixos";
|
owner = "nixos";
|
||||||
repo = "nixpkgs";
|
repo = "nixpkgs";
|
||||||
rev = "${rev}";
|
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
|
||||||
sha256 = "${sha256}";
|
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
|
||||||
}
|
});
|
||||||
'';
|
useChecksum = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -11,6 +11,10 @@
|
|||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||||
};
|
};
|
||||||
|
"/backups" = {
|
||||||
|
device = "/dev/pool/backup";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
|
28
lass/1systems/green/config.nix
Normal file
28
lass/1systems/green/config.nix
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
with import <stockholm/lib>;
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass>
|
||||||
|
<stockholm/lass/2configs>
|
||||||
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||||
|
<stockholm/lass/2configs/mail.nix>
|
||||||
|
|
||||||
|
#<stockholm/lass/2configs/blue.nix>
|
||||||
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.green;
|
||||||
|
|
||||||
|
krebs.syncthing.folders = [
|
||||||
|
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
||||||
|
];
|
||||||
|
lass.ensure-permissions = [
|
||||||
|
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
|
#networking.nameservers = [ "1.1.1.1" ];
|
||||||
|
|
||||||
|
#time.timeZone = "Europe/Berlin";
|
||||||
|
}
|
7
lass/1systems/green/physical.nix
Normal file
7
lass/1systems/green/physical.nix
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
];
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
}
|
14
lass/1systems/green/source.nix
Normal file
14
lass/1systems/green/source.nix
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
{ lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
nixpkgs = lib.mkForce {
|
||||||
|
file = {
|
||||||
|
path = toString (pkgs.fetchFromGitHub {
|
||||||
|
owner = "nixos";
|
||||||
|
repo = "nixpkgs";
|
||||||
|
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
|
||||||
|
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
|
||||||
|
});
|
||||||
|
useChecksum = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -17,6 +17,9 @@
|
|||||||
<stockholm/lass/2configs/backup.nix>
|
<stockholm/lass/2configs/backup.nix>
|
||||||
<stockholm/lass/2configs/wine.nix>
|
<stockholm/lass/2configs/wine.nix>
|
||||||
<stockholm/lass/2configs/blue-host.nix>
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
|
<stockholm/lass/2configs/nfs-dl.nix>
|
||||||
|
<stockholm/lass/2configs/prism-share.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.icarus;
|
krebs.build.host = config.krebs.hosts.icarus;
|
||||||
|
@ -17,4 +17,6 @@
|
|||||||
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
|
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
services.thinkfan.enable = true;
|
||||||
}
|
}
|
||||||
|
@ -7,6 +7,7 @@ with import <stockholm/lib>;
|
|||||||
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/blue-host.nix>
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.networkmanager.enable = true;
|
networking.networkmanager.enable = true;
|
||||||
|
@ -36,7 +36,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/blue-host.nix>
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
<stockholm/lass/2configs/network-manager.nix>
|
<stockholm/lass/2configs/network-manager.nix>
|
||||||
<stockholm/lass/2configs/nfs-dl.nix>
|
<stockholm/lass/2configs/nfs-dl.nix>
|
||||||
<stockholm/lass/2configs/hardening.nix>
|
#<stockholm/lass/2configs/hardening.nix>
|
||||||
{
|
{
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
#risk of rain
|
#risk of rain
|
||||||
@ -48,6 +48,16 @@ with import <stockholm/lib>;
|
|||||||
{ predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; }
|
{ predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
krebs.syncthing.folders = [
|
||||||
|
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
||||||
|
{ id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
|
||||||
|
];
|
||||||
|
lass.ensure-permissions = [
|
||||||
|
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
||||||
|
{ folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
|
||||||
|
];
|
||||||
|
}
|
||||||
{
|
{
|
||||||
lass.umts = {
|
lass.umts = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -15,6 +15,10 @@
|
|||||||
device = "/dev/mapper/pool-virtual";
|
device = "/dev/mapper/pool-virtual";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
"/backups" = {
|
||||||
|
device = "/dev/pool/backup";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
|
@ -109,25 +109,6 @@ with import <stockholm/lib>;
|
|||||||
localAddress = "10.233.2.2";
|
localAddress = "10.233.2.2";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
|
||||||
#onondaga
|
|
||||||
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
|
|
||||||
containers.onondaga = {
|
|
||||||
config = { ... }: {
|
|
||||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
|
||||||
environment.systemPackages = [ pkgs.git ];
|
|
||||||
services.openssh.enable = true;
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.lass.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
