Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse Source
This commit is contained in:
makefu 2019-02-05 22:31:39 +01:00
commit a9ec59e87d
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
17 changed files with 270 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
krebs/2configs/reaktor2.nix
View File

@ -61,7 +61,7 @@ let
]; ];
hooks.PRIVMSG = [ hooks.PRIVMSG = [
{ {
pattern = "^bier bal(ance)*$"; pattern = "^bier bal(an(ce)?)?$";
activate = "match"; activate = "match";
command = { command = {
env = { env = {
@ -134,6 +134,7 @@ in {
}; };
r = { r = {
nick = "reaktor2|krebs"; nick = "reaktor2|krebs";
sendDelaySec = null;
plugins = [ plugins = [
{ {
plugin = "register"; plugin = "register";

54
krebs/3modules/external/default.nix vendored
View File

@ -16,7 +16,33 @@ with import <stockholm/lib>;
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub"); tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in { in {
hosts = mapAttrs hostDefaults { hosts = mapAttrs hostDefaults {
catullus = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.3";
aliases = [ "catullus.r" ];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx
CUotXuqYucYmnUbrRSIlxASVqTmAf3nDOE5EDBBcTdSwnb02JcJW4Zh7+BGgMxjF
GxDPs6ETI28mHK+6rp8TOkMnyDb5mtSGVZPvKJU9fFOt6aAX1J1BzTfwtHtVQq7K
WBzdpeKXlw4dIQ6K6SGmPIPpEh9pE1Xb+GuVljCXKxGJFbW40dmh2ZdadO7umBDu
vRk08jT9/BUnUP6KrZlvyePnG38z6srMrVU+XAHu5D2qZ9y+QIp3kw7Y5JUrNXc7
9q9P9TYx15GiIz2mSJKcLVmkLRebsaqdV7dBibPbfdGE+NB+F1FYPGDdW4cnonon
DzzjGm/FDfOCXEnSkYGQDBWpfd/8AWum1xGJxJCPNBJElGE2o5jDWo4Y1b9gHP0M
vARm8AOK8R1pQ7BP+pNMO0gGw2NDrtWiWpTeZ7SqXmZAZ/Gmyen9X+/fowcbTyDH
b9joIuMQeOtxbUV2JprZIdit9NBFSZq/7Re/GBUwjGBm3LabIXFNGKZovx/f9lf8
r5tVs4SPauiKzZS0K1Gz1NSq+3OXaY5EwVrBUXptYqRT7uyhVloOPRUsqRFeB0Fn
Y5xOpDJ0UiJxgFbdH5Vb81D/VjNO9Q4nZib8wSEuLrYLHGoceQPX4+Ov9IdhIL4B
BMTCaF+VCWC5PCLr0e61KqMCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
dpdkm = { dpdkm = {
owner = config.krebs.users.Mic92; owner = config.krebs.users.Mic92;
nets = rec { nets = rec {
@ -176,32 +202,6 @@ in {
}; };
}; };
}; };
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
aliases = [
"kruck.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
qubasa = { qubasa = {
owner = config.krebs.users.qubasa; owner = config.krebs.users.qubasa;
nets = { nets = {
@ -419,8 +419,6 @@ in {
mail = "joerg@thalheim.io"; mail = "joerg@thalheim.io";
pubkey = ssh-for "Mic92"; pubkey = ssh-for "Mic92";
}; };
palo = {
};
qubasa = { qubasa = {
mail = "luis.nixos@gmail.com"; mail = "luis.nixos@gmail.com";
}; };

81
krebs/3modules/external/palo.nix vendored Normal file
View File

@ -0,0 +1,81 @@
with import <stockholm/lib>;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
external = true;
monitoring = false;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill.ip6.addr =
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
});
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in {
hosts = mapAttrs hostDefaults {
pepe = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.1";
tinc.port = 720;
aliases = [ "pepe.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.3";
tinc.port = 720;
aliases = [ "kruck.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
schasch = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.2";
tinc.port = 720;
aliases = [ "schasch.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
workhorse = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.5";
tinc.port = 720;
aliases = [ "workhorse.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
workout = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.4";
tinc.port = 720;
aliases = [ "workout.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
};
users = {
palo = {
};
};
}

13
krebs/3modules/external/tinc/palo.pub vendored Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE
8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4
oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/
ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD
ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ
ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu
MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL
rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo
sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1
EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH
yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ==
-----END RSA PUBLIC KEY-----

4
krebs/3modules/reaktor2.nix
View File

@ -33,6 +33,10 @@ with import <stockholm/lib>;
default = "reaktor2${optionalString (name != "default") "-${name}"}"; default = "reaktor2${optionalString (name != "default") "-${name}"}";
type = types.filename; type = types.filename;
}; };
sendDelaySec = mkOption {
default = 0.7;
type = types.nullOr types.float;
};
username = mkOption { username = mkOption {
default = self.config.systemd-service-name; default = self.config.systemd-service-name;
type = types.username; type = types.username;

