Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'staging/jeschli' of prism.i:stockholm into staging/jeschli

Browse Source
This commit is contained in:
jeschli 2018-02-28 20:10:42 +00:00
commit a7e49dd5fc
81 changed files with 1608 additions and 508 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
jeschli/1systems/bln/config.nix
View File

@ -3,15 +3,17 @@
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
# bln config file
{
imports =
[ # Include the results of the hardware scan.
<stockholm/jeschli>
<stockholm/jeschli/2configs/virtualbox.nix>
<stockholm/jeschli/2configs/urxvt.nix>
./hardware-configuration.nix
# ./dcso-vpn.nix
];
jeschliFontSize = 20;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
@ -35,7 +37,15 @@
allowDiscards = true;
}
];
environment.shellAliases = {
n = "nix-shell";
gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
gh = "cd /home/markus/go/src/github.com";
stocki = pkgs.writeDash "deploy" ''
cd ~/stockholm
LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"'
'';
};
networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname.
networking.networkmanager.enable = true;
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
@ -54,13 +64,9 @@
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
nixpkgs.config.allowUnfree = true;
environment.shellAliases = {
n = "nix-shell";
gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
gh = "cd /home/markus/go/src/github.com";
};
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
environment.systemPackages = with pkgs; [
termite
# system helper
ag
copyq
@ -85,6 +91,7 @@
chromium
google-chrome
# programming languages
elmPackages.elm
go
gcc
ghc

142
jeschli/1systems/bolide/config.nix Normal file
View File

@ -0,0 +1,142 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
<stockholm/jeschli>
<stockholm/jeschli/2configs/urxvt.nix>
];
krebs.build.host = config.krebs.hosts.bolide;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only
boot.initrd.luks.devices = [ {
name = "bla";
device = "/dev/disk/by-uuid/53f1eeaf-a7ac-456c-a2af-778dd8b8d5b0";
preLVM = true;
allowDiscards = true;
} ];
# networking.hostName = "bolide"; # Define your hostname.
networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.shellAliases = {
n = "nix-shell";
stocki = pkgs.writeDash "deploy" ''
cd ~/stockholm
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bolide"'
'';
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
wget vim
# system helper
ag
curl
copyq
dmenu
git
i3lock
keepass
networkmanagerapplet
rsync
terminator
tmux
wget
# rxvt_unicode
# editors
emacs
# internet
thunderbird
chromium
google-chrome
# programming languages
go
gcc
ghc
python35
python35Packages.pip
# go tools
golint
gotools
# dev tools
elmPackages.elm
gnumake
jetbrains.pycharm-professional
jetbrains.webstorm
jetbrains.goland
# document viewer
zathura
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.bash.enableCompletion = true;
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
services.xserver.displayManager.sddm.enable = true;
services.xserver.windowManager.xmonad.enable = true;
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.extraUsers.jeschli = {
isNormalUser = true;
uid = 1000;
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "17.09"; # Did you read the comment?
}

32
jeschli/1systems/bolide/hardware-configuration.nix Normal file
View File

@ -0,0 +1,32 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
fileSystems."/" =
{ device = "/dev/bolide-pool/bolide-root";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "/dev/bolide-pool/bolide-home";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3aeb67c4-5b6e-4df2-8013-607fe0fb8525";
fsType = "ext4";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = "powersave";
}

4
jeschli/1systems/bolide/source.nix Normal file
View File

@ -0,0 +1,4 @@
import <stockholm/jeschli/source.nix> {
name = "bolide";
secure = true;
}

9
jeschli/1systems/brauerei/config.nix
View File

@ -35,6 +35,13 @@
time.timeZone = "Europe/Amsterdam";
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget
environment.shellAliases = {
n = "nix-shell";
stocki = pkgs.writeDash "deploy" ''
cd ~/stockholm
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="brauerei"'
'';
};
environment.systemPackages = with pkgs; [
# system helper
ag
@ -72,6 +79,8 @@
jetbrains.goland
# document viewer
zathura
# xorg
xorg.xbacklight
];
# Some programs need SUID wrappers, can be configured further or are

11
jeschli/1systems/enklave/config.nix
View File

@ -4,6 +4,7 @@
imports = [
<stockholm/jeschli>
<stockholm/jeschli/2configs/retiolum.nix>
<stockholm/jeschli/2configs/IM.nix>
<stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix>
{
networking.dhcpcd.allowInterfaces = [
@ -39,6 +40,16 @@
};
};
}
{
services.taskserver = {
enable = true;
fqdn = "enklave.r";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "jeschli" ];
};
networking.firewall.allowedTCPPorts = [ 53589 ];
}
];
krebs.build.host = config.krebs.hosts.enklave;

10
jeschli/1systems/enklave/taskserver.nix Normal file
View File

@ -0,0 +1,10 @@
{
services.taskserver = {
enable = true;
fqdn = "enklave.r";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "jeschli" ];
};
networking.firewall.allowedTCPPorts = [ 53589 ];
}

56
jeschli/2configs/IM.nix Normal file
View File

@ -0,0 +1,56 @@
with (import <stockholm/lib>);
{ config, lib, pkgs, ... }:
let
tmux = pkgs.writeDashBin "tmux" ''
export TERM=xterm-256color
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g default-terminal screen-256color
''} "$@"
'';
in {
services.bitlbee = {
enable = true;
portNumber = 6666;
plugins = [
pkgs.bitlbee-facebook
pkgs.bitlbee-steam
pkgs.bitlbee-discord
];
libpurple_plugins = [ pkgs.telegram-purple ];
};
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey
jeschli-bln.pubkey
jeschli-brauerei.pubkey
];
packages = [ tmux ];
};
systemd.services.chat = {
description = "chat environment setup";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = false;
path = [
pkgs.rxvt_unicode.terminfo
];
serviceConfig = {
User = "chat";
RemainAfterExit = true;
Type = "oneshot";
ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
ExecStop = "${tmux}/bin/tmux kill-session -t IM";
};
};
}

4
jeschli/2configs/default.nix
View File

@ -4,6 +4,7 @@ with import <stockholm/lib>;
imports = [
./vim.nix
./retiolum.nix
./zsh.nix
<stockholm/lass/2configs/security-workarounds.nix>
{
environment.variables = {
@ -23,6 +24,9 @@ with import <stockholm/lib>;
proot
populate
# aliases
(writeDashBin "irc" "ssh chat@enklave -t tmux a")
#style
most
rxvt_unicode.terminfo

65
jeschli/2configs/urxvt.nix
View File

@ -1,34 +1,39 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
services.urxvtd.enable = true;
krebs.xresources.enable = true;
krebs.xresources.resources.urxvt = ''
*foreground: rgb:a8/a8/a8
*background: rgb:00/00/00
*faceName: DejaVu Sans Mono
*faceSize: 12
*color0: rgb:00/00/00
*color1: rgb:a8/00/00
*color2: rgb:00/a8/00
*color3: rgb:a8/54/00
*color4: rgb:00/00/a8
*color5: rgb:a8/00/a8
*color6: rgb:00/a8/a8
*color7: rgb:a8/a8/a8
*color8: rgb:54/54/54
*color9: rgb:fc/54/54
*color10: rgb:54/fc/54
*color11: rgb:fc/fc/54
*color12: rgb:54/54/fc
*color13: rgb:fc/54/fc
*color14: rgb:54/fc/fc
*color15: rgb:fc/fc/fc
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*font: xft:DejaVu Sans Mono:pixelsize=12
URXvt*faceSize: 12
'';
options.jeschliFontSize = mkOption {
type = types.int;
default = 12;
};
config = {
services.urxvtd.enable = true;
krebs.xresources.enable = true;
krebs.xresources.resources.urxvt = ''
*foreground: rgb:a8/a8/a8
*background: rgb:00/00/00
*faceName: DejaVu Sans Mono
*faceSize: ${toString config.jeschliFontSize}
*color0: rgb:00/00/00
*color1: rgb:a8/00/00
*color2: rgb:00/a8/00
*color3: rgb:a8/54/00
*color4: rgb:26/8b/d2
*color5: rgb:a8/00/a8
*color6: rgb:00/a8/a8
*color7: rgb:a8/a8/a8
*color8: rgb:54/54/54
*color9: rgb:fc/54/54
*color10: rgb:54/fc/54
*color11: rgb:fc/fc/54
*color12: rgb:54/54/fc
*color13: rgb:fc/54/fc
*color14: rgb:54/fc/fc
*color15: rgb:fc/fc/fc
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt*font: xft:DejaVu Sans Mono:pixelsize=${toString config.jeschliFontSize}
URXvt*faceSize: ${toString config.jeschliFontSize}
'';
};
}

