Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse Source
This commit is contained in:
jeschli 2018-08-21 19:52:30 +02:00
commit 8cfc4f5eda
51 changed files with 501 additions and 414 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
krebs/1systems/onebutton/source.nix
View File

@ -1,11 +1,8 @@
with import <stockholm/lib>;
let
pkgs = import <nixpkgs> {};
nixpkgs = pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs-channels";
rev = "nixos-unstable"; # only binary cache for unstable arm6
sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd";
nixpkgs = builtins.fetchTarball {
url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz;
};
in import <stockholm/krebs/source.nix> {
name = "onebutton";

4
krebs/2configs/news-spam.nix
View File

@ -7,7 +7,6 @@
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
[SPAM]antirez|http://antirez.com/rss|#snews
[SPAM]arbor|http://feeds2.feedburner.com/asert/|#snews
[SPAM]archlinux|http://www.archlinux.org/feeds/news/|#snews
[SPAM]ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews
[SPAM]augustl|http://augustl.com/atom.xml|#snews
@ -131,7 +130,6 @@
[SPAM]slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews
[SPAM]slate|http://feeds.slate.com/slate|#snews
[SPAM]spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews
[SPAM]spiegelfechter|http://feeds.feedburner.com/DerSpiegelfechter?format=xml|#snews
[SPAM]spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews
[SPAM]standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews
[SPAM]stern|http://www.stern.de/feed/standard/all/|#snews
@ -146,7 +144,6 @@
[SPAM]the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews
[SPAM]tigsource|http://www.tigsource.com/feed/|#snews
[SPAM]tinc|http://tinc-vpn.org/news/index.rss|#snews
[SPAM]topix_b|http://www.topix.com/rss/wire/de/berlin|#snews
[SPAM]torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews
[SPAM]torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews
[SPAM]torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews
@ -160,7 +157,6 @@
[SPAM]us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews
[SPAM]vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews
[SPAM]weechat|http://dev.weechat.org/feed/atom|#snews
[SPAM]wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#snews
[SPAM]xkcd|https://xkcd.com/rss.xml|#snews
[SPAM]zdnet|http://www.zdnet.com/news/rss.xml|#snews
'';

60
krebs/3modules/git.nix
View File

@ -8,21 +8,6 @@
with import <stockholm/lib>;
let
defaultBool = o: mkOption {
type = types.bool;
default = option;
};
defaultUint = o: mkOption {
type = types.uint;
default = o;
};
defaultAbsolutpath = o: mkOption {
type = types.absolute-pathname;
default = o;
};
cfg = config.krebs.git;
out = {
@ -136,15 +121,42 @@ let
cgit-settings = types.submodule {
# A setting's value of `null` means cgit's default should be used.
options = {
cache-root = defaultAbsolutpath("/tmp/cgit");
cache-size = defaultUint(1000);
css = defaultAbsolutpath("/static/cgit.css");
enable-commit-graph = defaultBool(true);
enable-index-links = defaultBool(true);
enable-index-owner = defaultBool(false);
enable-log-filecount = defaultBool(true);
enable-log-linecount = defaultBool(true);
enable-remote-branches = defaultBool(true);
cache-root = mkOption {
type = types.absolute-pathname;
default = "/tmp/cgit";
};
cache-size = mkOption {
type = types.uint;
default = 1000;
};
css = mkOption {
type = types.absolute-pathname;
default = "/static/cgit.css";
};
enable-commit-graph = mkOption {
type = types.bool;
default = true;
};
enable-index-links = mkOption {
type = types.bool;
default = true;
};
enable-index-owner = mkOption {
type = types.bool;
default = false;
};
enable-log-filecount = mkOption {
type = types.bool;
default = true;
};
enable-log-linecount = mkOption {
type = types.bool;
default = true;
};
enable-remote-branches = mkOption {
type = types.bool;
default = true;
};
logo = mkOption {
type = types.absolute-pathname;
default = "/static/cgit.png";