autoStart = true;
|
|
||||||
enableTun = true;
|
|
||||||
privateNetwork = true;
|
|
||||||
hostAddress = "10.233.2.5";
|
|
||||||
localAddress = "10.233.2.6";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
<stockholm/lass/2configs/exim-smarthost.nix>
|
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||||
<stockholm/lass/2configs/ts3.nix>
|
<stockholm/lass/2configs/ts3.nix>
|
||||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||||
@ -139,7 +120,6 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/reaktor-coders.nix>
|
<stockholm/lass/2configs/reaktor-coders.nix>
|
||||||
<stockholm/lass/2configs/ciko.nix>
|
<stockholm/lass/2configs/ciko.nix>
|
||||||
<stockholm/lass/2configs/container-networking.nix>
|
<stockholm/lass/2configs/container-networking.nix>
|
||||||
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
|
|
||||||
{ # quasi bepasty.nix
|
{ # quasi bepasty.nix
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass/2configs/bepasty.nix>
|
<stockholm/lass/2configs/bepasty.nix>
|
||||||
@ -286,6 +266,7 @@ with import <stockholm/lib>;
|
|||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
@ -386,6 +367,7 @@ with import <stockholm/lib>;
|
|||||||
lass-icarus.pubkey
|
lass-icarus.pubkey
|
||||||
lass-daedalus.pubkey
|
lass-daedalus.pubkey
|
||||||
lass-helios.pubkey
|
lass-helios.pubkey
|
||||||
|
lass-android.pubkey
|
||||||
makefu.pubkey
|
makefu.pubkey
|
||||||
wine-mors.pubkey
|
wine-mors.pubkey
|
||||||
];
|
];
|
||||||
|
@ -4,5 +4,4 @@
|
|||||||
];
|
];
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
environment.variables.NIX_REMOTE = "daemon";
|
|
||||||
}
|
}
|
||||||
|
@ -38,6 +38,10 @@
|
|||||||
device = "/dev/pool/bku";
|
device = "/dev/pool/bku";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
};
|
};
|
||||||
|
"/backups" = {
|
||||||
|
device = "/dev/pool/backup";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
|
@ -7,6 +7,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/blue-host.nix>
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
<stockholm/lass/2configs/power-action.nix>
|
<stockholm/lass/2configs/power-action.nix>
|
||||||
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
{
|
{
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
services.xserver.desktopManager.xfce.enable = true;
|
services.xserver.desktopManager.xfce.enable = true;
|
||||||
|
@ -11,7 +11,8 @@ with import <stockholm/lib>;
|
|||||||
|
|
||||||
system.activationScripts.downloadFolder = ''
|
system.activationScripts.downloadFolder = ''
|
||||||
mkdir -p /var/download
|
mkdir -p /var/download
|
||||||
chown download:download /var/download
|
chown transmission:download /var/download
|
||||||
|
chown transmission:download /var/download/finished
|
||||||
chmod 775 /var/download
|
chmod 775 /var/download
|
||||||
'';
|
'';
|
||||||
|
|
||||||
@ -43,7 +44,7 @@ with import <stockholm/lib>;
|
|||||||
fancyindex
|
fancyindex
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
virtualHosts."dl" = {
|
virtualHosts.default = {
|
||||||
default = true;
|
default = true;
|
||||||
locations."/Nginx-Fancyindex-Theme-dark" = {
|
locations."/Nginx-Fancyindex-Theme-dark" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -4,5 +4,4 @@
|
|||||||
];
|
];
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
environment.variables.NIX_REMOTE = "daemon";
|
|
||||||
}
|
}
|
||||||
|
@ -2,19 +2,11 @@
|
|||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
{
|
{
|
||||||
fileSystems = {
|
|
||||||
"/backups" = {
|
|
||||||
device = "/dev/pool/backup";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
users.users.backup = {
|
users.users.backup = {
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
home = "/backups";
|
home = "/backups";
|
||||||
createHome = true;
|
createHome = true;
|
||||||
openssh.authorizedKeys.keys = with config.krebs.hosts; [
|
openssh.authorizedKeys.keys = with config.krebs.hosts; [
|
||||||
mors.ssh.pubkey
|
|
||||||
prism.ssh.pubkey
|
|
||||||
blue.ssh.pubkey
|
blue.ssh.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -79,6 +79,7 @@ in {
|
|||||||
taskwarrior
|
taskwarrior
|
||||||
termite
|
termite
|
||||||
xclip
|
xclip
|
||||||
|
xephyrify
|
||||||
xorg.xbacklight
|
xorg.xbacklight
|
||||||
xorg.xhost
|
xorg.xhost
|
||||||
xsel
|
xsel
|
||||||
|
@ -23,8 +23,8 @@ with (import <stockholm/lib>);
|
|||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
|
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||||
{ predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";}
|
{ predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||||
{ predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
|
{ predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";}
|
||||||
{ predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";}
|
{ predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";}
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services.chat = let
|
systemd.services.chat = let
|
||||||
|
@ -4,10 +4,10 @@ with import <stockholm/lib>;
|
|||||||
imports = [
|
imports = [
|
||||||
<stockholm/krebs/2configs/nscd-fix.nix>