53
jeschli/2configs/vim.nix
View File

@ -1,5 +1,6 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin {
name = "vim-javascript";
@ -19,12 +20,16 @@ let
sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a";
};
};
in {
environment.systemPackages = [
(pkgs.vim_configurable.customize {
name = "vim";
vimrcConfig.customRC = let
colorscheme = ''colorscheme molokai'';
highlightTrailingWhiteSpaces = ''
au Syntax * syn match Garbage containedin=ALL /\s\+$/
'';
setStatements = ''
set autowrite
set clipboard=unnamedplus
@ -40,6 +45,7 @@ in {
remapStatements = ''
imap jk <Esc>
map gr :GoRun<Enter> " Map gr to execute go run
map tt :GoTest<Enter> " Map tt to execute go test
map nf :NERDTreeToggle<CR>
nnoremap <C-TAB> <c-w><c-w>
nnoremap <S-TAB> :bnext<CR>
@ -58,7 +64,6 @@ in {
let g:go_list_type = "quickfix"
let g:go_metalinter_autosave = 1
let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck']
let g:syntastic_go_checkers = ['go', 'golint', 'errcheck']
let g:go_snippet_case_type = "camelcase"
let g:go_test_timeout = '10s'
let g:jsx_ext_required = 0
@ -71,11 +76,19 @@ in {
let g:elm_format_autosave = 1
let g:elm_syntastic_show_warnings = 1
'';
in ''
${colorscheme}
${highlightTrailingWhiteSpaces}
${remapStatements}
${setStatements}
${settingsForElm}
${settingsForGo}
" dont expand tabs in go files and show it with four whitespaces.
autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
{
names = [
{ names = [
"ctrlp"
"easymotion"
"molokai"
@ -85,7 +98,6 @@ in {
"Syntastic"
"undotree"
"elm-vim"
"youcompleteme"
];
}
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
@ -95,4 +107,35 @@ in {
];
})
];
# set up the directories up if they are not there.
# Needs to be changed.
# vim = let
# dirs = {
# backupdir = "$HOME/.cache/vim/backup";
# swapdir = "$HOME/.cache/vim/swap";
# undodir = "$HOME/.cache/vim/undo";
# };
# files = {
# viminfo = "$HOME/.cache/vim/info";
# };
#
# mkdirs = let
# dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
# in assert out != ""; out;
# alldirs = attrValues dirs ++ map dirOf (attrValues files);
# in unique (sort lessThan alldirs);
# in
# pkgs.symlinkJoin {
# name = "vim";
# paths = [
# (pkgs.writeDashBin "vim" ''
# set -efu
# (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
# exec ${pkgs.vim}/bin/vim "$@"
# '')
# pkgs.vim
# ];
# };
}

23
jeschli/2configs/virtualbox.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.markus;
in {
#services.virtualboxHost.enable = true;
virtualisation.virtualbox.host.enable = true;
users.extraUsers = {
virtual = {
name = "virtual";
description = "user for running VirtualBox";
home = "/home/virtual";
useDefaultShell = true;
extraGroups = [ "vboxusers" "audio" ];
createHome = true;
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(virtual) NOPASSWD: ALL
'';
}

138
jeschli/2configs/zsh.nix Normal file
View File

@ -0,0 +1,138 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [ pkgs.fzf ];
programs.zsh = {
enable = true;
shellInit = ''
#disable config wizard
zsh-newuser-install() { :; }
'';
interactiveShellInit = ''
setopt autocd extendedglob
bindkey -e
#history magic
bindkey "" up-line-or-local-history
bindkey "" down-line-or-local-history
up-line-or-local-history() {
zle set-local-history 1
zle up-line-or-history
zle set-local-history 0
}
zle -N up-line-or-local-history
down-line-or-local-history() {
zle set-local-history 1
zle down-line-or-history
zle set-local-history 0
}
zle -N down-line-or-local-history
setopt share_history
setopt hist_ignore_dups
# setopt inc_append_history
bindkey '^R' history-incremental-search-backward
#C-x C-e open line in editor
autoload -z edit-command-line
zle -N edit-command-line
bindkey "^X^E" edit-command-line
#fzf inclusion
source ${pkgs.fzf}/share/fzf/completion.zsh
source ${pkgs.fzf}/share/fzf/key-bindings.zsh
#completion magic
autoload -Uz compinit
compinit
zstyle ':completion:*' menu select
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
rev = "master";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
}}/LS_COLORS)
#beautiful colors
alias ls='ls --color'
# zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
bindkey "[7~" beginning-of-line
bindkey "[8~" end-of-line
bindkey "Oc" emacs-forward-word
bindkey "Od" emacs-backward-word
#aliases
alias ll='ls -l'
alias la='ls -la'
#fancy window title magic
'';
promptInit = ''
# TODO: figure out why we need to set this here
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
SAVEHIST=$HISTSIZE
autoload -U promptinit
promptinit
p_error='%(?..%F{red}%?%f )'
t_error='%(?..%? )'
case $UID in
0)
p_username='%F{red}root%f'
t_username='root'
;;
1337)
p_username=""
t_username=""
;;
*)
p_username='%F{blue}%n%f'
t_username='%n'
;;
esac
if test -n "$SSH_CLIENT"; then
p_hostname='@%F{magenta}%M%f '
t_hostname='@%M '
else
p_hostname=""
t_hostname=""
fi
#check if in nix shell
if test -n "$buildInputs"; then
p_nixshell='%F{green}[s]%f '
t_nixshell='[s] '
else
p_nixshell=""
t_nixshell=""
fi
PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ "
TITLE="$t_error$t_username$t_hostname$t_nixshell%~"
case $TERM in
(*xterm* | *rxvt*)
function precmd {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED\007"
}
# This is seen while the shell waits for a command to complete.
function preexec {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
}
;;
esac
'';
};
users.defaultUserShell = "/run/current-system/sw/bin/zsh";
}

1
krebs/1systems/puyak/config.nix
View File

@ -7,7 +7,6 @@
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
<stockholm/krebs/2configs/buildbot-krebs.nix>
<stockholm/krebs/2configs/stats/puyak-client.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>

9
krebs/1systems/wolf/config.nix
View File

@ -2,6 +2,9 @@
let
shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
influx-host = "127.0.0.1";
ext-if = "et0";
external-mac = "52:54:b0:0b:af:fe";
in
{
imports = [
@ -12,7 +15,6 @@ in
<stockholm/krebs/2configs/stats/wolf-client.nix>
<stockholm/krebs/2configs/graphite.nix>
<stockholm/krebs/2configs/buildbot-krebs.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
@ -112,7 +114,7 @@ in
networking = {
firewall.enable = false;
firewall.allowedTCPPorts = [ 8088 8086 8083 ];
interfaces.enp0s3.ip4 = [{
interfaces."${ext-if}".ip4 = [{
address = shack-ip;
prefixLength = 20;
}];
@ -161,6 +163,9 @@ in
config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
time.timeZone = "Europe/Berlin";
sound.enable = false;

1
krebs/2configs/go.nix
View File

@ -8,6 +8,7 @@ with import <stockholm/lib>;
krebs.go = {
enable = true;
};
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts.go = {

1
krebs/2configs/hw/x220.nix
View File

@ -14,7 +14,6 @@ with import <stockholm/lib>;
boot = {
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
kernelParams = [ "acpi_backlight=none" ];
};

6
krebs/3modules/default.nix
View File

@ -233,6 +233,7 @@ let
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
"192.30.252.*"
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
@ -240,9 +241,12 @@ let
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
"18.195.85.27"
"13.229.188.59"
"13.250.177.223"
"18.194.104.89"
"18.195.85.27"
"35.159.8.160"
"52.74.223.119"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};

40
krebs/3modules/jeschli/default.nix
View File

@ -163,6 +163,43 @@ with import <stockholm/lib>;
};
};
bolide = {
nets = {
retiolum = {
ip4.addr = "10.243.27.31";
ip6.addr = "42::31";
aliases = [
"bolide.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEAn9mkcX4WvyClMxiHgpvM7nNFbGuUVIxM71luzhfroTxMxcWBcik+
m7ensF256uQeUw4+y/d3wVj06ARnJubdGa1zrM54ghLp6dDTULnUhPfgIbCeP+Zz
A9hlZsD+yx9ZkPmSMhaakz5dKVlx9KFy4IrS42uGCquXIZ979loZ0372MxYxmPEY
sIiuZXQcLOiJa5ajJMHS2UEkr4rCvpa/nOJ3AcEl0QbCjX1WALjPZEw9Ogrwergy
tv0d8dkXHB80DZ4sEjA7+BxB/sVrI4YpT9diTqEHNlkhjYjk6x9o0aBAIfJoyFYK
Yo2eb8SYN4qwoNbtXr5JLvT0i6thT2R+jXm9h11NIGS91x4cJc2P7eIZI2J33gsV
VOfcZ4BfJSQSbd1G12EpgzM6UlorNGMqG2DfH3XPbQ0Ez19tNlEUqlbT3dnvVA5y
kpwWDEJrZB3SDvwtHQf9/4j/jXFlMNu4GE1kcwm+a4LvGFne37atY3irv3xZ9ih4
ygRbKfFFmxTqK3Cl2Vwxf/dsUm/P+hVF5nzROu7v7wkyU90nYp/AnpXywc4rEAVj
M8/7H6OlY59yqElJkSdsMum7HtytpsvvenQWW85Ycz+/Ti3nmYuaILgme2Q6JfA3
c6aNRv8A31m4GIuacHNGJOi2WfJab076bYw82HnX4bVoft9i2SxjZrXr75euz/4k
jGC4A4YQnrUi4wTBiSc3jm69wb3NXHYoKHjDIwDUUI91vUOKaTO/09RlAYr5EWT3
nekSaOu9nCrpTR6dq+yc4MktFjHBKPs2ReFKfDHkYzKiNSn5Ei9g3QhpCMF1LE19
RDvBbFawXtH3M8JHofalwsek44eso0tWA3RzFmiH2WzSLD2UV8a2la9vIfJbMvw3
LqunwCgC0QWtSTjh+X6H0MBKcGcie5bisKfkXQExx0cnNERDoXpe1E8g5EmJBt2B
8anRC6thNhpAuMTB8hZy+RP9AsRBxUE9lr9oKDH3JrHRBk1S4LktuNL3Zf8UqnRO
s7hGPzr8nw5yXV61xXFmXwA0snBsNfo83XpuiWJgz2qrz6/EWLZBgnLNyq22udxl
O9EGExulbija5rmrSp1MGi7K2K2qAx06KP3C1TerpSY0BW6ZhX/4MK/WIRihDBG4
JLg/gxX/4FES2qGmjCkW74TQDHq6B8xFuJQ3y5nD1cZBN4+VDNb1+mQbR06Zn0Sc
pDASYWimJzqxR+s/cr0a8PwoE/RdjwOYlXIOW4tDcK12Am6XRRf87cycG9ueNzhy
RwrvUJ4JMyUA5sbo2sbumAMqiytNZ7ReRVK6S5IiMpysr4/lHb2OQSPhQArDCprg
KXNgncRZsrL9VgVueVmOp45qkAkapeQ8wQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
};
users = {
@ -176,5 +213,8 @@ with import <stockholm/lib>;
jeschli-brauerei = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos";
};
jeschli-bolide = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnLjnFw3OYJJy/ID9RCWHTtnVcKRfROIj1tJdJZoOWzGMY+kgyCN/WNBg7JJtCW22yU5O3ftSdN851URCBZ6FgYmcvURBxUOKPlyX5EoxUrrnbmtxJM9+OIT3Dt2RWfrqX6aEQ57nwe/qIFKo9UaoedB/FOzsw1f3U5zBxVuWVRQrsnPxkbPWHmPAGB4CvL897tb83uecDexmGZpLe/0dN4768i2nYaSwrNL+HtqZCvkEqEmnfHlmqqXhiuq83q8su/WSXAtDbUVucG3frgOir14YCbrWKf59+MugxhYOEYBqp+KME5+niFGoulg+NBW/HzH6U+DiH4RFBJhCu1Gr jeschli@bolide";
};
};
}