6
krebs/5pkgs/haskell/reaktor2.nix
View File

@ -7,11 +7,11 @@
}: }:
mkDerivation { mkDerivation {
pname = "reaktor2"; pname = "reaktor2";
version = "0.2.1"; version = "0.2.2";
src = fetchgit { src = fetchgit {
url = "https://cgit.krebsco.de/reaktor2"; url = "https://cgit.krebsco.de/reaktor2";
sha256 = "0wg76wlzfi893rl0lzhfs6bkpdcvwvgl6mpnz6w7r8f7znr4a9vr"; sha256 = "1kyr5i5zdzvc7fcyac1i1yvi88kcxafrgp8p79c1b9l4g9sjnv78";
rev = "0e199f7a357a4c5973e5837ec67699cf224ca69c"; rev = "9f4e2644188f985d7cd806c13e2c0dee1688b9f0";
fetchSubmodules = true; fetchSubmodules = true;
}; };
isLibrary = false; isLibrary = false;

14
krebs/krops.nix
View File

@ -9,13 +9,19 @@
krebs-source = { test ? false }: rec { krebs-source = { test ? false }: rec {
nixpkgs = if test then { nixpkgs = if test then {
derivation = '' derivation = let
with import <nixpkgs> {}; rev = (lib.importJSON ./nixpkgs.json).rev;
sha256 = (lib.importJSON ./nixpkgs.json).sha256;
in ''
with import (builtins.fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
sha256 = "${sha256}";
}) {};
pkgs.fetchFromGitHub { pkgs.fetchFromGitHub {
owner = "nixos"; owner = "nixos";
repo = "nixpkgs"; repo = "nixpkgs";
rev = "${(lib.importJSON ./nixpkgs.json).rev}"; rev = "${rev}";
sha256 = "${(lib.importJSON ./nixpkgs.json).sha256}"; sha256 = "${sha256}";
} }
''; '';
} else { } else {

14
lass/1systems/blue/source.nix
View File

@ -1,13 +1,19 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
{ {
nixpkgs = lib.mkForce { nixpkgs = lib.mkForce {
derivation = '' derivation = let
with import <nixpkgs> {}; rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
in ''
with import (builtins.fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
sha256 = "${sha256}";
}) {};
pkgs.fetchFromGitHub { pkgs.fetchFromGitHub {
owner = "nixos"; owner = "nixos";
repo = "nixpkgs"; repo = "nixpkgs";
rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}"; rev = "${rev}";
sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}"; sha256 = "${sha256}";
} }
''; '';
}; };

1
lass/1systems/mors/config.nix
View File

@ -36,6 +36,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix> <stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/hardening.nix>
{ {
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain #risk of rain

11
lass/2configs/hardening.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, lib, ... }:
with lib;
{
security.chromiumSuidSandbox.enable = true;
security.lockKernelModules = false;
boot.kernel.sysctl."user.max_user_namespaces" = 63414;
imports = [
<nixpkgs/nixos/modules/profiles/hardened.nix>
];
}

61
lass/2configs/radio.nix
View File

@ -170,32 +170,45 @@ in {
}; };
}; };
krebs.Reaktor.playlist = { krebs.reaktor2.the_playlist = {
nickname = "the_playlist|r"; hostname = "irc.freenode.org";
channels = [ port = "6697";
"#the_playlist" useTLS = true;
"#krebs" nick = "the_playlist";
]; plugins = [
extraEnviron = { {
REAKTOR_HOST = "irc.freenode.org"; plugin = "register";
}; config = {
plugins = with pkgs.ReaktorPlugins; [ channels = [
(buildSimpleReaktorPlugin "skip" { "#the_playlist"
script = "${skip_track}/bin/skip_track"; "#krebs"
pattern = "^skip$"; ];
}) };
(buildSimpleReaktorPlugin "current" { }
script = "${print_current}/bin/print_current"; {
pattern = "^current$"; plugin = "system";
}) config = {
(buildSimpleReaktorPlugin "suggest" { workdir = config.krebs.reaktor2.the_playlist.stateDir;
script = "${pkgs.writeDash "suggest" '' hooks.PRIVMSG = [
echo "$@" >> $HOME/playlist_suggest {
''}"; activate = "match";
pattern = "^suggest: (?P<args>.*)$"; pattern = ''!([^ ]+)(?:\s*(.*))?'';
}) command = 1;
arguments = [2];
commands = {
skip.filename = "${skip_track}/bin/skip_track";
current.filename = "${print_current}/bin/print_current";
suggest.filename = pkgs.writeDash "suggest" ''
echo "$@" >> playlist_suggest
'';
};
}
];
};
}
]; ];
}; };
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."radio.lassul.us" = { virtualHosts."radio.lassul.us" = {

