diff --git a/ci.nix b/ci.nix index a383a0631..16c866e76 100644 --- a/ci.nix +++ b/ci.nix @@ -16,6 +16,6 @@ let ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts; build = host: owner: - ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";}); + ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";}); in mapAttrs (n: h: build n h.owner.name) ci-systems diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index cf72e0d73..916073375 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,8 +12,8 @@ - - + + ]; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 914b38051..ec8830711 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -161,6 +161,7 @@ in users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.ulrich.pubkey + config.krebs.users.raute.pubkey config.krebs.users.makefu-omo.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix new file mode 100644 index 000000000..5dc24f1de --- /dev/null +++ b/krebs/2configs/exim-smarthost.nix @@ -0,0 +1,50 @@ +with import ; +{ config, ... }: let + + format = from: to: { + inherit from; + # TODO assert is-retiolum-mail-address to; + to = concatMapStringsSep "," (getAttr "mail") (toList to); + }; + +in { + krebs.exim-smarthost.internet-aliases = + mapAttrsToList format (with config.krebs.users; let + brain-ml = [ + lass + makefu + tv + ]; + eloop-ml = spam-ml ++ [ ciko ]; + spam-ml = [ + lass + makefu + tv + ]; + ciko.mail = "ciko@slash16.net"; + in { + "anmeldung@eloop.org" = eloop-ml; + "brain@krebsco.de" = brain-ml; + "cfp@eloop.org" = eloop-ml; + "kontakt@eloop.org" = eloop-ml; + "root@eloop.org" = eloop-ml; + "youtube@eloop.org" = eloop-ml; + "eloop2016@krebsco.de" = eloop-ml; + "eloop2017@krebsco.de" = eloop-ml; + "postmaster@krebsco.de" = spam-ml; # RFC 822 + "lass@krebsco.de" = lass; + "makefu@krebsco.de" = makefu; + "spam@krebsco.de" = spam-ml; + "tv@krebsco.de" = tv; + # XXX These are no internet aliases + # XXX exim-retiolum hosts should be able to relay to retiolum addresses + "lass@retiolum" = lass; + "makefu@retiolum" = makefu; + "spam@retiolum" = spam-ml; + "tv@retiolum" = tv; + "lass@r" = lass; + "makefu@r" = makefu; + "spam@r" = spam-ml; + "tv@r" = tv; + }); +} diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix new file mode 100644 index 000000000..8e5909e72 --- /dev/null +++ b/krebs/2configs/nscd-fix.nix @@ -0,0 +1,24 @@ +with import ; +{ pkgs, ... }: let + + enable = versionOlderThan "19.03"; + + versionOlderThan = v: + compareVersions + (versions.majorMinor version) + (versions.majorMinor v) + == -1; + + warning = '' + Using custom services.nscd.config because + https://github.com/NixOS/nixpkgs/pull/50316 + ''; + +in + optionalAttrs enable (trace warning { + services.nscd.enable = mkForce true; + services.nscd.config = mkForce (readFile (pkgs.fetchurl { + url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf; + sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs"; + })); + }) diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix deleted file mode 100644 index dc2838cae..000000000 --- a/krebs/2configs/reaktor-krebs.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; - -{ - krebs.Reaktor.krebs = { - nickname = "Reaktor|krebs"; - channels = [ - "#krebs" - "#nixos-wiki" - ]; - extraEnviron = { - REAKTOR_HOST = "irc.freenode.org"; - REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - task-add - task-delete - task-done - task-list - ] ++ - (attrValues (todo "agenda")) - ; - }; - krebs.secret.files.nix-serve-key = { - path = "/var/lib/Reaktor/reaktor_nickserv_password"; - owner.name = "Reaktor"; - source-path = toString + "/reaktor_nickserv_password"; - }; -} diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix deleted file mode 100644 index 824f59d09..000000000 --- a/krebs/2configs/reaktor-retiolum.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; - -{ - krebs.Reaktor.retiolum = { - nickname = "Reaktor|lass"; - channels = [ "#noise" "#xxx" ]; - extraEnviron = { - REAKTOR_HOST = "irc.r"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - task-add - task-delete - task-done - task-list - ] ++ - (attrValues (todo "agenda")) - ; - }; -} diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix new file mode 100644 index 000000000..ff6b539ba --- /dev/null +++ b/krebs/2configs/reaktor2.nix @@ -0,0 +1,152 @@ +with import ; +{ config, pkgs, ... }: + +let + #for shared state directory + stateDir = config.krebs.reaktor2.r.stateDir; + + generators = pkgs.reaktor2-plugins.generators; + hooks = pkgs.reaktor2-plugins.hooks; + commands = pkgs.reaktor2-plugins.commands; + + task = name: let + rcFile = builtins.toFile "taskrc" '' + confirmation=no + ''; + in { + pattern = "^${name}-([a-z]+)(?::\\s*(.*))?"; + activate = "match"; + command = 1; + arguments = [2]; + env.TASKDATA = "${stateDir}/${name}"; + commands = { + add.filename = pkgs.writeDash "${name}-task-add" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$1" + ''; + list.filename = pkgs.writeDash "${name}-task-list" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} export \ + | ${pkgs.jq}/bin/jq -r ' + .[] | select(.id != 0) | "\(.id) \(.description)" + ' + ''; + delete.filename = pkgs.writeDash "${name}-task-delete" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$1" + ''; + done.filename = pkgs.writeDash "${name}-task-done" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$1" + ''; + }; + }; + + systemPlugin = { + plugin = "system"; + config = { + workdir = stateDir; + hooks.JOIN = [ + { + activate = "always"; + command = { + filename = + "${pkgs.Reaktor.src}/reaktor/commands/tell-on_join"; + env = { + PATH = makeBinPath [ + pkgs.coreutils # XXX env, touch + pkgs.jq # XXX sed + pkgs.utillinux # XXX flock + ]; + state_file = "${stateDir}/tell.json"; + }; + }; + } + ]; + hooks.PRIVMSG = [ + { + pattern = "^bier bal(ance)*$"; + activate = "match"; + command = { + env = { + state_file = "${stateDir}/ledger"; + }; + filename = pkgs.writeDash "bier-balance" '' + ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ + | ${pkgs.coreutils}/bin/tail +2 \ + | ${pkgs.miller}/bin/mlr --icsv --opprint cat + ''; + }; + } + { + pattern = ''^(\S+)\s+([+-][1-9][0-9]*)\s+(\S+)$''; + activate = "match"; + arguments = [1 2 3]; + command = { + env = { + # TODO; get state as argument + state_file = "${stateDir}/ledger"; + }; + filename = pkgs.writeDash "ledger-add" '' + set -x + tonick=$1 + amt=$2 + unit=$3 + printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file + ''; + }; + } + hooks.sed + (generators.command_hook { + inherit (commands) hello random-emoji nixos-version stockholm-issue; + tell = { + filename = + "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg"; + env = { + PATH = makeBinPath [ + pkgs.coreutils # XXX date, env + pkgs.jq # XXX sed + pkgs.utillinux # XXX flock + ]; + state_file = "${stateDir}/tell.txt"; + }; + }; + }) + (task "agenda") + ]; + }; + }; + +in { + + krebs.reaktor2 = { + freenode = { + hostname = "irc.freenode.org"; + nick = "reaktor2|krebs"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#krebs" + ]; + }; + } + systemPlugin + ]; + username = "reaktor2"; + }; + r = { + nick = "reaktor2|krebs"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#noise" + "#xxx" + ]; + }; + } + systemPlugin + ]; + username = "reaktor2"; + }; + }; +} diff --git a/krebs/2configs/shack/mobile.mpd.nix b/krebs/2configs/shack/mobile.mpd.nix index 2dc466edb..751d233ec 100644 --- a/krebs/2configs/shack/mobile.mpd.nix +++ b/krebs/2configs/shack/mobile.mpd.nix @@ -1,5 +1,8 @@ {lib,pkgs, ... }: let + pkg = lib.overrideDerivation pkgs.ympd (old: { + patches = [ ./ympd-top-next.patch ]; + }); mpdHost = "mpd.shack"; ympd = name: port: let webPort = 10000 + port; @@ -7,7 +10,7 @@ let systemd.services."ympd-${name}" = { description = "mpd for ${name}"; wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody"; + serviceConfig.ExecStart = "${pkg}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody"; }; services.nginx.virtualHosts."mobile.${name}.mpd.shack" = { serverAliases = [ diff --git a/krebs/2configs/shack/ympd-top-next.patch b/krebs/2configs/shack/ympd-top-next.patch new file mode 100644 index 000000000..fd424f11a --- /dev/null +++ b/krebs/2configs/shack/ympd-top-next.patch @@ -0,0 +1,16 @@ +diff --git a/htdocs/index.html b/htdocs/index.html +index ed77279..eaf92b6 100644 +--- a/htdocs/index.html ++++ b/htdocs/index.html +@@ -76,6 +76,11 @@ + +
+
++ ++ + +
+ diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 669483f3c..308c6d41d 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -113,10 +113,11 @@ let ''; in nameValuePair "Reaktor-${name}" { path = with pkgs; [ - utillinux #flock for tell_on-join git # for nag + jq # for tell python # for caps - ]; + utillinux # flock for tell + ]; description = "Reaktor IRC Bot"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 2e7c61fb5..9303a81fb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -18,14 +18,17 @@ let ./charybdis.nix ./ci.nix ./current.nix + ./dns.nix ./exim.nix ./exim-retiolum.nix ./exim-smarthost.nix ./fetchWallpaper.nix ./github-hosts-sync.nix + ./github-known-hosts.nix ./git.nix ./go.nix ./hidden-ssh.nix + ./hosts.nix ./htgen.nix ./iana-etc.nix ./iptables.nix @@ -39,8 +42,10 @@ let ./per-user.nix ./power-action.nix ./Reaktor.nix + ./reaktor2.nix ./realwallpaper.nix ./retiolum-bootstrap.nix + ./retiolum-hosts.nix ./rtorrent.nix ./secret.nix ./setuid.nix @@ -58,28 +63,10 @@ let api = { enable = mkEnableOption "krebs"; - dns = { - providers = mkOption { - type = with types; attrsOf str; - }; - }; - - hosts = mkOption { - type = with types; attrsOf host; - default = {}; - }; - users = mkOption { type = with types; attrsOf user; }; - # XXX is there a better place to define search-domain? - # TODO search-domains :: listOf hostname - search-domain = mkOption { - type = types.hostname; - default = "r"; - }; - sitemap = mkOption { default = {}; type = types.attrsOf types.sitemap.entry; @@ -125,6 +112,8 @@ let w = "hosts"; }; + krebs.dns.search-domain = mkDefault "r"; + krebs.users = { krebs = { home = "/krebs"; @@ -137,93 +126,6 @@ let }; }; - networking.extraHosts = let - domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers); - check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; - in concatStringsSep "\n" (flatten ( - mapAttrsToList (hostname: host: - mapAttrsToList (netname: net: - let - aliases = longs ++ shorts; - longs = filter check net.aliases; - shorts = let s = ".