33
krebs/3modules/lass/default.nix
View File

@ -458,7 +458,8 @@ with import <stockholm/lib>;
external = true;
nets = rec {
internet = {
ip4.addr = "129.215.90.4";
# eddie.thalheim.io
ip4.addr = "129.215.197.11";
aliases = [ "eddie.i" ];
};
retiolum = rec {
@ -550,6 +551,32 @@ with import <stockholm/lib>;
};
};
};
dpdkm = {
ci = false;
external = true;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
ip6.addr = "42:4992:6a6d:900::1";
aliases = [ "dpdkm.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
xerxes = {
cores = 2;
nets = rec {
@ -623,6 +650,10 @@ with import <stockholm/lib>;
mail = "lass@xerxes.r";
pubkey = builtins.readFile ./ssh/xerxes.rsa;
};
lass-daedalus = {
mail = "lass@daedalus.r";
pubkey = builtins.readFile ./ssh/daedalus.rsa;
};
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};

1
krebs/3modules/lass/ssh/daedalus.rsa Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgF3311cZ/JV7lOzo/Crmy6pi0oBYu5klbTb8lU/Yic55XVRyYFtm+KGrNvqkcFgOx803aS7jogJ1N6HCdUAaEl5MzlkOX++h97ihZ/NeQZKDjYEEQYl4ElmIbCRiddpDm0HVX1OGSCtUzhlyDHJ8ieMCb+QVNrpwovlQnp53c/+Z6rGSZWgBMrzP7stlw+XjC1Alhi1M5L+bJfroa7cEcF+J5ZN+J2mWSmkPiQ6+iuk9zRkc5ELO1Vz4MsLoeKwbJrz+uuNVsY7u070pHtsLwbAsYU5vOWJeN/vtEwy51SY/so30FowvivTD9jIJ0xcmAdC56XjWaxttKuqUVBjJqhwqsUI6+AxLESekFXzkfghmG+AJPPkb2pvpVF3k0Ivn14bFBuFv0T2qPHq68Fs19WLTZn+dK3V+RfVkI6bEZaMOUezyBv59yFEY42wMISPw53jkaWqKIxyGCBECi3XlbeQ61FkwE9TElSY+NmoeMu6jPWw7XGDY4Jt6mtKiYu3hVqI5pg4hq3bxB8r2W7LnkDiYfArbzwmrc2zAmgJtY60/Pcwq7hP3LSDEuDDc4gYgpkLNwHjs+CLWqpbQffCFv+oOZj8G92if+dMBOUSBCr6FDqH6wLxZp2cfhud0p/0kLz09nv/PcRohOHdaQSEW7OAhJ5kgg3DuxhwUwOf/3UX5iLvm4WwE/mb7Iki4U3AENKHUWQ7TOrXcQq9AJX57e9CTI+N4phtzp9qur8vjVl2OpYl2Qb/0yQSGM+4wQ/nM4acePMk80oXLb3OJBlPp0CswzoI7kFBD0TUOnFTCkrJWPaZhgjQXyvCzgFKAvXgqWy4riczqLhdBAhc1vT3a18HsqKXE3mhJa6Kjl6r/ZQaDl2zw7uLmWTHhGuUI9w487L36extGuC3Tv8zEvu2UHqhdEcaSDzRQYcv1kRobfhTWjzFHzdA97Kkc+HuFfJk3MzchsjCxqIuDP4r5YauMBMHAIsUlP7Ar/t29WreAGJbCCd2oulkFL+P+8Sp6SksMMhKQvuRcj74n6BETfailv64z2FjT+qzkCsr/gzvWD08EJRZUCpidX2WfMoL396nBf+EgwhFykqoFg2jlJJ7Vggod8CSHUSeBkslhNk/tkv4y+NnsAIgNluVZlxIeKj1UgazohSNQVRHozs2lkuK0Ytl4TsFrE0X3ar7LpwEVvCLj3eh2kg4kNKNN/vOwWxvMlF9uCBq5FUHaBCst/OXeigjfGZ0ZK5iHsZN+R/iIlG+3V3VN1Rm29aPJPSuAgwl/lfPUfUP5c8QiwnDgdHqMi7VcuCpEtcTLjqDHBssqosRTLodcIZY6qLepm5kQgJ2FfcTPi+ZwT3Z/IFH6p/H7NeVbb8rVYeF/zqDJiWbI+gDy0xFnGgOLpFSBdHq679FjtjZk7Exgz3rVD+QsoSB8VYVOSqpHB1LQyQ2qBry+33CNpxlX5GaaLx5sbEKEguaJ+9R7Mbf8zQMa8EAXhqoT96kIj66IEk= lass@daedalus

2
krebs/3modules/lass/ssh/icarus.rsa
View File

@ -1 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgEuFS5MwYQRF+0MKAQvyv6O+0ky0QnOKGMVZgFXE4g2JrByTCXQAeQmyJquM1wl9IRD63res8ZguMoAz2PkHfNbRSSsR7pH/G3DaJRl0VGf14zO3bjBbogQ45j1Bwxi78h44SDmuBAkp0t76ca16kWGhwEVt03+8sqmbLV90RjHZlrFw2sDgTu35SDz1q/ZzkdyFP3xSIBUnsQD64qRLMx64yLcBp0uu2h7gBBCVyA1T+VR3Nc1yIOyv0nUaqEHz+CDATtFlgGTgT6cCXoIPN0QAuIa3pDxt7htD/POsWuFbpbqrBQVcgun5s3J5X0OmNyoqGqqubcycvuYipZUjBCxyTb7RxCqj2oR8alSaeGZm64I0VSGX/iSCtXKaEJqBbxwNUgDH6B2oUeZbRwgPl/SG8vBku1oKzt/36IBoY8HttcosqLkfTquyyO7KVtOBu04geCmmiqJpSV4j5iYMxvrD0AQ3JJmrcbzUYoCGxlYO19TPsa+Ybhn/E8suach75+DIPj5LacYAh9Wjirw67Kg5QyYEt8XGTR2xxF78CFi0JGBRcyorPfFPLznmVntqJLe6dGNL3njgdD0Ocz8V5ktk1pjY5D2nG8GXfd45NQl2QjTLYnYX4dGuudBXth0nEJMv/MRHZrXVViIqwazdq4mA5z1Yu4Tb3l17d2cAZobzdut6JuZbd7itXAPIiY0vEWXr8lpEuE8Uz9mz8aPxZlhmHSXvNcwhq+i2+cFO8OPwUGbnE2cAHpymlQ3aDRgpptAIMU2LjIAblqsvA72asJpuRqu7ZOoy0vVRCOhktIzZXWR9hF5/CM/7NZ5skvHzYlmgkvnuu4jDDGusF32Zyiip0WJg+Iijqe8VpOqCup5UEF5QG32yQwaZDrKd71hq7Z1xNe0vEPN8yCxpes8hWafYY9m8YRrUduDVlOon7SzmdU76RPn2oF6udCGP7A/hEeRiwrDaRuIwchh99Xw3LioxXNzLYB1aXd+yKuZyhW+witC20ISdyZz7JPIrb49JCGH8FtbcDzD1B8Xd1By34POfhxriSr9UG5Hj9LGbA3/aKMOajZdcbrKXorUrKdhAuZv1z4rjW5iwYgXF2G/nseeCOw+DPEcB3GexsyCTUzSjJ6fy3Aqlzppwttx5MfkbNhPZWRCfDX3i0g8e0aFlgvlj99aGgUQeEpYg8peZhe1lxl25Ftc0R7pYmXPDeCY1yWxZiXZ3YtVVr43c/FEaQHXfkZ2I+t5lG6CmgJhhYjUry5Sx4/NgfBvpmU22cIBWNmyTn9q3gDFmeoIiTwlF654K7NnsWrdKr2L2fGI10Xe/J/GYkkzX39e5bToQPXh23gUfIr7faYEPBsVU/SaEkWNHojzf/NKjPT0utvlFr0HqnFYSdk4wpWzcrhii7E/UhgKvpA/k2Vlj4ZhkejfZXQWxRbJzejkVSJcUGim+Dt1WUZJXVOgEkJ3WA6z+ha2FN2sBDdvRKlad55aelvRrbu3/vPzEuE= lass@icarus