31
krebs/3modules/lass/default.nix
View File

@ -301,37 +301,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
};
helios = {
cores = 8;
nets = {
retiolum = {
ip4.addr = "10.243.133.117";
ip6.addr = "42:0:0:0:0:0:3:7105";
aliases = [
"helios.r"
"cgit.helios.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAp+SRmP5MoCSYInx4Dm5MLZzNyXVgfo/CDoeUlUT35X0yE7WHGWsG
wHPCu+3RWfBUjuqNdb0qiGtRi3Q/LwznwBROPOX8gMXia/DgCLbIjn5Rx081pTIo
3epbUCFtNgyDWg8IHF87ZnVBXTYAy5g4tz9u8kw82D8mR18o595TuZ9t5pDc/Kvi
fPHZenT6cd6FtL9uankX/jan1PRP9xTrhpE8dAQ6g+7XH7knMK3cno/Ztis5YzHt
Ith0bsIjk5of7hhITj0MXtTikjDqWxkpF5mfOK1cG/rC1goTmB9AfcENUBnu9iAM
I/alzqk3CEczznLyaOckfx2fRuar912LAdiJ5v7VPztfvN1p3gIxq5M0Rgkq+98B
H/s32xNRBPvqoIleKnhwE9gfrCLaAVqpaMkgKRvgsTkSDNYNhh4smQ3eAKKwwDH/
QG3sfP8xyNyDFhBtCiDGkf9hNqBBMaKjZoh8DasZNtcfOop3fGw7jmUUbB6cG8cp
+EfYbcb5mVpmrIyXgOTwwYcp7tn+zkd4Wa8C9Q98eFTs0HGVGxGX9Hj6PM/kXK4C
aIqIQVNpnJ/9cOwT8JFIriG1MWTOXbamUusKTLs8SRp3ZkyM7XUEcLL5HMh09rUw
rzEAmE7TywXVhd7j2IaEy+bx2dfGQH2bFoh6Drm6Olo+ySi1utB5dGkCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL";
};
littleT = {
cores = 2;
nets = {

9
krebs/3modules/makefu/default.nix
View File

@ -336,7 +336,6 @@ with import <stockholm/lib>;
"krebsco.de" = ''
euer IN MX 1 aspmx.l.google.com.
nixos.unstable IN CNAME krebscode.github.io.
gold IN A ${nets.internet.ip4.addr}
boot IN A ${nets.internet.ip4.addr}
'';
};
@ -522,6 +521,13 @@ with import <stockholm/lib>;
};
nextgum = rec {
ci = true;
extraZones = {
"krebsco.de" = ''
cache.euer IN A ${nets.internet.ip4.addr}
cache.gum IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
'';
};
cores = 8;
nets = rec {
internet = {
@ -537,6 +543,7 @@ with import <stockholm/lib>;
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
aliases = [
"nextgum.r"
"cache.gum.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----

2
krebs/3modules/rtorrent.nix
View File

@ -29,7 +29,7 @@ let
''}
${optionalString (cfg.watchDir != null) ''
schedule = watch_directory,5,5,load_start=${cfg.watchDir}/*.torrent
directory.watch.added = "${cfg.watchDir}", load.start_verbose
''}
directory = ${cfg.downloadDir}

8
krebs/5pkgs/haskell/xmonad-stockholm.nix
View File

@ -1,16 +1,16 @@
{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape
{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xft, X11-xshape
, xmonad, xmonad-contrib
}:
mkDerivation rec {
pname = "xmonad-stockholm";
version = "1.1.1";
version = "1.2.0";
src = fetchgit {
url = http://cgit.ni.krebsco.de/xmonad-stockholm;
rev = "refs/tags/v${version}";
sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585";
sha256 = "13mvmh3kk9a79l1nii028p0n7l95pb78wz9c4j42l90m02mg6cis";
};
libraryHaskellDepends = [
base containers X11 X11-xshape xmonad xmonad-contrib
base containers X11 X11-xft X11-xshape xmonad xmonad-contrib
];
license = stdenv.lib.licenses.mit;
}

2
krebs/krops.nix
View File

@ -12,7 +12,7 @@
krebs-source = {
nixpkgs.git = {
ref = "56fad146a12a6f934d1d5ef875eb729be1b19129";
ref = "d0c868ec17c2cb2ca845f33fbfe381e9c7e55516";
url = https://github.com/NixOS/nixpkgs;
};
stockholm.file = toString ../.;

62
lass/1systems/helios/config.nix
View File

@ -8,16 +8,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/otp-ssh.nix>
# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
#<stockholm/lass/2configs/git.nix>
#<stockholm/lass/2configs/dcso-vpn.nix>
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
{
services.xserver.dpi = 200;
fonts.fontconfig.dpi = 200;
@ -25,44 +15,9 @@ with import <stockholm/lib>;
lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola";
lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol";
}
{ #TAPIR, AGATIS, sentral, a3 - foo
services.redis.enable = true;
}
{
krebs.fetchWallpaper = {
enable = true;
url = "http://i.imgur.com/0ktqxSg.png";
maxTime = 9001;
};
}
{
#urban terror port
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 27960"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 27960"; target = "ACCEPT"; }
];
}
];
krebs.build.host = config.krebs.hosts.helios;
krebs.git.rules = [
{
user = [ config.krebs.users.lass-helios ];
repo = [ config.krebs.git.repos.stockholm ];
perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ];
}
{
lass.umts = {
enable = true;
modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";
initstrings = ''
Init1 = AT+CFUN=1
Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
'';
};
}
];
environment.systemPackages = with pkgs; [
ag
vim
@ -84,27 +39,10 @@ with import <stockholm/lib>;
services.tlp.enable = true;
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
];
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
services.printing.drivers = [ pkgs.postscript-lexmark ];
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
virtualisation.docker.enable = true;
}