${cfg.search-domain}"; in - map (removeSuffix s) (filter (hasSuffix s) longs); - in - optionals - (aliases != []) - (map (addr: "${addr} ${toString aliases}") net.addrs) - ) (filterAttrs (name: host: host.aliases != []) host.nets) - ) cfg.hosts - )); - - # TODO dedup with networking.extraHosts - nixpkgs.config.packageOverrides = oldpkgs: - let - domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers); - check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; - in - { - retiolum-hosts = oldpkgs.writeText "retiolum-hosts" '' - ${concatStringsSep "\n" (flatten ( - map (host: - let - net = host.nets.retiolum; - aliases = longs; - longs = filter check net.aliases; - in - optionals - (aliases != []) - (map (addr: "${addr} ${toString aliases}") net.addrs) - ) (filter (host: hasAttr "retiolum" host.nets) - (attrValues cfg.hosts))))} - ''; - }; - - krebs.exim-smarthost.internet-aliases = let - format = from: to: { - inherit from; - # TODO assert is-retiolum-mail-address to; - to = concatMapStringsSep "," (getAttr "mail") (toList to); - }; - in mapAttrsToList format (with config.krebs.users; let - brain-ml = [ - lass - makefu - tv - ]; - eloop-ml = spam-ml ++ [ ciko ]; - spam-ml = [ - lass - makefu - tv - ]; - ciko.mail = "ciko@slash16.net"; - in { - "anmeldung@eloop.org" = eloop-ml; - "brain@krebsco.de" = brain-ml; - "cfp@eloop.org" = eloop-ml; - "kontakt@eloop.org" = eloop-ml; - "root@eloop.org" = eloop-ml; - "youtube@eloop.org" = eloop-ml; - "eloop2016@krebsco.de" = eloop-ml; - "eloop2017@krebsco.de" = eloop-ml; - "postmaster@krebsco.de" = spam-ml; # RFC 822 - "lass@krebsco.de" = lass; - "makefu@krebsco.de" = makefu; - "spam@krebsco.de" = spam-ml; - "tv@krebsco.de" = tv; - # XXX These are no internet aliases - # XXX exim-retiolum hosts should be able to relay to retiolum addresses - "lass@retiolum" = lass; - "makefu@retiolum" = makefu; - "spam@retiolum" = spam-ml; - "tv@retiolum" = tv; - "lass@r" = lass; - "makefu@r" = makefu; - "spam@r" = spam-ml; - "tv@r" = tv; - }); - services.openssh.hostKeys = let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) (mkForce [privkey]); @@ -238,31 +140,6 @@ let }; }) // - { - github = { - hostNames = [ - "github.com" - # List generated with - # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob - "192.30.252.*" - "192.30.253.*" - "192.30.254.*" - "192.30.255.*" - "185.199.108.*" - "185.199.109.*" - "185.199.110.*" - "185.199.111.*" - "13.229.188.59" - "13.250.177.223" - "18.194.104.89" - "18.195.85.27" - "35.159.8.160" - "52.74.223.119" - ]; - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; - }; - } - // mapAttrs (name: host: { hostNames = @@ -272,8 +149,8 @@ let let longs = net.aliases; shorts = - map (removeSuffix ".${cfg.search-domain}") - (filter (hasSuffix ".${cfg.search-domain}") + map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") longs); add-port = a: if net.ssh.port != 22 @@ -297,8 +174,8 @@ let (concatMap (host: attrValues host.nets) (mapAttrsToList (_: host: recursiveUpdate host - (optionalAttrs (hasAttr config.krebs.search-domain host.nets) { - nets."" = host.nets.${config.krebs.search-domain} // { + (optionalAttrs (hasAttr cfg.dns.search-domain host.nets) { + nets."" = host.nets.${cfg.dns.search-domain} // { aliases = [host.name]; addrs = []; }; diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix new file mode 100644 index 000000000..b7e2a2cbb --- /dev/null +++ b/krebs/3modules/dns.nix @@ -0,0 +1,12 @@ +with import ; +{ + options = { + krebs.dns.providers = mkOption { + type = types.attrsOf types.str; + }; + + krebs.dns.search-domain = mkOption { + type = types.hostname; + }; + }; +} diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index baa49dbe0..089113ac6 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -84,8 +84,8 @@ in { nets = rec { internet = { # eve.thalheim.io - ip4.addr = "188.68.39.17"; - ip6.addr = "2a03:4000:13:31e::1"; + ip4.addr = "95.216.112.61"; + ip6.addr = "2a01:4f9:2b:1605::1"; aliases = [ "eve.i" ]; }; retiolum = { @@ -141,6 +141,29 @@ in { }; }; }; + idontcare = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.idontcare.nets.retiolum.ip4.addr + config.krebs.hosts.idontcare.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.177"; + aliases = [ "idontcare.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O + qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A + OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An + lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb + O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw + jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; justraute = { owner = config.krebs.users.raute; # laptop nets = { @@ -344,6 +367,30 @@ in { }; }; }; + matchbox = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.176"; + aliases = [ "matchbox.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m + VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w + nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u + TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE + TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 + yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO + 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 + Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ + bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 + nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR + /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; miaoski = { owner = config.krebs.users.miaoski; nets = { @@ -369,7 +416,7 @@ in { pubkey = ssh-for "kmein"; }; Mic92 = { - mail = "joerg@higgsboson.tk"; + mail = "joerg@thalheim.io"; pubkey = ssh-for "Mic92"; }; palo = { diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix new file mode 100644 index 000000000..def06f17a --- /dev/null +++ b/krebs/3modules/github-known-hosts.nix @@ -0,0 +1,40 @@ +{ + services.openssh.knownHosts.github = { + hostNames = [ + "github.com" + # List generated with + # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R . + "192.30.252.*" + "192.30.253.*" + "192.30.254.*" + "192.30.255.*" + "185.199.108.*" + "185.199.109.*" + "185.199.110.*" + "185.199.111.*" + "140.82.112.*" + "140.82.113.*" + "140.82.114.*" + "140.82.115.*" + "140.82.116.*" + "140.82.117.*" + "140.82.118.*" + "140.82.119.*" + "140.82.120.*" + "140.82.121.*" + "140.82.122.*" + "140.82.123.*" + "140.82.124.*" + "140.82.125.*" + "140.82.126.*" + "140.82.127.*" + "13.229.188.59" + "13.250.177.223" + "18.194.104.89" + "18.195.85.27" + "35.159.8.160" + "52.74.223.119" + ]; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; + }; +} diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix new file mode 100644 index 000000000..0985bb539 --- /dev/null +++ b/krebs/3modules/hosts.nix @@ -0,0 +1,35 @@ +with import ; +{ config, ... }: let + # TODO dedup functions with ./retiolum-hosts.nix + check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; + domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers); +in { + + options = { + krebs.hosts = mkOption { + default = {}; + type = types.attrsOf types.host; + }; + }; + + config = { + networking.hosts = + filterAttrs + (_name: value: value != []) + (zipAttrsWith + (_: concatLists) + (concatMap + (host: + concatMap + (net: let + aliases = longs ++ shorts; + longs = filter check net.aliases; + shorts = let s = ".${config.krebs.dns.search-domain}"; in + map (removeSuffix s) (filter (hasSuffix s) longs); + in + map (addr: { ${addr} = aliases; }) net.addrs) + (attrValues host.nets)) + (attrValues config.krebs.hosts))); + }; + +} diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index a7a07a8e6..5beb859aa 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -13,7 +13,7 @@ in { }); default = {}; }; - config = { + config = mkIf (cfg != {}) { environment = { etc = mapAttrs' diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix new file mode 100644 index 000000000..e3e6ddf4f --- /dev/null +++ b/krebs/3modules/reaktor2.nix @@ -0,0 +1,71 @@ +with import ; +{ config, pkgs, ... }: { + + options.krebs.reaktor2 = mkOption { + default = {}; + type = types.attrsOf (types.submodule (self: let + name = self.config._module.args.name; + in { + options = { + nick = mkOption { + default = name; + # TODO types.irc.nickname + type = types.str; + }; + hostname = mkOption { + default = "irc.r"; + type = types.hostname; + }; + port = mkOption { + default = "6667"; + # TODO type = types.service-name + }; + plugins = mkOption { + default = []; + type = types.listOf types.attrs; + }; + stateDir = mkOption { + default = "/var/lib/${self.config.username}"; + readOnly = true; + type = types.absolute-pathname; + }; + systemd-service-name = mkOption { + default = "reaktor2${optionalString (name != "default") "-${name}"}"; + type = types.filename; + }; + username = mkOption { + default = self.config.systemd-service-name; + type = types.username; + }; + useTLS = mkOption { + default = self.config.port == "6697"; + type = types.bool; + }; + }; + })); + }; + + config = { + systemd.services = flip mapAttrs' config.krebs.reaktor2 (_: cfg: + nameValuePair cfg.systemd-service-name { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = cfg.username; + Group = "reaktor2"; + DynamicUser = true; + StateDirectory = cfg.username; + ExecStart = let + configFile = pkgs.writeJSON configFileName configValue; + configFileName = "${cfg.systemd-service-name}.config.json"; + configValue = recursiveUpdate { + logTime = false; + } (removeAttrs cfg ["_module"]); + in "${pkgs.reaktor2}/bin/reaktor ${configFile}"; + Restart = "always"; + RestartSec = "30"; + }; + } + ); + }; +} diff --git a/krebs/3modules/retiolum-hosts.nix b/krebs/3modules/retiolum-hosts.nix new file mode 100644 index 000000000..ddf85ead7 --- /dev/null +++ b/krebs/3modules/retiolum-hosts.nix @@ -0,0 +1,28 @@ +with import ; +{ config, ... }: let + # TODO dedup functions with ./hosts.nix + check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; + domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers); +in { + nixpkgs.config.packageOverrides = super: { + retiolum-hosts = + super.writeText "retiolum-hosts" '' + ${ + concatStringsSep + "\n" + (flatten + (map + (host: let + net = host.nets.retiolum; + aliases = longs; + longs = filter check net.aliases; + in + optionals + (aliases != []) + (map (addr: "${addr} ${toString aliases}") net.addrs)) + (filter (host: hasAttr "retiolum" host.nets) + (attrValues config.krebs.hosts)))) + } + ''; + }; +} diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index ecd449b09..24eac7158 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -27,6 +27,7 @@ let "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' Name = ${tinc.config.host.name} Interface = ${netname} + Broadcast = no ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} PrivateKeyFile = ${tinc.config.privkey.path} Port = ${toString tinc.config.host.nets.${netname}.tinc.port} diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 84c00e82d..dc04b6a72 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -22,6 +22,8 @@ foldl' mergeAttrs {} }; }); + reaktor2 = self.haskellPackages.reaktor2; + ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {}; # https://github.com/proot-me/PRoot/issues/106 diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index 59c5b7984..97e4a717c 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -7,8 +7,8 @@ with import ; sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1"; }; "18.09" = { - version = "1.2.0"; - sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300"; + version = "2.1.0"; + sha256 = "0wc8v48bb0bkvypc0j6imvnf8xc8572hykk9sgjhzf2w0ggqxv5d"; }; }.