|
<stockholm/krebs/2configs/nscd-fix.nix>
|
||||||
./binary-cache/client.nix
|
./binary-cache/client.nix
|
||||||
|
./backup.nix
|
||||||
./gc.nix
|
./gc.nix
|
||||||
./mc.nix
|
./mc.nix
|
||||||
./vim.nix
|
./vim.nix
|
||||||
./monitoring/node-exporter.nix
|
|
||||||
./zsh.nix
|
./zsh.nix
|
||||||
./htop.nix
|
./htop.nix
|
||||||
./security-workarounds.nix
|
./security-workarounds.nix
|
||||||
@ -42,8 +42,6 @@ with import <stockholm/lib>;
|
|||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass-mors.pubkey
|
config.krebs.users.lass-mors.pubkey
|
||||||
config.krebs.users.lass-blue.pubkey
|
config.krebs.users.lass-blue.pubkey
|
||||||
config.krebs.users.lass-shodan.pubkey
|
|
||||||
config.krebs.users.lass-icarus.pubkey
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -211,6 +209,7 @@ with import <stockholm/lib>;
|
|||||||
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
|
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
|
||||||
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
|
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
|
||||||
{ predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; }
|
{ predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 19999"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -218,4 +217,7 @@ with import <stockholm/lib>;
|
|||||||
networking.dhcpcd.extraConfig = ''
|
networking.dhcpcd.extraConfig = ''
|
||||||
noipv4ll
|
noipv4ll
|
||||||
'';
|
'';
|
||||||
|
services.netdata = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -97,6 +97,9 @@ with import <stockholm/lib>;
|
|||||||
{ from = "csv-direct@lassul.us"; to = lass.mail; }
|
{ from = "csv-direct@lassul.us"; to = lass.mail; }
|
||||||
{ from = "nintendo@lassul.us"; to = lass.mail; }
|
{ from = "nintendo@lassul.us"; to = lass.mail; }
|
||||||
{ from = "overleaf@lassul.us"; to = lass.mail; }
|
{ from = "overleaf@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "box@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "paloalto@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "subtitles@lassul.us"; to = lass.mail; }
|
||||||
];
|
];
|
||||||
system-aliases = [
|
system-aliases = [
|
||||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||||
|
@ -60,7 +60,10 @@ let
|
|||||||
paypal = [ "to:paypal@lassul.us" ];
|
paypal = [ "to:paypal@lassul.us" ];
|
||||||
ptl = [ "to:ptl@posttenebraslab.ch" ];
|
ptl = [ "to:ptl@posttenebraslab.ch" ];
|
||||||
retiolum = [ "to:lass@mors.r" ];
|
retiolum = [ "to:lass@mors.r" ];
|
||||||
security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ];
|
security = [
|
||||||
|
"to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us"
|
||||||
|
"to:security-announce@lists.apple.com"
|
||||||
|
];
|
||||||
shack = [ "to:shackspace.de" ];
|
shack = [ "to:shackspace.de" ];
|
||||||
steam = [ "to:steam@lassul.us" ];
|
steam = [ "to:steam@lassul.us" ];
|
||||||
tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ];
|
tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ];
|
||||||
@ -225,6 +228,7 @@ in {
|
|||||||
msmtp
|
msmtp
|
||||||
mutt
|
mutt
|
||||||
pkgs.notmuch
|
pkgs.notmuch
|
||||||
|
pkgs.muchsync
|
||||||
pkgs.haskellPackages.much
|
pkgs.haskellPackages.much
|
||||||
tag-new-mails
|
tag-new-mails
|
||||||
tag-old-mails
|
tag-old-mails
|
||||||
|
@ -1,15 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
{
|
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
|
|
||||||
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
|
|
||||||
];
|
|
||||||
services.prometheus.exporters = {
|
|
||||||
node = {
|
|
||||||
enable = true;
|
|
||||||
enabledCollectors = [
|
|
||||||
"systemd"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,217 +0,0 @@
|
|||||||
{ pkgs, lib, config, ... }:
|
|
||||||
{
|
|
||||||
#networking = {
|
|
||||||
# firewall.allowedTCPPorts = [
|
|
||||||
# 3000 # grafana
|
|
||||||
# 9090 # prometheus
|
|
||||||
# 9093 # alertmanager
|
|
||||||
# ];
|
|
||||||
# useDHCP = true;
|
|
||||||
#};
|
|
||||||
|
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
{ predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
services = {
|
|
||||||
prometheus = {
|
|
||||||
enable = true;
|
|
||||||
extraFlags = [
|
|
||||||
"-storage.local.retention 8760h"
|
|
||||||
"-storage.local.series-file-shrink-ratio 0.3"
|
|
||||||
"-storage.local.memory-chunks 2097152"
|
|
||||||
"-storage.local.max-chunks-to-persist 1048576"
|
|
||||||
"-storage.local.index-cache-size.fingerprint-to-metric 2097152"
|
|
||||||
"-storage.local.index-cache-size.fingerprint-to-timerange 1048576"
|
|
||||||
"-storage.local.index-cache-size.label-name-to-label-values 2097152"
|
|
||||||
"-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
|
|
||||||
];
|
|
||||||
alertmanagerURL = [ "http://localhost:9093" ];
|
|
||||||
rules = [
|
|
||||||
''
|
|
||||||
ALERT node_down
|
|
||||||
IF up == 0
|
|
||||||
FOR 5m
|
|
||||||
LABELS {
|
|
||||||
severity="page"
|
|
||||||
}
|
|
||||||
ANNOTATIONS {
|
|
||||||
summary = "{{$labels.alias}}: Node is down.",
|
|
||||||
description = "{{$labels.alias}} has been down for more than 5 minutes."