5
krebs/3modules/makefu/default.nix
View File

@ -503,6 +503,7 @@ with import <stockholm/lib>;
# ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [
"wbob.r"
"hydra.wbob.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -1038,6 +1039,10 @@ with import <stockholm/lib>;
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
};
makefu-remote-builder = {
inherit (makefu) mail pgp;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild";
};
makefu-bob = {
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";

3
krebs/4lib/infest/prepare.sh
View File

@ -81,6 +81,9 @@ prepare_debian() {
}
prepare_nixos_iso() {
_which() (
type -p "$1"
)
mountpoint /mnt
type git 2>/dev/null || nix-env -iA nixos.git

38
krebs/5pkgs/simple/ftb/default.nix Normal file
View File

@ -0,0 +1,38 @@
{ stdenv, fetchurl
, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm
, openjdk
, mesa, openal
, useAlsa ? false, alsaOss ? null }:
with stdenv.lib;
assert useAlsa -> alsaOss != null;
stdenv.mkDerivation {
name = "ftb";
src = fetchurl {
url = "http://ftb.cursecdn.com/FTB2/launcher/FTB_Launcher.jar";
sha256 = "0pyh83hhni97ryvz6yy8lyiagjrlx67cwr780s2bja92rxc1sqpj";
};
phases = "installPhase";
installPhase = ''
set -x
mkdir -pv $out/bin
cp -v $src $out/ftb.jar
cat > $out/bin/ftb << EOF
#!${stdenv.shell}
export _JAVA_AWT_WM_NONREPARENTING=1
export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]}
${if useAlsa then "${alsaOss}/bin/aoss" else "" } \
${jre}/bin/java -jar $out/ftb.jar
EOF
chmod +x $out/bin/ftb
${openjdk}/bin/jar xf $out/ftb.jar favicon.png
'';
}

33
krebs/source.nix
View File

@ -1,22 +1,25 @@
with import <stockholm/lib>;
host@{ name, secure ? false }: let
host@{ name, secure ? false, override ? {} }: let
builder = if getEnv "dummy_secrets" == "true"
then "buildbot"
else "krebs";
_file = <stockholm> + "/krebs/1systems/${name}/source.nix";
in
evalSource (toString _file) {
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
secrets = getAttr builder {
buildbot.file = toString <stockholm/krebs/6tests/data/secrets>;
krebs.pass = {
dir = "${getEnv "HOME"}/brain";
name = "krebs-secrets/${name}";
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
secrets = getAttr builder {
buildbot.file = toString <stockholm/krebs/6tests/data/secrets>;
krebs.pass = {
dir = "${getEnv "HOME"}/brain";
name = "krebs-secrets/${name}";
};
};
};
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04
};
}
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "d09e425aea3e09b6cec5c7b05cc0603f6853748b"; # nixos-17.09 @ 2018-02-22
};
}
override
]

40
lass/1systems/helios/config.nix
View File

@ -16,6 +16,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
@ -136,24 +137,47 @@ with import <stockholm/lib>;
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
(pkgs.writeText "minio.cert" ''
-----BEGIN CERTIFICATE-----
MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
-----END CERTIFICATE-----
'')
];
lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ];
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
services.printing.drivers = [ pkgs.postscript-lexmark ];
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
virtualisation.docker.enable = true;
}

11
lass/1systems/mors/config.nix
View File

@ -31,6 +31,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/c-base.nix>
<stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/ableton.nix>
<stockholm/lass/2configs/dunst.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@ -89,6 +91,10 @@ with import <stockholm/lib>;
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home/virtual" = {
device = "/dev/mapper/pool-virtual";
fsType = "ext4";
};
};
services.udev.extraRules = ''
@ -192,7 +198,8 @@ with import <stockholm/lib>;
'';
};
#nix.package = pkgs.nixUnstable;
nix.package = pkgs.nixUnstable;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" ];
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
}

23
lass/1systems/prism/config.nix
View File

@ -292,11 +292,22 @@ in {
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix>
{
users.users.jeschli = {
uid = genid "jeschli";
isNormalUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey
jeschli-bln.pubkey
jeschli-bolide.pubkey
jeschli-brauerei.pubkey
];
};
krebs.git.rules = [
{
user = with config.krebs.users; [
jeschli
jeschli-bln
jeschli-bolide
jeschli-brauerei
];
repo = [ config.krebs.git.repos.stockholm ];
@ -313,6 +324,18 @@ in {
}
<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
{
services.taskserver = {
enable = true;
fqdn = "lassul.us";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "lass" "android" ];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
];
}
];
krebs.build.host = config.krebs.hosts.prism;

4
lass/1systems/shodan/config.nix
View File

@ -61,4 +61,8 @@ with import <stockholm/lib>;
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
'';
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
}

1
lass/2configs/IM.nix
View File

@ -41,6 +41,7 @@ in {
lass-shodan.pubkey
lass-icarus.pubkey
lass-android.pubkey
lass-helios.pubkey
];
};

7
lass/2configs/baseX.nix
View File

@ -10,6 +10,7 @@ in {
./livestream.nix
./dns-stuff.nix
./urxvt.nix
./network-manager.nix
{
hardware.pulseaudio = {
enable = true;
@ -53,6 +54,7 @@ in {
time.timeZone = "Europe/Berlin";
programs.ssh.agentTimeout = "10m";
programs.ssh.startAgent = true;
services.openssh.forwardX11 = true;
@ -120,13 +122,14 @@ in {
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
${pkgs.coreutils}/bin/sleep infinity
${pkgs.systemd}/bin/systemctl --user start xmonad
exec ${pkgs.coreutils}/bin/sleep infinity
'';
}];
};
systemd.user.services.xmonad = {
wantedBy = [ "graphical-session.target" ];
#wantedBy = [ "graphical-session.target" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
RXVT_SOCKET = "%t/urxvtd-socket";

8
lass/2configs/dcso-dev.nix
View File

@ -17,6 +17,7 @@ in {
config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey
config.krebs.users.jeschli-bln.pubkey
config.krebs.users.jeschli-brauerei.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB"
];
@ -44,6 +45,11 @@ in {
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT";}
{ predicate = "-p tcp --dport 9000"; target = "ACCEPT";}
];
krebs.per-user.dev.packages = [
pkgs.go
];
@ -51,4 +57,6 @@ in {
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';
services.minio.enable = true;
}

2
lass/2configs/downloading.nix
View File

@ -16,6 +16,8 @@ with import <stockholm/lib>;
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
lass-daedalus.pubkey
lass-helios.pubkey
makefu.pubkey
wine-mors.pubkey
];