46
lass/2configs/reaktor-coders.nix
View File

@ -32,6 +32,7 @@ in {
pattern = ''@([^ ]+) (.*)$''; pattern = ''@([^ ]+) (.*)$'';
command = 1; command = 1;
arguments = [2]; arguments = [2];
env.HOME = config.krebs.reaktor2.coders.stateDir;
commands = let commands = let
lambdabot = (import (pkgs.fetchFromGitHub { lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs"; owner = "NixOS"; repo = "nixpkgs";
@ -46,36 +47,21 @@ in {
-e "$@" -e "$@"
''; '';
in { in {
pl = { pl.filename = pkgs.writeDash "lambdabot-pl" ''
env.HOME = config.krebs.reaktor2.coders.stateDir; ${lambdabotWrapper} "@pl $1"
filename = pkgs.writeDash "lambdabot-pl" '' '';
${lambdabotWrapper} "@pl $1" type.filename = pkgs.writeDash "lambdabot-type" ''
''; ${lambdabotWrapper} "@type $1"
}; '';
type = { "let".filename = pkgs.writeDash "lambdabot-let" ''
env.HOME = config.krebs.reaktor2.coders.stateDir; ${lambdabotWrapper} "@let $1"
filename = pkgs.writeDash "lambdabot-type" '' '';
${lambdabotWrapper} "@type $1" run.filename = pkgs.writeDash "lambdabot-run" ''
''; ${lambdabotWrapper} "@run $1"
}; '';
"let" = { kind.filename = pkgs.writeDash "lambdabot-kind" ''
env.HOME = config.krebs.reaktor2.coders.stateDir; ${lambdabotWrapper} "@kind $1"
filename = pkgs.writeDash "lambdabot-let" '' '';
${lambdabotWrapper} "@let $1"
'';
};
run = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-run" ''
${lambdabotWrapper} "@run $1"
'';
};
kind = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-kind" ''
${lambdabotWrapper} "@kind $1"
'';
};
}; };
} }
{ {

3
lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -41,6 +41,7 @@ import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize) import XMonad.Layout.Minimize (minimize)
import XMonad.Layout.NoBorders (smartBorders) import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Layout.MouseResizableTile (mouseResizableTile)
import XMonad.Layout.SimplestFloat (simplestFloat) import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
@ -93,7 +94,7 @@ main' = do
myLayoutHook = defLayout myLayoutHook = defLayout
where where
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat) defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile)
floatHooks :: Query (Endo WindowSet) floatHooks :: Query (Endo WindowSet)
floatHooks = composeOne floatHooks = composeOne

2
submodules/krops

@ -1 +1 @@
Subproject commit 61b5ef3b8e7e4d601db67a20f14a5022e9de8398 Subproject commit 5b8fb8dc0ee14672d7fd533bd98635b8725dbb29

6
tv/5pkgs/override/default.nix Normal file
View File

@ -0,0 +1,6 @@
with import <stockholm/lib>;
self: super: {
rxvt_unicode = self.callPackage ./rxvt_unicode {
rxvt_unicode = super.rxvt_unicode;
};
}

6
tv/5pkgs/override/rxvt_unicode/default.nix Normal file
View File

@ -0,0 +1,6 @@
{ rxvt_unicode }:
rxvt_unicode.overrideAttrs (old: {
patches = old.patches ++ [
./finish-running-selection.patch
];
})

41
tv/5pkgs/override/rxvt_unicode/finish-running-selection.patch Normal file
View File

@ -0,0 +1,41 @@
diff --git a/src/rxvttoolkit.h b/src/rxvttoolkit.h
index 56c9a3f..429055d 100644
--- a/src/rxvttoolkit.h
+++ b/src/rxvttoolkit.h
@@ -384,6 +384,7 @@ struct rxvt_selection
{
rxvt_selection (rxvt_display *disp, int selnum, Time tm, Window win, Atom prop, rxvt_term *term);
void run ();
+ void finish (char *data = 0, unsigned int len = 0);
~rxvt_selection ();
rxvt_term *term; // terminal to paste to, may be 0
@@ -404,7 +405,6 @@ private:
void timer_cb (ev::timer &w, int revents); ev::timer timer_ev;
void x_cb (XEvent &xev); xevent_watcher x_ev;
- void finish (char *data = 0, unsigned int len = 0);
void stop ();
bool request (Atom target, int selnum);
void handle_selection (Window win, Atom prop, bool delete_prop);
diff --git a/src/screen.C b/src/screen.C
index 9eb375a..77e7109 100644
--- a/src/screen.C
+++ b/src/screen.C
@@ -2736,11 +2736,11 @@ rxvt_term::paste (char *data, unsigned int len) NOTHROW
void
rxvt_term::selection_request (Time tm, int selnum) NOTHROW
{
- if (!selection_req)
- {
- selection_req = new rxvt_selection (display, selnum, tm, vt, xa[XA_VT_SELECTION], this);
- selection_req->run ();
- }
+ if (selection_req)
+ selection_req->finish ();
+
+ selection_req = new rxvt_selection (display, selnum, tm, vt, xa[XA_VT_SELECTION], this);
+ selection_req->run ();
}
/* ------------------------------------------------------------------------- */