64
lass/1systems/helios/physical.nix
View File

@ -1,64 +0,0 @@
{ pkgs, ... }:
{
imports = [
./config.nix
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = {
device = "/dev/pool/root";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1F60-17C6";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/pool/home";
fsType = "btrfs";
};
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
}
{ # crypto stuff
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
devices = [{
name = "luksroot";
device = "/dev/nvme0n1p3";
}];
};
}
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.wireless.enable = true;
hardware.enableRedistributableFirmware = true;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
'';
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.xrandrHeads = [
{ output = "DP-2"; primary = true; }
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
{ output = "DP-0"; }
];
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
'';
}

4
lass/1systems/helios/source.nix
View File

@ -1,4 +0,0 @@
import <stockholm/lass/source.nix> {
name = "helios";
secure = true;
}

1
lass/1systems/mors/config.nix
View File

@ -33,6 +33,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/dunst.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/print.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain

1
lass/1systems/prism/config.nix
View File

@ -175,7 +175,6 @@ with import <stockholm/lib>;
alias /var/realwallpaper/realwallpaper.png;
'';
}
<stockholm/lass/2configs/dcso-dev.nix>
{
users.users.jeschli = {
uid = genid "jeschli";

18
lass/2configs/baseX.nix
View File

@ -8,7 +8,6 @@ in {
./mpv.nix
./power-action.nix
./copyq.nix
./livestream.nix
./urxvt.nix
./network-manager.nix
{
@ -58,30 +57,18 @@ in {
programs.ssh.startAgent = true;
services.openssh.forwardX11 = true;
services.printing = {
enable = true;
drivers = [
pkgs.foomatic_filters
pkgs.gutenprint
];
};
environment.systemPackages = with pkgs; [
acpi
ag
bank
cabal2nix
cholerab
dic
dmenu
font-size
gi
gitAndTools.qgit
git-preview
gnome3.dconf
lm_sensors
mpv-poll
much
ncdu
nix-index
nix-repl
@ -90,18 +77,14 @@ in {
powertop
push
rxvt_unicode_with-plugins
slock
sxiv
taskwarrior
termite
timewarrior
xclip
xephyrify
xorg.xbacklight
xorg.xhost
xsel
youtube-tools
yt-next
zathura
];
@ -112,7 +95,6 @@ in {
xlibs.fontschumachermisc
];
#lass.xserver.enable = true;
services.xserver = {
enable = true;
layout = "us";

1
lass/2configs/blue.nix
View File

@ -12,6 +12,7 @@ with (import <stockholm/lib>);
environment.systemPackages = with pkgs; [
ag
nmap
git-preview
];
services.tor.enable = true;

3
lass/2configs/browsers.nix
View File

@ -29,7 +29,7 @@ let
environment.systemPackages = [
config.lass.xjail-bins.${name}
(pkgs.writeDashBin "cx-${name}" ''
DISPLAY=:${toString (genid_signed name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip
DISPLAY=:${toString (genid_uint31 name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip
'')
];
lass.browser.paths.${name} = {
@ -66,6 +66,7 @@ in {
extensions = [
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
"liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold
];
};

2
lass/2configs/ciko.nix
View File

@ -2,7 +2,7 @@
with import <stockholm/lib>;
{
users.users.ciko = {
uid = genid_signed "ciko";
uid = genid_uint31 "ciko";
description = "acc for ciko";
home = "/home/ciko";
useDefaultShell = true;

75
lass/2configs/dcso-dev.nix
View File

@ -1,75 +0,0 @@
{ config, lib, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
inherit (import <stockholm/lib>) genid;
in {
users.extraUsers = {
dev = {
name = "dev";
uid = genid "dev";
extraGroups = [ "docker" "vboxusers" ];
description = "user for collaborative development";
home = "/home/dev";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey
config.krebs.users.lass-mors.pubkey
config.krebs.users.jeschli-bln.pubkey
config.krebs.users.jeschli-brauerei.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB"
];
packages = with pkgs; [
emacs25-nox
(pkgs.symlinkJoin {
name = "tmux";
paths = [
(pkgs.writeDashBin "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g default-terminal screen-256color
#use session instead of windows
bind-key c new-session
bind-key p switch-client -p
bind-key n switch-client -n
bind-key C-s switch-client -l
''} "$@"
'')
pkgs.tmux
];
})
];
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT";}
{ predicate = "-p tcp --dport 9000"; target = "ACCEPT";}
];
krebs.per-user.dev.packages = [
pkgs.go
];
environment.variables.GOPATH = "$HOME/go";
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';
networking.interfaces.et0.ipv4.addresses = [
{ address = "10.99.23.1"; prefixLength = 24; }
];
virtualisation.docker.enable = true;
environment.etc."docker/daemon.json".source = pkgs.writeText "daemon.json" ''
{
"bip": "172.25.0.1/16"
}
'';
services.rabbitmq.enable = true;
services.postgresql.enable = true;
}