277
lass/2configs/dunst.nix Normal file
View File

@ -0,0 +1,277 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
dunstConfig = pkgs.writeText "dunst-config" ''
[global]
font = Iosevka Term 11
# Allow a small subset of html markup:
# <b>bold</b>
# <i>italic</i>
# <s>strikethrough</s>
# <u>underline</u>
#
# For a complete reference see
# <http://developer.gnome.org/pango/stable/PangoMarkupFormat.html>.
# If markup is not allowed, those tags will be stripped out of the
# message.
markup = yes
plain_text = no
# The format of the message. Possible variables are:
# %a appname
# %s summary
# %b body
# %i iconname (including its path)
# %I iconname (without its path)
# %p progress value if set ([ 0%] to [100%]) or nothing
# Markup is allowed
format = "%a\n<b>%s</b>\n%b"
# Sort messages by urgency.
sort = yes
# Show how many messages are currently hidden (because of geometry).
indicate_hidden = yes
# Alignment of message text.
# Possible values are "left", "center" and "right".
alignment = center
# The frequency with wich text that is longer than the notification
# window allows bounces back and forth.
# This option conflicts with "word_wrap".
# Set to 0 to disable.
bounce_freq = 0
# Show age of message if message is older than show_age_threshold
# seconds.
# Set to -1 to disable.
show_age_threshold = 1
# Split notifications into multiple lines if they don't fit into
# geometry.
word_wrap = yes
# Ignore newlines '\n' in notifications.
ignore_newline = no
# Hide duplicate's count and stack them
stack_duplicates = yes
hide_duplicates_count = no
# The geometry of the window:
# [{width}]x{height}[+/-{x}+/-{y}]
# The geometry of the message window.
# The height is measured in number of notifications everything else
# in pixels. If the width is omitted but the height is given
# ("-geometry x2"), the message window expands over the whole screen
# (dmenu-like). If width is 0, the window expands to the longest
# message displayed. A positive x is measured from the left, a
# negative from the right side of the screen. Y is measured from
# the top and down respectevly.
# The width can be negative. In this case the actual width is the
# screen width minus the width defined in within the geometry option.
geometry = "500x10-0+0"
# Shrink window if it's smaller than the width. Will be ignored if
# width is 0.
shrink = no
# The transparency of the window. Range: [0; 100].
# This option will only work if a compositing windowmanager is
# present (e.g. xcompmgr, compiz, etc.).
# transparency = 5
# Don't remove messages, if the user is idle (no mouse or keyboard input)
# for longer than idle_threshold seconds.
# Set to 0 to disable.
idle_threshold = 0
# Which monitor should the notifications be displayed on.
monitor = keyboard
# Display notification on focused monitor. Possible modes are:
# mouse: follow mouse pointer
# keyboard: follow window with keyboard focus
# none: don't follow anything
#
# "keyboard" needs a windowmanager that exports the
# _NET_ACTIVE_WINDOW property.
# This should be the case for almost all modern windowmanagers.
#
# If this option is set to mouse or keyboard, the monitor option
# will be ignored.
follow = none
# Should a notification popped up from history be sticky or timeout
# as if it would normally do.
sticky_history = yes
# Maximum amount of notifications kept in history
history_length = 15
# Display indicators for URLs (U) and actions (A).
show_indicators = no
# The height of a single line. If the height is smaller than the
# font height, it will get raised to the font height.
# This adds empty space above and under the text.
line_height = 3
# Draw a line of "separatpr_height" pixel height between two
# notifications.
# Set to 0 to disable.
separator_height = 1
# Padding between text and separator.
padding = 1
# Horizontal padding.
horizontal_padding = 1
# Define a color for the separator.
# possible values are:
# * auto: dunst tries to find a color fitting to the background;
# * foreground: use the same color as the foreground;
# * frame: use the same color as the frame;
# * anything else will be interpreted as a X color.
separator_color = frame
# Print a notification on startup.
# This is mainly for error detection, since dbus (re-)starts dunst
# automatically after a crash.
startup_notification = true
# dmenu path.
dmenu = ${pkgs.dmenu}/bin/dmenu -p dunst:
# Browser for opening urls in context menu.
browser = /usr/bin/firefox -new-tab
# Align icons left/right/off
icon_position = off
max_icon_size = 80
# Paths to default icons.
icon_folders = /usr/share/icons/Paper/16x16/mimetypes/:/usr/share/icons/Paper/48x48/status/:/usr/share/icons/Paper/16x16/devices/:/usr/share/icons/Paper/48x48/notifications/:/usr/share/icons/Paper/48x48/emblems/
frame_width = 2
frame_color = "#8EC07C"
[shortcuts]
# Shortcuts are specified as [modifier+][modifier+]...key
# Available modifiers are "ctrl", "mod1" (the alt-key), "mod2",
# "mod3" and "mod4" (windows-key).
# Xev might be helpful to find names for keys.
# Close notification.
close = ctrl+space
# Close all notifications.
close_all = ctrl+shift+space
# Redisplay last message(s).
# On the US keyboard layout "grave" is normally above TAB and left
# of "1".
history = ctrl+grave
# Context menu.
context = mod4+u
[urgency_low]
# IMPORTANT: colors have to be defined in quotation marks.
# Otherwise the "#" and following would be interpreted as a comment.
frame_color = "#3B7C87"
foreground = "#3B7C87"
background = "#191311"
#background = "#2B313C"
timeout = 0
[urgency_normal]
frame_color = "#5B8234"
foreground = "#5B8234"
background = "#191311"
#background = "#2B313C"
timeout = 0
[urgency_critical]
frame_color = "#B7472A"
foreground = "#B7472A"
background = "#191311"
#background = "#2B313C"
timeout = 0
# Every section that isn't one of the above is interpreted as a rules to
# override settings for certain messages.
# Messages can be matched by "appname", "summary", "body", "icon", "category",
# "msg_urgency" and you can override the "timeout", "urgency", "foreground",
# "background", "new_icon" and "format".
# Shell-like globbing will get expanded.
#
# SCRIPTING
# You can specify a script that gets run when the rule matches by
# setting the "script" option.
# The script will be called as follows:
# script appname summary body icon urgency
# where urgency can be "LOW", "NORMAL" or "CRITICAL".
#
# NOTE: if you don't want a notification to be displayed, set the format
# to "".
# NOTE: It might be helpful to run dunst -print in a terminal in order
# to find fitting options for rules.
#[espeak]
# summary = "*"
# script = dunst_espeak.sh
#[script-test]
# summary = "*script*"
# script = dunst_test.sh
#[ignore]
# # This notification will not be displayed
# summary = "foobar"
# format = ""
#[signed_on]
# appname = Pidgin
# summary = "*signed on*"
# urgency = low
#
#[signed_off]
# appname = Pidgin
# summary = *signed off*
# urgency = low
#
#[says]
# appname = Pidgin
# summary = *says*
# urgency = critical
#
#[twitter]
# appname = Pidgin
# summary = *twitter.com*
# urgency = normal
#
# vim: ft=cfg
'';
in {
systemd.user.services.dunst = {
wantedBy = [ "graphical-session.target" ];
requires = [ "xmonad.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
serviceConfig = {
SyslogIdentifier = "dunst";
ExecStart = "${pkgs.dunst}/bin/dunst -conf ${dunstConfig}";
Restart = "always";
RestartSec = "15s";
StartLimitBurst = 0;
};
};
}

11
lass/2configs/exim-smarthost.nix
View File

@ -59,6 +59,17 @@ with import <stockholm/lib>;
{ from = "coinexchange@lassul.us"; to = lass.mail; }
{ from = "verwaltung@lassul.us"; to = lass.mail; }
{ from = "gearbest@lassul.us"; to = lass.mail; }
{ from = "binance@lassul.us"; to = lass.mail; }
{ from = "bitfinex@lassul.us"; to = lass.mail; }
{ from = "alternate@lassul.us"; to = lass.mail; }
{ from = "redacted@lassul.us"; to = lass.mail; }
{ from = "mytaxi@lassul.us"; to = lass.mail; }
{ from = "pizza@lassul.us"; to = lass.mail; }
{ from = "robinhood@lassul.us"; to = lass.mail; }
{ from = "drivenow@lassul.us"; to = lass.mail; }
{ from = "aws@lassul.us"; to = lass.mail; }
{ from = "reddit@lassul.us"; to = lass.mail; }
{ from = "banggood@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

4
lass/2configs/games.nix
View File

@ -73,6 +73,10 @@ in {
extraGroups = [ "audio" "video" "input" "loot" ];
createHome = true;
useDefaultShell = true;
packages = with pkgs; [
ftb
minecraft
];
};
};

4
lass/2configs/git.nix
View File

@ -79,9 +79,9 @@ let
nick = config.krebs.build.host.name;
channel = "#xxx";
server = "irc.r";
verbose = false;
verbose = config.krebs.build.host.name == "prism";
# TODO define branches in some kind of option per repo
branches = [ "master" "staging*" ];
branches = [ "master" ];
};
};
};

4
lass/2configs/logf.nix
View File

@ -10,9 +10,13 @@ let
echelon = "197";
cloudkrebs = "119";
};
urgent = [
"\\blass@mors\\b"
];
in {
environment.systemPackages = [
(pkgs.writeDashBin "logf" ''
export LOGF_URGENT=${pkgs.writeJSON "urgent" urgent}
export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors}
${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)}
'')

44
lass/2configs/mail.nix
View File

@ -1,3 +1,4 @@
with import <stockholm/lib>;
{ pkgs, ... }:
let
@ -19,6 +20,22 @@ let
text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput;
'';
mailboxes = {
c-base = [ "to:c-base.org" ];
dezentrale = [ "to:dezentrale.space" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" ];
nix-devel = [ "to:nix-devel@googlegroups.com" ];
patreon = [ "to:patreon@lassul.us" ];
security = [ "to:seclists.org" "to:security" "to:bugtraq" ];
shack = [ "to:shackspace.de" ];
wireguard = [ "to:wireguard@lists.zx2c4" ];
};
tag-mails = pkgs.writeDashBin "nm-init-tag" ''
${pkgs.notmuch}/bin/notmuch new
${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
'';
muttrc = pkgs.writeText "muttrc" ''
# gpg
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
@ -71,23 +88,15 @@ let
# V
''} %r |"
virtual-mailboxes \
"Unread" "notmuch://?query=tag:unread"\
"INBOX" "notmuch://?query=tag:inbox \
and NOT to:nix-devel\
and NOT to:shackspace\
and NOT to:security\
and NOT to:c-base" \
"shack" "notmuch://?query=to:shackspace"\
"c-base" "notmuch://?query=to:c-base"\
"security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\
"nix" "notmuch://?query=to:nix-devel"\
"radio" "notmuch://?query=to:radio or tag:radio"\
"TODO" "notmuch://?query=tag:TODO"\
"Starred" "notmuch://?query=tag:*"\
"Archive" "notmuch://?query=tag:archive"\
"Sent" "notmuch://?query=tag:sent"\
"Junk" "notmuch://?query=tag:junk"
virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)}
virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
virtual-mailboxes "Starred" "notmuch://?query=tag:*"
virtual-mailboxes "Archive" "notmuch://?query=tag:archive"
virtual-mailboxes "Sent" "notmuch://?query=tag:sent"
virtual-mailboxes "Junk" "notmuch://?query=tag:junk"
virtual-mailboxes "All" "notmuch://?query=*"
tag-transforms "junk" "k" \
"unread" "u" \
@ -161,5 +170,6 @@ in {
mutt
pkgs.much
pkgs.notmuch
tag-mails
];
}

1
lass/2configs/minecraft.nix
View File

@ -17,5 +17,6 @@
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
];
}

24
lass/2configs/network-manager.nix Normal file
View File

@ -0,0 +1,24 @@
{ pkgs, lib, ... }:
{
networking.wireless.enable = lib.mkForce false;
systemd.services.modemmanager = {
description = "ModemManager";
after = [ "network-manager.service" ];
bindsTo = [ "network-manager.service" ];
wantedBy = [ "network-manager.service" ];
serviceConfig = {
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
PrivateTmp = true;
Restart = "always";
RestartSec = "5";
};
};
networking.networkmanager.enable = true;
users.users.mainUser = {
extraGroups = [ "networkmanager" ];
packages = with pkgs; [
gnome3.gnome_keyring gnome3.dconf
];
};
}