|
|
||||||
}
|
|
||||||
ALERT node_systemd_service_failed
|
|
||||||
IF node_systemd_unit_state{state="failed"} == 1
|
|
||||||
FOR 4m
|
|
||||||
LABELS {
|
|
||||||
severity="page"
|
|
||||||
}
|
|
||||||
ANNOTATIONS {
|
|
||||||
summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
|
|
||||||
description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
|
|
||||||
}
|
|
||||||
ALERT node_filesystem_full_90percent
|
|
||||||
IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
|
|
||||||
FOR 5m
|
|
||||||
LABELS {
|
|
||||||
severity="page"
|
|
||||||
}
|
|
||||||
ANNOTATIONS {
|
|
||||||
summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
|
|
||||||
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
|
|
||||||
}
|
|
||||||
ALERT node_filesystem_full_in_4h
|
|
||||||
IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
|
|
||||||
FOR 5m
|
|
||||||
LABELS {
|
|
||||||
severity="page"
|
|
||||||
}
|
|
||||||
ANNOTATIONS {
|
|
||||||
summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
|
|
||||||
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
|
|
||||||
}
|
|
||||||
ALERT node_filedescriptors_full_in_3h
|
|
||||||
IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
|
|
||||||
FOR 20m
|
|
||||||
LABELS {
|
|
||||||
severity="page"
|
|
||||||
}
|
|
||||||
ANNOTATIONS {
|
|
||||||
summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
|
|
||||||
description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
|
|
||||||
}
|
|
||||||
ALERT node_load1_90percent
|
|
||||||
IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
|
|
||||||
FOR 1h
|
|
||||||
LABELS {
|
|
||||||
severity="page"
|
|
||||||
}
|
|
||||||
ANNOTATIONS {
|
|
||||||
summary = "{{$labels.alias}}: Running on high load.",
|
|
||||||
description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
|
|
||||||
}
|
|
||||||
ALERT node_cpu_util_90percent
|
|
||||||
IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
|
|
||||||
FOR 1h
|
|
||||||
LABELS {
|
|
||||||
severity="page"
|
|
||||||
}
|
|
||||||
ANNOTATIONS {
|
|
||||||
summary = "{{$labels.alias}}: High CPU utilization.",
|
|
||||||
description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
|
|
||||||
}
|
|
||||||
ALERT node_ram_using_90percent
|
|
||||||
IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
|
|
||||||
FOR 30m
|
|
||||||
LABELS {
|
|
||||||
severity="page"
|
|
||||||
}
|
|
||||||
ANNOTATIONS {
|
|
||||||
summary="{{$labels.alias}}: Using lots of RAM.",
|
|
||||||
description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
|
|
||||||
}
|
|
||||||
ALERT node_swap_using_80percent
|
|
||||||
IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8
|
|
||||||
FOR 10m
|
|
||||||
LABELS {
|
|
||||||
severity="page"
|
|
||||||
}
|
|
||||||
ANNOTATIONS {
|
|
||||||
summary="{{$labels.alias}}: Running out of swap soon.",
|
|
||||||
description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
|
|
||||||
}
|
|
||||||
''
|
|
||||||
];
|
|
||||||
scrapeConfigs = [
|
|
||||||
{
|
|
||||||
job_name = "node";
|
|
||||||
scrape_interval = "10s";
|
|
||||||
static_configs = [
|
|
||||||
{
|
|
||||||
targets = [
|
|
||||||
] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts));
|
|
||||||
#labels = {
|
|
||||||
# alias = "prometheus.example.com";
|
|
||||||
#};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
alertmanager = {
|
|
||||||
enable = true;
|
|
||||||
listenAddress = "0.0.0.0";
|
|
||||||
configuration = {
|
|
||||||
"global" = {
|
|
||||||
"smtp_smarthost" = "smtp.example.com:587";
|
|
||||||
"smtp_from" = "alertmanager@example.com";
|
|
||||||
};
|
|
||||||
"route" = {
|
|
||||||
"group_by" = [ "alertname" "alias" ];
|
|
||||||
"group_wait" = "30s";
|
|
||||||
"group_interval" = "2m";
|
|
||||||
"repeat_interval" = "4h";
|
|
||||||
"receiver" = "team-admins";
|
|
||||||
};
|
|
||||||
"receivers" = [
|
|
||||||
{
|
|
||||||
"name" = "team-admins";
|
|
||||||
"email_configs" = [
|
|
||||||
{
|
|
||||||
"to" = "devnull@example.com";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
"webhook_configs" = [
|
|
||||||
{
|
|
||||||
"url" = "http://127.0.0.1:14813/prometheus-alerts";
|
|
||||||
"send_resolved" = true;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
grafana = {
|
|
||||||
enable = true;
|
|
||||||
addr = "0.0.0.0";
|
|
||||||
domain = "grafana.example.com";
|
|
||||||
rootUrl = "https://grafana.example.com/";
|
|
||||||
auth.anonymous.enable = true;
|
|
||||||
auth.anonymous.org_role = "Admin";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.logstash = {
|
|
||||||
enable = true;