1
lass/2configs/exim-smarthost.nix
View File

@ -84,6 +84,7 @@ with import <stockholm/lib>;
{ from = "boardgamegeek@lassul.us"; to = lass.mail; }
{ from = "qwertee@lassul.us"; to = lass.mail; }
{ from = "zazzle@lassul.us"; to = lass.mail; }
{ from = "hackbeach@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

10
lass/2configs/print.nix Normal file
View File

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
services.printing = {
enable = true;
drivers = [
pkgs.foomatic_filters
pkgs.gutenprint
];
};
}

6
lass/2configs/urxvt.nix
View File

@ -19,9 +19,9 @@ with import <stockholm/lib>;
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.keysym.M-F1: command:\033]710;-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1\007\033]711;-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1\007
URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=15\007\033]711;xft:Monospace:size=15:bold\007
URxvt.keysym.M-F3: command:\033]710;xft:Monospace:size=20\007\033]711;xft:Monospace:size=20:bold\007
URxvt.keysym.M-F1: command:\033]710;${config.lass.fonts.regular}\007\033]711;${config.lass.fonts.bold}\007
URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=12\007\033]711;xft:Monospace:size=15:bold\007
URxvt.keysym.M-F3: command:\033]710;xft:Monospace:size=18\007\033]711;xft:Monospace:size=20:bold\007
URxvt.keysym.M-F4: command:\033]710;xft:Monospace:size=25\007\033]711;xft:Monospace:size=25:bold\007
URxvt.keysym.M-F5: command:\033]710;xft:Monospace:size=30\007\033]711;xft:Monospace:size=30:bold\007

18
lass/2configs/websites/domsen.nix
View File

@ -4,7 +4,7 @@ let
inherit (import <stockholm/lib>)
genid
genid_signed
genid_uint31
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
servePage
@ -134,7 +134,7 @@ in {
};
users.users.domsen = {
uid = genid_signed "domsen";
uid = genid_uint31 "domsen";
description = "maintenance acc for domsen";
home = "/home/domsen";
useDefaultShell = true;
@ -143,49 +143,49 @@ in {
};
users.users.bruno = {
uid = genid_signed "bruno";
uid = genid_uint31 "bruno";
home = "/home/bruno";
useDefaultShell = true;
createHome = true;
};
users.users.jla-trading = {
uid = genid_signed "jla-trading";
uid = genid_uint31 "jla-trading";
home = "/home/jla-trading";
useDefaultShell = true;
createHome = true;
};
users.users.jms = {
uid = genid_signed "jms";
uid = genid_uint31 "jms";
home = "/home/jms";
useDefaultShell = true;
createHome = true;
};
users.users.ms = {
uid = genid_signed "ms";
uid = genid_uint31 "ms";
home = "/home/ms";
useDefaultShell = true;
createHome = true;
};
users.users.testuser = {
uid = genid_signed "testuser";
uid = genid_uint31 "testuser";
home = "/home/testuser";
useDefaultShell = true;
createHome = true;
};
users.users.akayguen = {
uid = genid_signed "akayguen";
uid = genid_uint31 "akayguen";
home = "/home/akayguen";
useDefaultShell = true;
createHome = true;
};
users.users.bui = {
uid = genid_signed "bui";
uid = genid_uint31 "bui";
home = "/home/bui";
useDefaultShell = true;
createHome = true;

2
lass/3modules/xjail.nix
View File

@ -23,7 +23,7 @@ with import <stockholm/lib>;
};
display = mkOption {
type = types.string;
default = toString (genid_signed config._module.args.name);
default = toString (genid_uint31 config._module.args.name);
};
dpi = mkOption {
type = types.int;

4
lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -64,7 +64,7 @@ myTerm :: FilePath
myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc"
myFont :: String
myFont = "${config.lass.fonts.regular}"
myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"
main :: IO ()
main = getArgs >>= \case
@ -160,6 +160,8 @@ myKeyMap =
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
, ("M4-s", spawn "${pkgs.knav}/bin/knav")
--, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
--, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
--, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView))