1
lass/2configs/radio.nix
View File

@ -118,6 +118,7 @@ in {
if test $(timeLeft) -le $LIMIT; then
${add_random}/bin/add_random
fi
${pkgs.mpc_cli}/bin/mpc play > /dev/null
'';
in {
description = "radio playlist autoadder";

6
lass/2configs/rtl-sdr.nix Normal file
View File

@ -0,0 +1,6 @@
{
boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ];
services.udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="adm", MODE="0666", SYMLINK+="rtl_sdr"
'';
}

6
lass/2configs/vim.nix
View File

@ -6,6 +6,9 @@ let
environment.systemPackages = [
(hiPrio vim)
pkgs.python35Packages.flake8
(pkgs.writeDashBin "govet" ''
go vet "$@"
'')
];
environment.etc.vimrc.source = vimrc;
@ -68,6 +71,9 @@ let
let g:syntastic_python_checkers=['flake8']
let g:syntastic_python_flake8_post_args='--ignore=E501'
let g:go_metalinter_autosave = 1
let g:go_metalinter_deadline = "10s"
nmap <esc>q :buffer
nmap <M-q> :buffer

1
lass/2configs/websites/util.nix
View File

@ -32,7 +32,6 @@ rec {
let
domain = head domains;
in {
services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
enableSSL = true;

15
lass/2configs/wine.nix
View File

@ -19,23 +19,8 @@ in {
pkgs.wine
];
};
wine64 = {
name = "wine64";
description = "user for running wine in 64bit";
home = "/home/wine64";
useDefaultShell = true;
extraGroups = [
"audio"
"video"
];
createHome = true;
packages = [
(pkgs.wine.override { wineBuild = "wineWow"; })
];
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(wine) NOPASSWD: ALL
${mainUser.name} ALL=(wine64) NOPASSWD: ALL
'';
}

72
lass/2configs/zsh.nix
View File

@ -50,16 +50,15 @@
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
#beautiful colors
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
rev = "master";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
}}/LS_COLORS)
#beautiful colors
alias ls='ls --color'
# zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
bindkey "[7~" beginning-of-line
@ -72,25 +71,6 @@
alias la='ls -la'
#fancy window title magic
case $TERM in
(*xterm* | *rxvt*)
function precmd {
if test -n "$SSH_CLIENT"; then
echo -ne "\033]0;$$ $USER@$HOST $PWD\007"
else
echo -ne "\033]0;$$ $USER@$PWD\007"
fi
}
# This is seen while the shell waits for a command to complete.
function preexec {
if test -n "$SSH_CLIENT"; then
echo -ne "\033]0;$$ $USER@$HOST $PWD $1\007"
else
echo -ne "\033]0;$$ $USER@$PWD $1\007"
fi
}
;;
esac
'';
promptInit = ''
# TODO: figure out why we need to set this here
@ -101,27 +81,59 @@
autoload -U promptinit
promptinit
error='%(?..%F{red}%?%f )'
p_error='%(?..%F{red}%?%f )'
t_error='%(?..%? )'
case $UID in
0)
username='%F{red}root%f '
p_username='%F{red}root%f'
t_username='root'
;;
1337)
username=""
p_username=""
t_username=""
;;
*)
username='%F{blue}%n%f '
p_username='%F{blue}%n%f'
t_username='%n'
;;
esac
if test -n "$SSH_CLIENT"; then
PROMPT="$error$username@%F{magenta}%M%f %~ "
p_hostname='@%F{magenta}%M%f '
t_hostname='@%M '
else
PROMPT="$error$username%~ "
p_hostname=""
t_hostname=""
fi
#check if in nix shell
if test -n "$IN_NIX_SHELL"; then
p_nixshell='%F{green}[s]%f '
t_nixshell='[s] '
else
p_nixshell=""
t_nixshell=""
fi
PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ "
TITLE="$t_error$t_username$t_hostname$t_nixshell%~"
case $TERM in
(*xterm* | *rxvt*)
function precmd {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED\007"
}
# This is seen while the shell waits for a command to complete.
function preexec {
PROMPT_EVALED="$(print -P $TITLE)"
echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
}
;;
esac
'';
};
users.users.mainUser.shell = "/run/current-system/sw/bin/zsh";
users.users.root.shell = "/run/current-system/sw/bin/zsh";
environment.shellAliases.ns = "nix-shell --command zsh";
users.defaultUserShell = "/run/current-system/sw/bin/zsh";
}

6
lass/3modules/xserver/default.nix
View File

@ -33,6 +33,11 @@ let
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
${xcfg.displayManager.sessionCommands}
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
fi
export DBUS_SESSION_BUS_ADDRESS
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
wait
'';
@ -74,6 +79,7 @@ let
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
];
User = user.name;
};
};
krebs.xresources.resources.dpi = ''

19
lass/5pkgs/xmonad-lass.nix
View File

@ -23,6 +23,7 @@ import XMonad
import qualified XMonad.StackSet as W
import Control.Monad.Extra (whenJustM)
import Data.List (isInfixOf)
import Data.Monoid (Endo)
import System.Environment (getArgs, lookupEnv)
import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1)
@ -36,7 +37,7 @@ import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
import XMonad.Layout.NoBorders (smartBorders)
@ -44,9 +45,20 @@ import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Util.NamedWindows (getName)
import XMonad.Util.Run (safeSpawn)
import XMonad.Stockholm.Shutdown
data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
instance UrgencyHook LibNotifyUrgencyHook where
urgencyHook LibNotifyUrgencyHook w = do
name <- getName w
Just idx <- fmap (W.findTag w) $ gets windowset
safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx]
myTerm :: FilePath
myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc"
@ -61,7 +73,7 @@ main = getArgs >>= \case
main' :: IO ()
main' = do
xmonad $ ewmh
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ withUrgencyHook LibNotifyUrgencyHook
$ def
{ terminal = myTerm
, modMask = mod4Mask
@ -80,11 +92,12 @@ myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeAll . concat $
[ [ title =? t --> doFloat | t <- myTitleFloats]
, [ className =? c --> doFloat | c <- myClassFloats ] ]
where
myTitleFloats = [] -- for the KDE "open link" popup from konsole
myTitleFloats = []
myClassFloats = ["Pinentry"] -- for gpg passphrase entry

5
lass/source.nix
View File

@ -8,10 +8,7 @@ in
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "d9a2891";
};
nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
secrets = getAttr builder {
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
lass.pass = {

21
makefu/1systems/gum/config.nix
View File

@ -109,6 +109,8 @@ in {
#}
{ # wireguard server
# opkg install wireguard luci-proto-wireguard
# TODO: networking.nat
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
@ -136,9 +138,28 @@ in {
allowedIPs = [ "10.244.0.3/32" ];
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
}
{
# x-test
allowedIPs = [ "10.244.0.4/32" ];
publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
}
{
# work-router
allowedIPs = [ "10.244.0.5/32" ];
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
}
{
# workr
allowedIPs = [ "10.244.0.6/32" ];
publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
}
];
};
}
{ # iperf3
networking.firewall.allowedUDPPorts = [ 5201 ];
networking.firewall.allowedTCPPorts = [ 5201 ];
}
];
makefu.dl-dir = "/var/download";

16
makefu/1systems/omo/config.nix
View File

@ -19,22 +19,24 @@ let
# __FRONT_
# |* d0 |
# | |
# |* d3 |
# |* d1 |
# | |
# |* d3 |
# | |
# |* |
# |* d2 |
# | * r0 |
# | * |
# | * |
# |_______|
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
# all physical disks
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ];
dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
allDisks = [ rootDisk ] ++ dataDisks;
in {
imports =
@ -68,6 +70,8 @@ in {
<stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
# security
@ -116,7 +120,6 @@ in {
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
virtualisation.docker.enable = true;
makefu.ps3netsrv = {
enable = true;
servedir = "/media/cryptX/emu/ps3";
@ -126,6 +129,7 @@ in {
makefu.snapraid = {
enable = true;
# TODO: 3 is not protected
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
@ -138,7 +142,7 @@ in {
'';
environment.systemPackages = with pkgs;[
mergerfs # hard requirement for mount
wol # wake up filepimp
wol # wake up filepimp
f3
];
fileSystems = let
@ -150,6 +154,7 @@ in {
in cryptMount "crypt0"
// cryptMount "crypt1"
// cryptMount "crypt2"
// cryptMount "crypt3"
// { "/media/cryptX" = {
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]);
fsType = "mergerfs";
@ -178,6 +183,7 @@ in {
(usbkey "crypt0" cryptDisk0)
(usbkey "crypt1" cryptDisk1)
(usbkey "crypt2" cryptDisk2)
(usbkey "crypt3" cryptDisk3)
];
};
loader.grub.device = lib.mkForce rootDisk;

26
makefu/1systems/sdev/config.nix
View File

@ -5,32 +5,35 @@
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
# <stockholm/makefu/2configs/hw/vbox-guest.nix>
{ # until virtualbox-image is fixed
imports = [
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
];
boot.loader.grub.device = "/dev/sda";
}
<stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix>
# environment
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
];
# workaround for https://github.com/NixOS/nixpkgs/issues/16641
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
nixpkgs.config.allowUnfree = true;
# allow sdev to deploy self
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
# corefonts
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[
ppp xclip
get
passwdqc-utils
docker
gnupg
populate
(pkgs.writeScriptBin "tor-browser" ''
@ -39,18 +42,11 @@
'')
];
virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [
25
80
8010
];
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = [ "rw" "uid=9001" "gid=9001" ];
};
}