${versions.majorMinor nixpkgsVersion}; diff --git a/krebs/5pkgs/simple/much/cabal.nix b/krebs/5pkgs/haskell/much.nix similarity index 80% rename from krebs/5pkgs/simple/much/cabal.nix rename to krebs/5pkgs/haskell/much.nix index 09bc7b5df..db168f8a1 100644 --- a/krebs/5pkgs/simple/much/cabal.nix +++ b/krebs/5pkgs/haskell/much.nix @@ -8,11 +8,12 @@ }: mkDerivation { pname = "much"; - version = "1.1.0"; + version = "1.2.0"; src = fetchgit { - url = "http://cgit.ni.krebsco.de/much"; - sha256 = "1325554zymr1dd0clj8c5ygl70c791csvs0hz33jcfr6b8wysdrl"; - rev = "dfec37d848e11c00d9b7f03295af1fc7b0e83ef5"; + url = "https://cgit.krebsco.de/much"; + sha256 = "0gfvppi8acylz0q7xh8dkm3dj676d4sc1m1gxwp663bkn4748873"; + rev = "8fc4fbb5bb7781626da8f63cd8df8bb0f554cfe7"; + fetchSubmodules = true; }; isLibrary = false; isExecutable = true; diff --git a/krebs/5pkgs/haskell/reaktor2.nix b/krebs/5pkgs/haskell/reaktor2.nix new file mode 100644 index 000000000..40c628802 --- /dev/null +++ b/krebs/5pkgs/haskell/reaktor2.nix @@ -0,0 +1,27 @@ +{ mkDerivation, aeson, async, attoparsec, base, blessings +, bytestring, containers, data-default, fetchgit, filepath +, hashable, lens, lens-aeson, network, network-simple +, network-simple-tls, pcre-light, process, random, stdenv +, string-conversions, stringsearch, text, time, transformers +, unagi-chan, unix, unordered-containers, vector +}: +mkDerivation { + pname = "reaktor2"; + version = "0.2.1"; + src = fetchgit { + url = "https://cgit.krebsco.de/reaktor2"; + sha256 = "0wg76wlzfi893rl0lzhfs6bkpdcvwvgl6mpnz6w7r8f7znr4a9vr"; + rev = "0e199f7a357a4c5973e5837ec67699cf224ca69c"; + fetchSubmodules = true; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + aeson async attoparsec base blessings bytestring containers + data-default filepath hashable lens lens-aeson network + network-simple network-simple-tls pcre-light process random + string-conversions stringsearch text time transformers unagi-chan + unix unordered-containers vector + ]; + license = stdenv.lib.licenses.mit; +} diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix index 3ef9ffb7d..a88db6379 100644 --- a/krebs/5pkgs/simple/Reaktor/default.nix +++ b/krebs/5pkgs/simple/Reaktor/default.nix @@ -2,7 +2,7 @@ python3Packages.buildPythonPackage rec { name = "Reaktor-${version}"; - version = "0.6.2"; + version = "0.7.0"; doCheck = false; @@ -13,8 +13,8 @@ python3Packages.buildPythonPackage rec { src = fetchFromGitHub { owner = "krebs"; repo = "Reaktor"; - rev = version; - sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m"; + rev = "v${version}"; + sha256 = "12yy06vk0smjs0rmahrn2kd4bcdh1yjw1fz6rifw6nmgx889d9hj"; }; meta = { homepage = http://krebsco.de/; diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index 6f59ad1de..1b19a1178 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -146,58 +146,36 @@ rec { ''; }); - taskrcFile = builtins.toFile "taskrc" '' - confirmation=no - ''; - - task-add = buildSimpleReaktorPlugin "task-add" { - pattern = "^task-add: (?P.*)$$"; - script = pkgs.writeDash "task-add" '' - ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} add "$*" - ''; - }; - - task-list = buildSimpleReaktorPlugin "task-list" { - pattern = "^task-list"; - script = pkgs.writeDash "task-list" '' - ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"' - ''; - }; - - task-delete = buildSimpleReaktorPlugin "task-delete" { - pattern = "^task-delete: (?P.*)$$"; - script = pkgs.writeDash "task-delete" '' - ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} delete "$*" - ''; - }; - - task-done = buildSimpleReaktorPlugin "task-done" { - pattern = "^task-done: (?P.*)$$"; - script = pkgs.writeDash "task-done" '' - ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} done "$*" - ''; - }; - - todo = name: { - add = buildSimpleReaktorPlugin "${name}-add" { + task = name: let + rcFile = builtins.toFile "taskrc" '' + confirmation=no + ''; + in { + add = buildSimpleReaktorPlugin "${name}-task-add" { pattern = "^${name}-add: (?P.*)$$"; script = pkgs.writeDash "${name}-add" '' - echo "$*" >> ${name}-todo - echo "added ${name} todo" + TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$*" ''; }; - delete = buildSimpleReaktorPlugin "${name}-delete" { + + list = buildSimpleReaktorPlugin "task-list" { + pattern = "^${name}-list"; + script = pkgs.writeDash "task-list" '' + TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"' + ''; + }; + + delete = buildSimpleReaktorPlugin "task-delete" { pattern = "^${name}-delete: (?P.*)$$"; - script = pkgs.writeDash "${name}-delete" '' - ${pkgs.gnugrep}/bin/grep -Fvxe "$*" ${name}-todo > ${name}-todo.tmp - ${pkgs.coreutils}/bin/mv ${name}-todo.tmp ${name}-todo - echo "removed ${name} todo: $*" + script = pkgs.writeDash "task-delete" '' + TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$*" ''; }; - show = buildSimpleReaktorPlugin "${name}-show" { - pattern = "^${name}-show$"; - script = pkgs.writeDash "${name}-show" '' - ${pkgs.coreutils}/bin/cat ${name}-todo + + done = buildSimpleReaktorPlugin "task-done" { + pattern = "^${name}-done: (?P.*)$$"; + script = pkgs.writeDash "task-done" '' + TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$*" ''; }; }; diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh b/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh old mode 100644 new mode 100755 index 386aa68b9..6f3dd4a3f --- a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh +++ b/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh @@ -1,5 +1,5 @@ #!/bin/sh -curl http://emojicons.com/random -s | \ +curl -sS http://emojicons.com/random | \ grep data-text | \ sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \ head -n 1 | \ diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh b/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh old mode 100644 new mode 100755 diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py old mode 100644 new mode 100755 index ecb03917b..4925b25bb --- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py @@ -46,7 +46,7 @@ if is_regex(line): print('to many lines, skipped') else: if last.strip() != ret.strip(): - print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) + print("\x02{}\x02 meant: {}".format(usr, ret.strip())) if ret: d[usr] = ret diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh old mode 100644 new mode 100755 diff --git a/krebs/5pkgs/simple/much/default.nix b/krebs/5pkgs/simple/much/default.nix deleted file mode 100644 index cf55eb537..000000000 --- a/krebs/5pkgs/simple/much/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ haskellPackages, ... }: - -haskellPackages.callPackage ./cabal.nix {} diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins.nix new file mode 100644 index 000000000..48464c0b6 --- /dev/null +++ b/krebs/5pkgs/simple/reaktor2-plugins.nix @@ -0,0 +1,106 @@ +with import ; +{ lib, pkgs, ... }: + +rec { + generators = { + command_hook = commands: { + pattern = + "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$"; + command = 1; + arguments = [2]; + commands = commands; + }; + }; + + commands = { + + hello = { + filename = "${pkgs.Reaktor.src}/reaktor/commands/hello"; + }; + + random-emoji = { + filename = ; + env = { + PATH = makeBinPath (with pkgs; [ coreutils gnused gnugrep xmlstarlet wget ]); + }; + }; + + nixos-version = { + filename = pkgs.writeDash "nixos-version" '' + . /etc/os-release + echo "$PRETTY_NAME" + ''; + }; + + stockholm-issue = { + filename = ; + env = { + PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]); + origin = "http://cgit.gum/stockholm"; + state_dir = "/tmp/stockholm-issue"; + }; + }; + + }; + + hooks = { + + sed = { + activate = "always"; + pattern = "^(.*)$"; + arguments = [1]; + command = { + env = { + PATH = makeBinPath (with pkgs; [ gnused ]); + state_dir = "/tmp"; + }; + filename = pkgs.writeDash "sed-plugin" '' + set -efu + exec ${pkgs.python3}/bin/python \ + ${} "$@" + ''; + }; + }; + + shack-correct = { + activate = "match"; + pattern = "^(.*Shack.*)$"; + arguments = [1]; + command.filename = ; + }; + + + url-title = { + #pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$"; + pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } '' + import cgi + import sys + import urllib.request + from bs4 import BeautifulSoup + + try: + req = urllib.request.Request(sys.argv[1]) + req.add_header('user-agent', 'Reaktor-url-title') + resp = urllib.request.urlopen(req) + if resp.headers['content-type'].find('text/html') >= 0: + soup = BeautifulSoup(resp.read(16000), "lxml") + title = soup.find('title').string + + if len(title.split('\n')) > 5: + title = '\n'.join(title.split('\n')[:5]) + + print(title[:450]) + else: + cd_header = resp.headers['content-disposition'] + print(cgi.parse_header(cd_header)[1]['filename']) + except: # noqa: E722 + pass + ''; + }; + }; + }; +} diff --git a/krebs/krops.nix b/krebs/krops.nix index ab7524941..94418fdc2 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -9,15 +9,21 @@ krebs-source = { test ? false }: rec { nixpkgs = if test then { - file = { - path = toString (pkgs.fetchFromGitHub { + derivation = let + rev = (lib.importJSON ./nixpkgs.json).rev; + sha256 = (lib.importJSON ./nixpkgs.json).sha256; + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; + pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs"; - rev = (lib.importJSON ./nixpkgs.json).rev; - sha256 = (lib.importJSON ./nixpkgs.json).sha256; - }); - useChecksum = true; - }; + rev = "${rev}"; + sha256 = "${sha256}"; + } + ''; } else { git = { ref = (lib.importJSON ./nixpkgs.json).rev; diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 821c79cde..614d5bccf 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "b9fa31cea0e119ecf1867af4944ddc2f7633aacd", - "date": "2018-12-22T15:37:52+00:00", - "sha256": "1iqdra7nvcwbydjirjsk71rpzk4ljc0gzqy33fcp8l18y8iwh47k", + "rev": "97e0d53d669cd07f0750a42fd535524b3cdd46d1", + "date": "2019-01-15T00:11:44+01:00", + "sha256": "111xa7qn9142dar29cil4br2mvn8f1rbiy310lkhwl73126fq8dw", "fetchSubmodules": false } diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 8f748ab8f..a52771a4d 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,11 +1,20 @@ { lib, pkgs, ... }: { nixpkgs = lib.mkForce { - file = toString (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; + derivation = let rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - }); + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; + pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = "${rev}"; + sha256 = "${sha256}"; + } + ''; }; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index b39f03df9..f35ebff56 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -35,6 +35,8 @@ with import ; + + { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index df2778bef..23746d210 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -36,10 +36,10 @@ with import ; # TODO write function for proxy_pass (ssl/nonssl) krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; } ]; } { @@ -379,6 +379,7 @@ with import ; name = "download"; home = "/var/download"; useDefaultShell = true; + uid = genid "download"; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-shodan.pubkey @@ -420,6 +421,16 @@ with import ; { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } ]; } + { + nix.trustedUsers = [ "Mic92" ]; + users.users.Mic92 = { + uid = genid_uint31 "Mic92"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.Mic92.pubkey + ]; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 116bdb92f..9a84e9d63 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -40,6 +40,16 @@ fsType = "zfs"; }; + fileSystems."