|
|
||||||
inputConfig = ''
|
|
||||||
http {
|
|
||||||
port => 14813
|
|
||||||
host => "127.0.0.1"
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
filterConfig = ''
|
|
||||||
if ([alerts]) {
|
|
||||||
ruby {
|
|
||||||
code => '
|
|
||||||
lines = []
|
|
||||||
event["alerts"].each {|p|
|
|
||||||
lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}"
|
|
||||||
}
|
|
||||||
event["output"] = lines.join("\n")
|
|
||||||
'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
outputConfig = ''
|
|
||||||
file { path => "/tmp/logs.json" codec => "json_lines" }
|
|
||||||
irc {
|
|
||||||
channels => [ "#noise" ]
|
|
||||||
host => "irc.r"
|
|
||||||
nick => "alarm"
|
|
||||||
codec => "json_lines"
|
|
||||||
format => "%{output}"
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
#plugins = [ ];
|
|
||||||
};
|
|
||||||
}
|
|
39
lass/2configs/prism-share.nix
Normal file
39
lass/2configs/prism-share.nix
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
with import <stockholm/lib>;
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 139"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp --dport 445"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p udp --dport 137"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p udp --dport 138"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
users.users.smbguest = {
|
||||||
|
name = "smbguest";
|
||||||
|
uid = config.ids.uids.smbguest;
|
||||||
|
description = "smb guest user";
|
||||||
|
home = "/home/share";
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
services.samba = {
|
||||||
|
enable = true;
|
||||||
|
enableNmbd = true;
|
||||||
|
shares = {
|
||||||
|
incoming = {
|
||||||
|
path = "/mnt/prism";
|
||||||
|
"read only" = "no";
|
||||||
|
browseable = "yes";
|
||||||
|
"guest ok" = "yes";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
guest account = smbguest
|
||||||
|
map to guest = bad user
|
||||||
|
# disable printing
|
||||||
|
load printers = no
|
||||||
|
printing = bsd
|
||||||
|
printcap name = /dev/null
|
||||||
|
disable spoolss = yes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
@ -29,7 +29,7 @@ in {
|
|||||||
hooks.url-title
|
hooks.url-title
|
||||||
{
|
{
|
||||||
activate = "match";
|
activate = "match";
|
||||||
pattern = ''@([^ ]+) (.*)$'';
|
pattern = ''^@([^ ]+) (.*)$'';
|
||||||
command = 1;
|
command = 1;
|
||||||
arguments = [2];
|
arguments = [2];
|
||||||
env.HOME = config.krebs.reaktor2.coders.stateDir;
|
env.HOME = config.krebs.reaktor2.coders.stateDir;
|
||||||
@ -66,7 +66,7 @@ in {
|
|||||||
}
|
}
|
||||||
{
|
{
|
||||||
activate = "match";
|
activate = "match";
|
||||||
pattern = ''!([^ ]+)(?:\s*(.*))?'';
|
pattern = ''^!([^ ]+)(?:\s*(.*))?'';
|
||||||
command = 1;
|
command = 1;
|
||||||
arguments = [2];
|
arguments = [2];
|
||||||
commands = {
|
commands = {
|
||||||
|
@ -3,9 +3,27 @@ with import <stockholm/lib>;
|
|||||||
{
|
{
|
||||||
services.syncthing = {
|
services.syncthing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
group = "syncthing";
|
||||||
};
|
};
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
|
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
|
||||||
{ predicate = "-p udp --dport 21027"; target = "ACCEPT";}
|
{ predicate = "-p udp --dport 21027"; target = "ACCEPT";}
|
||||||
];
|
];
|
||||||
|
krebs.syncthing = {
|
||||||
|
enable = true;
|
||||||
|
cert = toString <secrets/syncthing.cert>;
|
||||||
|
key = toString <secrets/syncthing.key>;
|
||||||
|
peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
|
||||||
|
folders = [
|
||||||
|
{ path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
system.activationScripts.syncthing-home = ''
|
||||||
|
${pkgs.coreutils}/bin/chmod a+x /home/lass
|
||||||
|
'';
|
||||||
|
|
||||||
|
lass.ensure-permissions = [
|
||||||
|
{ folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; }
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
0
lass/2configs/tests/dummy-secrets/syncthing.cert
Normal file
0
lass/2configs/tests/dummy-secrets/syncthing.cert
Normal file
0
lass/2configs/tests/dummy-secrets/syncthing.key
Normal file
0
lass/2configs/tests/dummy-secrets/syncthing.key
Normal file
@ -6,7 +6,6 @@ let
|
|||||||
in {
|
in {
|
||||||
#services.virtualboxHost.enable = true;
|
#services.virtualboxHost.enable = true;
|
||||||
virtualisation.virtualbox.host.enable = true;
|
virtualisation.virtualbox.host.enable = true;
|
||||||
nixpkgs.config.virtualbox.enableExtensionPack = true;
|
|
||||||
virtualisation.virtualbox.host.enableHardening = false;
|