41
makefu/1systems/vbob/config.nix
View File

@ -8,30 +8,9 @@
{
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
boot.loader.grub.device = "/dev/sda";
virtualisation.virtualbox.guest.enable = true;
}
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
# ];
# virtualbox.baseImageSize = 35 * 1024;
# fileSystems."/media/share" = {
# fsType = "vboxsf";
# device = "share";
# options = [ "rw" "uid=9001" "gid=9001" ];
# };
# }
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
# ];
# fileSystems."/nix" = {
# device ="/dev/disk/by-label/nixstore";
# fsType = "ext4";
# };
# }
# <stockholm/makefu/2configs/hw/vbox-guest.nix>
# <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
# base gui
# <stockholm/makefu/2configs/main-laptop.nix>
@ -75,14 +54,8 @@
];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
nixpkgs.config.allowUnfree = true;
# allow vbob to deploy self
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
environment.shellAliases = {
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
@ -94,16 +67,18 @@
ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
'';
# for forticlient
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[
fortclientsslvpn ppp xclip
get
logstash
# docker
#devpi-web
#devpi-client
ansible
];
# virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [
@ -111,6 +86,6 @@
80
8010
];
# required for qemu
systemd.services."serial-getty@ttyS0".enable = true;
}

132
makefu/1systems/wbob/config.nix
View File

@ -18,7 +18,7 @@ in {
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
# <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/stats/client.nix>
@ -29,8 +29,69 @@ in {
# <stockholm/makefu/2configs/vncserver.nix>
# Services
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/hydra/stockholm.nix>
<stockholm/makefu/2configs/share/wbob.nix>
(let
musicDirectory = "/data/music";
in {
services.mpd = {
enable = true;
inherit musicDirectory;
# dataDir = "/home/anders/.mpd";
network.listenAddress = "any";
extraConfig = ''
audio_output {
type "pulse"
name "Local MPD"
server "127.0.0.1"
}
'';
};
# open because of truestedInterfaces
# networking.firewall.allowedTCPPorts = [ 6600 4713 ];
services.samba.shares.music = {
path = musicDirectory;
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
sound.enable = true;
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
tcp = {
enable = true;
anonymousClients.allowAll = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ];
};
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
load-module module-intended-roles
load-module module-position-event-sounds
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
load-module module-switch-on-connect
# may be required for "system-wide" pulse to connect to bluetooth
#module-bluez5-device
#module-bluez5-discover
'';
};
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
})
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
@ -147,7 +208,10 @@ in {
boot.loader.grub.device = rootdisk;
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.kernelModules = [ "kvm-intel"
"snd-seq" "snd-rawmidi"
];
fileSystems = {
"/" = {
device = rootdisk + "-part1";
@ -174,66 +238,4 @@ in {
serverAddress = "x.r";
};
};
security.wrappers.fping = {
source = "${pkgs.fping}/bin/fping";
setuid = true;
};
services.smokeping = {
enable = true;
targetConfig = ''
probe = FPing
menu = Top
title = Network Latency Grapher
remark = Welcome to this SmokePing website.
+ network
menu = Net latency
title = Network latency (ICMP pings)
++ google
probe = FPing
host = google.de
++ webde
probe = FPing
host = web.de
+ services
menu = Service latency
title = Service latency (DNS, HTTP)
++ HTTP
menu = HTTP latency
title = Service latency (HTTP)
+++ webdeping
probe = EchoPingHttp
host = web.de
+++ googwebping
probe = EchoPingHttp
host = google.de
#+++ webwww
#probe = Curl
#host = web.de
#+++ googwebwww
#probe = Curl
#host = google.de
'';
probeConfig = ''
+ FPing
binary = /run/wrappers/bin/fping
+ EchoPingHttp
pings = 5
url = /
#+ Curl
## probe-specific variables
#binary = ${pkgs.curl}/bin/curl
#step = 60
## a default for this target-specific variable
#urlformat = http://%host%/
'';
};
}

86
makefu/1systems/x/config.nix
View File

@ -40,7 +40,7 @@ with import <stockholm/lib>;
# Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
# <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
{
networking.firewall.allowedTCPPorts = [ 8080 ];
networking.nat = {
@ -59,9 +59,10 @@ with import <stockholm/lib>;
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/wwan.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix>
# Filesystem
@ -77,17 +78,82 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/lanparty/samba.nix>
# <stockholm/makefu/2configs/lanparty/mumble-server.nix>
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
{
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.0.2/24" ];
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
peers = [
{
# gum
endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820";
allowedIPs = [ "10.244.0.0/24" ];
publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
}
#{
# # vbob
# allowedIPs = [ "10.244.0.3/32" ];
# publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
#}
];
};
}
{ # bluetooth+pulse config
# for blueman-applet
users.users.makefu.packages = [
pkgs.blueman
];
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
support32Bit = true;
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
load-module module-intended-roles
load-module module-position-event-sounds
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-switch-on-connect
'';
};
# presumably a2dp Sink
# Enable profile:
## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
hardware.bluetooth.extraConfig = '';
[general]
Enable=Source,Sink,Media,Socket
'';
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
}
{ # auto-mounting
services.udisks2.enable = true;
services.devmon.enable = true;
# services.gnome3.gvfs.enable = true;
users.users.makefu.packages = with pkgs;[
gvfs pcmanfm lxmenu-data
];
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
}
];
makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
makefu.umts.apn = "web.vodafone.de";
nixpkgs.config.allowUnfree = true;
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
@ -99,11 +165,15 @@ with import <stockholm/lib>;
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
networking.extraHosts = ''
192.168.1.11 omo.local
192.168.1.11 omo.local
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
nix.package = pkgs.nixUnstable;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
nixpkgs.overlays = [ (import <python/overlay.nix>) ];
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
}

34
makefu/2configs/deployment/google-muell.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, lib, pkgs, buildPythonPackage, ... }:
with import <stockholm/lib>;
let
pkg = pkgs.ampel;
home = "/var/lib/ampel";
sec = "${toString <secrets>}/google-muell.json";
ampelsec = "${home}/google-muell.json";
esp = "192.168.1.23";
sleepval = "1800";
in {
users.users.ampel = {
uid = genid "ampel";
createHome = true;
isSystemUser = true;
inherit home;
};
systemd.services.google-muell-ampel = {
description = "Send led change to rgb cubes";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "ampel";
ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
cp ${sec} ${ampelsec}
chown ampel ${ampelsec}
'';
ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
PermissionsStartOnly = true;
Restart = "always";
RestartSec = 10;
PrivateTmp = true;
};
};
}

20
makefu/2configs/deployment/led-fader.nix
View File

@ -2,25 +2,7 @@
let
mq = "192.168.8.11";
pkg = pkgs.python3Packages.buildPythonPackage {
name = "ampel-master";
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "531741b";
sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
};
propagatedBuildInputs = with pkgs.python3Packages; [
docopt
paho-mqtt
requests
pytz
influxdb
httplib2
google_api_python_client
];
};
pkg = pkgs.ampel;
in {
systemd.services.led-fader = {
description = "Send led change to message queue";

18
makefu/2configs/deployment/photostore.krebsco.de.nix
View File

@ -26,14 +26,16 @@ in {
services.nginx = {
enable = mkDefault true;
virtualHosts."photostore.krebsco.de" = {
locations = {
"/".extraConfig = ''
uwsgi_pass unix://${wsgi-sock};
uwsgi_param UWSGI_CHDIR ${workdir};
uwsgi_param UWSGI_MODULE cuserver.main;
uwsgi_param UWSGI_CALLABLE app;
include ${pkgs.nginx}/conf/uwsgi_params;
'';
enableACME = true;
forceSSL = true;
locations = {
"/".extraConfig = ''
uwsgi_pass unix://${wsgi-sock};
uwsgi_param UWSGI_CHDIR ${workdir};
uwsgi_param UWSGI_MODULE cuserver.main;
uwsgi_param UWSGI_CALLABLE app;
include ${pkgs.nginx}/conf/uwsgi_params;
'';
};
};
};

10
makefu/2configs/git/cgit-retiolum.nix
View File

@ -28,6 +28,7 @@ let
init-stockholm = {
cgit.desc = "Init stuff for stockholm";
};
hydra-stockholm = { };
};
priv-repos = mapAttrs make-priv-repo {
@ -53,15 +54,6 @@ let
make-krebs-repo = with git; name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = config.krebs.build.host.name == "gum";
channel = "#xxx";
# TODO remove the hardcoded hostname
server = "irc.r";
};
};
};

15
makefu/2configs/gui/base.nix
View File

@ -48,13 +48,14 @@ in
fonts = [ pkgs.terminus_font ];
};
environment.systemPackages = with pkgs;[
pavucontrol
xlockmore
rxvt_unicode-with-plugins
firefox
];
users.extraUsers.${mainUser}.extraGroups = [ "audio" ];
users.users.${mainUser} = {
extraGroups = [ "audio" ];
packages = with pkgs;[
pavucontrol
xlockmore
rxvt_unicode-with-plugins
];
};
hardware.pulseaudio = {
enable = true;