26
lass/5pkgs/knav/default.nix Normal file
View File

@ -0,0 +1,26 @@
{ pkgs, ... }: let
keynavrc = pkgs.writeText "keynavrc" ''
clear
Escape quit
q record ~/.keynav_macros
shift+at playback
u history-back
a cut-left
s cut-down
w cut-up
d cut-right
shift+a move-left
shift+s move-down
shift+w move-up
shift+d move-right
t windowzoom
c cursorzoom 300 300
e warp
1 click 1
2 click 2
3 click 3
'';
in pkgs.writeScriptBin "knav" ''
${pkgs.keynav}/bin/keynav "loadconfig ${keynavrc}, start"
''

2
lib/default.nix
View File

@ -13,7 +13,7 @@ let
mod = x: y: x - y * (x / y);
genid = import ./genid.nix { inherit lib; };
genid_signed = x: ((lib.genid x) + 16777216) / 2;
genid_uint31 = x: ((lib.genid x) + 16777216) / 2;
lpad = n: c: s:
if lib.stringLength s < n

3
makefu/1systems/nextgum/config.nix
View File

@ -49,6 +49,7 @@ in {
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
<stockholm/makefu/2configs/binary-cache/server.nix>
<stockholm/makefu/2configs/iodined.nix>
## buildbot
@ -69,6 +70,8 @@ in {
#<stockholm/makefu/2configs/nginx/public_html.nix>
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/events-publisher>
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/graphs.nix>

14
makefu/1systems/nextgum/hardware-config.nix
View File

@ -45,12 +45,20 @@ in {
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
fsType = "ext4";
};
fileSystems."/var/lib" = {
device = "/dev/mapper/nixos-lib";
fsType = "ext4";
};
fileSystems."/var/download" = {
device = "/dev/mapper/nixos-download";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/sda2";
fsType = "vfat";
@ -69,7 +77,9 @@ in {
#pvcreate /dev/sda3
#pvcreate /dev/sdb1
#vgcreate nixos /dev/sda3 /dev/sdb1
#lvcreate -L 120G -n root nixos
#lvcreate -L 120G -m 1 -n root nixos
#lvcreate -L 50G -m 1 -n lib nixos
#lvcreate -L 50G -n download nixos
#mkfs.ext4 /dev/mapper/nixos-root
#mount /dev/mapper/nixos-root /mnt
#mkdir /mnt/boot

16
makefu/1systems/wbob/config.nix
View File

@ -39,20 +39,27 @@ in {
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/arafetch.nix>
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
<stockholm/makefu/2configs/deployment/bureautomation>
<stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
(let
collectd-port = 25826;
influx-port = 8086;
admin-port = 8083;
grafana-port = 3000; # TODO nginx forward
db = "collectd_db";
logging-interface = "enp0s25";
in {
networking.firewall.allowedTCPPorts = [ 3000 ];
networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ];
services.grafana.enable = true;
services.grafana.addr = "0.0.0.0";
@ -61,7 +68,7 @@ in {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":${toString influx-port}";
admin.bind-address = ":8083";
admin.bind-address = ":${toString admin-port}";
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
@ -125,7 +132,6 @@ in {
networking.firewall.allowedTCPPorts = [
655
8081 #smokeping
8086 #influx
49152
];
networking.firewall.trustedInterfaces = [ "enp0s25" ];

7
makefu/1systems/x/config.nix
View File

@ -8,6 +8,7 @@ with import <stockholm/lib>;
imports =
[ # base
<stockholm/makefu>
<stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
@ -54,7 +55,6 @@ with import <stockholm/lib>;
internalInterfaces = [ "vboxnet0" ];
};
}
# Services
<stockholm/makefu/2configs/git/brain-retiolum.nix>
<stockholm/makefu/2configs/tor.nix>
@ -64,6 +64,7 @@ with import <stockholm/lib>;
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
@ -125,7 +126,7 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.x;
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ];
networking.extraHosts = ''
192.168.1.11 omo.local
@ -133,6 +134,8 @@ with import <stockholm/lib>;
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
# avoid full boot dir
boot.loader.grub.configurationLimit = 3;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
nixpkgs.overlays = [ (import <python/overlay.nix>) ];

31
makefu/2configs/binary-cache/server.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, lib, pkgs, ...}:
{
# generate private key with:
# nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
services.nix-serve = {
enable = true;
secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
};
systemd.services.nix-serve = {
requires = ["secret.service"];
after = ["secret.service"];
};
krebs.secret.files.nix-serve-key = {
path = "/run/secret/nix-serve.key";
owner.name = "nix-serve";
source-path = toString <secrets> + "/nix-serve.key";
};
services.nginx = {
enable = true;
virtualHosts.nix-serve = {
serverAliases = [ "cache.gum.r"
"cache.euer.krebsco.de"
"cache.gum.krebsco.de"
];
locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
};
};
}