virtualisation.virtualbox.host.enableHardening = false;
|
||||||
|
|
||||||
users.extraUsers = {
|
users.extraUsers = {
|
||||||
|
@ -94,7 +94,7 @@ in {
|
|||||||
config = {
|
config = {
|
||||||
adminpassFile = toString <secrets> + "/nextcloud_pw";
|
adminpassFile = toString <secrets> + "/nextcloud_pw";
|
||||||
};
|
};
|
||||||
#https = true;
|
https = true;
|
||||||
nginx.enable = true;
|
nginx.enable = true;
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."o.xanf.org" = {
|
services.nginx.virtualHosts."o.xanf.org" = {
|
||||||
@ -234,11 +234,13 @@ in {
|
|||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
krebs.on-failure.plans.restic-backups-domsen = {};
|
||||||
services.restic.backups.domsen = {
|
services.restic.backups.domsen = {
|
||||||
initialize = true;
|
initialize = true;
|
||||||
extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
|
extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
|
||||||
repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
|
repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
|
||||||
passwordFile = toString <secrets> + "/domsen_backup_pw";
|
passwordFile = toString <secrets> + "/domsen_backup_pw";
|
||||||
|
timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
|
||||||
paths = [
|
paths = [
|
||||||
"/srv/http"
|
"/srv/http"
|
||||||
"/home/domsen/Mail"
|
"/home/domsen/Mail"
|
||||||
|
@ -6,8 +6,6 @@ let
|
|||||||
in {
|
in {
|
||||||
users.users= {
|
users.users= {
|
||||||
wine = {
|
wine = {
|
||||||
name = "wine";
|
|
||||||
description = "user for running wine";
|
|
||||||
home = "/home/wine";
|
home = "/home/wine";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
|
@ -28,8 +28,8 @@
|
|||||||
}
|
}
|
||||||
zle -N down-line-or-local-history
|
zle -N down-line-or-local-history
|
||||||
|
|
||||||
setopt share_history
|
setopt SHARE_HISTORY
|
||||||
setopt hist_ignore_dups
|
setopt HIST_IGNORE_ALL_DUPS
|
||||||
# setopt inc_append_history
|
# setopt inc_append_history
|
||||||
bindkey '^R' history-incremental-search-backward
|
bindkey '^R' history-incremental-search-backward
|
||||||
|
|
||||||
|
@ -3,6 +3,7 @@ _:
|
|||||||
imports = [
|
imports = [
|
||||||
./dnsmasq.nix
|
./dnsmasq.nix
|
||||||
./ejabberd
|
./ejabberd
|
||||||
|
./ensure-permissions.nix
|
||||||
./folderPerms.nix
|
./folderPerms.nix
|
||||||
./hosts.nix
|
./hosts.nix
|
||||||
./mysql-backup.nix
|
./mysql-backup.nix
|
||||||
|
66
lass/3modules/ensure-permissions.nix
Normal file
66
lass/3modules/ensure-permissions.nix
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
{ config, pkgs, ... }: with import <stockholm/lib>;
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
cfg = config.lass.ensure-permissions;
|
||||||
|
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options.lass.ensure-permissions = mkOption {
|
||||||
|
default = [];
|
||||||
|
type = types.listOf (types.submodule ({
|
||||||
|
options = {
|
||||||
|
|
||||||
|
folder = mkOption {
|
||||||
|
type = types.absolute-pathname;
|
||||||
|
};
|
||||||
|
|
||||||
|
owner = mkOption {
|
||||||
|
# TODO user type
|
||||||
|
type = types.str;
|
||||||
|
default = "root";
|
||||||
|
};
|
||||||
|
|
||||||
|
group = mkOption {
|
||||||
|
# TODO group type
|
||||||
|
type = types.str;
|
||||||
|
default = "root";
|
||||||
|
};
|
||||||
|
|
||||||
|
permission = mkOption {
|
||||||
|
# TODO permission type
|
||||||
|
type = types.str;
|
||||||
|
default = "u+rw,g+rw";
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf (cfg != []) {
|
||||||
|
|
||||||
|
system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
|
||||||
|
${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
|
||||||
|
${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
|
||||||
|
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
|
||||||
|
'') cfg;
|
||||||
|
systemd.services =
|
||||||
|
listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = 10;
|
||||||
|
ExecStart = pkgs.writeDash "ensure-perms" ''
|
||||||
|
${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
|
||||||
|
| while IFS= read -r FILE; do
|
||||||
|
${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
|
||||||
|
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}) cfg)
|
||||||
|
;
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
@ -13,15 +13,18 @@ let
|
|||||||
api = {
|
api = {
|
||||||
enable = mkEnableOption "screenlock";
|
enable = mkEnableOption "screenlock";
|
||||||
command = mkOption {
|
command = mkOption {
|
||||||
type = types.str;
|
type = types.path;
|
||||||
default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1";