/var/lib/nextcloud" = { + device = "tank/nextcloud"; + fsType = "zfs"; + }; + + fileSystems."/var/lib/libvirt" = { + device = "tank/libvirt"; + fsType = "zfs"; + }; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; @@ -53,9 +63,15 @@ defaultGateway = "95.216.1.129"; # Use google's public DNS server nameservers = [ "8.8.8.8" ]; - interfaces.eth0 = { - ipAddress = "95.216.1.150"; - prefixLength = 26; - }; + interfaces.eth0.ipv4.addresses = [ + { + address = "95.216.1.150"; + prefixLength = 26; + } + { + address = "95.216.1.130"; + prefixLength = 26; + } + ]; }; } diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 58fa564a1..9d8bcd7be 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -88,7 +88,7 @@ with import ; client dev tun proto udp - remote 82.102.16.229 1194 + remote 89.249.65.83 1194 resolv-retry infinite remote-random nobind @@ -103,13 +103,9 @@ with import ; reneg-sec 0 comp-lzo no - explicit-exit-notify 3 - remote-cert-tls server - #mute 10000 auth-user-pass ${toString } - verb 3 pull fast-io @@ -118,32 +114,33 @@ with import ; -----BEGIN CERTIFICATE----- - MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD - VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH - Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw - bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y - ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG - A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT - B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2 - cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v - cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG - UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny - mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X - +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT - ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI - 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA - VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT - Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh - MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ - MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy - Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW - EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ - e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW - //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB - wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB - KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p - lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9 + MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ + MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2 + MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV + BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI + hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF + kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr + XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU + eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV + skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu + MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA + 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR + hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s + Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy + WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6 + MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST + LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG + SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g + nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/ + k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S + DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/ + pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo + k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp + +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd + NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa + wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC + VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S + PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA== -----END CERTIFICATE----- key-direction 1 @@ -152,23 +149,24 @@ with import ; # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- - 49b2f54c6ee58d2d97331681bb577d55 - 054f56d92b743c31e80b684de0388702 - ad3bf51088cd88f3fac7eb0729f2263c - 51d82a6eb7e2ed4ae6dfa65b1ac764d0 - b9dedf1379c1b29b36396d64cb6fd6b2 - e61f869f9a13001dadc02db171f04c4d - c46d1132c1f31709e7b54a6eabae3ea8 - fbd2681363c185f4cb1be5aa42a27c31 - 21db7b2187fd11c1acf224a0d5a44466 - b4b5a3cc34ec0227fe40007e8b379654 - f1e8e2b63c6b46ee7ab6f1bd82f57837 - 92c209e8f25bc9ed493cb5c1d891ae72 - 7f54f4693c5b20f136ca23e639fd8ea0 - 865b4e22dd2af43e13e6b075f12427b2 - 08af9ffd09c56baa694165f57fe2697a - 3377fa34aebcba587c79941d83deaf45 + e685bdaf659a25a200e2b9e39e51ff03 + 0fc72cf1ce07232bd8b2be5e6c670143 + f51e937e670eee09d4f2ea5a6e4e6996 + 5db852c275351b86fc4ca892d78ae002 + d6f70d029bd79c4d1c26cf14e9588033 + cf639f8a74809f29f72b9d58f9b8f5fe + fc7938eade40e9fed6cb92184abb2cc1 + 0eb1a296df243b251df0643d53724cdb + 5a92a1d6cb817804c4a9319b57d53be5 + 80815bcfcb2df55018cc83fc43bc7ff8 + 2d51f9b88364776ee9d12fc85cc7ea5b + 9741c4f598c485316db066d52db4540e + 212e1518a9bd4828219e24b20d88f598 + a196c9de96012090e333519ae18d3509 + 9427e7b372d348d352dc4c85e18cd4b9 + 3f8a56ddb2e64eb67adfc9b337157ff4 -----END OpenVPN Static key V1----- + ''; } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1f2bb511f..1d2d1173d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,7 +9,6 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix - ./nfs-dl.nix { hardware.pulseaudio = { enable = true; @@ -75,12 +74,11 @@ in { nmap pavucontrol powertop - rxvt_unicode_with-plugins + rxvt_unicode-with-plugins sxiv taskwarrior termite xclip - xephyrify xorg.xbacklight xorg.xhost xsel diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 62a42baf9..2547e8bac 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,6 +2,7 @@ with import ; { config, pkgs, ... }: { imports = [ + ./binary-cache/client.nix ./gc.nix ./mc.nix @@ -72,7 +73,6 @@ with import ; krebs = { enable = true; - search-domain = "r"; build.user = config.krebs.users.lass; }; @@ -82,9 +82,6 @@ with import ; services.timesyncd.enable = mkForce true; - #why is this on in the first place? - services.nscd.enable = false; - systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; @@ -116,6 +113,7 @@ with import ; #network iptables iftop + tcpdump #stuff for dl aria2 diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index f487a9910..555295422 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -96,6 +96,7 @@ with import ; { from = "nordvpn@lassul.us"; to = lass.mail; } { from = "csv-direct@lassul.us"; to = lass.mail; } { from = "nintendo@lassul.us"; to = lass.mail; } + { from = "overleaf@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 62e3f6d52..a3acb82bb 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -74,7 +74,6 @@ in { createHome = true; useDefaultShell = true; packages = with pkgs; [ - ftb minecraft steam-run dolphinEmu diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index c5073e384..a1bb26049 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import ; { nix.gc = { - automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer); + automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer); }; } diff --git a/lass/2configs/hardening.nix b/lass/2configs/hardening.nix new file mode 100644 index 000000000..aee4bf06f --- /dev/null +++ b/lass/2configs/hardening.nix @@ -0,0 +1,11 @@ +{ pkgs, lib, ... }: +with lib; +{ + security.chromiumSuidSandbox.enable = true; + security.lockKernelModules = false; + boot.kernel.sysctl."user.max_user_namespaces" = 63414; + + imports = [ + + ]; +} diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 21b9d7b49..52d380b7c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -51,7 +51,7 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; - india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ]; + india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; meetup = [ "to:meetup@lassul.us" ]; @@ -225,7 +225,7 @@ in { msmtp mutt pkgs.notmuch - pkgs.much + pkgs.haskellPackages.much tag-new-mails tag-old-mails ]; diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 987632cd1..f88b2627b 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -170,32 +170,45 @@ in { }; }; - krebs.Reaktor.playlist = { - nickname = "the_playlist|r"; - channels = [ - "#the_playlist" - "#krebs" - ]; - extraEnviron = { - REAKTOR_HOST = "irc.freenode.org"; - }; - plugins = with pkgs.ReaktorPlugins; [ - (buildSimpleReaktorPlugin "skip" { - script = "${skip_track}/bin/skip_track"; - pattern = "^skip$"; - }) - (buildSimpleReaktorPlugin "current" { - script = "${print_current}/bin/print_current"; - pattern = "^current$"; - }) - (buildSimpleReaktorPlugin "suggest" { - script = "${pkgs.writeDash "suggest" '' - echo "$@" >> $HOME/playlist_suggest - ''}"; - pattern = "^suggest: (?P.*)$"; - }) + krebs.reaktor2.the_playlist = { + hostname = "irc.freenode.org"; + port = "6697"; + useTLS = true; + nick = "the_playlist"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#the_playlist" + "#krebs" + ]; + }; + } + { + plugin = "system"; + config = { + workdir = config.krebs.reaktor2.the_playlist.stateDir; + hooks.PRIVMSG = [ + { + activate = "match"; + pattern = ''!([^ ]+)(?:\s*(.*))?''; + command = 1; + arguments = [2]; + commands = { + skip.filename = "${skip_track}/bin/skip_track"; + current.filename = "${print_current}/bin/print_current"; + suggest.filename = pkgs.writeDash "suggest" '' + echo "$@" >> playlist_suggest + ''; + }; + } + ]; + }; + } ]; }; + services.nginx = { enable = true; virtualHosts."radio.lassul.us" = { diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 7cdcdf20c..4baec1976 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -1,99 +1,93 @@ { config, lib, pkgs, ... }: with import ; -{ - krebs.Reaktor.coders = { - nickname = "Reaktor|lass"; - channels = [ "#coders" "#germany" "#panthermoderns" ]; - extraEnviron = { - REAKTOR_HOST = "irc.hackint.org"; - }; - plugins = with pkgs.ReaktorPlugins; let - - lambdabot = (import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs"; - rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; - sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; - }) {}).lambdabot; - - lambdabotflags = '' - -XStandaloneDeriving -XGADTs -XFlexibleContexts \ - -XFlexibleInstances -XMultiParamTypeClasses \ - -XOverloadedStrings -XFunctionalDependencies \''; - in [ - sed-plugin - url-title - (buildSimpleReaktorPlugin "lambdabot-pl" { - pattern = "^@pl (?P.*)$$"; - script = pkgs.writeDash "lambda-pl" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@pl $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-type" { - pattern = "^@type (?P.