162
makefu/2configs/deployment/bureautomation/hass.nix
View File

@ -1,75 +1,125 @@
{ pkgs, lib, ... }:
let
firetv = "192.168.1.238";
in {
imports = [
<nixpkgs-unstable/nixos/modules/services/misc/home-assistant.nix>
tasmota_plug = name: topic: {
platform = "mqtt";
inherit name;
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
qos = 1;
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
retain= false;
};
espeasy_dht22 = name: [
{
platform = "mqtt";
device_class = "temperature";
state_topic = "/bam/${name}/dht22/Temperature";
availability_topic = "/bam/${name}/status/LWT";
payload_available = "Connected";
payload_not_available = "Connection Lost";
}
{
platform = "mqtt";
device_class = "humidity";
state_topic = "/bam/${name}/dht22/Temperature";
unit_of_measurement = "C";
availability_topic = "/bam/${name}/status/LWT";
payload_available = "Connected";
payload_not_available = "Connection Lost";
}];
espeasy_ds18 = name: [
{
platform = "mqtt";
device_class = "temperature";
state_topic = "/bam/${name}/ds18/Temperature";
availability_topic = "/bam/${name}/status/LWT";
payload_available = "Connected";
payload_not_available = "Connection Lost";
}
];
systemd.services.firetv = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
};
};
nixpkgs.config.packageOverrides = oldpkgs: {
home-assistant = (import <nixpkgs-unstable> {}).home-assistant;
};
ids.uids.hass = 286;
ids.gids.hass = 286;
in {
nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.65.5"
];
services.home-assistant = {
#panel_iframe:
#configurator:
# title: Configurator
# icon: mdi:wrench
# url: http://hassio.local:3218
# sensor:
# - platform: random
enable = true;
config = {
homeassistant = {
name = "Bureautomation";
time_zone = "Europe/Berlin";
};
panel_iframe = {
euer_blog = {
title = "Euer Blog";
icon = "mdi:wrench";
url = "https://euer.krebsco.de";
mqtt = {
broker = "localhost";
port = 1883;
client_id = "home-assistant";
keepalive = 60;
protocol = 3.1;
birth_message = {
topic = "/bam/hass/tele/LWT";
payload = "Online";
qos = 1;
retain = true;
};
will_message = {
topic = "/bam/hass/tele/LWT";
payload = "Offline";
qos = 1;
retain = true;
};
};
media_player = [
{ platform = "kodi";
host = firetv;
}
{ platform = "firetv";
# assumes python-firetv running
switch = [
(tasmota_plug "Bauarbeiterlampe" "plug")
(tasmota_plug "Blitzdings" "plug2")
(tasmota_plug "Fernseher" "plug3")
(tasmota_plug "Pluggy" "plug4")
];
binary_sensor = [
{ # esp_easy
platform = "mqtt";
device_class = "motion";
state_topic = "/bam/easy2/movement/Switch";
payload_on = "1";
payload_off = "0";
availability_topic = "/bam/easy2/status/LWT";
payload_available = "Connected";
payload_not_available = "Connection Lost";
}
];
sensor = [
{
platform = "luftdaten";
name = "Shack 1";
sensorid = "50";
monitored_conditions = [ "P1" "P2" ];
}
{
platform = "luftdaten";
name = "Shack 2";
sensorid = "658";
monitored_conditions = [ "P1" "P2" ];
}
{
platform = "luftdaten";
name = "Ditzingen";
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
{ platform = "random"; }
];
sensor =
(espeasy_dht22 "easy2") ++
[ (espeasy_ds18 "easy3" )
{ platform = "luftdaten";
name = "Ditzingen";
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
{ platform = "influxdb";
queries = [
{ name = "mean value of feinstaub P1";
where = '' "node" = 'esp8266-1355142' '';
measurement = "feinstaub";
database = "telegraf";
field = "P1";
}
{ name = "mean value of feinstaub P2";
where = '' "node" = 'esp8266-1355142' '';
measurement = "feinstaub";
database = "telegraf";
field = "P2";
}
];
}
];
frontend = { };
http = { };
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
};
};
}

67
makefu/2configs/deployment/bureautomation/home.nix Normal file
View File

@ -0,0 +1,67 @@
{ pkgs, lib, ... }:
let
firetv = "192.168.1.238";
in {
systemd.services.firetv = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
};
};
services.home-assistant = {
#panel_iframe:
#configurator:
# title: Configurator
# icon: mdi:wrench
# url: http://hassio.local:3218
# sensor:
# - platform: random
enable = true;
config = {
homeassistant = {
name = "Bureautomation";
time_zone = "Europe/Berlin";
};
panel_iframe = {
euer_blog = {
title = "Euer Blog";
icon = "mdi:wrench";
url = "https://euer.krebsco.de";
};
};
media_player = [
{ platform = "kodi";
host = firetv;
}
{ platform = "firetv";
# assumes python-firetv running
}
];
sensor = [
{
platform = "luftdaten";
name = "Shack 1";
sensorid = "50";
monitored_conditions = [ "P1" "P2" ];
}
{
platform = "luftdaten";
name = "Shack 2";
sensorid = "658";
monitored_conditions = [ "P1" "P2" ];
}
{
platform = "luftdaten";
name = "Ditzingen";
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
{ platform = "random"; }
];
frontend = { };
http = { };
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
};
};
}