6
makefu/2configs/gui/wbob-kiosk.nix
View File

@ -1,11 +1,13 @@
{ lib, ... }:
{ pkgs, lib, ... }:
{
imports = [
./base.nix
];
users.users.makefu.packages = [ pkgs.chromium ];
services.xserver = {
layout = lib.mkForce "de";
xkbVariant = lib.mkForce "";
windowManager = lib.mkForce {
awesome.enable = false;
@ -16,7 +18,7 @@
# xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms
displayManager.sessionCommands = ''
xset s off -dpms
xset -display :0 s off -dpms
xrandr --output HDMI2 --right-of HDMI1
'';
};

37
makefu/2configs/hw/network-manager.nix Normal file
View File

@ -0,0 +1,37 @@
{ pkgs, lib, ... }:
{
users.users.makefu = {
extraGroups = [ "networkmanager" ];
packages = with pkgs;[
networkmanagerapplet
gnome3.gnome_keyring gnome3.dconf
];
};
networking.wireless.enable = lib.mkForce false;
systemd.services.modemmanager = {
description = "ModemManager";
after = [ "network-manager.service" ];
bindsTo = [ "network-manager.service" ];
wantedBy = [ "network-manager.service" ];
serviceConfig = {
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
PrivateTmp = true;
Restart = "always";
RestartSec = "5";
};
};
networking.networkmanager.enable = true;
# TODO: put somewhere else
services.xserver.displayManager.sessionCommands = ''
${pkgs.clipit}/bin/clipit &
${pkgs.networkmanagerapplet}/bin/nm-applet &
'';
# nixOSUnstable
# networking.networkmanager.wifi = {
# powersave = true;
# scanRandMacAddress = true;
# };
}

13
makefu/2configs/hw/stk1160.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, lib, ... }:
{
# TODO: un-pin linuxPackages somehow
nixpkgs.config.packageOverrides = pkgs: {
linux_4_14 = pkgs.linux_4_14.override {
extraConfig = ''
MEDIA_ANALOG_TV_SUPPORT y
VIDEO_STK1160_COMMON m
VIDEO_STK1160 m
'';
};
};
}

16
makefu/2configs/hw/vbox-guest.nix Normal file
View File

@ -0,0 +1,16 @@
{ lib, ...}:
{
## Guest Extensions are currently broken
imports = [
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
];
virtualisation.virtualbox.guest.enable = true;
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
};
# virtualbox.baseImageSize = 35 * 1024;
}

8
makefu/2configs/hw/wwan.nix
View File

@ -1,8 +0,0 @@
_:
{
makefu.umts = {
enable = true;
modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
};
}

34
makefu/2configs/hydra/stockholm.nix Normal file
View File

@ -0,0 +1,34 @@
# iterative:
# $ hydra-create-user krebs --password derp --role admin
# curl 'http://hydra.wbob.r/project/.new' -X PUT -H 'Host: hydra.wbob.r' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: redirect_to=%252F; hydra_session=abcdefghijklmnopqrstuvwxyz' -H 'Connection: keep-alive' --data 'enabled=on&visible=on&name=stockholm&displayname=Stockholm&description=make+all+systems+into+1systems&homepage=https%3A%2F%2Fkrebsco.de&owner=krebs&declfile=spec.json&decltype=git&declvalue=http%3A%2F%2Fcgit.euer.krebsco.de%2Fhydra-stockholm'
{
# TODO postgres backup
services.postgresql.enable = true;
services.hydra = {
enable = true;
hydraURL = "http://hydra.wbob.r"; # externally visible URL
notificationSender = "hydra@wbob.r";
# you will probably also want, otherwise *everything* will be built from scratch
useSubstitutes = true;
port = 3030;
buildMachinesFiles = [];
};
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts."hydra.wbob.r" = {
locations."/" = {
proxyPass = "http://localhost:3030/";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
}

2
makefu/2configs/tools/mobility.nix
View File

@ -5,5 +5,5 @@
mosh
];
# boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}

4
makefu/2configs/tools/studio.nix
View File

@ -9,8 +9,8 @@
# owncloudclient
(pkgs.writeScriptBin "prepare-pulseaudio" ''
pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming"
pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1
pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1
pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream
pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream
darkice -c ~/lol.conf
'')
];

4
makefu/2configs/urlwatch/default.nix
View File

@ -34,7 +34,7 @@ in {
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack
http://www.iozone.org/src/current/
{
@ -51,6 +51,8 @@ in {
"embray/d2to1"
"dorimanx/exfat-nofuse"
"rapid7/metasploit-framework"
"GothenburgBitFactory/taskserver"
"GothenburgBitFactory/taskwarrior"
];
};
}

2
makefu/3modules/default.nix
View File

@ -14,8 +14,6 @@ _:
./snapraid.nix
./torrent.nix
./udpt.nix
./umts.nix
./wvdial.nix
];
}

84
makefu/3modules/umts.nix
View File

@ -1,84 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs-channels";
rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
}) {};
wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
# TODO: currently it is only netzclub
umts-bin = pkgs.writeScriptBin "umts" ''
#!/bin/sh
set -euf
systemctl start umts
trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
journalctl -xfu umts
'';
wvdial-defaults = ''
Phone = *99***1#
Dial Command = ATDT
Modem = ${cfg.modem-device}
Baud = 460800
Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
Modem Type = Analog Modem
Username = netzclub
Password = netzclub
Stupid Mode = 1
Idle Seconds = 0'';
cfg = config.makefu.umts;
out = {
options.makefu.umts = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "umts";
modem-device = mkOption {
default = "/dev/ttyUSB0";
type = types.str;
description = ''
path to modem device, use <filename>/dev/serial/by-id/...</filename>
to avoid race conditions.
'';
};
apn = mkOption {
default = "pinternet.interkom.de";
type = types.str;
description = ''
apn to use for dailing
'';
};
};
imp = {
environment.shellAliases = {
umts = "sudo ${umts-bin}/bin/umts";
};
environment.systemPackages = [ ];
environment.wvdial.dialerDefaults = wvdial-defaults;
systemd.services.umts = {
description = "UMTS wvdial Service";
serviceConfig = {
Type = "simple";
Restart = "always";
RestartSec = "10s";
ExecStart = "${wvdial}/bin/wvdial -n";
};
};
};
in out

71
makefu/3modules/wvdial.nix
View File

@ -1,71 +0,0 @@
# Global configuration for wvdial.
{ config, lib, pkgs, ... }:
with lib;
let
configFile = ''
[Dialer Defaults]
PPPD PATH = ${pkgs.ppp}/sbin/pppd
${config.environment.wvdial.dialerDefaults}
'';
cfg = config.environment.wvdial;
in
{
###### interface
options = {
environment.wvdial = {
dialerDefaults = mkOption {
default = "";
type = types.str;
example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
description = ''
Contents of the "Dialer Defaults" section of
<filename>/etc/wvdial.conf</filename>.
'';
};
pppDefaults = mkOption {
default = ''
noipdefault
usepeerdns
defaultroute
persist
noauth
'';
type = types.str;
description = "Default ppp settings for wvdial.";
};
};
};
###### implementation
config = mkIf (cfg.dialerDefaults != "") {
environment = {
etc =
[
{ source = pkgs.writeText "wvdial.conf" configFile;
target = "wvdial.conf";
}
{ source = pkgs.writeText "wvdial" cfg.pppDefaults;
target = "ppp/peers/wvdial";
}
];
};
};
}

27
makefu/5pkgs/ampel/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ lib, pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;buildPythonPackage rec {
name = "ampel-${version}";
version = "0.2";
propagatedBuildInputs = [
docopt
paho-mqtt
requests
pytz
influxdb
httplib2
google_api_python_client
];
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "d8a0250";
sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f";
};
meta = {
homepage = http://cgit.euer.krebsco.de/ampel;
description = "change colors of rgb cubes";
license = lib.licenses.asl20;
};
}

2
makefu/5pkgs/default.nix
View File

@ -3,7 +3,7 @@ self: super: let
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
override = super.callPackage path args;
override = super.callPackage path args;
upstream = optionalAttrs (override ? "name")
(super.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&

27
makefu/5pkgs/pfsshell/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }:
stdenv.mkDerivation rec {
pname = "pfsshell";
version = "64f8c2";
name = "${pname}-${version}";
src = fetchFromGitHub {
owner = "makefu";
repo = "pfsshell";
rev = version;
sha256 = "01lbqf8s91p8id58xa16fp555i03vfycqvhv7qzpnrjy6yvp9dm8";
};
buildInputs = [ ];
makeFlags = [ ];
installPhase = ''
mkdir -p $out/bin
cp pfsshell $out/bin
'';
meta = {
homepage = https://github.com/uyjulian/pfsshell ;
description = "browse and transfer files to/from PFS filesystems";
};
}

12
makefu/5pkgs/programs-db/default.nix
View File

@ -1,12 +0,0 @@
{ stdenv }:
stdenv.mkDerivation rec {
name = "programs-db";
src = builtins.fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz ;
phases = [ "unpackPhase" "installPhase" ];
installPhase = ''
cp programs.sqlite $out
'';
}

1
makefu/6tests/data/secrets/torrent-secrets/auth.nix Normal file
View File

@ -0,0 +1 @@
{}

3
makefu/source.nix
View File

@ -13,7 +13,8 @@ let
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
ref = "0f19bee"; # nixos-17.09 @ 2018-01-05
# TODO: automate updating of this ref + cherry-picks
ref = "51810e0"; # nixos-17.09 @ 2018-02-14
# + do_sqlite3 ruby: 55a952be5b5
# + signal: 0f19beef3

5
tv/2configs/gitrepos.nix
View File

@ -128,11 +128,6 @@ let {
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
} ++
optional (repo.collaborators or [] != []) {
user = repo.collaborators;
repo = [ repo ];