*)$$"; - script = pkgs.writeDash "lambda-type" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@type $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-let" { - pattern = "^@let (?P.*)$$"; - script = pkgs.writeDash "lambda-let" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@let $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-run" { - pattern = "^@run (?P.*)$$"; - script = pkgs.writeDash "lambda-run" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@run $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "ping" { - pattern = "^!ping (?P.*)$$"; - script = pkgs.writeDash "ping" '' - exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 - ''; - }) - (buildSimpleReaktorPlugin "google" { - pattern = "^!g (?P.*)$$"; - script = pkgs.writeDash "google" '' - exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ - ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' - ''; - }) - (buildSimpleReaktorPlugin "blockchain" { - pattern = ".*[Bb]lockchain.*$$"; - script = pkgs.writeDash "blockchain" '' - exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline' - ''; - }) - (buildSimpleReaktorPlugin "shrug" { - pattern = "^!shrug$"; - script = pkgs.writeDash "shrug" '' - exec echo '¯\_(ツ)_/¯' - ''; - }) - (buildSimpleReaktorPlugin "flip" { - pattern = "^!flip$"; - script = pkgs.writeDash "shrug" '' - exec echo '(╯°□°)╯ ┻━┻' - ''; - }) +let + hooks = pkgs.reaktor2-plugins.hooks; +in { + krebs.reaktor2.coders = { + hostname = "irc.hackint.org"; + port = "9999"; + useTLS = true; + nick = "reaktor2|lass"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#coders" + "#germany" + "#panthermoderns" + ]; + }; + } + { + plugin = "system"; + config = { + workdir = config.krebs.reaktor2.coders.stateDir; + hooks.PRIVMSG = [ + hooks.sed + hooks.url-title + { + activate = "match"; + pattern = ''@([^ ]+) (.*)$''; + command = 1; + arguments = [2]; + env.HOME = config.krebs.reaktor2.coders.stateDir; + commands = let + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" '' + exec ${lambdabot}/bin/lambdabot \ + -XStandaloneDeriving -XGADTs -XFlexibleContexts \ + -XFlexibleInstances -XMultiParamTypeClasses \ + -XOverloadedStrings -XFunctionalDependencies \ + -e "$@" + ''; + in { + pl.filename = pkgs.writeDash "lambdabot-pl" '' + ${lambdabotWrapper} "@pl $1" + ''; + type.filename = pkgs.writeDash "lambdabot-type" '' + ${lambdabotWrapper} "@type $1" + ''; + "let".filename = pkgs.writeDash "lambdabot-let" '' + ${lambdabotWrapper} "@let $1" + ''; + run.filename = pkgs.writeDash "lambdabot-run" '' + ${lambdabotWrapper} "@run $1" + ''; + kind.filename = pkgs.writeDash "lambdabot-kind" '' + ${lambdabotWrapper} "@kind $1" + ''; + }; + } + { + activate = "match"; + pattern = ''!([^ ]+)(?:\s*(.*))?''; + command = 1; + arguments = [2]; + commands = { + ping.filename = pkgs.writeDash "ping" '' + exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 + ''; + google.filename = pkgs.writeDash "google" '' + exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ + ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' + ''; + shrug.filename = pkgs.writeDash "shrug" '' + exec echo '¯\_(ツ)_/¯' + ''; + table.filename = pkgs.writeDash "table" '' + exec echo '(╯°□°)╯ ┻━┻' + ''; + }; + } + ]; + }; + } ]; }; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 25dac0ac4..7fb248139 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -88,6 +88,20 @@ in { file_uploads = on ''; + services.nextcloud = { + enable = true; + hostName = "o.xanf.org"; + config = { + adminpassFile = toString + "/nextcloud_pw"; + }; + #https = true; + nginx.enable = true; + }; + services.nginx.virtualHosts."o.xanf.org" = { + enableACME = true; + forceSSL = true; + }; + # MAIL STUFF # TODO: make into its own module services.dovecot2 = { @@ -141,6 +155,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.UBIK-SFTP = { + uid = genid_uint31 "UBIK-SFTP"; + home = "/home/UBIK-SFTP"; + useDefaultShell = true; + createHome = true; + }; + users.users.xanf = { uid = genid_uint31 "xanf"; home = "/home/xanf"; @@ -213,5 +234,22 @@ in { createHome = true; }; + services.restic.backups.domsen = { + initialize = true; + extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; + repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + passwordFile = toString + "/domsen_backup_pw"; + paths = [ + "/srv/http" + "/home/domsen/Mail" + "/home/ms/Mail" + "/home/klabusterbeere/Mail" + "/home/jms/Mail" + "/home/bruno/Mail" + "/home/akayguen/Mail" + "/backups/sql_dumps" + ]; + }; + } diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 307f1c2b3..27cadd100 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -101,6 +101,9 @@ in { locations."/pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; ''; + locations."/pub1".extraConfig = '' + alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; + ''; }; security.acme.certs."cgit.lassul.us" = { diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 2cf6a66b9..613c7c8ac 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -14,6 +14,5 @@ _: ./umts.nix ./usershadow.nix ./xjail.nix - ./xserver ]; } diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix deleted file mode 100644 index cdd80857a..000000000 --- a/lass/3modules/xserver/default.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ config, pkgs, ... }@args: -with import ; -let - - out = { - options.lass.xserver = api; - config = mkIf cfg.enable imp; - }; - - user = config.krebs.build.user; - - cfg = config.lass.xserver; - xcfg = config.services.xserver; - api = { - enable = mkEnableOption "lass xserver"; - }; - imp = { - - services.xserver = { - enable = true; - display = 11; - tty = 11; - }; - - systemd.services.display-manager.enable = false; - - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = { - DISPLAY = ":${toString xcfg.display}"; - - XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & - ${xcfg.displayManager.sessionCommands} - if test -z "$DBUS_SESSION_BUS_ADDRESS"; then - exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" "" - fi - export DBUS_SESSION_BUS_ADDRESS - ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS - wait - ''; - - XMONAD_DATA_DIR = "/tmp"; - }; - serviceConfig = { - SyslogIdentifier = "xmonad"; - ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; - ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; - User = user.name; - WorkingDirectory = user.home; - }; - }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" - ]; - reloadIfChanged = true; - environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" xcfg.drivers)); - }; - serviceConfig = { - SyslogIdentifier = "xserver"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = toString [ - "${pkgs.xorg.xorgserver}/bin/X" - ":${toString xcfg.display}" - "vt${toString xcfg.tty}" - "-config ${import ./xserver.conf.nix args}" - "-logfile /dev/null -logverbose 0 -verbose 3" - "-nolisten tcp" - "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" - (optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}") - ]; - User = user.name; - }; - }; - krebs.xresources.resources.dpi = '' - ${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"} - ''; - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - SyslogIdentifier = "urxvtd"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; - }; - }; - -in out diff --git a/lass/3modules/xserver/xserver.conf.nix b/lass/3modules/xserver/xserver.conf.nix deleted file mode 100644 index 6f34e0150..000000000 --- a/lass/3modules/xserver/xserver.conf.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -let - cfg = config.services.xserver; -in - -pkgs.stdenv.mkDerivation { - name = "xserver.conf"; - - xfs = optionalString (cfg.useXFS != false) - ''FontPath "${toString cfg.useXFS}"''; - - inherit (cfg) config; - - buildCommand = - '' - echo 'Section "Files"' >> $out - echo $xfs >> $out - - for i in ${toString config.fonts.fonts}; do - if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then - for j in $(find $i -name fonts.dir); do - echo " FontPath \"$(dirname $j)\"" >> $out - done - fi - done - - for i in $(find ${toString cfg.modules} -type d); do - if test $(echo $i/*.so* | wc -w) -ne 0; then - echo " ModulePath \"$i\"" >> $out - fi - done - - echo 'EndSection' >> $out - - echo "$config" >> $out - ''; -} diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 483e37bc8..1f2e7110e 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -41,6 +41,7 @@ import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Minimize (minimize) import XMonad.Layout.NoBorders (smartBorders) +import XMonad.Layout.MouseResizableTile (mouseResizableTile) import XMonad.Layout.SimplestFloat (simplestFloat) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) @@ -93,7 +94,7 @@ main' = do myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat) + defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile) floatHooks :: Query (Endo WindowSet) floatHooks = composeOne diff --git a/makefu/0tests/data/secrets/nixos-community b/makefu/0tests/data/secrets/nixos-community new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index 1a617e52d..e40042b2d 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -2,6 +2,7 @@ { imports = [ + ./hardware-config.nix # configure your hw: # @@ -11,43 +12,10 @@ tinc.retiolum.enable = true; build.host = config.krebs.hosts.cake; }; - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" ]; - programs.info.enable = false; - programs.man.enable = false; + documentation.info.enable = false; + documentation.man.enable = false; services.nixosManual.enable = false; - boot.tmpOnTmpfs = lib.mkForce false; sound.enable = false; - hardware.enableRedistributableFirmware = true; - hardware.firmware = [ - (pkgs.stdenv.mkDerivation { - name = "broadcom-rpi3-rest"; - src = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/54bab3d/brcm80211/brcm/brcmfmac43430-sdio.txt"; - sha256 = "19bmdd7w0xzybfassn7x4rb30l70vynnw3c80nlapna2k57xwbw7"; - }; - phases = [ "installPhase" ]; - installPhase = '' - mkdir -p $out/lib/firmware/brcm - cp $src $out/lib/firmware/brcm/brcmfmac43430-sdio.txt - ''; - }) - ]; - networking.wireless.enable = true; - -# File systems configuration for using the installer's partition layout - fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/NIXOS_BOOT"; - fsType = "vfat"; - }; - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - }; - }; } diff --git a/makefu/1systems/cake/hardware-config.nix b/makefu/1systems/cake/hardware-config.nix new file mode 100644 index 000000000..d021f9458 --- /dev/null +++ b/makefu/1systems/cake/hardware-config.nix @@ -0,0 +1,42 @@ +{ pkgs, lib, ... }: +{ + # raspi3 + boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ]; + boot.loader.grub.enable = false; + boot.loader.raspberryPi.enable = true; + boot.loader.raspberryPi.version = 3; + boot.loader.raspberryPi.uboot.enable = true; + boot.loader.raspberryPi.uboot.configurationLimit = 3; + boot.loader.raspberryPi.firmwareConfig = '' + gpu_mem=32 + arm_freq=1350 + core_freq=500 + over_voltage=4 + disable_splash=1 + # bye bye warranty + force_turbo=1 + ''; + boot.loader.generationsDir.enable = lib.mkDefault false; + + boot.tmpOnTmpfs = lib.mkForce false; + boot.cleanTmpDir = true; + hardware.enableRedistributableFirmware = true; + + ## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747 + # boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages_latest; + environment.systemPackages = [ pkgs.raspberrypi-tools ]; + networking.wireless.enable = true; + # File systems configuration for using the installer's partition layout + swapDevices = [ { device = "/var/swap"; size = 2048; } ]; + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; +} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 97b4555a5..e274b4bf8 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -22,6 +22,8 @@ in { }; } + + # @@ -123,8 +125,7 @@ in { # # - - + # diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index e9670a5a4..542b79fe7 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -34,7 +34,7 @@ in { prefixLength = external-netmask6; }]; }; - defaultGateway6 = external-gw6; + defaultGateway6 = { address = external-gw6; interface = ext-if; }; defaultGateway = external-gw; }; boot.kernelParams = [ ]; diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index 1e36c6e87..43586ede4 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -2,4 +2,5 @@ name="gum"; torrent = true; clever_kexec = true; + home-manager = true; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 5a4eea2e4..138735d91 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -14,10 +14,12 @@ + # + # Debugging # @@ -64,11 +66,12 @@ # - # + # Hardware + # # diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 6d64848f5..f223081e9 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -3,6 +3,8 @@ with import ; let ident = (builtins.readFile ./auphonic.pub); + bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log"; + bgterror = "/var/spool/nginx/logs/binaergewitter.error.log"; in { services.openssh = { allowSFTP = true; @@ -21,6 +23,19 @@ in { useDefaultShell = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; }; + services.logrotate = { + enable = true; + config = '' + ${bgtaccess} ${bgterror} { + rotate 5 + weekly + create 600 nginx nginx + postrotate + ${pkgs.systemd}/bin/systemctl reload nginx + endscript + } + ''; + }; services.nginx = { enable = lib.mkDefault true; recommendedGzipSettings = true; @@ -29,10 +44,21 @@ in { serverAliases = [ "dl2.binaergewitter.de" ]; root = "/var/www/binaergewitter"; extraConfig = '' - access_log /var/spool/nginx/logs/binaergewitter.access.log combined; - error_log /var/spool/nginx/logs/binaergewitter.error.log error; + access_log ${bgtaccess} combined; + error_log ${bgterror} error; autoindex on; ''; }; }; + environment.etc."netdata/python.d/web_log.conf".text = '' + nginx_log3: + name: 'nginx' + path: '/var/spool/nginx/logs/access.log' + nginx_log4: + name: 'bgt' + path: '${bgtaccess}' + ''; + + users.users.netdata.extraGroups = [ "nginx" ]; + } diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 3897537ea..917044d63 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -5,7 +5,7 @@ let port = 3001; runit = pkgs.writeDash "runit" '' set -xeuf - PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin + PATH=${pkgs.mosquitto}/bin:${pkgs.coreutils}/bin name=''${1?must provide name as first arg} state=''${2?must provide state as second arg} # val=''${3?must provide val as third arg} @@ -14,9 +14,10 @@ let test $state = alerting || exit 0 echo $name - $state - curl 'http://bauarbeiterlampe/ay?o=1' + topic=plug + mosquitto_pub -t /bam/$topic/cmnd/POWER -m ON sleep 5 - curl 'http://bauarbeiterlampe/ay?o=1' + mosquitto_pub -t /bam/$topic/cmnd/POWER -m OFF ''; in { services.logstash = { diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix index a89a4813f..b70c9b030 100644 --- a/makefu/2configs/bureautomation/hass.nix +++ b/makefu/2configs/bureautomation/hass.nix @@ -1,20 +1,50 @@ { pkgs, lib, ... }: let - tasmota_plug = name: topic: + tasmota_rgb = name: topic: +# LED WS2812b +# effect_state_topic: "stat/led/Scheme" +# effect_command_topic: "cmnd/led/Scheme" +# effect_value_template: "{{ value_json.Scheme }}" { platform = "mqtt"; inherit name; - state_topic = "/bam/${topic}/stat/POWER1"; - command_topic = "/bam/${topic}/cmnd/POWER1"; + retain = false; + qos = 1; + optimistic = false; + # state + # TODO: currently broken, will not use the custom state topic + state_topic = "/bam/${topic}/stat/POWER"; + command_topic = "/bam/${topic}/cmnd/POWER"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + # brightness + brightness_state_topic = "/bam/${topic}/stat/Dimmer"; + brightness_command_topic = "/bam/${topic}/cmnd/Dimmer"; + brightness_value_template = "{{ value_json.Dimmer }}"; + brightness_scale = 100; + # color + rgb_state_topic = "/bam/${topic}/stat/Color"; + rgb_command_topic = "/bam/${topic}/cmnd/Color2"; + rgb_command_mode = "hex"; + rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; + # effects + effect_state_topic = "/bam/${topic}/stat/Scheme"; + effect_command_topic = "/bam/${topic}/cmnd/Scheme"; + effect_value_template = "{{ value_json.Scheme }}"; + effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ]; +}; + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/bam/${topic}/stat/POWER"; + command_topic = "/bam/${topic}/cmnd/POWER"; availability_topic = "/bam/${topic}/tele/LWT"; payload_on= "ON"; payload_off= "OFF"; payload_available= "Online"; payload_not_available= "Offline"; - }; - tasmota_stecki = name: topic: - ( tasmota_plug name topic) // - { state_topic = "/bam/${topic}/stat/POWER"; - command_topic = "/bam/${topic}/cmnd/POWER"; }; espeasy_dht22 = name: [ { platform = "mqtt"; @@ -77,8 +107,12 @@ in { switch = [ (tasmota_plug "Bauarbeiterlampe" "plug") (tasmota_plug "Blitzdings" "plug2") - (tasmota_stecki "Fernseher" "fernseher") - (tasmota_plug "Pluggy" "plug4") + (tasmota_plug "Fernseher" "plug3") + (tasmota_plug "Feuer" "plug4") + (tasmota_plug "Nachtlicht" "plug5") + ]; + light = [ + (tasmota_rgb "Status Felix" "status1") ]; binary_sensor = [ { platform = "mqtt"; @@ -174,12 +208,16 @@ in { }; automation = [ "automation.turn_off_fernseher_10_minutes_after_last_movement" + "automation.turn_off_nachtlicht_on_sunrise" + "automation.turn_on_nachtlicht_on_motion_and_dusk" ]; switches = [ "switch.bauarbeiterlampe" "switch.blitzdings" "switch.fernseher" - "switch.pluggy" + "switch.feuer" + "switch.nachtlicht" + "light.status_felix" ]; camera = [ "camera.Baumarkt" @@ -212,11 +250,55 @@ in { }; action = { service = "homeassistant.turn_on"; - entity_id = [ "switch.fernseher" "switch.blitzdings" ]; + entity_id = [ + "switch.fernseher" + "switch.feuer" + "light.status_felix" + ]; + }; + } + { + alias = "Turn off Nachtlicht on sunrise"; + trigger = + { + platform = "sun"; + event = "sunrise"; + }; + action = + { + service = "homeassistant.turn_off"; + entity_id = [ "switch.nachtlicht" ]; + }; + } + { + alias = "Turn on Nachtlicht on motion and dusk"; + trigger = + { + platform = "state"; + entity_id = "binary_sensor.motion"; + to = "on"; + }; + condition = # 'when dark' + { + condition = "or"; + conditions = [ + { condition = "sun"; + after = "sunset"; + after_offset = "-00:45:00"; # on dusk + } + { condition = "sun"; + before = "sunrise"; + } + ]; + }; + action = + { + service = "homeassistant.turn_on"; + entity_id = [ "switch.nachtlicht" ]; }; } { alias = "Turn off Fernseher 10 minutes after last movement"; - trigger = [ + trigger = [ { # trigger when movement was detected at the time platform = "state"; entity_id = "binary_sensor.motion"; @@ -231,7 +313,11 @@ in { ]; action = { service = "homeassistant.turn_off"; - entity_id = [ "switch.fernseher" "switch.blitzdings" ]; + entity_id = [ + "switch.fernseher" + "switch.feuer" + "light.status_felix" + ]; }; condition = { condition = "and"; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 61cba86d9..177114a49 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -36,7 +36,6 @@ with import ; enable = true; dns.providers.lan = "hosts"; - search-domain = "r"; build.user = config.krebs.users.makefu; }; @@ -85,5 +84,5 @@ with import ; SystemMaxUse=1G RuntimeMaxUse=128M ''; - + environment.pathsToLink = [ "/share" ]; } diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index cfde0aba8..d7c082662 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -169,6 +169,7 @@ in { ( serveCloud [ "o.euer.krebsco.de" ] ) ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; services.redis.enable = true; services.mysql = { enable = false; diff --git a/makefu/2configs/dict.nix b/makefu/2configs/dict.nix new file mode 100644 index 000000000..6db9102ba --- /dev/null +++ b/makefu/2configs/dict.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: +{ + services.dictd.enable = true; + services.dictd.DBs = with pkgs.dictdDBs; [ wiktionary wordnet deu2eng eng2deu ]; +} diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index 6bcd09826..63ce6201a 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -28,6 +28,7 @@ in windowManager = { awesome.enable = true; + awesome.noArgb = true; awesome.luaModules = [ pkgs.luaPackages.vicious ]; default = "awesome"; }; diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix index 64aa03bd7..6b5d26111 100644 --- a/makefu/2configs/home-manager/cli.nix +++ b/makefu/2configs/home-manager/cli.nix @@ -1,4 +1,5 @@ {pkgs, ... }: { + imports = [ ./zsh.nix ]; home-manager.users.makefu = { services.gpg-agent = { enable = true; @@ -9,7 +10,34 @@ enableSshSupport = true; enableScDaemon = true; }; - programs.fzf.enable = true; # alt-c + programs.direnv = { + stdlib = '' +use_nix() { + local cache=".direnv.$(nixos-version --hash)" + + if [[ ! -e "$cache" ]] || \ + [[ "$HOME/.direnvrc" -nt "$cache" ]] || \ + [[ ".envrc" -nt "$cache" ]] || \ + [[ "default.nix" -nt "$cache" ]] || \ + [[ "shell.nix" -nt "$cache" ]]; + then + local tmp="$(mktemp "$${cache}.tmp-XXXXXXXX")" + trap "rm -rf '$tmp' >/dev/null" EXIT + nix-shell --show-trace "$@" --run 'direnv dump' > "$tmp" && \ + mv "$tmp" "$cache" + fi + + direnv_load cat "$cache" + + if [[ $# = 0 ]]; then + watch_file default.nix + watch_file shell.nix + rm direnv.