48
makefu/2configs/deployment/events-publisher/default.nix Normal file
View File

@ -0,0 +1,48 @@
{ pkgs, ... }:
with import <stockholm/lib>;
let
shack-announce = pkgs.callPackage (builtins.fetchTarball {
url = "https://github.com/makefu/events-publisher/archive/5e7b083c63f25182a02c1fddb3d32cb9534fbc50.tar.gz";
sha256 = "1zzlhyj8fr6y3a3b6qlyrm474xxxs1ydqjpkd2jva3g1lnzlmvkp";
}) {} ;
home = "/var/lib/shackannounce";
user = "shackannounce";
creds = (toString <secrets>) + "/shack-announce.json";
in
{
users.users.${user}= {
uid = genid user;
inherit home;
createHome = true;
};
systemd.services.shack-announce = {
description = "Announce shack events";
startAt = "*:0/30";
path = [ shack-announce ];
serviceConfig = {
WorkingDirectory = home;
User = user;
PermissionsStartOnly = true;
ExecStartPre = pkgs.writeDash "shack-announce-pre" ''
set -eu
cp ${creds} creds.json
chown ${user} creds.json
'';
ExecStart = pkgs.writeDash "shack-announce" ''
if test ! -e announce.state; then
echo "initializing state"
announce-daemon \
--lol INFO \
--creds creds.json \
--state announce.state \
--clean --init
fi
echo "Running announce"
announce-daemon \
--lol INFO \
--creds creds.json \
--state announce.state
'';
};
};
}

10
makefu/2configs/deployment/owncloud.nix
View File

@ -108,7 +108,6 @@ let
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
@ -144,6 +143,8 @@ let
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
opcache.file_cache = .opcache
zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
display_errors = on
display_startup_errors = on
@ -155,6 +156,13 @@ let
extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
'';
systemd.services."nextcloud-cron-${domain}" = {
serviceConfig = {
User = "nginx";
ExecStart = "${pkgs.php}/bin/php -f ${root}/cron.php";
};
startAt = "*:0/15";
};
};
in {
imports = [

17
makefu/2configs/hw/mceusb.nix Normal file
View File

@ -0,0 +1,17 @@
{pkgs, lib, ...}:{
# Disable the MCE remote from acting like a keyboard. (We use lirc instead.)
services.xserver.inputClassSections = [''
Identifier "MCE USB Keyboard mimic blacklist"
Driver "mceusb"
MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
Option "Ignore" "on"
''];
boot.kernelPatches = lib.singleton {
name = "enable-lirc";
patch = null;
extraConfig = ''
LIRC y
'';
};
}

14
makefu/2configs/hw/network-manager.nix
View File

@ -22,15 +22,9 @@
};
networking.networkmanager.enable = true;
# TODO: put somewhere else
services.xserver.displayManager.sessionCommands = ''
${pkgs.clipit}/bin/clipit &
${pkgs.networkmanagerapplet}/bin/nm-applet &
'';
# nixOSUnstable
# networking.networkmanager.wifi = {
# powersave = true;
# scanRandMacAddress = true;
# };
networking.networkmanager.wifi = {
powersave = true;
scanRandMacAddress = true;
};
}

17
makefu/2configs/hw/stk1160.nix
View File

@ -1,13 +1,12 @@
{ pkgs, lib, ... }:
{
# TODO: un-pin linuxPackages somehow
nixpkgs.config.packageOverrides = pkgs: {
linux_4_14 = pkgs.linux_4_14.override {
extraConfig = ''
MEDIA_ANALOG_TV_SUPPORT y
VIDEO_STK1160_COMMON m
VIDEO_STK1160 m
'';
};
boot.kernelPatches = lib.singleton {
name = "enable-stk1160";
patch = null;
extraConfig = ''
MEDIA_ANALOG_TV_SUPPORT y
VIDEO_STK1160_COMMON m
VIDEO_STK1160 m
'';
};
}

24
makefu/2configs/nginx/gold.krebsco.de.nix Normal file
View File

@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
gold = pkgs.fetchFromGitHub {
owner = "krebs";
repo = "krebsgold";
rev = "15f7a74";
sha256= "1ya9xgg640k3hbl63022sfm44c1si2mxch8jkxindmwg4pa1y4ly";
};
in {
services.nginx = {
enable = mkDefault true;
virtualHosts = {
"gold.krebsco.de" = {
enableACME = true;
forceSSL = true;
root = toString gold + "/html";
};
};
};
}