|
default = pkgs.writeDash "screenlock" ''
|
||||||
|
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1
|
||||||
|
sleep 3
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
systemd.services.screenlock = {
|
systemd.services.screenlock = {
|
||||||
before = [ "sleep.target" ];
|
before = [ "sleep.target" ];
|
||||||
wantedBy = [ "sleep.target" ];
|
requiredBy = [ "sleep.target" ];
|
||||||
environment = {
|
environment = {
|
||||||
DISPLAY = ":${toString config.services.xserver.display}";
|
DISPLAY = ":${toString config.services.xserver.display}";
|
||||||
};
|
};
|
||||||
|
@ -133,7 +133,7 @@ myKeyMap =
|
|||||||
, ("M4-f", floatNext True)
|
, ("M4-f", floatNext True)
|
||||||
, ("M4-b", sendMessage ToggleStruts)
|
, ("M4-b", sendMessage ToggleStruts)
|
||||||
|
|
||||||
, ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
|
, ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.greedyView) )
|
||||||
, ("M4-S-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
|
, ("M4-S-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
|
||||||
, ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
|
, ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
|
||||||
|
|
||||||
@ -169,6 +169,7 @@ myKeyMap =
|
|||||||
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
|
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
|
||||||
|
|
||||||
, ("M4-s", spawn "${pkgs.knav}/bin/knav")
|
, ("M4-s", spawn "${pkgs.knav}/bin/knav")
|
||||||
|
, ("<Print>", spawn "${pkgs.flameshot-once}/bin/flameshot-once")
|
||||||
|
|
||||||
--, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
|
--, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
|
||||||
--, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
|
--, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
|
||||||
@ -220,7 +221,7 @@ gridConfig = def
|
|||||||
|
|
||||||
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
|
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
|
||||||
allWorkspaceNames ws =
|
allWorkspaceNames ws =
|
||||||
return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
|
return $ map W.tag (W.hidden ws ++ (map W.workspace $ W.visible ws)) ++ [W.tag $ W.workspace $ W.current ws]
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
{}
|
{}
|
||||||
;
|
;
|
||||||
|
|
||||||
source = { test }: lib.evalSource [
|
source = { test }: lib.evalSource ([
|
||||||
(krebs-source { test = test; })
|
(krebs-source { test = test; })
|
||||||
{
|
{
|
||||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
|
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
|
||||||
@ -24,8 +24,7 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
host-source
|
] ++ (lib.optional (! test) host-source));
|
||||||
];
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
|
@ -86,6 +86,12 @@ rec {
|
|||||||
type = nullOr ssh-privkey;
|
type = nullOr ssh-privkey;
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
syncthing.id = mkOption {
|
||||||
|
# TODO syncthing id type
|
||||||
|
type = nullOr string;
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -1 +1 @@
|
|||||||
Subproject commit fc8a3802a0777a5f43a9a2fe0f5848ecaeb555a1
|
Subproject commit c528cf970e292790b414b4c1c8c8e9d7e73b2a71
|
@ -3,7 +3,6 @@
|
|||||||
pkgs.haskellPackages.much
|
pkgs.haskellPackages.much
|
||||||
pkgs.msmtp
|
pkgs.msmtp
|
||||||
pkgs.notmuch
|
pkgs.notmuch
|
||||||
pkgs.pythonPackages.alot
|
|
||||||
pkgs.qprint
|
pkgs.qprint
|
||||||
pkgs.w3m
|
pkgs.w3m
|
||||||
];
|
];
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
{ config, lib, pkgs, pkgs_i686, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
let
|
let
|
||||||
pkg = pkgs.pulseaudioLight;
|
pkg = pkgs.pulseaudioLight;
|
||||||
runDir = "/run/pulse";
|
runDir = "/run/pulse";
|
||||||
|
|
||||||
|
pkgs_i686 = pkgs.pkgsi686Linux;
|
||||||
|
|
||||||
support32Bit =
|
support32Bit =
|
||||||
pkgs.stdenv.isx86_64 &&
|
pkgs.stdenv.isx86_64 &&
|
||||||
pkgs_i686.alsaLib != null &&
|
pkgs_i686.alsaLib != null &&
|
||||||
|
@ -102,131 +102,6 @@ let
|
|||||||
'
|
'
|
||||||
'';
|
'';
|
||||||
|
|
||||||
q-power_supply = let
|
|
||||||
power_supply = pkgs.writeBash "power_supply" ''
|
|
||||||
set -efu
|
|
||||||
uevent=$1
|
|
||||||
eval "$(${pkgs.gnused}/bin/sed -n '
|
|
||||||
s/^\([A-Z_]\+=[0-9A-Za-z_-]*\)$/export \1/p
|
|
||||||
' $uevent)"
|
|
||||||
case $POWER_SUPPLY_NAME in
|
|
||||||
AC)
|
|
||||||
exit # not battery
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
exec </dev/null
|
|
||||||
exec ${pkgs.gawk}/bin/awk '
|
|
||||||
function die(s) {
|
|
||||||