* 2>/dev/null + fi +} +''; + enableZshIntegration = true; + }; }; services.udev.packages = [ pkgs.libu2f-host diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix index ce98e651a..3be020faa 100644 --- a/makefu/2configs/home-manager/desktop.nix +++ b/makefu/2configs/home-manager/desktop.nix @@ -1,11 +1,14 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, ... }: { + users.users.makefu.packages = with pkgs;[ bat direnv clipit ]; home-manager.users.makefu = { + systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.networkmanagerapplet}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; programs.firefox.enable = true; + programs.obs-studio.enable = true; + xdg.enable = true; services.network-manager-applet.enable = true; - systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; services.blueman-applet.enable = true; services.pasystray.enable = true; systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) ); @@ -34,7 +37,7 @@ }; Service = { - Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; + Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.clipit}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; ExecStart = "${pkgs.clipit}/bin/clipit"; Restart = "on-abort"; }; diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix new file mode 100644 index 000000000..59658e667 --- /dev/null +++ b/makefu/2configs/home-manager/zsh.nix @@ -0,0 +1,126 @@ +{ pkgs, ... }: +{ + imports = [ + { #direnv + home-manager.users.makefu.home.packages = [ pkgs.direnv ]; + home-manager.users.makefu.home.file.".direnvrc".text = '' + use_nix() { + local path="$(nix-instantiate --find-file nixpkgs)" + + if [ -f "$${path}/.version-suffix" ]; then + local version="$(< $path/.version-suffix)" + elif [ -f "$path/.version" ]; then + local version="$(< $path/.version)" + else + local version="$(< $(< $path/.git/HEAD))" + fi + + local cache=".direnv/cache-''${version:-unknown}" + + if [[ ! -e "$cache" ]] || \ + [[ "$HOME/.direnvrc" -nt "$cache" ]] || \ + [[ .envrc -nt "$cache" ]] || \ + [[ default.nix -nt "$cache" ]] || \ + [[ shell.nix -nt "$cache" ]]; + then + [ -d .direnv ] || mkdir .direnv + local tmp=$(nix-shell --show-trace "$@" \ + --run "\"$direnv\" dump bash") + echo "$tmp" > "$cache" + fi + + local path_backup=$PATH term_backup=$TERM + direnv_load cat "$cache" + + export PATH=$PATH:$path_backup TERM=$term_backup + + if [[ $# = 0 ]]; then + watch_file default.nix + watch_file shell.nix + fi + } + ''; + home-manager.users.makefu.programs.zsh.initExtra = '' + nixify() { + if [ ! -e ./.envrc ]; then + echo "use nix" > .envrc + direnv allow + fi + if [ ! -e default.nix ]; then + cat > default.nix <<'EOF' + with import {}; + stdenv.mkDerivation { + name = "env"; + buildInputs = [ + bashInteractive + ]; + } + EOF + ''${EDITOR:-vim} default.nix + fi + } + eval "$(direnv hook zsh)" + ''; + } + { # bat + home-manager.users.makefu.home.packages = [ pkgs.bat ]; + home-manager.users.makefu.programs.zsh.shellAliases = { + cat = "bat"; + catn = "${pkgs.coreutils}/bin/cat"; + }; + } + ]; + environment.pathsToLink = [ "/share/zsh" ]; + home-manager.users.makefu = { + programs.fzf.enable = false; # alt-c + programs.zsh = { + enable = true; + enableAutosuggestions = false; + enableCompletion = true; + oh-my-zsh.enable = false; + history = { + size = 900001; + save = 900001; + ignoreDups = true; + extended = true; + share = true; + }; + sessionVariables = { + TERM = "rxvt-unicode-256color"; + LANG = "en_US.UTF8"; + LS_COLORS = ":di=1;31:"; + EDITOR = "vim"; + }; + shellAliases = { + lsl = "ls -lAtr"; + t = "task"; + xo = "mimeopen"; + nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; + }; + initExtra = '' + bindkey -e + # shift-tab + bindkey '^[[Z' reverse-menu-complete + bindkey "\e[3~" delete-char + zstyle ':completion:*' menu select + + setopt HIST_IGNORE_ALL_DUPS + setopt HIST_IGNORE_SPACE + setopt HIST_FIND_NO_DUPS + + unset SSH_AGENT_PID + export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + compdef _pass brain + zstyle ':completion::complete:brain::' prefix "$HOME/brain" + compdef _pass secrets + zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" + + # ctrl-x ctrl-e + autoload -U edit-command-line + zle -N edit-command-line + bindkey '^xe' edit-command-line + bindkey '^x^e' edit-command-line + ''; + }; + }; +} diff --git a/makefu/2configs/hw/malduino_elite.nix b/makefu/2configs/hw/malduino_elite.nix new file mode 100644 index 000000000..1af85493f --- /dev/null +++ b/makefu/2configs/hw/malduino_elite.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +{ + + services.udev.extraRules = '' + ACTION!="add|change", GOTO="mm_usb_device_blacklist_local_end" + SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_local_end" + ENV{DEVTYPE}!="usb_device", GOTO="mm_usb_device_blacklist_local_end" + + ATTRS{idVendor}=="1b4f" ATTRS{idProduct}=="9204", ENV{ID_MM_DEVICE_IGNORE}="1" + ATTRS{idVendor}=="1b4f" ATTRS{idProduct}=="9203", ENV{ID_MM_DEVICE_IGNORE}="1" + + LABEL="mm_usb_device_blacklist_local_end" + ''; +} diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index fb1a67358..0889ebbc1 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -6,7 +6,8 @@ in { services.printing = { enable = true; drivers = with pkgs; [ - samsungUnifiedLinuxDriver + # samsungUnifiedLinuxDriver + splix # scx 3200 cups-dymo # dymo labelwriter foo2zjs # magicolor 1690mf cups-zj-58 diff --git a/makefu/2configs/remote-build/aarch64-community.nix b/makefu/2configs/remote-build/aarch64-community.nix new file mode 100644 index 000000000..d57eacd68 --- /dev/null +++ b/makefu/2configs/remote-build/aarch64-community.nix @@ -0,0 +1,15 @@ +{ + nix = { + distributedBuilds = true; + buildMachines = [ + { + hostName = "aarch64.nixos.community"; + maxJobs = 64; + sshKey = toString ; + sshUser = "makefu"; + system = "aarch64-linux"; + supportedFeatures = [ "big-parallel" ]; + } + ]; + }; +} diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index 9dedafdd2..05560db90 100644 --- a/makefu/2configs/tools/android-pentest.nix +++ b/makefu/2configs/tools/android-pentest.nix @@ -1,6 +1,7 @@ { pkgs, ... }: { + nixpkgs.config.android_sdk.accept_license = true; users.users.makefu.packages = with pkgs; [ mitmproxy nmap diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 09ee63498..0c877fc7b 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -4,6 +4,7 @@ users.users.makefu.packages = with pkgs;[ python3 python3Packages.pyserial + picocom python3Packages.virtualenv # embedded gi @@ -22,6 +23,7 @@ cdrtools # nix related nix-index + nix-review # git-related tig ]; diff --git a/makefu/2configs/virtualisation/virtualbox.nix b/makefu/2configs/virtualisation/virtualbox.nix index e90cc1e8d..a8a50939f 100644 --- a/makefu/2configs/virtualisation/virtualbox.nix +++ b/makefu/2configs/virtualisation/virtualbox.nix @@ -2,8 +2,7 @@ { virtualisation.virtualbox.host.enable = true; - nixpkgs.config.virtualbox.enableExtensionPack = true; - virtualisation.virtualbox.host.enableHardening = false; - + virtualisation.virtualbox.host.enableExtensionPack = true; + # virtualisation.virtualbox.host.enableHardening = false; users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ]; } diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 23ae572da..e0ea046cf 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -1,83 +1,11 @@ { config, lib, pkgs, ... }: -## -with import ; let mainUser = config.krebs.build.user.name; in { - users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; programs.zsh= { enable = true; - enableCompletion = true ; #manually at the end - interactiveShellInit = '' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - SAVEHIST=$HISTSIZE - HISTFILE=$HOME/.zsh_history - - setopt HIST_IGNORE_ALL_DUPS - setopt HIST_IGNORE_SPACE - setopt HIST_FIND_NO_DUPS - bindkey -e - # shift-tab - bindkey '^[[Z' reverse-menu-complete - bindkey "\e[3~" delete-char - zstyle ':completion:*' menu select - - ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null - GPG_TTY=$(tty) - export GPG_TTY - LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS - - unset SSH_AGENT_PID - export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" - - # fzf - __fsel_fzf() { - local cmd="''${FZF_CTRL_T_COMMAND:-"command find -L . -mindepth 1 \\( -path '*/\\.*' -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' \\) -prune \ - -o -type f -print \ - -o -type d -print \ - -o -type l -print 2> /dev/null | cut -b3-"}" - setopt localoptions pipefail 2> /dev/null - eval "$cmd" | FZF_DEFAULT_OPTS="--height ''${FZF_TMUX_HEIGHT:-40%} --reverse $FZF_DEFAULT_OPTS $FZF_CTRL_T_OPTS" $(__fzfcmd) -m "$@" | while read item; do - echo -n "''${(q)item} " - done - local ret=$? - echo - return $ret - } - - __fzf_use_tmux__() { - [ -n "$TMUX_PANE" ] && [ "''${FZF_TMUX:-0}" != 0 ] && [ ''${LINES:-40} -gt 15 ] - } - - __fzfcmd() { - __fzf_use_tmux__ && - echo "fzf-tmux -d''${FZF_TMUX_HEIGHT:-40%}" || echo "fzf" - } - - fzf-file-widget() { - LBUFFER="''${LBUFFER}$(__fsel_fzf)" - local ret=$? - zle redisplay - typeset -f zle-line-init >/dev/null && zle zle-line-init - return $ret - } - zle -N fzf-file-widget - bindkey '^T' fzf-file-widget - - compdef _pass brain - zstyle ':completion::complete:brain::' prefix "$HOME/brain" - compdef _pass secrets - zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" - - # ctrl-x ctrl-e - autoload -U edit-command-line - zle -N edit-command-line - bindkey '^xe' edit-command-line - bindkey '^x^e' edit-command-line - - ''; + enableCompletion = false; #manually at the end promptInit = '' RPROMPT="" @@ -93,8 +21,8 @@ in ''; }; - users.users.${mainUser}.packages = [ - pkgs.nix-zsh-completions - pkgs.fzf - ]; + users.users.${mainUser} = { + shell = "/run/current-system/sw/bin/zsh"; + packages = [ pkgs.nix-zsh-completions ]; + }; } diff --git a/makefu/5pkgs/baidudl/default.nix b/makefu/5pkgs/baidudl/default.nix new file mode 100644 index 000000000..3c701fd6a --- /dev/null +++ b/makefu/5pkgs/baidudl/default.nix @@ -0,0 +1,23 @@ +{ stdenv, lib, pkgs, curl, jansson ,fetchFromGitHub, autoreconfHook }: +stdenv.mkDerivation rec { + pname = "baidudl"; + version = "2018-01-16"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "yzfedora"; + repo = "baidudl"; + rev = "712f2554a5ef7b2eba5c248d6406a6c535ef47b2"; + sha256 = "1nfzalyd9k87q6njdxpg7pa62q6hyfr2vwxwvahaflyp31nlpa0y"; + }; + + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ curl.dev jansson ]; + + meta = { + homepage = https://github.com/yzfedora/baidudl; + description = "This is a multi-thread download tool for pan.baidu.com"; + license = lib.licenses.gpl3; + }; +} diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 6e86f4264..8ae41427c 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -21,9 +21,19 @@ with super.lib; with builtins; let in { quodlibet = super.pkgs.stdenv.lib.overrideDerivation super.quodlibet (old: { + doCheck = false; # 1 error because of warnings (possibly upstream) patches = [ ./custom/quodlibet/single-digit-discnumber.patch ./custom/quodlibet/remove-override-warning.patch ]; }); + rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: { + postInstall = old.postInstall + '' + + $bin/bin/rclone genautocomplete zsh _rclone + install -D -m644 _rclone $bin/share/zsh/vendor-completions/_rclone + $bin/bin/rclone genautocomplete bash _rclone + install -D -m644 _rclone $bin/etc/bash_completion.d/rclone + ''; + }); alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; diff --git a/makefu/krops.nix b/makefu/krops.nix index 2a2f70a05..57a3b3bbf 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -27,15 +27,15 @@ # TODO: we want to track the unstable channel symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; } else { - file = { - path = toString (pkgs.fetchFromGitHub { + derivation = '' + with import {}; + pkgs.fetchFromGitHub { owner = "makefu"; repo = "nixpkgs"; - rev = nixpkgs-src.rev; - sha256 = nixpkgs-src.sha256; - }); - useChecksum = true; - }; + rev = "${nixpkgs-src.rev}"; + sha256 = "${nixpkgs-src.sha256}"; + } + ''; }; nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix"; @@ -74,7 +74,7 @@ (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "f947faf"; + ref = "4aa07c3"; }; }) ]; diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json index ae35f9e76..d62fd65ca 100644 --- a/makefu/nixpkgs.json +++ b/makefu/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/makefu/nixpkgs", - "rev": "9728b2e83406c76efc734ebb1923f23b8e687819", - "date": "2018-11-19T20:36:35+01:00", - "sha256": "0nk75ldppjr6x04hgghgg9vanr1cw4k5xhg699d38g2rpxviz5bp", + "rev": "125873064a6eabd2896833d00aede7778a453fdf", + "date": "2019-01-11T14:24:21+01:00", + "sha256": "1ki50426m9simqvxdzckfgycibz5rdhwl6hzi31i72dqiafl8j6s", "fetchSubmodules": false } diff --git a/submodules/krops b/submodules/krops index 61b5ef3b8..5b8fb8dc0 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit 61b5ef3b8e7e4d601db67a20f14a5022e9de8398 +Subproject commit 5b8fb8dc0ee14672d7fd533bd98635b8725dbb29 diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index b9c76cf49..33f9539c9 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -20,6 +20,7 @@ with import ; + { environment.systemPackages = with pkgs; [ @@ -156,10 +157,5 @@ with import ; # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; - tv.nixpkgs-overlays = { - krebs = "/home/tv/stockholm/krebs/5pkgs"; - tv = "/home/tv/stockholm/tv/5pkgs"; - }; - virtualisation.virtualbox.host.enable = true; } diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index f8de72d00..b8dec8da4 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -60,7 +60,7 @@ with import ; }; xu-pull-ni-ejabberd = { method = "pull"; - src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; }; + src = { host = config.krebs.hosts.ni; path = "/var/lib/ejabberd"; }; dst = { host = config.krebs.hosts.xu; path = "/bku/ni-ejabberd"; }; startAt = "07:00"; }; @@ -78,7 +78,7 @@ with import ; }; zu-pull-ni-ejabberd = { method = "pull"; - src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; }; + src = { host = config.krebs.hosts.ni; path = "/var/lib/ejabberd"; }; dst = { host = config.krebs.hosts.zu; path = "/bku/ni-ejabberd"; }; startAt = "06:00"; }; diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 484a337b7..e18ba31b0 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -92,7 +92,6 @@ with import ; environment.variables = { NIX_PATH = mkForce (concatStringsSep ":" [ "secrets=/var/src/stockholm/null" - "nixpkgs-overlays=${config.tv.nixpkgs-overlays}" "/var/src" ]); }; diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index a89d1302c..725ddefa8 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -67,10 +67,12 @@ let { cgit.desc = "source code installer"; }; q = {}; + reaktor2 = {}; regfish = {}; stockholm = { cgit.desc = "NixOS configuration"; }; + with-ssh = {}; } // mapAttrs (_: recursiveUpdate { cgit.section = "2. Host configurations"; }) { ni = { }; @@ -102,6 +104,7 @@ let { nixos-infest = {}; painload = {}; push = {}; + Reaktor = {}; with-tmpdir = {}; get = {}; load-env = {}; diff --git a/tv/2configs/htop.nix b/tv/2configs/htop.nix index d7d2d7bfd..e78caeb5f 100644 --- a/tv/2configs/htop.nix +++ b/tv/2configs/htop.nix @@ -22,7 +22,7 @@ with import ; highlight_megabytes=1 highlight_threads=1 tree_view=1 - header_margin=1 + header_margin=0 detailed_cpu_time=0 cpu_count_from_zero=0 update_process_names=0 diff --git a/tv/2configs/mail-client.nix b/tv/2configs/mail-client.nix index 8b6f8bbcd..0caf5264a 100644 --- a/tv/2configs/mail-client.nix +++ b/tv/2configs/mail-client.nix @@ -1,13 +1,10 @@ -{ pkgs, ... }: - -with pkgs; -{ +{ pkgs, ... }: { environment.systemPackages = [ - much - msmtp - notmuch - pythonPackages.alot - qprint - w3m + pkgs.haskellPackages.much + pkgs.msmtp + pkgs.notmuch + pkgs.pythonPackages.alot + pkgs.qprint + pkgs.w3m ]; } diff --git a/tv/2configs/xserver/Xmodmap.nix b/tv/2configs/xserver/Xmodmap.nix index d2b1b2604..8e8e3dfdd 100644 --- a/tv/2configs/xserver/Xmodmap.nix +++ b/tv/2configs/xserver/Xmodmap.nix @@ -17,6 +17,7 @@ pkgs.writeText "Xmodmap" '' keycode 39 = s S ssharp keycode 33 = p P Greek_pi Greek_PI + keycode 40 = d D Greek_delta Greek_DELTA keycode 46 = l L Greek_lambda Greek_LAMBDA keycode 54 = c C cacute Cacute diff --git a/tv/2configs/xserver/xkiller.nix b/tv/2configs/xserver/xkiller.nix new file mode 100644 index 000000000..2f9763093 --- /dev/null +++ b/tv/2configs/xserver/xkiller.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: { + + services.acpid.enable = true; + services.acpid.handlers.xkiller = { + action = /* sh */ '' + event=($1) + if test "''${event[2]}" = 00000080; then + ${pkgs.systemd}/bin/systemd-cat -t xkiller ${pkgs.xkiller} + fi + ''; + event = "button/prog1"; + }; + +} diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index f53a58e9a..67fb3f650 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -5,7 +5,6 @@ ./ejabberd ./hosts.nix ./iptables.nix - ./nixpkgs-overlays.nix ./slock.nix ./x0vncserver.nix ]; diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index e99b94ff9..f16dfac86 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -67,7 +67,7 @@ in { type = types.user; default = { name = "ejabberd"; - home = "/var/ejabberd"; + home = "/var/lib/ejabberd"; }; }; }; diff --git a/tv/3modules/nixpkgs-overlays.nix b/tv/3modules/nixpkgs-overlays.nix deleted file mode 100644 index 4eb7a86bd..000000000 --- a/tv/3modules/nixpkgs-overlays.nix +++ /dev/null @@ -1,23 +0,0 @@ -with import ; -{ config, pkgs, ... }: { - - options.tv.nixpkgs-overlays = mkOption { - apply = src: - pkgs.runCommand "nixpkgs-overlays" {} '' - mkdir $out - ${concatStringsSep "\n" (mapAttrsToList (name: path: - "ln -s ${shell.escape path} $out/${shell.escape name}" - ) src)} - '' // { - inherit src; - }; - type = types.attrsOf types.absolute-pathname; - }; - - config = { - tv.nixpkgs-overlays = { - krebs = mkDefault "/var/src/stockholm/krebs/5pkgs"; - tv = mkDefault "/var/src/stockholm/tv/5pkgs"; - }; - }; -} diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix index 1c84b1e9e..53f7f1f62 100644 --- a/tv/3modules/slock.nix +++ b/tv/3modules/slock.nix @@ -5,10 +5,12 @@ in { options.tv.slock = { enable = mkEnableOption "tv.slock"; package = mkOption { - default = pkgs.execBin "slock" rec { - filename = "${pkgs.systemd}/bin/systemctl"; - argv = [ filename "start" "slock-${cfg.user.name}.service" ]; - }; + default = pkgs.writeDashBin "slock" '' + set -efu + display=''${DISPLAY#:} + service=slock-$LOGNAME@$display.service + exec ${pkgs.systemd}/bin/systemctl start "$service" + ''; type = types.package; }; user = mkOption { @@ -18,16 +20,16 @@ in { config = mkIf cfg.enable { security.polkit.extraConfig = /* js */ '' polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.systemd1.manage-units" && - action.lookup("unit") == "slock-${cfg.user.name}.service" && - subject.user == ${toJSON cfg.user.name}) { + if (action.id === "org.freedesktop.systemd1.manage-units" && + subject.user === ${toJSON cfg.user.name} && + /^slock-${cfg.user.name}@[0-9]+\.service$/.test(action.lookup("unit")) ) { return polkit.Result.YES; } }); ''; - systemd.services."slock-${cfg.user.name}" = { + systemd.services."slock-${cfg.user.name}@" = { environment = { - DISPLAY = ":${toString config.services.xserver.display}"; + DISPLAY = ":%I"; LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" { passAsFile = ["text"]; text = /* c */ '' diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index c5c800b55..605d827ef 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -24,6 +24,12 @@ foldl' mergeAttrs {} "$@" ''; + dhcpcd = overrideDerivation super.dhcpcd (old: { + configureFlags = old.configureFlags ++ [ + "--dbdir=/var/lib/dhcpcd" + ]; + }); + gitAndTools = super.gitAndTools // { inherit (self) diff-so-fancy; }; diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix index cbcec1bae..7906b968f 100644 --- a/tv/5pkgs/simple/q/default.nix +++ b/tv/5pkgs/simple/q/default.nix @@ -14,7 +14,7 @@ let assert n >= 1; n * calwidth + (n - 1) * hspace; - pad = ''{ + pad = /* sh */ ''{ ${pkgs.gnused}/bin/sed ' # rtrim s/ *$// @@ -31,7 +31,7 @@ let s/^[ 1-9][0-9]/&/ ' }''; - in '' + in /* sh */ '' cols=$(${pkgs.ncurses}/bin/tput cols) ${pkgs.coreutils}/bin/paste \ <(if test $cols -ge ${toString (need_width 3)}; then @@ -59,24 +59,24 @@ let ' ''; - q-isodate = '' + q-isodate = /* sh */ '' ${pkgs.coreutils}/bin/date \ '+%Y-%m-%dT%H:%M:%S%:z' ''; # Singapore's red is #ED2E38 - q-sgtdate = '' + q-sgtdate = /* sh */ '' TZ=Asia/Singapore \ ${pkgs.coreutils}/bin/date \ '+%Y-%m-%dT%H:%M:%S%:z' ''; - q-utcdate = '' + q-utcdate = /* sh */ '' ${pkgs.coreutils}/bin/date -u \ '+%Y-%m-%dT%H:%M:%S%:z' ''; - q-gitdir = '' + q-gitdir = /* sh */ '' if test -d .git; then #git status --porcelain branch=$( @@ -87,7 +87,7 @@ let fi ''; - q-intel_backlight = '' + q-intel_backlight = /* sh */ '' cd /sys/class/backlight/intel_backlight /dev/null; then echo 'online' else @@ -258,7 +258,7 @@ let fi ''; - q-thermal_zone = '' + q-thermal_zone = /* sh */ '' for i in /sys/class/thermal/thermal_zone*; do type=$(${pkgs.coreutils}/bin/cat $i/type) temp=$(${pkgs.coreutils}/bin/cat $i/temp) @@ -266,29 +266,26 @@ let done ''; - q-todo = '' + q-todo = /* sh */ '' TODO_file=$PWD/TODO if test -e "$TODO_file"; then - ${pkgs.coreutils}/bin/cat "$TODO_file" \ - | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) ' - BEGIN { print "remind=0" } - /^[0-9]/{ - x = $1 - gsub(".", "\\\\&", x) - rest = substr($0, index($0, " ")) - rest = $0 - sub(" *", "", rest) - gsub(".", "\\\\&", rest) - print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \ - echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \ - (( remind++ ))" - } - END { print "test $remind = 0 && echo \"nothing to remind\"" } - ' \ - | { - # bash needed for (( ... )) - ${pkgs.bash}/bin/bash - } + ${pkgs.jq}/bin/jq -Rrs <"$TODO_file" -f ${pkgs.writeJq "q-todo.jq" '' + split("\n") | map( + (match("^([0-9]+-\\d{2}-\\d{2})\\s+(.*)$").captures | map(.string)) + as $captures | + ($captures[0] | strptime("%Y-%m-%d") | mktime) as $date | + $captures[1] as $text | + + select(now >= $date) | + + ($text | test("\\[URGENT]"; "i")) as $urgent | + (if $urgent then "38;5;196" else "38;5;208" end) as $sgr | + if $urgent then sub("\\s*\\[URGENT]\\s*"; " "; "i") else . end | + + "\u001b[\($sgr)m\(.)\u001b[m" + ) | + if length == 0 then "nothing to remind" else .[] end + ''} else echo "$TODO_file: no such file or directory" fi diff --git a/tv/5pkgs/simple/xkiller.nix b/tv/5pkgs/simple/xkiller.nix new file mode 100644 index 000000000..8d8f01690 --- /dev/null +++ b/tv/5pkgs/simple/xkiller.nix @@ -0,0 +1,25 @@ +{ pkgs }: +pkgs.writeDash "xkiller" '' + set -efu + exec >&2 + ${pkgs.iproute}/bin/ss -lp src unix:/tmp/.X11-unix/X* | + ${pkgs.gnused}/bin/sed -n ' + s|.*/tmp/.X11-unix/X\([0-9]\+\)\>.*("X[^"]*",pid=\([0-9]\+\)\>.*|\1 \2|p + ' | + while read -r display pid; do + { + exit_code=$( + DISPLAY=:$display ${pkgs.coreutils}/bin/timeout 1 \ + ${pkgs.xorg.xset}/bin/xset q >/dev/null 2>&1 && + echo 0 || echo $? + ) + if test $exit_code = 124; then + echo "X on display :$display is locked up; killing PID $pid..." + ${pkgs.coreutils}/bin/kill -SIGKILL "$pid" + else + echo "X on display :$display is healthy" + fi + } & + done + wait +''