7
makefu/2configs/nur.nix Normal file
View File

@ -0,0 +1,7 @@
{ pkgs, ... }:{
nixpkgs.config.packageOverrides = pkgs: {
nur = pkgs.callPackage (import (builtins.fetchGit {
url = "https://github.com/nix-community/NUR";
})) {};
};
}

1
makefu/2configs/stats/client.nix
View File

@ -31,6 +31,7 @@
FSType "tmpfs"
FSType "binfmt_misc"
FSType "debugfs"
FSType "tracefs"
FSType "mqueue"
FSType "hugetlbfs"
FSType "systemd-1"

2
makefu/2configs/task-client.nix
View File

@ -1,6 +1,6 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = [
users.users.makefu.packages = [
pkgs.taskwarrior
];

4
makefu/2configs/tools/core-gui.nix
View File

@ -1,10 +1,10 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
users.users.makefu.packages = with pkgs; [
chromium
clipit
feh
clipit
firefox
keepassx
pcmanfm

2
makefu/2configs/tools/desktop.nix
View File

@ -4,8 +4,10 @@
users.users.makefu.packages = with pkgs; [
taskwarrior
pass
gopass
mutt
weechat
tmux
];
}

2
makefu/2configs/tools/extra-gui.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs;[
users.users.makefu.packages = with pkgs;[
# media
gimp
inkscape

2
makefu/2configs/tools/media.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
users.users.makefu.packages = with pkgs; [
kodi
streamripper
youtube-dl

2
makefu/2configs/tools/sec.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
users.users.makefu.packages = with pkgs; [
aria2
# mitmproxy
pythonPackages.binwalk-full

18
makefu/2configs/torrent.nix
View File

@ -8,13 +8,13 @@ let
peer-port = 51412;
web-port = 8112;
daemon-port = 58846;
torrent-dir = config.makefu.dl-dir;
base-dir = config.makefu.dl-dir;
in {
users.users = {
download = {
name = "download";
home = torrent-dir;
home = base-dir;
uid = mkDefault (genid "download");
createHome = true;
useDefaultShell = true;
@ -25,10 +25,12 @@ in {
# todo: race condition, do this after download user has been created
system.activationScripts."download-dir-chmod" = ''
for i in finished watch torrents; do
mkdir -p "${torrent-dir}/$i"
chown download:download "${torrent-dir}/$i"
chmod 770 "${torrent-dir}/$i"
for i in finished watch; do
if test ! -d $i;then
mkdir -p "${base-dir}/$i"
chown rtorrent:download "${base-dir}/$i"
chmod 775 "${base-dir}/$i"
fi
done
'';
@ -42,6 +44,7 @@ in {
"nginx"
];
};
rtorrent.members = [ "download" ];
};
krebs.rtorrent = {
@ -54,7 +57,8 @@ in {
rutorrent.enable = true;
enableXMLRPC = true;
listenPort = peer-port;
workDir = torrent-dir;
downloadDir = base-dir + "/finished";
watchDir = base-dir + "/watch";
# dump old torrents into watch folder to have them re-added
};

7
makefu/5pkgs/awesomecfg/default.nix
View File

@ -2,7 +2,10 @@
, lib
, alsaUtils
, xbacklight
, modkey?"Mod4"
, networkmanagerapplet
, blueman
, clipit
, modkey ? "Mod4"
, locker? "${pkgs.xlock}/bin/xlock -mode blank"
, ... }:
@ -10,7 +13,7 @@
# replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@
full = lib.makeOverridable pkgs.substituteAll {
name = "awesome_full_config";
inherit alsaUtils locker xbacklight modkey;
inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit;
isExecutable = false;
src = ./full.cfg;
};

12
makefu/5pkgs/awesomecfg/full.cfg
View File

@ -568,6 +568,18 @@ local os = {
-- }}}
-- {{{ autostart
do
local cmds =
{
"@networkmanagerapplet@/bin/nm-applet",
"@blueman@/bin/blueman-applet",
"@clipit@/bin/clipit"
}
for _,i in pairs(cmds) do
awful.util.spawn(i)
end
end
-- }}}

3
makefu/source.nix
View File

@ -24,11 +24,10 @@ let
];
};
# TODO: automate updating of this ref + cherry-picks
ref = "14946ec63a1"; # nixos-18.03 @ 2018-05-31
ref = "8f991294288"; # nixos-18.03 @ 2018-08-06
# + do_sqlite3 ruby: 55a952be5b5
# + exfat-nofuse bump: ee6a5296a35
# + uhub/sqlite: 5dd7610401747
# + forecastio: f27584df02337
in
evalSource (toString _file) [