printf "%s: %s\n", name, s
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
function print_hm(h, m) {
|
|
||||||
m = (h - int(h)) * 60
|
|
||||||
return sprintf("%dh%dm", h, m)
|
|
||||||
}
|
|
||||||
|
|
||||||
function print_bar(n, r, t1, t2, t_col) {
|
|
||||||
t1 = int(r * n)
|
|
||||||
t2 = n - t1
|
|
||||||
if (r >= .42) t_col = "1;32"
|
|
||||||
else if (r >= 23) t_col = "1;33"
|
|
||||||
else if (r >= 11) t_col = "1;31"
|
|
||||||
else t_col = "5;1;31"
|
|
||||||
return sgr(t_col) strdup("■", t1) sgr(";30") strdup("■", t2) sgr()
|
|
||||||
}
|
|
||||||
|
|
||||||
function sgr(p) {
|
|
||||||
return "\x1b[" p "m"
|
|
||||||
}
|
|
||||||
|
|
||||||
function strdup(s,n,t) {
|
|
||||||
t = sprintf("%"n"s","")
|
|
||||||
gsub(/ /,s,t)
|
|
||||||
return t
|
|
||||||
}
|
|
||||||
|
|
||||||
END {
|
|
||||||
name = ENVIRON["POWER_SUPPLY_NAME"]
|
|
||||||
|
|
||||||
charge_unit = "Ah"
|
|
||||||
charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6
|
|
||||||
charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6
|
|
||||||
|
|
||||||
current_unit = "A"
|
|
||||||
current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6
|
|
||||||
|
|
||||||
energy_unit = "Wh"
|
|
||||||
energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6
|
|
||||||
energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
|
|
||||||
|
|
||||||
power_unit = "W"
|
|
||||||
power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6
|
|
||||||
|
|
||||||
voltage_unit = "V"
|
|
||||||
voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6
|
|
||||||
voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6
|
|
||||||
|
|
||||||
#printf "charge_now: %s\n", charge_now
|
|
||||||
#printf "charge_full: %s\n", charge_full
|
|
||||||
#printf "current_now: %s\n", current_now
|
|
||||||
#printf "energy_now: %s\n", energy_now
|
|
||||||
#printf "energy_full: %s\n", energy_full
|
|
||||||
#printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"]
|
|
||||||
#printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
|
|
||||||
#printf "power_now: %s\n", power_now
|
|
||||||
#printf "voltage_now: %s\n", voltage_now
|
|
||||||
|
|
||||||
if (current_now == 0 && voltage_now != 0) {
|
|
||||||
current_now = power_now / voltage_now
|
|
||||||
}
|
|
||||||
if (power_now == 0) {
|
|
||||||
power_now = current_now * voltage_now
|
|
||||||
}
|
|
||||||
if (charge_now == 0 && voltage_min_design != 0) {
|
|
||||||
charge_now = energy_now / voltage_min_design
|
|
||||||
}
|
|
||||||
if (energy_now == 0) {
|
|
||||||
energy_now = charge_now * voltage_min_design
|
|
||||||
}
|
|
||||||
if (charge_full == 0 && voltage_min_design != 0) {
|
|
||||||
charge_full = energy_full / voltage_min_design
|
|
||||||
}
|
|
||||||
if (energy_full == 0) {
|
|
||||||
energy_full = charge_full * voltage_min_design
|
|
||||||
}
|
|
||||||
|
|
||||||
if (charge_now == 0 || charge_full == 0) {
|
|
||||||
die("unknown charge")
|
|
||||||
}
|
|
||||||
|
|
||||||
charge_ratio = charge_now / charge_full
|
|
||||||
|
|
||||||
out = out name
|
|
||||||
out = out sprintf(" %s", print_bar(10, charge_ratio))
|
|
||||||
out = out sprintf(" %d%", charge_ratio * 100)
|
|
||||||
out = out sprintf(" %.2f%s", charge_now, charge_unit)
|
|
||||||
if (current_now != 0) {
|
|
||||||
out = out sprintf("/%.1f%s", current_now, current_unit)
|
|
||||||
}
|
|
||||||
out = out sprintf(" %d%s", energy_full, energy_unit)
|
|
||||||
if (power_now != 0) {
|
|
||||||
out = out sprintf("/%.1f%s", power_now, power_unit)
|
|
||||||
}
|
|
||||||
if (current_now != 0) {
|
|
||||||
out = out sprintf(" %s", print_hm(charge_now / current_now))
|
|
||||||
}
|
|
||||||
|
|
||||||
print out
|
|
||||||
}
|
|
||||||
'
|
|
||||||
'';
|
|
||||||
in ''
|
|
||||||
for uevent in /sys/class/power_supply/*/uevent; do
|
|
||||||
${power_supply} "$uevent" || :
|
|
||||||
done
|
|
||||||
'';
|
|
||||||
|
|
||||||
q-virtualization = /* sh */ ''
|
q-virtualization = /* sh */ ''
|
||||||
echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
|
echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
|
||||||
'';
|
'';
|
||||||
@ -302,7 +177,7 @@ pkgs.writeBashBin "q" ''
|
|||||||
${q-sgtdate}
|
${q-sgtdate}
|
||||||
(${q-gitdir}) &
|
(${q-gitdir}) &
|
||||||
(${q-intel_backlight}) &
|
(${q-intel_backlight}) &
|
||||||
(${q-power_supply}) &
|
${pkgs.q-power_supply}/bin/q-power_supply &
|
||||||
(${q-virtualization}) &
|
(${q-virtualization}) &
|
||||||
(${q-wireless}) &
|
(${q-wireless}) &
|
||||||
(${q-online}) &
|
(${q-online}) &
|
||||||
|
Loading…
Reference in New Issue
Block a user